@vectros-ai/cli 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/AUTHORING.md +241 -0
  2. package/CHANGELOG.md +20 -0
  3. package/LICENSE +201 -0
  4. package/README.md +114 -0
  5. package/dist/cli.js +13176 -0
  6. package/dist/cli.js.map +1 -0
  7. package/dist/cli.mjs +13153 -0
  8. package/dist/cli.mjs.map +1 -0
  9. package/package.json +52 -0
package/dist/cli.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/cli-bootstrap.ts","../../../node_modules/@vectros-ai/sdk/dist/index.mjs","../../blueprints/src/types.ts","../../blueprints/src/identities.ts","../../blueprints/src/inputs.ts","../../blueprints/src/blueprints/task-management.ts","../../blueprints/src/blueprints/coding-agent-memory.ts","../../blueprints/src/blueprints/second-brain.ts","../../blueprints/src/blueprints/clinical-intake.ts","../../blueprints/src/index.ts","../src/log.ts","../src/base-url.ts","../src/env.ts","../src/bridge.ts","../src/identity.ts","../src/auth-store.ts","../src/pkce.ts","../src/cognito-config.ts","../src/auth-context.ts","../src/blueprint-file.ts","../src/scope-gate.ts","../src/machine-id.ts","../src/loader.ts","../src/config-merge.ts","../src/cli-blueprint.ts","../src/lint.ts","../src/blueprint-init.ts","../src/program.ts","../src/output.ts","../src/verb-support.ts","../src/commands/whoami.ts","../src/paginate.ts","../src/commands/key.ts","../src/commands/identity.ts","../src/commands/access.ts","../src/commands/role.ts","../src/commands/context.ts","../src/commands/login.ts","../src/commands/blueprint-test.ts","../src/harness.ts","../src/build-info.ts","../src/cli.ts"],"sourcesContent":["/**\n * `vectros bootstrap` — the bootstrap subcommand.\n *\n * Scaffolds a least-privilege `ssk_*` + AccessProfile (+ optional blueprint)\n * for the MCP server WITHOUT the root `sk_*` and without manual admin-app\n * steps (per the design doc). The flow:\n *\n * resolve bridge token (VECTROS_BOOTSTRAP_TOKEN | --token | paste)\n * → mint ephemeral wildcard st_* (bridge.ts; NEVER persisted)\n * → SCOPE GATE the chosen blueprint (refuse control-plane; mint nothing)\n * → resolve tenantId (extended /v1/ping)\n * → runLoader (schemas, context, principal, profile, ssk_ key, seed)\n * → safe-merge ssk_* into claude_desktop_config.json (or --print)\n *\n * This is an interactive CLI, NOT the MCP stdio server — it writes\n * user-facing output to STDOUT freely (the stdout-purity rule applies only\n * to the @vectros-ai/mcp-server stdio runtime, a different binary).\n *\n * The pure helpers (parseBootstrapArgs / envToBaseUrl / resolveBlueprint /\n * validateBlueprint / BLANK_SLATE) are unit-tested; the interactive I/O is\n * smoke-verified against staging.\n */\nimport * as readline from 'node:readline/promises';\nimport { VectrosClient } from '@vectros-ai/sdk';\nimport {\n parseBlueprint,\n getBlueprint,\n BUNDLED_BLUEPRINTS,\n BLUEPRINT_NAMES,\n type Blueprint,\n} from '@vectros-ai/blueprints';\n\nimport { createLogger, type Logger } from './log.js';\nimport { envToBaseUrl, type CliEnv } from './env.js';\nimport { resolveCognitoToken, MissingCredentialError } from './auth-context.js';\nimport { resolveIdentity } from './identity.js';\nimport { looksLikePath, loadBlueprintFile } from './blueprint-file.js';\nimport { ScopeGateError, evaluateScopeGate, assertScopeGate } from './scope-gate.js';\nimport { mintBridgeToken, mintContextToken } from './bridge.js';\nimport { resolveMachineId } from './machine-id.js';\nimport {\n runLoader,\n buildPlan,\n renderPlan,\n LostKeyError,\n assertNoUnresolvedIdentities,\n UnresolvedIdentitiesError,\n type BootstrapApiClient,\n} from './loader.js';\nimport {\n claudeDesktopConfigPath,\n claudeCodeProjectConfigPath,\n buildVectrosServerEntry,\n buildClaudeCodeAddCommand,\n safeMergeConfigFile,\n} from './config-merge.js';\n\n/**\n * @deprecated alias of {@link CliEnv} (in `env.ts`). Kept so existing importers\n * (and tests) of `BootstrapEnv` from this module keep compiling.\n */\nexport type BootstrapEnv = CliEnv;\n\n// Re-export the env→URL mapping from its shared home so existing importers of\n// `envToBaseUrl` from this module are unaffected by the extraction to `env.ts`.\nexport { envToBaseUrl };\n\nexport interface BootstrapArgs {\n blueprint?: string;\n env: BootstrapEnv;\n /** Explicit base URL override (beats env→URL mapping + VECTROS_API_BASE_URL). */\n baseUrl?: string;\n yes: boolean;\n print: boolean;\n rotate: boolean;\n token?: string;\n useScopedToken: boolean;\n blankSlate: boolean;\n /** Which MCP host to target for the config step: Claude Desktop (default) or Claude Code. */\n client: 'desktop' | 'code';\n help: boolean;\n}\n\n/**\n * Full validation: structural parse THEN the scope gate. This is the CLI's\n * trust boundary — structural validity lives in\n * @vectros-ai/blueprints, but enforcement (data-plane-only) lives HERE.\n * Throws BlueprintValidationError on a bad shape or\n * {@link ScopeGateError} if any requested action is outside the\n * data-plane allowlist.\n */\nexport function validateBlueprint(input: unknown): Blueprint {\n const blueprint = parseBlueprint(input);\n assertScopeGate(blueprint.accessProfile.allowedActions);\n // Roles mint scope grants too → subject to the SAME data-plane gate, so a\n // blueprint role can't be a control-plane back-door around accessProfile.\n for (const clauses of Object.values(blueprint.roles ?? {})) {\n for (const clause of clauses) assertScopeGate(clause.allowedActions);\n }\n // Fail closed on identity usage the loader can't yet resolve.\n assertNoUnresolvedIdentities(blueprint);\n return blueprint;\n}\n\n/** The \"credential only\" menu option — a read-only data-plane profile, no schemas/seed. */\nexport const BLANK_SLATE: Blueprint = {\n name: 'blank',\n version: '1.0.0',\n description: 'Credential only — a read-only data-plane key for the MCP server.',\n contextId: 'mcp',\n contextName: 'MCP',\n schemas: [],\n accessProfile: {\n allowedActions: ['records:r', 'search:r', 'schemas:r', 'documents:r', 'inference:r'],\n },\n servicePrincipal: { externalId: 'mcp-blank', displayName: 'MCP — Blank Slate' },\n};\n\n/** Pure arg parser (tested). Unknown flags throw. */\nexport function parseBootstrapArgs(argv: string[]): BootstrapArgs {\n const args: BootstrapArgs = {\n env: 'production',\n yes: false,\n print: false,\n rotate: false,\n useScopedToken: false,\n blankSlate: false,\n client: 'desktop',\n help: false,\n };\n for (let i = 0; i < argv.length; i++) {\n const a = argv[i];\n switch (a) {\n case '--blueprint':\n args.blueprint = argv[++i];\n break;\n case '--env': {\n const v = argv[++i];\n if (v !== 'staging' && v !== 'production') {\n throw new Error(`--env must be 'staging' or 'production' (got '${v ?? ''}')`);\n }\n args.env = v;\n break;\n }\n case '--base-url':\n args.baseUrl = argv[++i];\n break;\n case '--client': {\n const v = argv[++i];\n if (v !== 'desktop' && v !== 'code') {\n throw new Error(`--client must be 'desktop' or 'code' (got '${v ?? ''}')`);\n }\n args.client = v;\n break;\n }\n case '--token':\n args.token = argv[++i];\n break;\n case '--yes':\n case '-y':\n args.yes = true;\n break;\n case '--print':\n args.print = true;\n break;\n case '--rotate':\n args.rotate = true;\n break;\n case '--use-scoped-token':\n args.useScopedToken = true;\n break;\n case '--blank':\n case '--blank-slate':\n args.blankSlate = true;\n break;\n case '--help':\n case '-h':\n args.help = true;\n break;\n default:\n throw new Error(`Unknown bootstrap flag: ${a}`);\n }\n }\n return args;\n}\n\nexport const BOOTSTRAP_HELP = `vectros bootstrap — provision a least-privilege MCP credential.\n\nUsage:\n vectros bootstrap [--blueprint <name> | --blank] [--env staging|production]\n [--client desktop|code] [--yes] [--print] [--rotate]\n [--token <t> | env VECTROS_BOOTSTRAP_TOKEN]\n [--base-url <url>] [--use-scoped-token]\n\nOptions:\n --blueprint <name|file> A bundled blueprint (${BLUEPRINT_NAMES.join(', ')}),\n OR a path to your own blueprint YAML/JSON (./my.yaml) — the \"copy &\n own\" path. File blueprints get the identical scope gate (no override).\n --blank Credential only (read-only data-plane profile, no schemas).\n --env staging|production Target environment (default: production).\n --base-url <url> Override the API base URL (beats --env + VECTROS_API_BASE_URL).\n --client <desktop|code> MCP host to configure (default: desktop). 'desktop' merges\n claude_desktop_config.json (also works for Cursor/Cline);\n 'code' targets Claude Code's project .mcp.json and prints\n the equivalent 'claude mcp add' command.\n --token <t> Cognito bridge token; or set VECTROS_BOOTSTRAP_TOKEN.\n Falls back to your stored \\`vectros login\\` session\n (same env) when neither is set — login once, then\n bootstrap unattended.\n --yes, -y Skip confirmations (agent / CI path).\n --print Print the config snippet instead of merging.\n --rotate Revoke + re-mint THIS machine's key.\n --use-scoped-token Legacy fallback.\n NOTE: it mints a token WITHOUT the provisioning\n capability, so it cannot create a blueprint's\n app-context — use only with the 'default' context\n (the dedicated endpoint is required otherwise).\n --help, -h Show this help.\n\nNo --blueprint/--blank in a TTY → interactive menu.`;\n\n/** Resolve the blueprint to apply: explicit --blueprint, --blank, or (interactive) menu. */\nexport async function resolveBlueprint(\n args: BootstrapArgs,\n prompt: (q: string) => Promise<string>,\n isTty: boolean,\n): Promise<Blueprint> {\n if (args.blankSlate) return BLANK_SLATE;\n if (args.blueprint) {\n // A path-looking value loads a local/forked blueprint file (the \"copy &\n // own\" path). It flows through the SAME validateBlueprint + scope gate as\n // a bundled one — no new trust surface.\n if (looksLikePath(args.blueprint)) {\n return await loadBlueprintFile(args.blueprint);\n }\n const b = getBlueprint(args.blueprint);\n if (!b) {\n throw new Error(\n `Unknown blueprint '${args.blueprint}'. Bundled blueprints: ${BLUEPRINT_NAMES.join(', ')} ` +\n `(or --blank, or pass a path like ./my.json).`,\n );\n }\n return b;\n }\n if (!isTty) {\n throw new Error('No --blueprint or --blank specified and not a TTY (cannot show the menu).');\n }\n // Interactive menu.\n const options: Array<{ label: string; blueprint: Blueprint }> = [\n { label: 'Blank slate (credential only)', blueprint: BLANK_SLATE },\n ...BUNDLED_BLUEPRINTS.map((b) => ({ label: `${b.name} — ${b.description}`, blueprint: b })),\n ];\n process.stdout.write('\\n What do you want to set up?\\n');\n options.forEach((o, idx) => process.stdout.write(` ${idx + 1}) ${o.label}\\n`));\n const answer = (await prompt(' Choose [1]: ')).trim();\n const choice = answer === '' ? 1 : Number.parseInt(answer, 10);\n const selected = options[choice - 1];\n if (!selected) throw new Error(`Invalid choice: ${answer}`);\n return selected.blueprint;\n}\n\n/** The credential resolver `resolveBridgeCognitoToken` delegates to (injectable for tests). */\nexport type CognitoResolver = (env: CliEnv, explicit?: string) => Promise<string>;\n\n/**\n * Resolve the bridge (Cognito) token: `--token` > env var > the stored\n * `vectros login` session > (in a TTY) interactive paste.\n *\n * The first three sources are the SHARED auth-seam resolver (`resolveCognitoToken`,\n * the same one `whoami` and every verb use) — so a `bootstrap --yes` after a\n * `vectros login` resolves the session instead of demanding a token (the\n * \"login once → bootstrap\" story for agent/CI). The session must match `--env`\n * (a staging login can't authorize a production bootstrap). The interactive\n * paste stays as the human fallback when nothing else yields a credential.\n */\nexport async function resolveBridgeCognitoToken(\n args: BootstrapArgs,\n prompt: (q: string) => Promise<string>,\n isTty: boolean,\n resolveCognito: CognitoResolver = resolveCognitoToken,\n): Promise<string> {\n try {\n return await resolveCognito(args.env, args.token);\n } catch (err) {\n // Only a *missing* credential falls through to the paste prompt; a real\n // failure (e.g. a refresh-token grant that errored) must surface.\n if (!(err instanceof MissingCredentialError)) throw err;\n }\n if (!isTty) {\n throw new Error(\n 'No bridge token: set VECTROS_BOOTSTRAP_TOKEN, pass --token, or run `vectros login` first ' +\n '(required in non-interactive mode).',\n );\n }\n process.stdout.write(\n '\\n No bridge token found. Generate one in the developer portal\\n' +\n ' (https://developer.vectros.ai/settings/cli-token), then paste it here.\\n',\n );\n const pasted = (await prompt(' Paste token: ')).trim();\n if (!pasted) throw new Error('No token entered.');\n return pasted;\n}\n\nexport interface BootstrapDeps {\n log?: Logger;\n /** Injectable for tests; default reads/writes the real terminal. */\n createPrompt?: () => { prompt: (q: string) => Promise<string>; close: () => void };\n isTty?: boolean;\n /**\n * The credential resolver (--token > env > stored `vectros login` session).\n * Injectable for tests; defaults to the shared auth-seam {@link resolveCognitoToken}.\n */\n resolveCognitoToken?: CognitoResolver;\n}\n\n/**\n * Run the bootstrap subcommand end-to-end. Returns the process exit code\n * (0 ok; non-zero on scope-gate reject, lost key, or any failure).\n */\nexport async function runBootstrapCli(argv: string[], deps: BootstrapDeps = {}): Promise<number> {\n const log = deps.log ?? createLogger();\n\n let args: BootstrapArgs;\n try {\n args = parseBootstrapArgs(argv);\n } catch (err) {\n process.stderr.write(`${err instanceof Error ? err.message : String(err)}\\n\\n${BOOTSTRAP_HELP}\\n`);\n return 1;\n }\n if (args.help) {\n process.stdout.write(`${BOOTSTRAP_HELP}\\n`);\n return 0;\n }\n\n const isTty = deps.isTty ?? Boolean(process.stdin.isTTY);\n const promptCtx = deps.createPrompt\n ? deps.createPrompt()\n : (() => {\n const rl = readline.createInterface({ input: process.stdin, output: process.stdout });\n return { prompt: (q: string) => rl.question(q), close: () => rl.close() };\n })();\n\n try {\n const baseUrl = envToBaseUrl(args.env, args.baseUrl ?? process.env.VECTROS_API_BASE_URL);\n\n // 1. Blueprint + scope gate (refuse control-plane BEFORE touching the API).\n const blueprint = await resolveBlueprint(args, promptCtx.prompt, isTty);\n try {\n validateBlueprint(blueprint); // structural + scope gate\n } catch (err) {\n if (err instanceof ScopeGateError) {\n process.stderr.write(`\\n ✖ Scope gate refused blueprint '${blueprint.name}':\\n`);\n for (const r of err.rejected) process.stderr.write(` • ${r.action}: ${r.reason}\\n`);\n process.stderr.write(' Minting nothing.\\n');\n return 2;\n }\n // Same usage-error class as the scope gate (exit 2, mints nothing) —\n // consistent with `blueprint validate`/`plan`.\n if (err instanceof UnresolvedIdentitiesError) {\n process.stderr.write(`\\n ✖ ${err.message}\\n Minting nothing.\\n`);\n return 2;\n }\n throw err;\n }\n const gate = evaluateScopeGate(blueprint.accessProfile.allowedActions);\n process.stdout.write(`\\n Blueprint: ${blueprint.name}\\n ✔ Scope gate: [${gate.accepted.join(', ')}] — all data-plane ✓\\n`);\n\n // 1b. Plan preview — show what WOULD be provisioned (terraform-plan style),\n // derived from the loader's own sequence (buildPlan). Mints nothing yet.\n // Gate the mint on y/N unless --yes (agent/CI) or --print (preview-only).\n const planSteps = buildPlan(blueprint);\n process.stdout.write(`\\n${renderPlan(blueprint, planSteps)}\\n`);\n if (!args.yes && !args.print && isTty) {\n const ans = (await promptCtx.prompt('\\n Apply this plan? [y/N]: ')).trim().toLowerCase();\n if (ans !== 'y' && ans !== 'yes') {\n process.stdout.write(' Aborted — nothing minted.\\n');\n return 0;\n }\n }\n\n // 2. Bootstrap token (ephemeral, NARROW st_*; never persisted).\n // Carries the owner-only provisioning:c + identity creates; the loader\n // uses it to deliberately create the blueprint's context + service principal.\n const cognitoToken = await resolveBridgeCognitoToken(\n args,\n promptCtx.prompt,\n isTty,\n deps.resolveCognitoToken,\n );\n const bridge = await mintBridgeToken({\n cognitoToken,\n apiBaseUrl: baseUrl,\n useScopedToken: args.useScopedToken,\n });\n process.stdout.write(' ✔ Bootstrap token minted (5-min TTL)\\n');\n\n // 3. Construct the bootstrap client + resolve tenantId (ping is context-agnostic).\n const client = new VectrosClient({ token: bridge.token, environment: baseUrl });\n const identity = await resolveIdentity({ log, apiKey: bridge.token, environment: baseUrl });\n const tenantId = identity.tenantId;\n if (!tenantId || typeof tenantId !== 'string') {\n throw new Error(\n 'Could not resolve tenantId from /v1/ping — the extended ping (tenant_id) must be deployed for bootstrap.',\n );\n }\n\n // 4. Run the deterministic loader. Two-token flow: after the\n // loader creates the blueprint's context with the bootstrap token, it calls\n // remintForContext to get a per-context (confined) client for the in-context\n // load — the designed scoped-token?context=<ctx> re-mint.\n const machineId = await resolveMachineId();\n const result = await runLoader(client as unknown as BootstrapApiClient, {\n blueprint,\n tenantId,\n machineId,\n rotate: args.rotate,\n remintForContext: async (contextId: string) => {\n const ctxToken = await mintContextToken({ cognitoToken, apiBaseUrl: baseUrl, contextId });\n return new VectrosClient({\n token: ctxToken.token,\n environment: baseUrl,\n }) as unknown as BootstrapApiClient;\n },\n log,\n });\n process.stdout.write(\n ` ✔ AccessProfile + key (${result.keyAction}) → ${result.keyName}\\n` +\n (result.seededCount ? ` ✔ Seeded ${result.seededCount} record(s)\\n` : ''),\n );\n\n // 5. Config: print snippet or safe-merge. The MCP-server entry shape is\n // identical across Claude Desktop / Cursor / Cline and Claude Code's\n // .mcp.json, so only the target path (and Claude Code's extra CLI hint)\n // differ by --client.\n const entry = buildVectrosServerEntry({ apiKey: result.rawKey, apiBaseUrl: baseUrl });\n const isCode = args.client === 'code';\n const configPath = isCode ? claudeCodeProjectConfigPath() : claudeDesktopConfigPath();\n const snippet = JSON.stringify({ mcpServers: { vectros: entry } }, null, 2);\n // For Claude Code, the ready-to-run CLI command is the idiomatic install\n // (and the only way to reach the user-scoped ~/.claude.json) — surface it\n // alongside the .mcp.json snippet.\n const codeAddCommand = isCode ? buildClaudeCodeAddCommand(entry) : null;\n const codeAddHint = codeAddCommand ? `\\n Or run:\\n\\n ${codeAddCommand}\\n` : '';\n\n if (args.print) {\n const label = isCode ? \"Claude Code's project .mcp.json\" : 'your MCP client config';\n process.stdout.write(`\\n Add this to ${label}:\\n\\n${snippet}\\n${codeAddHint}`);\n return 0;\n }\n\n let doMerge = args.yes;\n if (!doMerge && isTty) {\n const ans = (await promptCtx.prompt(`\\n Merge the 'vectros' server into ${configPath}? [Y/n]: `)).trim().toLowerCase();\n doMerge = ans === '' || ans === 'y' || ans === 'yes';\n }\n if (!doMerge) {\n process.stdout.write(`\\n Skipped merge. Snippet:\\n\\n${snippet}\\n${codeAddHint}`);\n return 0;\n }\n\n try {\n const merged = await safeMergeConfigFile({ configPath, entry });\n const restartHint = isCode\n ? ' Reopen Claude Code in this project, then try: \"list my tasks\" / \"add a task to …\"\\n'\n : ' Restart your MCP client, then try: \"list my tasks\" / \"add a task to …\"\\n';\n process.stdout.write(\n ` ✔ Config ${merged.action}${merged.backupPath ? ` (backup: ${merged.backupPath})` : ''}\\n` +\n restartHint,\n );\n } catch (err) {\n // Never crash on the user's config — fall back to the snippet.\n process.stderr.write(` ⚠ Could not merge config (${err instanceof Error ? err.message : String(err)}).\\n`);\n process.stdout.write(`\\n Add this manually instead:\\n\\n${snippet}\\n${codeAddHint}`);\n }\n return 0;\n } catch (err) {\n if (err instanceof LostKeyError) {\n process.stderr.write(`\\n ✖ ${err.message}\\n`);\n return 3;\n }\n process.stderr.write(`\\n ✖ Bootstrap failed: ${err instanceof Error ? err.message : String(err)}\\n`);\n if (process.env.VECTROS_MCP_DEBUG && err instanceof Error && err.stack) {\n process.stderr.write(`${err.stack}\\n`);\n }\n return 1;\n } finally {\n promptCtx.close();\n }\n}\n","var __defProp = Object.defineProperty;\nvar __export = (target, all) => {\n for (var name in all)\n __defProp(target, name, { get: all[name], enumerable: true });\n};\n\n// api/index.ts\nvar api_exports = {};\n__export(api_exports, {\n AccessProfileRequest: () => AccessProfileRequest,\n AppContextResponse: () => AppContextResponse,\n BadRequestError: () => BadRequestError,\n BatchLookupResult: () => BatchLookupResult,\n BatchWriteRequest: () => BatchWriteRequest,\n BatchWriteResult: () => BatchWriteResult,\n ChatMessage: () => ChatMessage,\n ClientRequest: () => ClientRequest,\n ConflictError: () => ConflictError,\n ContentDeltaEvent: () => ContentDeltaEvent,\n ContentTooLargeError: () => ContentTooLargeError,\n DocumentContextEvent: () => DocumentContextEvent,\n DocumentLookupRequest: () => DocumentLookupRequest,\n DocumentRequest: () => DocumentRequest,\n DocumentResponse: () => DocumentResponse,\n DoneEvent: () => DoneEvent,\n ErasureCertificate: () => ErasureCertificate,\n ErasureRequest: () => ErasureRequest,\n ErasureRequestResponse: () => ErasureRequestResponse,\n ErrorEvent: () => ErrorEvent,\n ExportManifest: () => ExportManifest,\n ExportRequest: () => ExportRequest,\n ExportRequestResponse: () => ExportRequestResponse,\n FieldDef: () => FieldDef,\n FileUploadRequest: () => FileUploadRequest,\n ForbiddenError: () => ForbiddenError,\n IdentityLookupRequest: () => IdentityLookupRequest,\n InternalServerError: () => InternalServerError,\n ListClientsRequestOrder: () => ListClientsRequestOrder,\n ListOrgsRequestOrder: () => ListOrgsRequestOrder,\n ListUsersRequestOrder: () => ListUsersRequestOrder,\n LookupDocumentsRequestOrder: () => LookupDocumentsRequestOrder,\n LookupRecordsRequestOrder: () => LookupRecordsRequestOrder,\n ModelDataVersionResponse: () => ModelDataVersionResponse,\n NotFoundError: () => NotFoundError,\n NotImplementedError: () => NotImplementedError,\n OrgRequest: () => OrgRequest,\n PaymentRequiredError: () => PaymentRequiredError,\n PingResponse: () => PingResponse,\n RagSearch: () => RagSearch,\n ReadAccessLogResponse: () => ReadAccessLogResponse,\n RecordLookupRequest: () => RecordLookupRequest,\n RecordRequest: () => RecordRequest,\n RecordResponse: () => RecordResponse,\n RenderHintDef: () => RenderHintDef,\n SchemaRequest: () => SchemaRequest,\n SchemaResponse: () => SchemaResponse,\n ScopedKeyResponse: () => ScopedKeyResponse,\n SearchRequest: () => SearchRequest,\n SearchResult: () => SearchResult,\n SearchResultsEvent: () => SearchResultsEvent,\n TooManyRequestsError: () => TooManyRequestsError,\n TruncationWarningEvent: () => TruncationWarningEvent,\n UnauthorizedError: () => UnauthorizedError,\n UserRequest: () => UserRequest,\n UserResponse: () => UserResponse,\n auth: () => auth_exports,\n compliance: () => compliance_exports,\n documents: () => documents_exports,\n folders: () => folders_exports,\n identity: () => identity_exports,\n inference: () => inference_exports,\n records: () => records_exports,\n schemas: () => schemas_exports,\n search: () => search_exports\n});\n\n// core/json.ts\nvar toJson = (value, replacer, space) => {\n return JSON.stringify(value, replacer, space);\n};\nfunction fromJson(text, reviver) {\n return JSON.parse(text, reviver);\n}\n\n// errors/VectrosError.ts\nvar VectrosError = class extends Error {\n constructor({\n message,\n statusCode,\n body,\n rawResponse,\n cause\n }) {\n super(buildMessage({ message, statusCode, body }));\n Object.setPrototypeOf(this, new.target.prototype);\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, this.constructor);\n }\n this.name = this.constructor.name;\n this.statusCode = statusCode;\n this.body = body;\n this.rawResponse = rawResponse;\n if (cause != null) {\n this.cause = cause;\n }\n }\n};\nfunction buildMessage({\n message,\n statusCode,\n body\n}) {\n const lines = [];\n if (message != null) {\n lines.push(message);\n }\n if (statusCode != null) {\n lines.push(`Status code: ${statusCode.toString()}`);\n }\n if (body != null) {\n lines.push(`Body: ${toJson(body, void 0, 2)}`);\n }\n return lines.join(\"\\n\");\n}\n\n// errors/VectrosTimeoutError.ts\nvar VectrosTimeoutError = class extends Error {\n constructor(message, opts) {\n super(message);\n Object.setPrototypeOf(this, new.target.prototype);\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, this.constructor);\n }\n this.name = this.constructor.name;\n if (opts?.cause != null) {\n this.cause = opts.cause;\n }\n }\n};\n\n// api/errors/BadRequestError.ts\nvar BadRequestError = class extends VectrosError {\n constructor(body, rawResponse) {\n super({\n message: \"BadRequestError\",\n statusCode: 400,\n body,\n rawResponse\n });\n Object.setPrototypeOf(this, new.target.prototype);\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, this.constructor);\n }\n this.name = this.constructor.name;\n }\n};\n\n// api/errors/ConflictError.ts\nvar ConflictError = class extends VectrosError {\n constructor(body, rawResponse) {\n super({\n message: \"ConflictError\",\n statusCode: 409,\n body,\n rawResponse\n });\n Object.setPrototypeOf(this, new.target.prototype);\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, this.constructor);\n }\n this.name = this.constructor.name;\n }\n};\n\n// api/errors/ContentTooLargeError.ts\nvar ContentTooLargeError = class extends VectrosError {\n constructor(body, rawResponse) {\n super({\n message: \"ContentTooLargeError\",\n statusCode: 413,\n body,\n rawResponse\n });\n Object.setPrototypeOf(this, new.target.prototype);\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, this.constructor);\n }\n this.name = this.constructor.name;\n }\n};\n\n// api/errors/ForbiddenError.ts\nvar ForbiddenError = class extends VectrosError {\n constructor(body, rawResponse) {\n super({\n message: \"ForbiddenError\",\n statusCode: 403,\n body,\n rawResponse\n });\n Object.setPrototypeOf(this, new.target.prototype);\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, this.constructor);\n }\n this.name = this.constructor.name;\n }\n};\n\n// api/errors/InternalServerError.ts\nvar InternalServerError = class extends VectrosError {\n constructor(body, rawResponse) {\n super({\n message: \"InternalServerError\",\n statusCode: 500,\n body,\n rawResponse\n });\n Object.setPrototypeOf(this, new.target.prototype);\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, this.constructor);\n }\n this.name = this.constructor.name;\n }\n};\n\n// api/errors/NotFoundError.ts\nvar NotFoundError = class extends VectrosError {\n constructor(body, rawResponse) {\n super({\n message: \"NotFoundError\",\n statusCode: 404,\n body,\n rawResponse\n });\n Object.setPrototypeOf(this, new.target.prototype);\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, this.constructor);\n }\n this.name = this.constructor.name;\n }\n};\n\n// api/errors/NotImplementedError.ts\nvar NotImplementedError = class extends VectrosError {\n constructor(body, rawResponse) {\n super({\n message: \"NotImplementedError\",\n statusCode: 501,\n body,\n rawResponse\n });\n Object.setPrototypeOf(this, new.target.prototype);\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, this.constructor);\n }\n this.name = this.constructor.name;\n }\n};\n\n// api/errors/PaymentRequiredError.ts\nvar PaymentRequiredError = class extends VectrosError {\n constructor(body, rawResponse) {\n super({\n message: \"PaymentRequiredError\",\n statusCode: 402,\n body,\n rawResponse\n });\n Object.setPrototypeOf(this, new.target.prototype);\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, this.constructor);\n }\n this.name = this.constructor.name;\n }\n};\n\n// api/errors/TooManyRequestsError.ts\nvar TooManyRequestsError = class extends VectrosError {\n constructor(body, rawResponse) {\n super({\n message: \"TooManyRequestsError\",\n statusCode: 429,\n body,\n rawResponse\n });\n Object.setPrototypeOf(this, new.target.prototype);\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, this.constructor);\n }\n this.name = this.constructor.name;\n }\n};\n\n// api/errors/UnauthorizedError.ts\nvar UnauthorizedError = class extends VectrosError {\n constructor(body, rawResponse) {\n super({\n message: \"UnauthorizedError\",\n statusCode: 401,\n body,\n rawResponse\n });\n Object.setPrototypeOf(this, new.target.prototype);\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, this.constructor);\n }\n this.name = this.constructor.name;\n }\n};\n\n// api/resources/auth/index.ts\nvar auth_exports = {};\n\n// api/resources/compliance/client/requests/ErasureRequest.ts\nvar ErasureRequest;\n((ErasureRequest2) => {\n ErasureRequest2.SubjectType = {\n User: \"user\",\n Client: \"client\",\n Org: \"org\"\n };\n ErasureRequest2.AuditDisposition = {\n RetainRedacted: \"retain-redacted\",\n Purge: \"purge\"\n };\n})(ErasureRequest || (ErasureRequest = {}));\n\n// api/resources/compliance/client/requests/ExportRequest.ts\nvar ExportRequest;\n((ExportRequest2) => {\n ExportRequest2.Scope = {\n Tenant: \"tenant\",\n Subject: \"subject\"\n };\n ExportRequest2.SubjectType = {\n User: \"user\",\n Client: \"client\",\n Org: \"org\"\n };\n ExportRequest2.Format = {\n Ndjson: \"ndjson\"\n };\n})(ExportRequest || (ExportRequest = {}));\n\n// api/resources/compliance/index.ts\nvar compliance_exports = {};\n__export(compliance_exports, {\n ErasureRequest: () => ErasureRequest,\n ExportRequest: () => ExportRequest\n});\n\n// api/resources/documents/client/requests/DocumentLookupRequest.ts\nvar DocumentLookupRequest;\n((DocumentLookupRequest2) => {\n DocumentLookupRequest2.Order = {\n Asc: \"asc\",\n Desc: \"desc\"\n };\n})(DocumentLookupRequest || (DocumentLookupRequest = {}));\n\n// api/resources/documents/client/requests/FileUploadRequest.ts\nvar FileUploadRequest;\n((FileUploadRequest2) => {\n FileUploadRequest2.IndexMode = {\n Hybrid: \"HYBRID\",\n Semantic: \"SEMANTIC\",\n Text: \"TEXT\",\n None: \"NONE\"\n };\n})(FileUploadRequest || (FileUploadRequest = {}));\n\n// api/resources/documents/index.ts\nvar documents_exports = {};\n__export(documents_exports, {\n DocumentLookupRequest: () => DocumentLookupRequest,\n FileUploadRequest: () => FileUploadRequest,\n LookupDocumentsRequestOrder: () => LookupDocumentsRequestOrder\n});\n\n// api/resources/documents/types/LookupDocumentsRequestOrder.ts\nvar LookupDocumentsRequestOrder = {\n Asc: \"asc\",\n Desc: \"desc\"\n};\n\n// api/resources/folders/index.ts\nvar folders_exports = {};\n\n// api/resources/identity/index.ts\nvar identity_exports = {};\n__export(identity_exports, {\n ListClientsRequestOrder: () => ListClientsRequestOrder,\n ListOrgsRequestOrder: () => ListOrgsRequestOrder,\n ListUsersRequestOrder: () => ListUsersRequestOrder\n});\n\n// api/resources/identity/types/ListClientsRequestOrder.ts\nvar ListClientsRequestOrder = {\n Asc: \"asc\",\n Desc: \"desc\"\n};\n\n// api/resources/identity/types/ListOrgsRequestOrder.ts\nvar ListOrgsRequestOrder = {\n Asc: \"asc\",\n Desc: \"desc\"\n};\n\n// api/resources/identity/types/ListUsersRequestOrder.ts\nvar ListUsersRequestOrder = {\n Asc: \"asc\",\n Desc: \"desc\"\n};\n\n// api/resources/inference/index.ts\nvar inference_exports = {};\n\n// api/resources/records/client/requests/BatchWriteRequest.ts\nvar BatchWriteRequest;\n((BatchWriteRequest2) => {\n BatchWriteRequest2.Atomicity = {\n AllOrNothing: \"all_or_nothing\",\n BestEffort: \"best_effort\"\n };\n})(BatchWriteRequest || (BatchWriteRequest = {}));\n\n// api/resources/records/client/requests/RecordLookupRequest.ts\nvar RecordLookupRequest;\n((RecordLookupRequest2) => {\n RecordLookupRequest2.Order = {\n Asc: \"asc\",\n Desc: \"desc\"\n };\n})(RecordLookupRequest || (RecordLookupRequest = {}));\n\n// api/resources/records/index.ts\nvar records_exports = {};\n__export(records_exports, {\n BatchWriteRequest: () => BatchWriteRequest,\n LookupRecordsRequestOrder: () => LookupRecordsRequestOrder,\n RecordLookupRequest: () => RecordLookupRequest\n});\n\n// api/resources/records/types/LookupRecordsRequestOrder.ts\nvar LookupRecordsRequestOrder = {\n Asc: \"asc\",\n Desc: \"desc\"\n};\n\n// api/resources/schemas/index.ts\nvar schemas_exports = {};\n\n// api/resources/search/client/requests/SearchRequest.ts\nvar SearchRequest;\n((SearchRequest2) => {\n SearchRequest2.Mode = {\n Hybrid: \"HYBRID\",\n Semantic: \"SEMANTIC\",\n Text: \"TEXT\"\n };\n SearchRequest2.TextMode = {\n Or: \"OR\",\n And: \"AND\",\n Phrase: \"PHRASE\",\n Complex: \"COMPLEX\"\n };\n let ContentTypes;\n ((ContentTypes2) => {\n ContentTypes2.Item = {\n Documents: \"documents\",\n Records: \"records\"\n };\n })(ContentTypes = SearchRequest2.ContentTypes || (SearchRequest2.ContentTypes = {}));\n})(SearchRequest || (SearchRequest = {}));\n\n// api/resources/search/index.ts\nvar search_exports = {};\n__export(search_exports, {\n SearchRequest: () => SearchRequest\n});\n\n// api/types/AccessProfileRequest.ts\nvar AccessProfileRequest;\n((AccessProfileRequest2) => {\n AccessProfileRequest2.Status = {\n Active: \"active\",\n Suspended: \"suspended\"\n };\n})(AccessProfileRequest || (AccessProfileRequest = {}));\n\n// api/types/AppContextResponse.ts\nvar AppContextResponse;\n((AppContextResponse2) => {\n AppContextResponse2.Status = {\n Active: \"active\",\n Purging: \"purging\",\n Deleted: \"deleted\"\n };\n})(AppContextResponse || (AppContextResponse = {}));\n\n// api/types/BatchLookupResult.ts\nvar BatchLookupResult;\n((BatchLookupResult2) => {\n BatchLookupResult2.Status = {\n Resolved: \"resolved\",\n NotFound: \"not_found\",\n Ambiguous: \"ambiguous\"\n };\n})(BatchLookupResult || (BatchLookupResult = {}));\n\n// api/types/BatchWriteResult.ts\nvar BatchWriteResult;\n((BatchWriteResult2) => {\n BatchWriteResult2.Status = {\n Created: \"created\",\n Updated: \"updated\",\n Conflict: \"conflict\",\n Invalid: \"invalid\"\n };\n})(BatchWriteResult || (BatchWriteResult = {}));\n\n// api/types/ChatMessage.ts\nvar ChatMessage;\n((ChatMessage2) => {\n ChatMessage2.Role = {\n System: \"system\",\n User: \"user\",\n Assistant: \"assistant\"\n };\n})(ChatMessage || (ChatMessage = {}));\n\n// api/types/ClientRequest.ts\nvar ClientRequest;\n((ClientRequest2) => {\n ClientRequest2.Status = {\n Active: \"ACTIVE\",\n Suspended: \"SUSPENDED\"\n };\n})(ClientRequest || (ClientRequest = {}));\n\n// api/types/ContentDeltaEvent.ts\nvar ContentDeltaEvent;\n((ContentDeltaEvent2) => {\n ContentDeltaEvent2.Event = {\n ContentDelta: \"content_delta\"\n };\n})(ContentDeltaEvent || (ContentDeltaEvent = {}));\n\n// api/types/DocumentContextEvent.ts\nvar DocumentContextEvent;\n((DocumentContextEvent2) => {\n DocumentContextEvent2.Event = {\n DocumentContext: \"document_context\"\n };\n})(DocumentContextEvent || (DocumentContextEvent = {}));\n\n// api/types/DocumentRequest.ts\nvar DocumentRequest;\n((DocumentRequest2) => {\n DocumentRequest2.IndexMode = {\n Hybrid: \"HYBRID\",\n Semantic: \"SEMANTIC\",\n Text: \"TEXT\",\n None: \"NONE\"\n };\n})(DocumentRequest || (DocumentRequest = {}));\n\n// api/types/DocumentResponse.ts\nvar DocumentResponse;\n((DocumentResponse2) => {\n DocumentResponse2.Status = {\n PendingUpload: \"PENDING_UPLOAD\",\n Uploaded: \"UPLOADED\",\n Extracting: \"EXTRACTING\",\n PendingIndex: \"PENDING_INDEX\",\n Indexed: \"INDEXED\",\n Stored: \"STORED\",\n Failed: \"FAILED\"\n };\n DocumentResponse2.IndexMode = {\n Hybrid: \"HYBRID\",\n Semantic: \"SEMANTIC\",\n Text: \"TEXT\",\n None: \"NONE\"\n };\n})(DocumentResponse || (DocumentResponse = {}));\n\n// api/types/DoneEvent.ts\nvar DoneEvent;\n((DoneEvent2) => {\n DoneEvent2.Event = {\n Done: \"done\"\n };\n})(DoneEvent || (DoneEvent = {}));\n\n// api/types/ErasureCertificate.ts\nvar ErasureCertificate;\n((ErasureCertificate2) => {\n ErasureCertificate2.AuditDisposition = {\n RetainRedacted: \"retain-redacted\",\n Purge: \"purge\"\n };\n})(ErasureCertificate || (ErasureCertificate = {}));\n\n// api/types/ErasureRequestResponse.ts\nvar ErasureRequestResponse;\n((ErasureRequestResponse2) => {\n ErasureRequestResponse2.Status = {\n Accepted: \"accepted\",\n Processing: \"processing\",\n Completed: \"completed\",\n Failed: \"failed\"\n };\n ErasureRequestResponse2.SubjectType = {\n User: \"user\",\n Client: \"client\",\n Org: \"org\"\n };\n})(ErasureRequestResponse || (ErasureRequestResponse = {}));\n\n// api/types/ErrorEvent.ts\nvar ErrorEvent;\n((ErrorEvent2) => {\n ErrorEvent2.Event = {\n Error: \"error\"\n };\n})(ErrorEvent || (ErrorEvent = {}));\n\n// api/types/ExportManifest.ts\nvar ExportManifest;\n((ExportManifest2) => {\n ExportManifest2.Format = {\n Ndjson: \"ndjson\"\n };\n})(ExportManifest || (ExportManifest = {}));\n\n// api/types/ExportRequestResponse.ts\nvar ExportRequestResponse;\n((ExportRequestResponse2) => {\n ExportRequestResponse2.Status = {\n Accepted: \"accepted\",\n Processing: \"processing\",\n Completed: \"completed\",\n Failed: \"failed\"\n };\n ExportRequestResponse2.Scope = {\n Tenant: \"tenant\",\n Subject: \"subject\"\n };\n ExportRequestResponse2.SubjectType = {\n User: \"user\",\n Client: \"client\",\n Org: \"org\"\n };\n})(ExportRequestResponse || (ExportRequestResponse = {}));\n\n// api/types/FieldDef.ts\nvar FieldDef;\n((FieldDef2) => {\n FieldDef2.FieldType = {\n String: \"string\",\n Number: \"number\",\n Boolean: \"boolean\",\n Date: \"date\",\n Enum: \"enum\",\n Array: \"array\",\n Object: \"object\",\n Reference: \"reference\"\n };\n FieldDef2.TargetSurface = {\n Record: \"record\",\n Document: \"document\",\n User: \"user\",\n Org: \"org\",\n Client: \"client\"\n };\n})(FieldDef || (FieldDef = {}));\n\n// api/types/IdentityLookupRequest.ts\nvar IdentityLookupRequest;\n((IdentityLookupRequest2) => {\n IdentityLookupRequest2.Order = {\n Asc: \"asc\",\n Desc: \"desc\"\n };\n})(IdentityLookupRequest || (IdentityLookupRequest = {}));\n\n// api/types/ModelDataVersionResponse.ts\nvar ModelDataVersionResponse;\n((ModelDataVersionResponse2) => {\n ModelDataVersionResponse2.ChangeType = {\n Create: \"CREATE\",\n Update: \"UPDATE\",\n Delete: \"DELETE\"\n };\n})(ModelDataVersionResponse || (ModelDataVersionResponse = {}));\n\n// api/types/OrgRequest.ts\nvar OrgRequest;\n((OrgRequest2) => {\n OrgRequest2.Status = {\n Active: \"ACTIVE\",\n Suspended: \"SUSPENDED\"\n };\n})(OrgRequest || (OrgRequest = {}));\n\n// api/types/PingResponse.ts\nvar PingResponse;\n((PingResponse2) => {\n PingResponse2.Environment = {\n Staging: \"staging\",\n Production: \"production\"\n };\n PingResponse2.PrincipalType = {\n RootKey: \"root_key\",\n ScopedKey: \"scoped_key\",\n Token: \"token\"\n };\n})(PingResponse || (PingResponse = {}));\n\n// api/types/RagSearch.ts\nvar RagSearch;\n((RagSearch2) => {\n RagSearch2.Mode = {\n Hybrid: \"HYBRID\",\n Semantic: \"SEMANTIC\",\n Text: \"TEXT\"\n };\n let ContentTypes;\n ((ContentTypes2) => {\n ContentTypes2.Item = {\n Documents: \"documents\",\n Records: \"records\"\n };\n })(ContentTypes = RagSearch2.ContentTypes || (RagSearch2.ContentTypes = {}));\n})(RagSearch || (RagSearch = {}));\n\n// api/types/ReadAccessLogResponse.ts\nvar ReadAccessLogResponse;\n((ReadAccessLogResponse2) => {\n ReadAccessLogResponse2.SubjectType = {\n User: \"user\",\n Client: \"client\",\n Org: \"org\"\n };\n ReadAccessLogResponse2.Action = {\n Read: \"read\",\n List: \"list\",\n Lookup: \"lookup\",\n Search: \"search\",\n Rag: \"rag\"\n };\n})(ReadAccessLogResponse || (ReadAccessLogResponse = {}));\n\n// api/types/RecordRequest.ts\nvar RecordRequest;\n((RecordRequest2) => {\n RecordRequest2.IndexMode = {\n Hybrid: \"HYBRID\",\n Semantic: \"SEMANTIC\",\n Text: \"TEXT\",\n None: \"NONE\"\n };\n})(RecordRequest || (RecordRequest = {}));\n\n// api/types/RecordResponse.ts\nvar RecordResponse;\n((RecordResponse2) => {\n RecordResponse2.IndexStatus = {\n PendingIndex: \"PENDING_INDEX\",\n Indexed: \"INDEXED\",\n Failed: \"FAILED\"\n };\n RecordResponse2.IndexMode = {\n Hybrid: \"HYBRID\",\n Semantic: \"SEMANTIC\",\n Text: \"TEXT\",\n None: \"NONE\"\n };\n})(RecordResponse || (RecordResponse = {}));\n\n// api/types/RenderHintDef.ts\nvar RenderHintDef;\n((RenderHintDef2) => {\n RenderHintDef2.Widget = {\n Text: \"text\",\n Textarea: \"textarea\",\n Select: \"select\",\n Date: \"date\",\n Checkbox: \"checkbox\"\n };\n})(RenderHintDef || (RenderHintDef = {}));\n\n// api/types/SchemaRequest.ts\nvar SchemaRequest;\n((SchemaRequest2) => {\n SchemaRequest2.IndexMode = {\n Hybrid: \"HYBRID\",\n Semantic: \"SEMANTIC\",\n Text: \"TEXT\",\n None: \"NONE\"\n };\n SchemaRequest2.StorageProfile = {\n Standard: \"STANDARD\",\n LowLatency: \"LOW_LATENCY\",\n LargePayload: \"LARGE_PAYLOAD\"\n };\n let AllowedSurfaces;\n ((AllowedSurfaces2) => {\n AllowedSurfaces2.Item = {\n Record: \"record\",\n Document: \"document\",\n User: \"user\",\n Org: \"org\",\n Client: \"client\"\n };\n })(AllowedSurfaces = SchemaRequest2.AllowedSurfaces || (SchemaRequest2.AllowedSurfaces = {}));\n})(SchemaRequest || (SchemaRequest = {}));\n\n// api/types/SchemaResponse.ts\nvar SchemaResponse;\n((SchemaResponse2) => {\n SchemaResponse2.StorageProfile = {\n Standard: \"STANDARD\",\n LowLatency: \"LOW_LATENCY\",\n LargePayload: \"LARGE_PAYLOAD\"\n };\n SchemaResponse2.IndexMode = {\n Hybrid: \"HYBRID\",\n Semantic: \"SEMANTIC\",\n Text: \"TEXT\",\n None: \"NONE\"\n };\n let AllowedSurfaces;\n ((AllowedSurfaces2) => {\n AllowedSurfaces2.Item = {\n Record: \"record\",\n Document: \"document\",\n User: \"user\",\n Org: \"org\",\n Client: \"client\"\n };\n })(AllowedSurfaces = SchemaResponse2.AllowedSurfaces || (SchemaResponse2.AllowedSurfaces = {}));\n})(SchemaResponse || (SchemaResponse = {}));\n\n// api/types/ScopedKeyResponse.ts\nvar ScopedKeyResponse;\n((ScopedKeyResponse2) => {\n ScopedKeyResponse2.UserType = {\n Human: \"HUMAN\",\n Service: \"SERVICE\"\n };\n ScopedKeyResponse2.Status = {\n Active: \"active\",\n Revoked: \"revoked\"\n };\n ScopedKeyResponse2.KeyType = {\n Scoped: \"scoped\"\n };\n})(ScopedKeyResponse || (ScopedKeyResponse = {}));\n\n// api/types/SearchResult.ts\nvar SearchResult;\n((SearchResult2) => {\n SearchResult2.SourceType = {\n PartnerDocument: \"PartnerDocument\",\n GenericRecord: \"GenericRecord\"\n };\n})(SearchResult || (SearchResult = {}));\n\n// api/types/SearchResultsEvent.ts\nvar SearchResultsEvent;\n((SearchResultsEvent2) => {\n SearchResultsEvent2.Event = {\n SearchResults: \"search_results\"\n };\n})(SearchResultsEvent || (SearchResultsEvent = {}));\n\n// api/types/TruncationWarningEvent.ts\nvar TruncationWarningEvent;\n((TruncationWarningEvent2) => {\n TruncationWarningEvent2.Event = {\n TruncationWarning: \"truncation_warning\"\n };\n TruncationWarningEvent2.Reason = {\n ContextWindowBudget: \"context_window_budget\"\n };\n})(TruncationWarningEvent || (TruncationWarningEvent = {}));\n\n// api/types/UserRequest.ts\nvar UserRequest;\n((UserRequest2) => {\n UserRequest2.Status = {\n Active: \"ACTIVE\",\n Suspended: \"SUSPENDED\",\n Pending: \"PENDING\"\n };\n UserRequest2.Type = {\n Human: \"HUMAN\",\n Service: \"SERVICE\"\n };\n})(UserRequest || (UserRequest = {}));\n\n// api/types/UserResponse.ts\nvar UserResponse;\n((UserResponse2) => {\n UserResponse2.Status = {\n Active: \"ACTIVE\",\n Suspended: \"SUSPENDED\",\n Pending: \"PENDING\"\n };\n UserResponse2.Type = {\n Human: \"HUMAN\",\n Service: \"SERVICE\"\n };\n})(UserResponse || (UserResponse = {}));\n\n// core/auth/AuthProvider.ts\nfunction isAuthProvider(value) {\n return typeof value === \"object\" && value !== null && \"getAuthRequest\" in value && typeof value.getAuthRequest === \"function\";\n}\n\n// core/auth/NoOpAuthProvider.ts\nvar NoOpAuthProvider = class {\n getAuthRequest() {\n return Promise.resolve({ headers: {} });\n }\n};\n\n// core/fetcher/EndpointSupplier.ts\nvar EndpointSupplier = {\n get: async (supplier, arg) => {\n if (typeof supplier === \"function\") {\n return supplier(arg);\n } else {\n return supplier;\n }\n }\n};\n\n// core/logging/logger.ts\nvar LogLevel = {\n Debug: \"debug\",\n Info: \"info\",\n Warn: \"warn\",\n Error: \"error\"\n};\nvar logLevelMap = {\n [LogLevel.Debug]: 1,\n [LogLevel.Info]: 2,\n [LogLevel.Warn]: 3,\n [LogLevel.Error]: 4\n};\nvar ConsoleLogger = class {\n debug(message, ...args) {\n console.debug(message, ...args);\n }\n info(message, ...args) {\n console.info(message, ...args);\n }\n warn(message, ...args) {\n console.warn(message, ...args);\n }\n error(message, ...args) {\n console.error(message, ...args);\n }\n};\nvar Logger = class {\n /**\n * Creates a new logger instance.\n * @param config - Logger configuration\n */\n constructor(config) {\n this.level = logLevelMap[config.level];\n this.logger = config.logger;\n this.silent = config.silent;\n }\n /**\n * Checks if a log level should be output based on configuration.\n * @param level - The log level to check\n * @returns True if the level should be logged\n */\n shouldLog(level) {\n return !this.silent && this.level <= logLevelMap[level];\n }\n /**\n * Checks if debug logging is enabled.\n * @returns True if debug logs should be output\n */\n isDebug() {\n return this.shouldLog(LogLevel.Debug);\n }\n /**\n * Logs a debug message if debug logging is enabled.\n * @param message - The message to log\n * @param args - Additional arguments to log\n */\n debug(message, ...args) {\n if (this.isDebug()) {\n this.logger.debug(message, ...args);\n }\n }\n /**\n * Checks if info logging is enabled.\n * @returns True if info logs should be output\n */\n isInfo() {\n return this.shouldLog(LogLevel.Info);\n }\n /**\n * Logs an info message if info logging is enabled.\n * @param message - The message to log\n * @param args - Additional arguments to log\n */\n info(message, ...args) {\n if (this.isInfo()) {\n this.logger.info(message, ...args);\n }\n }\n /**\n * Checks if warning logging is enabled.\n * @returns True if warning logs should be output\n */\n isWarn() {\n return this.shouldLog(LogLevel.Warn);\n }\n /**\n * Logs a warning message if warning logging is enabled.\n * @param message - The message to log\n * @param args - Additional arguments to log\n */\n warn(message, ...args) {\n if (this.isWarn()) {\n this.logger.warn(message, ...args);\n }\n }\n /**\n * Checks if error logging is enabled.\n * @returns True if error logs should be output\n */\n isError() {\n return this.shouldLog(LogLevel.Error);\n }\n /**\n * Logs an error message if error logging is enabled.\n * @param message - The message to log\n * @param args - Additional arguments to log\n */\n error(message, ...args) {\n if (this.isError()) {\n this.logger.error(message, ...args);\n }\n }\n};\nfunction createLogger(config) {\n if (config == null) {\n return defaultLogger;\n }\n if (config instanceof Logger) {\n return config;\n }\n config = config ?? {};\n config.level ?? (config.level = LogLevel.Info);\n config.logger ?? (config.logger = new ConsoleLogger());\n config.silent ?? (config.silent = true);\n return new Logger(config);\n}\nvar defaultLogger = new Logger({\n level: LogLevel.Info,\n logger: new ConsoleLogger(),\n silent: true\n});\n\n// core/url/qs.ts\nvar defaultQsOptions = {\n arrayFormat: \"indices\",\n encode: true\n};\nfunction encodeValue(value, shouldEncode) {\n if (value === void 0) {\n return \"\";\n }\n if (value === null) {\n return \"\";\n }\n const stringValue = String(value);\n return shouldEncode ? encodeURIComponent(stringValue) : stringValue;\n}\nfunction stringifyObject(obj, prefix = \"\", options) {\n const parts = [];\n for (const [key, value] of Object.entries(obj)) {\n const fullKey = prefix ? `${prefix}[${key}]` : key;\n if (value === void 0) {\n continue;\n }\n if (Array.isArray(value)) {\n if (value.length === 0) {\n continue;\n }\n const effectiveFormat = options.arrayFormat;\n if (effectiveFormat === \"comma\") {\n const encodedKey = options.encode ? encodeURIComponent(fullKey) : fullKey;\n const encodedValues = value.filter((item) => item !== void 0 && item !== null).map((item) => encodeValue(item, options.encode));\n if (encodedValues.length > 0) {\n parts.push(`${encodedKey}=${encodedValues.join(\",\")}`);\n }\n } else {\n for (let i = 0; i < value.length; i++) {\n const item = value[i];\n if (item === void 0) {\n continue;\n }\n if (typeof item === \"object\" && !Array.isArray(item) && item !== null) {\n const arrayKey = effectiveFormat === \"indices\" ? `${fullKey}[${i}]` : fullKey;\n parts.push(...stringifyObject(item, arrayKey, options));\n } else {\n const arrayKey = effectiveFormat === \"indices\" ? `${fullKey}[${i}]` : fullKey;\n const encodedKey = options.encode ? encodeURIComponent(arrayKey) : arrayKey;\n parts.push(`${encodedKey}=${encodeValue(item, options.encode)}`);\n }\n }\n }\n } else if (typeof value === \"object\" && value !== null) {\n if (Object.keys(value).length === 0) {\n continue;\n }\n parts.push(...stringifyObject(value, fullKey, options));\n } else {\n const encodedKey = options.encode ? encodeURIComponent(fullKey) : fullKey;\n parts.push(`${encodedKey}=${encodeValue(value, options.encode)}`);\n }\n }\n return parts;\n}\nfunction toQueryString(obj, options) {\n if (obj == null || typeof obj !== \"object\") {\n return \"\";\n }\n const parts = stringifyObject(obj, \"\", {\n ...defaultQsOptions,\n ...options\n });\n return parts.join(\"&\");\n}\n\n// core/fetcher/createRequestUrl.ts\nfunction createRequestUrl(baseUrl, queryParameters) {\n const queryString = toQueryString(queryParameters, { arrayFormat: \"repeat\" });\n return queryString ? `${baseUrl}?${queryString}` : baseUrl;\n}\n\n// core/fetcher/BinaryResponse.ts\nfunction getBinaryResponse(response) {\n const binaryResponse = {\n get bodyUsed() {\n return response.bodyUsed;\n },\n stream: () => response.body,\n arrayBuffer: response.arrayBuffer.bind(response),\n blob: response.blob.bind(response)\n };\n if (\"bytes\" in response && typeof response.bytes === \"function\") {\n binaryResponse.bytes = response.bytes.bind(response);\n }\n return binaryResponse;\n}\n\n// core/fetcher/getResponseBody.ts\nasync function getResponseBody(response, responseType) {\n switch (responseType) {\n case \"binary-response\":\n return getBinaryResponse(response);\n case \"blob\":\n return await response.blob();\n case \"arrayBuffer\":\n return await response.arrayBuffer();\n case \"sse\":\n if (response.body == null) {\n return {\n ok: false,\n error: {\n reason: \"body-is-null\",\n statusCode: response.status\n }\n };\n }\n return response.body;\n case \"streaming\":\n if (response.body == null) {\n return {\n ok: false,\n error: {\n reason: \"body-is-null\",\n statusCode: response.status\n }\n };\n }\n return response.body;\n case \"text\":\n return await response.text();\n }\n const text = await response.text();\n if (text.length > 0) {\n try {\n const responseBody = fromJson(text);\n return responseBody;\n } catch (_err) {\n return {\n ok: false,\n error: {\n reason: \"non-json\",\n statusCode: response.status,\n rawBody: text\n }\n };\n }\n }\n return void 0;\n}\n\n// core/fetcher/getErrorResponseBody.ts\nasync function getErrorResponseBody(response) {\n let contentType = response.headers.get(\"Content-Type\")?.toLowerCase();\n if (contentType == null || contentType.length === 0) {\n return getResponseBody(response);\n }\n if (contentType.indexOf(\";\") !== -1) {\n contentType = contentType.split(\";\")[0]?.trim() ?? \"\";\n }\n switch (contentType) {\n case \"application/hal+json\":\n case \"application/json\":\n case \"application/ld+json\":\n case \"application/problem+json\":\n case \"application/vnd.api+json\":\n case \"text/json\": {\n const text = await response.text();\n return text.length > 0 ? fromJson(text) : void 0;\n }\n default:\n if (contentType.startsWith(\"application/vnd.\") && contentType.endsWith(\"+json\")) {\n const text = await response.text();\n return text.length > 0 ? fromJson(text) : void 0;\n }\n return await response.text();\n }\n}\n\n// core/fetcher/getFetchFn.ts\nasync function getFetchFn() {\n return fetch;\n}\n\n// core/fetcher/getRequestBody.ts\nasync function getRequestBody({ body, type }) {\n if (type === \"form\") {\n return toQueryString(body, { arrayFormat: \"repeat\", encode: true });\n }\n if (type.includes(\"json\")) {\n return toJson(body);\n } else {\n return body;\n }\n}\n\n// core/fetcher/Headers.ts\nvar Headers2;\nif (typeof globalThis.Headers !== \"undefined\") {\n Headers2 = globalThis.Headers;\n} else {\n Headers2 = class Headers3 {\n constructor(init) {\n this.headers = /* @__PURE__ */ new Map();\n if (init) {\n if (init instanceof Headers3) {\n init.forEach((value, key) => this.append(key, value));\n } else if (Array.isArray(init)) {\n for (const [key, value] of init) {\n if (typeof key === \"string\" && typeof value === \"string\") {\n this.append(key, value);\n } else {\n throw new TypeError(\"Each header entry must be a [string, string] tuple\");\n }\n }\n } else {\n for (const [key, value] of Object.entries(init)) {\n if (typeof value === \"string\") {\n this.append(key, value);\n } else {\n throw new TypeError(\"Header values must be strings\");\n }\n }\n }\n }\n }\n append(name, value) {\n const key = name.toLowerCase();\n const existing = this.headers.get(key) || [];\n this.headers.set(key, [...existing, value]);\n }\n delete(name) {\n const key = name.toLowerCase();\n this.headers.delete(key);\n }\n get(name) {\n const key = name.toLowerCase();\n const values = this.headers.get(key);\n return values ? values.join(\", \") : null;\n }\n has(name) {\n const key = name.toLowerCase();\n return this.headers.has(key);\n }\n set(name, value) {\n const key = name.toLowerCase();\n this.headers.set(key, [value]);\n }\n forEach(callbackfn, thisArg) {\n const boundCallback = thisArg ? callbackfn.bind(thisArg) : callbackfn;\n this.headers.forEach((values, key) => boundCallback(values.join(\", \"), key, this));\n }\n getSetCookie() {\n return this.headers.get(\"set-cookie\") || [];\n }\n *entries() {\n for (const [key, values] of this.headers.entries()) {\n yield [key, values.join(\", \")];\n }\n }\n *keys() {\n yield* this.headers.keys();\n }\n *values() {\n for (const values of this.headers.values()) {\n yield values.join(\", \");\n }\n }\n [Symbol.iterator]() {\n return this.entries();\n }\n };\n}\n\n// core/fetcher/signals.ts\nvar TIMEOUT = \"timeout\";\nfunction getTimeoutSignal(timeoutMs) {\n const controller = new AbortController();\n const abortId = setTimeout(() => controller.abort(TIMEOUT), timeoutMs);\n return { signal: controller.signal, abortId };\n}\nfunction anySignal(...args) {\n const signals = args.length === 1 && Array.isArray(args[0]) ? args[0] : args;\n const controller = new AbortController();\n for (const signal of signals) {\n if (signal.aborted) {\n controller.abort(signal?.reason);\n break;\n }\n signal.addEventListener(\"abort\", () => controller.abort(signal?.reason), {\n signal: controller.signal\n });\n }\n return controller.signal;\n}\n\n// core/fetcher/makeRequest.ts\nvar _cacheNoStoreSupported;\nfunction isCacheNoStoreSupported() {\n if (_cacheNoStoreSupported != null) {\n return _cacheNoStoreSupported;\n }\n try {\n new Request(\"http://localhost\", { cache: \"no-store\" });\n _cacheNoStoreSupported = true;\n } catch {\n _cacheNoStoreSupported = false;\n }\n return _cacheNoStoreSupported;\n}\nvar makeRequest = async (fetchFn, url, method, headers, requestBody, timeoutMs, abortSignal, withCredentials, duplex, disableCache) => {\n const signals = [];\n let timeoutAbortId;\n if (timeoutMs != null) {\n const { signal, abortId } = getTimeoutSignal(timeoutMs);\n timeoutAbortId = abortId;\n signals.push(signal);\n }\n if (abortSignal != null) {\n signals.push(abortSignal);\n }\n const newSignals = anySignal(signals);\n const response = await fetchFn(url, {\n method,\n headers,\n body: requestBody,\n signal: newSignals,\n credentials: withCredentials ? \"include\" : void 0,\n // @ts-ignore\n duplex,\n ...disableCache && isCacheNoStoreSupported() ? { cache: \"no-store\" } : {}\n });\n if (timeoutAbortId != null) {\n clearTimeout(timeoutAbortId);\n }\n return response;\n};\n\n// core/fetcher/RawResponse.ts\nvar abortRawResponse = {\n headers: new Headers2(),\n redirected: false,\n status: 499,\n statusText: \"Client Closed Request\",\n type: \"error\",\n url: \"\"\n};\nvar unknownRawResponse = {\n headers: new Headers2(),\n redirected: false,\n status: 0,\n statusText: \"Unknown Error\",\n type: \"error\",\n url: \"\"\n};\nfunction toRawResponse(response) {\n return {\n headers: response.headers,\n redirected: response.redirected,\n status: response.status,\n statusText: response.statusText,\n type: response.type,\n url: response.url\n };\n}\n\n// core/fetcher/requestWithRetries.ts\nvar INITIAL_RETRY_DELAY = 1e3;\nvar MAX_RETRY_DELAY = 6e4;\nvar DEFAULT_MAX_RETRIES = 2;\nvar JITTER_FACTOR = 0.2;\nfunction isRetryableStatusCode(statusCode) {\n return [408, 429].includes(statusCode) || statusCode >= 500;\n}\nfunction addPositiveJitter(delay) {\n const jitterMultiplier = 1 + Math.random() * JITTER_FACTOR;\n return delay * jitterMultiplier;\n}\nfunction addSymmetricJitter(delay) {\n const jitterMultiplier = 1 + (Math.random() - 0.5) * JITTER_FACTOR;\n return delay * jitterMultiplier;\n}\nfunction getRetryDelayFromHeaders(response, retryAttempt) {\n const retryAfter = response.headers.get(\"Retry-After\");\n if (retryAfter) {\n const retryAfterSeconds = parseInt(retryAfter, 10);\n if (!Number.isNaN(retryAfterSeconds) && retryAfterSeconds > 0) {\n return Math.min(retryAfterSeconds * 1e3, MAX_RETRY_DELAY);\n }\n const retryAfterDate = new Date(retryAfter);\n if (!Number.isNaN(retryAfterDate.getTime())) {\n const delay = retryAfterDate.getTime() - Date.now();\n if (delay > 0) {\n return Math.min(Math.max(delay, 0), MAX_RETRY_DELAY);\n }\n }\n }\n const rateLimitReset = response.headers.get(\"X-RateLimit-Reset\");\n if (rateLimitReset) {\n const resetTime = parseInt(rateLimitReset, 10);\n if (!Number.isNaN(resetTime)) {\n const delay = resetTime * 1e3 - Date.now();\n if (delay > 0) {\n return addPositiveJitter(Math.min(delay, MAX_RETRY_DELAY));\n }\n }\n }\n return addSymmetricJitter(Math.min(INITIAL_RETRY_DELAY * 2 ** retryAttempt, MAX_RETRY_DELAY));\n}\nasync function requestWithRetries(requestFn, maxRetries = DEFAULT_MAX_RETRIES) {\n let response = await requestFn();\n for (let i = 0; i < maxRetries; ++i) {\n if (isRetryableStatusCode(response.status)) {\n const delay = getRetryDelayFromHeaders(response, i);\n await new Promise((resolve) => setTimeout(resolve, delay));\n response = await requestFn();\n } else {\n break;\n }\n }\n return response;\n}\n\n// core/fetcher/Fetcher.ts\nvar SENSITIVE_HEADERS = /* @__PURE__ */ new Set([\n \"authorization\",\n \"www-authenticate\",\n \"x-api-key\",\n \"api-key\",\n \"apikey\",\n \"x-api-token\",\n \"x-auth-token\",\n \"auth-token\",\n \"cookie\",\n \"set-cookie\",\n \"proxy-authorization\",\n \"proxy-authenticate\",\n \"x-csrf-token\",\n \"x-xsrf-token\",\n \"x-session-token\",\n \"x-access-token\"\n]);\nfunction redactHeaders(headers) {\n const filtered = {};\n for (const [key, value] of headers instanceof Headers2 ? headers.entries() : Object.entries(headers)) {\n if (SENSITIVE_HEADERS.has(key.toLowerCase())) {\n filtered[key] = \"[REDACTED]\";\n } else {\n filtered[key] = value;\n }\n }\n return filtered;\n}\nvar SENSITIVE_QUERY_PARAMS = /* @__PURE__ */ new Set([\n \"api_key\",\n \"api-key\",\n \"apikey\",\n \"token\",\n \"access_token\",\n \"access-token\",\n \"auth_token\",\n \"auth-token\",\n \"password\",\n \"passwd\",\n \"secret\",\n \"api_secret\",\n \"api-secret\",\n \"apisecret\",\n \"key\",\n \"session\",\n \"session_id\",\n \"session-id\"\n]);\nfunction redactQueryParameters(queryParameters) {\n if (queryParameters == null) {\n return void 0;\n }\n const redacted = {};\n for (const [key, value] of Object.entries(queryParameters)) {\n redacted[key] = SENSITIVE_QUERY_PARAMS.has(key.toLowerCase()) ? \"[REDACTED]\" : value;\n }\n return redacted;\n}\nfunction redactUrl(url) {\n const protocolIndex = url.indexOf(\"://\");\n if (protocolIndex === -1) return url;\n const afterProtocol = protocolIndex + 3;\n const pathStart = url.indexOf(\"/\", afterProtocol);\n let queryStart = url.indexOf(\"?\", afterProtocol);\n let fragmentStart = url.indexOf(\"#\", afterProtocol);\n const firstDelimiter = Math.min(\n pathStart === -1 ? url.length : pathStart,\n queryStart === -1 ? url.length : queryStart,\n fragmentStart === -1 ? url.length : fragmentStart\n );\n let atIndex = -1;\n for (let i = afterProtocol; i < firstDelimiter; i++) {\n if (url[i] === \"@\") {\n atIndex = i;\n }\n }\n if (atIndex !== -1) {\n url = `${url.slice(0, afterProtocol)}[REDACTED]@${url.slice(atIndex + 1)}`;\n }\n queryStart = url.indexOf(\"?\");\n if (queryStart === -1) return url;\n fragmentStart = url.indexOf(\"#\", queryStart);\n const queryEnd = fragmentStart !== -1 ? fragmentStart : url.length;\n const queryString = url.slice(queryStart + 1, queryEnd);\n if (queryString.length === 0) return url;\n const lower = queryString.toLowerCase();\n const hasSensitive = lower.includes(\"token\") || lower.includes(\"key\") || lower.includes(\"password\") || lower.includes(\"passwd\") || lower.includes(\"secret\") || lower.includes(\"session\") || lower.includes(\"auth\");\n if (!hasSensitive) {\n return url;\n }\n const redactedParams = [];\n const params = queryString.split(\"&\");\n for (const param of params) {\n const equalIndex = param.indexOf(\"=\");\n if (equalIndex === -1) {\n redactedParams.push(param);\n continue;\n }\n const key = param.slice(0, equalIndex);\n let shouldRedact = SENSITIVE_QUERY_PARAMS.has(key.toLowerCase());\n if (!shouldRedact && key.includes(\"%\")) {\n try {\n const decodedKey = decodeURIComponent(key);\n shouldRedact = SENSITIVE_QUERY_PARAMS.has(decodedKey.toLowerCase());\n } catch {\n }\n }\n redactedParams.push(shouldRedact ? `${key}=[REDACTED]` : param);\n }\n return url.slice(0, queryStart + 1) + redactedParams.join(\"&\") + url.slice(queryEnd);\n}\nasync function getHeaders(args) {\n const newHeaders = new Headers2();\n newHeaders.set(\n \"Accept\",\n args.responseType === \"json\" ? \"application/json\" : args.responseType === \"text\" ? \"text/plain\" : args.responseType === \"sse\" ? \"text/event-stream\" : \"*/*\"\n );\n if (args.body !== void 0 && args.contentType != null) {\n newHeaders.set(\"Content-Type\", args.contentType);\n }\n if (args.headers == null) {\n return newHeaders;\n }\n for (const [key, value] of Object.entries(args.headers)) {\n const result = await EndpointSupplier.get(value, { endpointMetadata: args.endpointMetadata ?? {} });\n if (typeof result === \"string\") {\n newHeaders.set(key, result);\n continue;\n }\n if (result == null) {\n continue;\n }\n newHeaders.set(key, `${result}`);\n }\n return newHeaders;\n}\nasync function fetcherImpl(args) {\n let url = args.url;\n if (args.queryString != null && args.queryString.length > 0) {\n url = `${url}?${args.queryString}`;\n } else {\n url = createRequestUrl(args.url, args.queryParameters);\n }\n const requestBody = await getRequestBody({\n body: args.body,\n type: args.requestType ?? \"other\"\n });\n const fetchFn = args.fetchFn ?? await getFetchFn();\n const headers = await getHeaders(args);\n const logger = createLogger(args.logging);\n if (logger.isDebug()) {\n const metadata = {\n method: args.method,\n url: redactUrl(url),\n headers: redactHeaders(headers),\n queryParameters: redactQueryParameters(args.queryParameters),\n hasBody: requestBody != null\n };\n logger.debug(\"Making HTTP request\", metadata);\n }\n try {\n const response = await requestWithRetries(\n async () => makeRequest(\n fetchFn,\n url,\n args.method,\n headers,\n requestBody,\n args.timeoutMs,\n args.abortSignal,\n args.withCredentials,\n args.duplex,\n args.responseType === \"streaming\" || args.responseType === \"sse\"\n ),\n args.maxRetries\n );\n if (response.status >= 200 && response.status < 400) {\n if (logger.isDebug()) {\n const metadata = {\n method: args.method,\n url: redactUrl(url),\n statusCode: response.status,\n responseHeaders: redactHeaders(response.headers)\n };\n logger.debug(\"HTTP request succeeded\", metadata);\n }\n const body = await getResponseBody(response, args.responseType);\n return {\n ok: true,\n body,\n headers: response.headers,\n rawResponse: toRawResponse(response)\n };\n } else {\n if (logger.isError()) {\n const metadata = {\n method: args.method,\n url: redactUrl(url),\n statusCode: response.status,\n responseHeaders: redactHeaders(Object.fromEntries(response.headers.entries()))\n };\n logger.error(\"HTTP request failed with error status\", metadata);\n }\n return {\n ok: false,\n error: {\n reason: \"status-code\",\n statusCode: response.status,\n body: await getErrorResponseBody(response)\n },\n rawResponse: toRawResponse(response)\n };\n }\n } catch (error) {\n if (args.abortSignal?.aborted) {\n if (logger.isError()) {\n const metadata = {\n method: args.method,\n url: redactUrl(url)\n };\n logger.error(\"HTTP request was aborted\", metadata);\n }\n return {\n ok: false,\n error: {\n reason: \"unknown\",\n errorMessage: \"The user aborted a request\",\n cause: error\n },\n rawResponse: abortRawResponse\n };\n } else if (error instanceof Error && error.name === \"AbortError\") {\n if (logger.isError()) {\n const metadata = {\n method: args.method,\n url: redactUrl(url),\n timeoutMs: args.timeoutMs\n };\n logger.error(\"HTTP request timed out\", metadata);\n }\n return {\n ok: false,\n error: {\n reason: \"timeout\",\n cause: error\n },\n rawResponse: abortRawResponse\n };\n } else if (error instanceof Error) {\n if (logger.isError()) {\n const metadata = {\n method: args.method,\n url: redactUrl(url),\n errorMessage: error.message\n };\n logger.error(\"HTTP request failed with error\", metadata);\n }\n return {\n ok: false,\n error: {\n reason: \"unknown\",\n errorMessage: error.message,\n cause: error\n },\n rawResponse: unknownRawResponse\n };\n }\n if (logger.isError()) {\n const metadata = {\n method: args.method,\n url: redactUrl(url),\n error: toJson(error)\n };\n logger.error(\"HTTP request failed with unknown error\", metadata);\n }\n return {\n ok: false,\n error: {\n reason: \"unknown\",\n errorMessage: toJson(error),\n cause: error\n },\n rawResponse: unknownRawResponse\n };\n }\n}\nvar fetcher = fetcherImpl;\n\n// core/fetcher/HttpResponsePromise.ts\nvar HttpResponsePromise = class _HttpResponsePromise extends Promise {\n constructor(promise) {\n super((resolve) => {\n resolve(void 0);\n });\n this.innerPromise = promise;\n }\n /**\n * Creates an `HttpResponsePromise` from a function that returns a promise.\n *\n * @param fn - A function that returns a promise resolving to a `WithRawResponse` object.\n * @param args - Arguments to pass to the function.\n * @returns An `HttpResponsePromise` instance.\n */\n static fromFunction(fn, ...args) {\n return new _HttpResponsePromise(fn(...args));\n }\n /**\n * Creates a function that returns an `HttpResponsePromise` from a function that returns a promise.\n *\n * @param fn - A function that returns a promise resolving to a `WithRawResponse` object.\n * @returns A function that returns an `HttpResponsePromise` instance.\n */\n static interceptFunction(fn) {\n return (...args) => {\n return _HttpResponsePromise.fromPromise(fn(...args));\n };\n }\n /**\n * Creates an `HttpResponsePromise` from an existing promise.\n *\n * @param promise - A promise resolving to a `WithRawResponse` object.\n * @returns An `HttpResponsePromise` instance.\n */\n static fromPromise(promise) {\n return new _HttpResponsePromise(promise);\n }\n /**\n * Creates an `HttpResponsePromise` from an executor function.\n *\n * @param executor - A function that takes resolve and reject callbacks to create a promise.\n * @returns An `HttpResponsePromise` instance.\n */\n static fromExecutor(executor) {\n const promise = new Promise(executor);\n return new _HttpResponsePromise(promise);\n }\n /**\n * Creates an `HttpResponsePromise` from a resolved result.\n *\n * @param result - A `WithRawResponse` object to resolve immediately.\n * @returns An `HttpResponsePromise` instance.\n */\n static fromResult(result) {\n const promise = Promise.resolve(result);\n return new _HttpResponsePromise(promise);\n }\n unwrap() {\n if (!this.unwrappedPromise) {\n this.unwrappedPromise = this.innerPromise.then(({ data }) => data);\n }\n return this.unwrappedPromise;\n }\n /** @inheritdoc */\n then(onfulfilled, onrejected) {\n return this.unwrap().then(onfulfilled, onrejected);\n }\n /** @inheritdoc */\n catch(onrejected) {\n return this.unwrap().catch(onrejected);\n }\n /** @inheritdoc */\n finally(onfinally) {\n return this.unwrap().finally(onfinally);\n }\n /**\n * Retrieves the data and raw response.\n *\n * @returns A promise resolving to a `WithRawResponse` object.\n */\n async withRawResponse() {\n return await this.innerPromise;\n }\n};\n\n// core/url/join.ts\nfunction join(base, ...segments) {\n if (!base) {\n return \"\";\n }\n if (segments.length === 0) {\n return base;\n }\n if (base.includes(\"://\")) {\n let url;\n try {\n url = new URL(base);\n } catch {\n return joinPath(base, ...segments);\n }\n const lastSegment = segments[segments.length - 1];\n const shouldPreserveTrailingSlash = lastSegment?.endsWith(\"/\");\n for (const segment of segments) {\n const cleanSegment = trimSlashes(segment);\n if (cleanSegment) {\n url.pathname = joinPathSegments(url.pathname, cleanSegment);\n }\n }\n if (shouldPreserveTrailingSlash && !url.pathname.endsWith(\"/\")) {\n url.pathname += \"/\";\n }\n return url.toString();\n }\n return joinPath(base, ...segments);\n}\nfunction joinPath(base, ...segments) {\n if (segments.length === 0) {\n return base;\n }\n let result = base;\n const lastSegment = segments[segments.length - 1];\n const shouldPreserveTrailingSlash = lastSegment?.endsWith(\"/\");\n for (const segment of segments) {\n const cleanSegment = trimSlashes(segment);\n if (cleanSegment) {\n result = joinPathSegments(result, cleanSegment);\n }\n }\n if (shouldPreserveTrailingSlash && !result.endsWith(\"/\")) {\n result += \"/\";\n }\n return result;\n}\nfunction joinPathSegments(left, right) {\n if (left.endsWith(\"/\")) {\n return left + right;\n }\n return `${left}/${right}`;\n}\nfunction trimSlashes(str) {\n if (!str) return str;\n let start = 0;\n let end = str.length;\n if (str.startsWith(\"/\")) start = 1;\n if (str.endsWith(\"/\")) end = str.length - 1;\n return start === 0 && end === str.length ? str : str.slice(start, end);\n}\n\n// core/fetcher/Supplier.ts\nvar Supplier = {\n get: async (supplier) => {\n if (typeof supplier === \"function\") {\n return supplier();\n } else {\n return supplier;\n }\n }\n};\n\n// core/fetcher/makePassthroughRequest.ts\nasync function makePassthroughRequest(input, init, clientOptions, requestOptions) {\n const logger = createLogger(clientOptions.logging);\n let url;\n let effectiveInit = init;\n if (input instanceof Request) {\n url = input.url;\n if (init == null) {\n effectiveInit = {\n method: input.method,\n headers: Object.fromEntries(input.headers.entries()),\n body: input.body,\n signal: input.signal,\n credentials: input.credentials,\n cache: input.cache,\n redirect: input.redirect,\n referrer: input.referrer,\n integrity: input.integrity,\n mode: input.mode\n };\n }\n } else {\n url = input instanceof URL ? input.toString() : input;\n }\n const baseUrl = (clientOptions.baseUrl != null ? await Supplier.get(clientOptions.baseUrl) : void 0) ?? (clientOptions.environment != null ? await Supplier.get(clientOptions.environment) : void 0);\n let fullUrl;\n if (url.startsWith(\"http://\") || url.startsWith(\"https://\")) {\n fullUrl = url;\n } else if (baseUrl != null) {\n fullUrl = join(baseUrl, url);\n } else {\n fullUrl = url;\n }\n const mergedHeaders = {};\n if (clientOptions.headers != null) {\n for (const [key, value] of Object.entries(clientOptions.headers)) {\n const resolved = await EndpointSupplier.get(value, { endpointMetadata: {} });\n if (resolved != null) {\n mergedHeaders[key.toLowerCase()] = `${resolved}`;\n }\n }\n }\n if (clientOptions.getAuthHeaders != null) {\n const authHeaders = await clientOptions.getAuthHeaders();\n for (const [key, value] of Object.entries(authHeaders)) {\n mergedHeaders[key.toLowerCase()] = value;\n }\n }\n if (effectiveInit?.headers != null) {\n const initHeaders = effectiveInit.headers instanceof Headers ? Object.fromEntries(effectiveInit.headers.entries()) : Array.isArray(effectiveInit.headers) ? Object.fromEntries(effectiveInit.headers) : effectiveInit.headers;\n for (const [key, value] of Object.entries(initHeaders)) {\n if (value != null) {\n mergedHeaders[key.toLowerCase()] = value;\n }\n }\n }\n if (requestOptions?.headers != null) {\n for (const [key, value] of Object.entries(requestOptions.headers)) {\n mergedHeaders[key.toLowerCase()] = value;\n }\n }\n const method = effectiveInit?.method ?? \"GET\";\n const body = effectiveInit?.body;\n const timeoutInSeconds = requestOptions?.timeoutInSeconds ?? clientOptions.timeoutInSeconds;\n const timeoutMs = timeoutInSeconds != null ? timeoutInSeconds * 1e3 : void 0;\n const maxRetries = requestOptions?.maxRetries ?? clientOptions.maxRetries;\n const abortSignal = requestOptions?.abortSignal ?? effectiveInit?.signal ?? void 0;\n const fetchFn = clientOptions.fetch ?? await getFetchFn();\n if (logger.isDebug()) {\n logger.debug(\"Making passthrough HTTP request\", {\n method,\n url: fullUrl,\n hasBody: body != null\n });\n }\n const response = await requestWithRetries(\n async () => makeRequest(\n fetchFn,\n fullUrl,\n method,\n mergedHeaders,\n body ?? void 0,\n timeoutMs,\n abortSignal,\n effectiveInit?.credentials === \"include\",\n void 0,\n // duplex\n false\n // disableCache\n ),\n maxRetries\n );\n if (logger.isDebug()) {\n logger.debug(\"Passthrough HTTP request completed\", {\n method,\n url: fullUrl,\n statusCode: response.status\n });\n }\n return response;\n}\n\n// core/logging/index.ts\nvar logging_exports = {};\n__export(logging_exports, {\n ConsoleLogger: () => ConsoleLogger,\n LogLevel: () => LogLevel,\n Logger: () => Logger,\n createLogger: () => createLogger\n});\n\n// core/runtime/runtime.ts\nvar RUNTIME = evaluateRuntime();\nfunction evaluateRuntime() {\n const isBrowser = typeof window !== \"undefined\" && typeof window.document !== \"undefined\";\n if (isBrowser) {\n return {\n type: \"browser\",\n version: window.navigator.userAgent\n };\n }\n const isCloudflare = typeof globalThis !== \"undefined\" && globalThis?.navigator?.userAgent === \"Cloudflare-Workers\";\n if (isCloudflare) {\n return {\n type: \"workerd\"\n };\n }\n const isEdgeRuntime = typeof EdgeRuntime === \"string\";\n if (isEdgeRuntime) {\n return {\n type: \"edge-runtime\"\n };\n }\n const isWebWorker = typeof self === \"object\" && typeof self?.importScripts === \"function\" && (self.constructor?.name === \"DedicatedWorkerGlobalScope\" || self.constructor?.name === \"ServiceWorkerGlobalScope\" || self.constructor?.name === \"SharedWorkerGlobalScope\");\n if (isWebWorker) {\n return {\n type: \"web-worker\"\n };\n }\n const isDeno = typeof Deno !== \"undefined\" && typeof Deno.version !== \"undefined\" && typeof Deno.version.deno !== \"undefined\";\n if (isDeno) {\n return {\n type: \"deno\",\n version: Deno.version.deno\n };\n }\n const isBun = typeof Bun !== \"undefined\" && typeof Bun.version !== \"undefined\";\n if (isBun) {\n return {\n type: \"bun\",\n version: Bun.version\n };\n }\n const isReactNative = typeof navigator !== \"undefined\" && navigator?.product === \"ReactNative\";\n if (isReactNative) {\n return {\n type: \"react-native\"\n };\n }\n const _process = typeof process !== \"undefined\" ? process : void 0;\n const isNode = typeof _process !== \"undefined\" && typeof _process.versions?.node === \"string\";\n if (isNode) {\n return {\n type: \"node\",\n version: _process.versions.node,\n parsedVersion: Number(_process.versions.node.split(\".\")[0])\n };\n }\n return {\n type: \"unknown\"\n };\n}\n\n// core/stream/Stream.ts\nvar DATA_PREFIX = \"data:\";\nvar EVENT_PREFIX = \"event:\";\nvar Stream = class {\n constructor({ stream, parse, eventShape, signal }) {\n this.controller = new AbortController();\n this.stream = stream;\n this.parse = parse;\n if (eventShape.type === \"sse\") {\n this.prefix = DATA_PREFIX;\n this.messageTerminator = \"\\n\";\n this.streamTerminator = eventShape.streamTerminator;\n this.eventDiscriminator = eventShape.eventDiscriminator;\n } else {\n this.messageTerminator = eventShape.messageTerminator;\n }\n signal?.addEventListener(\"abort\", () => this.controller.abort());\n if (typeof TextDecoder !== \"undefined\") {\n this.decoder = new TextDecoder(\"utf-8\");\n }\n }\n async *iterMessages() {\n if (this.eventDiscriminator != null) {\n yield* this.iterSseEvents();\n } else {\n yield* this.iterDataMessages();\n }\n }\n async *iterDataMessages() {\n const stream = readableStreamAsyncIterable(this.stream);\n let buf = \"\";\n let prefixSeen = false;\n for await (const chunk of stream) {\n buf += this.decodeChunk(chunk);\n let terminatorIndex;\n while ((terminatorIndex = buf.indexOf(this.messageTerminator)) >= 0) {\n let line = buf.slice(0, terminatorIndex);\n buf = buf.slice(terminatorIndex + this.messageTerminator.length);\n if (!line.trim()) {\n continue;\n }\n if (!prefixSeen && this.prefix != null) {\n const prefixIndex = line.indexOf(this.prefix);\n if (prefixIndex === -1) {\n continue;\n }\n prefixSeen = true;\n line = line.slice(prefixIndex + this.prefix.length);\n }\n if (this.streamTerminator != null && line.includes(this.streamTerminator)) {\n return;\n }\n const message = await this.parse(fromJson(line));\n yield message;\n prefixSeen = false;\n }\n }\n }\n async *iterSseEvents() {\n const stream = readableStreamAsyncIterable(this.stream);\n let buf = \"\";\n let eventType;\n let dataValue;\n for await (const chunk of stream) {\n buf += this.decodeChunk(chunk);\n let terminatorIndex;\n while ((terminatorIndex = buf.indexOf(\"\\n\")) >= 0) {\n const line = buf.slice(0, terminatorIndex).replace(/\\r$/, \"\");\n buf = buf.slice(terminatorIndex + 1);\n if (!line.trim()) {\n if (dataValue != null) {\n const message = await this.dispatchSseEvent(dataValue, eventType);\n if (message == null) {\n return;\n }\n yield message;\n }\n eventType = void 0;\n dataValue = void 0;\n continue;\n }\n if (line.startsWith(EVENT_PREFIX)) {\n eventType = line.slice(EVENT_PREFIX.length).trim();\n } else if (line.startsWith(DATA_PREFIX)) {\n const val = line.slice(DATA_PREFIX.length).trim();\n dataValue = dataValue != null ? `${dataValue}\n${val}` : val;\n }\n }\n }\n if (dataValue != null) {\n const message = await this.dispatchSseEvent(dataValue, eventType);\n if (message != null) {\n yield message;\n }\n }\n }\n /**\n * Parses and returns a single SSE event, or returns null if the event is a stream terminator.\n */\n async dispatchSseEvent(dataValue, eventType) {\n if (this.streamTerminator != null && dataValue.includes(this.streamTerminator)) {\n return null;\n }\n return this.parse(this.injectDiscriminator(fromJson(dataValue), eventType));\n }\n injectDiscriminator(parsed, eventType) {\n if (this.eventDiscriminator == null || eventType == null) {\n return parsed;\n }\n if (parsed == null || typeof parsed !== \"object\" || Array.isArray(parsed)) {\n return parsed;\n }\n const obj = parsed;\n if (this.eventDiscriminator in obj) {\n return parsed;\n }\n return { [this.eventDiscriminator]: eventType, ...obj };\n }\n async *[Symbol.asyncIterator]() {\n for await (const message of this.iterMessages()) {\n yield message;\n }\n }\n decodeChunk(chunk) {\n let decoded = \"\";\n if (this.decoder != null) {\n decoded += this.decoder.decode(chunk, { stream: true });\n } else if (RUNTIME.type === \"node\" && typeof chunk !== \"undefined\") {\n decoded += Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);\n }\n return decoded;\n }\n};\nfunction readableStreamAsyncIterable(stream) {\n if (stream[Symbol.asyncIterator]) {\n return stream;\n }\n const reader = stream.getReader();\n return {\n async next() {\n try {\n const result = await reader.read();\n if (result?.done) {\n reader.releaseLock();\n }\n return result;\n } catch (e) {\n reader.releaseLock();\n throw e;\n }\n },\n async return() {\n const cancelPromise = reader.cancel();\n reader.releaseLock();\n await cancelPromise;\n return { done: true, value: void 0 };\n },\n [Symbol.asyncIterator]() {\n return this;\n }\n };\n}\n\n// core/url/index.ts\nvar url_exports = {};\n__export(url_exports, {\n encodePathParam: () => encodePathParam,\n join: () => join,\n queryBuilder: () => queryBuilder,\n toQueryString: () => toQueryString\n});\n\n// core/url/encodePathParam.ts\nfunction encodePathParam(param) {\n if (param === null) {\n return \"null\";\n }\n const typeofParam = typeof param;\n switch (typeofParam) {\n case \"undefined\":\n return \"undefined\";\n case \"string\":\n case \"number\":\n case \"boolean\":\n break;\n default:\n param = String(param);\n break;\n }\n return encodeURIComponent(param);\n}\n\n// core/url/QueryStringBuilder.ts\nfunction queryBuilder() {\n return new QueryStringBuilder();\n}\nvar QueryStringBuilder = class {\n constructor() {\n this.parts = /* @__PURE__ */ new Map();\n }\n /**\n * Adds a query parameter, serializing it immediately.\n *\n * By default arrays use \"repeat\" format (`key=a&key=b`).\n * Pass `{ style: \"comma\" }` for OpenAPI `explode: false` parameters\n * to get comma-separated values (`key=a,b,c`).\n *\n * Null / undefined values are silently skipped.\n */\n add(key, value, options) {\n if (value === void 0 || value === null) {\n return this;\n }\n const serialized = toQueryString(\n { [key]: value },\n { arrayFormat: options?.style === \"comma\" ? \"comma\" : \"repeat\" }\n );\n if (serialized.length > 0) {\n this.parts.set(key, serialized);\n }\n return this;\n }\n /**\n * Adds multiple query parameters at once from a record.\n * All parameters use the default \"repeat\" array format.\n * Null / undefined values are silently skipped.\n */\n addMany(params) {\n if (params != null) {\n for (const [key, value] of Object.entries(params)) {\n this.add(key, value);\n }\n }\n return this;\n }\n /**\n * Merges additional query parameters supplied at call-time via\n * `requestOptions.queryParams`. Overrides existing keys (last-write-wins).\n */\n mergeAdditional(additionalParams) {\n if (additionalParams != null) {\n for (const [key, value] of Object.entries(additionalParams)) {\n if (value === void 0 || value === null) {\n continue;\n }\n const serialized = toQueryString({ [key]: value }, { arrayFormat: \"repeat\" });\n if (serialized.length > 0) {\n this.parts.set(key, serialized);\n }\n }\n }\n return this;\n }\n /**\n * Returns the assembled query string (without the leading `?`).\n * Returns an empty string when no parameters were added.\n */\n build() {\n return [...this.parts.values()].join(\"&\");\n }\n};\n\n// auth/BearerAuthProvider.ts\nvar TOKEN_PARAM = \"token\";\nvar BearerAuthProvider = class _BearerAuthProvider {\n constructor(options) {\n this.options = options;\n }\n static canCreate(options) {\n return options?.[TOKEN_PARAM] != null;\n }\n async getAuthRequest({\n endpointMetadata\n } = {}) {\n const token = await Supplier.get(this.options[TOKEN_PARAM]);\n if (token == null) {\n throw new VectrosError({\n message: _BearerAuthProvider.AUTH_CONFIG_ERROR_MESSAGE\n });\n }\n return {\n headers: { Authorization: `Bearer ${token}` }\n };\n }\n};\n((BearerAuthProvider2) => {\n BearerAuthProvider2.AUTH_SCHEME = \"BearerAuth\";\n BearerAuthProvider2.AUTH_CONFIG_ERROR_MESSAGE = `Please provide '${TOKEN_PARAM}' when initializing the client`;\n function createInstance(options) {\n return new BearerAuthProvider2(options);\n }\n BearerAuthProvider2.createInstance = createInstance;\n})(BearerAuthProvider || (BearerAuthProvider = {}));\n\n// core/headers.ts\nfunction mergeHeaders(...headersArray) {\n const result = {};\n for (const [key, value] of headersArray.filter((headers) => headers != null).flatMap((headers) => Object.entries(headers))) {\n const insensitiveKey = key.toLowerCase();\n if (value != null) {\n result[insensitiveKey] = value;\n } else if (insensitiveKey in result) {\n delete result[insensitiveKey];\n }\n }\n return result;\n}\n\n// BaseClient.ts\nfunction normalizeClientOptions(options) {\n const headers = mergeHeaders(\n {\n \"X-Fern-Language\": \"JavaScript\",\n \"X-Fern-Runtime\": RUNTIME.type,\n \"X-Fern-Runtime-Version\": RUNTIME.version\n },\n options?.headers\n );\n return {\n ...options,\n logging: logging_exports.createLogger(options?.logging),\n headers\n };\n}\nfunction normalizeClientOptionsWithAuth(options) {\n const normalized = normalizeClientOptions(options);\n if (options.auth === false) {\n normalized.authProvider = new NoOpAuthProvider();\n return normalized;\n }\n if (options.auth != null) {\n if (typeof options.auth === \"function\") {\n normalized.authProvider = { getAuthRequest: options.auth };\n return normalized;\n }\n if (isAuthProvider(options.auth)) {\n normalized.authProvider = options.auth;\n return normalized;\n }\n Object.assign(normalized, options.auth);\n }\n const normalizedWithNoOpAuthProvider = withNoOpAuthProvider(normalized);\n normalized.authProvider ?? (normalized.authProvider = new BearerAuthProvider(normalizedWithNoOpAuthProvider));\n return normalized;\n}\nfunction withNoOpAuthProvider(options) {\n return {\n ...options,\n authProvider: new NoOpAuthProvider()\n };\n}\n\n// errors/handleNonStatusCodeError.ts\nfunction handleNonStatusCodeError(error, rawResponse, method, path) {\n switch (error.reason) {\n case \"non-json\":\n throw new VectrosError({\n statusCode: error.statusCode,\n body: error.rawBody,\n rawResponse\n });\n case \"body-is-null\":\n throw new VectrosError({\n statusCode: error.statusCode,\n rawResponse\n });\n case \"timeout\":\n throw new VectrosTimeoutError(`Timeout exceeded when calling ${method} ${path}.`, {\n cause: error.cause\n });\n case \"unknown\":\n throw new VectrosError({\n message: error.errorMessage,\n rawResponse,\n cause: error.cause\n });\n default:\n throw new VectrosError({\n message: \"Unknown error\",\n rawResponse\n });\n }\n}\n\n// api/resources/auth/client/Client.ts\nvar AuthClient = class {\n constructor(options) {\n this._options = normalizeClientOptionsWithAuth(options);\n }\n /**\n * Returns the platform's JWT signing public key in RFC 7517 JWKS format. Use it with any JWKS-aware JWT library to verify `inv_*` invite tokens, `st_*` scoped tokens, and other platform-signed tokens locally, without calling back to the API for each verification. The response carries a one-hour `Cache-Control`, so cache it and re-fetch roughly hourly rather than on every verification. The `kid` value changes when the key rotates; re-fetch this document whenever you encounter a token signed with an unknown `kid`.\n *\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.InternalServerError}\n *\n * @example\n * await client.auth.getJwks()\n */\n getJwks(requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getJwks(requestOptions));\n }\n async __getJwks(requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/auth/jwks\"\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 500:\n throw new InternalServerError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/auth/jwks\");\n }\n /**\n * Returns a page of per-subject PHI read-access rows: who read which subject's PHI, when, against which record, and whether any sensitive value was actually revealed in plaintext. Metadata only — never the PHI itself. This is the disclosure-accounting surface from which a covered entity derives its HIPAA §164.528 accounting of disclosures. Provide at least one query axis: a subject (`subjectType` + `subjectId`, plus optional `clientId`) within a `contextId` for the primary accounting query; `resourceId` within a `contextId` for 'who read this record'; `callerKeyId` for 'what did this credential read' (account-wide forensic); or `contextId` alone to enumerate a whole context. `from`/`to` bound the time window. Results are scoped to your account, derived from your token — never from input. Requires the `access-log:r` scope.\n *\n * @param {Vectros.GetAccessLogRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n * @throws {@link Vectros.ForbiddenError}\n *\n * @example\n * await client.auth.getAccessLog({\n * subjectType: \"user\",\n * subjectId: \"user_abc123\",\n * contextId: \"ctx_intake\",\n * clientId: \"client_xyz789\",\n * action: \"read\",\n * callerKeyId: \"key_abc123\",\n * resourceType: \"intake_form\",\n * resourceId: \"rec_456\"\n * })\n */\n getAccessLog(request = {}, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getAccessLog(request, requestOptions));\n }\n async __getAccessLog(request = {}, requestOptions) {\n const {\n subjectType,\n subjectId,\n contextId,\n clientId,\n from: from_,\n to,\n action,\n callerKeyId,\n resourceType,\n resourceId,\n revealedSensitive,\n startFrom,\n limit\n } = request;\n const _queryParams = {\n subjectType,\n subjectId,\n contextId,\n clientId,\n from: from_,\n to,\n action,\n callerKeyId,\n resourceType,\n resourceId,\n revealedSensitive,\n startFrom,\n limit\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/admin/access-log\"\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/admin/access-log\");\n }\n /**\n * Lists all of your scoped API keys (`ssk_*`) across both your live and test environments. Revoked keys are excluded. Requires the `keys:r` scope.\n *\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n *\n * @example\n * await client.auth.listScopedKeys()\n */\n listScopedKeys(requestOptions) {\n return HttpResponsePromise.fromPromise(this.__listScopedKeys(requestOptions));\n }\n async __listScopedKeys(requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/admin/keys/scoped\"\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/admin/keys/scoped\");\n }\n /**\n * Creates a scoped API key (an `ssk_*` secret) that inherits its permissions from an existing access profile in your account. The call is idempotent on the combination of tenant, context, user, and key name: re-issuing the same request returns the existing key WITHOUT re-disclosing its raw secret. The raw key is returned ONLY in this response — store it securely, as it cannot be retrieved again. Requires the `keys:c` scope.\n *\n * @param {Vectros.CreateScopedKeyRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.auth.createScopedKey({\n * keyName: \"research-bot production\",\n * tenantId: \"ten_live_xxx\",\n * contextId: \"myapp\",\n * userId: \"alice-001\"\n * })\n */\n createScopedKey(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__createScopedKey(request, requestOptions));\n }\n async __createScopedKey(request, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/admin/keys/scoped\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/admin/keys/scoped\");\n }\n /**\n * Returns the metadata for a single scoped API key. The raw secret is NOT included — it is only ever returned once, when the key is first created. Requires the `keys:r` scope.\n *\n * @param {Vectros.GetScopedKeyRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.auth.getScopedKey({\n * keyId: \"keyId\"\n * })\n */\n getScopedKey(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getScopedKey(request, requestOptions));\n }\n async __getScopedKey(request, requestOptions) {\n const { keyId } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/admin/keys/scoped/${url_exports.encodePathParam(keyId)}`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/admin/keys/scoped/{keyId}\");\n }\n /**\n * Revokes a scoped API key. Its status changes to `revoked` and it stops working within about 5 minutes, the maximum time authorization is cached. Revocation is permanent. Requires the `keys:d` scope.\n *\n * @param {Vectros.RevokeScopedKeyRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.auth.revokeScopedKey({\n * keyId: \"keyId\"\n * })\n */\n revokeScopedKey(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__revokeScopedKey(request, requestOptions));\n }\n async __revokeScopedKey(request, requestOptions) {\n const { keyId } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/admin/keys/scoped/${url_exports.encodePathParam(keyId)}`\n ),\n method: \"DELETE\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: void 0, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(\n _response.error,\n _response.rawResponse,\n \"DELETE\",\n \"/v1/admin/keys/scoped/{keyId}\"\n );\n }\n /**\n * Returns recent API call logs for your account. Each entry represents one API request; request and response bodies are never logged. `startTime` and `endTime` must be ISO-8601 UTC (e.g. `2025-01-15T09:00:00Z`); `endTime` defaults to now. Filter by resource, method, key id, or context id, or set `errorsOnly` to see only failures. Results are scoped to your account, derived from your token — never from input. Requires the `logs:r` scope.\n *\n * @param {Vectros.GetAdminLogsRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n * @throws {@link Vectros.ForbiddenError}\n *\n * @example\n * await client.auth.getAdminLogs({\n * startTime: \"startTime\",\n * resource: \"documents\",\n * method: \"POST\",\n * keyId: \"key_abc123\",\n * contextId: \"ctx_intake\"\n * })\n */\n getAdminLogs(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getAdminLogs(request, requestOptions));\n }\n async __getAdminLogs(request, requestOptions) {\n const { startTime, endTime, resource, method, keyId, contextId, errorsOnly, limit } = request;\n const _queryParams = {\n startTime,\n endTime,\n resource,\n method,\n keyId,\n contextId,\n errorsOnly,\n limit\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/admin/logs\"\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/admin/logs\");\n }\n /**\n * Returns the access profiles assigned within the given app context — in effect, who has access to this context and with what scopes. Each profile binds a principal to either a set of inline scopes or a referenced role. Results are paginated. Requires the `profiles:r` scope.\n *\n * @param {Vectros.ListAccessProfilesRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.auth.listAccessProfiles({\n * contextId: \"myapp\"\n * })\n */\n listAccessProfiles(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__listAccessProfiles(request, requestOptions));\n }\n async __listAccessProfiles(request, requestOptions) {\n const { contextId, startFrom, limit } = request;\n const _queryParams = {\n startFrom,\n limit\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/app-contexts/${url_exports.encodePathParam(contextId)}/profiles`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(\n _response.error,\n _response.rawResponse,\n \"GET\",\n \"/v1/app-contexts/{contextId}/profiles\"\n );\n }\n /**\n * Creates a new access profile under the given app context. This call is idempotent by `principalId`: if a profile with the same `principalId` already exists, the existing profile is returned (with status 200) instead of creating a duplicate. You must provide exactly one of `scopes` (an inline list of scopes) or `roleId` (a reference to a role); supplying both, or neither, is rejected. `identityOverrides` may set only `orgId` and `clientId`; any other key (including the account identifier or `userId`) is rejected. If you use a scoped credential, the profile's effective scopes may not exceed your own; a root API key (`sk_`) is exempt. Requires the `profiles:c` scope.\n *\n * @param {Vectros.CreateAccessProfileRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.auth.createAccessProfile({\n * contextId: \"contextId\",\n * body: {\n * principalId: \"usr_6ba7b810-9dad-11d1-80b4-00c04fd430c8\"\n * }\n * })\n */\n createAccessProfile(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__createAccessProfile(request, requestOptions));\n }\n async __createAccessProfile(request, requestOptions) {\n const { contextId, body: _body } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/app-contexts/${url_exports.encodePathParam(contextId)}/profiles`\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: _body,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(\n _response.error,\n _response.rawResponse,\n \"POST\",\n \"/v1/app-contexts/{contextId}/profiles\"\n );\n }\n /**\n * Returns a paginated list of the app contexts in your account. Each app context is a namespace that groups the access profiles and roles for one of your applications. Requires the `app-contexts:r` scope.\n *\n * @param {Vectros.ListAppContextsRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n *\n * @example\n * await client.auth.listAppContexts()\n */\n listAppContexts(request = {}, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__listAppContexts(request, requestOptions));\n }\n async __listAppContexts(request = {}, requestOptions) {\n const { startFrom, limit } = request;\n const _queryParams = {\n startFrom,\n limit\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/app-contexts\"\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/app-contexts\");\n }\n /**\n * Creates a new app context. This call is idempotent by `contextId`: if an app context with the same `contextId` already exists, the existing app context is returned (with status 200) instead of creating a duplicate. The reserved `contextId` value `vectros-admin` cannot be created through this endpoint; it is provisioned automatically for your account. Requires the `app-contexts:c` scope.\n *\n * @param {Vectros.AppContextRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n * @throws {@link Vectros.ForbiddenError}\n *\n * @example\n * await client.auth.createAppContext({\n * contextId: \"myapp\",\n * name: \"My Internal App\"\n * })\n */\n createAppContext(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__createAppContext(request, requestOptions));\n }\n async __createAppContext(request, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/app-contexts\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/app-contexts\");\n }\n /**\n * Returns the roles defined under the given app context. A role is a reusable, named bundle of scopes that access profiles can reference instead of listing scopes inline. Results are paginated. Requires the `profiles:r` scope.\n *\n * @param {Vectros.ListRolesRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.auth.listRoles({\n * contextId: \"myapp\"\n * })\n */\n listRoles(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__listRoles(request, requestOptions));\n }\n async __listRoles(request, requestOptions) {\n const { contextId, startFrom, limit } = request;\n const _queryParams = {\n startFrom,\n limit\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/app-contexts/${url_exports.encodePathParam(contextId)}/roles`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(\n _response.error,\n _response.rawResponse,\n \"GET\",\n \"/v1/app-contexts/{contextId}/roles\"\n );\n }\n /**\n * Creates a new role under the given app context. This call is idempotent by `roleId`: if a role with the same `roleId` already exists, the existing role is returned (with status 200) instead of creating a duplicate. If you use a scoped credential, the role's scopes may not exceed your own; a root API key (`sk_`) is exempt. Requires the `profiles:c` scope.\n *\n * @param {Vectros.CreateRoleRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.auth.createRole({\n * contextId: \"contextId\",\n * body: {\n * roleId: \"engineering-member\",\n * name: \"Engineering Team Member\",\n * scopes: [{\n * allowed_actions: [\"read\", \"write\"]\n * }]\n * }\n * })\n */\n createRole(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__createRole(request, requestOptions));\n }\n async __createRole(request, requestOptions) {\n const { contextId, body: _body } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/app-contexts/${url_exports.encodePathParam(contextId)}/roles`\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: _body,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(\n _response.error,\n _response.rawResponse,\n \"POST\",\n \"/v1/app-contexts/{contextId}/roles\"\n );\n }\n /**\n * Returns a single access profile by its `principalId` within the given app context. Requires the `profiles:r` scope.\n *\n * @param {Vectros.GetAccessProfileRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.auth.getAccessProfile({\n * contextId: \"contextId\",\n * principalId: \"principalId\"\n * })\n */\n getAccessProfile(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getAccessProfile(request, requestOptions));\n }\n async __getAccessProfile(request, requestOptions) {\n const { contextId, principalId } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/app-contexts/${url_exports.encodePathParam(contextId)}/profiles/${url_exports.encodePathParam(principalId)}`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(\n _response.error,\n _response.rawResponse,\n \"GET\",\n \"/v1/app-contexts/{contextId}/profiles/{principalId}\"\n );\n }\n /**\n * Updates an access profile. This is a partial update: any field you omit (or send as null) keeps its existing value. A profile must reference either inline `scopes` or a `roleId`, never both — so setting `scopes` clears any `roleId`, and setting `roleId` clears any inline `scopes`. The `contextId` and `principalId` are immutable. Status changes (for example active to suspended) take effect within about five minutes. If you use a scoped credential, the profile's effective scopes may not exceed your own; a root API key (`sk_`) is exempt. Requires the `profiles:u` scope.\n *\n * @param {Vectros.UpdateAccessProfileRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.auth.updateAccessProfile({\n * contextId: \"contextId\",\n * principalId: \"principalId\",\n * body: {\n * principalId: \"usr_6ba7b810-9dad-11d1-80b4-00c04fd430c8\"\n * }\n * })\n */\n updateAccessProfile(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__updateAccessProfile(request, requestOptions));\n }\n async __updateAccessProfile(request, requestOptions) {\n const { contextId, principalId, body: _body } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/app-contexts/${url_exports.encodePathParam(contextId)}/profiles/${url_exports.encodePathParam(principalId)}`\n ),\n method: \"PUT\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: _body,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(\n _response.error,\n _response.rawResponse,\n \"PUT\",\n \"/v1/app-contexts/{contextId}/profiles/{principalId}\"\n );\n }\n /**\n * Deletes an access profile. Within about five minutes (the access-profile cache lifetime), token minting for this principal in this context will be denied. Requires the `profiles:d` scope.\n *\n * @param {Vectros.DeleteAccessProfileRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.auth.deleteAccessProfile({\n * contextId: \"contextId\",\n * principalId: \"principalId\"\n * })\n */\n deleteAccessProfile(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__deleteAccessProfile(request, requestOptions));\n }\n async __deleteAccessProfile(request, requestOptions) {\n const { contextId, principalId } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/app-contexts/${url_exports.encodePathParam(contextId)}/profiles/${url_exports.encodePathParam(principalId)}`\n ),\n method: \"DELETE\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: void 0, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(\n _response.error,\n _response.rawResponse,\n \"DELETE\",\n \"/v1/app-contexts/{contextId}/profiles/{principalId}\"\n );\n }\n /**\n * Returns a single app context by its `contextId`. Requires the `app-contexts:r` scope.\n *\n * @param {Vectros.GetAppContextRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.auth.getAppContext({\n * contextId: \"myapp\"\n * })\n */\n getAppContext(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getAppContext(request, requestOptions));\n }\n async __getAppContext(request, requestOptions) {\n const { contextId } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/app-contexts/${url_exports.encodePathParam(contextId)}`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/app-contexts/{contextId}\");\n }\n /**\n * Updates the name and/or description of an app context. This is a partial update: any field you omit (or send as null) keeps its existing value. The `contextId` is immutable and is taken from the URL path, so any `contextId` in the request body is ignored. Requires the `app-contexts:u` scope.\n *\n * @param {Vectros.UpdateAppContextRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.auth.updateAppContext({\n * contextId: \"contextId\",\n * body: {\n * contextId: \"myapp\",\n * name: \"My Internal App\"\n * }\n * })\n */\n updateAppContext(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__updateAppContext(request, requestOptions));\n }\n async __updateAppContext(request, requestOptions) {\n const { contextId, body: _body } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/app-contexts/${url_exports.encodePathParam(contextId)}`\n ),\n method: \"PUT\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: _body,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"PUT\", \"/v1/app-contexts/{contextId}\");\n }\n /**\n * Permanently deletes an app context and everything in it — every record, document, folder, schema, role, and access profile belonging to the context. This is irreversible. The deletion runs asynchronously: the call returns 202 immediately and the context's data drains in the background. Poll the context's `status` field to observe when the teardown completes (`purging` while draining, then `deleted`). To guard against accidental deletion, you must echo the contextId back in the `confirm` query parameter (`?confirm={contextId}`). The reserved `default` and `vectros-admin` contexts cannot be deleted. This operation requires a root API key (one beginning with `sk_`): no scoped credential, not even one with full wildcard (`*`) scope, can trigger this teardown.\n *\n * @param {Vectros.DeleteAppContextRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.auth.deleteAppContext({\n * contextId: \"contextId\"\n * })\n */\n deleteAppContext(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__deleteAppContext(request, requestOptions));\n }\n async __deleteAppContext(request, requestOptions) {\n const { contextId, confirm } = request;\n const _queryParams = {\n confirm\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/app-contexts/${url_exports.encodePathParam(contextId)}`\n ),\n method: \"DELETE\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: void 0, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(\n _response.error,\n _response.rawResponse,\n \"DELETE\",\n \"/v1/app-contexts/{contextId}\"\n );\n }\n /**\n * Returns a single role by its `roleId` within the given app context. Requires the `profiles:r` scope.\n *\n * @param {Vectros.GetRoleRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.auth.getRole({\n * contextId: \"contextId\",\n * roleId: \"roleId\"\n * })\n */\n getRole(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getRole(request, requestOptions));\n }\n async __getRole(request, requestOptions) {\n const { contextId, roleId } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/app-contexts/${url_exports.encodePathParam(contextId)}/roles/${url_exports.encodePathParam(roleId)}`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(\n _response.error,\n _response.rawResponse,\n \"GET\",\n \"/v1/app-contexts/{contextId}/roles/{roleId}\"\n );\n }\n /**\n * Updates a role. This is a partial update: any field you omit (or send as null) keeps its existing value. The `roleId` and `contextId` are immutable. Scope changes take effect for access profiles that reference this role within about five minutes. If you use a scoped credential, the role's scopes may not exceed your own; a root API key (`sk_`) is exempt. Requires the `profiles:u` scope.\n *\n * @param {Vectros.UpdateRoleRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.auth.updateRole({\n * contextId: \"contextId\",\n * roleId: \"roleId\",\n * body: {\n * roleId: \"engineering-member\",\n * name: \"Engineering Team Member\",\n * scopes: [{\n * allowed_actions: [\"read\", \"write\"]\n * }]\n * }\n * })\n */\n updateRole(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__updateRole(request, requestOptions));\n }\n async __updateRole(request, requestOptions) {\n const { contextId, roleId, body: _body } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/app-contexts/${url_exports.encodePathParam(contextId)}/roles/${url_exports.encodePathParam(roleId)}`\n ),\n method: \"PUT\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: _body,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(\n _response.error,\n _response.rawResponse,\n \"PUT\",\n \"/v1/app-contexts/{contextId}/roles/{roleId}\"\n );\n }\n /**\n * Deletes a role. A role that is still referenced by one or more access profiles cannot be deleted: the request is rejected with 409. Reassign or delete those profiles first, then retry. Requires the `profiles:d` scope.\n *\n * @param {Vectros.DeleteRoleRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.auth.deleteRole({\n * contextId: \"contextId\",\n * roleId: \"roleId\"\n * })\n */\n deleteRole(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__deleteRole(request, requestOptions));\n }\n async __deleteRole(request, requestOptions) {\n const { contextId, roleId } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/app-contexts/${url_exports.encodePathParam(contextId)}/roles/${url_exports.encodePathParam(roleId)}`\n ),\n method: \"DELETE\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: void 0, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(\n _response.error,\n _response.rawResponse,\n \"DELETE\",\n \"/v1/app-contexts/{contextId}/roles/{roleId}\"\n );\n }\n /**\n * Returns the audit trail of changes (create, update, and delete events) for an access profile, most recent first. Version history is always recorded for every access profile; there is no setting to turn it off. Results are paginated. Requires the `profiles:r` scope.\n *\n * @param {Vectros.GetAccessProfileVersionsRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.auth.getAccessProfileVersions({\n * contextId: \"contextId\",\n * principalId: \"principalId\"\n * })\n */\n getAccessProfileVersions(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getAccessProfileVersions(request, requestOptions));\n }\n async __getAccessProfileVersions(request, requestOptions) {\n const { contextId, principalId, startFrom } = request;\n const _queryParams = {\n startFrom\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/app-contexts/${url_exports.encodePathParam(contextId)}/profiles/${url_exports.encodePathParam(principalId)}/versions`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(\n _response.error,\n _response.rawResponse,\n \"GET\",\n \"/v1/app-contexts/{contextId}/profiles/{principalId}/versions\"\n );\n }\n /**\n * Returns the audit trail of changes (create, update, and delete events) for a role, newest first. Version history is always recorded for every role; there is no setting to turn it off. Results are paginated. Requires the `profiles:r` scope.\n *\n * @param {Vectros.GetRoleVersionsRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.auth.getRoleVersions({\n * contextId: \"myapp\",\n * roleId: \"roleId\"\n * })\n */\n getRoleVersions(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getRoleVersions(request, requestOptions));\n }\n async __getRoleVersions(request, requestOptions) {\n const { contextId, roleId, startFrom } = request;\n const _queryParams = {\n startFrom\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/app-contexts/${url_exports.encodePathParam(contextId)}/roles/${url_exports.encodePathParam(roleId)}/versions`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(\n _response.error,\n _response.rawResponse,\n \"GET\",\n \"/v1/app-contexts/{contextId}/roles/{roleId}/versions\"\n );\n }\n /**\n * Returns full usage detail for the requested calendar month, broken down by category (search, documents, and records) with per-category credit estimates and a split between your live and test environments. Defaults to the current month when `year` and `month` are omitted. Requires the `billing:r` scope on scoped tokens; API keys always have access.\n *\n * @param {Vectros.GetUsageRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n * @throws {@link Vectros.ForbiddenError}\n *\n * @example\n * await client.auth.getUsage({\n * contextId: \"default\"\n * })\n */\n getUsage(request = {}, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getUsage(request, requestOptions));\n }\n async __getUsage(request = {}, requestOptions) {\n const { year, month, contextId } = request;\n const _queryParams = {\n year,\n month,\n contextId\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/usage\"\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/usage\");\n }\n /**\n * Returns the identity bound to your credential — your account, principal type, key id, and scope details — so you can confirm who you are authenticated as and that the credential is valid. MCP clients use this to render \"signed in as ...\" in a chat UI without a separate identity endpoint.\n *\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @example\n * await client.auth.ping()\n */\n ping(requestOptions) {\n return HttpResponsePromise.fromPromise(this.__ping(requestOptions));\n }\n async __ping(requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/ping\"\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/ping\");\n }\n /**\n * Returns the access profiles for the given principal across all of your contexts. Use this to answer questions like \"which apps does this user have access to?\" — for example, to build a member-access summary. Results are confined to your account. Requires the `profiles:r` scope.\n *\n * @param {Vectros.ListProfilesForPrincipalRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n * @throws {@link Vectros.ForbiddenError}\n *\n * @example\n * await client.auth.listProfilesForPrincipal({\n * principalId: \"usr_6ba7b810-9dad-11d1-80b4-00c04fd430c8\"\n * })\n */\n listProfilesForPrincipal(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__listProfilesForPrincipal(request, requestOptions));\n }\n async __listProfilesForPrincipal(request, requestOptions) {\n const { principalId, startFrom, limit } = request;\n const _queryParams = {\n startFrom,\n limit\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/principals/${url_exports.encodePathParam(principalId)}/profiles`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(\n _response.error,\n _response.rawResponse,\n \"GET\",\n \"/v1/principals/{principalId}/profiles\"\n );\n }\n /**\n * Creates a short-lived JWT bearer token restricted to specific actions and, optionally, to a particular user, organization, or client. Use this to hand a narrowly-scoped credential to a browser or downstream service so it never sees your root API key. Only callable with a root API key (`sk_*`).\n *\n * @param {Vectros.TokenRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n * @throws {@link Vectros.ForbiddenError}\n *\n * @example\n * await client.auth.mintToken({\n * userId: \"550e8400-e29b-41d4-a716-446655440000\",\n * scope: {\n * allowedActions: [\"records:crud\", \"schemas:r\"],\n * identity: {\n * \"userId\": \"550e8400-e29b-41d4-a716-446655440000\"\n * },\n * dataScope: {\n * \"orgId\": [\"6ba7b810-9dad-11d1-80b4-00c04fd430c8\"]\n * }\n * },\n * expiresInSeconds: 3600\n * })\n */\n mintToken(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__mintToken(request, requestOptions));\n }\n async __mintToken(request, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/auth/token\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/auth/token\");\n }\n /**\n * Invite a new member to one of your app contexts by email. Creates a pending user with a pre-resolved access profile (their permissions on accept) and signs an invitation token. This call is idempotent on the combination of context and email: re-inviting the same email in the same context rotates the token and resends the invitation rather than creating a duplicate. Returns HTTP 201 on a new invite or a successful resend. Returns 409 if that email already belongs to an active or suspended member of the app context, or already has an identity elsewhere in your account (an email can currently belong to only one tenant per account, i.e. your test and live environments cannot share an email). When `sendEmail` is false, the response includes the raw token and a ready-to-use accept link so you can deliver the invitation through your own email provider. Requires the `admin:users` scope.\n *\n * @param {Vectros.CreateInviteRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotFoundError}\n * @throws {@link Vectros.ConflictError}\n *\n * @example\n * await client.auth.createInvite({\n * email: \"bob@example.com\",\n * contextId: \"myapp\",\n * accessProfile: {}\n * })\n */\n createInvite(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__createInvite(request, requestOptions));\n }\n async __createInvite(request, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/users/invite\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n case 409:\n throw new ConflictError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/users/invite\");\n }\n /**\n * Resend an outstanding invitation, identified by its email and app context. Rotates the invitation token and extends its expiry, then (when `sendEmail` is true) re-delivers the email. Rotating the token invalidates any previously issued link for this invitation, so only the newest link works. The invitee's pending permissions are left unchanged. Requires the `admin:users` scope.\n *\n * @param {Vectros.CreateInviteRequest} request\n * @param {AuthClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.auth.resendInvite({\n * email: \"bob@example.com\",\n * contextId: \"myapp\",\n * accessProfile: {}\n * })\n */\n resendInvite(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__resendInvite(request, requestOptions));\n }\n async __resendInvite(request, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/users/invite/resend\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/users/invite/resend\");\n }\n};\n\n// api/resources/compliance/client/Client.ts\nvar ComplianceClient = class {\n constructor(options) {\n this._options = normalizeClientOptionsWithAuth(options);\n }\n /**\n * Submits a right-to-erasure request for a single end-subject (a user, client, or organization). Erasure removes exactly the data the subject solely owns across the declared contexts, plus the subject's identity and lookup rows. It never touches another account's data and never cascades into another subject's data. The request is asynchronous: it returns 202 with a `requestId`; poll `GET /v1/erasure-requests/{id}` until the job completes to obtain the completion certificate. Requires a root API key — a scoped credential is rejected with 403.\n *\n * @param {Vectros.ErasureRequest} request\n * @param {ComplianceClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotImplementedError}\n *\n * @example\n * await client.compliance.createErasureRequest({\n * subjectType: \"user\"\n * })\n */\n createErasureRequest(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__createErasureRequest(request, requestOptions));\n }\n async __createErasureRequest(request, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/erasure-requests\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 501:\n throw new NotImplementedError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/erasure-requests\");\n }\n /**\n * Polls an erasure request by id. While the job is still running this returns its status only; once it completes, the response also includes the verifiable completion certificate (which contexts were swept, per-context deletion counts, and reports of dangling references and shared rows that were left intact). Requires a root API key.\n *\n * @param {Vectros.GetErasureRequestRequest} request\n * @param {ComplianceClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotFoundError}\n * @throws {@link Vectros.NotImplementedError}\n *\n * @example\n * await client.compliance.getErasureRequest({\n * id: \"er_550e8400e29b41d4a716446655440000\"\n * })\n */\n getErasureRequest(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getErasureRequest(request, requestOptions));\n }\n async __getErasureRequest(request, requestOptions) {\n const { id } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/erasure-requests/${url_exports.encodePathParam(id)}`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n case 501:\n throw new NotImplementedError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/erasure-requests/{id}\");\n }\n /**\n * Submits an asynchronous job to export your account's data, or a single end-subject's data, across the requested contexts. The request returns 202 with an `exportJobId`; poll `GET /v1/admin/export/{id}` until the job completes to obtain a short-lived presigned download URL and a manifest describing the payload. Requires a root API key — a scoped credential is rejected with 403.\n *\n * @param {Vectros.ExportRequest} request\n * @param {ComplianceClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotImplementedError}\n *\n * @example\n * await client.compliance.createExport()\n */\n createExport(request = {}, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__createExport(request, requestOptions));\n }\n async __createExport(request = {}, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/admin/export\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 501:\n throw new NotImplementedError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/admin/export\");\n }\n /**\n * Polls an export job by id. While the job is still running this returns its status only; once it completes, the response also includes a short-lived presigned download URL and a manifest (format version and per-context counts). Requires a root API key.\n *\n * @param {Vectros.GetExportRequest} request\n * @param {ComplianceClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotFoundError}\n * @throws {@link Vectros.NotImplementedError}\n *\n * @example\n * await client.compliance.getExport({\n * id: \"exp_550e8400e29b41d4a716446655440000\"\n * })\n */\n getExport(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getExport(request, requestOptions));\n }\n async __getExport(request, requestOptions) {\n const { id } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/admin/export/${url_exports.encodePathParam(id)}`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n case 501:\n throw new NotImplementedError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/admin/export/{id}\");\n }\n};\n\n// api/resources/documents/client/Client.ts\nvar DocumentsClient = class {\n constructor(options) {\n this._options = normalizeClientOptionsWithAuth(options);\n }\n /**\n * Returns a paginated list of your documents, optionally filtered by folder (`folderId`) and/or owner (`userId`, `orgId`, or `clientId`). The response is a `{data, nextCursor}` envelope; pass `nextCursor` back as `startFrom` to fetch the next page. Requires the `documents:r` scope.\n *\n * @param {Vectros.ListDocumentsRequest} request\n * @param {DocumentsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @example\n * await client.documents.listDocuments({\n * userId: \"550e8400-e29b-41d4-a716-446655440000\",\n * orgId: \"6ba7b810-9dad-11d1-80b4-00c04fd430c8\",\n * clientId: \"f47ac10b-58cc-4372-a567-0e02b2c3d479\",\n * folderId: \"f47ac10b-58cc-4372-a567-0e02b2c3d479\",\n * startFrom: \"doc_prev123\"\n * })\n */\n listDocuments(request = {}, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__listDocuments(request, requestOptions));\n }\n async __listDocuments(request = {}, requestOptions) {\n const { userId, orgId, clientId, folderId, startFrom, limit } = request;\n const _queryParams = {\n userId,\n orgId,\n clientId,\n folderId,\n startFrom,\n limit\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/documents\"\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/documents\");\n }\n /**\n * Creates a document from a raw text string and queues it for asynchronous indexing so it becomes searchable. Requires the `documents:c` scope.\n *\n * @param {Vectros.DocumentRequest} request\n * @param {DocumentsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n *\n * @example\n * await client.documents.ingestDocument({\n * title: \"Patient Intake Form \\u2014 Jane Doe\"\n * })\n */\n ingestDocument(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__ingestDocument(request, requestOptions));\n }\n async __ingestDocument(request, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/documents\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/documents\");\n }\n /**\n * Returns a single document by its ID, including its full structured payload. Requires the `documents:r` scope.\n *\n * @param {Vectros.GetDocumentRequest} request\n * @param {DocumentsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.documents.getDocument({\n * id: \"id\"\n * })\n */\n getDocument(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getDocument(request, requestOptions));\n }\n async __getDocument(request, requestOptions) {\n const { id } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/documents/${url_exports.encodePathParam(id)}`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/documents/{id}\");\n }\n /**\n * Replaces the mutable fields of a document. This is a full replacement of the payload — to merge fields instead, use PATCH. If you supply new `text`, the document body is re-ingested and re-queued for indexing. Requires the `documents:u` scope.\n *\n * @param {Vectros.UpdateDocumentRequest} request\n * @param {DocumentsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n * @throws {@link Vectros.NotFoundError}\n * @throws {@link Vectros.ConflictError}\n *\n * @example\n * await client.documents.updateDocument({\n * id: \"id\",\n * body: {\n * title: \"Patient Intake Form \\u2014 Jane Doe\"\n * }\n * })\n */\n updateDocument(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__updateDocument(request, requestOptions));\n }\n async __updateDocument(request, requestOptions) {\n const { id, body: _body } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/documents/${url_exports.encodePathParam(id)}`\n ),\n method: \"PUT\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: _body,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n case 409:\n throw new ConflictError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"PUT\", \"/v1/documents/{id}\");\n }\n /**\n * Permanently deletes the document and removes it from the search index. This cannot be undone. Requires the `documents:d` scope.\n *\n * @param {Vectros.DeleteDocumentRequest} request\n * @param {DocumentsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.documents.deleteDocument({\n * id: \"id\"\n * })\n */\n deleteDocument(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__deleteDocument(request, requestOptions));\n }\n async __deleteDocument(request, requestOptions) {\n const { id } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/documents/${url_exports.encodePathParam(id)}`\n ),\n method: \"DELETE\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: void 0, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"DELETE\", \"/v1/documents/{id}\");\n }\n /**\n * Partially updates a document using an RFC 7386 JSON Merge Patch. The `payload` object is deep-merged: keys you send overwrite existing values (recursing into nested objects), a key set to `null` is deleted, and keys you omit are preserved — unlike PUT, which replaces the whole payload. Top-level fields (`title`, `storeText`, `folderId`, `schemaId`, ownership) are set when present and left unchanged when omitted; sending a top-level field as `null` is rejected. Supplying `text` re-ingests the document body (same as PUT). `indexMode` and `externalId` are immutable and rejected if present. The merged result is validated against the bound schema. Pass `expectedVersion` for optimistic concurrency (409 on conflict). Requires the `documents:u` scope.\n *\n * @param {Vectros.PatchDocumentRequest} request\n * @param {DocumentsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n * @throws {@link Vectros.NotFoundError}\n * @throws {@link Vectros.ConflictError}\n *\n * @example\n * await client.documents.patchDocument({\n * id: \"id\",\n * body: {\n * title: \"Patient Intake Form \\u2014 Jane Doe\"\n * }\n * })\n */\n patchDocument(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__patchDocument(request, requestOptions));\n }\n async __patchDocument(request, requestOptions) {\n const { id, body: _body } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/documents/${url_exports.encodePathParam(id)}`\n ),\n method: \"PATCH\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: _body,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n case 409:\n throw new ConflictError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"PATCH\", \"/v1/documents/{id}\");\n }\n /**\n * Finds documents of a given type by a schema-declared lookup field. The document must be bound to a schema (via `schemaId`) that declares the field as a lookup field. A lookup on a sensitive field is rejected here, because the value would appear in the URL query string; use POST /v1/documents/lookup (the request-body variant) for a sensitive field instead. Results are paginated: set `limit` for the page size and feed the returned `nextCursor` back as `startFrom` to fetch the next page. The response is a `{data, nextCursor}` envelope. Requires the `documents:r` scope.\n *\n * @param {Vectros.LookupDocumentsRequest} request\n * @param {DocumentsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @example\n * await client.documents.lookupDocuments({\n * type: \"invoice\",\n * field: \"po_number\",\n * value: \"PO-1001\",\n * prefix: \"PO-2024\",\n * startFrom: \"550e8400-e29b-41d4-a716-446655440000\"\n * })\n */\n lookupDocuments(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__lookupDocuments(request, requestOptions));\n }\n async __lookupDocuments(request, requestOptions) {\n const { type: type_, field, value, from: from_, to, prefix, startFrom, limit, order } = request;\n const _queryParams = {\n type: type_,\n field,\n value,\n from: from_,\n to,\n prefix,\n startFrom,\n limit,\n order: order != null ? order : void 0\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/documents/lookup\"\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/documents/lookup\");\n }\n /**\n * Request-body equivalent of GET /v1/documents/lookup. Use this when looking up by a sensitive field: the value travels in the request body (and is blind-indexed server-side) instead of the URL query string, so it never lands in access, CDN, or proxy logs. The GET variant rejects `value` for a sensitive field and directs you here. Requires the `documents:r` scope.\n *\n * @param {Vectros.DocumentLookupRequest} request\n * @param {DocumentsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n *\n * @example\n * await client.documents.lookupDocumentsByBody({\n * type: \"invoice\",\n * field: \"mrn\"\n * })\n */\n lookupDocumentsByBody(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__lookupDocumentsByBody(request, requestOptions));\n }\n async __lookupDocumentsByBody(request, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/documents/lookup\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/documents/lookup\");\n }\n /**\n * Returns a short-lived presigned S3 GET URL for the original uploaded file. Only available for file-backed documents (created via POST /v1/documents/upload); text-only documents return 400. Requires the `documents:r` scope.\n *\n * @param {Vectros.GetDocumentDownloadUrlRequest} request\n * @param {DocumentsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.documents.getDocumentDownloadUrl({\n * id: \"id\"\n * })\n */\n getDocumentDownloadUrl(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getDocumentDownloadUrl(request, requestOptions));\n }\n async __getDocumentDownloadUrl(request, requestOptions) {\n const { id } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/documents/${url_exports.encodePathParam(id)}/download`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/documents/{id}/download\");\n }\n /**\n * Returns the full extracted or ingested text body for documents that were stored with `storeText=true`. Returns 404 when the document does not exist or when no text is available (because `storeText` was false, or extraction has not yet completed). Requires the `documents:r` scope.\n *\n * @param {Vectros.GetDocumentTextRequest} request\n * @param {DocumentsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.documents.getDocumentText({\n * id: \"id\"\n * })\n */\n getDocumentText(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getDocumentText(request, requestOptions));\n }\n async __getDocumentText(request, requestOptions) {\n const { id } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/documents/${url_exports.encodePathParam(id)}/text`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/documents/{id}/text\");\n }\n /**\n * Returns the audit trail of changes (CREATE, UPDATE, DELETE) for a document. History is recorded only for documents bound to a schema that has audit history enabled (the default for typed documents); untyped documents have no version history. The response is a `{data, nextCursor}` envelope. Requires the `documents:r` scope.\n *\n * @param {Vectros.GetDocumentVersionsRequest} request\n * @param {DocumentsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.documents.getDocumentVersions({\n * id: \"6ba7b810-9dad-11d1-80b4-00c04fd430c8\"\n * })\n */\n getDocumentVersions(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getDocumentVersions(request, requestOptions));\n }\n async __getDocumentVersions(request, requestOptions) {\n const { id, startFrom } = request;\n const _queryParams = {\n startFrom\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/documents/${url_exports.encodePathParam(id)}/versions`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/documents/{id}/versions\");\n }\n /**\n * Starts a file-based document by returning a short-lived presigned S3 PUT URL. Upload the file bytes directly to `uploadUrl`; the document is then automatically queued for text extraction and asynchronous indexing. Requires the `documents:c` scope.\n *\n * @param {Vectros.FileUploadRequest} request\n * @param {DocumentsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n *\n * @example\n * await client.documents.uploadDocument({\n * fileName: \"patient_intake_2024_01_15.pdf\",\n * fileType: \"application/pdf\"\n * })\n */\n uploadDocument(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__uploadDocument(request, requestOptions));\n }\n async __uploadDocument(request, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/documents/upload\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/documents/upload\");\n }\n};\n\n// api/resources/folders/client/Client.ts\nvar FoldersClient = class {\n constructor(options) {\n this._options = normalizeClientOptionsWithAuth(options);\n }\n /**\n * Returns a paginated list of your folders. Pass `parentFolderId` to list the direct children of a specific folder (tree navigation); omit it for a flat list across your account. You can also filter by owner using `userId`, `orgId`, or `clientId`. Results are returned as a `{data, nextCursor}` envelope — pass `nextCursor` as `startFrom` to fetch the next page. Requires the `folders:r` scope.\n *\n * @param {Vectros.ListFoldersRequest} request\n * @param {FoldersClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @example\n * await client.folders.listFolders({\n * parentFolderId: \"f47ac10b-58cc-4372-a567-0e02b2c3d479\",\n * orgId: \"6ba7b810-9dad-11d1-80b4-00c04fd430c8\",\n * userId: \"550e8400-e29b-41d4-a716-446655440000\",\n * clientId: \"f47ac10b-58cc-4372-a567-0e02b2c3d479\",\n * startFrom: \"fld_prev123\"\n * })\n */\n listFolders(request = {}, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__listFolders(request, requestOptions));\n }\n async __listFolders(request = {}, requestOptions) {\n const { parentFolderId, orgId, userId, clientId, startFrom, limit } = request;\n const _queryParams = {\n parentFolderId,\n orgId,\n userId,\n clientId,\n startFrom,\n limit\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/folders\"\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/folders\");\n }\n /**\n * Creates a folder to organize your documents and records. If `parentFolderId` is omitted, the folder is created under your context's default root folder. Requires the `folders:c` scope.\n *\n * @param {Vectros.FolderRequest} request\n * @param {FoldersClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n *\n * @example\n * await client.folders.createFolder({\n * name: \"Patient Records 2024\"\n * })\n */\n createFolder(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__createFolder(request, requestOptions));\n }\n async __createFolder(request, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/folders\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/folders\");\n }\n /**\n * Retrieves a single folder by its ID. Requires the `folders:r` scope.\n *\n * @param {Vectros.GetFolderRequest} request\n * @param {FoldersClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.folders.getFolder({\n * id: \"id\"\n * })\n */\n getFolder(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getFolder(request, requestOptions));\n }\n async __getFolder(request, requestOptions) {\n const { id } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/folders/${url_exports.encodePathParam(id)}`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/folders/{id}\");\n }\n /**\n * Replaces a folder's name and description. Omitted fields are preserved (a null does not clear a field). The slug and parent folder are immutable and cannot be changed here. Requires the `folders:u` scope.\n *\n * @param {Vectros.UpdateFolderRequest} request\n * @param {FoldersClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.folders.updateFolder({\n * id: \"id\",\n * body: {\n * name: \"Patient Records 2024\"\n * }\n * })\n */\n updateFolder(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__updateFolder(request, requestOptions));\n }\n async __updateFolder(request, requestOptions) {\n const { id, body: _body } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/folders/${url_exports.encodePathParam(id)}`\n ),\n method: \"PUT\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: _body,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"PUT\", \"/v1/folders/{id}\");\n }\n /**\n * Permanently deletes a folder. The folder must be empty (contain no documents or sub-folders) and must not be protected. Your context's root folder is protected and cannot be deleted. Requires the `folders:d` scope.\n *\n * @param {Vectros.DeleteFolderRequest} request\n * @param {FoldersClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.folders.deleteFolder({\n * id: \"id\"\n * })\n */\n deleteFolder(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__deleteFolder(request, requestOptions));\n }\n async __deleteFolder(request, requestOptions) {\n const { id } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/folders/${url_exports.encodePathParam(id)}`\n ),\n method: \"DELETE\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: void 0, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"DELETE\", \"/v1/folders/{id}\");\n }\n /**\n * Partially updates a folder using an RFC 7386 JSON Merge Patch. The `name`, `description`, and ownership fields (`userId`, `orgId`, `clientId`) are applied when present and left unchanged when omitted; sending any of these as null is rejected, because clearing a field is not supported in this release (omit it instead). `slug` and `parentFolderId` are immutable — a folder cannot be re-slugged or moved via the API — and the request is rejected if either is present. Pass `expectedVersion` for optimistic concurrency (you get a 409 if the folder changed since you last read it). Requires the `folders:u` scope.\n *\n * @param {Vectros.PatchFolderRequest} request\n * @param {FoldersClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n * @throws {@link Vectros.NotFoundError}\n * @throws {@link Vectros.ConflictError}\n *\n * @example\n * await client.folders.patchFolder({\n * id: \"id\",\n * body: {\n * name: \"Patient Records 2024\"\n * }\n * })\n */\n patchFolder(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__patchFolder(request, requestOptions));\n }\n async __patchFolder(request, requestOptions) {\n const { id, body: _body } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/folders/${url_exports.encodePathParam(id)}`\n ),\n method: \"PATCH\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: _body,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n case 409:\n throw new ConflictError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"PATCH\", \"/v1/folders/{id}\");\n }\n /**\n * Returns the audit trail of changes (create, update, and delete events) for a folder, newest first. Folder version history is always recorded; there is no setting to turn it off. Results are returned as a `{data, nextCursor}` envelope — pass `nextCursor` as `startFrom` to fetch the next page. Requires the `folders:r` scope.\n *\n * @param {Vectros.GetFolderVersionsRequest} request\n * @param {FoldersClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.folders.getFolderVersions({\n * id: \"6ba7b810-9dad-11d1-80b4-00c04fd430c8\"\n * })\n */\n getFolderVersions(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getFolderVersions(request, requestOptions));\n }\n async __getFolderVersions(request, requestOptions) {\n const { id, startFrom } = request;\n const _queryParams = {\n startFrom\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/folders/${url_exports.encodePathParam(id)}/versions`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/folders/{id}/versions\");\n }\n};\n\n// api/resources/identity/client/Client.ts\nvar IdentityClient = class {\n constructor(options) {\n this._options = normalizeClientOptionsWithAuth(options);\n }\n /**\n * Returns a paginated list of clients in your account. Narrow the results with `orgId` or `userId`, or use `externalId` for an exact lookup by your own identifier. For schema-bound clients, you can also query by a schema-declared lookup field using `type`, `field`, and one lookup mode (`value` for equality, `from`/`to` for a range, or `prefix`). The response is a `{data, nextCursor}` envelope; pass `nextCursor` back as `startFrom` to fetch the next page. Requires the `clients:r` scope.\n *\n * @param {Vectros.ListClientsRequest} request\n * @param {IdentityClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @example\n * await client.identity.listClients({\n * orgId: \"6ba7b810-9dad-11d1-80b4-00c04fd430c8\",\n * userId: \"550e8400-e29b-41d4-a716-446655440000\",\n * externalId: \"patient_789\",\n * startFrom: \"f47ac10b-58cc-4372-a567-0e02b2c3d479\",\n * type: \"client_v1\",\n * field: \"industry\",\n * value: \"healthcare\",\n * prefix: \"health\"\n * })\n */\n listClients(request = {}, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__listClients(request, requestOptions));\n }\n async __listClients(request = {}, requestOptions) {\n const {\n orgId,\n userId,\n externalId,\n startFrom,\n limit,\n type: type_,\n field,\n value,\n from: from_,\n to,\n prefix,\n order\n } = request;\n const _queryParams = {\n orgId,\n userId,\n externalId,\n startFrom,\n limit,\n type: type_,\n field,\n value,\n from: from_,\n to,\n prefix,\n order: order != null ? order : void 0\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/clients\"\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/clients\");\n }\n /**\n * Creates a new client identity in your account. This call is idempotent on `externalId`: if a client with the same `externalId` already exists, the existing record is returned instead of creating a duplicate. Requires the `clients:c` scope.\n *\n * @param {Vectros.ClientRequest} request\n * @param {IdentityClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n *\n * @example\n * await client.identity.createClient({\n * externalId: \"patient_789\"\n * })\n */\n createClient(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__createClient(request, requestOptions));\n }\n async __createClient(request, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/clients\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/clients\");\n }\n /**\n * Returns a single client by its Vectros-assigned UUID. Requires the `clients:r` scope.\n *\n * @param {Vectros.GetClientRequest} request\n * @param {IdentityClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.identity.getClient({\n * id: \"f47ac10b-58cc-4372-a567-0e02b2c3d479\"\n * })\n */\n getClient(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getClient(request, requestOptions));\n }\n async __getClient(request, requestOptions) {\n const { id } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/clients/${url_exports.encodePathParam(id)}`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/clients/{id}\");\n }\n /**\n * Updates mutable fields on an existing client. Omitted fields are preserved (a null does not clear a field); when `payload` is supplied it replaces the stored payload in full rather than being deep-merged. Requires the `clients:u` scope.\n *\n * @param {Vectros.UpdateClientRequest} request\n * @param {IdentityClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.identity.updateClient({\n * id: \"id\",\n * body: {\n * externalId: \"patient_789\"\n * }\n * })\n */\n updateClient(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__updateClient(request, requestOptions));\n }\n async __updateClient(request, requestOptions) {\n const { id, body: _body } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/clients/${url_exports.encodePathParam(id)}`\n ),\n method: \"PUT\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: _body,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"PUT\", \"/v1/clients/{id}\");\n }\n /**\n * Permanently deletes the client. This action cannot be undone. Requires the `clients:d` scope.\n *\n * @param {Vectros.DeleteClientRequest} request\n * @param {IdentityClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.identity.deleteClient({\n * id: \"id\"\n * })\n */\n deleteClient(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__deleteClient(request, requestOptions));\n }\n async __deleteClient(request, requestOptions) {\n const { id } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/clients/${url_exports.encodePathParam(id)}`\n ),\n method: \"DELETE\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: void 0, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"DELETE\", \"/v1/clients/{id}\");\n }\n /**\n * Body-based equivalent of the `type`/`field`/`value` lookup on `GET /v1/clients`. Use this when looking up by a sensitive (blind-indexed) field: the value travels in the request body rather than the URL. The `GET` list rejects a sensitive field's value and directs you here. The response is a `{data, nextCursor}` envelope. Requires the `clients:r` scope.\n *\n * @param {Vectros.IdentityLookupRequest} request\n * @param {IdentityClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n *\n * @example\n * await client.identity.lookupClients({\n * type: \"person_v1\",\n * field: \"ssn\"\n * })\n */\n lookupClients(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__lookupClients(request, requestOptions));\n }\n async __lookupClients(request, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/clients/lookup\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/clients/lookup\");\n }\n /**\n * Returns the audit trail of changes to a client, newest first. Identity auditing is always on, so this history is always available; sensitive field values are redacted in each version. The response is a `{data, nextCursor}` envelope. Requires the `clients:r` scope.\n *\n * @param {Vectros.GetClientVersionsRequest} request\n * @param {IdentityClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.identity.getClientVersions({\n * id: \"id\"\n * })\n */\n getClientVersions(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getClientVersions(request, requestOptions));\n }\n async __getClientVersions(request, requestOptions) {\n const { id, startFrom } = request;\n const _queryParams = {\n startFrom\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/clients/${url_exports.encodePathParam(id)}/versions`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/clients/{id}/versions\");\n }\n /**\n * Returns a paginated list of organizations in your account. Filter by `userId` to return only the organizations owned by a specific user, or by `externalId` for an exact lookup using your own identifier. You can also query schema-declared lookup fields by supplying `type` and `field` together with one lookup mode (`value` for equality, `from`/`to` for a range, or `prefix`). Requires the `orgs:r` scope.\n *\n * @param {Vectros.ListOrgsRequest} request\n * @param {IdentityClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @example\n * await client.identity.listOrgs({\n * userId: \"550e8400-e29b-41d4-a716-446655440000\",\n * externalId: \"clinic_001\",\n * startFrom: \"6ba7b810-9dad-11d1-80b4-00c04fd430c8\",\n * type: \"org_v1\",\n * field: \"region\",\n * value: \"us-east\",\n * prefix: \"us-\"\n * })\n */\n listOrgs(request = {}, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__listOrgs(request, requestOptions));\n }\n async __listOrgs(request = {}, requestOptions) {\n const {\n userId,\n externalId,\n startFrom,\n limit,\n type: type_,\n field,\n value,\n from: from_,\n to,\n prefix,\n order\n } = request;\n const _queryParams = {\n userId,\n externalId,\n startFrom,\n limit,\n type: type_,\n field,\n value,\n from: from_,\n to,\n prefix,\n order: order != null ? order : void 0\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/orgs\"\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/orgs\");\n }\n /**\n * Creates a new organization in your account. This call is idempotent on `externalId`: if an organization with the same `externalId` already exists, the existing record is returned instead of creating a duplicate. Requires the `orgs:c` scope.\n *\n * @param {Vectros.OrgRequest} request\n * @param {IdentityClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n *\n * @example\n * await client.identity.createOrg({\n * externalId: \"clinic_001\"\n * })\n */\n createOrg(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__createOrg(request, requestOptions));\n }\n async __createOrg(request, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/orgs\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/orgs\");\n }\n /**\n * Retrieves a single organization by its Vectros-assigned ID, returning its current name, status, payload, and schema binding. Requires the `orgs:r` scope.\n *\n * @param {Vectros.GetOrgRequest} request\n * @param {IdentityClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.identity.getOrg({\n * id: \"6ba7b810-9dad-11d1-80b4-00c04fd430c8\"\n * })\n */\n getOrg(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getOrg(request, requestOptions));\n }\n async __getOrg(request, requestOptions) {\n const { id } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/orgs/${url_exports.encodePathParam(id)}`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/orgs/{id}\");\n }\n /**\n * Updates the mutable fields of an organization. Omitted fields are preserved (a null value does not clear a field), and the `payload` object is replaced in full when supplied rather than deep-merged. Requires the `orgs:u` scope.\n *\n * @param {Vectros.UpdateOrgRequest} request\n * @param {IdentityClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.identity.updateOrg({\n * id: \"id\",\n * body: {\n * externalId: \"clinic_001\"\n * }\n * })\n */\n updateOrg(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__updateOrg(request, requestOptions));\n }\n async __updateOrg(request, requestOptions) {\n const { id, body: _body } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/orgs/${url_exports.encodePathParam(id)}`\n ),\n method: \"PUT\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: _body,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"PUT\", \"/v1/orgs/{id}\");\n }\n /**\n * Permanently deletes an organization. This action cannot be undone. Requires the `orgs:d` scope.\n *\n * @param {Vectros.DeleteOrgRequest} request\n * @param {IdentityClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.identity.deleteOrg({\n * id: \"id\"\n * })\n */\n deleteOrg(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__deleteOrg(request, requestOptions));\n }\n async __deleteOrg(request, requestOptions) {\n const { id } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/orgs/${url_exports.encodePathParam(id)}`\n ),\n method: \"DELETE\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: void 0, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"DELETE\", \"/v1/orgs/{id}\");\n }\n /**\n * Looks up organizations by a schema-declared field value, with the search criteria sent in the request body instead of the URL. Use this when looking up by a sensitive field: the value travels in the body and is never exposed in the URL. This is the body-based equivalent of the `type`/`field`/`value` lookup on `GET /v1/orgs`, which rejects sensitive-field values and directs you here. Returns a `{data, nextCursor}` envelope. Requires the `orgs:r` scope.\n *\n * @param {Vectros.IdentityLookupRequest} request\n * @param {IdentityClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n *\n * @example\n * await client.identity.lookupOrgs({\n * type: \"person_v1\",\n * field: \"ssn\"\n * })\n */\n lookupOrgs(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__lookupOrgs(request, requestOptions));\n }\n async __lookupOrgs(request, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/orgs/lookup\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/orgs/lookup\");\n }\n /**\n * Returns the audit trail of changes made to an organization, newest first. Version history is always recorded for identity entities, and sensitive field values are redacted in the history. Requires the `orgs:r` scope.\n *\n * @param {Vectros.GetOrgVersionsRequest} request\n * @param {IdentityClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.identity.getOrgVersions({\n * id: \"id\"\n * })\n */\n getOrgVersions(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getOrgVersions(request, requestOptions));\n }\n async __getOrgVersions(request, requestOptions) {\n const { id, startFrom } = request;\n const _queryParams = {\n startFrom\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/orgs/${url_exports.encodePathParam(id)}/versions`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/orgs/{id}/versions\");\n }\n /**\n * Returns a paginated list of the users in your account. Pass `externalId` to look up a single user by your own identifier. To filter on schema-declared lookup fields, supply `type` and `field` together with one lookup mode: `value` (exact match), `from`+`to` (range), or `prefix`. Requires the `users:r` scope.\n *\n * @param {Vectros.ListUsersRequest} request\n * @param {IdentityClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @example\n * await client.identity.listUsers({\n * externalId: \"usr_12345\",\n * startFrom: \"550e8400-e29b-41d4-a716-446655440000\",\n * type: \"person_v1\",\n * field: \"team\",\n * value: \"engineering\",\n * prefix: \"eng\"\n * })\n */\n listUsers(request = {}, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__listUsers(request, requestOptions));\n }\n async __listUsers(request = {}, requestOptions) {\n const { externalId, startFrom, limit, type: type_, field, value, from: from_, to, prefix, order } = request;\n const _queryParams = {\n externalId,\n startFrom,\n limit,\n type: type_,\n field,\n value,\n from: from_,\n to,\n prefix,\n order: order != null ? order : void 0\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/users\"\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/users\");\n }\n /**\n * Creates a user identity in your account. The operation is idempotent on `externalId`: if a user with the same `externalId` already exists, the existing record is returned instead of creating a duplicate. Requires the `users:c` scope.\n *\n * @param {Vectros.UserRequest} request\n * @param {IdentityClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n *\n * @example\n * await client.identity.createUser({\n * externalId: \"usr_12345\"\n * })\n */\n createUser(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__createUser(request, requestOptions));\n }\n async __createUser(request, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/users\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/users\");\n }\n /**\n * Retrieves a single user by its Vectros-assigned ID. Requires the `users:r` scope.\n *\n * @param {Vectros.GetUserRequest} request\n * @param {IdentityClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.identity.getUser({\n * id: \"550e8400-e29b-41d4-a716-446655440000\"\n * })\n */\n getUser(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getUser(request, requestOptions));\n }\n async __getUser(request, requestOptions) {\n const { id } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/users/${url_exports.encodePathParam(id)}`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/users/{id}\");\n }\n /**\n * Updates mutable fields on an existing user (such as email, status, payload, or schema binding). The `type` field is immutable after creation. This endpoint also activates an invited user: a PUT that moves a PENDING user to ACTIVE and carries `inviteToken`, `externalSubject`, and `emailVerifiedAttestation=true` completes the invitation. Requires the `users:u` scope.\n *\n * @param {Vectros.UpdateUserRequest} request\n * @param {IdentityClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.identity.updateUser({\n * id: \"550e8400-e29b-41d4-a716-446655440000\",\n * body: {\n * externalId: \"usr_12345\"\n * }\n * })\n */\n updateUser(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__updateUser(request, requestOptions));\n }\n async __updateUser(request, requestOptions) {\n const { id, body: _body } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/users/${url_exports.encodePathParam(id)}`\n ),\n method: \"PUT\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: _body,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"PUT\", \"/v1/users/{id}\");\n }\n /**\n * Permanently deletes a user identity. This cannot be undone. If the user is a pending invitation, the associated access profile created for that invitation is also removed. Requires the `users:d` scope.\n *\n * @param {Vectros.DeleteUserRequest} request\n * @param {IdentityClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.identity.deleteUser({\n * id: \"550e8400-e29b-41d4-a716-446655440000\"\n * })\n */\n deleteUser(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__deleteUser(request, requestOptions));\n }\n async __deleteUser(request, requestOptions) {\n const { id } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/users/${url_exports.encodePathParam(id)}`\n ),\n method: \"DELETE\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: void 0, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"DELETE\", \"/v1/users/{id}\");\n }\n /**\n * Looks up users by a schema lookup field, with the query criteria carried in the request body rather than the URL. Use this when looking up by a sensitive (blind-indexed) field: the value is blind-indexed server-side and never appears in the URL, request logs, or proxies. The query semantics are identical to the GET /v1/users lookup, which rejects sensitive-field values and directs you here. Returns a page in the `{data, nextCursor}` envelope. Requires the `users:r` scope.\n *\n * @param {Vectros.IdentityLookupRequest} request\n * @param {IdentityClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n *\n * @example\n * await client.identity.lookupUsers({\n * type: \"person_v1\",\n * field: \"ssn\"\n * })\n */\n lookupUsers(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__lookupUsers(request, requestOptions));\n }\n async __lookupUsers(request, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/users/lookup\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/users/lookup\");\n }\n /**\n * Returns the audit trail of changes to a user, most recent first. Identity history is always recorded and always available. Sensitive field values are redacted in every historical version. Returns a page in the `{data, nextCursor}` envelope. Requires the `users:r` scope.\n *\n * @param {Vectros.GetUserVersionsRequest} request\n * @param {IdentityClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.identity.getUserVersions({\n * id: \"id\"\n * })\n */\n getUserVersions(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getUserVersions(request, requestOptions));\n }\n async __getUserVersions(request, requestOptions) {\n const { id, startFrom } = request;\n const _queryParams = {\n startFrom\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/users/${url_exports.encodePathParam(id)}/versions`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/users/{id}/versions\");\n }\n};\n\n// api/resources/inference/client/Client.ts\nvar InferenceClient = class {\n constructor(options) {\n this._options = normalizeClientOptionsWithAuth(options);\n }\n /**\n * Returns every inference model available to you, including each model's context window, the plan tiers it's available on, and the exact credit rates charged per 1K input and output tokens. Use this to populate model pickers and to validate a request before calling `/v1/chat`, `/v1/rag`, or `/v1/documents/{id}/ask`.\n *\n * @param {InferenceClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @example\n * await client.inference.listInferenceModels()\n */\n listInferenceModels(requestOptions) {\n return HttpResponsePromise.fromPromise(this.__listInferenceModels(requestOptions));\n }\n async __listInferenceModels(requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/models\"\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/models\");\n }\n /**\n * Streams a model response as Server-Sent Events (SSE). Send the full conversation history in the `messages` array; a message with role `system` is extracted and used as the system prompt. Token cost is debited from your pre-paid inference balance (in cents), and a small per-call flat fee is debited from your monthly platform credit allowance. Requires the `inference:r` scope.\n */\n chatInference(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__chatInference(request, requestOptions));\n }\n async __chatInference(request, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/chat\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n responseType: \"sse\",\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return {\n data: new Stream({\n stream: _response.body,\n parse: (data) => data,\n signal: requestOptions?.abortSignal,\n eventShape: {\n type: \"sse\"\n }\n }),\n rawResponse: _response.rawResponse\n };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 401:\n throw new UnauthorizedError(_response.error.body, _response.rawResponse);\n case 402:\n throw new PaymentRequiredError(_response.error.body, _response.rawResponse);\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 429:\n throw new TooManyRequestsError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/chat\");\n }\n /**\n * Loads a single document's extracted text, supplies it as context, and streams a model answer about it. The document must be fully indexed. If the document exceeds the 32K-token cap, the call returns 413 with no credits charged — use `POST /v1/rag` instead to answer over larger or multi-document collections. Requires the `inference:r` scope.\n */\n documentAsk(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__documentAsk(request, requestOptions));\n }\n async __documentAsk(request, requestOptions) {\n const { id, ..._body } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/documents/${url_exports.encodePathParam(id)}/ask`\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: _body,\n responseType: \"sse\",\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return {\n data: new Stream({\n stream: _response.body,\n parse: (data) => data,\n signal: requestOptions?.abortSignal,\n eventShape: {\n type: \"sse\"\n }\n }),\n rawResponse: _response.rawResponse\n };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 401:\n throw new UnauthorizedError(_response.error.body, _response.rawResponse);\n case 402:\n throw new PaymentRequiredError(_response.error.body, _response.rawResponse);\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n case 409:\n throw new ConflictError(_response.error.body, _response.rawResponse);\n case 413:\n throw new ContentTooLargeError(_response.error.body, _response.rawResponse);\n case 429:\n throw new TooManyRequestsError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/documents/{id}/ask\");\n }\n /**\n * Runs hybrid search over your indexed content, then streams a model answer grounded in the top results. The SSE stream emits a `search_results` event first (carrying the matched results and their metadata), an optional `truncation_warning` if lower-scoring results were dropped to fit the model's context window, then `content_delta` chunks, and finally a terminal `done` event. Requires the `inference:r` scope.\n */\n ragInference(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__ragInference(request, requestOptions));\n }\n async __ragInference(request, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/rag\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n responseType: \"sse\",\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return {\n data: new Stream({\n stream: _response.body,\n parse: (data) => data,\n signal: requestOptions?.abortSignal,\n eventShape: {\n type: \"sse\"\n }\n }),\n rawResponse: _response.rawResponse\n };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 401:\n throw new UnauthorizedError(_response.error.body, _response.rawResponse);\n case 402:\n throw new PaymentRequiredError(_response.error.body, _response.rawResponse);\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 429:\n throw new TooManyRequestsError(_response.error.body, _response.rawResponse);\n case 500:\n throw new InternalServerError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/rag\");\n }\n};\n\n// api/resources/records/client/Client.ts\nvar RecordsClient = class {\n constructor(options) {\n this._options = normalizeClientOptionsWithAuth(options);\n }\n /**\n * Reserved endpoint for fetching multiple records by ID in one call. When available, the response will contain only the records you can see; any IDs that do not exist or are outside your scope are silently omitted (there is no per-ID existence signal), matching the not-found behavior of the single-record GET. It currently returns 501 (not implemented). The documented 200 response schema is the stable shape this endpoint will use once available. Requires the `records:r` scope.\n *\n * @param {Vectros.BatchGetRequest} request\n * @param {RecordsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotImplementedError}\n *\n * @example\n * await client.records.batchGetRecords()\n */\n batchGetRecords(request = {}, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__batchGetRecords(request, requestOptions));\n }\n async __batchGetRecords(request = {}, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/records/batch-get\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 501:\n throw new NotImplementedError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/records/batch-get\");\n }\n /**\n * Reserved endpoint for batch lookup and reference resolution. The published response shape correlates results to each input and carries a per-item status envelope. It currently returns 501 (not implemented). The documented 200 response schema is the stable shape this endpoint will use once available. Requires the `records:r` scope.\n *\n * @param {Vectros.BatchLookupRequest} request\n * @param {RecordsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotImplementedError}\n *\n * @example\n * await client.records.batchLookupRecords()\n */\n batchLookupRecords(request = {}, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__batchLookupRecords(request, requestOptions));\n }\n async __batchLookupRecords(request = {}, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/records/lookup/batch\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 501:\n throw new NotImplementedError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/records/lookup/batch\");\n }\n /**\n * Reserved endpoint for bulk record writes. The published response shape includes a per-item partial-failure envelope and an atomicity flag. It currently returns 501 (not implemented). The documented 200 response schema is the stable shape this endpoint will use once available, published now so SDK integrations against it will not break when it ships. Requires the `records:c` scope.\n *\n * @param {Vectros.BatchWriteRequest} request\n * @param {RecordsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.ForbiddenError}\n * @throws {@link Vectros.NotImplementedError}\n *\n * @example\n * await client.records.batchWriteRecords()\n */\n batchWriteRecords(request = {}, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__batchWriteRecords(request, requestOptions));\n }\n async __batchWriteRecords(request = {}, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/records/batch\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n case 501:\n throw new NotImplementedError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/records/batch\");\n }\n /**\n * Returns a paginated list of records in your account as a `{data, nextCursor}` page. Supply exactly one of `type`, `folderId`, or `recent=true` to choose the mode: `type` lists all records of a single type; `folderId` lists all records in a folder (any type); and `recent=true` returns the account-wide recently-updated feed across all types, newest first. You may combine `type` with `folderId` to list a single type within a folder. The owner filters (`userId`, `orgId`, `clientId`) further narrow the type and folder modes; the `recent` feed is standalone and ignores all filters. Each token only sees the record types it is scoped to read. Requires the `records:r` scope. By default the response returns the indexed projection of each record; set `includePayload=true` to include full payloads.\n *\n * @param {Vectros.ListRecordsRequest} request\n * @param {RecordsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @example\n * await client.records.listRecords({\n * type: \"intake_form\",\n * folderId: \"f47ac10b-58cc-4372-a567-0e02b2c3d479\",\n * userId: \"550e8400-e29b-41d4-a716-446655440000\",\n * orgId: \"6ba7b810-9dad-11d1-80b4-00c04fd430c8\",\n * clientId: \"f47ac10b-58cc-4372-a567-0e02b2c3d479\",\n * startFrom: \"550e8400-e29b-41d4-a716-446655440000\"\n * })\n */\n listRecords(request = {}, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__listRecords(request, requestOptions));\n }\n async __listRecords(request = {}, requestOptions) {\n const { type: type_, folderId, userId, orgId, clientId, startFrom, limit, includePayload, recent } = request;\n const _queryParams = {\n type: type_,\n folderId,\n userId,\n orgId,\n clientId,\n startFrom,\n limit,\n includePayload,\n recent\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/records\"\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/records\");\n }\n /**\n * Creates a new record of a given type. The `payload` is validated against that type's schema before the record is stored. Identify the type by sending `typeName`, `schemaId`, or both (they must agree); if you send only `schemaId`, the type is taken from that schema. Optionally supply an `externalId` to make the create idempotent — if a record with the same `externalId` already exists in your context, that existing record is returned unchanged instead of a duplicate being created. Requires the `records:c:<type>` scope.\n *\n * @param {Vectros.RecordRequest} request\n * @param {RecordsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n * @throws {@link Vectros.ForbiddenError}\n *\n * @example\n * await client.records.createRecord({\n * typeName: \"intake_form\",\n * schemaId: \"6ba7b810-9dad-11d1-80b4-00c04fd430c8\",\n * payload: {\n * \"first_name\": \"Jane\",\n * \"email\": \"jane@example.com\"\n * },\n * folderId: \"f47ac10b-58cc-4372-a567-0e02b2c3d479\"\n * })\n */\n createRecord(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__createRecord(request, requestOptions));\n }\n async __createRecord(request, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/records\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/records\");\n }\n /**\n * Retrieves a single record by its Vectros-assigned ID, including its full payload (payloads that were externalized to object storage are rehydrated for this response). Sensitive fields are masked according to the record's schema. Requires the `records:r:<type>` scope. A record outside your account or scope returns 404 (not found) rather than revealing its existence.\n *\n * @param {Vectros.GetRecordRequest} request\n * @param {RecordsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.records.getRecord({\n * id: \"550e8400-e29b-41d4-a716-446655440000\"\n * })\n */\n getRecord(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getRecord(request, requestOptions));\n }\n async __getRecord(request, requestOptions) {\n const { id } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/records/${url_exports.encodePathParam(id)}`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/records/{id}\");\n }\n /**\n * Replaces a record's payload and mutable fields. This is a full replacement: the `payload` you send overwrites the existing payload entirely, so include every field you want to keep (use the PATCH endpoint to change only specific fields). `typeName` and `schemaId` are immutable and cannot be changed. The new payload is validated against the record's schema. Pass `expectedVersion` to make the update conditional on the record not having changed since you last read it (optimistic concurrency). Requires the `records:u:<type>` scope.\n *\n * @param {Vectros.UpdateRecordRequest} request\n * @param {RecordsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n * @throws {@link Vectros.NotFoundError}\n * @throws {@link Vectros.ConflictError}\n *\n * @example\n * await client.records.updateRecord({\n * id: \"550e8400-e29b-41d4-a716-446655440000\",\n * body: {}\n * })\n */\n updateRecord(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__updateRecord(request, requestOptions));\n }\n async __updateRecord(request, requestOptions) {\n const { id, body: _body } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/records/${url_exports.encodePathParam(id)}`\n ),\n method: \"PUT\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: _body,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n case 409:\n throw new ConflictError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"PUT\", \"/v1/records/{id}\");\n }\n /**\n * Permanently deletes a record. This is a hard delete: the record is removed and a tombstone plus an audit-trail entry are recorded (you can later retrieve the tombstone via `GET /v1/records/{id}/tombstone`). Requires the `records:d:<type>` scope.\n *\n * @param {Vectros.DeleteRecordRequest} request\n * @param {RecordsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.records.deleteRecord({\n * id: \"550e8400-e29b-41d4-a716-446655440000\"\n * })\n */\n deleteRecord(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__deleteRecord(request, requestOptions));\n }\n async __deleteRecord(request, requestOptions) {\n const { id } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/records/${url_exports.encodePathParam(id)}`\n ),\n method: \"DELETE\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: void 0, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"DELETE\", \"/v1/records/{id}\");\n }\n /**\n * Partially updates a record using an RFC 7386 JSON Merge Patch. The `payload` object is deep-merged into the existing payload: keys you send overwrite (recursing into nested objects), a key set to null is deleted, and keys you omit are left unchanged — so you can change a single field without re-sending the rest (unlike the full-replacement PUT). Top-level fields (`status`, `folderId`, `userId`, `orgId`, `clientId`) are set when present and left unchanged when omitted; sending a top-level field as null is rejected (clearing a top-level field is not supported in this release — omit it instead). `typeName`, `schemaId`, `externalId`, and `indexMode` are immutable and rejected if present. The merged result is validated against the schema. Pass `expectedVersion` to make the patch conditional (optimistic concurrency, 409 on conflict). Requires the `records:u:<type>` scope.\n *\n * @param {Vectros.PatchRecordRequest} request\n * @param {RecordsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n * @throws {@link Vectros.NotFoundError}\n * @throws {@link Vectros.ConflictError}\n *\n * @example\n * await client.records.patchRecord({\n * id: \"550e8400-e29b-41d4-a716-446655440000\",\n * body: {\n * payload: {\n * \"status\": \"done\"\n * },\n * expectedVersion: 5\n * }\n * })\n */\n patchRecord(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__patchRecord(request, requestOptions));\n }\n async __patchRecord(request, requestOptions) {\n const { id, body: _body } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/records/${url_exports.encodePathParam(id)}`\n ),\n method: \"PATCH\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: _body,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n case 409:\n throw new ConflictError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"PATCH\", \"/v1/records/{id}\");\n }\n /**\n * Finds records by the value of a lookup field declared on the type's schema. Provide exactly one lookup mode: `value` (exact match), `from`+`to` (inclusive range, ascending by value), or `prefix` (string fields only, ascending). Range and prefix lookups are not supported on a sensitive field, because its value is stored as a blind index and has no sortable order. An exact-`value` lookup on a sensitive field is also rejected on this GET endpoint — the value must not appear in the URL — so use the `POST /v1/records/lookup` body variant for sensitive fields. Results are paginated: set `limit` for the page size and pass the returned `nextCursor` back as `startFrom` for the next page. Requires the `records:r:<type>` scope.\n *\n * @param {Vectros.LookupRecordsRequest} request\n * @param {RecordsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n *\n * @example\n * await client.records.lookupRecords({\n * type: \"intake_form\",\n * field: \"email\",\n * value: \"jane@example.com\",\n * prefix: \"jane\",\n * startFrom: \"550e8400-e29b-41d4-a716-446655440000\"\n * })\n */\n lookupRecords(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__lookupRecords(request, requestOptions));\n }\n async __lookupRecords(request, requestOptions) {\n const { type: type_, field, value, from: from_, to, prefix, startFrom, limit, includePayload, order } = request;\n const _queryParams = {\n type: type_,\n field,\n value,\n from: from_,\n to,\n prefix,\n startFrom,\n limit,\n includePayload,\n order: order != null ? order : void 0\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/records/lookup\"\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/records/lookup\");\n }\n /**\n * Body-based equivalent of `GET /v1/records/lookup`. Use this when looking up by a sensitive field: the value travels in the request body (and is blind-indexed server-side) instead of in the URL query string, so it never lands in access, CDN, or proxy logs. The GET variant rejects an exact-value lookup on a sensitive field and directs you here. Non-sensitive exact-value, range (`from`+`to`), and prefix lookups also work here. Returns the same `{data, nextCursor}` envelope and uses the same pagination as the GET variant. Requires the `records:r:<type>` scope.\n *\n * @param {Vectros.RecordLookupRequest} request\n * @param {RecordsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n *\n * @example\n * await client.records.lookupRecordsByBody({\n * type: \"intake_form\",\n * field: \"ssn\"\n * })\n */\n lookupRecordsByBody(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__lookupRecordsByBody(request, requestOptions));\n }\n async __lookupRecordsByBody(request, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/records/lookup\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/records/lookup\");\n }\n /**\n * Returns the tombstone left behind when a record was hard-deleted, confirming the deletion and recording when it happened. Look it up using the deleted record's original ID. Requires the `records:r:<type>` scope.\n *\n * @param {Vectros.GetRecordTombstoneRequest} request\n * @param {RecordsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.records.getRecordTombstone({\n * id: \"id\"\n * })\n */\n getRecordTombstone(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getRecordTombstone(request, requestOptions));\n }\n async __getRecordTombstone(request, requestOptions) {\n const { id } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/records/${url_exports.encodePathParam(id)}/tombstone`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/records/{id}/tombstone\");\n }\n /**\n * Returns the audit trail of past versions for a record, as a paginated `{data, nextCursor}` page. This is available only when the record type's schema has audit history enabled (the default); if it is disabled, the endpoint returns 409. Requires the `records:r:<type>` scope.\n *\n * @param {Vectros.GetRecordVersionsRequest} request\n * @param {RecordsClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n * @throws {@link Vectros.ConflictError}\n *\n * @example\n * await client.records.getRecordVersions({\n * id: \"550e8400-e29b-41d4-a716-446655440000\"\n * })\n */\n getRecordVersions(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getRecordVersions(request, requestOptions));\n }\n async __getRecordVersions(request, requestOptions) {\n const { id, startFrom } = request;\n const _queryParams = {\n startFrom\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/records/${url_exports.encodePathParam(id)}/versions`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n case 409:\n throw new ConflictError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/records/{id}/versions\");\n }\n};\n\n// api/resources/schemas/client/Client.ts\nvar SchemasClient = class {\n constructor(options) {\n this._options = normalizeClientOptionsWithAuth(options);\n }\n /**\n * Returns a paginated list of the record schemas defined in your account. Filter by `userId` or `orgId` to scope to an owner, by `surface` to list the types bindable to one surface, or by `recordType` to resolve the single schema for a type directly. Filtering by an identity surface (user, org, or client) lists your account-wide identity schemas regardless of the calling context; filtering by record or document lists within the calling context. Requires the `schemas:r` scope.\n *\n * @param {Vectros.ListSchemasRequest} request\n * @param {SchemasClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @example\n * await client.schemas.listSchemas({\n * userId: \"550e8400-e29b-41d4-a716-446655440000\",\n * orgId: \"6ba7b810-9dad-11d1-80b4-00c04fd430c8\",\n * surface: \"document\",\n * recordType: \"intake_form\",\n * startFrom: \"6ba7b810-9dad-11d1-80b4-00c04fd430c8\"\n * })\n */\n listSchemas(request = {}, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__listSchemas(request, requestOptions));\n }\n async __listSchemas(request = {}, requestOptions) {\n const { userId, orgId, surface, recordType, startFrom, limit } = request;\n const _queryParams = {\n userId,\n orgId,\n surface,\n recordType,\n startFrom,\n limit\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/schemas\"\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/schemas\");\n }\n /**\n * Defines a new record type with optional field definitions, validation rules, and lookup indexes. Idempotent by `typeName` within the same ownership scope: re-creating an existing `typeName` returns the existing schema rather than failing. Requires the `schemas:w` scope.\n *\n * @param {Vectros.SchemaRequest} request\n * @param {SchemasClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n *\n * @example\n * await client.schemas.createSchema({\n * typeName: \"intake_form\",\n * displayName: \"Client Intake Form\",\n * description: \"Captures initial client information\",\n * fields: [{\n * fieldId: \"first_name\",\n * fieldType: \"string\",\n * required: true,\n * searchable: true\n * }, {\n * fieldId: \"email\",\n * fieldType: \"string\",\n * required: true\n * }],\n * lookupFields: [{\n * fieldName: \"email\",\n * unique: true\n * }],\n * capabilities: {\n * \"auditHistory\": true\n * },\n * allowedSurfaces: [\"record\"]\n * })\n */\n createSchema(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__createSchema(request, requestOptions));\n }\n async __createSchema(request, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/schemas\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/schemas\");\n }\n /**\n * Retrieves a single record schema by its id. Requires the `schemas:r` scope.\n *\n * @param {Vectros.GetSchemaRequest} request\n * @param {SchemasClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.schemas.getSchema({\n * id: \"6ba7b810-9dad-11d1-80b4-00c04fd430c8\"\n * })\n */\n getSchema(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getSchema(request, requestOptions));\n }\n async __getSchema(request, requestOptions) {\n const { id } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/schemas/${url_exports.encodePathParam(id)}`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/schemas/{id}\");\n }\n /**\n * Updates a record schema. Fields you omit are preserved; `typeName` is immutable and cannot be changed. Collection fields (`fields`, `lookupFields`, `renderHints`, `capabilities`) are replaced in full when supplied. Requires the `schemas:w` scope.\n *\n * @param {Vectros.UpdateSchemaRequest} request\n * @param {SchemasClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.schemas.updateSchema({\n * id: \"6ba7b810-9dad-11d1-80b4-00c04fd430c8\",\n * body: {\n * typeName: \"intake_form\",\n * displayName: \"Client Intake Form\",\n * allowedSurfaces: [\"record\"]\n * }\n * })\n */\n updateSchema(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__updateSchema(request, requestOptions));\n }\n async __updateSchema(request, requestOptions) {\n const { id, body: _body } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/schemas/${url_exports.encodePathParam(id)}`\n ),\n method: \"PUT\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: _body,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"PUT\", \"/v1/schemas/{id}\");\n }\n /**\n * Permanently deletes a record schema. The request is refused with 409 if records of this type still exist — delete those records first, since every record must reference a live schema. Requires the `schemas:w` scope.\n *\n * @param {Vectros.DeleteSchemaRequest} request\n * @param {SchemasClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n * @throws {@link Vectros.ConflictError}\n *\n * @example\n * await client.schemas.deleteSchema({\n * id: \"6ba7b810-9dad-11d1-80b4-00c04fd430c8\"\n * })\n */\n deleteSchema(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__deleteSchema(request, requestOptions));\n }\n async __deleteSchema(request, requestOptions) {\n const { id } = request;\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/schemas/${url_exports.encodePathParam(id)}`\n ),\n method: \"DELETE\",\n headers: _headers,\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: void 0, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n case 409:\n throw new ConflictError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"DELETE\", \"/v1/schemas/{id}\");\n }\n /**\n * Returns the audit trail of changes to a record schema, newest first (create, update, and delete). Schema version history is always recorded — there is no per-schema toggle to disable it. Requires the `schemas:r` scope.\n *\n * @param {Vectros.GetSchemaVersionsRequest} request\n * @param {SchemasClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.NotFoundError}\n *\n * @example\n * await client.schemas.getSchemaVersions({\n * id: \"6ba7b810-9dad-11d1-80b4-00c04fd430c8\"\n * })\n */\n getSchemaVersions(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__getSchemaVersions(request, requestOptions));\n }\n async __getSchemaVersions(request, requestOptions) {\n const { id, startFrom } = request;\n const _queryParams = {\n startFrom\n };\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n `v1/schemas/${url_exports.encodePathParam(id)}/versions`\n ),\n method: \"GET\",\n headers: _headers,\n queryString: url_exports.queryBuilder().addMany(_queryParams).mergeAdditional(requestOptions?.queryParams).build(),\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 404:\n throw new NotFoundError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"GET\", \"/v1/schemas/{id}/versions\");\n }\n};\n\n// api/resources/search/client/Client.ts\nvar SearchClient = class {\n constructor(options) {\n this._options = normalizeClientOptionsWithAuth(options);\n }\n /**\n * Runs a hybrid, semantic, or text search across the content you have indexed. By default it returns both documents and records in a single unified result set; pass `contentTypes` to narrow the results (for example `[\"documents\"]`). Each result carries a `sourceType` discriminator (`PartnerDocument` or `GenericRecord`) so you can branch on the type. Requires the `search:r` scope.\n *\n * @param {Vectros.SearchRequest} request\n * @param {SearchClient.RequestOptions} requestOptions - Request-specific configuration.\n *\n * @throws {@link Vectros.BadRequestError}\n * @throws {@link Vectros.ForbiddenError}\n *\n * @example\n * await client.search.content({\n * query: \"patient intake form diabetes\"\n * })\n */\n content(request, requestOptions) {\n return HttpResponsePromise.fromPromise(this.__content(request, requestOptions));\n }\n async __content(request, requestOptions) {\n const _authRequest = await this._options.authProvider.getAuthRequest();\n const _headers = mergeHeaders(\n _authRequest.headers,\n this._options?.headers,\n requestOptions?.headers\n );\n const _response = await fetcher({\n url: url_exports.join(\n await Supplier.get(this._options.baseUrl) ?? await Supplier.get(this._options.environment),\n \"v1/search\"\n ),\n method: \"POST\",\n headers: _headers,\n contentType: \"application/json\",\n queryString: url_exports.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),\n requestType: \"json\",\n body: request,\n timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1e3,\n maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,\n abortSignal: requestOptions?.abortSignal,\n fetchFn: this._options?.fetch,\n logging: this._options.logging\n });\n if (_response.ok) {\n return { data: _response.body, rawResponse: _response.rawResponse };\n }\n if (_response.error.reason === \"status-code\") {\n switch (_response.error.statusCode) {\n case 400:\n throw new BadRequestError(_response.error.body, _response.rawResponse);\n case 403:\n throw new ForbiddenError(_response.error.body, _response.rawResponse);\n default:\n throw new VectrosError({\n statusCode: _response.error.statusCode,\n body: _response.error.body,\n rawResponse: _response.rawResponse\n });\n }\n }\n return handleNonStatusCodeError(_response.error, _response.rawResponse, \"POST\", \"/v1/search\");\n }\n};\n\n// Client.ts\nvar VectrosClient = class {\n constructor(options) {\n this._options = normalizeClientOptionsWithAuth(options);\n }\n get auth() {\n return this._auth ?? (this._auth = new AuthClient(this._options));\n }\n get identity() {\n return this._identity ?? (this._identity = new IdentityClient(this._options));\n }\n get documents() {\n return this._documents ?? (this._documents = new DocumentsClient(this._options));\n }\n get compliance() {\n return this._compliance ?? (this._compliance = new ComplianceClient(this._options));\n }\n get folders() {\n return this._folders ?? (this._folders = new FoldersClient(this._options));\n }\n get inference() {\n return this._inference ?? (this._inference = new InferenceClient(this._options));\n }\n get records() {\n return this._records ?? (this._records = new RecordsClient(this._options));\n }\n get schemas() {\n return this._schemas ?? (this._schemas = new SchemasClient(this._options));\n }\n get search() {\n return this._search ?? (this._search = new SearchClient(this._options));\n }\n /**\n * Make a passthrough request using the SDK's configured auth, retry, logging, etc.\n * This is useful for making requests to endpoints not yet supported in the SDK.\n * The input can be a URL string, URL object, or Request object. Relative paths are resolved against the configured base URL.\n *\n * @param {Request | string | URL} input - The URL, path, or Request object.\n * @param {RequestInit} init - Standard fetch RequestInit options.\n * @param {core.PassthroughRequest.RequestOptions} requestOptions - Per-request overrides (timeout, retries, headers, abort signal).\n * @returns {Promise<Response>} A standard Response object.\n */\n async fetch(input, init, requestOptions) {\n return makePassthroughRequest(\n input,\n init,\n {\n baseUrl: this._options.baseUrl ?? this._options.environment,\n headers: this._options.headers,\n timeoutInSeconds: this._options.timeoutInSeconds,\n maxRetries: this._options.maxRetries,\n fetch: this._options.fetch,\n logging: this._options.logging,\n getAuthHeaders: async () => (await this._options.authProvider.getAuthRequest()).headers\n },\n requestOptions\n );\n }\n};\n\n// core/logging/exports.ts\nvar logging;\n((logging2) => {\n logging2.LogLevel = LogLevel;\n logging2.ConsoleLogger = ConsoleLogger;\n})(logging || (logging = {}));\nexport {\n api_exports as Vectros,\n VectrosClient,\n VectrosError,\n VectrosTimeoutError,\n logging\n};\n","/**\n * Blueprint format + STRUCTURAL validation.\n *\n * A blueprint is a versioned, reviewed bundle: a schema set + a\n * least-privilege AccessProfile + a service principal + optional seed\n * data, all with stable identifiers so a loader re-run converges instead\n * of duplicating.\n *\n * This package owns the FORMAT + structural (zod) validation ONLY. The\n * security boundary — the scope gate that bounds a blueprint's requested\n * `allowedActions` to data-plane-only — lives in the CLI binary\n * (`@vectros-ai/cli`), NOT here: blueprints are untrusted input, and the\n * trust boundary is the binary that mints.\n *\n * The blueprint's stable id is `name` (renamed from the v0.3-internal\n * `pack` field during a later split — no shipped consumers).\n */\nimport { z } from 'zod';\n\n// AppContext contextId rule mirrors the backend (3-31 chars, starts with a\n// lowercase letter, then lowercase letters/digits/dashes).\nconst CONTEXT_ID_RE = /^[a-z][a-z0-9-]{2,30}$/;\n\n// Field-level validation rules — mirrors the platform `ValidationRules`\n// (platform/common-core/.../template/ValidationRules.java). Passed straight\n// through to `SchemaRequest.FieldDef.validation` so the backend enforces them.\n// `.strict()` so an unknown rule key is a clear authoring error, not a silent\n// no-op (the platform tolerates extra keys, but our format should teach).\nconst ValidationRulesSchema = z\n .object({\n required: z.boolean().optional(),\n minLength: z.number().int().optional(),\n maxLength: z.number().int().optional(),\n min: z.number().int().optional(),\n max: z.number().int().optional(),\n pattern: z.string().optional(),\n email: z.boolean().optional(),\n url: z.boolean().optional(),\n phone: z.boolean().optional(),\n step: z.number().int().optional(),\n multipleOf: z.number().int().optional(),\n minItems: z.number().int().optional(),\n maxItems: z.number().int().optional(),\n })\n .strict();\n\n// Per-field render hints — authored field-by-field for readability; the loader\n// pivots them into the schema-level `renderHints` map keyed by fieldId that the\n// platform `SchemaRequest.renderHints` (RenderHintDef) expects.\nconst RenderHintsSchema = z\n .object({\n label: z.string().optional(),\n widget: z.enum(['text', 'textarea', 'select', 'date', 'checkbox']).optional(),\n order: z.number().int().optional(),\n section: z.string().optional(),\n helpText: z.string().optional(),\n // Marks this field as the record's headline (display) field — the linked\n // primary column in the records list + the title on the detail view. At most\n // one per schema (the platform takes the first by order). Format passthrough →\n // SchemaRequest.renderHints[fieldId].displayField.\n displayField: z.boolean().optional(),\n })\n .strict();\n\nconst BlueprintFieldDefSchema = z\n .object({\n fieldId: z.string().min(1),\n fieldType: z.string().min(1),\n required: z.boolean().optional(),\n searchable: z.boolean().optional(),\n filterable: z.boolean().optional(),\n enumValues: z.array(z.string()).optional(),\n description: z.string().optional(),\n // NEW (format passthrough) — the loader stopped dropping these.\n validation: ValidationRulesSchema.optional(),\n renderHints: RenderHintsSchema.optional(),\n // Marks the field as sensitive (PHI/PII): the platform redacts it from\n // logs/audit/errors AT WRITE TIME, blind-indexes it for lookups, EXCLUDES it\n // from the search index, and masks it in responses unless the token carries\n // the `s` reveal scope for this record type (SchemaRequest.FieldDef.sensitive).\n // Format passthrough — the loader forwards it to createSchema. Default false.\n sensitive: z.boolean().optional(),\n // Reference-field surface — a typed foreign-key link to another record. The\n // platform (SchemaRequest.FieldDef) requires BOTH targetTypeName AND\n // targetSurface on a reference field; the blueprint format uses the SAME names\n // as the SDK so they forward 1:1, and the loader provisions a real reference.\n // (Write-time existence enforcement is on by default platform-side; the target\n // must exist when a referencing record is written — order your seed accordingly.)\n targetTypeName: z.string().min(1).optional(),\n // The field on the target record used to resolve the link; defaults (platform\n // side) to the target's externalId/lookup key when omitted. Must name a UNIQUE\n // lookup on the target type.\n targetField: z.string().min(1).optional(),\n // Which surface the target lives on. REQUIRED on a reference field: the same\n // typeName can exist on more than one surface, so this disambiguates which\n // lookup resolves the link (SchemaRequest.FieldDef.targetSurface).\n targetSurface: z.enum(['record', 'document', 'user', 'org', 'client']).optional(),\n cardinality: z.enum(['one', 'many']).optional(),\n })\n .strict()\n .superRefine((field, ctx) => {\n const isReference = field.fieldType === 'reference';\n const hasRefKeys =\n field.targetTypeName !== undefined ||\n field.targetField !== undefined ||\n field.targetSurface !== undefined ||\n field.cardinality !== undefined;\n if (isReference && field.targetTypeName === undefined) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n path: ['targetTypeName'],\n message: \"a 'reference' field requires 'targetTypeName' (the typeName it points to)\",\n });\n }\n if (isReference && field.targetSurface === undefined) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n path: ['targetSurface'],\n message:\n \"a 'reference' field requires 'targetSurface' (which surface the target lives on: record | document | user | org | client)\",\n });\n }\n if (!isReference && hasRefKeys) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n path: ['fieldType'],\n message:\n \"targetTypeName/targetField/targetSurface/cardinality are only valid on a field with fieldType: 'reference'\",\n });\n }\n });\n\n// A lookup field is either a bare field name (back-compat) or an object form\n// that can additionally declare a uniqueness constraint, an ordered range/prefix\n// index, an exact-match sort key, or an opt-in past the fast-index budget. The\n// loader normalizes both to the partner-API `LookupDef` shape ([SV5]).\nconst BlueprintLookupFieldSchema = z.union([\n z.string().min(1),\n z\n .object({\n fieldName: z.string().min(1),\n unique: z.boolean().optional(),\n // Opt this field into ordered range + prefix lookups (from/to/prefix) on\n // top of exact match. Billed at the range-index rate; not valid on a\n // sensitive field (a blind index is not orderable). Locked at create.\n rangeEnabled: z.boolean().optional(),\n // Sort key for the exact-match index: 'createdAt' (default), 'lastUpdated',\n // or a declared field on this schema. Locked at create.\n sortBy: z.string().min(1).optional(),\n // Opt a field past the fixed fast-index budget into a higher-cost\n // secondary index. No effect on a field that fits within the budget.\n allowOverflow: z.boolean().optional(),\n })\n .strict(),\n]);\n\n// Schema capabilities — today just `auditHistory` (platform default true). We\n// surface it so a blueprint's audit posture is self-documenting + reviewable.\nconst BlueprintCapabilitiesSchema = z\n .object({\n auditHistory: z.boolean().optional(),\n })\n .strict();\n\nconst BlueprintSchemaSchema = z\n .object({\n typeName: z.string().min(1),\n displayName: z.string().min(1),\n description: z.string().optional(),\n indexMode: z.enum(['HYBRID', 'SEMANTIC', 'TEXT']).optional(),\n fields: z.array(BlueprintFieldDefSchema).default([]),\n lookupFields: z.array(BlueprintLookupFieldSchema).max(10).optional(),\n // Which typed surfaces may bind this schema. REQUIRED + non-empty on\n // the platform `SchemaRequest` (0.23+); the loader defaults it to ['record']\n // when a blueprint omits it (blueprints provision record types + seed records).\n allowedSurfaces: z.array(z.enum(['record', 'document', 'user', 'org', 'client'])).min(1).optional(),\n // NEW (format passthrough) — mirror the platform `SchemaRequest` shape 1:1.\n capabilities: BlueprintCapabilitiesSchema.optional(),\n // Whether the schema is active; inactive schemas reject new record creation.\n active: z.boolean().optional(),\n // Schema-level ownership defaults — flat, matching `SchemaRequest`\n // userId/orgId/clientId. With a scoped token these must be consistent with\n // the profile's dataScope (a cross-consistency lint is deferred to the lint slice).\n userId: z.string().min(1).optional(),\n orgId: z.string().min(1).optional(),\n clientId: z.string().min(1).optional(),\n })\n .strict();\n\nconst BlueprintAccessProfileSchema = z\n .object({\n // Validated structurally here; the SCOPE GATE (in @vectros-ai/cli) is\n // what enforces the data-plane-only security boundary.\n allowedActions: z.array(z.string().min(1)).min(1),\n // Optional ownership binding: { userId: [...], orgId: [...], clientId: [...] }.\n // A `null` element in a value list is the documented NULL SENTINEL — it\n // grants access to TENANT-LEVEL (owner-less) records IN ADDITION to the\n // listed owner ids. `null` is the literal matched value: a tenant-level\n // record has a genuinely-null ownership field, and the platform's scope\n // matcher tests `allowedValues.contains(null)` against the tenant-level\n // null sentinel (+ ScopeClause). e.g. `{ orgId: [\"org_x\", null] }` =\n // \"org_x's records AND tenant-shared records\". Omitting null restricts to\n // the listed owners ONLY (the key will NOT see tenant-level/seed records).\n dataScope: z.record(z.array(z.union([z.string().min(1), z.null()]))).optional(),\n })\n .strict();\n\n// A single role clause — mirrors the platform/SDK ScopeClause (allowedActions +\n// optional per-clause dataScope). Multi-clause roles let one role grant several\n// (action-set, data-scope) rules at once, evaluated per-clause server-side.\n// `${{ self.* }}` placeholders are legal in a clause's dataScope: they are a\n// RUNTIME sentinel the platform resolves per-principal at request time\n// — the install-time resolver leaves them literal (see inputs.ts),\n// and a top-level lint (BlueprintSchema) confines them to here.\nconst BlueprintRoleClauseSchema = z\n .object({\n allowedActions: z.array(z.string().min(1)).min(1),\n dataScope: z.record(z.array(z.union([z.string().min(1), z.null()]))).optional(),\n })\n .strict();\n\n// Optional top-level `roles`: a map of roleId → ordered clauses. Authored in the\n// blueprint and bound to principals via `vectros access grant --role <id>`.\n// DISTINCT from `accessProfile` (the least-privilege scope the bootstrap mints\n// for the blueprint's own service-principal key). Roles are identity-agnostic,\n// reusable, multi-clause rules (architecture §6).\nconst BlueprintRolesSchema = z.record(z.array(BlueprintRoleClauseSchema).min(1));\n\n// A declared identity — a principal the blueprint expects to exist, ensured\n// (idempotently, by externalId) at APPLY time by a creds-bearing pass (the CLI\n// install orchestrator). Referenced elsewhere via `${{ identities.<name> }}`,\n// which the install-time resolver leaves literal and the apply pass substitutes\n// with the resolved principal id. The schema is FORMAT/shape only; resolution\n// (resolveBlueprintIdentities) lives in identities.ts.\nconst IdentityDeclSchema = z\n .object({\n kind: z.enum(['user', 'org', 'client']),\n externalId: z.string().min(1),\n displayName: z.string().min(1).optional(),\n metadata: z.record(z.unknown()).optional(),\n })\n .strict();\n\n// Optional top-level `identities` block — a map of local name → declaration.\n// Exported so the apply-time resolver (identities.ts) validates the block too.\nexport const IdentitiesDeclSchema = z.record(IdentityDeclSchema);\n\nconst BlueprintServicePrincipalSchema = z\n .object({\n externalId: z.string().min(1),\n displayName: z.string().min(1),\n })\n .strict();\n\nconst BlueprintSeedRecordSchema = z\n .object({\n typeName: z.string().min(1),\n externalId: z.string().min(1),\n fields: z.record(z.unknown()),\n })\n .strict();\n\n// `${{ self.* }}` is a RUNTIME per-principal placeholder (platform-resolved at\n// request time). It is only meaningful inside a role clause's\n// dataScope; anywhere else in a blueprint it would never resolve. This walk\n// confines it there (teach-by-error), running on the already-input-resolved doc\n// (the install-time resolver leaves self tokens literal — see inputs.ts).\nconst SELF_TOKEN_RE = /\\$\\{\\{\\s*self\\.[A-Za-z_]\\w*\\s*\\}\\}/;\n\nfunction lintSelfTokenPlacement(value: unknown, ctx: z.RefinementCtx): void {\n const walk = (node: unknown, path: (string | number)[], inRoleDataScope: boolean): void => {\n if (typeof node === 'string') {\n if (!inRoleDataScope && SELF_TOKEN_RE.test(node)) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n path,\n message:\n \"'${{ self.* }}' is a runtime per-principal placeholder — it is only valid inside a roles[].dataScope value\",\n });\n }\n return;\n }\n if (Array.isArray(node)) {\n node.forEach((v, i) => walk(v, [...path, i], inRoleDataScope));\n return;\n }\n if (node && typeof node === 'object') {\n for (const [k, v] of Object.entries(node as Record<string, unknown>)) {\n // path === ['roles', <roleId>, <clauseIndex>] and key 'dataScope' opens\n // the only subtree where self.* is allowed.\n const entering =\n inRoleDataScope || (path.length === 3 && path[0] === 'roles' && k === 'dataScope');\n walk(v, [...path, k], entering);\n }\n }\n };\n walk(value, [], false);\n}\n\n// Every `${{ identities.<name> }}` reference must point at a declared identity in\n// the top-level `identities` block — caught offline (at validate/plan), before\n// the creds-bearing apply pass tries (and fails) to resolve an unknown name.\nconst IDENTITY_REF_RE = /\\$\\{\\{\\s*identities\\.([A-Za-z_]\\w*)\\s*\\}\\}/g;\n\nfunction lintIdentityRefsDeclared(value: unknown, ctx: z.RefinementCtx): void {\n const declared = new Set(\n value && typeof value === 'object' && 'identities' in value && (value as { identities?: unknown }).identities\n ? Object.keys((value as { identities: Record<string, unknown> }).identities)\n : [],\n );\n const walk = (node: unknown, path: (string | number)[]): void => {\n if (typeof node === 'string') {\n for (const m of node.matchAll(IDENTITY_REF_RE)) {\n if (!declared.has(m[1])) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n path,\n message: `'\\${{ identities.${m[1]} }}' references an undeclared identity — add '${m[1]}' to the top-level 'identities' block`,\n });\n }\n }\n return;\n }\n if (Array.isArray(node)) {\n node.forEach((v, i) => walk(v, [...path, i]));\n } else if (node && typeof node === 'object') {\n // Don't scan the declarations themselves (their values aren't token refs).\n for (const [k, v] of Object.entries(node as Record<string, unknown>)) {\n if (path.length === 0 && k === 'identities') continue;\n walk(v, [...path, k]);\n }\n }\n };\n walk(value, []);\n}\n\nexport const BlueprintSchema = z\n .object({\n /** Stable blueprint id (the `--blueprint <name>` selector + idempotency key). */\n name: z.string().min(1),\n version: z.string().min(1),\n description: z.string().min(1),\n /** The app-context the profile + scoped key bind to (e.g. \"mcp\"). */\n contextId: z.string().regex(CONTEXT_ID_RE, {\n message:\n \"contextId must be 3-31 chars, start with a lowercase letter, then lowercase letters/digits/dashes (e.g. 'mcp')\",\n }),\n /** Human-readable app-context name; defaults to `MCP — <name>` (see {@link contextNameOf}) when absent. */\n contextName: z.string().min(1).optional(),\n schemas: z.array(BlueprintSchemaSchema).default([]),\n accessProfile: BlueprintAccessProfileSchema,\n servicePrincipal: BlueprintServicePrincipalSchema,\n seed: z.array(BlueprintSeedRecordSchema).optional(),\n /** Optional multi-clause roles, bound to principals via `access grant --role`. */\n roles: BlueprintRolesSchema.optional(),\n /** Optional principals ensured-exist at apply; referenced via ${{ identities.* }}. */\n identities: IdentitiesDeclSchema.optional(),\n })\n .strict()\n .superRefine((bp, ctx) => {\n lintSelfTokenPlacement(bp, ctx);\n lintIdentityRefsDeclared(bp, ctx);\n });\n\nexport type Blueprint = z.infer<typeof BlueprintSchema>;\nexport type BlueprintFieldDef = z.infer<typeof BlueprintFieldDefSchema>;\nexport type BlueprintSchemaDef = z.infer<typeof BlueprintSchemaSchema>;\nexport type BlueprintSeedRecord = z.infer<typeof BlueprintSeedRecordSchema>;\nexport type BlueprintValidationRules = z.infer<typeof ValidationRulesSchema>;\nexport type BlueprintRenderHints = z.infer<typeof RenderHintsSchema>;\nexport type BlueprintLookupField = z.infer<typeof BlueprintLookupFieldSchema>;\nexport type BlueprintRoleClause = z.infer<typeof BlueprintRoleClauseSchema>;\nexport type BlueprintRoles = z.infer<typeof BlueprintRolesSchema>;\nexport type IdentityDecl = z.infer<typeof IdentityDeclSchema>;\nexport type IdentitiesDecl = z.infer<typeof IdentitiesDeclSchema>;\n\n/**\n * A single structural validation problem, flattened to a readable field path +\n * message. Exposed on {@link BlueprintValidationError.issues} so programmatic\n * callers (a future web authoring UI, CI annotations) get structure without\n * re-parsing the rendered message.\n */\nexport interface BlueprintIssue {\n /** Dotted/bracketed path, e.g. `schemas[0].fields[1].fieldType`, or `(root)`. */\n path: string;\n message: string;\n}\n\n/** Render a zod issue path (`['schemas', 0, 'fields', 1]`) → `schemas[0].fields[1]`. */\nfunction formatIssuePath(path: ReadonlyArray<string | number>): string {\n let out = '';\n for (const seg of path) {\n if (typeof seg === 'number') out += `[${seg}]`;\n else out += out.length ? `.${seg}` : seg;\n }\n return out.length ? out : '(root)';\n}\n\n/** Flatten a {@link z.ZodError} into readable, ordered {path, message} entries. */\nfunction toBlueprintIssues(error: z.ZodError): BlueprintIssue[] {\n return error.issues.map((i) => ({ path: formatIssuePath(i.path), message: i.message }));\n}\n\n/** Render issues into the multi-line, teach-by-error message body. */\nfunction renderIssues(issues: BlueprintIssue[]): string {\n return issues.map((i) => ` • ${i.path}: ${i.message}`).join('\\n');\n}\n\nexport class BlueprintValidationError extends Error {\n /**\n * Structured per-field issues. Populated for STRUCTURAL failures (a bad\n * shape); empty for a JSON/YAML *parse* failure (where there's no field path,\n * just a syntax error in {@link Error.message}).\n */\n readonly issues: BlueprintIssue[];\n constructor(message: string, issues: BlueprintIssue[] = []) {\n super(message);\n this.name = 'BlueprintValidationError';\n this.issues = issues;\n }\n}\n\n/**\n * Structurally parse + validate an untrusted blueprint object. Throws\n * {@link BlueprintValidationError} on a malformed shape — with a readable,\n * multi-line `path: message` body and the structured issues on `.issues`. Does\n * NOT run the scope gate — that's the CLI's job (the trust boundary).\n */\nexport function parseBlueprint(input: unknown): Blueprint {\n const result = BlueprintSchema.safeParse(input);\n if (!result.success) {\n const issues = toBlueprintIssues(result.error);\n throw new BlueprintValidationError(`Malformed blueprint:\\n${renderIssues(issues)}`, issues);\n }\n return result.data;\n}\n\n/**\n * Parse a blueprint from a JSON string (e.g. a file an agent assembled or\n * a community blueprint). Throws {@link BlueprintValidationError} on bad\n * JSON or a bad shape.\n */\nexport function parseBlueprintJson(json: string): Blueprint {\n let parsed: unknown;\n try {\n parsed = JSON.parse(json);\n } catch (err) {\n throw new BlueprintValidationError(\n `Blueprint is not valid JSON: ${err instanceof Error ? err.message : String(err)}`,\n );\n }\n return parseBlueprint(parsed);\n}\n\n/** The app-context display name, defaulting to `MCP — <name>` when {@link Blueprint.contextName} is absent. */\nexport function contextNameOf(blueprint: Blueprint): string {\n return blueprint.contextName ?? `MCP — ${blueprint.name}`;\n}\n","/**\n * Identity resolution — the APPLY-time (creds-bearing) half of the blueprint\n * identity feature.\n *\n * A blueprint may declare a top-level `identities:` block (principals it expects\n * to exist) and reference them with `${{ identities.<name> }}` tokens anywhere a\n * principal id is valid (seed-record ownership, schema/profile dataScope, a role\n * clause). Resolution has TWO tiers — DO NOT conflate (mirrors inputs.ts):\n * - install-time (creds-free): {@link resolveBlueprintInputs} resolves\n * `${{ inputs.* }}`/`${{ vectros.* }}` and LEAVES `${{ identities.* }}` literal\n * (it is a deferred namespace).\n * - apply-time (creds): THIS module ensures each declared identity exists\n * (idempotently, by externalId — the injected `resolve` does the API call,\n * wired by the CLI install orchestrator) and substitutes the tokens with\n * the resolved principal ids.\n *\n * This module is the FORMAT half: the resolver is pure given an injected\n * `resolve` (so `plan` can dry-run/echo and tests can assert without creds). The\n * `identities` block shape lives in types.ts so {@link BlueprintSchema} validates\n * it offline (incl. the \"every reference is declared\" lint).\n */\nimport { IdentitiesDeclSchema, type IdentityDecl, type BlueprintIssue } from './types.js';\n\n/** A `${{ identities.<name> }}` reference (global, for scan/replace). */\nconst IDENTITY_TOKEN_RE = /\\$\\{\\{\\s*identities\\.([A-Za-z_]\\w*)\\s*\\}\\}/g;\n\n/** Resolves a declared identity to its concrete principal id (idempotent, by externalId). */\nexport type IdentityResolver = (name: string, decl: IdentityDecl) => Promise<string>;\n\n/** A creds-bearing identity-resolution failure (undeclared ref, bad block, resolver error). */\nexport class BlueprintIdentityError extends Error {\n readonly issues: BlueprintIssue[];\n constructor(message: string, issues: BlueprintIssue[] = []) {\n super(message);\n this.name = 'BlueprintIdentityError';\n this.issues = issues;\n }\n}\n\n/** Every distinct identity name referenced by `${{ identities.<name> }}` in the tree. */\nexport function collectIdentityReferences(value: unknown): string[] {\n const found = new Set<string>();\n const walk = (node: unknown): void => {\n if (typeof node === 'string') {\n for (const m of node.matchAll(IDENTITY_TOKEN_RE)) found.add(m[1]);\n } else if (Array.isArray(node)) {\n node.forEach(walk);\n } else if (node && typeof node === 'object') {\n Object.values(node as Record<string, unknown>).forEach(walk);\n }\n };\n walk(value);\n return [...found];\n}\n\n/** Substitute every `${{ identities.<name> }}` in the tree with `idMap[name]` (values only). */\nfunction substitute(node: unknown, idMap: Record<string, string>): unknown {\n if (typeof node === 'string') {\n return node.replace(IDENTITY_TOKEN_RE, (_full, name: string) => idMap[name]);\n }\n if (Array.isArray(node)) return node.map((v) => substitute(v, idMap));\n if (node && typeof node === 'object') {\n const out: Record<string, unknown> = {};\n for (const [k, v] of Object.entries(node as Record<string, unknown>)) out[k] = substitute(v, idMap);\n return out;\n }\n return node;\n}\n\n/**\n * Resolve a blueprint's `identities:` against an injected creds-bearing resolver\n * and return the substituted tree WITH the `identities:` block stripped — ready\n * for {@link parseBlueprint}. Operates on the install-time-resolved tree (where\n * `${{ identities.* }}` tokens are still literal). Throws\n * {@link BlueprintIdentityError} on a malformed block, an undeclared reference,\n * or a resolver failure.\n *\n * EVERY declared identity is resolved (ensure-exist), not only referenced ones,\n * so a blueprint can provision a principal it doesn't token-reference. A token\n * that references an undeclared identity is an error (also caught offline by\n * {@link BlueprintSchema}).\n */\nexport async function resolveBlueprintIdentities(raw: unknown, resolve: IdentityResolver): Promise<unknown> {\n if (raw === null || typeof raw !== 'object' || Array.isArray(raw)) return raw;\n const { identities: rawIdentities, ...body } = raw as Record<string, unknown> & { identities?: unknown };\n\n // No block + no references → nothing to do (back-compat with non-identity blueprints).\n const refs = collectIdentityReferences(body);\n if (rawIdentities === undefined && refs.length === 0) return raw;\n\n const parsed = IdentitiesDeclSchema.safeParse(rawIdentities ?? {});\n if (!parsed.success) {\n throw new BlueprintIdentityError(\n 'Blueprint identities block is invalid',\n parsed.error.issues.map((i) => ({\n path: i.path.length ? `identities.${i.path.join('.')}` : 'identities',\n message: i.message,\n })),\n );\n }\n const declared = parsed.data;\n\n const undeclared = refs.filter((name) => !(name in declared));\n if (undeclared.length) {\n throw new BlueprintIdentityError(\n `Blueprint references undeclared identities: ${undeclared.join(', ')}`,\n undeclared.map((name) => ({\n path: `identities.${name}`,\n message: `'\\${{ identities.${name} }}' is referenced but not declared in the 'identities' block`,\n })),\n );\n }\n\n // Ensure-exist every DECLARED identity (idempotent by externalId) → id map.\n const idMap: Record<string, string> = {};\n for (const [name, decl] of Object.entries(declared)) {\n try {\n const id = await resolve(name, decl);\n if (typeof id !== 'string' || id.length === 0) {\n // Guard a misbehaving resolver — substituting undefined/'' would write the\n // literal \"undefined\"/\"\" into ownership fields silently.\n throw new Error(`resolver returned a non-string id (${JSON.stringify(id)})`);\n }\n idMap[name] = id;\n } catch (err) {\n throw new BlueprintIdentityError(\n `Failed to resolve identity '${name}' (${decl.kind} externalId=${decl.externalId}): ${\n err instanceof Error ? err.message : String(err)\n }`,\n [{ path: `identities.${name}`, message: err instanceof Error ? err.message : String(err) }],\n );\n }\n }\n\n return substitute(body, idMap);\n}\n","/**\n * Blueprint variable substitution — the install-time resolver\n * (spec `blueprint-variable-substitution`).\n *\n * A blueprint can declare a top-level `inputs:` block and reference its values\n * (and a tiny reserved `vectros.*` built-in namespace) with GitHub-Actions-style\n * `${{ inputs.x }}` tokens in any STRING value. This module resolves those\n * tokens against supplied install-time values, BEFORE structural validation —\n * so the typed {@link Blueprint}, the loader, and bootstrap never see `inputs`\n * or an unresolved token. It is the FORMAT half of the feature: pure,\n * dependency-free (no node, no IO); the CLI owns YAML parsing + `--set`/`--values`.\n *\n * Two tiers — DO NOT conflate (spec §1):\n * - install-time substitution (HERE): `${{ inputs.x }}`, `${{ vectros.* }}`,\n * resolved by the trusted loader before any API call.\n * - the runtime sentinel `$self` (agent-memory): a literal value the platform\n * resolves per-principal at use. This resolver MUST leave `$self` and ANY\n * `$`-prefixed value untouched — it only ever matches the `${{ … }}` form.\n *\n * Security (spec §3): pure string replacement, no eval/template engine → no\n * template injection. The scope gate (the CLI trust boundary) runs on the\n * RESOLVED document, so a parameter cannot smuggle a control-plane scope past\n * it. Built-ins are intentionally tiny (`context`, `suffix`) — see the\n * auto-binding invariant in the spec §4: data-record externalIds are bound to\n * `(tenant, context[, identity])` server-side, so they need no namespace; only\n * tenant-wide service-principal externalIds do, which is what `vectros.suffix`\n * is for.\n */\nimport { z } from 'zod';\nimport type { BlueprintIssue } from './types.js';\n\n/** Allowed input names: identifier-like (so they read cleanly inside `${{ inputs.x }}`). */\nconst INPUT_NAME_RE = /^[A-Za-z_][A-Za-z0-9_]*$/;\n\n/** Scalar value types an input may declare / resolve to (V1 — no objects/arrays). */\nexport type InputScalar = string | number | boolean;\n\n/** A single declared input (one entry under the top-level `inputs:` block). */\nconst InputDeclSchema = z\n .object({\n type: z.enum(['string', 'number', 'boolean']),\n required: z.boolean().optional(),\n default: z.union([z.string(), z.number(), z.boolean()]).optional(),\n description: z.string().optional(),\n })\n .strict();\n\n/** The top-level `inputs:` declaration block — a map of name → declaration. */\nexport const InputsDeclSchema = z.record(InputDeclSchema);\n\nexport type InputDecl = z.infer<typeof InputDeclSchema>;\nexport type InputsDecl = z.infer<typeof InputsDeclSchema>;\n\n/**\n * A variable-resolution failure (declaration, missing value, unknown reference,\n * malformed token). Carries structured {@link BlueprintIssue}s — same teach-by-error\n * `path: message` shape as {@link BlueprintValidationError}.\n */\nexport class BlueprintInputError extends Error {\n readonly issues: BlueprintIssue[];\n constructor(message: string, issues: BlueprintIssue[] = []) {\n super(message);\n this.name = 'BlueprintInputError';\n this.issues = issues;\n }\n}\n\nfunction renderIssues(issues: BlueprintIssue[]): string {\n return issues.map((i) => ` • ${i.path}: ${i.message}`).join('\\n');\n}\n\nfunction scalarType(v: unknown): 'string' | 'number' | 'boolean' | 'other' {\n if (typeof v === 'string') return 'string';\n if (typeof v === 'number') return 'number';\n if (typeof v === 'boolean') return 'boolean';\n return 'other';\n}\n\n/**\n * A short, STABLE, non-cryptographic token derived from the install context id.\n * FNV-1a (32-bit) → base36. Deterministic: same contextId ⇒ same suffix ⇒\n * idempotent re-installs (matches the seeding-and-idempotency upsert contract).\n * Used ONLY to namespace tenant-wide service-principal externalIds so two\n * installs of one blueprint in the same tenant (different contexts) don't\n * collide. Not security-sensitive.\n */\nexport function deriveSuffix(contextId: string): string {\n let h = 0x811c9dc5;\n for (let i = 0; i < contextId.length; i++) {\n h ^= contextId.charCodeAt(i);\n h = Math.imul(h, 0x01000193);\n }\n return (h >>> 0).toString(36).padStart(7, '0');\n}\n\ninterface ResolveCtx {\n declared: InputsDecl;\n /** Resolved input values, by name (absent = declared but has no value). */\n values: Record<string, InputScalar>;\n /** Built-ins, or undefined when contextId is not a usable literal. */\n builtins?: { context: string; suffix: string };\n issues: BlueprintIssue[];\n}\n\n/** Matches a string that is EXACTLY one `${{ ns.name }}` token (→ type-coerced value). */\nconst WHOLE_TOKEN_RE = /^\\$\\{\\{\\s*([A-Za-z_]\\w*)\\.([A-Za-z_]\\w*)\\s*\\}\\}$/;\n/**\n * General scan, ordered alternation (longest/most-specific first):\n * 1. `$${{` the escape → literal `${{`\n * 2. `${{ … }}` a complete token (inner validated separately)\n * 3. `${{` a DANGLING opener with no close → reported, never silent\n */\nconst TOKEN_SCAN_RE = /\\$\\$\\{\\{|\\$\\{\\{([\\s\\S]*?)\\}\\}|\\$\\{\\{/g;\n/** A valid inner reference body once trimmed: `namespace.name`. */\nconst INNER_REF_RE = /^([A-Za-z_]\\w*)\\.([A-Za-z_]\\w*)$/;\n\n/**\n * Namespaces this INSTALL-TIME resolver deliberately leaves UNRESOLVED — their\n * `${{ ns.x }}` tokens are re-emitted literally so a later pass / the platform\n * resolves them. `self` is the RUNTIME per-principal sentinel (platform-resolved\n * per request; a top-level lint in types.ts confines it to role\n * dataScope). `identities` is the creds-bearing APPLY-time namespace — its tokens\n * resolve to a principal id in a later pass (resolveBlueprintIdentities), so the\n * install-time resolver leaves them literal too. A deferred token is NOT an\n * \"unknown namespace\" error — distinct from `$`-prefixed values, which are never\n * matched by the `${{ … }}` scanner at all.\n */\nconst DEFERRED_NAMESPACES = new Set(['self', 'identities']);\n\n/** Resolve one `ns.name` reference to its value, or push an issue + return undefined. */\nfunction resolveRef(ns: string, name: string, ctx: ResolveCtx, path: string): InputScalar | undefined {\n if (ns === 'inputs') {\n if (!(name in ctx.declared)) {\n ctx.issues.push({\n path,\n message: `unknown input 'inputs.${name}' — declare it in the top-level 'inputs:' block`,\n });\n return undefined;\n }\n if (!(name in ctx.values)) {\n ctx.issues.push({\n path,\n message: `input 'inputs.${name}' has no value — supply it (--set ${name}=… or --values) or give it a default`,\n });\n return undefined;\n }\n return ctx.values[name];\n }\n if (ns === 'vectros') {\n if (name !== 'context' && name !== 'suffix') {\n ctx.issues.push({\n path,\n message: `unknown built-in 'vectros.${name}' (available: vectros.context, vectros.suffix)`,\n });\n return undefined;\n }\n if (!ctx.builtins) {\n ctx.issues.push({\n path,\n message: `'vectros.${name}' is unavailable: contextId must be a literal string to derive built-ins`,\n });\n return undefined;\n }\n return ctx.builtins[name];\n }\n ctx.issues.push({\n path,\n message: `unknown namespace '${ns}' in '\\${{ ${ns}.${name} }}' (available: inputs, vectros)`,\n });\n return undefined;\n}\n\n/** Interpolate every token in a multi-token / embedded string → a STRING result. */\nfunction interpolate(str: string, ctx: ResolveCtx, path: string): string {\n let out = '';\n let last = 0;\n TOKEN_SCAN_RE.lastIndex = 0;\n let m: RegExpExecArray | null;\n while ((m = TOKEN_SCAN_RE.exec(str)) !== null) {\n out += str.slice(last, m.index);\n if (m[0] === '$${{') {\n out += '${{'; // escape → literal\n } else if (m[0] === '${{' && m[1] === undefined) {\n // Dangling opener (alternative 3): no closing `}}`. Report, don't drop.\n ctx.issues.push({\n path,\n message: `unterminated token '\\${{' — expected a closing '}}' (escape a literal with '$\\${{')`,\n });\n } else {\n const inner = (m[1] ?? '').trim();\n const ref = inner.match(INNER_REF_RE);\n if (!ref) {\n ctx.issues.push({\n path,\n message: `malformed reference '\\${{ ${inner} }}' — expected '\\${{ namespace.name }}' (escape a literal with '$\\${{')`,\n });\n } else if (DEFERRED_NAMESPACES.has(ref[1])) {\n out += m[0]; // deferred namespace → re-emit the token verbatim (resolved later)\n } else {\n const v = resolveRef(ref[1], ref[2], ctx, path);\n if (v !== undefined) out += String(v);\n }\n }\n last = TOKEN_SCAN_RE.lastIndex;\n }\n out += str.slice(last);\n return out;\n}\n\n/** Recursively substitute tokens through the document tree (values only, not keys). */\nfunction substituteValue(val: unknown, ctx: ResolveCtx, path: string): unknown {\n if (typeof val === 'string') {\n const whole = val.match(WHOLE_TOKEN_RE);\n if (whole) {\n // A deferred namespace (e.g. self.*) is left literal for a later pass.\n if (DEFERRED_NAMESPACES.has(whole[1])) return val;\n // Exactly one token → return the TYPED value (so a boolean input stays a\n // boolean, not the string \"true\"). undefined (on error) collapses to the\n // raw string so the doc stays parseable for downstream issue reporting.\n const v = resolveRef(whole[1], whole[2], ctx, path);\n return v === undefined ? val : v;\n }\n return interpolate(val, ctx, path);\n }\n if (Array.isArray(val)) {\n return val.map((v, i) => substituteValue(v, ctx, `${path}[${i}]`));\n }\n if (val !== null && typeof val === 'object') {\n const out: Record<string, unknown> = {};\n for (const [k, v] of Object.entries(val as Record<string, unknown>)) {\n out[k] = substituteValue(v, ctx, path ? `${path}.${k}` : k);\n }\n return out;\n }\n return val;\n}\n\n/** Coerce a supplied value (string from `--set`, typed from a `--values` file) to the declared type. */\nfunction coerce(raw: unknown, type: InputDecl['type'], name: string, issues: BlueprintIssue[]): InputScalar | undefined {\n const path = `inputs.${name}`;\n if (type === 'string') {\n if (typeof raw === 'string') return raw;\n if (typeof raw === 'number' || typeof raw === 'boolean') return String(raw);\n issues.push({ path, message: `expected a string value` });\n return undefined;\n }\n if (type === 'number') {\n if (typeof raw === 'number') return raw;\n if (typeof raw === 'string') {\n const n = Number(raw.trim());\n if (raw.trim() === '' || Number.isNaN(n)) {\n issues.push({ path, message: `expected a number, got '${raw}'` });\n return undefined;\n }\n return n;\n }\n issues.push({ path, message: `expected a number` });\n return undefined;\n }\n // boolean\n if (typeof raw === 'boolean') return raw;\n if (typeof raw === 'string') {\n const t = raw.trim().toLowerCase();\n if (t === 'true') return true;\n if (t === 'false') return false;\n issues.push({ path, message: `expected a boolean ('true'|'false'), got '${raw}'` });\n return undefined;\n }\n issues.push({ path, message: `expected a boolean` });\n return undefined;\n}\n\n/** Build the resolved-values map from declarations + supplied values (precedence handled by the caller). */\nfunction resolveValues(\n declared: InputsDecl,\n supplied: Record<string, unknown>,\n issues: BlueprintIssue[],\n): Record<string, InputScalar> {\n const values: Record<string, InputScalar> = {};\n\n // Reject supplied values that aren't declared (typo / stale --set).\n for (const k of Object.keys(supplied)) {\n if (!(k in declared)) {\n issues.push({ path: `inputs.${k}`, message: `no input named '${k}' is declared (cannot set it)` });\n }\n }\n\n for (const [name, decl] of Object.entries(declared)) {\n if (name in supplied) {\n const c = coerce(supplied[name], decl.type, name, issues);\n if (c !== undefined) values[name] = c;\n } else if (decl.default !== undefined) {\n values[name] = decl.default;\n } else if (decl.required) {\n issues.push({\n path: `inputs.${name}`,\n message: `required input '${name}' was not supplied (--set ${name}=… or in --values)`,\n });\n }\n // else: optional with no default → no value; a reference to it errors at use.\n }\n return values;\n}\n\n/**\n * Resolve a blueprint's `inputs:` variables against supplied install-time\n * values and return the substituted document tree WITH the `inputs:` block\n * stripped — ready for {@link parseBlueprint}. Throws {@link BlueprintInputError}\n * (with structured `.issues`) on any declaration / value / reference problem.\n *\n * `supplied` is the merged value map (the CLI applies `--set` > `--values` >\n * declared `default` precedence before calling this; declared defaults are\n * applied here). A blueprint with no `inputs:` block and no `${{ … }}` tokens\n * passes through unchanged (back-compat) — but a stray `${{ … }}` or an unknown\n * reference is still reported (never silently empty).\n *\n * Built-ins are derived from the document's LITERAL `contextId` (it cannot\n * itself use `${{ … }}` — it is the source of `vectros.*`).\n */\nexport function resolveBlueprintInputs(raw: unknown, supplied: Record<string, unknown> = {}): unknown {\n // Not an object → not a blueprint shape; let parseBlueprint produce the\n // structural error. (Supplying values here would be meaningless.)\n if (raw === null || typeof raw !== 'object' || Array.isArray(raw)) return raw;\n\n const issues: BlueprintIssue[] = [];\n const { inputs: rawInputs, ...body } = raw as Record<string, unknown> & { inputs?: unknown };\n\n // 1. Validate the inputs declaration block (if present).\n let declared: InputsDecl = {};\n if (rawInputs !== undefined) {\n const parsed = InputsDeclSchema.safeParse(rawInputs);\n if (!parsed.success) {\n for (const i of parsed.error.issues) {\n const p = i.path.length ? `inputs.${i.path.join('.')}` : 'inputs';\n issues.push({ path: p, message: i.message });\n }\n } else {\n declared = parsed.data;\n for (const [name, decl] of Object.entries(declared)) {\n if (!INPUT_NAME_RE.test(name)) {\n issues.push({\n path: `inputs.${name}`,\n message: `invalid input name '${name}' — letters/digits/underscore, not starting with a digit`,\n });\n }\n if (decl.default !== undefined && scalarType(decl.default) !== decl.type) {\n issues.push({\n path: `inputs.${name}.default`,\n message: `default is a ${scalarType(decl.default)} but the declared type is '${decl.type}'`,\n });\n }\n }\n }\n }\n\n // 2. Derive built-ins from the LITERAL contextId.\n let builtins: { context: string; suffix: string } | undefined;\n const ctxId = (body as Record<string, unknown>).contextId;\n if (typeof ctxId === 'string' && ctxId.length > 0) {\n if (ctxId.includes('${{')) {\n issues.push({\n path: 'contextId',\n message: `contextId must be a literal — it cannot use '\\${{ … }}' (it is the source of vectros.* built-ins)`,\n });\n } else {\n builtins = { context: ctxId, suffix: deriveSuffix(ctxId) };\n }\n }\n // contextId missing / non-string → builtins stay undefined; parseBlueprint\n // separately reports the missing/invalid contextId.\n\n // 3. Resolve values, then substitute through the body.\n const values = resolveValues(declared, supplied, issues);\n const ctx: ResolveCtx = { declared, values, builtins, issues };\n const substituted = substituteValue(body, ctx, '');\n\n if (issues.length) {\n throw new BlueprintInputError(`Blueprint variable resolution failed:\\n${renderIssues(issues)}`, issues);\n }\n return substituted;\n}\n","/**\n * Bundled blueprint: task-management.\n *\n * The canonical first blueprint (design doc Appendix A). Structured task\n * tracking, shareable across sessions, agents, and users. Demonstrates the\n * full contract: a HYBRID-indexed schema, a data-plane-only profile that\n * passes the CLI scope gate, a service principal, and deterministic seed\n * data — all with stable identifiers so a loader re-run is idempotent.\n *\n * Bundled blueprints are TRUSTED (they ship in the reviewed packages), but\n * the CLI's scope gate still applies — `tests/blueprints.test.ts` asserts\n * this blueprint is structurally valid, and the CLI's gate test asserts it\n * stays data-plane-only.\n *\n * It is the \"copy me to start\" exemplar, so it stays a SINGLE schema — but it\n * is a complete one: it shows render hints (so the no-code UI renders a real\n * form), write-time validation, and BOTH lookup shapes — equality (enumerate a\n * project's tasks) and an ordered RANGE index on the due date (list tasks due\n * in a window). The equality-vs-range choice per field is permanent once a\n * schema is live (see the lookupFields note below), so it is made deliberately.\n *\n * allowedActions = [records:r, records:c, records:u, search:r, schemas:r] —\n * all data-plane. Note the deliberate ABSENCE of records:d (tasks are\n * marked done, not deleted — least privilege).\n */\nimport type { Blueprint } from '../types.js';\n\nconst taskManagement: Blueprint = {\n name: 'task-management',\n version: '1.0.0',\n description: 'Structured task tracking, shareable across sessions, agents, and users.',\n\n contextId: 'task-management',\n contextName: 'Task Management',\n\n schemas: [\n {\n typeName: 'task',\n displayName: 'Task',\n indexMode: 'HYBRID', // keyword on titles + semantic on descriptions\n fields: [\n {\n fieldId: 'title',\n fieldType: 'string',\n required: true,\n searchable: true,\n validation: { minLength: 1, maxLength: 200 },\n renderHints: { label: 'Title', widget: 'text', order: 1, section: 'Task', displayField: true },\n },\n {\n fieldId: 'description',\n fieldType: 'string',\n searchable: true,\n description: 'Free-text detail — the RAG-able body.',\n validation: { maxLength: 8000 },\n renderHints: { label: 'Description', widget: 'textarea', order: 2, section: 'Task' },\n },\n {\n fieldId: 'status',\n fieldType: 'enum',\n filterable: true,\n enumValues: ['todo', 'in_progress', 'blocked', 'done'],\n renderHints: { label: 'Status', widget: 'select', order: 3, section: 'Tracking' },\n },\n {\n fieldId: 'priority',\n fieldType: 'enum',\n filterable: true,\n enumValues: ['low', 'medium', 'high', 'urgent'],\n // Equality, NOT range: the values are an ordinal vocabulary but they sort\n // LEXICALLY (high < low < medium < urgent), not by severity — a range\n // index here would be permanently wrong. Filter by exact priority instead.\n renderHints: { label: 'Priority', widget: 'select', order: 4, section: 'Tracking' },\n },\n {\n fieldId: 'assignee',\n fieldType: 'string',\n filterable: true,\n description: 'userId or display name.',\n renderHints: { label: 'Assignee', widget: 'text', order: 5, section: 'Tracking' },\n },\n {\n fieldId: 'project',\n fieldType: 'string',\n filterable: true,\n description: 'Grouping key for cross-session continuity.',\n renderHints: { label: 'Project', widget: 'text', order: 6, section: 'Tracking' },\n },\n {\n fieldId: 'dueDate',\n fieldType: 'date',\n description: 'ISO-8601. Range-queryable (see lookupFields) — list tasks due in a window.',\n renderHints: { label: 'Due date', widget: 'date', order: 7, section: 'Tracking' },\n },\n {\n fieldId: 'tags',\n fieldType: 'array',\n filterable: true,\n renderHints: { label: 'Tags', order: 8, section: 'Tracking' },\n },\n // externalId is the record's FIRST-CLASS identifier (the dedup/lookup key + the\n // value a `reference` resolves against) — not a payload field; the loader sends\n // it top-level on the RecordRequest.\n ],\n // Two lookup shapes, chosen deliberately because the equality-vs-range choice\n // per field is MIGRATION-LOCKED once the schema is live (you cannot flip a\n // field slot↔range later, even by removing and re-adding it):\n // • `project` — EQUALITY (a grouping key, not ordered): enumerate one\n // project's tasks directly, no search. Each equality lookup uses 1 of the\n // schema's 7 fast index slots.\n // • `dueDate` — RANGE: ordered `from`/`to`/`prefix` queries (\"tasks due this\n // week\", \"due in 2026-06\"). Range lookups use a relationship row, not a\n // slot, and are billed at the range rate. ISO-8601 sorts chronologically,\n // so the order is correct.\n // `externalId` has a built-in first-class finder and must NOT be redeclared here.\n lookupFields: ['project', { fieldName: 'dueDate', rangeEnabled: true }],\n },\n ],\n\n // Least-privilege profile — MUST pass the CLI scope gate.\n // r/c/u + search + schema discovery. NOT records:d (least privilege).\n accessProfile: {\n allowedActions: ['records:r', 'records:c', 'records:u', 'search:r', 'schemas:r'],\n // dataScope omitted → tenant-level shared tracker. Bind to an orgId\n // for per-org isolation.\n },\n\n servicePrincipal: {\n externalId: 'task-management',\n displayName: 'Task Management',\n },\n\n seed: [\n {\n typeName: 'task',\n externalId: 'seed-welcome',\n fields: {\n title: 'Welcome to your Vectros task tracker',\n description: 'Created by the bootstrap loader. Ask your agent to add tasks.',\n status: 'todo',\n priority: 'low',\n project: 'getting-started',\n dueDate: '2026-06-30',\n },\n },\n ],\n};\n\nexport default taskManagement;\n","/**\n * Bundled blueprint: coding-agent-memory.\n *\n * Persistent, governed project memory for a coding agent (Claude Desktop,\n * Cursor, Cline…). The agent records the decisions, conventions, and gotchas\n * it learns about a codebase so they survive across sessions — instead of\n * re-asking and re-breaking the same things every cold start.\n *\n * Demonstrates the agent-memory FACTS/ENTITIES + EPISODIC flavors on the\n * Vectros substrate: schema'd records (typed facts), exact lookup (idempotent\n * upsert by a caller-stable key), HYBRID search + grounded `rag_ask` (recall by\n * meaning — \"why did we decide X?\"), version history (how a decision evolved),\n * RANGE lookups on the \"when\" of each memory (\"decisions from this quarter\"),\n * and a typed REFERENCE link between record types (a convention cites the\n * decision that established it — a small knowledge graph). It is pure no-code: a\n * `vectros bootstrap` provisions the schemas + a narrow `ssk_*`, and the agent\n * drives it through the MCP server's data-plane tools.\n *\n * allowedActions = [records:r, records:c, records:u, search:r, schemas:r, inference:r].\n * Note the deliberate ABSENCE of records:d: decisions are SUPERSEDED (status\n * flips to `superseded`), never deleted, so the audit trail of how the project's\n * thinking changed stays intact (least privilege). `inference:r` powers the\n * grounded \"why did we do X?\" recall (`rag_ask`) over the captured rationale.\n */\nimport type { Blueprint } from '../types.js';\n\nconst codingAgentMemory: Blueprint = {\n name: 'coding-agent-memory',\n version: '1.0.0',\n description:\n 'Persistent project memory for a coding agent — decisions, conventions, and gotchas that survive across sessions.',\n\n contextId: 'coding-memory',\n contextName: 'Coding Agent — Project Memory',\n\n schemas: [\n {\n // A durable architectural/product decision: what was decided, and WHY.\n // The rationale is the high-value, RAG-able body — \"why did we do X?\"\n // is the question a cold-context agent most needs answered.\n typeName: 'decision',\n displayName: 'Decision',\n indexMode: 'HYBRID', // keyword on titles + semantic on statement/rationale\n fields: [\n {\n fieldId: 'title',\n fieldType: 'string',\n required: true,\n searchable: true,\n validation: { minLength: 1, maxLength: 200 },\n renderHints: { label: 'Title', widget: 'text', order: 1, displayField: true },\n },\n {\n fieldId: 'statement',\n fieldType: 'string',\n searchable: true,\n description: 'What was decided, in one or two sentences.',\n renderHints: { label: 'Statement', widget: 'textarea', order: 2 },\n },\n {\n fieldId: 'rationale',\n fieldType: 'string',\n searchable: true,\n description: 'Why — the trade-offs and the context. The most-recalled field.',\n renderHints: { label: 'Rationale', widget: 'textarea', order: 3 },\n },\n {\n fieldId: 'status',\n fieldType: 'enum',\n filterable: true,\n enumValues: ['proposed', 'active', 'superseded'],\n renderHints: { label: 'Status', widget: 'select', order: 4 },\n },\n {\n fieldId: 'area',\n fieldType: 'string',\n filterable: true,\n description: 'Subsystem / module the decision applies to (e.g. \"auth\", \"search\").',\n renderHints: { label: 'Area', widget: 'text', order: 5 },\n },\n {\n fieldId: 'decidedOn',\n fieldType: 'date',\n description: 'ISO-8601 date. Range-queryable — \"decisions made this quarter\".',\n renderHints: { label: 'Decided on', widget: 'date', order: 6 },\n },\n // externalId is the record's FIRST-CLASS identifier (the dedup/upsert key + the\n // value a `reference` resolves against) — it is NOT a payload field, so it is not\n // declared here; the loader sends it top-level on the RecordRequest.\n ],\n // `externalId` is a first-class identifier with its own finder (exact\n // get/upsert) — look it up directly, never redeclare it as a schema lookup.\n // The choice below is MIGRATION-LOCKED once the schema is live:\n // • `area`/`status` — EQUALITY (categorical): \"list active decisions\",\n // \"all decisions in the auth area\". 2 of the 7 fast index slots.\n // • `decidedOn` — RANGE: ordered `from`/`to`/`prefix` over the date.\n lookupFields: ['area', 'status', { fieldName: 'decidedOn', rangeEnabled: true }],\n },\n {\n // A coding convention the team follows — the agent reads these before it\n // writes code so it matches the surrounding style instead of inventing one.\n typeName: 'convention',\n displayName: 'Convention',\n indexMode: 'HYBRID',\n fields: [\n {\n fieldId: 'name',\n fieldType: 'string',\n required: true,\n searchable: true,\n validation: { minLength: 1, maxLength: 200 },\n renderHints: { label: 'Name', widget: 'text', order: 1, displayField: true },\n },\n {\n fieldId: 'rule',\n fieldType: 'string',\n searchable: true,\n description: 'The convention itself, stated as an imperative.',\n renderHints: { label: 'Rule', widget: 'textarea', order: 2 },\n },\n {\n fieldId: 'area',\n fieldType: 'string',\n filterable: true,\n renderHints: { label: 'Area', widget: 'text', order: 3 },\n },\n {\n // Parallels `decision.status` so a convention can be RETIRED rather than\n // deleted (the blueprint omits records:d — memory is superseded, not lost).\n fieldId: 'status',\n fieldType: 'enum',\n filterable: true,\n enumValues: ['active', 'retired'],\n renderHints: { label: 'Status', widget: 'select', order: 4 },\n },\n {\n // A typed REFERENCE to the decision that established this convention — a\n // foreign-key link between record types (the knowledge-graph edge). The\n // platform requires both the target type AND its surface; the value is the\n // target decision's externalId (the default `targetField`). Provenance:\n // \"why does this convention exist? → open the decision behind it.\" Not\n // searchable (a foreign-key id is search noise); declared as an equality\n // lookup below so you can also enumerate \"conventions from decision X\".\n fieldId: 'establishedByDecision',\n fieldType: 'reference',\n targetTypeName: 'decision',\n targetSurface: 'record',\n targetField: 'externalId',\n cardinality: 'one',\n renderHints: { label: 'Established by (decision)', order: 5 },\n },\n {\n fieldId: 'adoptedOn',\n fieldType: 'date',\n description: 'ISO-8601 — when this convention was adopted. Range-queryable.',\n renderHints: { label: 'Adopted on', widget: 'date', order: 6 },\n },\n // externalId: first-class identifier, not a payload field (see `decision`).\n ],\n // externalId has its own first-class finder for exact get — look it up\n // directly, not as a schema lookup. Locked equality-vs-range choices:\n // • `area`/`status` — EQUALITY: \"active conventions for auth\".\n // • `establishedByDecision` — EQUALITY on the reference value: enumerate\n // \"conventions established by decision X\" (a forward link query; the\n // platform has no reverse-reference index on this surface).\n // • `adoptedOn` — RANGE over the adoption date.\n // 3 equality lookups (of 7 fast slots) + 1 range row.\n lookupFields: ['area', 'status', 'establishedByDecision', { fieldName: 'adoptedOn', rangeEnabled: true }],\n },\n {\n // A gotcha / sharp edge: a symptom, its cause, and the fix. Saves the\n // agent (and the human) from re-discovering the same trap.\n typeName: 'gotcha',\n displayName: 'Gotcha',\n indexMode: 'HYBRID',\n fields: [\n {\n fieldId: 'symptom',\n fieldType: 'string',\n required: true,\n searchable: true,\n validation: { minLength: 1, maxLength: 500 },\n renderHints: { label: 'Symptom', widget: 'textarea', order: 1, displayField: true },\n },\n {\n fieldId: 'cause',\n fieldType: 'string',\n searchable: true,\n renderHints: { label: 'Cause', widget: 'textarea', order: 2 },\n },\n {\n fieldId: 'fix',\n fieldType: 'string',\n searchable: true,\n renderHints: { label: 'Fix', widget: 'textarea', order: 3 },\n },\n {\n fieldId: 'area',\n fieldType: 'string',\n filterable: true,\n renderHints: { label: 'Area', widget: 'text', order: 4 },\n },\n {\n // A gotcha can be RETIRED once the underlying trap is fixed for good —\n // superseded, not deleted (the blueprint omits records:d).\n fieldId: 'status',\n fieldType: 'enum',\n filterable: true,\n enumValues: ['active', 'retired'],\n renderHints: { label: 'Status', widget: 'select', order: 5 },\n },\n {\n fieldId: 'discoveredOn',\n fieldType: 'date',\n description: 'ISO-8601 — when this gotcha was first hit. Range-queryable.',\n renderHints: { label: 'Discovered on', widget: 'date', order: 6 },\n },\n // externalId: first-class identifier, not a payload field (see `decision`).\n ],\n // externalId has its own first-class finder for exact get — look it up\n // directly, not as a schema lookup. `area`/`status` EQUALITY (\"active\n // gotchas in search\"); `discoveredOn` RANGE over the discovery date.\n lookupFields: ['area', 'status', { fieldName: 'discoveredOn', rangeEnabled: true }],\n },\n ],\n\n // Least-privilege profile — MUST pass the CLI scope gate.\n // r/c/u + search + schema discovery + inference:r (grounded \"why did we do X?\"\n // recall over the captured rationale). NOT records:d: memory is superseded,\n // not deleted, so the project's decision history stays auditable.\n accessProfile: {\n allowedActions: ['records:r', 'records:c', 'records:u', 'search:r', 'schemas:r', 'inference:r'],\n },\n\n servicePrincipal: {\n externalId: 'coding-agent-memory',\n displayName: 'Coding Agent — Project Memory',\n },\n\n seed: [\n {\n // Seeded FIRST so the convention below resolves its reference to it — the\n // loader creates seeds in array order, and a reference target must exist when\n // the referencing record is written.\n typeName: 'decision',\n externalId: 'seed-use-vectros-for-memory',\n fields: {\n title: 'Use Vectros as the coding agent’s project memory',\n statement:\n 'Persist decisions, conventions, and gotchas as Vectros records so they survive across agent sessions.',\n rationale:\n 'A coding agent loses context every cold start. A governed, searchable memory lets it recall prior decisions by meaning instead of re-asking — and the version history shows how the thinking evolved.',\n status: 'active',\n area: 'getting-started',\n decidedOn: '2026-06-14',\n },\n },\n {\n // Demonstrates a live typed link at bootstrap: this convention references the\n // decision above by its externalId, so \"open the decision behind this rule\"\n // works the moment the blueprint is applied.\n typeName: 'convention',\n externalId: 'seed-record-the-why',\n fields: {\n name: 'Record the why, not just the what',\n rule: 'When you record a decision or convention, always capture the rationale — the trade-offs a future session cannot re-derive from the code.',\n area: 'getting-started',\n status: 'active',\n establishedByDecision: 'seed-use-vectros-for-memory',\n adoptedOn: '2026-06-14',\n },\n },\n ],\n};\n\nexport default codingAgentMemory;\n","/**\n * Bundled blueprint: second-brain.\n *\n * A personal knowledge base — capture every note, idea, and link, then just\n * ask it. The most universally legible AI-data use case there is, and the\n * canonical exemplar of the agent-memory LONG-TERM / SEMANTIC-RECALL flavor:\n * one `note` schema, HYBRID-indexed, recalled by meaning rather than exact\n * keywords.\n *\n * Pure no-code: `vectros bootstrap` provisions the schema + a narrow `ssk_*`,\n * and you drive it through the MCP server (\"capture this thought\", \"what did I\n * note about X?\") or the generic data-plane app. Notes are archived via a\n * status flip, not deleted — so the profile omits records:d (least privilege).\n *\n * Beyond semantic recall it shows the DIRECT-access patterns an agent reaches\n * for between searches: enumerate notes by `source` (most-recent first), and a\n * `capturedAt` RANGE index for \"what did I capture last week?\". The\n * equality-vs-range choice per lookup field is permanent (see lookupFields).\n *\n * allowedActions = [records:r, records:c, records:u, search:r, schemas:r, inference:r].\n */\nimport type { Blueprint } from '../types.js';\n\nconst secondBrain: Blueprint = {\n name: 'second-brain',\n version: '1.0.0',\n description: 'A personal knowledge base — capture notes, ideas, and links, then ask them anything.',\n\n contextId: 'second-brain',\n contextName: 'Second Brain',\n\n schemas: [\n {\n typeName: 'note',\n displayName: 'Note',\n indexMode: 'HYBRID', // keyword on title + semantic on body — recall by meaning\n fields: [\n {\n fieldId: 'title',\n fieldType: 'string',\n required: true,\n searchable: true,\n validation: { minLength: 1, maxLength: 200 },\n renderHints: { label: 'Title', widget: 'text', order: 1, section: 'Note', displayField: true },\n },\n {\n fieldId: 'body',\n fieldType: 'string',\n searchable: true,\n description: 'The note itself — the RAG-able body you ask questions against.',\n validation: { maxLength: 20000 },\n renderHints: { label: 'Body', widget: 'textarea', order: 2, section: 'Note' },\n },\n {\n fieldId: 'tags',\n fieldType: 'array',\n filterable: true,\n description: 'Freeform string labels for filtering (e.g. \"idea\", \"reading\", \"work\").',\n renderHints: { label: 'Tags', order: 3, section: 'Organize' },\n },\n {\n // An enum (not freeform) so enumeration-by-source is reliable — a\n // `record_query` lookup on `source` only works if values are consistent.\n // `other` keeps it from being a straitjacket for a personal brain-dump.\n fieldId: 'source',\n fieldType: 'enum',\n filterable: true,\n enumValues: ['thought', 'web', 'meeting', 'book', 'article', 'other'],\n description: 'Where it came from.',\n renderHints: { label: 'Source', widget: 'select', order: 4, section: 'Organize' },\n },\n {\n fieldId: 'status',\n fieldType: 'enum',\n filterable: true,\n enumValues: ['active', 'archived'],\n description: 'Archive instead of delete, so nothing is ever lost.',\n renderHints: { label: 'Status', widget: 'select', order: 5, section: 'Organize' },\n },\n {\n fieldId: 'capturedAt',\n fieldType: 'date',\n description: 'ISO-8601 capture date. Range-queryable — \"notes from last week\".',\n renderHints: { label: 'Captured', widget: 'date', order: 6, section: 'Organize' },\n },\n // externalId is the record's FIRST-CLASS identifier (the dedup/upsert key + the\n // value a `reference` resolves against) — not a payload field; the loader sends\n // it top-level on the RecordRequest.\n ],\n // Lookup shapes are MIGRATION-LOCKED once the schema is live (a field cannot\n // flip equality↔range later), so each is chosen on purpose:\n // • `source` — EQUALITY, sorted by `lastUpdated`: enumerate notes from one\n // source, most-recently-touched first. `lastUpdated` is always present, so\n // the sort never drops a note (sorting an equality lookup by an OPTIONAL\n // field would silently exclude rows that lack it).\n // • `status` — EQUALITY: \"show archived notes\".\n // • `capturedAt` — RANGE: ordered `from`/`to`/`prefix` (\"captured in 2026-06\").\n // `externalId` has a built-in first-class finder — look it up directly, never\n // redeclare it here. Equality lookups use the 7 fast index slots (2 used here);\n // range lookups use a relationship row, billed at the range rate.\n lookupFields: [\n { fieldName: 'source', sortBy: 'lastUpdated' },\n 'status',\n { fieldName: 'capturedAt', rangeEnabled: true },\n ],\n },\n ],\n\n // Least-privilege profile — r/c/u + search + schema discovery + inference:r\n // (so the agent can `rag_ask` a grounded, cited question over your notes). No\n // records:d: notes are archived (status → 'archived'), never deleted.\n accessProfile: {\n allowedActions: ['records:r', 'records:c', 'records:u', 'search:r', 'schemas:r', 'inference:r'],\n },\n\n servicePrincipal: {\n externalId: 'second-brain',\n displayName: 'Second Brain',\n },\n\n seed: [\n {\n typeName: 'note',\n externalId: 'seed-welcome',\n fields: {\n title: 'Welcome to your Second Brain',\n body: 'Capture anything here — ideas, links, meeting notes — then ask your agent things like \"what did I note about onboarding?\" and it recalls by meaning, not just keywords.',\n tags: ['getting-started'],\n source: 'thought',\n status: 'active',\n capturedAt: '2026-06-14',\n },\n },\n ],\n};\n\nexport default secondBrain;\n","/**\n * Bundled blueprint: clinical-intake.\n *\n * A behavioral-health intake record — the healthcare-lead exemplar. It exists\n * to make Vectros's compliance posture VISIBLE in a no-code demo: fields marked\n * `sensitive` (PHI) are, by the platform, redacted from audit history AT WRITE\n * TIME (destroyed, not masked — unrecoverable regardless of scope), excluded\n * from the search index, blind-indexed for exact lookup, and masked in\n * responses unless the token carries the `s` reveal scope.\n *\n * The \"aha\" walkthrough: bootstrap → create an intake with a `sensitive` SSN\n * and clinical note → open the record's version history (in app.vectros.ai or\n * via the MCP server) and see the sensitive fields show `[redacted]` in EVERY\n * historical row → search for a phrase from the note and get zero hits → AND\n * STILL find the record by exact client name via the blind-index lookup\n * (the value is HMAC'd into the index, never stored in the clear). The\n * compliance story you can run in 60 seconds, on synthetic data only.\n *\n * `capabilities.auditHistory: true` is explicit (it is the platform default,\n * but a compliance exemplar should self-document its audit posture).\n *\n * PHI HYGIENE: the seed and every example use SYNTHETIC data only. Never enter\n * real PHI into a demo tenant.\n *\n * allowedActions = [records:r, records:c, records:u, search:r, schemas:r].\n * Deliberately NO records:d (intake records are retained, not deleted) and NO\n * `s` reveal scope — so the bootstrapped key itself cannot un-redact sensitive\n * fields, which is the point of the demo. No `inference:r` either: a PHI corpus\n * is the one place we do NOT hand the demo key a RAG capability.\n */\nimport type { Blueprint } from '../types.js';\n\nconst clinicalIntake: Blueprint = {\n name: 'clinical-intake',\n version: '1.0.0',\n description:\n 'Behavioral-health intake with PHI fields — demonstrates redact-at-write, audit history, blind-index lookup, and search exclusion. Synthetic data only.',\n\n contextId: 'clinical-intake',\n contextName: 'Clinical Intake',\n\n schemas: [\n {\n typeName: 'intake',\n displayName: 'Intake',\n indexMode: 'HYBRID',\n capabilities: { auditHistory: true }, // self-documenting compliance posture\n fields: [\n // --- Non-sensitive, searchable/filterable working fields ---\n {\n fieldId: 'caseId',\n fieldType: 'string',\n required: true,\n description: 'Caller-stable intake id; the dedup/lookup key.',\n validation: { minLength: 1, maxLength: 64 },\n renderHints: { label: 'Case ID', widget: 'text', order: 1, section: 'Intake', displayField: true },\n },\n {\n fieldId: 'presentingConcern',\n fieldType: 'string',\n searchable: true,\n description: 'Non-PHI summary of the presenting concern — safe to index + search.',\n validation: { maxLength: 2000 },\n renderHints: { label: 'Presenting concern', widget: 'textarea', order: 2, section: 'Intake' },\n },\n {\n fieldId: 'program',\n fieldType: 'string',\n filterable: true,\n description: 'Program / service line the intake is routed to.',\n renderHints: { label: 'Program', widget: 'text', order: 3, section: 'Intake' },\n },\n {\n fieldId: 'status',\n fieldType: 'enum',\n filterable: true,\n enumValues: ['new', 'in_review', 'scheduled', 'closed'],\n renderHints: { label: 'Status', widget: 'select', order: 4, section: 'Intake' },\n },\n {\n fieldId: 'submittedAt',\n fieldType: 'date',\n description: 'ISO-8601. Range-queryable — a coordinator can pull \"intakes submitted this week\".',\n renderHints: { label: 'Submitted', widget: 'date', order: 5, section: 'Intake' },\n },\n\n // --- Sensitive (PHI) fields: redacted-at-write, search-excluded, masked-on-read ---\n {\n fieldId: 'clientName',\n fieldType: 'string',\n sensitive: true,\n description: 'PHI. Blind-indexed for EXACT lookup (a lookup field below); never in the search index or audit log.',\n renderHints: { label: 'Client name', widget: 'text', order: 10, section: 'Client (PHI)' },\n },\n {\n fieldId: 'dateOfBirth',\n fieldType: 'string',\n sensitive: true,\n description: 'PHI. ISO-8601. Redacted from audit history at write time.',\n renderHints: { label: 'Date of birth', widget: 'date', order: 11, section: 'Client (PHI)' },\n },\n {\n fieldId: 'ssn',\n fieldType: 'string',\n sensitive: true,\n description: 'PHI. Destroyed before the audit snapshot is written — unrecoverable.',\n validation: { pattern: '^\\\\d{3}-\\\\d{2}-\\\\d{4}$' },\n renderHints: { label: 'SSN', widget: 'text', order: 12, section: 'Client (PHI)' },\n },\n {\n fieldId: 'clinicalNote',\n fieldType: 'string',\n sensitive: true,\n description: 'PHI free-text. Excluded from search so a note phrase never leaks via results.',\n renderHints: { label: 'Clinical note', widget: 'textarea', order: 13, section: 'Client (PHI)' },\n },\n ],\n // Lookup fields back access patterns without a search. The equality-vs-range\n // (and sensitive-blind-index) choice per field is MIGRATION-LOCKED once the\n // schema is live — chosen deliberately:\n // • `caseId` (unique) — EQUALITY: exact get by the stable intake id.\n // • `program`/`status` — EQUALITY (categorical): a coordinator ENUMERATES a\n // worklist (\"all outpatient-counseling intakes\", \"all new intakes\").\n // • `clientName` — a SENSITIVE equality lookup: the value is HMAC'd into a\n // per-tenant BLIND INDEX, so \"find the intake for this exact client name\"\n // works WITHOUT the name ever being stored in the clear or entering search.\n // A sensitive lookup is equality-only — a blind hash is not orderable, so\n // it can never be range-enabled.\n // • `submittedAt` — RANGE: ordered `from`/`to`/`prefix` for a date worklist.\n // 4 equality lookups (of 7 fast slots) + 1 range row. The OTHER PHI fields\n // (dateOfBirth/ssn/clinicalNote) are deliberately NOT lookups here.\n lookupFields: [\n { fieldName: 'caseId', unique: true },\n 'program',\n 'status',\n 'clientName',\n { fieldName: 'submittedAt', rangeEnabled: true },\n ],\n },\n ],\n\n // Least-privilege, data-plane only. No records:d (retain intakes), NO `s`\n // reveal qualifier (the demo key literally cannot un-redact the PHI fields),\n // and NO inference:r (we never point a RAG capability at a PHI corpus here).\n accessProfile: {\n allowedActions: ['records:r', 'records:c', 'records:u', 'search:r', 'schemas:r'],\n },\n\n servicePrincipal: {\n externalId: 'clinical-intake',\n displayName: 'Clinical Intake',\n },\n\n seed: [\n {\n typeName: 'intake',\n externalId: 'seed-synthetic-intake',\n fields: {\n caseId: 'seed-synthetic-intake',\n presentingConcern: 'Sleep difficulty and low mood over the past month; seeking counseling.',\n program: 'outpatient-counseling',\n status: 'new',\n submittedAt: '2026-06-14',\n // SYNTHETIC PHI — illustrative only, not a real person.\n clientName: 'Jordan Sample',\n dateOfBirth: '1990-01-01',\n ssn: '000-00-0000',\n clinicalNote:\n 'Synthetic note for demonstration. Reports difficulty sleeping; no acute safety concerns noted.',\n },\n },\n ],\n};\n\nexport default clinicalIntake;\n","/**\n * @vectros-ai/blueprints — the Blueprint format + the curated bundled\n * library. Data + structural validation only; the scope gate (enforcement)\n * lives in @vectros-ai/cli.\n */\nexport {\n BlueprintSchema,\n BlueprintValidationError,\n parseBlueprint,\n parseBlueprintJson,\n contextNameOf,\n type Blueprint,\n type BlueprintFieldDef,\n type BlueprintSchemaDef,\n type BlueprintSeedRecord,\n type BlueprintValidationRules,\n type BlueprintRenderHints,\n type BlueprintLookupField,\n type BlueprintRoleClause,\n type BlueprintRoles,\n type IdentityDecl,\n type IdentitiesDecl,\n type BlueprintIssue,\n} from './types.js';\n\nexport {\n resolveBlueprintIdentities,\n collectIdentityReferences,\n BlueprintIdentityError,\n type IdentityResolver,\n} from './identities.js';\n\nexport {\n InputsDeclSchema,\n BlueprintInputError,\n resolveBlueprintInputs,\n deriveSuffix,\n type InputDecl,\n type InputsDecl,\n type InputScalar,\n} from './inputs.js';\n\nimport type { Blueprint } from './types.js';\nimport taskManagement from './blueprints/task-management.js';\nimport codingAgentMemory from './blueprints/coding-agent-memory.js';\nimport secondBrain from './blueprints/second-brain.js';\nimport clinicalIntake from './blueprints/clinical-intake.js';\n\n/**\n * The curated blueprints bundled with the library, in menu-display order.\n * To add one: drop a `blueprints/<name>.ts` exporting a `Blueprint`\n * default, import it here, and add it to this array.\n */\nexport const BUNDLED_BLUEPRINTS: readonly Blueprint[] = [\n taskManagement,\n codingAgentMemory,\n secondBrain,\n clinicalIntake,\n];\n\n/** Names available for `--blueprint <name>`. */\nexport const BLUEPRINT_NAMES: readonly string[] = BUNDLED_BLUEPRINTS.map((b) => b.name);\n\n/** Look up a bundled blueprint by name; `undefined` if none matches. */\nexport function getBlueprint(name: string): Blueprint | undefined {\n return BUNDLED_BLUEPRINTS.find((b) => b.name === name);\n}\n","/**\n * Structured logger — pino, always to stderr.\n *\n * The CLI writes its user-facing output (menus, prompts, the final config\n * snippet) to STDOUT. Diagnostic logging therefore goes to stderr so it\n * never interleaves with that output and can be redirected/silenced\n * independently. Debug level is enabled with `VECTROS_MCP_DEBUG=1` (the\n * same toggle the runtime uses, so a developer learns one env var).\n */\nimport pino, { type Logger } from 'pino';\n\nexport interface LogContext {\n debug?: boolean;\n}\n\n/**\n * Build a stderr-destined logger.\n *\n * Pass `debug: true` (or set `VECTROS_MCP_DEBUG=1`) to lower the\n * level to `debug`. Default is `info`.\n */\nexport function createLogger(ctx: LogContext = {}): Logger {\n const debugEnabled = ctx.debug ?? process.env.VECTROS_MCP_DEBUG === '1';\n // pino.destination(2) — file descriptor 2 = stderr. NOT stdout.\n return pino(\n {\n level: debugEnabled ? 'debug' : 'info',\n base: { component: '@vectros-ai/cli' },\n timestamp: pino.stdTimeFunctions.isoTime,\n },\n pino.destination(2),\n );\n}\n\nexport type { Logger };\n","/**\n * Base-URL validator — credential-exfil guard.\n *\n * A user/env-supplied base URL (`--base-url` or `VECTROS_API_BASE_URL`) can\n * redirect the CLI to an attacker host, exfiltrating FULL-TAKEOVER\n * credentials: the partner's Cognito bearer (sent to the bridge-mint\n * endpoint) and the wildcard `st_*` it returns. Nothing validated the host\n * before the bearer was attached.\n *\n * This validates the URL BEFORE any credential is attached:\n * - require `https://` — except `http://` to a loopback host (localhost/\n * 127.0.0.1/::1), for local proxying/dev;\n * - require the host to be an official Vectros host: `vectros.ai` or a\n * `*.vectros.ai` subdomain (strict suffix match — `api.vectros.ai.evil.com`\n * and `evilvectros.ai` are rejected);\n * - a loud, explicit opt-out (`VECTROS_ALLOW_INSECURE_BASE_URL=1`) permits\n * an arbitrary host for a trusted local proxy, AFTER a stderr warning.\n *\n * Mirrors `packages/mcp-server/src/base-url.ts` (the MCP server has the same\n * vector via `VECTROS_API_BASE_URL` → `/v1/ping` Bearer). Kept as a tiny\n * per-package module rather than a new shared workspace dependency.\n */\n\n/** The official Vectros apex + subdomain suffix. */\nconst ALLOWED_HOST_APEX = 'vectros.ai';\nconst ALLOWED_HOST_SUFFIX = '.vectros.ai';\n\n/** Env var that loudly opts out of the host allow-list (trusted local proxy). */\nexport const INSECURE_BASE_URL_ENV = 'VECTROS_ALLOW_INSECURE_BASE_URL';\n\n/** Thrown when a base URL fails validation (caller maps to a user-facing error). */\nexport class InvalidBaseUrlError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'InvalidBaseUrlError';\n }\n}\n\nexport interface ValidateBaseUrlOptions {\n /**\n * When true, permit any http/https host (loud opt-out). Defaults to reading\n * {@link INSECURE_BASE_URL_ENV} from the environment.\n */\n allowInsecure?: boolean;\n /** Sink for the loud opt-out warning. Defaults to stderr. */\n warn?: (msg: string) => void;\n}\n\n/** localhost / 127.0.0.1 / ::1 (URL.hostname keeps IPv6 brackets). */\nfunction isLoopbackHost(hostname: string): boolean {\n const h = hostname.toLowerCase();\n return h === 'localhost' || h === '127.0.0.1' || h === '::1' || h === '[::1]';\n}\n\nfunction insecureOptOutFromEnv(): boolean {\n const v = (process.env[INSECURE_BASE_URL_ENV] ?? '').toLowerCase();\n return v === '1' || v === 'true' || v === 'yes';\n}\n\nfunction defaultWarn(msg: string): void {\n process.stderr.write(`${msg}\\n`);\n}\n\n/**\n * Validate a base URL and return it unchanged on success. Throws\n * {@link InvalidBaseUrlError} otherwise.\n */\nexport function validateBaseUrl(rawUrl: string, opts: ValidateBaseUrlOptions = {}): string {\n let url: URL;\n try {\n url = new URL(rawUrl);\n } catch {\n throw new InvalidBaseUrlError(\n `Invalid base URL ${JSON.stringify(rawUrl)} — not a parseable absolute URL ` +\n `(expected e.g. https://api.vectros.ai).`,\n );\n }\n\n const allowInsecure = opts.allowInsecure ?? insecureOptOutFromEnv();\n const scheme = url.protocol;\n // Strip a single trailing dot (the FQDN form `api.vectros.ai.` is a legit\n // alias of the real host) so the suffix/loopback checks treat them alike.\n const host = url.hostname.toLowerCase().replace(/\\.$/, '');\n const loopback = isLoopbackHost(host);\n\n // Loud opt-out: permit any http/https host after warning. Still reject\n // non-http(s) schemes (file:, data:, etc.) — those are never a base URL.\n if (allowInsecure) {\n if (scheme !== 'https:' && scheme !== 'http:') {\n throw new InvalidBaseUrlError(\n `Refusing base URL with scheme \"${scheme}\" — only http/https are supported.`,\n );\n }\n (opts.warn ?? defaultWarn)(\n `WARNING: ${INSECURE_BASE_URL_ENV} is set — sending Vectros credentials to ` +\n `UNVALIDATED host \"${url.host}\". This bypasses the base-URL allow-list and can leak ` +\n `your Cognito bearer / st_* token. Unset it unless you are intentionally proxying ` +\n `to a trusted local endpoint.`,\n );\n return rawUrl;\n }\n\n // http:// only to loopback; https:// everywhere else.\n if (scheme === 'http:') {\n if (!loopback) {\n throw new InvalidBaseUrlError(\n `Refusing insecure http:// base URL for non-loopback host \"${url.host}\". ` +\n `Use https:// (or set ${INSECURE_BASE_URL_ENV}=1 to override for a trusted local proxy).`,\n );\n }\n return rawUrl;\n }\n if (scheme !== 'https:') {\n throw new InvalidBaseUrlError(\n `Refusing base URL with scheme \"${scheme}\" — only https:// (or http:// to localhost) is allowed.`,\n );\n }\n\n // https — host must be loopback or an official Vectros host.\n if (loopback) return rawUrl;\n if (host === ALLOWED_HOST_APEX || host.endsWith(ALLOWED_HOST_SUFFIX)) {\n return rawUrl;\n }\n\n throw new InvalidBaseUrlError(\n `Refusing base URL host \"${url.host}\" — not an official Vectros host (expected vectros.ai ` +\n `or a *.vectros.ai subdomain). Set ${INSECURE_BASE_URL_ENV}=1 to override (e.g. for a ` +\n `trusted local proxy); never point the CLI at an untrusted host while authenticated.`,\n );\n}\n","/**\n * Target environment → partner-API base URL.\n *\n * Shared by every command group (bootstrap + the verb catalog). Kept in its\n * own tiny module so the verb commands can resolve a base URL WITHOUT importing\n * the heavy interactive bootstrap machinery (`cli-bootstrap.ts`). The bootstrap\n * module re-exports {@link envToBaseUrl} + {@link CliEnv} for backward\n * compatibility (its tests import them from there).\n */\n\nimport { validateBaseUrl } from './base-url.js';\n\n/** The partner-API environment a command targets. */\nexport type CliEnv = 'staging' | 'production';\n\nexport const ENV_BASE_URLS: Record<CliEnv, string> = {\n production: 'https://api.vectros.ai',\n // NOTE: the staging host is a documented assumption — override with\n // `--base-url` or VECTROS_API_BASE_URL; verify at smoke time.\n staging: 'https://api.staging.vectros.ai',\n};\n\n/**\n * Map a {@link CliEnv} to its base URL. An explicit `override` always wins.\n *\n * The resolved URL is validated (R1 F-06a): an override that points at a\n * non-Vectros / insecure host is REJECTED before any credential is attached,\n * unless `VECTROS_ALLOW_INSECURE_BASE_URL=1` is set. This is the single\n * chokepoint both credential paths (auth-context + cli-bootstrap) flow\n * through before minting the bridge `st_*`. Throws {@link InvalidBaseUrlError}.\n */\nexport function envToBaseUrl(env: CliEnv, override?: string): string {\n return validateBaseUrl(override ?? ENV_BASE_URLS[env]);\n}\n","/**\n * Token mints — the endpoint-dependent seam of the loader.\n *\n * The dev-API mints are NOT in the partner SDK (the SDK is generated from the\n * partner OpenAPI only), so these are raw HTTP with the dev-admin's Cognito\n * bearer. The bootstrap is a TWO-TOKEN flow:\n *\n * 1. {@link mintBridgeToken} → GET /developer/cli-bootstrap-token — the NARROW\n * bootstrap token (owner-only `provisioning:c` + identity creates). The\n * loader uses it to DELIBERATELY create the blueprint's app-context\n * (cross-context) + the service principal.\n * 2. {@link mintContextToken} → GET /developer/scoped-token?context=<ctx>\n * — re-minted AFTER the context exists; wildcard but CONFINED to that one\n * context. The loader uses it for the in-context blueprint load (schemas,\n * AccessProfile, roles, the `ssk_*`, seed records).\n *\n * Response shape for BOTH: { token: \"st_…\", expiresAt }.\n *\n * SECURITY INVARIANT: both `st_*` tokens are ephemeral. Callers MUST\n * keep them in memory and NEVER persist them to disk. Only the narrow `ssk_*`\n * the loader subsequently mints is persisted.\n *\n * NOTE on {@code --use-scoped-token}: a legacy fallback for before the\n * dedicated cli-bootstrap-token route deployed.\n * It does NOT mint the `provisioning:c` capability (the scoped-token route is\n * wildcard-without-provisioning), so the deliberate cross-context app-context\n * create will 403 under it — the dedicated route is required for the bootstrap\n * token now.\n */\n\nexport const CLI_BOOTSTRAP_TOKEN_PATH = '/developer/cli-bootstrap-token';\nexport const SCOPED_TOKEN_PATH = '/developer/scoped-token';\n\n/** Default bridge-token TTL — 5 minutes (the whole bootstrap runs in seconds). */\nexport const DEFAULT_BRIDGE_TTL_SECONDS = 300;\n\nexport interface MintBridgeOptions {\n /** The dev-admin's Cognito identity bearer (VECTROS_BOOTSTRAP_TOKEN / interactive). */\n cognitoToken: string;\n /** Partner API base URL, e.g. https://api.staging.vectros.ai (no trailing slash needed). */\n apiBaseUrl: string;\n /** Bridge-token TTL in seconds. Default 300 (5 min). */\n ttlSeconds?: number;\n /** Which tenant the bootstrap token scopes to. Default 'live' (a usable production credential). */\n tenant?: 'test' | 'live';\n /** Use the general-purpose scoped-token endpoint instead of the dedicated one. */\n useScopedToken?: boolean;\n /** Injectable fetch (tests). Defaults to global fetch. */\n fetchImpl?: typeof fetch;\n}\n\nexport interface BridgeToken {\n /** The ephemeral `st_*`. NEVER persist this. */\n token: string;\n /** Unix epoch seconds the token expires at, if the endpoint returned it. */\n expiresAt?: number;\n}\n\nexport interface MintContextTokenOptions {\n /** The dev-admin's Cognito identity bearer. */\n cognitoToken: string;\n /** Partner API base URL. */\n apiBaseUrl: string;\n /** The (already-created) app-context to confine the re-minted token to. */\n contextId: string;\n /** Token TTL in seconds. Default 300 (5 min). */\n ttlSeconds?: number;\n /** Tenant the token scopes to — MUST match the bootstrap token's tenant. Default 'live'. */\n tenant?: 'test' | 'live';\n /** Injectable fetch (tests). Defaults to global fetch. */\n fetchImpl?: typeof fetch;\n}\n\nexport class BridgeMintError extends Error {\n readonly statusCode?: number;\n constructor(message: string, statusCode?: number) {\n super(message);\n this.name = 'BridgeMintError';\n this.statusCode = statusCode;\n }\n}\n\n/** The dev-API path for the selected mode. */\nexport function bridgeTokenPath(useScopedToken = false): string {\n return useScopedToken ? SCOPED_TOKEN_PATH : CLI_BOOTSTRAP_TOKEN_PATH;\n}\n\n/**\n * Shared GET-and-parse for the dev-API token mints. Throws\n * {@link BridgeMintError} on transport failure, non-2xx, non-JSON, or a body\n * without a well-shaped `st_*` token.\n */\nasync function fetchStToken(\n url: string,\n cognitoToken: string,\n fetchImpl: typeof fetch,\n pathLabel: string,\n notOkHint: (status: number) => string = () => '',\n): Promise<BridgeToken> {\n let res: Response;\n try {\n res = await fetchImpl(url, {\n method: 'GET',\n headers: { Authorization: `Bearer ${cognitoToken}` },\n });\n } catch (err) {\n throw new BridgeMintError(\n `Token mint request to ${pathLabel} failed: ${err instanceof Error ? err.message : String(err)}`,\n );\n }\n\n if (!res.ok) {\n const body = await res.text().catch(() => '');\n const hint = notOkHint(res.status);\n throw new BridgeMintError(\n `Token mint failed: HTTP ${res.status} from ${pathLabel}${hint}${body ? ` — ${body}` : ''}`,\n res.status,\n );\n }\n\n let parsed: { token?: unknown; expiresAt?: unknown };\n try {\n parsed = (await res.json()) as typeof parsed;\n } catch {\n throw new BridgeMintError(`Token mint returned a non-JSON body from ${pathLabel}`);\n }\n\n const token = typeof parsed.token === 'string' ? parsed.token : undefined;\n if (!token) {\n throw new BridgeMintError(`Token mint response from ${pathLabel} had no 'token' field`);\n }\n if (!token.startsWith('st_')) {\n throw new BridgeMintError(\n `Token mint returned an unexpected token shape (expected an st_* token)`,\n );\n }\n\n return {\n token,\n expiresAt: typeof parsed.expiresAt === 'number' ? parsed.expiresAt : undefined,\n };\n}\n\n/**\n * Mint the ephemeral, NARROW bootstrap `st_*` — owner-only\n * `provisioning:c` + identity creates, pinned to the 'default' context. Used to\n * deliberately create the blueprint's app-context (cross-context) + the service\n * principal, then the CLI re-mints a per-context token (see\n * {@link mintContextToken}) for the in-context load.\n *\n * Throws {@link BridgeMintError} on a non-2xx response (e.g. an expired Cognito\n * token → 401, or the dedicated endpoint not yet deployed → 404, in which case\n * the CLI suggests `--use-scoped-token`).\n */\nexport async function mintBridgeToken(opts: MintBridgeOptions): Promise<BridgeToken> {\n const {\n cognitoToken,\n apiBaseUrl,\n ttlSeconds = DEFAULT_BRIDGE_TTL_SECONDS,\n tenant = 'live',\n useScopedToken = false,\n fetchImpl = fetch,\n } = opts;\n\n const base = apiBaseUrl.replace(/\\/$/, '');\n const path = bridgeTokenPath(useScopedToken);\n const url = `${base}${path}?ttl=${encodeURIComponent(String(ttlSeconds))}&tenant=${encodeURIComponent(tenant)}`;\n\n return fetchStToken(url, cognitoToken, fetchImpl, path, (status) =>\n status === 404 && !useScopedToken\n ? ` (the dedicated ${CLI_BOOTSTRAP_TOKEN_PATH} endpoint may not be deployed yet — ` +\n `retry with --use-scoped-token for the fallback path)`\n : '',\n );\n}\n\n/**\n * Re-mint a per-context `st_*` — wildcard authority CONFINED to the\n * already-created {@code contextId} (the partner-API enforces\n * confinement on it). This is the loader's second token: after the bootstrap\n * token creates the blueprint's context, the in-context load (schemas,\n * AccessProfile, roles, the `ssk_*`, seed records) runs under THIS token, so the\n * data-plane writes land in the right context.\n *\n * Always uses {@code /developer/scoped-token?context=<ctx>} — the designed\n * per-context mint (it 404s if the context doesn't exist, which is why this runs\n * AFTER the bootstrap create).\n */\nexport async function mintContextToken(opts: MintContextTokenOptions): Promise<BridgeToken> {\n const {\n cognitoToken,\n apiBaseUrl,\n contextId,\n ttlSeconds = DEFAULT_BRIDGE_TTL_SECONDS,\n tenant = 'live',\n fetchImpl = fetch,\n } = opts;\n\n const base = apiBaseUrl.replace(/\\/$/, '');\n const url =\n `${base}${SCOPED_TOKEN_PATH}?ttl=${encodeURIComponent(String(ttlSeconds))}` +\n `&tenant=${encodeURIComponent(tenant)}&context=${encodeURIComponent(contextId)}`;\n\n return fetchStToken(url, cognitoToken, fetchImpl, `${SCOPED_TOKEN_PATH}?context=${contextId}`);\n}\n","/**\n * Shared identity-resolution helper.\n *\n * The bootstrap CLI uses this to resolve the partner tenantId from the\n * extended `/v1/ping` (it binds the minted scoped key to that tenant). It\n * bypasses the SDK and reads `/v1/ping` with a raw `fetch` so it can\n * PASS THROUGH any backend-added ping fields without waiting on an SDK\n * regen: the SDK's `client.auth.ping()` returns the generated, fixed\n * `PingResponse` shape, whereas {@link IdentityShape} keeps an open\n * `[key: string]: unknown` index (see below) for graceful degradation.\n *\n * (A copy of the same helper ships in @vectros-ai/mcp-server, where the\n * `current_identity` tool + `identity` resource use it. The CLI keeps its\n * own copy rather than depend on the runtime package — the provisioning\n * CLI and the runtime are deliberately decoupled.)\n */\nimport type { Logger } from './log.js';\n\nexport interface IdentityShape {\n status: 'ok';\n environment?: 'staging' | 'production';\n principalType?: 'root_key' | 'scoped_key' | 'token';\n // Extended fields (present once backend ships extended /v1/ping):\n tenantId?: string;\n principalKeyId?: string;\n principalLabel?: string;\n allowedActions?: string[];\n dataScope?: { userId?: string; orgId?: string };\n tokenExpiresAt?: number;\n // Allow pass-through of any future backend-added fields without\n // requiring a CLI release.\n [key: string]: unknown;\n}\n\nexport function deriveEnvironment(\n environment: string | undefined,\n): 'staging' | 'production' | undefined {\n if (!environment) return undefined;\n if (environment.includes('staging')) return 'staging';\n if (environment.includes('api.vectros.ai')) return 'production';\n return undefined;\n}\n\nexport function derivePrincipalType(\n apiKey: string | undefined,\n): 'root_key' | 'scoped_key' | 'token' | undefined {\n if (!apiKey) return undefined;\n const prefix = apiKey.split('_')[0];\n if (prefix === 'sk') return 'root_key';\n if (prefix === 'ssk') return 'scoped_key';\n if (prefix === 'st') return 'token';\n return undefined;\n}\n\nexport interface ResolveIdentityCtx {\n log: Logger;\n apiKey?: string;\n environment?: string;\n}\n\n/**\n * Resolve identity: raw GET /v1/ping + client-side derivation,\n * merged with extended-shape graceful-degradation semantics.\n *\n * Throws if /v1/ping returns non-2xx (auth failure or upstream).\n * Caller is responsible for wrapping into a user-facing error.\n *\n * Returns the derived-only shape when apiKey or environment is\n * missing (e.g., test mocks omit them).\n */\nexport async function resolveIdentity({\n log,\n apiKey,\n environment,\n}: ResolveIdentityCtx): Promise<IdentityShape> {\n const derived: IdentityShape = {\n status: 'ok',\n environment: deriveEnvironment(environment),\n principalType: derivePrincipalType(apiKey),\n };\n\n if (!apiKey || !environment) {\n log.debug({ component: 'identity', mode: 'derived-only' }, 'identity derived (no fetch)');\n return derived;\n }\n\n const url = `${environment.replace(/\\/$/, '')}/v1/ping`;\n const res = await fetch(url, {\n headers: { Authorization: `Bearer ${apiKey}` },\n });\n\n if (!res.ok) {\n const body = await res.text().catch(() => '');\n const e = new Error(`HTTP ${res.status}: ${body || res.statusText}`) as Error & {\n statusCode: number;\n };\n e.statusCode = res.status;\n throw e;\n }\n\n // Parse body if any. Old endpoint returns empty body; extended\n // endpoint returns identity JSON.\n let extended: Record<string, unknown> = {};\n const rawBody = await res.text();\n if (rawBody.trim().length > 0) {\n try {\n extended = JSON.parse(rawBody) as Record<string, unknown>;\n } catch {\n log.debug(\n { component: 'identity', rawBodyLen: rawBody.length },\n 'identity: ping body not JSON, using derived shape only',\n );\n }\n }\n\n // Merge derived + extended. Extended fields override derived\n // (backend is authoritative once it ships them).\n const merged: IdentityShape = { ...derived, ...extended, status: 'ok' };\n\n log.debug(\n {\n component: 'identity',\n mode: rawBody.trim().length > 0 ? 'extended' : 'derived',\n fields: Object.keys(merged),\n },\n 'identity resolved',\n );\n\n return merged;\n}\n","/**\n * Login-session storage + token exchanges for `vectros login`.\n *\n * After PKCE, the Cognito **refresh token** is persisted (so subsequent commands\n * re-mint an access token without re-prompting); the short-lived access/id token\n * is never persisted. V1 stores it in a 0600 file under `~/.vectros` — the same\n * tier the bootstrap key uses. (A future revision targets the OS keychain; that's a\n * best-effort follow-up — a native dep would complicate the bundled public CLI.)\n *\n * The two network exchanges (code→tokens, refresh→tokens) take an injectable\n * fetch so they're unit-tested without hitting Cognito.\n */\nimport { mkdir, readFile, writeFile, rm } from 'node:fs/promises';\nimport { homedir } from 'node:os';\nimport { join } from 'node:path';\nimport type { CliEnv } from './env.js';\nimport type { CognitoConfig } from './cognito-config.js';\nimport {\n tokenEndpoint,\n buildCodeExchangeBody,\n buildRefreshBody,\n type TokenSet,\n} from './pkce.js';\n\n/** The persisted login session (refresh token + which env it belongs to). */\nexport interface StoredSession {\n env: CliEnv;\n refreshToken: string;\n /** Unix epoch seconds the session was obtained (informational). */\n obtainedAt?: number;\n}\n\nconst DIR_NAME = '.vectros';\nconst FILE_NAME = 'cli-auth.json';\n\n/** The session file path (override the base dir in tests). */\nexport function sessionPath(baseDir?: string): string {\n return join(baseDir ?? join(homedir(), DIR_NAME), FILE_NAME);\n}\n\n/** Persist the login session as a 0600 file in a 0700 dir. */\nexport async function saveSession(session: StoredSession, baseDir?: string): Promise<void> {\n const dir = baseDir ?? join(homedir(), DIR_NAME);\n await mkdir(dir, { recursive: true, mode: 0o700 });\n await writeFile(sessionPath(baseDir), JSON.stringify(session, null, 2), { encoding: 'utf8', mode: 0o600 });\n}\n\n/** Read the stored session, or undefined if none / unreadable / malformed. */\nexport async function readSession(baseDir?: string): Promise<StoredSession | undefined> {\n let raw: string;\n try {\n raw = await readFile(sessionPath(baseDir), 'utf8');\n } catch {\n return undefined;\n }\n try {\n const parsed = JSON.parse(raw) as Partial<StoredSession>;\n // Validate `env` against the known set — a hand-edited file with a bogus or\n // mismatched env must not be trusted by the same-env guard downstream.\n const envOk = parsed.env === 'staging' || parsed.env === 'production';\n if (typeof parsed.refreshToken === 'string' && envOk) {\n return { env: parsed.env as CliEnv, refreshToken: parsed.refreshToken, obtainedAt: parsed.obtainedAt };\n }\n } catch {\n /* fall through */\n }\n return undefined;\n}\n\n/** Remove the stored session (`vectros logout`). Returns true if a file was removed. */\nexport async function clearSession(baseDir?: string): Promise<boolean> {\n try {\n await rm(sessionPath(baseDir));\n return true;\n } catch {\n return false;\n }\n}\n\n/** POST the token endpoint with a form body; throw on non-2xx / non-JSON. */\nasync function postToken(\n config: CognitoConfig,\n body: URLSearchParams,\n fetchImpl: typeof fetch,\n): Promise<TokenSet> {\n const res = await fetchImpl(tokenEndpoint(config), {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: body.toString(),\n });\n const text = await res.text().catch(() => '');\n if (!res.ok) {\n throw new Error(`token endpoint HTTP ${res.status}${text ? ` — ${text}` : ''}`);\n }\n try {\n return JSON.parse(text) as TokenSet;\n } catch {\n throw new Error('token endpoint returned a non-JSON body');\n }\n}\n\n/** Exchange an authorization code (+ PKCE verifier) for the token set. */\nexport async function exchangeCode(\n config: CognitoConfig,\n params: { code: string; redirectUri: string; verifier: string },\n fetchImpl: typeof fetch = fetch,\n): Promise<TokenSet> {\n return postToken(config, buildCodeExchangeBody(config, params), fetchImpl);\n}\n\n/** Exchange a refresh token for a fresh access/id token (no new refresh token). */\nexport async function refreshTokens(\n config: CognitoConfig,\n refreshToken: string,\n fetchImpl: typeof fetch = fetch,\n): Promise<TokenSet> {\n return postToken(config, buildRefreshBody(config, refreshToken), fetchImpl);\n}\n","/**\n * PKCE (RFC 7636) + OAuth authorization-code helpers for `vectros login`.\n *\n * Pure, side-effect-free string/crypto functions — the testable core of the\n * login flow. The interactive orchestration (loopback server + browser open)\n * lives in commands/login.ts and composes these.\n */\nimport { createHash, randomBytes } from 'node:crypto';\nimport type { CognitoConfig } from './cognito-config.js';\nimport { OAUTH_SCOPES } from './cognito-config.js';\n\n/** base64url (no padding) per RFC 7636 §A. */\nfunction base64url(buf: Buffer): string {\n return buf.toString('base64').replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}\n\nexport interface PkcePair {\n /** The high-entropy secret kept in memory; sent on the token exchange. */\n verifier: string;\n /** S256 hash of the verifier; sent on the authorize request. */\n challenge: string;\n}\n\n/** Generate a PKCE verifier + S256 challenge (43–128 char verifier per spec). */\nexport function generatePkce(): PkcePair {\n const verifier = base64url(randomBytes(32)); // 32 bytes → 43 chars\n const challenge = base64url(createHash('sha256').update(verifier).digest());\n return { verifier, challenge };\n}\n\n/** A random opaque `state` to bind the callback to this request (CSRF guard). */\nexport function generateState(): string {\n return base64url(randomBytes(16));\n}\n\n/** Build the Cognito hosted-UI authorize URL (response_type=code + PKCE S256). */\nexport function buildAuthorizeUrl(\n config: CognitoConfig,\n params: { redirectUri: string; challenge: string; state: string },\n): string {\n const q = new URLSearchParams({\n response_type: 'code',\n client_id: config.clientId,\n redirect_uri: params.redirectUri,\n scope: OAUTH_SCOPES.join(' '),\n state: params.state,\n code_challenge: params.challenge,\n code_challenge_method: 'S256',\n });\n return `${config.domain}/oauth2/authorize?${q.toString()}`;\n}\n\n/** The Cognito token endpoint. */\nexport function tokenEndpoint(config: CognitoConfig): string {\n return `${config.domain}/oauth2/token`;\n}\n\n/** Form body for the authorization-code → tokens exchange (public client: no secret). */\nexport function buildCodeExchangeBody(\n config: CognitoConfig,\n params: { code: string; redirectUri: string; verifier: string },\n): URLSearchParams {\n return new URLSearchParams({\n grant_type: 'authorization_code',\n client_id: config.clientId,\n code: params.code,\n redirect_uri: params.redirectUri,\n code_verifier: params.verifier,\n });\n}\n\n/** Form body for the refresh-token → fresh tokens exchange. */\nexport function buildRefreshBody(config: CognitoConfig, refreshToken: string): URLSearchParams {\n return new URLSearchParams({\n grant_type: 'refresh_token',\n client_id: config.clientId,\n refresh_token: refreshToken,\n });\n}\n\nexport interface CallbackParams {\n code?: string;\n state?: string;\n error?: string;\n errorDescription?: string;\n}\n\n/** Parse the loopback callback request URL's query into code/state/error. */\nexport function parseCallback(requestUrl: string): CallbackParams {\n // requestUrl is the server-relative path+query, e.g. \"/callback?code=..&state=..\".\n const url = new URL(requestUrl, 'http://localhost');\n return {\n code: url.searchParams.get('code') ?? undefined,\n state: url.searchParams.get('state') ?? undefined,\n error: url.searchParams.get('error') ?? undefined,\n errorDescription: url.searchParams.get('error_description') ?? undefined,\n };\n}\n\n/** The Cognito token-endpoint success shape (the fields the CLI consumes). */\nexport interface TokenSet {\n access_token?: string;\n id_token?: string;\n refresh_token?: string;\n expires_in?: number;\n token_type?: string;\n}\n","/**\n * Cognito OAuth config for `vectros login` (the developer user pool's CLI app\n * client).\n *\n * The hosted-UI domain is deterministic per environment (the CFN domain prefix);\n * the **client id is a post-deploy value** (CFN output / SSM\n * `DeveloperUserPoolCliClientId`). It is a PUBLIC value — a Cognito app-client\n * id rides in every browser authorize URL and carries no secret — so baking it\n * per-environment is safe and standard (the SPAs do the same). Until it's baked\n * (or a partner-API discovery endpoint lands — the proper long-term source),\n * supply it via `VECTROS_COGNITO_CLIENT_ID`.\n *\n * Resolution precedence (each field): explicit env var → baked per-env default.\n */\nimport type { CliEnv } from './env.js';\n\nexport interface CognitoConfig {\n /** Hosted-UI base URL, e.g. https://vectros-developer-staging.auth.us-east-1.amazoncognito.com */\n domain: string;\n /** The public CLI app-client id. */\n clientId: string;\n region: string;\n}\n\n/** Deterministic per-env pieces (the CFN domain prefix + region). */\nconst PER_ENV: Record<CliEnv, { domainPrefix: string; region: string }> = {\n staging: { domainPrefix: 'vectros-developer-staging', region: 'us-east-1' },\n production: { domainPrefix: 'vectros-developer', region: 'us-east-1' },\n};\n\n/**\n * Baked public client ids (the developer-pool CLI app client, published at SSM\n * `/vectros/cli/client-id`). These are PUBLIC — a Cognito app-client id rides in\n * every browser authorize URL — so baking them is safe. Override any env with\n * `VECTROS_COGNITO_CLIENT_ID`. Both envs are baked from their deployed SSM\n * `/vectros/cli/client-id`; a partner-API discovery endpoint is a possible\n * long-term replacement (these bakes would then become the fallback).\n */\nconst BAKED_CLIENT_IDS: Partial<Record<CliEnv, string>> = {\n staging: '61hjvm25kkjb1eei8t2d3jkcl8', // validated against deployed staging hosted UI (2026-06-05)\n production: '63eipeedjv78q653k45niih46f', // prod SSM /vectros/cli/client-id (validated 2026-06-24)\n};\n\n/** Raised when no client id can be resolved (not baked, no env override). */\nexport class MissingCognitoClientIdError extends Error {\n constructor(env: CliEnv) {\n super(\n `No Cognito client id for '${env}'. Set VECTROS_COGNITO_CLIENT_ID ` +\n `(the public DeveloperUserPoolCliClientId from the deploy) — baking + a discovery ` +\n `endpoint are tracked follow-ups.`,\n );\n this.name = 'MissingCognitoClientIdError';\n }\n}\n\n/** Resolve the full Cognito config for an environment (env overrides beat bakes). */\nexport function resolveCognitoConfig(env: CliEnv): CognitoConfig {\n const per = PER_ENV[env];\n const region = process.env.VECTROS_COGNITO_REGION ?? per.region;\n const domain =\n process.env.VECTROS_COGNITO_DOMAIN ?? `https://${per.domainPrefix}.auth.${region}.amazoncognito.com`;\n const clientId = process.env.VECTROS_COGNITO_CLIENT_ID ?? BAKED_CLIENT_IDS[env];\n if (!clientId) throw new MissingCognitoClientIdError(env);\n return { domain: domain.replace(/\\/$/, ''), clientId, region };\n}\n\n/** The loopback redirect ports registered on the CLI app client (CFN contract). */\nexport const LOOPBACK_PORTS = [8976, 8977, 8978] as const;\n\n/** The OAuth scopes the CLI requests (must be a subset of the app client's AllowedOAuthScopes). */\nexport const OAUTH_SCOPES = ['openid', 'email', 'profile'] as const;\n\n/** The loopback redirect URI for a chosen port (path is fixed by the CFN CallbackURLs). */\nexport function redirectUriFor(port: number): string {\n return `http://localhost:${port}/callback`;\n}\n","/**\n * The shared authentication seam for every creds-bearing verb.\n *\n * The verb catalog (`whoami`, `identity`, `access`, `key`, `context`,\n * `destroy`, `pull`, `blueprint install`) all authenticate the SAME way the\n * `bootstrap` command does (design § \"the two-plane token bridge\"):\n *\n * resolve a Cognito bearer (env VECTROS_BOOTSTRAP_TOKEN | --token | `login`)\n * → mint an ephemeral WILDCARD st_* via the bridge (bridge.ts; in-memory)\n * → construct the partner {@link VectrosClient} with that st_*\n * → resolve the caller's identity (tenantId/environment) via /v1/ping\n *\n * Centralising it here means a verb command never re-implements auth — it asks\n * for an {@link AuthContext} and gets a ready client + the resolved identity.\n *\n * SECURITY INVARIANT: the bridged `st_*` is wildcard + ephemeral.\n * It lives ONLY in the returned {@link AuthContext} in memory and is NEVER\n * persisted. (Only narrow `ssk_*` keys a verb subsequently mints get stored.)\n *\n * `vectros login` (PKCE) will, when it lands, replace the *source* of the\n * Cognito bearer (a keychain-stored refresh token re-minting an access token\n * per command) — it plugs into {@link resolveCognitoToken} without changing\n * anything downstream.\n */\nimport { VectrosClient } from '@vectros-ai/sdk';\nimport { mintBridgeToken, mintContextToken } from './bridge.js';\nimport { resolveIdentity, type IdentityShape } from './identity.js';\nimport { envToBaseUrl, type CliEnv } from './env.js';\nimport { readSession, refreshTokens } from './auth-store.js';\nimport { resolveCognitoConfig } from './cognito-config.js';\nimport type { Logger } from './log.js';\n\n/** The Cognito bearer is read from this env var (same one `bootstrap` uses). */\nexport const COGNITO_TOKEN_ENV = 'VECTROS_BOOTSTRAP_TOKEN';\n\n/** Options shared by every creds-bearing verb, mapped from common CLI flags. */\nexport interface AuthContextOptions {\n /** Target environment (default 'production'). */\n env: CliEnv;\n /** Explicit base-URL override (beats env→URL mapping + VECTROS_API_BASE_URL). */\n baseUrl?: string;\n /** Cognito bearer override (`--token`); else read from the env var. */\n token?: string;\n /**\n * The app-context this verb operates in (its `--context` flag). The verb token\n * is a scoped st_* PINNED to this context (default 'default') so an in-context\n * operation is authorized — the platform enforces the context axis on\n * profiles/roles/records/schemas, so a default-pinned token 403s on another\n * context. Ignored when `provisioning` is set.\n */\n context?: string;\n /**\n * Mint the NARROW provisioning bootstrap st_* instead of a context-pinned\n * scoped token. For the verbs that CREATE an app-context — cross-context\n * provisioning the scoped token lacks: `bootstrap`, `blueprint-test`,\n * `context create`. They re-mint a per-context token for any in-context work.\n */\n provisioning?: boolean;\n /** @deprecated the scoped token is now the default verb token; this flag is a no-op. */\n useScopedToken?: boolean;\n log: Logger;\n}\n\n/** A ready-to-use, authenticated partner-API session for a verb command. */\nexport interface AuthContext {\n /** The partner client, bearing the ephemeral wildcard st_*. */\n client: VectrosClient;\n /** The wildcard st_* bearer. In-memory only — NEVER persist. */\n bearer: string;\n /**\n * The developer-pool Cognito bearer the bridge st_* was minted FROM. Kept so a\n * verb can re-mint a DIFFERENT st_* (e.g. a per-context token for the two-token\n * bootstrap) without re-prompting. In-memory only — NEVER persist.\n */\n cognitoToken: string;\n /** The resolved partner-API base URL. */\n baseUrl: string;\n /** The resolved target environment. */\n env: CliEnv;\n /** The caller identity from /v1/ping (tenantId, environment, principalType…). */\n identity: IdentityShape;\n /** The partner tenant id, when /v1/ping resolved it (the extended ping). */\n tenantId?: string;\n}\n\n/** Raised when no Cognito bearer can be resolved (no env var, no `--token`). */\nexport class MissingCredentialError extends Error {\n constructor() {\n super(\n `No credential found. Set ${COGNITO_TOKEN_ENV} or pass --token ` +\n `(generate a token in the developer portal, or run \\`vectros login\\` once it ships).`,\n );\n this.name = 'MissingCredentialError';\n }\n}\n\n/**\n * Resolve the Cognito bearer from the SYNCHRONOUS sources: explicit `--token`\n * first, else the env var. Returns undefined when neither is present (the caller\n * then tries the stored `vectros login` session, which is async).\n */\nexport function resolveCognitoTokenSync(explicit?: string): string | undefined {\n if (explicit && explicit.trim()) return explicit.trim();\n const fromEnv = process.env[COGNITO_TOKEN_ENV];\n if (fromEnv && fromEnv.trim()) return fromEnv.trim();\n return undefined;\n}\n\n/**\n * Resolve a Cognito bearer for `env`: `--token`/env var, else a fresh token\n * re-minted from the stored `vectros login` session (refresh-token grant). The\n * stored session must belong to the SAME environment (a staging login can't\n * authorize a production call). Throws {@link MissingCredentialError} if nothing\n * yields a bearer.\n */\nexport async function resolveCognitoToken(env: CliEnv, explicit?: string): Promise<string> {\n const sync = resolveCognitoTokenSync(explicit);\n if (sync) return sync;\n\n const session = await readSession();\n if (session && session.env === env) {\n const config = resolveCognitoConfig(env);\n const tokens = await refreshTokens(config, session.refreshToken);\n // The bridge endpoint authorizes on the Cognito ID token; fall back\n // to the access token (also a pool-signed JWT) if the id token is absent.\n const bearer = tokens.id_token ?? tokens.access_token;\n if (bearer) return bearer;\n }\n throw new MissingCredentialError();\n}\n\n/**\n * Build an authenticated {@link AuthContext} for a verb command: resolve the\n * Cognito bearer → mint the bridge st_* → construct the client → resolve\n * identity. Throws on a missing credential, a bridge-mint failure, or a\n * /v1/ping auth failure (the caller maps the error to a user-facing message).\n */\nexport async function resolveAuthContext(opts: AuthContextOptions): Promise<AuthContext> {\n const baseUrl = envToBaseUrl(opts.env, opts.baseUrl ?? process.env.VECTROS_API_BASE_URL);\n const cognitoToken = await resolveCognitoToken(opts.env, opts.token);\n\n // The verb token. Context-OPERATING verbs get a scoped st_* pinned to their\n // --context: the CLI predates app-contexts and assumed one wildcard token, but\n // app-contexts split authority per context, so an in-context op needs a context-pinned\n // token (a default-pinned one 403s on another context). Context-CREATING verbs\n // (`provisioning`) get the narrow bootstrap st_* — the scoped token cannot\n // create a new app-context — then re-mint a per-context token for in-context work.\n const bridge = opts.provisioning\n ? await mintBridgeToken({ cognitoToken, apiBaseUrl: baseUrl })\n : await mintContextToken({ cognitoToken, apiBaseUrl: baseUrl, contextId: opts.context ?? 'default' });\n\n const client = new VectrosClient({ token: bridge.token, environment: baseUrl });\n const identity = await resolveIdentity({ log: opts.log, apiKey: bridge.token, environment: baseUrl });\n\n return {\n client,\n bearer: bridge.token,\n cognitoToken,\n baseUrl,\n env: opts.env,\n identity,\n tenantId: typeof identity.tenantId === 'string' ? identity.tenantId : undefined,\n };\n}\n","/**\n * Loading a blueprint from a local file — the \"copy & own\" path.\n *\n * `--blueprint <file>` (and `vectros blueprint validate <file>`) accept a\n * path to a blueprint the author wrote or forked, instead of a bundled name.\n * This adds **no new trust surface**: a file blueprint flows through the exact\n * same structural parse + scope gate (`validateBlueprint`, the trust\n * boundary) that a bundled one does. The binary is the trust boundary, not the\n * file.\n *\n * YAML **or** JSON. YAML is the friendlier authoring format (comments, no\n * brace-noise); both funnel through the SAME `parseBlueprint` structural\n * validation. YAML parsing lives HERE in the CLI (the `yaml` dep is external\n * to the bundle — npx resolves it, no bundle bloat); the\n * `@vectros-ai/blueprints` package stays YAML-free (typed TS + JSON), so the\n * bundled library keeps compile-time safety and zero parser deps.\n *\n * Variable substitution (spec `blueprint-variable-substitution`): if the file\n * declares a top-level `inputs:` block / uses `${{ … }}` tokens, they are\n * resolved HERE (against `--set`/`--values`) by `resolveBlueprintInputs` BEFORE\n * `parseBlueprint` — so the typed Blueprint + the scope gate see the resolved\n * document. The resolver is pure (lives in @vectros-ai/blueprints); this file\n * owns the value IO (`--set`/`--values`).\n */\nimport { readFile } from 'node:fs/promises';\nimport { extname } from 'node:path';\nimport { parse as parseYaml, YAMLParseError } from 'yaml';\nimport {\n parseBlueprint,\n resolveBlueprintInputs,\n BlueprintValidationError,\n type Blueprint,\n} from '@vectros-ai/blueprints';\n\n/**\n * Heuristic: does this `--blueprint` value name a FILE rather than a bundled\n * blueprint? True if it contains a path separator, a relative-path prefix, or\n * a known blueprint-file extension. Bundled names are validated lowercase\n * alnum-dash (e.g. `task-management`) so they can never collide with these.\n */\nexport function looksLikePath(value: string): boolean {\n return (\n value.includes('/') ||\n value.includes('\\\\') ||\n value.startsWith('./') ||\n value.startsWith('../') ||\n /\\.(json|ya?ml)$/i.test(value)\n );\n}\n\n/** Parse a raw blueprint document (YAML or JSON) into an untyped tree. Chosen by\n * extension: `.yaml`/`.yml` → YAML; everything else (`.json`/extensionless) → JSON. */\nfunction parseDocument(raw: string, filePath: string): unknown {\n const ext = extname(filePath).toLowerCase();\n if (ext === '.yaml' || ext === '.yml') {\n try {\n return parseYaml(raw);\n } catch (err) {\n if (err instanceof YAMLParseError) {\n throw new Error(`Blueprint YAML is invalid in '${filePath}': ${err.message}`);\n }\n throw err;\n }\n }\n try {\n return JSON.parse(raw);\n } catch (err) {\n throw new BlueprintValidationError(\n `Blueprint is not valid JSON in '${filePath}': ${err instanceof Error ? err.message : String(err)}`,\n );\n }\n}\n\n/**\n * Read + structurally parse a blueprint file (YAML or JSON). Returns the\n * validated {@link Blueprint} (structural only — the caller still runs the\n * scope gate via `validateBlueprint`). Throws a teaching error on an\n * unreadable file or a YAML syntax error, a {@link BlueprintInputError} on a\n * variable-resolution problem, or a `BlueprintValidationError` (with `.issues`)\n * on a malformed shape.\n *\n * `supplied` carries install-time variable values (the merged `--set`/`--values`\n * map). When the document declares no `inputs:` and uses no `${{ … }}` tokens,\n * resolution is a structural no-op (back-compat).\n */\nexport async function loadBlueprintFile(\n filePath: string,\n supplied: Record<string, unknown> = {},\n): Promise<Blueprint> {\n let raw: string;\n try {\n raw = await readFile(filePath, 'utf8');\n } catch (err) {\n const msg = err instanceof Error ? err.message : String(err);\n throw new Error(`Cannot read blueprint file '${filePath}': ${msg}`);\n }\n\n const parsed = parseDocument(raw, filePath);\n // Resolve `${{ … }}` (inputs + vectros.*) and strip the `inputs:` block BEFORE\n // structural validation. Throws BlueprintInputError on a resolution problem.\n const resolved = resolveBlueprintInputs(parsed, supplied);\n // Structural (zod) validation; throws BlueprintValidationError (with .issues).\n return parseBlueprint(resolved);\n}\n\n/**\n * Parse repeatable `--set name=value` flags into a value map. The value is\n * everything after the FIRST `=` (so `--set a=x=y` ⇒ `{a: 'x=y'}`). Later\n * occurrences of the same name win. Throws a teaching error on a malformed flag.\n */\nexport function parseSetFlags(setFlags: readonly string[]): Record<string, string> {\n const out: Record<string, string> = {};\n for (const s of setFlags) {\n const eq = s.indexOf('=');\n if (eq <= 0) {\n throw new Error(`Invalid --set '${s}': expected name=value (e.g. --set companyName=Acme).`);\n }\n out[s.slice(0, eq)] = s.slice(eq + 1);\n }\n return out;\n}\n\n/**\n * Read + parse a `--values <file>` (YAML or JSON) into a value map. Must be a\n * flat object of name → scalar. Throws a teaching error on an unreadable file,\n * a parse error, or a non-object / nested shape.\n */\nexport async function loadValuesFile(filePath: string): Promise<Record<string, unknown>> {\n let raw: string;\n try {\n raw = await readFile(filePath, 'utf8');\n } catch (err) {\n throw new Error(`Cannot read --values file '${filePath}': ${err instanceof Error ? err.message : String(err)}`);\n }\n const parsed = parseDocument(raw, filePath);\n if (parsed === null || typeof parsed !== 'object' || Array.isArray(parsed)) {\n throw new Error(`--values file '${filePath}' must be a map of name: value pairs.`);\n }\n return parsed as Record<string, unknown>;\n}\n\n/**\n * Build the merged install-time value map from `--values` (read first) then\n * `--set` (overrides). Precedence: `--set` > `--values` > the declared\n * `default` (the default is applied later, by the resolver).\n */\nexport async function buildInputSupply(\n setFlags: readonly string[],\n valuesFile?: string,\n): Promise<Record<string, unknown>> {\n const supplied: Record<string, unknown> = {};\n if (valuesFile) Object.assign(supplied, await loadValuesFile(valuesFile));\n Object.assign(supplied, parseSetFlags(setFlags)); // --set wins\n return supplied;\n}\n","/**\n * Scope gate — the trust boundary of the bootstrap loader.\n *\n * This module is the single most security-critical piece of the v0.3\n * bootstrap CLI. Per the design doc § \"Trust model\":\n *\n * The use-case \"pack\" JSON is UNTRUSTED input — it may be agent-authored\n * or community-distributed. The loader runs under a WILDCARD bridge\n * token (`st_*` with OWNER scope). If the loader minted whatever scope\n * the pack declared, a malicious pack could request `[\"*\"]` or `keys:c`\n * and walk away with a root-equivalent credential — a confused-deputy\n * privilege escalation. \"Least privilege by construction\" is false\n * comfort when the untrusted party constructs the privileges.\n *\n * THE TRUST BOUNDARY IS THIS BINARY, NOT THE PACK. The loader refuses\n * to mint anything outside a hardcoded DATA-PLANE allowlist. Any\n * control-plane scope (keys/profiles/app-contexts/users/billing/admin)\n * or wildcard (\"*\") hard-rejects: the loader mints nothing and exits\n * non-zero. There is intentionally NO override flag — a human who\n * genuinely needs a control-plane scoped key does it deliberately in\n * the developer portal, never via an agent-drivable loader.\n *\n * Scope-token grammar (authoritative source: the platform's TokenScope model):\n *\n * resource:operations[:qualifier...]\n * - delimiter is ':'\n * - operations are single-char verbs c|r|u|d, COMBINABLE\n * (e.g. \"records:cru\" = create+read+update on records)\n * - \"*\" alone = full wildcard (root-equivalent) — REJECTED here\n * - \"resource:*\" = all operations on that resource — accepted IFF\n * the resource is data-plane (the wildcard only spans ops, so it\n * stays within the data plane)\n * - an optional qualifier tail (e.g. \"records:r:intake_form\") only\n * NARROWS access; it never widens the data-plane/control-plane\n * decision, so the gate ignores it for accept/reject purposes\n *\n * Scope of responsibility: this gate enforces the DATA-PLANE vs\n * CONTROL-PLANE boundary only. It deliberately does NOT validate that a\n * given operation is meaningful for a resource (e.g. \"search:c\" is\n * data-plane and passes the gate even though search is read-only) — the\n * backend is the authority on operation-resource validity. Keeping the\n * gate focused on the security boundary keeps it auditable.\n */\n\n/**\n * The ONLY resources the bootstrap loader will mint a scoped key for.\n * These map 1:1 to the MCP runtime tools' needs (records/schemas/search/\n * documents/folders + inference for rag_ask/document_ask).\n *\n * FAIL-CLOSED: anything not in this set is rejected — including unknown\n * or future resources. When the partner API gains a new data-plane\n * resource that packs legitimately need, this list must be widened\n * DELIBERATELY (update the design doc's \"maintenance point\" consequence\n * when you do). The friction is the intended bias.\n */\nexport const DATA_PLANE_ALLOWLIST = [\n 'records',\n 'schemas',\n 'search',\n 'documents',\n 'folders',\n 'inference',\n] as const;\nexport type DataPlaneResource = (typeof DATA_PLANE_ALLOWLIST)[number];\n\n/**\n * Known control-plane resources. Enumerated ONLY to produce a precise\n * error message (\"control-plane scope\") instead of the generic\n * \"unrecognized resource\". The gate's CORRECTNESS does not depend on\n * this list — the data-plane allowlist above is the sole arbiter, and\n * any resource not on it (whether listed here or not) hard-rejects.\n */\nexport const KNOWN_CONTROL_PLANE_RESOURCES = [\n 'keys',\n 'profiles',\n 'app-contexts',\n 'users',\n 'billing',\n 'admin',\n 'clients',\n 'orgs',\n] as const;\n\nconst VALID_OPS = new Set(['c', 'r', 'u', 'd']);\n\nconst DATA_PLANE_SET: ReadonlySet<string> = new Set(DATA_PLANE_ALLOWLIST);\nconst CONTROL_PLANE_SET: ReadonlySet<string> = new Set(KNOWN_CONTROL_PLANE_RESOURCES);\n\n/** A human-readable list of the data-plane resources, for error messages. */\nconst ALLOWLIST_HINT = DATA_PLANE_ALLOWLIST.join('/');\n\nexport interface ScopeRejection {\n /** The offending scope token, verbatim (as it appeared in the pack). */\n action: string;\n /** Human-readable explanation suitable for printing to the terminal. */\n reason: string;\n}\n\nexport interface ScopeGateResult {\n /** True iff every action passed the gate. */\n ok: boolean;\n /** Actions that passed, verbatim. */\n accepted: string[];\n /** Actions that failed, with reasons. Empty iff `ok`. */\n rejected: ScopeRejection[];\n}\n\n/**\n * Thrown by {@link assertScopeGate} when a pack requests any scope the\n * gate refuses. Carries the structured rejections so the CLI can print\n * each offending token + reason, then exit non-zero having minted\n * nothing.\n */\nexport class ScopeGateError extends Error {\n readonly rejected: ScopeRejection[];\n constructor(rejected: ScopeRejection[]) {\n const summary = rejected.map((r) => ` • ${r.action}: ${r.reason}`).join('\\n');\n super(\n `Scope gate rejected ${rejected.length} requested scope(s); ` +\n `the bootstrap loader provisions data-plane access only ` +\n `(${ALLOWLIST_HINT}) and mints nothing on reject:\\n${summary}`,\n );\n this.name = 'ScopeGateError';\n this.rejected = rejected;\n }\n}\n\n/**\n * Evaluate a single scope token against the gate.\n *\n * @returns `null` if the token is accepted (data-plane), otherwise a\n * {@link ScopeRejection} describing why it was refused.\n */\nexport function evaluateScopeToken(action: string): ScopeRejection | null {\n const token = action.trim();\n\n if (token.length === 0) {\n return { action, reason: 'empty scope token' };\n }\n\n // Full wildcard is root-equivalent — the single most dangerous token.\n if (token === '*') {\n return {\n action,\n reason: \"full wildcard '*' grants root-equivalent access\",\n };\n }\n\n const parts = token.split(':');\n const resource = parts[0];\n const ops = parts[1];\n\n // Minimum well-formed token is \"resource:operations\".\n if (parts.length < 2 || resource.length === 0 || ops === undefined || ops.length === 0) {\n return {\n action,\n reason: `malformed scope token (expected 'resource:operations', e.g. 'records:r')`,\n };\n }\n\n // The resource decides the data-plane/control-plane boundary.\n if (!DATA_PLANE_SET.has(resource)) {\n if (CONTROL_PLANE_SET.has(resource)) {\n return {\n action,\n reason:\n `requests control-plane scope on '${resource}'. Control-plane ` +\n `provisioning (keys/profiles/users/billing/admin/…) must be done ` +\n `deliberately in the developer portal, never via the bootstrap loader`,\n };\n }\n return {\n action,\n reason:\n `requests scope on unrecognized resource '${resource}'. The loader ` +\n `only provisions data-plane access (${ALLOWLIST_HINT}). If '${resource}' ` +\n `is a new data-plane resource, the loader's allowlist must be widened deliberately`,\n };\n }\n\n // Resource is data-plane. \"resource:*\" stays data-plane (the wildcard\n // only spans operations) → accept. A literal \"*\" was already handled\n // above, so here \"*\" can only mean \"all ops on this data-plane resource\".\n if (ops === '*') {\n return null;\n }\n\n // Validate the operation characters. Anything outside c/r/u/d is\n // malformed — reject rather than guess.\n for (const ch of ops) {\n if (!VALID_OPS.has(ch)) {\n return {\n action,\n reason: `invalid operation character '${ch}' (valid operations are c, r, u, d, or '*')`,\n };\n }\n }\n\n // Qualifier tail (parts[2..]) only narrows access; nothing more to check.\n return null;\n}\n\n/**\n * Evaluate a pack's full `allowedActions` list against the gate.\n *\n * Pure function — does not throw. Use {@link assertScopeGate} for the\n * fail-fast variant the CLI relies on.\n */\nexport function evaluateScopeGate(allowedActions: readonly string[]): ScopeGateResult {\n const accepted: string[] = [];\n const rejected: ScopeRejection[] = [];\n for (const action of allowedActions) {\n const rejection = evaluateScopeToken(action);\n if (rejection) {\n rejected.push(rejection);\n } else {\n accepted.push(action);\n }\n }\n return { ok: rejected.length === 0, accepted, rejected };\n}\n\n/**\n * Fail-fast gate check. Throws {@link ScopeGateError} (carrying every\n * rejection) if ANY requested action is outside the data-plane allowlist.\n * The CLI calls this BEFORE minting anything — on throw, it prints the\n * rejections and exits non-zero having created no AccessProfile or key.\n */\nexport function assertScopeGate(allowedActions: readonly string[]): void {\n const result = evaluateScopeGate(allowedActions);\n if (!result.ok) {\n throw new ScopeGateError(result.rejected);\n }\n}\n","/**\n * Per-machine identity + local scoped-key persistence.\n *\n * Implements the multi-machine rotation fix: the scoped key's name is\n * `<pack>-<stable-machine-id>`, so every machine gets its own\n * independently-rotatable `ssk_*` bound to ONE shared idempotent\n * AccessProfile. Rotating machine A's key never touches machine B's.\n *\n * The machine id is a random UUID persisted at `~/.vectros/machine-id` on\n * first run (hostname is a weaker fallback if the file can't be written).\n * The raw `ssk_*` — disclosed only once, on the first 201 — is persisted\n * at `~/.vectros/<pack>.key`; a same-machine re-run (key 200, no\n * re-disclosure) reads it back from there.\n */\nimport { promises as fs } from 'node:fs';\nimport os from 'node:os';\nimport path from 'node:path';\nimport { randomUUID } from 'node:crypto';\n\n/** The `~/.vectros` directory holding machine id + persisted keys. */\nexport function vectrosHomeDir(homedir: string = os.homedir()): string {\n return path.join(homedir, '.vectros');\n}\n\n/**\n * Resolve this machine's stable id, creating + persisting one on first\n * run. Falls back to the hostname if `~/.vectros/machine-id` can't be\n * written (read-only home, etc.) — weaker but keeps the loader working.\n */\nexport async function resolveMachineId(dir: string = vectrosHomeDir()): Promise<string> {\n const idPath = path.join(dir, 'machine-id');\n try {\n const existing = (await fs.readFile(idPath, 'utf8')).trim();\n if (existing.length > 0) return existing;\n } catch {\n // fall through to create\n }\n const id = randomUUID();\n try {\n await fs.mkdir(dir, { recursive: true });\n await fs.writeFile(idPath, `${id}\\n`, { encoding: 'utf8', mode: 0o600 });\n return id;\n } catch {\n // Couldn't persist — degrade to hostname (stable enough per machine).\n return os.hostname();\n }\n}\n\n/**\n * The per-machine scoped-key name. Bounded to the SDK's 100-char keyName\n * limit by construction (pack names are short + a UUID is 36 chars).\n */\nexport function keyNameFor(pack: string, machineId: string): string {\n return `${pack}-${machineId}`;\n}\n\n/**\n * What we persist locally per pack on this machine. We keep `keyId`\n * alongside the raw key so `--rotate` can revoke the old key by id (the\n * raw key alone can't be revoked). Disclosed only once on the first 201 —\n * a same-machine re-run (key 200, no re-disclosure) reads this back.\n */\nexport interface PersistedKeyRecord {\n /** The Vectros key id — needed to revoke on `--rotate`. */\n keyId: string;\n /** The raw `ssk_*` secret — what goes into the MCP client config. */\n rawKey: string;\n /** The per-machine key name it was minted under. */\n keyName: string;\n}\n\n/** Local path the persisted key record for a pack lives at on this machine. */\nexport function keyFilePath(pack: string, dir: string = vectrosHomeDir()): string {\n return path.join(dir, `${pack}.key.json`);\n}\n\n/** Persist the per-machine key record locally (0600). Creates `~/.vectros` if needed. */\nexport async function persistKey(\n pack: string,\n record: PersistedKeyRecord,\n dir: string = vectrosHomeDir(),\n): Promise<string> {\n await fs.mkdir(dir, { recursive: true });\n const keyPath = keyFilePath(pack, dir);\n await fs.writeFile(keyPath, `${JSON.stringify(record, null, 2)}\\n`, {\n encoding: 'utf8',\n mode: 0o600,\n });\n return keyPath;\n}\n\n/**\n * Read a previously-persisted key record for a pack on this machine, or\n * `undefined` if none exists / it's unreadable (e.g. lost key → `--rotate`\n * re-mints).\n */\nexport async function readPersistedKey(\n pack: string,\n dir: string = vectrosHomeDir(),\n): Promise<PersistedKeyRecord | undefined> {\n try {\n const raw = (await fs.readFile(keyFilePath(pack, dir), 'utf8')).trim();\n if (raw.length === 0) return undefined;\n const parsed = JSON.parse(raw) as PersistedKeyRecord;\n if (typeof parsed.rawKey === 'string' && typeof parsed.keyId === 'string') {\n return parsed;\n }\n return undefined;\n } catch {\n return undefined;\n }\n}\n","/**\n * The deterministic loader sequence (design § \"The loader's deterministic\n * sequence\"). Given a validated blueprint, a bootstrap-authenticated client, a\n * per-context re-mint callback, and this machine's id, it idempotently provisions\n * via the TWO-TOKEN flow:\n *\n * [bootstrap token] app-context → service principal\n * → re-mint a per-context token →\n * [per-context token] schemas → AccessProfile → roles → ssk_* → (optional) seed records\n *\n * The context is created FIRST (cross-context, via the bootstrap token's\n * owner-only `provisioning:c`), then the in-context work runs under a token\n * CONFINED to that context — so data-plane writes land in the right context\n * and pass the live-context write gate. Returns the raw `ssk_*`\n * for the config step. Every create is idempotent (server-side, by a stable\n * identifier), so a re-run converges rather than duplicating.\n *\n * DECOUPLING: the loader talks to {@link BootstrapApiClient} — a narrow\n * interface over the SDK methods it uses — so the orchestration (ordering,\n * idempotency branching, key-disclosure handling, rotate, lost-key path)\n * is unit-tested against a mock. The CLI passes the real `VectrosClient`\n * (which structurally satisfies the interface) cast to it.\n *\n * SMOKE-VERIFY NOTES — validated against live staging 2026-05-31 (full\n * task-management provisioning round-trip):\n * [SV1] ✓ CONFIRMED — AccessProfile accepts `principalId: usr_<userId>`\n * (the created service principal's UUID); id is tenant#ctx#principalId.\n * [SV2] ✓ CONFIRMED — schema create accepts `enumValues: [{ value }]`.\n * [SV3] AccessProfile scope `data_scope` exact encoding (null-sentinel for\n * tenant-level). The bundled blueprint omits\n * dataScope, so the v0 default still doesn't exercise this — UNVERIFIED.\n * [SV4] --rotate re-mint returns a fresh 201 — UNVERIFIED (not smoke-tested).\n * [SV5] ✓ FIXED via smoke — `lookupFields` is LookupDef[] {fieldName},\n * NOT string[] (string[] → HTTP 500). The loader maps it (see below).\n */\nimport type { Logger } from './log.js';\nimport { assertScopeGate } from './scope-gate.js';\nimport {\n contextNameOf,\n collectIdentityReferences,\n type Blueprint,\n type BlueprintSchemaDef,\n} from '@vectros-ai/blueprints';\n// Type-only — used purely in type positions below, no runtime dependency.\nimport type { VectrosClient } from '@vectros-ai/sdk';\nimport type { Page } from './paginate.js';\nimport {\n keyNameFor,\n persistKey,\n readPersistedKey,\n type PersistedKeyRecord,\n} from './machine-id.js';\n\n// ===========================================================================\n// SDK conformance — the loader's interface is DERIVED from the real SDK.\n//\n// The CLI passes the real `VectrosClient` to {@link runLoader} through a\n// `client as unknown as BootstrapApiClient` double-cast (cli-bootstrap.ts),\n// which severs type-checking against the SDK. A hand-written interface would\n// therefore silently keep sending a field a future SDK version drops/renames\n// (request side) or keep reading a response field the SDK removed (result\n// side). To close that blind spot for EVERY method, the request param and the\n// (narrowed) result of each interface method are derived from the SDK's own\n// method signatures — so any drift is a COMPILE error here, not a runtime\n// no-op. The SDK surfaces these types only under an internal namespace, so\n// `Parameters<…>[0]` / `Awaited<ReturnType<…>>` are both more robust than\n// named imports (which aren't exported) and a stronger guarantee: they track\n// the real call sites. Results stay `Pick`ed to the fields the loader reads,\n// which keeps the test mock simple (it returns plain objects, not the SDK's\n// HttpResponsePromise).\n// ===========================================================================\ntype SdkSchemaReq = Parameters<VectrosClient['schemas']['createSchema']>[0];\ntype SdkListSchemasReq = Parameters<VectrosClient['schemas']['listSchemas']>[0];\ntype SdkUserReq = Parameters<VectrosClient['identity']['createUser']>[0];\ntype SdkAppContextReq = Parameters<VectrosClient['auth']['createAppContext']>[0];\ntype SdkAccessProfileReq = Parameters<VectrosClient['auth']['createAccessProfile']>[0];\ntype SdkScopedKeyReq = Parameters<VectrosClient['auth']['createScopedKey']>[0];\ntype SdkRevokeReq = Parameters<VectrosClient['auth']['revokeScopedKey']>[0];\ntype SdkRecordReq = Parameters<VectrosClient['records']['createRecord']>[0];\ntype SdkCreateRoleReq = Parameters<VectrosClient['auth']['createRole']>[0];\n\ntype SdkUpdateSchemaReq = Parameters<VectrosClient['schemas']['updateSchema']>[0];\ntype SdkUpdateProfileReq = Parameters<VectrosClient['auth']['updateAccessProfile']>[0];\n\ntype SdkUserRes = Awaited<ReturnType<VectrosClient['identity']['createUser']>>;\ntype SdkAppContextRes = Awaited<ReturnType<VectrosClient['auth']['createAppContext']>>;\ntype SdkAccessProfileRes = Awaited<ReturnType<VectrosClient['auth']['createAccessProfile']>>;\ntype SdkUpdateProfileRes = Awaited<ReturnType<VectrosClient['auth']['updateAccessProfile']>>;\ntype SdkScopedKeyRes = Awaited<ReturnType<VectrosClient['auth']['createScopedKey']>>;\ntype SdkSchemaRes = Awaited<ReturnType<VectrosClient['schemas']['createSchema']>>;\ntype SdkUpdateSchemaRes = Awaited<ReturnType<VectrosClient['schemas']['updateSchema']>>;\ntype SdkRecordRes = Awaited<ReturnType<VectrosClient['records']['createRecord']>>;\ntype SdkCreateRoleRes = Awaited<ReturnType<VectrosClient['auth']['createRole']>>;\n\n/** The per-clause TokenScope element of a role-create body (SDK `ScopeClause`). */\ntype SdkRoleScopeClause = SdkCreateRoleReq['body']['scopes'][number];\n\n// Field/hint element types pulled off the schema request (used by the loader's\n// per-field mappers below). NonNullable because both arrays/maps are optional.\ntype SdkFieldDef = NonNullable<SdkSchemaReq['fields']>[number];\ntype SdkRenderHintDef = NonNullable<SdkSchemaReq['renderHints']>[string];\ntype SdkLookupDef = NonNullable<SdkSchemaReq['lookupFields']>[number];\n\n/**\n * The subset of the SDK's schema-create request the loader sends, via `Pick`\n * so it conforms to the SDK BY CONSTRUCTION — this fails to compile if any of\n * these keys leaves the SDK type, and the value types (FieldDef[],\n * RenderHintDef map, …) come straight from the SDK.\n */\ntype LoaderSchemaCreate = Pick<\n SdkSchemaReq,\n | 'typeName'\n | 'displayName'\n | 'description'\n | 'indexMode'\n | 'fields'\n | 'lookupFields'\n | 'allowedSurfaces'\n | 'renderHints'\n | 'capabilities'\n | 'active'\n | 'userId'\n | 'orgId'\n | 'clientId'\n>;\n\n/**\n * Narrow view of the SDK methods the loader calls (see \"DECOUPLING\"). Every\n * request param + result is SDK-derived (see the conformance note above), so\n * the mock in tests implements the SAME shapes the real client must satisfy.\n */\nexport interface BootstrapApiClient {\n identity: {\n createUser(req: SdkUserReq): Promise<Pick<SdkUserRes, 'id' | 'externalId'>>;\n };\n auth: {\n createAppContext(req: SdkAppContextReq): Promise<Pick<SdkAppContextRes, 'contextId'>>;\n createAccessProfile(\n req: SdkAccessProfileReq,\n ): Promise<Pick<SdkAccessProfileRes, 'id' | 'principalId'>>;\n /**\n * Reconcile an EXISTING profile's scopes to the declared set.\n * `createAccessProfile` is get-or-create — on a re-apply it returns the\n * existing profile WITHOUT applying changed scopes — so the loader follows it\n * with this update so a changed scope set actually takes effect.\n */\n updateAccessProfile(\n req: SdkUpdateProfileReq,\n ): Promise<Pick<SdkUpdateProfileRes, 'id' | 'principalId'>>;\n createScopedKey(\n req: SdkScopedKeyReq,\n ): Promise<Pick<SdkScopedKeyRes, 'keyId' | 'rawKey' | 'keyName'>>;\n revokeScopedKey(req: SdkRevokeReq): Promise<void>;\n /** Idempotent by roleId. Request derived from the SDK (drift = compile error). */\n createRole(req: SdkCreateRoleReq): Promise<Pick<SdkCreateRoleRes, 'roleId'>>;\n };\n schemas: {\n /** Request is the SDK-derived {@link LoaderSchemaCreate} — see the note above. */\n createSchema(req: LoaderSchemaCreate): Promise<Pick<SdkSchemaRes, 'id' | 'typeName'>>;\n /**\n * Reconcile an EXISTING schema to the declared shape. Schemas are NOT\n * idempotent on create (typeName conflict), so on a re-apply the loader resolves\n * the existing id and calls this to apply the blueprint's current shape. The\n * platform applies legal diffs + REJECTS migration-locked diffs (a lookup's\n * rangeEnabled/sortBy/sensitive, or typeName) — the loader surfaces that rejection.\n */\n updateSchema(req: SdkUpdateSchemaReq): Promise<Pick<SdkUpdateSchemaRes, 'id' | 'typeName'>>;\n /**\n * Drained to resolve an existing schema's id by typeName when create reports\n * a duplicate (schemas are unique-by-typeName, NOT idempotent — see the\n * create loop in {@link runLoader}). Returns the page envelope.\n */\n listSchemas(req?: SdkListSchemasReq): Promise<Page<Pick<SdkSchemaRes, 'id' | 'typeName'>>>;\n };\n records: {\n createRecord(req: SdkRecordReq): Promise<Pick<SdkRecordRes, 'id'>>;\n };\n}\n\nexport type KeyAction = 'created' | 'reused' | 'rotated';\n\nexport interface LoaderResult {\n contextId: string;\n servicePrincipalUserId: string;\n accessProfileId?: string;\n keyName: string;\n keyAction: KeyAction;\n /** The raw `ssk_*` to put in the MCP client config. */\n rawKey: string;\n /** typeName → schemaId for each schema ensured. */\n schemaIds: Record<string, string>;\n /**\n * The roleIds this run ensured (created or idempotently re-touched), in\n * blueprint order. Lets the test harness tear down created-only roles\n * (mirrors {@link schemaIds}). Empty when the blueprint declares no roles.\n */\n roleIds: string[];\n seededCount: number;\n /**\n * The ids of the seed records this run upserted, in seed order. Lets a caller\n * (e.g. the test harness) tear the seeded records back down — the only\n * provisioned resource whose id isn't otherwise derivable. Empty when the\n * blueprint declares no seed.\n */\n seededRecordIds: string[];\n}\n\nexport interface LoaderInput {\n blueprint: Blueprint;\n /** The partner tenant id (resolved by the CLI via the extended /v1/ping). */\n tenantId: string;\n /** This machine's stable id (per-machine keyName). */\n machineId: string;\n /** Revoke + re-mint this machine's key. */\n rotate?: boolean;\n /** Override the local `~/.vectros` dir (tests). */\n vectrosDir?: string;\n /**\n * Re-mint a per-context client AFTER the blueprint's\n * app-context exists. {@code runLoader}'s primary {@code client} is the NARROW\n * bootstrap token (it creates the context + identity, cross-context, via\n * `provisioning:c`); this callback returns a wildcard client CONFINED to\n * {@code contextId} for the in-context load (schemas/profile/roles/key/records),\n * so the data-plane writes land in the right context. The CLI\n * ({@code cli-bootstrap.ts}) ALWAYS wires this to {@code mintContextToken} →\n * scoped-token?context=.\n *\n * <p>Optional only for callers (e.g. unit tests with a single permissive mock)\n * that don't model the two-token split — when omitted, the in-context work runs\n * on the primary {@code client}. This is production-safe: the real narrow\n * bootstrap token lacks schemas/profiles/keys/records scope, so a real run that\n * omitted the re-mint would 403 loudly on the first in-context call, never\n * silently mis-file data into the bootstrap token's (default) context.\n */\n remintForContext?(contextId: string): Promise<BootstrapApiClient>;\n log: Logger;\n}\n\n/**\n * Thrown when the scoped key already exists for this machine (key 200, no\n * re-disclosure) but the local key record is missing — the raw secret is\n * unrecoverable without rotating. The CLI maps this to a \"run --rotate\"\n * message.\n */\nexport class LostKeyError extends Error {\n constructor(public readonly keyName: string) {\n super(\n `Scoped key '${keyName}' already exists for this machine but its local copy ` +\n `(~/.vectros) is missing. The raw key is shown only once and cannot be re-read. ` +\n `Re-run with --rotate to revoke + re-mint this machine's key.`,\n );\n this.name = 'LostKeyError';\n }\n}\n\n/** Map a blueprint field's `string[]` enumValues → the SDK's `Record<string,unknown>[]` [SV2]. */\nfunction mapEnumValues(enumValues: string[] | undefined): Record<string, unknown>[] | undefined {\n if (!enumValues) return undefined;\n return enumValues.map((value) => ({ value }));\n}\n\n// Returns the SDK's `FieldDef[]` so the field-level passthrough conforms to the\n// SDK by construction (the array must be assignable to SdkFieldDef[]).\nfunction toSdkFields(blueprint: Blueprint, schemaIndex: number): SdkFieldDef[] {\n return blueprint.schemas[schemaIndex].fields.map((f) => ({\n fieldId: f.fieldId,\n // The SDK narrowed `fieldType` to a typed enum (SDK 0.13). Blueprints\n // keep it a free-form authoring string (the platform is the validation\n // authority + forward-compat for new types) → cast at the SDK boundary.\n fieldType: f.fieldType as SdkFieldDef['fieldType'],\n required: f.required,\n searchable: f.searchable,\n filterable: f.filterable,\n description: f.description,\n enumValues: mapEnumValues(f.enumValues),\n // Format passthrough — the loader previously DROPPED this (the\n // \"smoking gun\" toSdkFields mapped only six props). The platform\n // `SchemaRequest.FieldDef.validation` enforces these server-side. The\n // typed blueprint ValidationRules narrows the SDK's free-form Record.\n validation: f.validation as Record<string, unknown> | undefined,\n // Format passthrough — PHI/PII marker. The platform redacts a sensitive\n // field at write time, blind-indexes it, excludes it from search, and masks\n // it on read without the `s` reveal scope (SchemaRequest.FieldDef.sensitive).\n // Forwarded so a no-code compliance blueprint can actually provision it.\n sensitive: f.sensitive,\n // Reference-field target — the SDK FieldDef carries these and the platform\n // requires BOTH targetTypeName AND targetSurface when fieldType==='reference'.\n // The blueprint format uses the SAME names as the SDK, so these forward 1:1.\n // Forward them so a declared reference field is actually provisioned with its\n // target (dropping targetSurface would 400 at createSchema — \"requires\n // targetSurface\" — so the reference would never provision).\n targetTypeName: f.targetTypeName,\n targetField: f.targetField,\n targetSurface: f.targetSurface as SdkFieldDef['targetSurface'],\n cardinality: f.cardinality as SdkFieldDef['cardinality'],\n }));\n}\n\n/**\n * Normalize blueprint `lookupFields` (each a bare field name OR an object\n * `{ fieldName, unique?, rangeEnabled?, sortBy?, allowOverflow? }`) into the\n * `LookupDef[]` shape the partner API requires ([SV5]: string[] → HTTP 500).\n * The object form forwards the optional index attributes 1:1; a bare field\n * name stays an equality-only, budget-fit lookup. The element type is the\n * SDK's own `LookupDef`, so a forwarded attribute that drifts is a compile\n * error here, not a silently-dropped field.\n */\nfunction toLookupDefs(\n lookupFields: BlueprintSchemaDef['lookupFields'],\n): SdkLookupDef[] | undefined {\n return lookupFields?.map((lf) => {\n if (typeof lf === 'string') return { fieldName: lf };\n // Forward only the attributes the author actually declared, so the request\n // body stays minimal (an unset attribute is absent, not `undefined`).\n const def: SdkLookupDef = { fieldName: lf.fieldName };\n if (lf.unique !== undefined) def.unique = lf.unique;\n if (lf.rangeEnabled !== undefined) def.rangeEnabled = lf.rangeEnabled;\n if (lf.sortBy !== undefined) def.sortBy = lf.sortBy;\n if (lf.allowOverflow !== undefined) def.allowOverflow = lf.allowOverflow;\n return def;\n });\n}\n\n/**\n * Pivot the per-field `renderHints` (authored field-by-field for readability)\n * into the schema-level map keyed by `fieldId` that `SchemaRequest.renderHints`\n * (Map<fieldId, RenderHintDef>) expects. Returns `undefined` when no field\n * declares a hint, so the request body stays minimal.\n */\nfunction toRenderHintMap(\n schema: BlueprintSchemaDef,\n): Record<string, SdkRenderHintDef> | undefined {\n const map: Record<string, SdkRenderHintDef> = {};\n for (const f of schema.fields) {\n if (f.renderHints) map[f.fieldId] = f.renderHints;\n }\n return Object.keys(map).length > 0 ? map : undefined;\n}\n\n/**\n * Normalize the schema `capabilities` block (today just `auditHistory`) into\n * the `Map<String,Boolean>` shape `SchemaRequest.capabilities` expects.\n * Returns `undefined` when absent so the platform default (auditHistory=true)\n * applies untouched.\n */\nfunction toCapabilities(\n capabilities: BlueprintSchemaDef['capabilities'],\n): Record<string, boolean> | undefined {\n if (!capabilities) return undefined;\n const out: Record<string, boolean> = {};\n if (capabilities.auditHistory !== undefined) out.auditHistory = capabilities.auditHistory;\n return Object.keys(out).length > 0 ? out : undefined;\n}\n\n/**\n * Map a blueprint role's clauses to the SDK `ScopeClause[]`. Mirrors the\n * AccessProfile scope transform (step 4): blueprint `dataScope`\n * (`Record<string, (string|null)[]>`, null = the tenant-level sentinel) passes\n * straight to the wire; the cast bridges to the SDK's loose\n * `Record<string, Record<string, unknown>>`. `${{ self.* }}` tokens inside a\n * clause dataScope are intentionally left literal — the platform resolves them\n * per-principal at request time.\n */\nfunction toRoleScopeClauses(\n clauses: NonNullable<Blueprint['roles']>[string],\n): SdkRoleScopeClause[] {\n return clauses.map((c) => ({\n allowed_actions: c.allowedActions,\n data_scope: c.dataScope as Record<string, Record<string, unknown>> | undefined,\n }));\n}\n\n/**\n * Fail closed if the blueprint relies on identity resolution the CLI loader\n * does not yet perform (identities half). Until the apply-time identity\n * resolver is wired, an `identities:` block or any `${{ identities.* }}` token\n * would be provisioned as a LITERAL string into ownership/dataScope fields — a\n * silent-wrong mint. Reject instead, so the failure is loud and actionable.\n *\n * (`${{ self.* }}` tokens are NOT identity references — they are platform\n * runtime placeholders, intentionally left literal — so they pass.)\n */\n/**\n * Thrown by {@link assertNoUnresolvedIdentities}. A dedicated type (not a bare\n * Error) so callers map it to a clean usage exit (2), the same as a\n * {@link ScopeGateError} — both are \"the blueprint can't be applied as-authored\",\n * not an internal failure.\n */\nexport class UnresolvedIdentitiesError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'UnresolvedIdentitiesError';\n }\n}\n\nexport function assertNoUnresolvedIdentities(blueprint: Blueprint): void {\n const hasBlock = blueprint.identities && Object.keys(blueprint.identities).length > 0;\n const refs = collectIdentityReferences(blueprint);\n if (hasBlock || refs.length > 0) {\n const detail = hasBlock\n ? `declares an 'identities' block`\n : `references ${refs.map((r) => `\\${{ identities.${r} }}`).join(', ')}`;\n throw new UnresolvedIdentitiesError(\n `Blueprint ${detail}, but the CLI loader does not yet resolve identities. ` +\n `Applying it would write literal '\\${{ identities.* }}' tokens into ` +\n `ownership/dataScope fields. Remove the identities usage, or wait for ` +\n `identity-resolution support.`,\n );\n }\n}\n\n/**\n * Thrown when an EXISTING schema can't be reconciled to the blueprint's declared\n * shape on a re-apply — most importantly when the change is migration-locked\n * (a lookup's {@code rangeEnabled}/{@code sortBy}/{@code sensitive}, or {@code typeName})\n * and the platform's update rejects it. Carries the platform's own message + an\n * actionable hint instead of silently adopting the stale schema.\n */\nexport class SchemaReconcileError extends Error {\n constructor(typeName: string, cause: unknown) {\n const detail = cause instanceof Error ? cause.message : String(cause);\n super(\n `Schema '${typeName}' already exists but could not be reconciled to the blueprint: ${detail}\\n` +\n `If this is a migration-locked attribute (a lookup field's rangeEnabled/sortBy/sensitive, ` +\n `or the schema typeName), it cannot change on an existing schema — use a new fieldName/typeName ` +\n `for the new shape.`,\n );\n this.name = 'SchemaReconcileError';\n }\n}\n\n/**\n * True for the platform's \"schema typeName already exists\" rejection. Schemas\n * are unique-by-typeName and creation REJECTS duplicates (PartnerSchemaHandler)\n * — unlike users/orgs/contexts, which are idempotent-by-stable-id. We match on\n * status (400/409) + the message so the loader can converge a re-run (incl.\n * `bootstrap --rotate`) onto the existing schema instead of failing.\n */\nfunction isAlreadyExistsError(e: unknown): boolean {\n if (typeof e !== 'object' || e === null) return false;\n const err = e as { statusCode?: number; message?: string; body?: { message?: string } };\n const status = err.statusCode;\n const text = `${err.message ?? ''} ${err.body?.message ?? ''}`.toLowerCase();\n return (status === 409 || status === 400) && text.includes('already exists');\n}\n\n/**\n * Resolve an existing schema's id by typeName, SCOPED TO THE SAME OWNER the\n * create targeted (drains the pages). Schema uniqueness is per\n * (tenant, context, owner, typeName) — and a same-typeName schema can legitimately\n * exist under a different owner in the same context — so an owner-agnostic match\n * could adopt the WRONG schema. listSchemas filters by userId/orgId; tenant +\n * context are already fixed by the caller's bridge token. (clientId has no\n * listSchemas filter — the caller declines to converge a client-owned schema.)\n */\nasync function findExistingSchemaId(\n client: BootstrapApiClient,\n typeName: string,\n owner: { userId?: string; orgId?: string },\n): Promise<string | undefined> {\n let startFrom: string | undefined;\n for (;;) {\n const page = await client.schemas.listSchemas({\n userId: owner.userId,\n orgId: owner.orgId,\n limit: 100,\n startFrom,\n });\n const match = (page.data ?? []).find((s) => s.typeName === typeName);\n if (match?.id) return match.id;\n const next = page.nextCursor;\n if (!next) return undefined;\n startFrom = next;\n }\n}\n\n/**\n * Run the deterministic provisioning sequence. The caller is responsible\n * for having validated the blueprint (structural + scope gate); the loader\n * re-asserts the scope gate as defense-in-depth before any mint.\n */\nexport async function runLoader(\n client: BootstrapApiClient,\n input: LoaderInput,\n): Promise<LoaderResult> {\n const { blueprint, tenantId, machineId, rotate = false, vectrosDir, log } = input;\n\n // Defense in depth: never mint outside the data-plane allowlist, even if\n // a caller forgot to validate. (CLI validates too.) Roles ALSO mint scope\n // grants, so every role clause is gated identically — a blueprint role must\n // not be a control-plane back-door around the AccessProfile gate.\n assertScopeGate(blueprint.accessProfile.allowedActions);\n for (const clauses of Object.values(blueprint.roles ?? {})) {\n for (const clause of clauses) assertScopeGate(clause.allowedActions);\n }\n // And never send a literal '${{ identities.* }}' token to the wire.\n assertNoUnresolvedIdentities(blueprint);\n\n // TWO-TOKEN flow. The primary `client` is the NARROW\n // bootstrap token: it creates the blueprint's app-context (cross-context, via\n // the owner-only `provisioning:c` capability) and the tenant-level service\n // principal. We then re-mint a wildcard client CONFINED to the new context and\n // run the in-context load under it, so the data-plane writes (schemas, records)\n // land in the right context and pass the live-context write gate\n // (the context now exists). Ordering matters: context FIRST.\n\n // 1. App-context (idempotent by contextId) — bootstrap token, cross-context.\n await client.auth.createAppContext({ contextId: blueprint.contextId, name: contextNameOf(blueprint) });\n log.debug({ component: 'loader', contextId: blueprint.contextId }, 'app-context ensured');\n\n // 2. Service principal (idempotent upsert by externalId) — tenant-level identity.\n const user = await client.identity.createUser({\n externalId: blueprint.servicePrincipal.externalId,\n type: 'SERVICE',\n // SDK 0.18+ (identity-access rework): UserRequest's free-form attribute bag\n // was renamed `metadata` → `payload`. Same semantics (arbitrary key/value).\n payload: { displayName: blueprint.servicePrincipal.displayName },\n });\n const userId = user.id;\n if (!userId) {\n throw new Error('Service-principal create returned no user id; cannot bind AccessProfile/key.');\n }\n log.debug({ component: 'loader', externalId: blueprint.servicePrincipal.externalId, userId }, 'service principal ensured');\n\n // 3. Re-mint a client CONFINED to the (now-existing) context. Everything below\n // is in-context work — use `ctxClient`, NOT the bootstrap `client`. (Falls back\n // to the primary client only when no re-mint is wired — see LoaderInput doc.)\n const ctxClient = input.remintForContext\n ? await input.remintForContext(blueprint.contextId)\n : client;\n log.debug({ component: 'loader', contextId: blueprint.contextId }, 're-minted per-context client');\n\n // 4. Schemas (context-scoped; idempotent by typeName).\n const schemaIds: Record<string, string> = {};\n for (let i = 0; i < blueprint.schemas.length; i++) {\n const s = blueprint.schemas[i];\n // Build the declared schema body ONCE — used for the create AND, on a re-apply\n // where the schema already exists, for the reconciling update.\n const schemaBody: LoaderSchemaCreate = {\n typeName: s.typeName,\n displayName: s.displayName,\n description: s.description,\n indexMode: s.indexMode,\n fields: toSdkFields(blueprint, i),\n // Blueprint authors lookupFields as a string (field name) OR an object\n // {fieldName, unique?}; the partner API wants LookupDef objects. Normalize.\n lookupFields: toLookupDefs(s.lookupFields),\n // allowedSurfaces is REQUIRED + non-empty on SchemaRequest (0.23+).\n // Blueprints provision record types (the loader also seeds records against\n // them), so default to ['record'] when a blueprint omits it. The `as` keeps\n // the literal default assignable to the SDK's enum-array type.\n allowedSurfaces: (s.allowedSurfaces ?? ['record']) as LoaderSchemaCreate['allowedSurfaces'],\n // Format passthrough — previously dropped by the loader. Flat ownership\n // mirrors the SDK `SchemaRequest` shape 1:1.\n renderHints: toRenderHintMap(s),\n capabilities: toCapabilities(s.capabilities),\n active: s.active,\n userId: s.userId,\n orgId: s.orgId,\n clientId: s.clientId,\n };\n let resp: Pick<SdkSchemaRes, 'id' | 'typeName'>;\n try {\n resp = await ctxClient.schemas.createSchema(schemaBody);\n } catch (e) {\n // Schemas are unique-by-typeName and creation REJECTS duplicates (NOT\n // idempotent, unlike users/contexts). On a re-apply, resolve the existing\n // schema's id and RECONCILE it to the declared shape via update —\n // rather than silently adopting whatever is already there. The platform\n // applies legal diffs (added fields/lookups, validation, renderHints, active)\n // and REJECTS a migration-locked diff (a lookup's rangeEnabled/sortBy/sensitive,\n // or typeName); we surface that rejection (fail loud) via SchemaReconcileError.\n if (!isAlreadyExistsError(e)) throw e;\n // A client-owned schema can't be disambiguated (listSchemas has no clientId\n // filter), so don't risk adopting a wrong-owner schema — surface the error.\n if (s.clientId) throw e;\n const existingId = await findExistingSchemaId(ctxClient, s.typeName, { userId: s.userId, orgId: s.orgId });\n if (!existingId) throw e; // couldn't resolve → surface the original error\n try {\n resp = await ctxClient.schemas.updateSchema({ id: existingId, body: schemaBody });\n } catch (ue) {\n throw new SchemaReconcileError(s.typeName, ue);\n }\n log.debug({ component: 'loader', typeName: s.typeName, schemaId: existingId }, 'schema existed; reconciled to declared shape (update)');\n }\n if (resp.id) schemaIds[s.typeName] = resp.id;\n log.debug({ component: 'loader', typeName: s.typeName, schemaId: resp.id }, 'schema ensured');\n }\n\n // 5. AccessProfile (gated scope) [SV1][SV3] — in-context. Build the declared body\n // ONCE, then create-then-reconcile: `createAccessProfile` is get-or-create\n // (idempotent by principalId), but on a re-apply it returns the EXISTING profile\n // WITHOUT applying changed scopes — so we follow it with an update to the declared\n // scopes, so a changed scope set (e.g. adding `inference:r` to a deployed blueprint)\n // actually takes effect rather than being silently dropped.\n const profileBody = {\n principalId: `usr_${userId}`,\n scopes: [\n {\n allowed_actions: blueprint.accessProfile.allowedActions,\n // Pass dataScope straight through to the wire. The blueprint type is\n // Record<string, (string|null)[]> — a `null` element is the NULL\n // SENTINEL (tenant-level access; see types.ts). It serializes to a\n // literal JSON null, which is exactly what the platform's scope\n // matcher tests via `allowedValues.contains(null)`. The cast bridges\n // to the SDK's loosely-typed Record<string, Record<string,unknown>>.\n data_scope: blueprint.accessProfile.dataScope as\n | Record<string, Record<string, unknown>>\n | undefined,\n },\n ],\n // NB: `status` is intentionally omitted — the SDK's body type does not model it\n // and the platform defaults a new profile to 'active' (the only status the loader\n // ever wants). Sending it was redundant.\n };\n const profile = await ctxClient.auth.createAccessProfile({\n contextId: blueprint.contextId,\n body: profileBody,\n });\n // Reconcile the scopes to the declared set (idempotent; a no-op on a fresh create).\n await ctxClient.auth.updateAccessProfile({\n contextId: blueprint.contextId,\n principalId: `usr_${userId}`,\n body: profileBody,\n });\n log.debug({ component: 'loader', principalId: `usr_${userId}`, accessProfileId: profile.id }, 'access profile ensured + reconciled to declared scopes');\n\n // 5b. Roles (optional; idempotent by roleId). An identity-agnostic, reusable\n // multi-clause scope payload — DISTINCT from the AccessProfile (which binds\n // this run's service principal). Roles are authored in the blueprint and bound\n // to principals later via `vectros access grant --role`. Gated above.\n const roleIds: string[] = [];\n for (const [roleId, clauses] of Object.entries(blueprint.roles ?? {})) {\n await ctxClient.auth.createRole({\n contextId: blueprint.contextId,\n body: {\n roleId,\n // Blueprint roles carry no display name → default it to the roleId.\n name: roleId,\n scopes: toRoleScopeClauses(clauses),\n },\n });\n roleIds.push(roleId);\n log.debug({ component: 'loader', roleId, clauses: clauses.length }, 'role ensured');\n }\n\n // 6. Scoped key — per-machine keyName. Rotate first if requested. In-context.\n const keyName = keyNameFor(blueprint.name, machineId);\n let keyAction: KeyAction = 'created';\n\n if (rotate) {\n const existing = await readPersistedKey(blueprint.name, vectrosDir);\n if (existing?.keyId) {\n await ctxClient.auth.revokeScopedKey({ keyId: existing.keyId });\n log.debug({ component: 'loader', keyId: existing.keyId }, 'revoked prior key for rotate');\n }\n keyAction = 'rotated';\n }\n\n const keyResp = await ctxClient.auth.createScopedKey({ keyName, tenantId, contextId: blueprint.contextId, userId });\n\n let rawKey: string;\n if (keyResp.rawKey) {\n // 201 — fresh disclosure. Persist {keyId, rawKey, keyName} locally.\n const record: PersistedKeyRecord = {\n keyId: keyResp.keyId ?? '',\n rawKey: keyResp.rawKey,\n keyName,\n };\n await persistKey(blueprint.name, record, vectrosDir);\n rawKey = keyResp.rawKey;\n if (keyAction !== 'rotated') keyAction = 'created';\n } else {\n // 200 — key already existed for this machine; no re-disclosure.\n const existing = await readPersistedKey(blueprint.name, vectrosDir);\n if (!existing) {\n throw new LostKeyError(keyName);\n }\n rawKey = existing.rawKey;\n keyAction = 'reused';\n }\n log.debug({ component: 'loader', keyName, keyAction }, 'scoped key resolved');\n\n // 7. Seed records (optional; idempotent by externalId) — in-context.\n let seededCount = 0;\n const seededRecordIds: string[] = [];\n for (const rec of blueprint.seed ?? []) {\n const schemaId = schemaIds[rec.typeName];\n if (!schemaId) {\n log.warn({ component: 'loader', typeName: rec.typeName }, 'seed skipped — no schemaId for typeName');\n continue;\n }\n const created = await ctxClient.records.createRecord({\n typeName: rec.typeName,\n schemaId,\n // externalId is the FIRST-CLASS RecordRequest field — the platform's idempotency\n // key AND the value other records resolve a `reference` against. Send it\n // TOP-LEVEL (never in payload): payload-only leaves the record's first-class\n // externalId null, so re-apply duplicates seeds (no dedup) and a reference with\n // the default targetField=externalId can never resolve the target. It is not a\n // payload field — the bundled schemas correctly do NOT declare one.\n externalId: rec.externalId,\n payload: rec.fields,\n });\n if (created.id) seededRecordIds.push(created.id);\n seededCount++;\n }\n\n return {\n contextId: blueprint.contextId,\n servicePrincipalUserId: userId,\n accessProfileId: profile.id,\n keyName,\n keyAction,\n rawKey,\n schemaIds,\n roleIds,\n seededCount,\n seededRecordIds,\n };\n}\n\n// ===========================================================================\n// Plan / preview (spec blueprint-authoring-extensibility §3)\n//\n// A pure, side-effect-free description of what runLoader WOULD provision for a\n// blueprint — the terraform-plan-style preview shown before any mint. It walks\n// the SAME ordered sequence runLoader executes (schemas → context → principal →\n// profile → key → seed). No client, no machineId, no network: the plan is\n// derivable from the blueprint alone, which keeps it golden-file snapshottable.\n//\n// NB: buildPlan is a PARALLEL description of runLoader, not structurally unified\n// with it (the loader is a data-dependent pipeline — userId/schemaIds thread\n// between steps + the key step branches — so a single uniform step list would\n// be less readable, not more). The two are kept in sync by a DRIFT-GUARD TEST\n// (tests/plan.test.ts): it runs runLoader against a recording mock and asserts\n// the real call order matches buildPlan's kinds. Add/remove/reorder a loader\n// step without updating buildPlan and that test goes red.\n// ===========================================================================\n\n/** A single provisioning step the loader would perform, in execution order. */\nexport interface PlanStep {\n /** Resource kind — matches runLoader's numbered steps. */\n kind: 'schema' | 'context' | 'principal' | 'profile' | 'role' | 'key' | 'seed';\n /** One-line human-readable summary for the preview. */\n summary: string;\n}\n\n/**\n * Derive the ordered provisioning plan for a blueprint WITHOUT executing it.\n * Mirrors {@link runLoader}'s step sequence 1:1 (see the per-step comments\n * there). Pure — safe to call with no credentials.\n *\n * The `key` step deliberately renders the per-machine key as\n * `<name>-<machine>` rather than resolving a real machineId: the plan is a\n * shape preview, and the literal machine suffix is noise. (`runLoader` uses\n * {@link keyNameFor} with the real id at mint time.)\n */\nexport function buildPlan(blueprint: Blueprint): PlanStep[] {\n const steps: PlanStep[] = [];\n\n // Two-token order: the app-context + service principal are\n // created FIRST under the bootstrap token; runLoader then re-mints a per-context\n // token (NOT a provisioning step — not in the plan) and does the in-context work\n // (schemas/profile/roles/key/seed) under it. This sequence mirrors runLoader 1:1\n // and is enforced by the drift-guard test (tests/plan.test.ts).\n\n // 1. App-context (idempotent by contextId) — bootstrap token, cross-context.\n steps.push({ kind: 'context', summary: `context '${blueprint.contextId}' (${contextNameOf(blueprint)})` });\n\n // 2. Service principal (idempotent upsert by externalId) — tenant-level identity.\n steps.push({\n kind: 'principal',\n summary: `principal '${blueprint.servicePrincipal.externalId}' (SERVICE)`,\n });\n\n // 4. Schemas (context-scoped; idempotent by typeName) — per-context token.\n for (const s of blueprint.schemas) {\n const lookups = toLookupDefs(s.lookupFields)?.map((l) => l.fieldName) ?? [];\n const lookupNote = lookups.length ? ` lookup: [${lookups.join(', ')}]` : '';\n // Show allowedSurfaces only when the author overrode the default (['record'])\n // — so a document/identity-plane schema is visible in the preview, while the\n // common record case stays uncluttered. (runLoader defaults it to ['record'].)\n const surfaceNote = s.allowedSurfaces ? ` surfaces: [${s.allowedSurfaces.join(', ')}]` : '';\n // Surface which fields are PHI/PII before the operator approves the plan — a\n // compliance blueprint's whole value is that these are protected, so they\n // belong in the pre-mint preview.\n const sensitive = s.fields.filter((f) => f.sensitive).map((f) => f.fieldId);\n const sensitiveNote = sensitive.length ? ` sensitive: [${sensitive.join(', ')}]` : '';\n steps.push({\n kind: 'schema',\n summary: `schema '${s.typeName}' (${s.fields.length} field${s.fields.length === 1 ? '' : 's'}, ${s.indexMode ?? 'HYBRID'})${lookupNote}${surfaceNote}${sensitiveNote}`,\n });\n }\n\n // 5. AccessProfile (gated scope).\n const actions = blueprint.accessProfile.allowedActions;\n const scopeNote =\n blueprint.accessProfile.dataScope && Object.keys(blueprint.accessProfile.dataScope).length\n ? ` dataScope: ${Object.keys(blueprint.accessProfile.dataScope).join(', ')}`\n : '';\n steps.push({\n kind: 'profile',\n summary: `profile scopes [${actions.join(', ')}] (data-plane ✓)${scopeNote}`,\n });\n\n // 5b. Roles (optional) — one step per declared role, in blueprint order\n // (matches runLoader's Object.entries iteration for the drift-guard test).\n for (const [roleId, clauses] of Object.entries(blueprint.roles ?? {})) {\n const actionSet = [...new Set(clauses.flatMap((c) => c.allowedActions))];\n steps.push({\n kind: 'role',\n summary: `role '${roleId}' (${clauses.length} clause${clauses.length === 1 ? '' : 's'}, actions [${actionSet.join(', ')}])`,\n });\n }\n\n // 6. Scoped key — per-machine. (machineId resolved at mint; preview shows the shape.)\n steps.push({ kind: 'key', summary: `key ${blueprint.name}-<machine> (mint 1 scoped ssk_*)` });\n\n // 7. Seed records (optional; idempotent by externalId).\n const seedCount = blueprint.seed?.length ?? 0;\n if (seedCount > 0) {\n steps.push({ kind: 'seed', summary: `seed ${seedCount} record(s)` });\n }\n\n return steps;\n}\n\n/**\n * Render a {@link buildPlan} result as the terraform-plan-style preview block.\n * Pure string formatting — the CLI prints this before gating the mint.\n */\nexport function renderPlan(blueprint: Blueprint, steps: PlanStep[]): string {\n const header = ` Plan for blueprint '${blueprint.name}' (v${blueprint.version}) → context '${blueprint.contextId}':`;\n const lines = steps.map((s) => ` + ${s.summary}`);\n return [header, ...lines].join('\\n');\n}\n","/**\n * Claude Desktop config safe-merge — the DevEx last mile.\n *\n * Developers break their `claude_desktop_config.json` with a missed comma\n * and blame the tool (design doc § \"Developer experience — the last\n * mile\"). So the loader NEVER asks them to hand-edit JSON: it locates the\n * config, backs it up, injects the `vectros` MCP server entry, and\n * atomic-writes — after a confirmation the CLI layer handles.\n *\n * This module splits into PURE helpers (path resolution, entry building,\n * object merge — trivially unit-testable) and the single fs-touching\n * `safeMergeConfigFile` (tested against a real temp dir). Never silently\n * clobber; never require manual JSON surgery.\n */\nimport { promises as fs } from 'node:fs';\nimport os from 'node:os';\nimport path from 'node:path';\n\n/** The MCP-server entry shape Claude Desktop (and Cursor/Cline/etc.) expect. */\nexport interface McpServerEntry {\n command: string;\n args: string[];\n env?: Record<string, string>;\n}\n\nexport interface ClaudeDesktopConfig {\n mcpServers?: Record<string, McpServerEntry>;\n // Preserve any other top-level keys the user has set.\n [key: string]: unknown;\n}\n\n/**\n * Resolve the Claude Desktop config path for the current OS. Pure —\n * platform/env/home are injected so tests can exercise all three OSes.\n *\n * macOS: ~/Library/Application Support/Claude/claude_desktop_config.json\n * Windows: %APPDATA%\\Claude\\claude_desktop_config.json\n * Linux: ~/.config/Claude/claude_desktop_config.json\n */\nexport function claudeDesktopConfigPath(\n platform: NodeJS.Platform = process.platform,\n env: NodeJS.ProcessEnv = process.env,\n homedir: string = os.homedir(),\n): string {\n const FILE = 'claude_desktop_config.json';\n if (platform === 'darwin') {\n return path.join(homedir, 'Library', 'Application Support', 'Claude', FILE);\n }\n if (platform === 'win32') {\n const appData = env.APPDATA ?? path.join(homedir, 'AppData', 'Roaming');\n return path.join(appData, 'Claude', FILE);\n }\n // Linux + others: XDG-ish default.\n const xdg = env.XDG_CONFIG_HOME ?? path.join(homedir, '.config');\n return path.join(xdg, 'Claude', FILE);\n}\n\n/**\n * Build the `vectros` MCP server entry. The default invocation is\n * `npx -y @vectros-ai/mcp-server`; the base URL is only emitted when it\n * differs from the production default (staging installs need it).\n */\nexport function buildVectrosServerEntry(opts: {\n apiKey: string;\n apiBaseUrl?: string;\n}): McpServerEntry {\n const env: Record<string, string> = { VECTROS_API_KEY: opts.apiKey };\n if (opts.apiBaseUrl && opts.apiBaseUrl !== 'https://api.vectros.ai') {\n env.VECTROS_API_BASE_URL = opts.apiBaseUrl;\n }\n return {\n command: 'npx',\n args: ['-y', '@vectros-ai/mcp-server'],\n env,\n };\n}\n\n/**\n * Resolve the Claude Code PROJECT MCP config path: `<cwd>/.mcp.json`.\n *\n * Claude Code reads a project-scoped, version-controllable `.mcp.json` whose\n * shape is identical to Claude Desktop's — a top-level `mcpServers` map of\n * `{ command, args, env }` entries — so {@link mergeServerEntry} /\n * {@link safeMergeConfigFile} merge it unchanged. (Claude Code's other stores\n * are the user-scoped `~/.claude.json` and a project-local section inside it;\n * the committed project `.mcp.json` is the one the \"one command to install\"\n * story wants, since it travels with the repo.) Pure — `cwd` is injected so\n * tests don't depend on the process working directory.\n */\nexport function claudeCodeProjectConfigPath(cwd: string = process.cwd()): string {\n return path.join(cwd, '.mcp.json');\n}\n\n/**\n * Build the ready-to-run `claude mcp add` command for Claude Code's CLI — the\n * alternative to writing `.mcp.json` by hand. Each `env` var becomes a `-e\n * KEY=value` flag; everything after `--` is the stdio server command Claude\n * Code launches. Derived from the SAME {@link McpServerEntry} as the file merge\n * so the two install paths never drift (e.g. the base-URL is present here iff\n * {@link buildVectrosServerEntry} emitted it). Pure.\n *\n * claude mcp add vectros -e VECTROS_API_KEY=ssk_live_… -- npx -y @vectros-ai/mcp-server\n */\nexport function buildClaudeCodeAddCommand(entry: McpServerEntry, serverKey = 'vectros'): string {\n const envFlags = Object.entries(entry.env ?? {}).map(([k, v]) => `-e ${k}=${v}`);\n return ['claude', 'mcp', 'add', serverKey, ...envFlags, '--', entry.command, ...entry.args].join(' ');\n}\n\nexport type MergeAction = 'created' | 'added' | 'overwrote';\n\nexport interface MergeResult {\n config: ClaudeDesktopConfig;\n /** 'added' = key was new; 'overwrote' = a vectros entry already existed. */\n action: MergeAction;\n}\n\n/**\n * Pure merge: return a NEW config object with the server entry injected\n * under `serverKey`. Preserves every other top-level key and every other\n * mcpServers entry. Does not mutate the input.\n */\nexport function mergeServerEntry(\n existing: ClaudeDesktopConfig | undefined,\n entry: McpServerEntry,\n serverKey = 'vectros',\n): MergeResult {\n const base: ClaudeDesktopConfig = existing ? { ...existing } : {};\n const servers: Record<string, McpServerEntry> = { ...(base.mcpServers ?? {}) };\n const hadKey = Object.prototype.hasOwnProperty.call(servers, serverKey);\n servers[serverKey] = entry;\n base.mcpServers = servers;\n return { config: base, action: hadKey ? 'overwrote' : 'added' };\n}\n\nexport interface SafeMergeResult {\n configPath: string;\n /** 'created' when no config existed; otherwise the merge action. */\n action: MergeAction;\n /** Path of the backup written (only when an existing file was replaced). */\n backupPath?: string;\n}\n\n/**\n * Locate, back up, merge, and atomic-write the Claude Desktop config.\n *\n * - Missing file → creates it (with parent dirs); action 'created'.\n * - Existing file → backs it up to `<path>.bak`, merges, atomic-writes;\n * action 'added' (vectros key was new) or 'overwrote' (it existed).\n * - Malformed existing JSON → throws (the CLI catches and falls back to\n * printing the snippet — never crash on the user's file).\n *\n * Atomic-write = write a sibling temp file then rename over the target\n * (libuv's rename replaces atomically on POSIX and Windows alike).\n */\nexport async function safeMergeConfigFile(opts: {\n configPath: string;\n entry: McpServerEntry;\n serverKey?: string;\n}): Promise<SafeMergeResult> {\n const { configPath, entry, serverKey = 'vectros' } = opts;\n\n let existing: ClaudeDesktopConfig | undefined;\n let fileExisted = false;\n try {\n const raw = await fs.readFile(configPath, 'utf8');\n fileExisted = true;\n if (raw.trim().length > 0) {\n existing = JSON.parse(raw) as ClaudeDesktopConfig;\n }\n } catch (err) {\n const code = (err as NodeJS.ErrnoException).code;\n if (code === 'ENOENT') {\n existing = undefined; // first-time creation\n } else if (err instanceof SyntaxError) {\n throw new Error(\n `Existing Claude Desktop config at ${configPath} is not valid JSON ` +\n `(${err.message}). Refusing to overwrite — fix it or re-run with --print.`,\n );\n } else {\n throw err;\n }\n }\n\n const { config, action: mergeAction } = mergeServerEntry(existing, entry, serverKey);\n\n // Back up an existing file before replacing it.\n let backupPath: string | undefined;\n if (fileExisted) {\n backupPath = `${configPath}.bak`;\n await fs.copyFile(configPath, backupPath);\n } else {\n await fs.mkdir(path.dirname(configPath), { recursive: true });\n }\n\n // Atomic write: temp sibling + rename.\n const tmpPath = `${configPath}.tmp`;\n const serialized = `${JSON.stringify(config, null, 2)}\\n`;\n await fs.writeFile(tmpPath, serialized, { encoding: 'utf8', mode: 0o600 });\n await fs.rename(tmpPath, configPath);\n\n return {\n configPath,\n action: fileExisted ? mergeAction : 'created',\n backupPath,\n };\n}\n","/**\n * `vectros blueprint` — the authoring command group (spec\n * `blueprint-authoring-extensibility`).\n *\n * This slice ships the inner-loop authoring checks, all creds-free + offline:\n * vectros blueprint validate <file> structural + scope gate + linter\n * vectros blueprint plan <file> validate + the terraform-style preview\n * vectros blueprint list the bundled library\n *\n * Future subcommands (init scaffold, pull/eject, --live dry-run) extend this\n * dispatch. The validate path is the trust-boundary proof: a file/forked\n * blueprint flows through the IDENTICAL `validateBlueprint` (structural parse +\n * scope gate) a bundled one does — no new trust surface.\n *\n * Like the bootstrap CLI, this is the interactive provisioning binary (NOT the\n * MCP stdio runtime), so it writes to stdout/stderr freely.\n */\nimport { writeFile, access } from 'node:fs/promises';\nimport { BUNDLED_BLUEPRINTS, BLUEPRINT_NAMES, getBlueprint, type Blueprint } from '@vectros-ai/blueprints';\nimport type { Logger } from './log.js';\nimport { loadBlueprintFile, looksLikePath, buildInputSupply } from './blueprint-file.js';\nimport { assertScopeGate, ScopeGateError, evaluateScopeGate } from './scope-gate.js';\nimport { lintBlueprint, lintPasses } from './lint.js';\nimport { buildPlan, renderPlan, assertNoUnresolvedIdentities } from './loader.js';\nimport { buildScaffold, scaffoldPath } from './blueprint-init.js';\n\nexport interface BlueprintArgs {\n sub?: string;\n /** Positional arg: a file/name for validate/plan, or the new name for init. */\n file?: string;\n /** `init --from <bundled>`: scaffold from a bundled blueprint instead of the default template. */\n from?: string;\n /** `init --out <path>`: override the default ./<name>.blueprint.yaml output path. */\n out?: string;\n /** `init --force`: overwrite an existing file. */\n force: boolean;\n /** `--set name=value` (repeatable): install-time variable values for validate/plan. */\n set: string[];\n /** `--values <file>`: a YAML/JSON map of install-time variable values. */\n values?: string;\n help: boolean;\n}\n\n/** Pure arg parser for the `blueprint` group (tested). Unknown flags throw. */\nexport function parseBlueprintArgs(argv: string[]): BlueprintArgs {\n const args: BlueprintArgs = { help: false, force: false, set: [] };\n const positionals: string[] = [];\n for (let i = 0; i < argv.length; i++) {\n const a = argv[i];\n switch (a) {\n case '--help':\n case '-h':\n args.help = true;\n break;\n case '--from':\n args.from = argv[++i];\n break;\n case '--out':\n args.out = argv[++i];\n break;\n case '--force':\n args.force = true;\n break;\n case '--set':\n args.set.push(argv[++i]);\n break;\n case '--values':\n args.values = argv[++i];\n break;\n default:\n if (a.startsWith('-')) throw new Error(`Unknown blueprint flag: ${a}`);\n positionals.push(a);\n }\n }\n args.sub = positionals[0];\n args.file = positionals[1];\n return args;\n}\n\nexport const BLUEPRINT_HELP = `vectros blueprint — author + inspect blueprints.\n\nUsage:\n vectros blueprint init <name> [--from <bundled>] [--out <path>] [--force]\n Scaffold a new blueprint YAML to edit (no creds).\n vectros blueprint validate <file|name> Structural + scope-gate + lint checks (no creds).\n vectros blueprint plan <file|name> Validate, then preview what bootstrap WOULD provision.\n vectros blueprint list List the bundled blueprint library.\n\n<file|name> is a path to your own blueprint (YAML .yaml/.yml or JSON .json) OR\nthe name of a bundled blueprint. The same scope gate that protects bundled\nblueprints applies to file blueprints — a forked or hand-written blueprint can\nnever request control-plane access.\n\nA blueprint may declare a top-level 'inputs:' block and reference its values\nwith \\${{ inputs.<name> }} (and the built-ins \\${{ vectros.context }} /\n\\${{ vectros.suffix }}). Supply values at validate/plan/apply time with\n--set / --values.\n\nOptions:\n --from <bundled> init: scaffold from a bundled blueprint (${BLUEPRINT_NAMES.join(', ')}).\n --out <path> init: output path (default ./<name>.blueprint.yaml).\n --force init: overwrite an existing file.\n --set name=value Set an input value (repeatable). Beats --values + the declared default.\n --values <file> A YAML/JSON map of input values. (File blueprints only.)\n --help, -h Show this help.`;\n\n/**\n * Resolve a `<file|name>` argument to a structurally-valid {@link Blueprint}:\n * a path-looking arg loads the file (YAML/JSON), otherwise it's a bundled name.\n * Throws on unreadable file / unknown name / malformed shape. Does NOT run the\n * scope gate — the caller does (validate/plan both gate after resolving).\n */\nasync function resolveBlueprintArg(arg: string, supplied: Record<string, unknown>): Promise<Blueprint> {\n if (looksLikePath(arg)) return loadBlueprintFile(arg, supplied);\n // Bundled blueprints are fixed typed objects — they can't declare `inputs:`,\n // so supplying values against one is a usage error (not a silent no-op).\n if (Object.keys(supplied).length > 0) {\n throw new Error(\n `--set/--values apply only to file blueprints; '${arg}' is a bundled blueprint (no inputs to set).`,\n );\n }\n const b = getBlueprint(arg);\n if (!b) {\n throw new Error(\n `Unknown blueprint '${arg}'. Bundled: ${BLUEPRINT_NAMES.join(', ')}, or pass a path (./my.yaml).`,\n );\n }\n return b;\n}\n\n/**\n * Resolve + fully validate a `<file|name>` arg: structural parse → scope gate →\n * linter. On any failure, writes the diagnostic to stderr and returns null\n * (caller maps null → exit 2). On success returns the {@link Blueprint}.\n * Shared by `validate` (which then prints the ✔ summary) and `plan` (which then\n * renders the preview) so both run the IDENTICAL validation pipeline.\n */\nasync function resolveAndValidate(\n arg: string | undefined,\n verb: string,\n supplied: Record<string, unknown>,\n): Promise<Blueprint | null> {\n if (!arg) {\n process.stderr.write(` ✖ ${verb} requires a blueprint: vectros blueprint ${verb} <file|name>\\n`);\n return null;\n }\n\n // 1. Resolve + structural parse (rejects unreadable file / unknown name / bad shape).\n let blueprint: Blueprint;\n try {\n blueprint = await resolveBlueprintArg(arg, supplied);\n } catch (err) {\n process.stderr.write(` ✖ ${err instanceof Error ? err.message : String(err)}\\n`);\n return null;\n }\n\n // 2. Scope gate — the trust boundary. Identical to bundled blueprints + the\n // mint paths (cli-bootstrap.validateBlueprint / loader.runLoader): role\n // clauses ALSO mint scope grants, so they're gated too — otherwise validate\n // would green-light a blueprint whose role carries a control-plane scope,\n // only for apply to reject it. The identity guard mirrors the mint paths so\n // validate fails on identity usage the loader can't yet resolve.\n try {\n assertScopeGate(blueprint.accessProfile.allowedActions);\n for (const clauses of Object.values(blueprint.roles ?? {})) {\n for (const clause of clauses) assertScopeGate(clause.allowedActions);\n }\n } catch (err) {\n if (err instanceof ScopeGateError) {\n process.stderr.write(` ✖ Scope gate rejected '${blueprint.name}':\\n`);\n for (const r of err.rejected) process.stderr.write(` • ${r.action}: ${r.reason}\\n`);\n return null;\n }\n throw err;\n }\n\n // Identity guard — fails closed on identity usage the loader can't yet resolve.\n // Throws a plain Error; map it to a clean usage failure (exit 2).\n try {\n assertNoUnresolvedIdentities(blueprint);\n } catch (err) {\n process.stderr.write(` ✖ ${err instanceof Error ? err.message : String(err)}\\n`);\n return null;\n }\n\n // 3. Linter — semantic authoring checks. Errors fail; warnings are advisory.\n const findings = lintBlueprint(blueprint);\n for (const f of findings) {\n const mark = f.severity === 'error' ? '✖' : '⚠';\n const stream = f.severity === 'error' ? process.stderr : process.stdout;\n stream.write(` ${mark} [${f.rule}] ${f.message}\\n`);\n }\n if (!lintPasses(findings)) {\n process.stderr.write(` ✖ '${blueprint.name}' has lint errors — see above.\\n`);\n return null;\n }\n\n return blueprint;\n}\n\n/**\n * `vectros blueprint validate <file|name>` — the inner-loop authoring check.\n * Structural parse → scope gate → linter. Exit 0 if valid (warnings allowed),\n * 2 on any structural error, scope-gate rejection, or lint error.\n */\nasync function runValidate(args: BlueprintArgs): Promise<number> {\n let supplied: Record<string, unknown>;\n try {\n supplied = await buildInputSupply(args.set, args.values);\n } catch (err) {\n process.stderr.write(` ✖ ${err instanceof Error ? err.message : String(err)}\\n`);\n return 2;\n }\n const blueprint = await resolveAndValidate(args.file, 'validate', supplied);\n if (!blueprint) return 2;\n\n const gate = evaluateScopeGate(blueprint.accessProfile.allowedActions);\n const warnCount = lintBlueprint(blueprint).length;\n process.stdout.write(\n ` ✔ '${blueprint.name}' is valid` +\n ` — structural ✓, scope gate ✓ [${gate.accepted.join(', ')}], lint ✓` +\n (warnCount ? ` (${warnCount} warning${warnCount === 1 ? '' : 's'})` : '') +\n '\\n',\n );\n return 0;\n}\n\n/**\n * `vectros blueprint plan <file|name>` — validate, then preview what\n * `vectros bootstrap` WOULD provision (the terraform-plan-style preview,\n * derived from the loader's own sequence via buildPlan). Creds-free, mints\n * nothing. Exit 0 if valid, 2 on any validation failure.\n */\nasync function runPlan(args: BlueprintArgs): Promise<number> {\n let supplied: Record<string, unknown>;\n try {\n supplied = await buildInputSupply(args.set, args.values);\n } catch (err) {\n process.stderr.write(` ✖ ${err instanceof Error ? err.message : String(err)}\\n`);\n return 2;\n }\n const blueprint = await resolveAndValidate(args.file, 'plan', supplied);\n if (!blueprint) return 2;\n\n const steps = buildPlan(blueprint);\n process.stdout.write(`\\n${renderPlan(blueprint, steps)}\\n`);\n // Echo the supplied values so the author sees the concrete, resolved document.\n const setEcho = [...args.set].join(' --set ');\n process.stdout.write(\n `\\n ${steps.length} step(s). This is a preview — nothing was minted.\\n` +\n ` Apply with: vectros bootstrap --blueprint ${args.file}` +\n (args.set.length ? ` --set ${setEcho}` : '') +\n (args.values ? ` --values ${args.values}` : '') +\n '\\n',\n );\n return 0;\n}\n\n/** Valid blueprint `name` shape (matches the stable-id convention; keeps the path safe). */\nconst INIT_NAME_RE = /^[a-z][a-z0-9-]{1,49}$/;\n\n/**\n * `vectros blueprint init <name> [--from <bundled>] [--out <path>] [--force]`\n * — scaffold a new blueprint YAML the author edits. Default template, or a\n * faithful copy of a bundled blueprint via --from. Refuses to overwrite an\n * existing file without --force. Creds-free, writes one file.\n */\nasync function runInit(args: BlueprintArgs): Promise<number> {\n const name = args.file;\n if (!name) {\n process.stderr.write(' ✖ init requires a name: vectros blueprint init <name>\\n');\n return 2;\n }\n if (!INIT_NAME_RE.test(name)) {\n process.stderr.write(\n ` ✖ Invalid name '${name}'. Use 2-50 chars: lowercase letter first, then ` +\n `lowercase letters/digits/dashes (e.g. 'my-thing').\\n`,\n );\n return 2;\n }\n\n // --from: copy a bundled exemplar (resolve + fail clearly on unknown name).\n let from: Blueprint | undefined;\n if (args.from) {\n from = getBlueprint(args.from);\n if (!from) {\n process.stderr.write(\n ` ✖ Unknown --from blueprint '${args.from}'. Bundled: ${BLUEPRINT_NAMES.join(', ')}.\\n`,\n );\n return 2;\n }\n }\n\n const outPath = args.out ?? scaffoldPath(name);\n if (!args.force) {\n const exists = await access(outPath).then(\n () => true,\n () => false,\n );\n if (exists) {\n process.stderr.write(` ✖ ${outPath} already exists. Pass --force to overwrite.\\n`);\n return 2;\n }\n }\n\n const scaffold = buildScaffold(name, from);\n try {\n await writeFile(outPath, scaffold, 'utf8');\n } catch (err) {\n process.stderr.write(` ✖ Could not write ${outPath}: ${err instanceof Error ? err.message : String(err)}\\n`);\n return 2;\n }\n\n process.stdout.write(\n ` ✔ Wrote ${outPath}${from ? ` (from '${from.name}')` : ''}\\n` +\n ` Next: edit it, then vectros blueprint validate ${outPath}\\n`,\n );\n return 0;\n}\n\n/** `vectros blueprint list` — the bundled library (read-only, agent-safe). */\nfunction runList(): number {\n process.stdout.write('\\n Bundled blueprints:\\n');\n for (const b of BUNDLED_BLUEPRINTS) {\n process.stdout.write(` • ${b.name} (v${b.version}) — ${b.description}\\n`);\n }\n process.stdout.write(\n `\\n Apply one with: vectros bootstrap --blueprint <name>\\n` +\n ` Scaffold your own: vectros blueprint init my-thing\\n` +\n ` Validate it: vectros blueprint validate ./my-thing.blueprint.yaml\\n`,\n );\n return 0;\n}\n\nexport interface BlueprintCliDeps {\n /** Reserved for future creds-bearing subcommands (`--live`, `pull`). The\n * current creds-free subcommands (validate/plan/list) don't use it; kept for\n * API stability + test injection. */\n log?: Logger;\n}\n\n/** Run the `vectros blueprint <sub>` command group. Returns the exit code. */\nexport async function runBlueprintCli(argv: string[], deps: BlueprintCliDeps = {}): Promise<number> {\n void deps;\n\n let args: BlueprintArgs;\n try {\n args = parseBlueprintArgs(argv);\n } catch (err) {\n process.stderr.write(`${err instanceof Error ? err.message : String(err)}\\n\\n${BLUEPRINT_HELP}\\n`);\n return 1;\n }\n\n // Explicit --help is always success. No subcommand at all is a usage error.\n if (args.help) {\n process.stdout.write(`${BLUEPRINT_HELP}\\n`);\n return 0;\n }\n if (!args.sub) {\n process.stdout.write(`${BLUEPRINT_HELP}\\n`);\n return 1;\n }\n\n switch (args.sub) {\n case 'init':\n return runInit(args);\n case 'validate':\n return runValidate(args);\n case 'plan':\n return runPlan(args);\n case 'list':\n return runList();\n default:\n process.stderr.write(\n `Unknown blueprint subcommand: ${args.sub}. ` +\n `Bundled: ${BLUEPRINT_NAMES.join(', ')}\\n\\n${BLUEPRINT_HELP}\\n`,\n );\n return 1;\n }\n}\n","/**\n * Blueprint linter — the Layer-0 authoring checks (spec\n * `blueprint-authoring-extensibility` §2).\n *\n * Structural (zod) validation in `@vectros-ai/blueprints` guarantees a\n * well-SHAPED blueprint; the scope gate guarantees a SAFE one. The linter\n * catches the class of authoring mistakes that are structurally valid + scope-\n * clean but semantically wrong — a lookupField naming a field that doesn't\n * exist, a seed for a typeName with no schema, a duplicate fieldId. Pure +\n * dependency-free, so it runs on every `vectros blueprint validate`.\n *\n * Errors fail validation (exit 2); warnings are advisory (printed, exit 0).\n */\nimport type { Blueprint } from '@vectros-ai/blueprints';\n\nexport type LintSeverity = 'error' | 'warning';\n\nexport interface LintFinding {\n severity: LintSeverity;\n /** Stable rule id for greppability (e.g. 'duplicate-field-id'). */\n rule: string;\n message: string;\n}\n\n// fieldTypes for which an `enumValues` list is meaningful. The platform allows\n// enum constraints on enum + string(+array) shapes; on number/boolean/date/\n// object an enumValues list is almost certainly an authoring mistake.\nconst ENUM_COMPATIBLE_TYPES = new Set(['enum', 'string', 'string[]']);\n\n/** Resolve a lookupField entry (bare string OR { fieldName }) to its field name. */\nfunction lookupFieldName(lf: string | { fieldName: string }): string {\n return typeof lf === 'string' ? lf : lf.fieldName;\n}\n\n/**\n * Lint a (already structurally-valid) blueprint. Returns all findings; the\n * caller decides exit behavior (any `error` → fail).\n */\nexport function lintBlueprint(bp: Blueprint): LintFinding[] {\n const findings: LintFinding[] = [];\n const typeNames = new Set<string>();\n\n for (const schema of bp.schemas) {\n typeNames.add(schema.typeName);\n const fieldIds = new Set<string>();\n\n for (const f of schema.fields) {\n // Rule: duplicate fieldId within a schema.\n if (fieldIds.has(f.fieldId)) {\n findings.push({\n severity: 'error',\n rule: 'duplicate-field-id',\n message: `schema '${schema.typeName}': duplicate fieldId '${f.fieldId}'.`,\n });\n }\n fieldIds.add(f.fieldId);\n\n // Rule: enumValues on a fieldType where it's meaningless.\n if (f.enumValues && f.enumValues.length > 0 && !ENUM_COMPATIBLE_TYPES.has(f.fieldType)) {\n findings.push({\n severity: 'warning',\n rule: 'enum-values-on-incompatible-type',\n message:\n `schema '${schema.typeName}', field '${f.fieldId}': enumValues set on ` +\n `fieldType '${f.fieldType}' (expected enum/string). The values will likely be ignored.`,\n });\n }\n }\n\n // Rule: lookupFields must reference declared fields.\n for (const lf of schema.lookupFields ?? []) {\n const name = lookupFieldName(lf);\n if (!fieldIds.has(name)) {\n findings.push({\n severity: 'error',\n rule: 'lookup-field-unknown',\n message: `schema '${schema.typeName}': lookupField '${name}' is not a declared field.`,\n });\n }\n }\n }\n\n // Rule: every seed record's typeName must have a schema.\n for (const rec of bp.seed ?? []) {\n if (!typeNames.has(rec.typeName)) {\n findings.push({\n severity: 'error',\n rule: 'seed-unknown-record-type',\n message:\n `seed '${rec.externalId}': typeName '${rec.typeName}' has no matching schema ` +\n `(the loader would skip it).`,\n });\n }\n }\n\n // Rule (warning): a dataScope value list WITHOUT the null sentinel restricts\n // the key to the listed owners ONLY — it will NOT see tenant-level (owner-less)\n // records, which includes any seed data the blueprint creates tenant-wide.\n // This is the most common dataScope footgun (\"my records + shared\" needs the\n // null). Nudge, don't fail — owner-only IS a legitimate choice.\n const ds = bp.accessProfile.dataScope;\n if (ds) {\n for (const [key, values] of Object.entries(ds)) {\n if (values.length > 0 && !values.includes(null)) {\n findings.push({\n severity: 'warning',\n rule: 'datascope-omits-null-sentinel',\n message:\n `accessProfile.dataScope.${key} lists owner ids but no null sentinel — the key will ` +\n `see ONLY those owners' records, NOT tenant-level/shared (incl. seed) records. ` +\n `Add null to the list (e.g. [\"${String(values[0])}\", null]) to also grant tenant-level access.`,\n });\n }\n }\n }\n\n // Rule: roleId must satisfy the platform's id grammar (same as contextId:\n // 3-31 chars, a lowercase letter then lowercase/digit/dash). A structurally\n // valid blueprint can still carry a roleId the platform rejects at apply\n // (the zod record key is unconstrained), so catch it offline.\n for (const roleId of Object.keys(bp.roles ?? {})) {\n if (!ROLE_ID_RE.test(roleId)) {\n findings.push({\n severity: 'error',\n rule: 'role-id-format',\n message:\n `role '${roleId}': invalid roleId — must be 3-31 chars, starting with a ` +\n `lowercase letter, then lowercase letters / digits / dashes (e.g. 'editor', 'team-member').`,\n });\n }\n }\n\n // Rule (warning): a role clause's dataScope omitting the null sentinel — same\n // footgun as accessProfile.dataScope (restricts to the listed owners only,\n // hiding tenant-level/shared records). Nudge per role/clause.\n for (const [roleId, clauses] of Object.entries(bp.roles ?? {})) {\n clauses.forEach((clause, i) => {\n const cds = clause.dataScope;\n if (!cds) return;\n for (const [key, values] of Object.entries(cds)) {\n if (values.length > 0 && !values.includes(null)) {\n findings.push({\n severity: 'warning',\n rule: 'role-datascope-omits-null-sentinel',\n message:\n `role '${roleId}' clause ${i}: dataScope.${key} lists owner ids but no null sentinel — ` +\n `a principal bound to this role will see ONLY those owners' records, NOT tenant-level/shared. ` +\n `Add null (e.g. [\"${String(values[0])}\", null]) to also grant tenant-level access.`,\n });\n }\n }\n });\n }\n\n return findings;\n}\n\n/** Platform roleId grammar (mirrors contextId): 3-31 chars, lcletter + lc/digit/dash. */\nconst ROLE_ID_RE = /^[a-z][a-z0-9-]{2,30}$/;\n\n/** Convenience: true iff the blueprint has zero lint ERRORS (warnings allowed). */\nexport function lintPasses(findings: LintFinding[]): boolean {\n return !findings.some((f) => f.severity === 'error');\n}\n","/**\n * `vectros blueprint init` scaffold generation (spec\n * `blueprint-authoring-extensibility` §4).\n *\n * Writes a heavily-commented YAML starter the author copies + edits — the docs\n * ARE the comments (the shadcn/CRA teach-by-example move). Two sources:\n * - default: a hand-authored commented template (below). `yaml.stringify`\n * strips comments, so the teaching template is a literal string; it is\n * guaranteed to pass `validate` + `plan`.\n * - `--from <bundled>`: a faithful YAML dump of a bundled blueprint (via\n * yaml.stringify) with a header comment — the \"copy the closest exemplar\"\n * path. No comments on the body (it's real data), but it's a real, valid\n * starting point.\n *\n * Pure: `buildScaffold` returns the string; the CLI owns the file write +\n * overwrite policy. The default output path is `./<name>.blueprint.yaml`.\n */\nimport { stringify as yamlStringify } from 'yaml';\nimport type { Blueprint } from '@vectros-ai/blueprints';\n\n/** Default output path for a scaffold named `<name>`. */\nexport function scaffoldPath(name: string): string {\n return `./${name}.blueprint.yaml`;\n}\n\n/**\n * The default heavily-commented scaffold. Substitutes `name` into the stable\n * ids. Deliberately minimal + data-plane-only so it passes validate/plan/gate\n * out of the box; the comments teach the format field-by-field.\n */\nexport function defaultScaffold(name: string): string {\n return `# ${name}.blueprint.yaml — a Vectros blueprint.\n# Edit, then check it with: vectros blueprint validate ./${name}.blueprint.yaml\n# Preview what it provisions: vectros blueprint plan ./${name}.blueprint.yaml\n# Apply it: vectros bootstrap --blueprint ./${name}.blueprint.yaml\n\nname: ${name} # stable id + idempotency key. Re-running NEVER duplicates.\nversion: 1.0.0\ndescription: One line describing what this blueprint provisions.\ncontextId: mcp # 3-31 chars, lowercase-start. The app-context your key binds to.\n\nschemas:\n - typeName: thing # immutable after first apply\n displayName: Thing\n indexMode: HYBRID # HYBRID | SEMANTIC | TEXT (default HYBRID)\n fields:\n - fieldId: title\n fieldType: string # string | number | boolean | date | enum | array | object\n required: true\n searchable: true # contributes to full-text + semantic search\n - fieldId: externalId # the dedup key — give every seed a stable one; it has\n fieldType: string # a built-in finder, so look it up directly (do NOT\n required: true # list it under lookupFields — the API reserves it)\n lookupFields: [title] # extra O(1) exact-match lookup indexes (max 10)\n\naccessProfile:\n # SCOPE GATE: data-plane only (records/schemas/search/documents/folders/inference).\n # Anything else (keys/profiles/admin/*) is HARD-REJECTED — by design, no override.\n # Ops: c|r|u|d, combinable (records:cru). Prefer the narrowest set (least privilege).\n allowedActions: [records:r, records:c, records:u, search:r, schemas:r]\n # dataScope binds the key to specific owners. Include null to ALSO see\n # tenant-level (shared) records — without it the key sees ONLY the listed\n # owners' records, not shared/seed data:\n # dataScope: { orgId: [<org-uuid>, null] }\n\nservicePrincipal:\n externalId: ${name}-sp # stable; the principal the profile + key bind to\n displayName: ${name}\n\nseed:\n - typeName: thing\n externalId: seed-welcome # stable → idempotent; re-apply converges\n fields: { title: \"Hello from ${name}\" }\n`;\n}\n\n/**\n * Build the scaffold string for `name`. When `from` is provided it's a bundled\n * {@link Blueprint} to faithfully copy (renamed to `name`); otherwise the\n * default commented template is used.\n */\nexport function buildScaffold(name: string, from?: Blueprint): string {\n if (!from) return defaultScaffold(name);\n\n // Faithful copy of a bundled exemplar, renamed. yaml.stringify drops the\n // teaching comments (it's real data, not a template), so add a header\n // pointing the author at the next step.\n const copy: Blueprint = {\n ...from,\n name,\n servicePrincipal: {\n ...from.servicePrincipal,\n externalId: `${name}-sp`,\n },\n };\n const header =\n `# ${name}.blueprint.yaml — copied from the bundled '${from.name}' blueprint.\\n` +\n `# Edit, then: vectros blueprint validate ./${name}.blueprint.yaml\\n`;\n return header + yamlStringify(copy);\n}\n","/**\n * Commander program for the `vectros` verb catalog (everything but the two\n * legacy hand-rolled groups, `bootstrap`/`blueprint`, which `cli.ts` dispatches\n * directly). Kept in its own module — separate from `cli.ts`, which self-runs\n * `main()` on import — so {@link buildProgram} is importable + testable without\n * triggering the CLI entrypoint.\n *\n * Each verb's logic lives in a `runX(opts, deps)` function (exit-code-returning,\n * dependency-injected); the commander actions here are thin adapters.\n */\nimport { Command, Option } from 'commander';\nimport { runWhoami } from './commands/whoami.js';\nimport {\n runKeyIssue,\n runKeyList,\n runKeyGet,\n runKeyRevoke,\n runKeyRotate,\n DEFAULT_KEY_NAME,\n type KeyFormat,\n} from './commands/key.js';\nimport {\n runIdentityCreate,\n runIdentityList,\n runIdentityGet,\n runIdentityDelete,\n type Dimension,\n} from './commands/identity.js';\nimport {\n runAccessGrant,\n runAccessRevoke,\n runAccessList,\n runAccessGet,\n} from './commands/access.js';\nimport { runRoleCreate, runRoleList, runRoleGet, runRoleDelete } from './commands/role.js';\nimport { runContextCreate, runContextList, runContextGet } from './commands/context.js';\nimport { runLogin, runLogout } from './commands/login.js';\nimport { runBlueprintTest } from './commands/blueprint-test.js';\nimport { formatBuildInfo } from './build-info.js';\nimport type { CliEnv } from './env.js';\nimport type { VerbDeps } from './verb-support.js';\n\nconst KEY_FORMATS = ['human', 'raw', 'env', 'json'] as const;\nconst DIMENSIONS = ['user', 'org', 'client'] as const;\n\n/**\n * Add the auth options every creds-bearing verb shares (env/base-url/token).\n * `--env` is validated to the two known environments by commander.\n */\nfunction addAuthOptions(cmd: Command): Command {\n return cmd\n .addOption(\n new Option('--env <env>', 'target environment').choices(['staging', 'production']).default('production'),\n )\n .option('--base-url <url>', 'override the API base URL (beats --env + VECTROS_API_BASE_URL)')\n .option('--token <token>', 'Cognito bearer; else read from env VECTROS_BOOTSTRAP_TOKEN')\n // No-op on the verb catalog (the scoped token is the default verb token\n // now). Kept parseable for backward-compat but hidden from --help;\n // `bootstrap` carries its own honored `--use-scoped-token` (see bridge.ts).\n .addOption(\n new Option('--use-scoped-token', 'no-op on verbs (scoped token is the default)').hideHelp(),\n );\n}\n\n/** Auth options + `--json` — for read verbs that render a human/JSON view. */\nfunction addCommonAuthOptions(cmd: Command): Command {\n return addAuthOptions(cmd).option(\n '--json',\n 'emit machine-readable JSON instead of the human-readable view',\n );\n}\n\n/** Common auth flags as parsed by commander, shared by the verb adapters. */\ninterface CommonAuthFlags {\n env: CliEnv;\n baseUrl?: string;\n token?: string;\n useScopedToken?: boolean;\n json?: boolean;\n}\n\n/** Map commander's parsed common flags → the verb-layer CommonVerbOptions. */\nfunction toCommonOptions(flags: CommonAuthFlags) {\n return {\n env: flags.env,\n baseUrl: flags.baseUrl,\n token: flags.token,\n useScopedToken: Boolean(flags.useScopedToken),\n json: Boolean(flags.json),\n };\n}\n\n/**\n * Build the commander program for the verb catalog (everything but the two legacy groups).\n *\n * `deps` is threaded into every creds-bearing verb's `runX(opts, deps)` call —\n * the same {@link VerbDeps} seam the verbs already expose. Production passes\n * nothing (default `{}` → real auth); tests pass a capturing `resolveAuth` to\n * assert the flag→opts→auth-seam wiring (the layer that once 403'd all verbs).\n */\nexport function buildProgram(deps: VerbDeps = {}): Command {\n const program = new Command();\n program\n .name('vectros')\n .description('The Vectros provisioning CLI — provision contexts, identities, access, and keys.')\n .version(formatBuildInfo(), '-v, --version', 'show the CLI + bundled SDK/blueprints versions')\n .showHelpAfterError()\n .addHelpText(\n 'after',\n '\\nProvisioning + authoring (own help):\\n' +\n ' bootstrap One-shot least-privilege MCP credential. vectros bootstrap --help\\n' +\n ' blueprint Author + inspect blueprints. vectros blueprint --help\\n',\n );\n\n const login = program\n .command('login')\n .description('Sign in via your browser (Cognito PKCE) and store a session.')\n .addOption(new Option('--env <env>', 'target environment').choices(['staging', 'production']).default('production'))\n .option('--no-browser', 'print the sign-in URL instead of opening a browser (headless/CI/WSL)');\n login.action(async (flags: { env: CliEnv; browser?: boolean }) => {\n process.exit(await runLogin({ env: flags.env, json: false, noBrowser: flags.browser === false }));\n });\n\n program\n .command('logout')\n .description('Clear the stored login session.')\n .action(async () => {\n process.exit(await runLogout({ env: 'production', json: false }));\n });\n\n const whoami = program.command('whoami').description('Show the authenticated session (tenant, env, principal).');\n addCommonAuthOptions(whoami).action(async (flags: CommonAuthFlags) => {\n process.exit(await runWhoami(toCommonOptions(flags), deps));\n });\n\n const blueprintTest = program\n .command('blueprint-test')\n .description('Apply a blueprint to a live env, assert it provisioned a working credential, then tear it down.')\n .argument('<file>', 'blueprint file path (./my.yaml) or a bundled blueprint name')\n .option('--keep', 'leave the provisioned graph in place (skip teardown) for inspection');\n addCommonAuthOptions(blueprintTest).action(\n async (file: string, flags: CommonAuthFlags & { keep?: boolean }) => {\n process.exit(await runBlueprintTest(file, { ...toCommonOptions(flags), keep: Boolean(flags.keep) }, deps));\n },\n );\n\n registerKeyCommands(program, deps);\n registerIdentityCommands(program, deps);\n registerAccessCommands(program, deps);\n registerRoleCommands(program, deps);\n registerContextCommands(program, deps);\n\n return program;\n}\n\n/** Register `vectros context <create|list|get>`. (destroy ships later — see context.ts.) */\nfunction registerContextCommands(program: Command, deps: VerbDeps): void {\n const context = program\n .command('context')\n .description('Manage app contexts (the namespace all data lives in).');\n\n const create = context\n .command('create')\n .description('Create (idempotent) an app context.')\n .argument('<contextId>', 'context id (3-31 chars; lowercase letter + lowercase/digit/dash)')\n .option('--name <name>', 'human-readable name');\n addCommonAuthOptions(create).action(async (contextId: string, flags: CommonAuthFlags & { name?: string }) => {\n process.exit(await runContextCreate({ ...toCommonOptions(flags), contextId, name: flags.name }, deps));\n });\n\n const list = context.command('list').description('List the tenant’s app contexts.');\n addCommonAuthOptions(list).action(async (flags: CommonAuthFlags) => {\n process.exit(await runContextList(toCommonOptions(flags), deps));\n });\n\n const get = context.command('get').description('Show one app context.').argument('<contextId>');\n addCommonAuthOptions(get).action(async (contextId: string, flags: CommonAuthFlags) => {\n process.exit(await runContextGet({ ...toCommonOptions(flags), contextId }, deps));\n });\n}\n\n/** Register `vectros role <create|list|get|delete>`. */\nfunction registerRoleCommands(program: Command, deps: VerbDeps): void {\n const role = program\n .command('role')\n .description('Manage context-scoped roles (reusable scope rules; bind via `access grant --role`).');\n\n const create = role\n .command('create')\n .description('Create (idempotent by roleId) a single-clause role from --actions.')\n .requiredOption('--context <c>', 'app context')\n .requiredOption('--role-id <id>', 'role id (3-31 chars; lowercase letter + lowercase/digit/dash)')\n .requiredOption('--name <name>', 'human-readable name')\n .requiredOption('--actions <csv>', 'allowed actions, comma-separated (e.g. records:cru,search:r)')\n .option('--description <text>', 'free-text description');\n addCommonAuthOptions(create).action(\n async (\n flags: CommonAuthFlags & { context: string; roleId: string; name: string; actions: string; description?: string },\n ) => {\n process.exit(\n await runRoleCreate({\n ...toCommonOptions(flags),\n context: flags.context,\n roleId: flags.roleId,\n name: flags.name,\n actions: flags.actions,\n description: flags.description,\n }, deps),\n );\n },\n );\n\n const list = role\n .command('list')\n .description('List the roles defined in a context.')\n .requiredOption('--context <c>', 'app context');\n addCommonAuthOptions(list).action(async (flags: CommonAuthFlags & { context: string }) => {\n process.exit(await runRoleList({ ...toCommonOptions(flags), context: flags.context }, deps));\n });\n\n const get = role\n .command('get')\n .description('Show one role by id.')\n .requiredOption('--context <c>', 'app context')\n .requiredOption('--role-id <id>', 'role id');\n addCommonAuthOptions(get).action(async (flags: CommonAuthFlags & { context: string; roleId: string }) => {\n process.exit(await runRoleGet({ ...toCommonOptions(flags), context: flags.context, roleId: flags.roleId }, deps));\n });\n\n const del = role\n .command('delete')\n .description('Delete a role (referencing profiles must be reassigned).')\n .requiredOption('--context <c>', 'app context')\n .requiredOption('--role-id <id>', 'role id');\n addAuthOptions(del).action(async (flags: CommonAuthFlags & { context: string; roleId: string }) => {\n process.exit(await runRoleDelete({ ...toCommonOptions(flags), context: flags.context, roleId: flags.roleId }, deps));\n });\n}\n\n/** Register `vectros access <grant|revoke|list|get>`. */\nfunction registerAccessCommands(program: Command, deps: VerbDeps): void {\n const access = program\n .command('access')\n .description('Manage access bindings: principal ↔ context ↔ role/scopes.');\n\n const grant = access\n .command('grant')\n .description('Bind a principal to a context via a role or inline actions.')\n .requiredOption('--principal <p>', \"principal: 'usr_<userId>' or 'key_<keyId>'\")\n .requiredOption('--context <c>', 'app context')\n .option('--role <roleId>', 'reference a Role (XOR --actions)')\n .option('--actions <csv>', 'inline single-clause actions, comma-separated (XOR --role)');\n addCommonAuthOptions(grant).action(\n async (flags: CommonAuthFlags & { principal: string; context: string; role?: string; actions?: string }) => {\n process.exit(\n await runAccessGrant({\n ...toCommonOptions(flags),\n principal: flags.principal,\n context: flags.context,\n role: flags.role,\n actions: flags.actions,\n }, deps),\n );\n },\n );\n\n const revoke = access\n .command('revoke')\n .description('Remove a principal’s binding in a context.')\n .requiredOption('--principal <p>', \"principal: 'usr_<userId>' or 'key_<keyId>'\")\n .requiredOption('--context <c>', 'app context');\n addAuthOptions(revoke).action(async (flags: CommonAuthFlags & { principal: string; context: string }) => {\n process.exit(await runAccessRevoke({ ...toCommonOptions(flags), principal: flags.principal, context: flags.context }, deps));\n });\n\n const list = access\n .command('list')\n .description('List a context’s members (--context) or a principal’s contexts (--principal).')\n .option('--context <c>', 'list members of this context')\n .option('--principal <p>', 'list contexts this principal is bound to');\n addCommonAuthOptions(list).action(async (flags: CommonAuthFlags & { context?: string; principal?: string }) => {\n process.exit(await runAccessList({ ...toCommonOptions(flags), context: flags.context, principal: flags.principal }, deps));\n });\n\n const get = access\n .command('get')\n .description('Show one principal’s binding in a context.')\n .requiredOption('--principal <p>', \"principal: 'usr_<userId>' or 'key_<keyId>'\")\n .requiredOption('--context <c>', 'app context');\n addCommonAuthOptions(get).action(async (flags: CommonAuthFlags & { principal: string; context: string }) => {\n process.exit(await runAccessGet({ ...toCommonOptions(flags), principal: flags.principal, context: flags.context }, deps));\n });\n}\n\n/** A `--type <user|org|client>` required option, validated by commander. */\nfunction dimensionOption(): Option {\n return new Option('--type <dim>', 'principal dimension').choices(DIMENSIONS).makeOptionMandatory();\n}\n\n/** Register `vectros identity <create|list|get|delete>`. */\nfunction registerIdentityCommands(program: Command, deps: VerbDeps): void {\n const identity = program\n .command('identity')\n .description('Manage tenant-wide principals (user / org / client) — reference, never embed.');\n\n const create = identity\n .command('create')\n .description('Create (idempotent by externalId) a principal.')\n .addOption(dimensionOption())\n .requiredOption('--external-id <id>', 'your stable id for the principal (idempotency key)')\n .option('--name <name>', 'display name (org/client only)')\n .option('--email <email>', 'email (user only)')\n .option('--service', 'user only: mint a SERVICE principal (default HUMAN)')\n .option('--org <orgId>', 'client only: the owning org id')\n .option('--metadata <json>', 'JSON object of metadata');\n addCommonAuthOptions(create).action(\n async (\n flags: CommonAuthFlags & {\n type: Dimension;\n externalId: string;\n name?: string;\n email?: string;\n service?: boolean;\n org?: string;\n metadata?: string;\n },\n ) => {\n process.exit(\n await runIdentityCreate({\n ...toCommonOptions(flags),\n type: flags.type,\n externalId: flags.externalId,\n name: flags.name,\n email: flags.email,\n service: flags.service,\n org: flags.org,\n metadata: flags.metadata,\n }, deps),\n );\n },\n );\n\n const list = identity\n .command('list')\n .description('List principals of a dimension (optionally filtered).')\n .addOption(dimensionOption())\n .option('--external-id <id>', 'filter to a stable id')\n .option('--limit <n>', 'page size (1–100)', (v) => Number.parseInt(v, 10));\n addCommonAuthOptions(list).action(\n async (flags: CommonAuthFlags & { type: Dimension; externalId?: string; limit?: number }) => {\n process.exit(\n await runIdentityList({\n ...toCommonOptions(flags),\n type: flags.type,\n externalId: flags.externalId,\n limit: flags.limit,\n }, deps),\n );\n },\n );\n\n const get = identity\n .command('get')\n .description('Show one principal by its Vectros id.')\n .addOption(dimensionOption())\n .requiredOption('--id <vectrosId>', 'the Vectros-assigned id (from create/list)');\n addCommonAuthOptions(get).action(async (flags: CommonAuthFlags & { type: Dimension; id: string }) => {\n process.exit(await runIdentityGet({ ...toCommonOptions(flags), type: flags.type, id: flags.id }, deps));\n });\n\n const del = identity\n .command('delete')\n .description('Delete a principal by its Vectros id.')\n .addOption(dimensionOption())\n .requiredOption('--id <vectrosId>', 'the Vectros-assigned id');\n addAuthOptions(del).action(async (flags: CommonAuthFlags & { type: Dimension; id: string }) => {\n process.exit(await runIdentityDelete({ ...toCommonOptions(flags), type: flags.type, id: flags.id }, deps));\n });\n}\n\n/** Flags parsed by commander for `key issue`/`key rotate` (emit a fresh secret). */\ninterface KeyMintFlags extends CommonAuthFlags {\n principal: string;\n context: string;\n name: string;\n label?: string;\n format: KeyFormat;\n}\n\n/** Register `vectros key <issue|list|get|revoke|rotate>`. */\nfunction registerKeyCommands(program: Command, deps: VerbDeps): void {\n const key = program.command('key').description('Manage scoped API keys (ssk_*) — issue, list, revoke, rotate.');\n\n const issue = key\n .command('issue')\n .description('Mint an ssk_* for a principal that already has a profile in the context.')\n .requiredOption('--principal <p>', 'principal (usr_<id> or <id>) with an AccessProfile in the context')\n .requiredOption('--context <c>', 'app context the key operates in')\n .option('--name <name>', 'key name (idempotency tuple component)', DEFAULT_KEY_NAME)\n .option('--label <label>', 'optional principal label (surfaced in /v1/ping)')\n .addOption(new Option('--format <fmt>', 'how to emit the secret').choices(KEY_FORMATS).default('human'));\n addAuthOptions(issue).action(async (flags: KeyMintFlags) => {\n process.exit(\n await runKeyIssue({\n ...toCommonOptions(flags),\n principal: flags.principal,\n context: flags.context,\n name: flags.name,\n label: flags.label,\n format: flags.format,\n }, deps),\n );\n });\n\n const list = key\n .command('list')\n .description('List the partner’s active scoped keys (optionally filtered).')\n .option('--principal <p>', 'only keys for this principal (usr_<id> or <id>)')\n .option('--context <c>', 'only keys in this context');\n addCommonAuthOptions(list).action(async (flags: CommonAuthFlags & { principal?: string; context?: string }) => {\n process.exit(\n await runKeyList({ ...toCommonOptions(flags), principal: flags.principal, context: flags.context }, deps),\n );\n });\n\n const get = key\n .command('get')\n .description('Show one key’s metadata (no secret).')\n .argument('<keyId>')\n .option('--context <c>', 'context the key is bound to (default: the default context)');\n addCommonAuthOptions(get).action(async (keyId: string, flags: CommonAuthFlags & { context?: string }) => {\n process.exit(await runKeyGet(keyId, { ...toCommonOptions(flags), context: flags.context }, deps));\n });\n\n const revoke = key\n .command('revoke')\n .description('Revoke a key (soft-delete; ~5 min to take effect).')\n .argument('<keyId>')\n .option('--context <c>', 'context the key is bound to (default: the default context)');\n addAuthOptions(revoke).action(async (keyId: string, flags: CommonAuthFlags & { context?: string }) => {\n process.exit(await runKeyRevoke(keyId, { ...toCommonOptions(flags), context: flags.context }, deps));\n });\n\n const rotate = key\n .command('rotate')\n .description('Revoke the matching active key and mint a fresh secret.')\n .requiredOption('--principal <p>', 'principal (usr_<id> or <id>)')\n .requiredOption('--context <c>', 'app context')\n .option('--name <name>', 'key name to rotate', DEFAULT_KEY_NAME)\n .addOption(new Option('--format <fmt>', 'how to emit the secret').choices(KEY_FORMATS).default('human'));\n addAuthOptions(rotate).action(async (flags: KeyMintFlags) => {\n process.exit(\n await runKeyRotate({\n ...toCommonOptions(flags),\n principal: flags.principal,\n context: flags.context,\n name: flags.name,\n format: flags.format,\n }, deps),\n );\n });\n}\n","/**\n * Shared output formatting for the verb catalog.\n *\n * Every verb supports two output modes: a human-readable default (aligned\n * key/value blocks + tables) and `--json` for scripting/piping. These helpers\n * are PURE (string in/out) so they're unit-tested directly; the commands wrap\n * them with `process.stdout.write`.\n *\n * Like the rest of the CLI (NOT the MCP stdio runtime), writing to stdout is\n * free here — the stdout-purity rule applies only to @vectros-ai/mcp-server.\n */\n\n/** Stable JSON serialisation for `--json` mode (2-space indent, trailing NL elsewhere). */\nexport function formatJson(value: unknown): string {\n return JSON.stringify(value, null, 2);\n}\n\n/**\n * Render an ordered list of `[label, value]` pairs as an aligned block:\n *\n * tenant: acme\n * env: staging\n *\n * `undefined`/`null` values are rendered as a dim em-dash so the shape is\n * stable. Labels are right-padded to the widest label for column alignment.\n */\nexport function formatKeyValues(pairs: ReadonlyArray<readonly [string, unknown]>): string {\n if (pairs.length === 0) return '';\n const width = Math.max(...pairs.map(([k]) => k.length));\n return pairs\n .map(([k, v]) => ` ${`${k}:`.padEnd(width + 1)} ${renderValue(v)}`)\n .join('\\n');\n}\n\n/**\n * Render rows as a simple fixed-width table with a header row + underline:\n *\n * KEY ID NAME STATUS\n * ──────────── ────────── ──────\n * key_abc… prod active\n *\n * `columns` declares the header label + the accessor for each row. An empty\n * `rows` yields the header + a \"(none)\" line so callers don't special-case it.\n */\nexport function formatTable<T>(\n rows: readonly T[],\n columns: ReadonlyArray<{ header: string; get: (row: T) => unknown }>,\n): string {\n const cells = rows.map((r) => columns.map((c) => renderValue(c.get(r))));\n const widths = columns.map((c, i) =>\n Math.max(c.header.length, ...cells.map((row) => row[i].length), 0),\n );\n const pad = (s: string, i: number): string => s.padEnd(widths[i]);\n\n const header = columns.map((c, i) => pad(c.header.toUpperCase(), i)).join(' ');\n const underline = widths.map((w) => '─'.repeat(w)).join(' ');\n if (rows.length === 0) return ` ${header}\\n ${underline}\\n (none)`;\n\n const body = cells.map((row) => ` ${row.map(pad).join(' ')}`).join('\\n');\n return ` ${header}\\n ${underline}\\n${body}`;\n}\n\n/** Render a single value for display: nullish → em-dash, objects → compact JSON. */\nfunction renderValue(v: unknown): string {\n if (v === undefined || v === null || v === '') return '—';\n if (typeof v === 'string') return v;\n if (typeof v === 'number' || typeof v === 'boolean') return String(v);\n return JSON.stringify(v);\n}\n\n/** Extract a human-readable message from any thrown value. */\nexport function formatError(err: unknown): string {\n if (err instanceof Error) return err.message;\n return String(err);\n}\n","/**\n * Shared plumbing for the creds-bearing verb catalog (`whoami`, `key`,\n * `identity`, `access`, `context`, `destroy`, `pull`, `blueprint install`).\n *\n * Every such verb authenticates the same way (the {@link AuthContext} seam) and\n * maps the same auth failures to the same exit codes. {@link withAuth}\n * centralises that so a verb body only contains its OWN logic, and the exit-code\n * contract is uniform:\n * 2 — usage problem the user fixes (no credential configured)\n * 1 — any other failure (network, auth rejection, API error)\n * 0 — success\n */\nimport { createLogger, type Logger } from './log.js';\nimport {\n resolveAuthContext,\n MissingCredentialError,\n type AuthContext,\n type AuthContextOptions,\n} from './auth-context.js';\nimport { formatError } from './output.js';\nimport type { CliEnv } from './env.js';\n\n/** The auth + output flags every creds-bearing verb shares (from commander). */\nexport interface CommonVerbOptions {\n env: CliEnv;\n baseUrl?: string;\n token?: string;\n /**\n * The app-context this verb operates in (its `--context` flag, where present).\n * Forwarded to the auth seam so the verb token is PINNED to it — an in-context\n * op (access/role/record/schema) 403s with a default-pinned token.\n */\n context?: string;\n /**\n * Set by the verbs that CREATE an app-context (`blueprint-test`, `context create`)\n * so they get the provisioning bootstrap token instead of a context-pinned\n * scoped token. Not a user-facing flag.\n */\n provisioning?: boolean;\n useScopedToken?: boolean;\n /** Emit machine-readable JSON instead of the human view. */\n json?: boolean;\n}\n\n/** Injectable dependencies for a verb (tests supply a fake `resolveAuth`). */\nexport interface VerbDeps {\n log?: Logger;\n resolveAuth?: (opts: AuthContextOptions) => Promise<AuthContext>;\n}\n\n/**\n * Resolve an {@link AuthContext} and run `body` with it, mapping auth failures\n * to exit codes (missing credential → 2, anything else → 1). The `body` owns\n * its own success/failure exit codes for API-level outcomes.\n */\nexport async function withAuth(\n opts: CommonVerbOptions,\n deps: VerbDeps,\n body: (auth: AuthContext, log: Logger) => Promise<number>,\n): Promise<number> {\n const log = deps.log ?? createLogger();\n const resolveAuth = deps.resolveAuth ?? resolveAuthContext;\n\n let auth: AuthContext;\n try {\n auth = await resolveAuth({\n env: opts.env,\n baseUrl: opts.baseUrl,\n token: opts.token,\n context: opts.context,\n provisioning: opts.provisioning,\n useScopedToken: opts.useScopedToken,\n log,\n });\n } catch (err) {\n if (err instanceof MissingCredentialError) {\n process.stderr.write(` ✖ ${err.message}\\n`);\n return 2;\n }\n process.stderr.write(` ✖ ${formatError(err)}\\n`);\n return 1;\n }\n\n return body(auth, log);\n}\n\n/**\n * Require the partner tenant id from the resolved identity. Throws a clear\n * error when /v1/ping didn't surface it (the extended ping must be deployed) —\n * the verb body's catch maps it to a user-facing failure.\n */\nexport function requireTenantId(auth: AuthContext): string {\n if (!auth.tenantId) {\n throw new Error(\n 'Could not resolve tenantId from /v1/ping — the extended ping (tenant_id) must be deployed.',\n );\n }\n return auth.tenantId;\n}\n\n/** Strip a leading `usr_` so a `--principal usr_<uuid>` and a bare `<uuid>` both work. */\nexport function normalizePrincipalUserId(principal: string): string {\n return principal.startsWith('usr_') ? principal.slice('usr_'.length) : principal;\n}\n\n/** Split a comma-separated flag value, trimming and dropping empties. */\nexport function splitCsv(csv: string): string[] {\n return csv\n .split(',')\n .map((s) => s.trim())\n .filter((s) => s.length > 0);\n}\n","/**\n * `vectros whoami` — show the authenticated session.\n *\n * The fast \"am I logged in, and as whom / where?\" check. It resolves an\n * {@link AuthContext} (Cognito bearer → bridge st_* → /v1/ping) and prints the\n * caller identity: tenant, environment, principal type, and (for the bridged\n * token) its allowed actions + expiry. Mints nothing; read-only.\n *\n * Verb logic lives in {@link runWhoami} (exit-code-returning, dependency-\n * injected) so it's unit-tested directly — the commander action in `cli.ts` is\n * a thin adapter, mirroring the existing `runBootstrapCli`/`runBlueprintCli`.\n */\nimport { formatJson, formatKeyValues } from '../output.js';\nimport { withAuth, type CommonVerbOptions, type VerbDeps } from '../verb-support.js';\n\nexport type WhoamiOptions = CommonVerbOptions;\nexport type WhoamiDeps = VerbDeps;\n\n/**\n * Run `vectros whoami`. Returns the process exit code: 0 on success, 2 when no\n * credential is configured (a usage problem the user fixes), 1 on any other\n * failure (network, auth rejection).\n */\nexport async function runWhoami(options: WhoamiOptions, deps: WhoamiDeps = {}): Promise<number> {\n return withAuth(options, deps, async (auth) => {\n const { identity, baseUrl } = auth;\n\n if (options.json) {\n process.stdout.write(`${formatJson(identity)}\\n`);\n return 0;\n }\n\n const expiry =\n typeof identity.tokenExpiresAt === 'number'\n ? new Date(identity.tokenExpiresAt * 1000).toISOString()\n : undefined;\n\n process.stdout.write(\n '\\n' +\n formatKeyValues([\n ['tenant', identity.tenantId],\n ['environment', identity.environment],\n ['principal', identity.principalType],\n ['principal id', identity.principalKeyId],\n ['label', identity.principalLabel],\n ['allowed actions', identity.allowedActions?.length ? identity.allowedActions.join(', ') : undefined],\n ['token expires', expiry],\n ['api', baseUrl],\n ]) +\n '\\n',\n );\n return 0;\n });\n}\n","/**\n * Pagination helper (SDK 0.20+).\n *\n * Every partner-API list endpoint returns the `{ data, nextCursor }`\n * PAGE envelope rather than a bare array. A consumer that treats the result as\n * an array (`.map`/`.filter`/`.find`/`.length`) breaks at runtime — and the\n * commands cast the SDK client through `as unknown as <LocalIface>`, which\n * severs type-checking, so that break is invisible to the compiler. This helper\n * is the single place the CLI unwraps + drains pages, so every `list` verb\n * shows the COMPLETE set rather than silently truncating at the SDK's default\n * page size.\n */\n\n/** The page envelope (narrowed to what callers read). */\nexport interface Page<T> {\n data?: T[];\n nextCursor?: string | null;\n}\n\n/** Page size requested per fetch (the SDK caps `limit` at 100). */\nexport const PAGE_LIMIT = 100;\n\n/**\n * Drain every page of a paginated list endpoint into one flat array. `fetch` is\n * invoked once per page with the cursor to continue from (`undefined` for the\n * first page) and must return the page envelope. The loop is driven by\n * the OPAQUE `nextCursor` (never a `data.length < limit` heuristic — a full\n * final page returns a null cursor), terminating on a null / absent / empty\n * cursor. An endpoint with no cursor input (e.g. `listScopedKeys`, which takes\n * no request) returns a single page and drains in one iteration.\n */\nexport async function drainPages<T>(fetch: (startFrom?: string) => Promise<Page<T>>): Promise<T[]> {\n const out: T[] = [];\n let startFrom: string | undefined;\n for (;;) {\n const page = await fetch(startFrom);\n if (page.data) out.push(...page.data);\n const next = page.nextCursor;\n if (!next) break;\n startFrom = next;\n }\n return out;\n}\n","/**\n * `vectros key` — the credential (ssk_*) lifecycle.\n *\n * key issue --principal <p> --context <c> [--name <n>] [--label <l>] [--format …]\n * key list [--principal <p>] [--context <c>]\n * key get <keyId> [--context <c>]\n * key revoke <keyId> [--context <c>]\n * key rotate --principal <p> --context <c> [--name <n>] [--format …]\n *\n * A credential authenticates *as* a principal that ALREADY has an AccessProfile\n * in the context (mint that with `vectros access grant` first); a key can never\n * exceed the bound profile (CLI-AND-BLUEPRINT-ARCHITECTURE §3, §8). The raw\n * `ssk_*` is shown **exactly once** on issue/rotate — never re-readable (lose\n * it → `key rotate`). `key rotate` has no dedicated endpoint: it revokes the\n * matching active key, then mints a fresh one.\n *\n * KEY↔CONTEXT BINDING: a key lives in the context it was issued in, and the\n * platform scopes key reads/revokes by the caller token's context — so get/list/\n * revoke each carry an optional `--context` that PINS the verb token to that\n * context (via the shared auth seam). Without it the token pins to the default\n * context, leaving a key bound elsewhere (e.g. one minted by `bootstrap`)\n * unreachable. The server still enforces tenant binding on the pinned token —\n * `--context` selects WHICH of the caller's own contexts to act in, it does not\n * cross a tenant boundary.\n *\n * Each subcommand is an exit-code-returning, DI'd `runKeyX(opts, deps)` tested\n * against a narrow {@link KeyApiClient} mock derived from the SDK.\n */\nimport type { VectrosClient } from '@vectros-ai/sdk';\nimport { formatJson, formatKeyValues, formatTable, formatError } from '../output.js';\nimport { drainPages, type Page } from '../paginate.js';\nimport {\n withAuth,\n requireTenantId,\n normalizePrincipalUserId,\n type CommonVerbOptions,\n type VerbDeps,\n} from '../verb-support.js';\n\n// SDK-derived request/response shapes — drift in the SDK becomes a COMPILE error\n// here, not a runtime no-op (see loader.ts \"SDK conformance\").\ntype SdkCreateKeyReq = Parameters<VectrosClient['auth']['createScopedKey']>[0];\ntype SdkGetKeyReq = Parameters<VectrosClient['auth']['getScopedKey']>[0];\ntype SdkRevokeKeyReq = Parameters<VectrosClient['auth']['revokeScopedKey']>[0];\ntype SdkKeyRes = Awaited<ReturnType<VectrosClient['auth']['createScopedKey']>>;\n\n/** The key fields the CLI reads (rawKey is present only on a fresh 201). */\nexport type KeyView = Pick<\n SdkKeyRes,\n | 'keyId'\n | 'keyName'\n | 'rawKey'\n | 'contextId'\n | 'userId'\n | 'userType'\n | 'status'\n | 'createdAt'\n | 'lastUsedAt'\n>;\n\n/** Narrow view of the SDK `auth` methods the key verbs call (test-mockable). */\nexport interface KeyApiClient {\n auth: {\n createScopedKey(req: SdkCreateKeyReq): Promise<KeyView>;\n // Returns a page envelope. NB the SDK exposes NO cursor input on this\n // endpoint, so it is effectively a single page (see drainPages).\n listScopedKeys(): Promise<Page<KeyView>>;\n getScopedKey(req: SdkGetKeyReq): Promise<KeyView>;\n revokeScopedKey(req: SdkRevokeKeyReq): Promise<void>;\n };\n}\n\n/** Default key name when `--name` is omitted (idempotency tuple component). */\nexport const DEFAULT_KEY_NAME = 'default';\n\n/** How `key issue`/`key rotate` emit the freshly-minted raw secret. */\nexport type KeyFormat = 'human' | 'raw' | 'env' | 'json';\n\nexport interface KeyIssueOptions extends CommonVerbOptions {\n principal: string;\n context: string;\n name?: string;\n label?: string;\n format: KeyFormat;\n}\n\nexport interface KeyListOptions extends CommonVerbOptions {\n principal?: string;\n context?: string;\n}\n\nexport interface KeyRotateOptions extends CommonVerbOptions {\n principal: string;\n context: string;\n name?: string;\n format: KeyFormat;\n}\n\n/** Render a freshly-minted key (with its one-time rawKey) per `--format`. */\nfunction emitMintedKey(key: KeyView, format: KeyFormat): void {\n const raw = key.rawKey ?? '';\n switch (format) {\n case 'raw':\n process.stdout.write(`${raw}\\n`);\n return;\n case 'env':\n process.stdout.write(`VECTROS_API_KEY=${raw}\\n`);\n return;\n case 'json':\n process.stdout.write(`${formatJson(key)}\\n`);\n return;\n case 'human':\n process.stdout.write(\n '\\n' +\n formatKeyValues([\n ['key id', key.keyId],\n ['name', key.keyName],\n ['context', key.contextId],\n ['principal', key.userId ? `usr_${key.userId}` : undefined],\n ['status', key.status],\n ]) +\n `\\n\\n VECTROS_API_KEY=${raw}\\n` +\n ' ⚠ Save this now — the secret is shown only once. Lose it → `vectros key rotate`.\\n',\n );\n }\n}\n\n/** True when a key record is the active match for a (context, principal, name) tuple. */\nfunction matchesTuple(k: KeyView, contextId: string, userId: string, keyName: string): boolean {\n return k.contextId === contextId && k.userId === userId && k.keyName === keyName && k.status === 'active';\n}\n\n/**\n * `key issue` — mint an `ssk_*` for a principal that already has a profile in\n * the context. Idempotent on (tenant, context, principal, name): a re-issue of\n * an existing tuple returns the key WITHOUT the secret (the platform never\n * re-discloses) — we detect the missing rawKey and point the user at `rotate`.\n */\nexport async function runKeyIssue(opts: KeyIssueOptions, deps: VerbDeps = {}): Promise<number> {\n return withAuth(opts, deps, async (auth) => {\n const client = auth.client as unknown as KeyApiClient;\n try {\n const tenantId = requireTenantId(auth);\n const userId = normalizePrincipalUserId(opts.principal);\n const keyName = opts.name ?? DEFAULT_KEY_NAME;\n\n const key = await client.auth.createScopedKey({\n keyName,\n tenantId,\n contextId: opts.context,\n userId,\n label: opts.label,\n });\n\n if (!key.rawKey) {\n process.stderr.write(\n ` ✖ A key named '${keyName}' already exists for usr_${userId} in '${opts.context}'.\\n` +\n ' The secret is shown only once and cannot be re-read. Run `vectros key rotate` ' +\n 'to revoke it and mint a fresh secret, or choose a different --name.\\n',\n );\n return 1;\n }\n\n emitMintedKey(key, opts.format);\n return 0;\n } catch (err) {\n process.stderr.write(` ✖ key issue failed: ${formatError(err)}\\n`);\n return 1;\n }\n });\n}\n\n/**\n * `key list` — the partner's active `ssk_*` keys, optionally filtered to a\n * principal and/or context (client-side: the list endpoint returns all active\n * keys for the partner). `lastUsedAt` is coarse (~hourly, best-effort) and null\n * for keys unused since usage tracking shipped.\n */\nexport async function runKeyList(opts: KeyListOptions, deps: VerbDeps = {}): Promise<number> {\n return withAuth(opts, deps, async (auth) => {\n const client = auth.client as unknown as KeyApiClient;\n try {\n const filterUserId = opts.principal ? normalizePrincipalUserId(opts.principal) : undefined;\n const keys = (await drainPages(() => client.auth.listScopedKeys())).filter(\n (k) =>\n (!opts.context || k.contextId === opts.context) &&\n (!filterUserId || k.userId === filterUserId),\n );\n\n if (opts.json) {\n process.stdout.write(`${formatJson(keys)}\\n`);\n return 0;\n }\n process.stdout.write(\n '\\n' +\n formatTable(keys, [\n { header: 'key id', get: (k) => k.keyId },\n { header: 'name', get: (k) => k.keyName },\n { header: 'context', get: (k) => k.contextId },\n { header: 'principal', get: (k) => (k.userId ? `usr_${k.userId}` : undefined) },\n { header: 'type', get: (k) => k.userType },\n { header: 'status', get: (k) => k.status },\n { header: 'last used', get: (k) => k.lastUsedAt },\n { header: 'created', get: (k) => k.createdAt },\n ]) +\n '\\n',\n );\n return 0;\n } catch (err) {\n process.stderr.write(` ✖ key list failed: ${formatError(err)}\\n`);\n return 1;\n }\n });\n}\n\n/**\n * `key get <keyId>` — metadata for one key (no secret). `--context` (on\n * `opts.context`, forwarded by `withAuth` to the auth seam) pins the verb token\n * to the key's context; a key bound to a non-default context 404s without it.\n */\nexport async function runKeyGet(\n keyId: string,\n opts: CommonVerbOptions,\n deps: VerbDeps = {},\n): Promise<number> {\n return withAuth(opts, deps, async (auth) => {\n const client = auth.client as unknown as KeyApiClient;\n try {\n const key = await client.auth.getScopedKey({ keyId });\n if (opts.json) {\n process.stdout.write(`${formatJson(key)}\\n`);\n return 0;\n }\n process.stdout.write(\n '\\n' +\n formatKeyValues([\n ['key id', key.keyId],\n ['name', key.keyName],\n ['context', key.contextId],\n ['principal', key.userId ? `usr_${key.userId}` : undefined],\n ['type', key.userType],\n ['status', key.status],\n ['last used', key.lastUsedAt],\n ['created', key.createdAt],\n ]) +\n '\\n',\n );\n return 0;\n } catch (err) {\n process.stderr.write(` ✖ key get failed: ${formatError(err)}\\n`);\n return 1;\n }\n });\n}\n\n/**\n * `key revoke <keyId>` — soft-delete a key (propagation ~5 min via authorizer\n * cache). `--context` (on `opts.context`, forwarded by `withAuth` to the auth\n * seam) pins the verb token to the key's context; a key bound to a non-default\n * context (e.g. one minted by `bootstrap`) can't be revoked without it. The\n * server enforces tenant binding on the pinned token — this never reaches\n * another tenant's keys.\n */\nexport async function runKeyRevoke(\n keyId: string,\n opts: CommonVerbOptions,\n deps: VerbDeps = {},\n): Promise<number> {\n return withAuth(opts, deps, async (auth) => {\n const client = auth.client as unknown as KeyApiClient;\n try {\n await client.auth.revokeScopedKey({ keyId });\n const where = opts.context ? ` in context '${opts.context}'` : '';\n process.stdout.write(\n ` ✔ Revoked ${keyId}${where}. The key stops working within ~5 min (authorizer cache).\\n`,\n );\n return 0;\n } catch (err) {\n process.stderr.write(` ✖ key revoke failed: ${formatError(err)}\\n`);\n return 1;\n }\n });\n}\n\n/**\n * `key rotate` — revoke the matching active key, then mint a fresh one (same\n * tuple). No dedicated endpoint: the platform never re-discloses an\n * existing key's secret, so rotation is revoke-then-recreate. The new secret is\n * emitted once. If no prior key matches, this is just a first issue.\n */\nexport async function runKeyRotate(opts: KeyRotateOptions, deps: VerbDeps = {}): Promise<number> {\n return withAuth(opts, deps, async (auth) => {\n const client = auth.client as unknown as KeyApiClient;\n try {\n const tenantId = requireTenantId(auth);\n const userId = normalizePrincipalUserId(opts.principal);\n const keyName = opts.name ?? DEFAULT_KEY_NAME;\n\n const existing = (await drainPages(() => client.auth.listScopedKeys())).find((k) =>\n matchesTuple(k, opts.context, userId, keyName),\n );\n if (existing?.keyId) {\n await client.auth.revokeScopedKey({ keyId: existing.keyId });\n process.stdout.write(` ✔ Revoked prior key ${existing.keyId}\\n`);\n }\n\n const key = await client.auth.createScopedKey({\n keyName,\n tenantId,\n contextId: opts.context,\n userId,\n label: undefined,\n });\n if (!key.rawKey) {\n // The just-revoked key can take a moment to clear; a re-create that\n // still 200s (no secret) means we can't surface a usable key.\n process.stderr.write(\n ' ✖ Rotation minted no new secret (the prior key may not have cleared yet). Retry shortly.\\n',\n );\n return 1;\n }\n emitMintedKey(key, opts.format);\n return 0;\n } catch (err) {\n process.stderr.write(` ✖ key rotate failed: ${formatError(err)}\\n`);\n return 1;\n }\n });\n}\n","/**\n * `vectros identity` — tenant-wide principals (user / org / client).\n *\n * identity create --type <user|org|client> --external-id <id> [--name <n>]\n * [--service] [--org <orgId>] [--metadata <json>]\n * identity list --type <user|org|client> [--external-id <id>] [--limit <n>]\n * identity get --type <user|org|client> --id <vectrosId>\n * identity delete --type <user|org|client> --id <vectrosId>\n *\n * Identities are tenant-wide and ORTHOGONAL to context (CLI-AND-BLUEPRINT-\n * ARCHITECTURE §2): a blueprint references them, it never creates them. Create\n * is idempotent by `externalId`; `--id` everywhere else is the Vectros-assigned\n * UUID (from create/list). The three dimensions share one code path; only the\n * SDK method + a couple of fields differ.\n *\n * Request shapes are SDK-derived per dimension (drift = compile error) — the\n * write side is the injection-sensitive surface (cross-tenant ownership, the\n * F-03/F-04 class), so it must track the SDK exactly.\n */\nimport type { VectrosClient } from '@vectros-ai/sdk';\nimport { formatJson, formatKeyValues, formatTable, formatError } from '../output.js';\nimport { withAuth, type CommonVerbOptions, type VerbDeps } from '../verb-support.js';\nimport { drainPages, PAGE_LIMIT, type Page } from '../paginate.js';\n\nexport type Dimension = 'user' | 'org' | 'client';\n\n// SDK-derived request types (write side — compile-safe).\ntype SdkCreateUserReq = Parameters<VectrosClient['identity']['createUser']>[0];\ntype SdkCreateOrgReq = Parameters<VectrosClient['identity']['createOrg']>[0];\ntype SdkCreateClientReq = Parameters<VectrosClient['identity']['createClient']>[0];\ntype SdkListUsersReq = Parameters<VectrosClient['identity']['listUsers']>[0];\ntype SdkListOrgsReq = Parameters<VectrosClient['identity']['listOrgs']>[0];\ntype SdkListClientsReq = Parameters<VectrosClient['identity']['listClients']>[0];\ntype SdkGetUserReq = Parameters<VectrosClient['identity']['getUser']>[0];\ntype SdkGetOrgReq = Parameters<VectrosClient['identity']['getOrg']>[0];\ntype SdkGetClientReq = Parameters<VectrosClient['identity']['getClient']>[0];\ntype SdkDeleteUserReq = Parameters<VectrosClient['identity']['deleteUser']>[0];\ntype SdkDeleteOrgReq = Parameters<VectrosClient['identity']['deleteOrg']>[0];\ntype SdkDeleteClientReq = Parameters<VectrosClient['identity']['deleteClient']>[0];\n\n/**\n * The principal fields the CLI renders. Read-side is intentionally loose (a\n * future SDK field rename degrades to \"—\" rather than a compile error); the\n * write side above is what's pinned to the SDK.\n */\nexport interface IdentityView {\n id?: string;\n externalId?: string;\n /** org/client display name (users have no `name` — they carry `email`). */\n name?: string;\n /** user display/notification field (users have no `name`). */\n email?: string;\n status?: string;\n /** user only: HUMAN | SERVICE. */\n type?: string;\n /** client only: the owning org. */\n orgId?: string;\n createdAt?: string;\n}\n\n/** Narrow view of the SDK `identity` methods (test-mockable; one per dimension × op). */\nexport interface IdentityApiClient {\n identity: {\n createUser(req: SdkCreateUserReq): Promise<IdentityView>;\n createOrg(req: SdkCreateOrgReq): Promise<IdentityView>;\n createClient(req: SdkCreateClientReq): Promise<IdentityView>;\n listUsers(req?: SdkListUsersReq): Promise<Page<IdentityView>>;\n listOrgs(req?: SdkListOrgsReq): Promise<Page<IdentityView>>;\n listClients(req?: SdkListClientsReq): Promise<Page<IdentityView>>;\n getUser(req: SdkGetUserReq): Promise<IdentityView>;\n getOrg(req: SdkGetOrgReq): Promise<IdentityView>;\n getClient(req: SdkGetClientReq): Promise<IdentityView>;\n deleteUser(req: SdkDeleteUserReq): Promise<void>;\n deleteOrg(req: SdkDeleteOrgReq): Promise<void>;\n deleteClient(req: SdkDeleteClientReq): Promise<void>;\n };\n}\n\nexport interface IdentityCreateOptions extends CommonVerbOptions {\n type: Dimension;\n externalId: string;\n /** org/client display name (rejected for `user` — use `email`). */\n name?: string;\n /** user display/notification email (rejected for org/client). */\n email?: string;\n /** user only: mint a SERVICE principal instead of HUMAN. */\n service?: boolean;\n /** client only: the owning org id. */\n org?: string;\n /** raw JSON metadata object. */\n metadata?: string;\n}\n\nexport interface IdentityListOptions extends CommonVerbOptions {\n type: Dimension;\n externalId?: string;\n limit?: number;\n}\n\nexport interface IdentityRefOptions extends CommonVerbOptions {\n type: Dimension;\n id: string;\n}\n\n/** Parse `--metadata` (a JSON object) or throw a clear error. */\nfunction parseMetadata(raw: string | undefined): Record<string, unknown> | undefined {\n if (raw === undefined) return undefined;\n let parsed: unknown;\n try {\n parsed = JSON.parse(raw);\n } catch {\n throw new Error(`--metadata is not valid JSON: ${raw}`);\n }\n if (typeof parsed !== 'object' || parsed === null || Array.isArray(parsed)) {\n throw new Error('--metadata must be a JSON object (e.g. \\'{\"team\":\"ops\"}\\').');\n }\n return parsed as Record<string, unknown>;\n}\n\n/** Dispatch a create to the right SDK method, building the precise per-dimension request. */\nasync function createIdentity(\n client: IdentityApiClient,\n opts: IdentityCreateOptions,\n payload: Record<string, unknown> | undefined,\n): Promise<IdentityView> {\n const externalId = opts.externalId;\n // SDK 0.18+ (identity-access rework): the free-form attribute bag on every\n // identity request was renamed `metadata` → `payload`. The `--metadata` CLI\n // flag name is kept (UX); only the wire field changed. The `as Sdk*Req` casts\n // were DROPPED here so this conformance is compile-checked — a cast would have\n // SILENTLY masked the rename (the request would still send the dead `metadata`\n // key, which the serializer drops → payload lost). The write side is the\n // injection-sensitive surface, so it must track the SDK exactly.\n switch (opts.type) {\n case 'user':\n // NB: UserRequest has `email`, NOT `name` (orgs/clients have `name`).\n return client.identity.createUser({\n externalId,\n email: opts.email,\n type: opts.service ? 'SERVICE' : 'HUMAN',\n payload,\n });\n case 'org':\n return client.identity.createOrg({ externalId, name: opts.name, payload });\n case 'client':\n return client.identity.createClient({\n externalId,\n name: opts.name,\n orgId: opts.org,\n payload,\n });\n }\n}\n\n/**\n * Dispatch a list to the right SDK method (externalId + limit filters).\n *\n * The SDK returns the `{ data, nextCursor }` page envelope. When the\n * caller passes `--limit` we honor it as a CAP — a single page of that size (no\n * draining), preserving the previous `--limit` meaning. With no `--limit` we\n * drain every page so `identity list` shows the complete set rather than\n * silently truncating at the SDK's default page size.\n */\nasync function listIdentities(\n client: IdentityApiClient,\n opts: IdentityListOptions,\n): Promise<IdentityView[]> {\n const fetchPage = (startFrom?: string): Promise<Page<IdentityView>> => {\n const req = { externalId: opts.externalId, limit: opts.limit ?? PAGE_LIMIT, startFrom };\n switch (opts.type) {\n case 'user':\n return client.identity.listUsers(req as SdkListUsersReq);\n case 'org':\n return client.identity.listOrgs(req as SdkListOrgsReq);\n case 'client':\n return client.identity.listClients(req as SdkListClientsReq);\n }\n };\n // Caller-specified --limit = an explicit cap → one page; otherwise drain all.\n if (opts.limit !== undefined) return (await fetchPage()).data ?? [];\n return drainPages(fetchPage);\n}\n\n/** Dispatch a get by Vectros id to the right SDK method. */\nasync function getIdentity(client: IdentityApiClient, type: Dimension, id: string): Promise<IdentityView> {\n switch (type) {\n case 'user':\n return client.identity.getUser({ id } as SdkGetUserReq);\n case 'org':\n return client.identity.getOrg({ id } as SdkGetOrgReq);\n case 'client':\n return client.identity.getClient({ id } as SdkGetClientReq);\n }\n}\n\n/** Dispatch a delete by Vectros id to the right SDK method. */\nasync function deleteIdentity(client: IdentityApiClient, type: Dimension, id: string): Promise<void> {\n switch (type) {\n case 'user':\n return client.identity.deleteUser({ id } as SdkDeleteUserReq);\n case 'org':\n return client.identity.deleteOrg({ id } as SdkDeleteOrgReq);\n case 'client':\n return client.identity.deleteClient({ id } as SdkDeleteClientReq);\n }\n}\n\n/** Render one identity as an aligned key/value block (dimension-aware fields). */\nfunction renderIdentity(type: Dimension, v: IdentityView): string {\n return formatKeyValues([\n ['id', v.id],\n ['external id', v.externalId],\n // Users carry `email`; orgs/clients carry `name`.\n ...(type === 'user'\n ? ([['email', v.email], ['kind', v.type]] as Array<[string, unknown]>)\n : ([['name', v.name]] as Array<[string, unknown]>)),\n ...(type === 'client' ? ([['org', v.orgId]] as Array<[string, unknown]>) : []),\n ['status', v.status],\n ['created', v.createdAt],\n ]);\n}\n\n/** `identity create` — idempotent upsert by externalId. */\nexport async function runIdentityCreate(opts: IdentityCreateOptions, deps: VerbDeps = {}): Promise<number> {\n let metadata: Record<string, unknown> | undefined;\n try {\n metadata = parseMetadata(opts.metadata);\n } catch (err) {\n process.stderr.write(` ✖ ${formatError(err)}\\n`);\n return 2;\n }\n if (opts.type !== 'client' && opts.org) {\n process.stderr.write(' ✖ --org applies only to --type client.\\n');\n return 2;\n }\n if (opts.type !== 'user' && opts.service) {\n process.stderr.write(' ✖ --service applies only to --type user.\\n');\n return 2;\n }\n // A user has `email`, not `name`; orgs/clients have `name`, not `email`.\n if (opts.type === 'user' && opts.name) {\n process.stderr.write(' ✖ --name does not apply to --type user; use --email.\\n');\n return 2;\n }\n if (opts.type !== 'user' && opts.email) {\n process.stderr.write(' ✖ --email applies only to --type user.\\n');\n return 2;\n }\n\n return withAuth(opts, deps, async (auth) => {\n const client = auth.client as unknown as IdentityApiClient;\n try {\n const created = await createIdentity(client, opts, metadata);\n if (opts.json) {\n process.stdout.write(`${formatJson(created)}\\n`);\n return 0;\n }\n process.stdout.write(`\\n ✔ ${opts.type} '${opts.externalId}' ensured\\n${renderIdentity(opts.type, created)}\\n`);\n return 0;\n } catch (err) {\n process.stderr.write(` ✖ identity create failed: ${formatError(err)}\\n`);\n return 1;\n }\n });\n}\n\n/** `identity list` — principals of one dimension, optionally filtered by externalId. */\nexport async function runIdentityList(opts: IdentityListOptions, deps: VerbDeps = {}): Promise<number> {\n return withAuth(opts, deps, async (auth) => {\n const client = auth.client as unknown as IdentityApiClient;\n try {\n const rows = await listIdentities(client, opts);\n if (opts.json) {\n process.stdout.write(`${formatJson(rows)}\\n`);\n return 0;\n }\n process.stdout.write(\n '\\n' +\n formatTable(rows, [\n { header: 'id', get: (r) => r.id },\n { header: 'external id', get: (r) => r.externalId },\n // user → email; org/client → name.\n opts.type === 'user'\n ? { header: 'email', get: (r: IdentityView) => r.email }\n : { header: 'name', get: (r: IdentityView) => r.name },\n // user → kind (HUMAN/SERVICE); client → owning org; org → (none).\n ...(opts.type === 'user'\n ? [{ header: 'kind', get: (r: IdentityView) => r.type }]\n : opts.type === 'client'\n ? [{ header: 'org', get: (r: IdentityView) => r.orgId }]\n : []),\n { header: 'status', get: (r) => r.status },\n ]) +\n '\\n',\n );\n return 0;\n } catch (err) {\n process.stderr.write(` ✖ identity list failed: ${formatError(err)}\\n`);\n return 1;\n }\n });\n}\n\n/** `identity get` — one principal by Vectros id. */\nexport async function runIdentityGet(opts: IdentityRefOptions, deps: VerbDeps = {}): Promise<number> {\n return withAuth(opts, deps, async (auth) => {\n const client = auth.client as unknown as IdentityApiClient;\n try {\n const v = await getIdentity(client, opts.type, opts.id);\n if (opts.json) {\n process.stdout.write(`${formatJson(v)}\\n`);\n return 0;\n }\n process.stdout.write(`\\n${renderIdentity(opts.type, v)}\\n`);\n return 0;\n } catch (err) {\n process.stderr.write(` ✖ identity get failed: ${formatError(err)}\\n`);\n return 1;\n }\n });\n}\n\n/** `identity delete` — remove a principal by Vectros id. */\nexport async function runIdentityDelete(opts: IdentityRefOptions, deps: VerbDeps = {}): Promise<number> {\n return withAuth(opts, deps, async (auth) => {\n const client = auth.client as unknown as IdentityApiClient;\n try {\n await deleteIdentity(client, opts.type, opts.id);\n process.stdout.write(` ✔ Deleted ${opts.type} ${opts.id}\\n`);\n return 0;\n } catch (err) {\n process.stderr.write(` ✖ identity delete failed: ${formatError(err)}\\n`);\n return 1;\n }\n });\n}\n","/**\n * `vectros access` — the binding layer (AccessProfileDB: principal ↔ context ↔\n * role/scopes).\n *\n * access grant --principal <usr_|key_> --context <c> (--role <r> | --actions <csv>)\n * access revoke --principal <usr_|key_> --context <c>\n * access list (--context <c> | --principal <usr_|key_>)\n * access get --principal <usr_|key_> --context <c>\n *\n * Binding is its own step, separate from credential issuance (architecture §3):\n * `access grant` writes the join (principal bound to a role OR inline scopes in\n * a context); a later `key issue` mints an ssk_* that can never exceed it. A\n * profile carries EITHER a `roleId` (reference a reusable Role) XOR inline\n * `scopes` — exactly one (enforced here before the call, and by the platform).\n *\n * `principalId` is passed through verbatim (`usr_<userId>` or `key_<keyId>`) —\n * NOT normalized like `key issue`'s bare userId — because the profile join is\n * keyed on the prefixed principal.\n */\nimport type { VectrosClient } from '@vectros-ai/sdk';\nimport { formatJson, formatKeyValues, formatTable, formatError } from '../output.js';\nimport { drainPages, PAGE_LIMIT, type Page } from '../paginate.js';\nimport { withAuth, splitCsv, type CommonVerbOptions, type VerbDeps } from '../verb-support.js';\n\n// SDK-derived request types (write side — compile-safe).\ntype SdkCreateProfileReq = Parameters<VectrosClient['auth']['createAccessProfile']>[0];\ntype SdkListProfilesReq = Parameters<VectrosClient['auth']['listAccessProfiles']>[0];\ntype SdkGetProfileReq = Parameters<VectrosClient['auth']['getAccessProfile']>[0];\ntype SdkDeleteProfileReq = Parameters<VectrosClient['auth']['deleteAccessProfile']>[0];\ntype SdkListForPrincipalReq = Parameters<VectrosClient['auth']['listProfilesForPrincipal']>[0];\n/** The scope-clause element type, as the SDK models it (snake_case wire form). */\ntype SdkScopeClause = NonNullable<NonNullable<SdkCreateProfileReq['body']>['scopes']>[number];\n\n/** The access-profile fields the CLI renders (read side — intentionally loose). */\nexport interface AccessProfileView {\n id?: string;\n contextId?: string;\n principalId?: string;\n roleId?: string;\n scopes?: unknown[];\n status?: string;\n}\n\n/** Narrow view of the SDK `auth` access-profile methods (test-mockable). */\nexport interface AccessApiClient {\n auth: {\n createAccessProfile(req: SdkCreateProfileReq): Promise<AccessProfileView>;\n listAccessProfiles(req: SdkListProfilesReq): Promise<Page<AccessProfileView>>;\n getAccessProfile(req: SdkGetProfileReq): Promise<AccessProfileView>;\n deleteAccessProfile(req: SdkDeleteProfileReq): Promise<void>;\n listProfilesForPrincipal(req: SdkListForPrincipalReq): Promise<Page<AccessProfileView>>;\n };\n}\n\nexport interface AccessGrantOptions extends CommonVerbOptions {\n principal: string;\n context: string;\n /** Reference a Role by id (XOR with actions). */\n role?: string;\n /** Inline single-clause scope: comma-separated actions (XOR with role). */\n actions?: string;\n}\n\nexport interface AccessRefOptions extends CommonVerbOptions {\n principal: string;\n context: string;\n}\n\nexport interface AccessListOptions extends CommonVerbOptions {\n context?: string;\n principal?: string;\n}\n\n/** Validate the prefixed principal form the join requires. */\nfunction assertPrincipalShape(principal: string): void {\n if (!principal.startsWith('usr_') && !principal.startsWith('key_')) {\n throw new Error(`--principal must be 'usr_<userId>' or 'key_<keyId>' (got '${principal}').`);\n }\n}\n\nfunction renderProfile(p: AccessProfileView): string {\n return formatKeyValues([\n ['context', p.contextId],\n ['principal', p.principalId],\n ['role', p.roleId],\n ['scopes', p.scopes?.length ? `${p.scopes.length} clause(s)` : undefined],\n ['status', p.status],\n ]);\n}\n\n/**\n * `access grant` — bind a principal to a context via a Role (--role) XOR inline\n * actions (--actions). Idempotent by (context, principal) — re-grant updates.\n */\nexport async function runAccessGrant(opts: AccessGrantOptions, deps: VerbDeps = {}): Promise<number> {\n const hasRole = Boolean(opts.role);\n const hasActions = Boolean(opts.actions);\n if (hasRole === hasActions) {\n process.stderr.write(' ✖ Provide exactly one of --role <roleId> or --actions <csv>.\\n');\n return 2;\n }\n try {\n assertPrincipalShape(opts.principal);\n } catch (err) {\n process.stderr.write(` ✖ ${formatError(err)}\\n`);\n return 2;\n }\n\n return withAuth(opts, deps, async (auth) => {\n const client = auth.client as unknown as AccessApiClient;\n try {\n const scopes = hasActions\n ? ([{ allowed_actions: splitCsv(opts.actions as string) }] as unknown as SdkScopeClause[])\n : undefined;\n const profile = await client.auth.createAccessProfile({\n contextId: opts.context,\n body: {\n principalId: opts.principal,\n roleId: opts.role,\n scopes,\n },\n } as SdkCreateProfileReq);\n\n if (opts.json) {\n process.stdout.write(`${formatJson(profile)}\\n`);\n return 0;\n }\n process.stdout.write(\n `\\n ✔ Granted ${opts.principal} in '${opts.context}'` +\n (hasRole ? ` via role '${opts.role}'` : ` with ${splitCsv(opts.actions as string).length} action(s)`) +\n `\\n${renderProfile(profile)}\\n`,\n );\n return 0;\n } catch (err) {\n process.stderr.write(` ✖ access grant failed: ${formatError(err)}\\n`);\n return 1;\n }\n });\n}\n\n/** `access revoke` — remove a principal's binding in a context. */\nexport async function runAccessRevoke(opts: AccessRefOptions, deps: VerbDeps = {}): Promise<number> {\n try {\n assertPrincipalShape(opts.principal);\n } catch (err) {\n process.stderr.write(` ✖ ${formatError(err)}\\n`);\n return 2;\n }\n return withAuth(opts, deps, async (auth) => {\n const client = auth.client as unknown as AccessApiClient;\n try {\n await client.auth.deleteAccessProfile({ contextId: opts.context, principalId: opts.principal });\n process.stdout.write(` ✔ Revoked ${opts.principal} from '${opts.context}'\\n`);\n return 0;\n } catch (err) {\n process.stderr.write(` ✖ access revoke failed: ${formatError(err)}\\n`);\n return 1;\n }\n });\n}\n\n/**\n * `access list` — the membership of a context (--context), or every context a\n * principal is bound to (--principal). Exactly one is required.\n */\nexport async function runAccessList(opts: AccessListOptions, deps: VerbDeps = {}): Promise<number> {\n if (Boolean(opts.context) === Boolean(opts.principal)) {\n process.stderr.write(' ✖ Provide exactly one of --context <c> or --principal <p>.\\n');\n return 2;\n }\n if (opts.principal) {\n try {\n assertPrincipalShape(opts.principal);\n } catch (err) {\n process.stderr.write(` ✖ ${formatError(err)}\\n`);\n return 2;\n }\n }\n\n return withAuth(opts, deps, async (auth) => {\n const client = auth.client as unknown as AccessApiClient;\n try {\n const rows = opts.context\n ? await drainPages((startFrom) =>\n client.auth.listAccessProfiles({ contextId: opts.context, startFrom, limit: PAGE_LIMIT } as SdkListProfilesReq),\n )\n : await drainPages((startFrom) =>\n client.auth.listProfilesForPrincipal({ principalId: opts.principal, startFrom, limit: PAGE_LIMIT } as SdkListForPrincipalReq),\n );\n\n if (opts.json) {\n process.stdout.write(`${formatJson(rows)}\\n`);\n return 0;\n }\n process.stdout.write(\n '\\n' +\n formatTable(rows, [\n { header: 'context', get: (r) => r.contextId },\n { header: 'principal', get: (r) => r.principalId },\n { header: 'role', get: (r) => r.roleId ?? (r.scopes?.length ? '(inline)' : undefined) },\n { header: 'status', get: (r) => r.status },\n ]) +\n '\\n',\n );\n return 0;\n } catch (err) {\n process.stderr.write(` ✖ access list failed: ${formatError(err)}\\n`);\n return 1;\n }\n });\n}\n\n/** `access get` — one principal's binding in a context. */\nexport async function runAccessGet(opts: AccessRefOptions, deps: VerbDeps = {}): Promise<number> {\n try {\n assertPrincipalShape(opts.principal);\n } catch (err) {\n process.stderr.write(` ✖ ${formatError(err)}\\n`);\n return 2;\n }\n return withAuth(opts, deps, async (auth) => {\n const client = auth.client as unknown as AccessApiClient;\n try {\n const p = await client.auth.getAccessProfile({ contextId: opts.context, principalId: opts.principal });\n if (opts.json) {\n process.stdout.write(`${formatJson(p)}\\n`);\n return 0;\n }\n process.stdout.write(`\\n${renderProfile(p)}\\n`);\n return 0;\n } catch (err) {\n process.stderr.write(` ✖ access get failed: ${formatError(err)}\\n`);\n return 1;\n }\n });\n}\n","/**\n * `vectros role` — context-scoped, identity-agnostic rules (Roles; formerly\n * AccessProfileTemplate, renamed in 0.10.0).\n *\n * role create --context <c> --role-id <id> --name <n> --actions <csv> [--description <d>]\n * role list --context <c>\n * role get --context <c> --role-id <id>\n * role delete --context <c> --role-id <id>\n *\n * A Role is a reusable scope payload bound to principals via `access grant\n * --role <id>` (architecture §6). This slice creates single-clause roles from a\n * comma-separated --actions list; multi-clause + `${{ self.* }}` dataScope roles\n * are authored in blueprints — out of scope for the CLI verb.\n */\nimport type { VectrosClient } from '@vectros-ai/sdk';\nimport { formatJson, formatKeyValues, formatTable, formatError } from '../output.js';\nimport { drainPages, PAGE_LIMIT, type Page } from '../paginate.js';\nimport { withAuth, splitCsv, type CommonVerbOptions, type VerbDeps } from '../verb-support.js';\n\n// SDK-derived request types (write side — compile-safe).\ntype SdkCreateRoleReq = Parameters<VectrosClient['auth']['createRole']>[0];\ntype SdkListRolesReq = Parameters<VectrosClient['auth']['listRoles']>[0];\ntype SdkGetRoleReq = Parameters<VectrosClient['auth']['getRole']>[0];\ntype SdkDeleteRoleReq = Parameters<VectrosClient['auth']['deleteRole']>[0];\n/** The role's scope-clause element type, as the SDK models it (snake_case wire). */\ntype SdkRoleScopeClause = NonNullable<NonNullable<SdkCreateRoleReq['body']>['scopes']>[number];\n\n/** The role fields the CLI renders (read side — intentionally loose). */\nexport interface RoleView {\n id?: string;\n contextId?: string;\n roleId?: string;\n name?: string;\n description?: string;\n scopes?: unknown[];\n}\n\n/** Narrow view of the SDK `auth` role methods (test-mockable). */\nexport interface RoleApiClient {\n auth: {\n createRole(req: SdkCreateRoleReq): Promise<RoleView>;\n listRoles(req: SdkListRolesReq): Promise<Page<RoleView>>;\n getRole(req: SdkGetRoleReq): Promise<RoleView>;\n deleteRole(req: SdkDeleteRoleReq): Promise<void>;\n };\n}\n\nexport interface RoleCreateOptions extends CommonVerbOptions {\n context: string;\n roleId: string;\n name: string;\n actions: string;\n description?: string;\n}\n\nexport interface RoleRefOptions extends CommonVerbOptions {\n context: string;\n roleId: string;\n}\n\nexport interface RoleListOptions extends CommonVerbOptions {\n context: string;\n}\n\nfunction renderRole(r: RoleView): string {\n return formatKeyValues([\n ['role id', r.roleId],\n ['name', r.name],\n ['context', r.contextId],\n ['description', r.description],\n ['scopes', r.scopes?.length ? `${r.scopes.length} clause(s)` : undefined],\n ]);\n}\n\n/**\n * `role create` — a single-clause role from --actions. Idempotent by roleId\n * (re-create converges). A role MUST carry at least one action.\n */\nexport async function runRoleCreate(opts: RoleCreateOptions, deps: VerbDeps = {}): Promise<number> {\n const actions = splitCsv(opts.actions);\n if (actions.length === 0) {\n process.stderr.write(' ✖ --actions must list at least one action (e.g. records:cru,search:r).\\n');\n return 2;\n }\n\n return withAuth(opts, deps, async (auth) => {\n const client = auth.client as unknown as RoleApiClient;\n try {\n const role = await client.auth.createRole({\n contextId: opts.context,\n body: {\n roleId: opts.roleId,\n name: opts.name,\n description: opts.description,\n scopes: [{ allowed_actions: actions }] as unknown as SdkRoleScopeClause[],\n },\n } as SdkCreateRoleReq);\n\n if (opts.json) {\n process.stdout.write(`${formatJson(role)}\\n`);\n return 0;\n }\n process.stdout.write(`\\n ✔ role '${opts.roleId}' ensured in '${opts.context}'\\n${renderRole(role)}\\n`);\n return 0;\n } catch (err) {\n process.stderr.write(` ✖ role create failed: ${formatError(err)}\\n`);\n return 1;\n }\n });\n}\n\n/** `role list` — the roles defined in a context. */\nexport async function runRoleList(opts: RoleListOptions, deps: VerbDeps = {}): Promise<number> {\n return withAuth(opts, deps, async (auth) => {\n const client = auth.client as unknown as RoleApiClient;\n try {\n const rows = await drainPages((startFrom) =>\n client.auth.listRoles({ contextId: opts.context, startFrom, limit: PAGE_LIMIT } as SdkListRolesReq),\n );\n if (opts.json) {\n process.stdout.write(`${formatJson(rows)}\\n`);\n return 0;\n }\n process.stdout.write(\n '\\n' +\n formatTable(rows, [\n { header: 'role id', get: (r) => r.roleId },\n { header: 'name', get: (r) => r.name },\n { header: 'scopes', get: (r) => (r.scopes?.length ? `${r.scopes.length}` : undefined) },\n ]) +\n '\\n',\n );\n return 0;\n } catch (err) {\n process.stderr.write(` ✖ role list failed: ${formatError(err)}\\n`);\n return 1;\n }\n });\n}\n\n/** `role get` — one role by id. */\nexport async function runRoleGet(opts: RoleRefOptions, deps: VerbDeps = {}): Promise<number> {\n return withAuth(opts, deps, async (auth) => {\n const client = auth.client as unknown as RoleApiClient;\n try {\n const r = await client.auth.getRole({ contextId: opts.context, roleId: opts.roleId } as SdkGetRoleReq);\n if (opts.json) {\n process.stdout.write(`${formatJson(r)}\\n`);\n return 0;\n }\n process.stdout.write(`\\n${renderRole(r)}\\n`);\n return 0;\n } catch (err) {\n process.stderr.write(` ✖ role get failed: ${formatError(err)}\\n`);\n return 1;\n }\n });\n}\n\n/**\n * `role delete` — remove a role. NB: profiles still referencing it will fail to\n * mint until reassigned (no referential cleanup) — the platform does not cascade.\n */\nexport async function runRoleDelete(opts: RoleRefOptions, deps: VerbDeps = {}): Promise<number> {\n return withAuth(opts, deps, async (auth) => {\n const client = auth.client as unknown as RoleApiClient;\n try {\n await client.auth.deleteRole({ contextId: opts.context, roleId: opts.roleId } as SdkDeleteRoleReq);\n process.stdout.write(\n ` ✔ Deleted role '${opts.roleId}' from '${opts.context}'.\\n` +\n ' ⚠ Any AccessProfile still referencing it will fail to mint until reassigned.\\n',\n );\n return 0;\n } catch (err) {\n process.stderr.write(` ✖ role delete failed: ${formatError(err)}\\n`);\n return 1;\n }\n });\n}\n","/**\n * `vectros context` — app contexts (the namespace all data lives in).\n *\n * context create <contextId> [--name <n>]\n * context list\n * context get <contextId>\n *\n * A context is the leading, first-class declaration of an app (architecture §2).\n * Teardown (`destroy`) is intentionally NOT here yet — the cascade-delete\n * backend is in flight; deleting a context that still holds data needs that\n * to land first, so it ships as its own slice with the refuse-unless-`--force`\n * safety rail.\n */\nimport type { VectrosClient } from '@vectros-ai/sdk';\nimport { formatJson, formatKeyValues, formatTable, formatError } from '../output.js';\nimport { drainPages, PAGE_LIMIT, type Page } from '../paginate.js';\nimport { withAuth, type CommonVerbOptions, type VerbDeps } from '../verb-support.js';\n\n// SDK-derived request types (write side — compile-safe).\ntype SdkCreateContextReq = Parameters<VectrosClient['auth']['createAppContext']>[0];\ntype SdkListContextsReq = Parameters<VectrosClient['auth']['listAppContexts']>[0];\ntype SdkGetContextReq = Parameters<VectrosClient['auth']['getAppContext']>[0];\n\n/** The context fields the CLI renders (read side — intentionally loose). */\nexport interface ContextView {\n contextId?: string;\n name?: string;\n description?: string;\n}\n\n/** Narrow view of the SDK `auth` app-context methods (test-mockable). */\nexport interface ContextApiClient {\n auth: {\n createAppContext(req: SdkCreateContextReq): Promise<ContextView>;\n listAppContexts(req?: SdkListContextsReq): Promise<Page<ContextView>>;\n getAppContext(req: SdkGetContextReq): Promise<ContextView>;\n };\n}\n\nexport interface ContextCreateOptions extends CommonVerbOptions {\n contextId: string;\n name?: string;\n}\n\nexport interface ContextGetOptions extends CommonVerbOptions {\n contextId: string;\n}\n\nfunction renderContext(c: ContextView): string {\n return formatKeyValues([\n ['context', c.contextId],\n ['name', c.name],\n ['description', c.description],\n ]);\n}\n\n/** `context create <contextId>` — idempotent by contextId. */\nexport async function runContextCreate(opts: ContextCreateOptions, deps: VerbDeps = {}): Promise<number> {\n // Creating an app-context is cross-context provisioning — the scoped verb\n // token can't do it; request the narrow bootstrap st_* (app-contexts:c).\n return withAuth({ ...opts, provisioning: true }, deps, async (auth) => {\n const client = auth.client as unknown as ContextApiClient;\n try {\n // AppContextRequest.name is REQUIRED — default it to the contextId when\n // --name is omitted (rather than sending an undefined required field).\n const ctx = await client.auth.createAppContext({\n contextId: opts.contextId,\n name: opts.name ?? opts.contextId,\n } as SdkCreateContextReq);\n if (opts.json) {\n process.stdout.write(`${formatJson(ctx)}\\n`);\n return 0;\n }\n process.stdout.write(`\\n ✔ context '${opts.contextId}' ensured\\n${renderContext(ctx)}\\n`);\n return 0;\n } catch (err) {\n process.stderr.write(` ✖ context create failed: ${formatError(err)}\\n`);\n return 1;\n }\n });\n}\n\n/** `context list` — all app contexts in the tenant. */\nexport async function runContextList(opts: CommonVerbOptions, deps: VerbDeps = {}): Promise<number> {\n return withAuth(opts, deps, async (auth) => {\n const client = auth.client as unknown as ContextApiClient;\n try {\n const rows = await drainPages((startFrom) =>\n client.auth.listAppContexts({ startFrom, limit: PAGE_LIMIT } as SdkListContextsReq),\n );\n if (opts.json) {\n process.stdout.write(`${formatJson(rows)}\\n`);\n return 0;\n }\n process.stdout.write(\n '\\n' +\n formatTable(rows, [\n { header: 'context', get: (c) => c.contextId },\n { header: 'name', get: (c) => c.name },\n { header: 'description', get: (c) => c.description },\n ]) +\n '\\n',\n );\n return 0;\n } catch (err) {\n process.stderr.write(` ✖ context list failed: ${formatError(err)}\\n`);\n return 1;\n }\n });\n}\n\n/** `context get <contextId>` — one context. */\nexport async function runContextGet(opts: ContextGetOptions, deps: VerbDeps = {}): Promise<number> {\n // Reading a context's metadata is context-confined — pin the verb token to the\n // context being read, else a non-default context 404s.\n return withAuth({ ...opts, context: opts.contextId }, deps, async (auth) => {\n const client = auth.client as unknown as ContextApiClient;\n try {\n const ctx = await client.auth.getAppContext({ contextId: opts.contextId } as SdkGetContextReq);\n if (opts.json) {\n process.stdout.write(`${formatJson(ctx)}\\n`);\n return 0;\n }\n process.stdout.write(`\\n${renderContext(ctx)}\\n`);\n return 0;\n } catch (err) {\n process.stderr.write(` ✖ context get failed: ${formatError(err)}\\n`);\n return 1;\n }\n });\n}\n","/**\n * `vectros login` / `vectros logout` — Cognito OAuth2 authorization-code + PKCE\n * loopback flow.\n *\n * login: start a localhost server on a registered port (8976/77/78) → open\n * the hosted UI → user authenticates → Cognito redirects back with a\n * code → exchange code+verifier for tokens → persist the refresh token.\n * logout: clear the stored session.\n *\n * After login, the verb catalog re-mints a Cognito token from the stored refresh\n * token (auth-context.ts) and feeds the existing bridge — replacing the\n * VECTROS_BOOTSTRAP_TOKEN paste step.\n *\n * The pure pieces (pkce.ts, cognito-config.ts, auth-store.ts) are unit-tested;\n * the interactive orchestration here injects `openBrowser` + `fetchImpl` so the\n * full loopback round-trip is exercised without a real browser or Cognito.\n */\nimport { createServer, type Server } from 'node:http';\nimport open from 'open';\nimport { createLogger } from '../log.js';\nimport { formatError } from '../output.js';\nimport { resolveCognitoConfig, redirectUriFor, LOOPBACK_PORTS, MissingCognitoClientIdError } from '../cognito-config.js';\nimport { generatePkce, generateState, buildAuthorizeUrl, parseCallback } from '../pkce.js';\nimport { exchangeCode, saveSession, clearSession } from '../auth-store.js';\nimport type { CommonVerbOptions, VerbDeps } from '../verb-support.js';\n\nexport interface LoginOptions extends CommonVerbOptions {\n /** Skip auto-opening the browser; print the URL and wait (headless/CI/WSL). */\n noBrowser?: boolean;\n}\n\nexport interface LoginDeps extends VerbDeps {\n /** Open the authorize URL (default: OS browser). Injected in tests. */\n openBrowser?: (url: string) => void | Promise<void>;\n /** Injected for the token exchange (default: global fetch). */\n fetchImpl?: typeof fetch;\n /** Override the session-store base dir (tests). */\n baseDir?: string;\n /** Override the loopback ports (tests). */\n ports?: readonly number[];\n /** How long to wait for the browser callback before giving up (ms). */\n timeoutMs?: number;\n}\n\n/**\n * Open a URL in the OS default browser (best-effort, fire-and-forget).\n *\n * Delegates to the `open` package rather than hand-rolling per-platform launch.\n * Browser-open is the one part of login that can't be unit-tested (it's below\n * the injectable seam), and the per-platform launch quirks are notoriously\n * sharp — `cmd /c start` truncates the URL at the first `&`; `explorer.exe`\n * opens File Explorer; Linux/WSL have their own zoo. `open` is the battle-tested\n * cross-platform answer to exactly that. On any failure the URL is still printed\n * (the caller prints it unconditionally), so login degrades to paste-the-URL —\n * which is also what `--no-browser` selects deliberately.\n */\nfunction defaultOpenBrowser(url: string): void {\n void open(url).catch(() => {\n /* the URL is printed unconditionally — the user can open it manually */\n });\n}\n\ninterface LoopbackResult {\n server: Server;\n port: number;\n}\n\n/** Start the loopback server on the first available registered port. */\nasync function startLoopback(\n ports: readonly number[],\n onCode: (params: ReturnType<typeof parseCallback>) => void,\n): Promise<LoopbackResult> {\n const server = createServer((req, res) => {\n const params = parseCallback(req.url ?? '/');\n const done = Boolean(params.code || params.error);\n res.writeHead(done ? 200 : 404, { 'Content-Type': 'text/html' });\n res.end(\n done\n ? '<html><body style=\"font-family:sans-serif\"><h3>Vectros CLI</h3><p>You can close this tab and return to the terminal.</p></body></html>'\n : '<html><body>Not found</body></html>',\n );\n if (done) onCode(params);\n });\n\n for (const port of ports) {\n const ok = await new Promise<boolean>((resolve) => {\n const onErr = (): void => {\n server.removeListener('error', onErr);\n resolve(false);\n };\n server.once('error', onErr);\n // Bind on 'localhost' (NOT the '127.0.0.1' literal) so the listener uses\n // the SAME name resolution the browser will for the redirect URI\n // (http://localhost:<port>/callback). On IPv6-preferring hosts, a\n // 127.0.0.1-only bind would miss the browser's `::1` callback and hang\n // until timeout (RFC 8252 §7.3). `localhost` is still loopback-only.\n server.listen(port, 'localhost', () => {\n server.removeListener('error', onErr);\n resolve(true);\n });\n });\n if (ok) return { server, port };\n }\n throw new Error(`No free loopback port among ${ports.join(', ')} — close whatever is using them and retry.`);\n}\n\n/** Run `vectros login`. Returns the exit code (0 ok; 2 config/usage; 1 failure). */\nexport async function runLogin(opts: LoginOptions, deps: LoginDeps = {}): Promise<number> {\n const log = deps.log ?? createLogger();\n const openBrowser = deps.openBrowser ?? defaultOpenBrowser;\n const fetchImpl = deps.fetchImpl ?? fetch;\n const ports = deps.ports ?? LOOPBACK_PORTS;\n const timeoutMs = deps.timeoutMs ?? 300_000;\n\n let config;\n try {\n config = resolveCognitoConfig(opts.env);\n } catch (err) {\n if (err instanceof MissingCognitoClientIdError) {\n process.stderr.write(` ✖ ${err.message}\\n`);\n return 2;\n }\n process.stderr.write(` ✖ ${formatError(err)}\\n`);\n return 1;\n }\n\n const { verifier, challenge } = generatePkce();\n const state = generateState();\n\n let resolveCode!: (p: ReturnType<typeof parseCallback>) => void;\n const codePromise = new Promise<ReturnType<typeof parseCallback>>((resolve) => {\n resolveCode = resolve;\n });\n\n let loopback: LoopbackResult;\n try {\n loopback = await startLoopback(ports, resolveCode);\n } catch (err) {\n process.stderr.write(` ✖ ${formatError(err)}\\n`);\n return 1;\n }\n const redirectUri = redirectUriFor(loopback.port);\n const authorizeUrl = buildAuthorizeUrl(config, { redirectUri, challenge, state });\n\n try {\n if (opts.noBrowser) {\n process.stdout.write(\n `\\n Open this URL in your browser to sign in (${opts.env}):\\n ${authorizeUrl}\\n` +\n ` Waiting for the callback on ${redirectUri} …\\n`,\n );\n } else {\n process.stdout.write(\n `\\n Opening your browser to sign in (${opts.env})…\\n` +\n ` If it doesn't open, visit:\\n ${authorizeUrl}\\n` +\n ` Waiting for the callback on ${redirectUri} …\\n`,\n );\n await openBrowser(authorizeUrl);\n }\n\n const params = await withTimeout(codePromise, timeoutMs);\n if (params.error) {\n throw new Error(`authorization failed: ${params.error}${params.errorDescription ? ` — ${params.errorDescription}` : ''}`);\n }\n if (params.state !== state) {\n throw new Error('state mismatch on the callback — aborting (possible CSRF).');\n }\n if (!params.code) {\n throw new Error('no authorization code on the callback.');\n }\n\n const tokens = await exchangeCode(config, { code: params.code, redirectUri, verifier }, fetchImpl);\n if (!tokens.refresh_token) {\n throw new Error('token exchange returned no refresh token — cannot persist the session.');\n }\n\n await saveSession(\n { env: opts.env, refreshToken: tokens.refresh_token, obtainedAt: Math.floor(Date.now() / 1000) },\n deps.baseDir,\n );\n log.debug({ component: 'login', env: opts.env }, 'login session stored');\n process.stdout.write(`\\n ✔ Logged in (${opts.env}). Try: vectros whoami --env ${opts.env}\\n`);\n return 0;\n } catch (err) {\n process.stderr.write(`\\n ✖ login failed: ${formatError(err)}\\n`);\n return 1;\n } finally {\n loopback.server.close();\n }\n}\n\n/** Run `vectros logout` — clear the stored session. */\nexport async function runLogout(_opts: LoginOptions, deps: LoginDeps = {}): Promise<number> {\n const removed = await clearSession(deps.baseDir);\n process.stdout.write(removed ? ' ✔ Logged out (session cleared).\\n' : ' No stored session.\\n');\n return 0;\n}\n\n/** Reject if the promise doesn't settle within `ms`. */\nfunction withTimeout<T>(p: Promise<T>, ms: number): Promise<T> {\n return new Promise<T>((resolve, reject) => {\n const t = setTimeout(() => reject(new Error(`timed out after ${Math.round(ms / 1000)}s waiting for the browser callback`)), ms);\n p.then(\n (v) => {\n clearTimeout(t);\n resolve(v);\n },\n (e) => {\n clearTimeout(t);\n reject(e);\n },\n );\n });\n}\n","/**\n * `vectros blueprint-test <file>` — apply a blueprint to a live environment,\n * assert it provisioned a working credential + readable graph, then tear it\n * back down.\n *\n * The thin runner over {@link runBlueprintHarness}: it wires the real SDK (via\n * the shared {@link withAuth} seam), loads + scope-gates the blueprint file,\n * isolates the harness key in an EPHEMERAL store (never touching `~/.vectros`),\n * runs the apply → assert → teardown core, prints the report, and maps the\n * outcome to an exit code:\n *\n * 0 applied + every assertion passed (teardown is best-effort, reported)\n * 1 any assertion failed, the apply threw, the blueprint was unresolvable,\n * or an auth/API call failed\n * 2 a usage problem the caller fixes: no credential configured (via withAuth)\n * OR the blueprint requested control-plane scope (the scope gate refused it)\n *\n * A blueprint named on disk (`./my.yaml`) or a bundled blueprint name both\n * work; either flows through the SAME validate + scope gate as `bootstrap`\n * (no new trust surface).\n *\n * `--keep` skips teardown so the provisioned graph can be inspected. By default\n * teardown ALWAYS runs (even on assertion failure), leaving the shared staging\n * tenant clean. The app-context is intentionally never deleted (teardown\n * backend held); it is idempotent + reused, so leaving it is harmless.\n */\nimport { promises as fs } from 'node:fs';\nimport * as os from 'node:os';\nimport * as path from 'node:path';\nimport { randomUUID } from 'node:crypto';\nimport { VectrosClient } from '@vectros-ai/sdk';\nimport { getBlueprint, BLUEPRINT_NAMES, type Blueprint } from '@vectros-ai/blueprints';\n\nimport { withAuth, requireTenantId, type CommonVerbOptions, type VerbDeps } from '../verb-support.js';\nimport { looksLikePath, loadBlueprintFile } from '../blueprint-file.js';\nimport { validateBlueprint } from '../cli-bootstrap.js';\nimport { mintContextToken } from '../bridge.js';\nimport { ScopeGateError } from '../scope-gate.js';\nimport { formatJson, formatError } from '../output.js';\nimport {\n runBlueprintHarness,\n type HarnessApiClient,\n type HarnessPing,\n type HarnessReport,\n} from '../harness.js';\n\nexport interface BlueprintTestOptions extends CommonVerbOptions {\n /** Leave the provisioned graph in place (skip teardown). */\n keep?: boolean;\n}\n\n/**\n * Resolve the `<file>` argument to a validated, scope-gated blueprint: a\n * path-looking value loads a local file (the \"copy & own\" path); otherwise it\n * is treated as a bundled blueprint name. Throws on an unknown name, a bad\n * shape (BlueprintValidationError), or a control-plane scope ({@link ScopeGateError}).\n */\nexport async function resolveTestBlueprint(fileOrName: string): Promise<Blueprint> {\n const raw: unknown = looksLikePath(fileOrName) ? await loadBlueprintFile(fileOrName) : getBlueprint(fileOrName);\n if (!raw) {\n throw new Error(\n `Unknown blueprint '${fileOrName}'. Pass a path (./my.yaml) or a bundled name: ${BLUEPRINT_NAMES.join(', ')}.`,\n );\n }\n return validateBlueprint(raw); // structural parse + data-plane scope gate\n}\n\n/** Render the human-readable harness report. */\nfunction renderReport(blueprint: Blueprint, env: string, report: HarnessReport): string {\n const lines: string[] = [];\n lines.push('');\n lines.push(` Blueprint test — '${blueprint.name}' (v${blueprint.version}) → '${blueprint.contextId}' on ${env}`);\n\n if (report.applied) {\n const a = report.applied;\n lines.push(\n ` ✔ applied — key ${a.keyName} (${a.keyAction}), ${Object.keys(a.schemaIds).length} schema(s)` +\n (a.seededCount ? `, ${a.seededCount} seed record(s)` : ''),\n );\n } else {\n lines.push(` ✖ apply failed — ${report.error ?? 'unknown error'}`);\n }\n\n if (report.assertions.length) {\n lines.push('');\n lines.push(' Assertions:');\n for (const a of report.assertions) lines.push(` ${a.ok ? '✔' : '✖'} ${a.name}: ${a.detail}`);\n }\n\n if (report.kept) {\n lines.push('');\n lines.push(' Teardown SKIPPED (--keep) — the provisioned graph is left in place.');\n } else if (report.teardown.length) {\n lines.push('');\n lines.push(' Teardown:');\n for (const t of report.teardown) {\n const mark = !t.ok ? '✖' : t.skipped ? '↷' : '✔';\n lines.push(` ${mark} ${t.step}${t.error ? ` — ${t.error}` : ''}`);\n }\n const tdFail = report.teardown.filter((t) => !t.ok);\n if (tdFail.length) lines.push(` ⚠ ${tdFail.length} teardown step(s) failed — manual cleanup may be needed.`);\n }\n\n lines.push('');\n lines.push(report.passed ? ' RESULT: PASS' : ' RESULT: FAIL');\n lines.push('');\n return lines.join('\\n');\n}\n\n/**\n * Run the blueprint-test verb end-to-end. `deps` (the `withAuth` seam) is\n * injectable for tests; the live harness core is exercised against a real\n * client built from the resolved {@link AuthContext}.\n */\nexport async function runBlueprintTest(\n fileOrName: string,\n opts: BlueprintTestOptions,\n deps: VerbDeps = {},\n): Promise<number> {\n // Resolve + gate the blueprint BEFORE authenticating (a control-plane\n // blueprint should fail fast without touching the API).\n let blueprint: Blueprint;\n try {\n blueprint = await resolveTestBlueprint(fileOrName);\n } catch (err) {\n if (err instanceof ScopeGateError) {\n process.stderr.write(` ✖ Scope gate refused blueprint:\\n`);\n for (const r of err.rejected) process.stderr.write(` • ${r.action}: ${r.reason}\\n`);\n return 2;\n }\n process.stderr.write(` ✖ ${formatError(err)}\\n`);\n return 1;\n }\n\n // `provisioning: true` → the narrow bootstrap st_* (creates the blueprint's\n // app-context); the harness re-mints a per-context token for the in-context load.\n return withAuth({ ...opts, provisioning: true }, deps, async (auth, log) => {\n // Isolate the harness key in an ephemeral store so a test run never\n // clobbers (or reuses) the real per-machine `~/.vectros` key.\n const vectrosDir = await fs.mkdtemp(path.join(os.tmpdir(), 'vectros-harness-'));\n // A unique per-run keyName so concurrent/repeat runs never collide and\n // teardown revokes exactly the key this run minted. Date.now() alone is\n // ms-resolution (two parallel runs can tie), so append random entropy.\n const machineId = `harness-${Date.now()}-${randomUUID().slice(0, 8)}`;\n\n try {\n const tenantId = requireTenantId(auth);\n const client = auth.client as unknown as HarnessApiClient;\n\n // The live credential proof: ping the partner API AS the minted key.\n const pingWithKey = async (rawKey: string): Promise<HarnessPing> => {\n const keyClient = new VectrosClient({ token: rawKey, environment: auth.baseUrl });\n const ping = await keyClient.auth.ping();\n return {\n principalType: ping.principalType,\n tenantId: ping.tenantId,\n allowedActions: ping.allowedActions,\n };\n };\n\n // Two-token bootstrap: the narrow provisioning bootstrap token creates\n // the context; a per-context re-mint carries the in-context data-plane scope the\n // loader/snapshot/assert/teardown need. Mirrors `cli-bootstrap.ts`'s wiring.\n const remintForContext = async (contextId: string): Promise<HarnessApiClient> => {\n const ctxToken = await mintContextToken({\n cognitoToken: auth.cognitoToken,\n apiBaseUrl: auth.baseUrl,\n contextId,\n });\n return new VectrosClient({\n token: ctxToken.token,\n environment: auth.baseUrl,\n }) as unknown as HarnessApiClient;\n };\n\n const report = await runBlueprintHarness(\n client,\n { blueprint, tenantId, machineId, vectrosDir, keep: opts.keep, log, remintForContext },\n { pingWithKey },\n );\n\n if (opts.json) {\n // Stamp the run context the raw HarnessReport doesn't carry, so a\n // machine consumer knows which blueprint/env a result came from.\n const envelope = {\n blueprint: { name: blueprint.name, version: blueprint.version, contextId: blueprint.contextId },\n env: auth.env,\n ...report,\n };\n process.stdout.write(`${formatJson(envelope)}\\n`);\n } else {\n process.stdout.write(`${renderReport(blueprint, auth.env, report)}\\n`);\n }\n return report.passed ? 0 : 1;\n } catch (err) {\n process.stderr.write(` ✖ blueprint-test failed: ${formatError(err)}\\n`);\n return 1;\n } finally {\n // Best-effort cleanup of the ephemeral key store.\n await fs.rm(vectrosDir, { recursive: true, force: true }).catch(() => {});\n }\n });\n}\n","/**\n * The blueprint test harness core — a schema-AGNOSTIC\n * apply → assert → teardown round-trip that proves a blueprint provisions a\n * working, least-privilege credential against a live partner API.\n *\n * snapshot read what already exists (schemas by typeName, AccessProfiles\n * by principal) BEFORE provisioning, so teardown can delete ONLY\n * what this run creates and never clobber pre-existing data on a\n * shared tenant (the loader's creates are idempotent — a \"create\"\n * that hits an existing schema returns that schema's id, so a naive\n * delete-by-id would destroy a resource the run didn't own).\n * apply reuse the deterministic {@link runLoader} (schemas → context →\n * principal → AccessProfile → ssk_* → seed). The harness owns NO\n * provisioning logic of its own — it exercises the real loader.\n * assert read the graph back through the SDK (getAppContext + getSchema\n * per schema) AND ping the partner API *with the freshly minted\n * ssk_** — the end-to-end credential proof: a blueprint that\n * provisions an unusable key fails here, not in production.\n * teardown best-effort delete of everything the run CREATED (key → seed\n * records → profile → schemas), in a `finally` so a FAILED ASSERT\n * STILL TEARS DOWN (the cleanup-on-failure guarantee). Created-only:\n * schemas/profiles that pre-existed the run are left untouched.\n * Deliberately does NOT delete the app-context — the context-teardown\n * backend is still in flight (held); a blueprint's context is\n * idempotent + reused, so leaving it is harmless.\n *\n * DECOUPLING (mirrors loader.ts): the harness talks to a narrow\n * {@link HarnessApiClient} whose every request/response type is DERIVED from\n * the real SDK (`Parameters<…>` / `ReturnType<…>`), so SDK drift is a COMPILE\n * error here — never a silent runtime no-op behind an `as` cast (the blind\n * spot the Tier-2 panel caught three times on the verb catalog). The CLI passes\n * the real `VectrosClient` cast to it; tests pass a fake.\n *\n * PURITY: `runBlueprintHarness` performs no I/O of its own beyond the injected\n * client + the `pingWithKey` dep, so the snapshot/apply/assert/teardown\n * orchestration is unit-tested with a fake client + a fake ping. The live runner\n * (commands/blueprint-test.ts) wires the real SDK, an ephemeral key store, and\n * a real `pingWithKey` that constructs a key-bearing `VectrosClient`.\n */\nimport type { VectrosClient } from '@vectros-ai/sdk';\nimport type { Blueprint } from '@vectros-ai/blueprints';\nimport type { Logger } from './log.js';\nimport { runLoader, type BootstrapApiClient, type LoaderResult } from './loader.js';\nimport { keyNameFor } from './machine-id.js';\n\n// ===========================================================================\n// SDK conformance — the read + delete surface the harness uses on top of the\n// loader's apply surface (BootstrapApiClient). Same derivation discipline as\n// loader.ts: any drift in these SDK signatures fails to compile HERE.\n// ===========================================================================\ntype SdkGetAppContextReq = Parameters<VectrosClient['auth']['getAppContext']>[0];\ntype SdkGetAppContextRes = Awaited<ReturnType<VectrosClient['auth']['getAppContext']>>;\ntype SdkGetSchemaReq = Parameters<VectrosClient['schemas']['getSchema']>[0];\ntype SdkGetSchemaRes = Awaited<ReturnType<VectrosClient['schemas']['getSchema']>>;\ntype SdkListProfilesReq = Parameters<VectrosClient['auth']['listAccessProfiles']>[0];\ntype SdkListProfilesRes = Awaited<ReturnType<VectrosClient['auth']['listAccessProfiles']>>;\ntype SdkListKeysRes = Awaited<ReturnType<VectrosClient['auth']['listScopedKeys']>>;\ntype SdkDeleteProfileReq = Parameters<VectrosClient['auth']['deleteAccessProfile']>[0];\ntype SdkDeleteSchemaReq = Parameters<VectrosClient['schemas']['deleteSchema']>[0];\ntype SdkDeleteRecordReq = Parameters<VectrosClient['records']['deleteRecord']>[0];\ntype SdkLookupReq = Parameters<VectrosClient['records']['lookupRecords']>[0];\ntype SdkLookupRes = Awaited<ReturnType<VectrosClient['records']['lookupRecords']>>;\ntype SdkListRolesReq = Parameters<VectrosClient['auth']['listRoles']>[0];\ntype SdkListRolesRes = Awaited<ReturnType<VectrosClient['auth']['listRoles']>>;\ntype SdkDeleteRoleReq = Parameters<VectrosClient['auth']['deleteRole']>[0];\n\n// SDK 0.20+: every list endpoint now returns the `{data, nextCursor}`\n// PAGE envelope rather than a bare array. So the element type is read off\n// `.data` (NonNullable — `data` is optional in the SDK type), and the methods\n// below return the page envelope, not an array. The element VIEWS stay\n// SDK-derived (a field rename = compile error here); the envelope shape is the\n// stable page-envelope contract.\n/** Page envelope narrowed to the element view the harness reads. */\ntype PageOf<T> = { data?: T[]; nextCursor?: string | null };\n\n/** The scoped-key fields the harness reads to find + revoke its own key. */\ntype ScopedKeyView = Pick<NonNullable<SdkListKeysRes['data']>[number], 'keyId' | 'keyName' | 'contextId' | 'userId' | 'status'>;\n/** The access-profile fields the snapshot reads to detect a pre-existing binding. */\ntype ProfileView = Pick<NonNullable<SdkListProfilesRes['data']>[number], 'id' | 'principalId'>;\n/** The role field the snapshot reads to detect a pre-existing role. */\ntype RoleListView = Pick<NonNullable<SdkListRolesRes['data']>[number], 'roleId'>;\n/** The lookup-result element the assert phase reads (presence is what matters). */\ntype LookupRecordView = Pick<NonNullable<SdkLookupRes['data']>[number], 'id'>;\n\n/**\n * The narrow SDK surface the harness needs: the loader's apply methods\n * ({@link BootstrapApiClient}) PLUS the read/list/delete methods used by\n * snapshot + assert + teardown. Extending `BootstrapApiClient` lets the same\n * client be handed straight to {@link runLoader} with no second cast.\n */\nexport interface HarnessApiClient extends BootstrapApiClient {\n auth: BootstrapApiClient['auth'] & {\n getAppContext(req: SdkGetAppContextReq): Promise<Pick<SdkGetAppContextRes, 'contextId' | 'name'>>;\n listScopedKeys(): Promise<PageOf<ScopedKeyView>>;\n listAccessProfiles(req: SdkListProfilesReq): Promise<PageOf<ProfileView>>;\n deleteAccessProfile(req: SdkDeleteProfileReq): Promise<void>;\n listRoles(req: SdkListRolesReq): Promise<PageOf<RoleListView>>;\n deleteRole(req: SdkDeleteRoleReq): Promise<void>;\n };\n schemas: BootstrapApiClient['schemas'] & {\n // listSchemas is inherited from BootstrapApiClient (the loader added it for\n // schema-conflict resolution); the snapshot reuses it via `.data[].typeName`.\n getSchema(req: SdkGetSchemaReq): Promise<Pick<SdkGetSchemaRes, 'id' | 'typeName'>>;\n deleteSchema(req: SdkDeleteSchemaReq): Promise<void>;\n };\n records: BootstrapApiClient['records'] & {\n deleteRecord(req: SdkDeleteRecordReq): Promise<void>;\n /**\n * Resolve records by an indexed field. The assert phase uses it to prove a seed's\n * FIRST-CLASS externalId actually resolves — the end-to-end check that catches a\n * loader writing externalId only into `payload`, where this returns 0 hits\n * even though the record exists. Mirrors a `reference`'s default `targetField`\n * resolution, so it also guards the reference path.\n */\n lookupRecords(req: SdkLookupReq): Promise<PageOf<LookupRecordView>>;\n };\n}\n\n/** The fields the assert phase reads off a `/v1/ping` made with the minted key. */\nexport interface HarnessPing {\n /** Principal classification — MUST be 'scoped_key' for a blueprint-minted ssk_*. */\n principalType: string;\n /** Tenant the key authenticates under. */\n tenantId: string;\n /** Effective allowed-action grammar (present iff principalType == scoped_key). */\n allowedActions?: string[];\n}\n\n/** Injected side effects (so the core stays I/O-free and unit-testable). */\nexport interface HarnessDeps {\n /**\n * Ping the partner API authenticating with the freshly minted raw `ssk_*`.\n * The live runner builds a `new VectrosClient({ token: rawKey, environment })`\n * and calls `.auth.ping()`; the unit test fakes it.\n */\n pingWithKey(rawKey: string): Promise<HarnessPing>;\n}\n\nexport interface HarnessInput {\n blueprint: Blueprint;\n /** Partner tenant id (resolved by the runner via /v1/ping). */\n tenantId: string;\n /**\n * A per-run machine id → per-run keyName. The live runner uses a UNIQUE id\n * so concurrent/repeat runs never collide on the same `ssk_*` (and teardown\n * always revokes exactly the key this run minted).\n */\n machineId: string;\n /** Ephemeral key-store dir for the loader — isolates the harness key from `~/.vectros`. */\n vectrosDir?: string;\n /** Leave the provisioned graph in place (skip teardown) for manual inspection. */\n keep?: boolean;\n /**\n * Re-mint a client whose authority is CONFINED to {@code contextId} (the\n * two-token bootstrap). The primary {@code client} is the NARROW provisioning\n * bootstrap token — it creates the app-context but holds no in-context data-plane\n * scope, so the loader (apply), plus snapshot/assert/teardown reads+deletes, run\n * through the per-context client. Omitted by single-token callers (the unit suite's\n * fake client already has full scope), in which case all phases use {@code client}.\n */\n remintForContext?: (contextId: string) => Promise<HarnessApiClient>;\n log: Logger;\n}\n\n/** One assertion in the assert phase. */\nexport interface AssertionResult {\n name: string;\n ok: boolean;\n detail: string;\n}\n\n/** One best-effort teardown step. */\nexport interface TeardownResult {\n step: string;\n ok: boolean;\n /** Present on failure OR on an intentional skip (e.g. a pre-existing resource). */\n error?: string;\n /** True when the step deleted nothing on purpose (pre-existing / already-gone). */\n skipped?: boolean;\n}\n\n/** What the apply phase provisioned (echoed for the report). */\nexport interface AppliedSummary {\n contextId: string;\n principalId: string;\n keyName: string;\n keyAction: LoaderResult['keyAction'];\n /** typeName → schemaId. */\n schemaIds: Record<string, string>;\n seededCount: number;\n}\n\nexport interface HarnessReport {\n /** True iff apply succeeded AND every assertion passed. Teardown failures do NOT flip this. */\n passed: boolean;\n /** Populated once apply succeeds; undefined if apply itself threw. */\n applied?: AppliedSummary;\n assertions: AssertionResult[];\n teardown: TeardownResult[];\n /** True when teardown was skipped via `keep`. */\n kept: boolean;\n /** Set iff the apply phase threw (assert never ran). */\n error?: string;\n}\n\n/** Pre-apply existence snapshot — what NOT to delete in teardown (it pre-existed). */\ninterface ExistenceSnapshot {\n /** typeNames already present before this run (never delete these schemas). */\n existingSchemaTypes: Set<string>;\n /** principalIds already bound in the context (never delete these profiles). */\n existingProfilePrincipals: Set<string>;\n /** roleIds already present in the context (never delete these roles). */\n existingRoleIds: Set<string>;\n /**\n * True when a snapshot read FAILED. Fail-safe: if we can't prove a resource\n * pre-existed, we do NOT delete it (skip schema/profile teardown), trading a\n * possible orphan for never destroying data we don't own.\n */\n failed: boolean;\n}\n\nconst errMsg = (e: unknown): string => (e instanceof Error ? e.message : String(e));\n\n/**\n * A 404 from a context-scoped list read means the CONTEXT DOESN'T EXIST YET (a\n * blueprint's first apply into a fresh context, before step 2 creates it). That\n * is NOT a snapshot failure: a non-existent context can hold no pre-existing\n * resources, so the created-only teardown can safely delete everything this run\n * creates. Treating it as a failure (the old `catch { failed = true }`) made the\n * FIRST run against any new context skip ALL idempotent deletes → leak its\n * schema/profile/roles → and (schema create is NOT idempotent) break every\n * later run with \"typeName already exists\". So a 404 ⇒ empty set, snapshot still\n * trustworthy; only a non-404 error (auth/5xx) trips the fail-safe.\n */\nconst isNotFound = (e: unknown): boolean =>\n typeof e === 'object' && e !== null && (e as { statusCode?: number }).statusCode === 404;\n\n/**\n * Capture what already exists before provisioning, so teardown only deletes\n * resources THIS run created. Best-effort: a non-404 failed read sets `failed`,\n * which makes teardown conservatively skip the idempotent (schema/profile/role)\n * deletes. A 404 (context not yet created) is an EMPTY snapshot, not a failure.\n */\n/** Page size for the paginated snapshots (the SDK caps `limit` at 100). */\nconst SNAPSHOT_PAGE_SIZE = 100;\n\nasync function captureSnapshot(client: HarnessApiClient, blueprint: Blueprint): Promise<ExistenceSnapshot> {\n const existingSchemaTypes = new Set<string>();\n const existingProfilePrincipals = new Set<string>();\n const existingRoleIds = new Set<string>();\n let failed = false;\n try {\n // listSchemas is NOW paginated (SchemaPage) — it previously returned\n // every schema in one unpaged call. Drain via nextCursor or a pre-existing\n // schema on page 2+ is missed → teardown could delete a schema it didn't\n // create (the data-loss class). Drive the loop on the OPAQUE nextCursor, not\n // a `page.length < limit` heuristic (a full final page returns null cursor).\n let cursor: string | undefined;\n for (;;) {\n const page = await client.schemas.listSchemas({ limit: SNAPSHOT_PAGE_SIZE, startFrom: cursor });\n for (const s of page.data ?? []) if (s.typeName) existingSchemaTypes.add(s.typeName);\n const next = page.nextCursor;\n if (!next) break; // null/absent cursor = no more pages\n cursor = next;\n }\n } catch (e) {\n if (!isNotFound(e)) failed = true;\n }\n try {\n // listAccessProfiles is paginated (startFrom cursor + limit, default 20).\n // Drain to exhaustion so a pre-existing profile beyond the first page is\n // still seen — otherwise teardown could delete a binding it didn't create.\n let startFrom: string | undefined;\n for (;;) {\n const page = await client.auth.listAccessProfiles({\n contextId: blueprint.contextId,\n limit: SNAPSHOT_PAGE_SIZE,\n startFrom,\n });\n for (const p of page.data ?? []) if (p.principalId) existingProfilePrincipals.add(p.principalId);\n const next = page.nextCursor;\n if (!next) break;\n startFrom = next;\n }\n } catch (e) {\n if (!isNotFound(e)) failed = true;\n }\n try {\n // listRoles is paginated (same cursor contract). Drain so a pre-existing\n // role beyond page 1 is seen → teardown never deletes a role it didn't create.\n let startFrom: string | undefined;\n for (;;) {\n const page = await client.auth.listRoles({\n contextId: blueprint.contextId,\n limit: SNAPSHOT_PAGE_SIZE,\n startFrom,\n });\n for (const r of page.data ?? []) if (r.roleId) existingRoleIds.add(r.roleId);\n const next = page.nextCursor;\n if (!next) break;\n startFrom = next;\n }\n } catch (e) {\n if (!isNotFound(e)) failed = true;\n }\n return { existingSchemaTypes, existingProfilePrincipals, existingRoleIds, failed };\n}\n\n/** Build the assertion list from the applied graph (no I/O beyond the injected client/ping). */\nasync function runAssertions(\n client: HarnessApiClient,\n deps: HarnessDeps,\n blueprint: Blueprint,\n tenantId: string,\n result: LoaderResult,\n): Promise<AssertionResult[]> {\n const assertions: AssertionResult[] = [];\n\n // 1. Credential proof — ping the partner API AS the minted key. This is the\n // assertion that production can't fake: a blueprint that provisions a key\n // the authorizer rejects (or under-scopes) fails right here.\n //\n // NB: the action check is a verbatim string superset (want ⊆ got). The\n // platform echoes a key's allowedActions through /v1/ping byte-for-byte\n // from what the AccessProfile stored (no server-side `resource:*`\n // expansion today), so authored literal tokens round-trip exactly. If the\n // platform ever expands wildcards on read, this check would need to expand\n // `want` the same way.\n try {\n const ping = await deps.pingWithKey(result.rawKey);\n const wantActions = blueprint.accessProfile.allowedActions;\n const got = ping.allowedActions ?? [];\n const missing = wantActions.filter((a) => !got.includes(a));\n const ok =\n ping.principalType === 'scoped_key' && ping.tenantId === tenantId && missing.length === 0;\n assertions.push({\n name: 'credential',\n ok,\n detail: ok\n ? `ssk_* authenticates as scoped_key in tenant ${tenantId}; actions [${got.join(', ')}]`\n : `principalType=${ping.principalType} tenant=${ping.tenantId}` +\n (missing.length ? ` missing actions [${missing.join(', ')}]` : ''),\n });\n } catch (e) {\n assertions.push({ name: 'credential', ok: false, detail: `ping with ssk_* failed: ${errMsg(e)}` });\n }\n\n // 2. App-context exists + echoes the requested contextId.\n try {\n const ctx = await client.auth.getAppContext({ contextId: blueprint.contextId });\n const ok = ctx.contextId === blueprint.contextId;\n assertions.push({\n name: 'context',\n ok,\n detail: ok ? `context '${blueprint.contextId}' present` : `expected '${blueprint.contextId}', got '${ctx.contextId ?? '(none)'}'`,\n });\n } catch (e) {\n assertions.push({ name: 'context', ok: false, detail: `getAppContext failed: ${errMsg(e)}` });\n }\n\n // 3. Each schema is readable back + reports the expected typeName.\n for (const [typeName, schemaId] of Object.entries(result.schemaIds)) {\n try {\n const schema = await client.schemas.getSchema({ id: schemaId });\n const ok = schema.typeName === typeName;\n assertions.push({\n name: `schema:${typeName}`,\n ok,\n detail: ok ? `schema '${typeName}' (${schemaId}) readable` : `schema ${schemaId} typeName '${schema.typeName ?? '(none)'}' ≠ '${typeName}'`,\n });\n } catch (e) {\n assertions.push({ name: `schema:${typeName}`, ok: false, detail: `getSchema(${schemaId}) failed: ${errMsg(e)}` });\n }\n }\n\n // 3b. Each seed record resolves by its FIRST-CLASS externalId — the end-to-end proof\n // the loader wrote externalId top-level on the RecordRequest, not just into payload.\n // A loader that smuggled it into payload leaves model.externalId null → 0\n // hits here, while get-by-id + schema-readback still pass — the exact loader-shaped\n // bug that schema-readback + credential alone could not catch. It is also the\n // resolution a `reference` (default targetField=externalId) relies on, so this one\n // assertion guards both lookup-by-externalId and reference resolution.\n for (const rec of blueprint.seed ?? []) {\n try {\n const page = await client.records.lookupRecords({\n type: rec.typeName,\n field: 'externalId',\n value: rec.externalId,\n });\n const ok = (page.data ?? []).length >= 1;\n assertions.push({\n name: `seed-externalId:${rec.externalId}`,\n ok,\n detail: ok\n ? `'${rec.typeName}' seed resolves by externalId '${rec.externalId}'`\n : `'${rec.typeName}' seed externalId '${rec.externalId}' resolved 0 records — externalId is not first-class (written only in payload?)`,\n });\n } catch (e) {\n assertions.push({\n name: `seed-externalId:${rec.externalId}`,\n ok: false,\n detail: `lookupRecords(externalId='${rec.externalId}') failed: ${errMsg(e)}`,\n });\n }\n }\n\n // 4. Each role this run ensured is present in the context (the createRole proof\n // — a blueprint whose role silently failed to mint fails HERE, not in\n // production; roles are wired through apply/teardown, this is the verify leg).\n if (result.roleIds.length > 0) {\n try {\n const present = new Set<string>();\n let startFrom: string | undefined;\n for (;;) {\n const page = await client.auth.listRoles({ contextId: blueprint.contextId, limit: 100, startFrom });\n for (const r of page.data ?? []) if (r.roleId) present.add(r.roleId);\n const next = page.nextCursor;\n if (!next) break;\n startFrom = next;\n }\n for (const roleId of result.roleIds) {\n const ok = present.has(roleId);\n assertions.push({\n name: `role:${roleId}`,\n ok,\n detail: ok ? `role '${roleId}' present in '${blueprint.contextId}'` : `role '${roleId}' NOT found in '${blueprint.contextId}'`,\n });\n }\n } catch (e) {\n for (const roleId of result.roleIds) {\n assertions.push({ name: `role:${roleId}`, ok: false, detail: `listRoles failed: ${errMsg(e)}` });\n }\n }\n }\n\n return assertions;\n}\n\n/**\n * Best-effort teardown of everything a run CREATED, in dependency order\n * (key → seed records → profile → schemas). Each step is independently guarded\n * so one failure never blocks the rest. Created-only: schemas/profiles that\n * pre-existed the run (per {@link ExistenceSnapshot}) are skipped, never\n * deleted. Deliberately omits the app-context (held).\n *\n * Works with or without a {@link LoaderResult}: after a successful apply it\n * deletes records + (newly created) profile + schemas; after an apply FAILURE\n * it can still revoke the key by name (the only identifier derivable without a\n * result), limiting orphan keys.\n */\nasync function runTeardown(\n client: HarnessApiClient,\n blueprint: Blueprint,\n machineId: string,\n snapshot: ExistenceSnapshot,\n result: LoaderResult | undefined,\n): Promise<TeardownResult[]> {\n const steps: TeardownResult[] = [];\n const keyName = result?.keyName ?? keyNameFor(blueprint.name, machineId);\n\n // 1. Revoke the minted key — find its id by matching the tuple we minted.\n // The keyName is unique per run, so this only ever revokes our own key.\n try {\n // listScopedKeys returns a ScopedKeyPage. It exposes NO cursor input\n // (the SDK method takes only requestOptions), so we read the single page's\n // `.data`; our keyName is unique per run, so the match within it is exact.\n const page = await client.auth.listScopedKeys();\n const keys = page.data ?? [];\n const match = keys.find(\n (k) =>\n k.keyName === keyName &&\n k.contextId === blueprint.contextId &&\n (result ? k.userId === result.servicePrincipalUserId : true) &&\n k.status === 'active',\n );\n if (match?.keyId) {\n await client.auth.revokeScopedKey({ keyId: match.keyId });\n steps.push({ step: `revoke key ${keyName}`, ok: true });\n } else {\n steps.push({ step: `revoke key ${keyName}`, ok: true, skipped: true, error: 'no active key matched (already gone)' });\n }\n } catch (e) {\n steps.push({ step: `revoke key ${keyName}`, ok: false, error: errMsg(e) });\n }\n\n // Without a result there are no provisioned record/profile/schema ids to act on.\n if (!result) return steps;\n\n // 2. Delete the seed records this run upserted (always ours — blueprint-owned\n // externalIds). Before their schema, which they reference.\n for (const id of result.seededRecordIds) {\n try {\n await client.records.deleteRecord({ id });\n steps.push({ step: `delete record ${id}`, ok: true });\n } catch (e) {\n steps.push({ step: `delete record ${id}`, ok: false, error: errMsg(e) });\n }\n }\n\n // 3. Delete the AccessProfile — ONLY if this run created it (the principal\n // wasn't already bound in the context) and the snapshot is trustworthy.\n const principalId = `usr_${result.servicePrincipalUserId}`;\n if (snapshot.failed) {\n steps.push({ step: `delete access profile ${principalId}`, ok: true, skipped: true, error: 'skipped — pre-apply snapshot failed; cannot prove ownership' });\n } else if (snapshot.existingProfilePrincipals.has(principalId)) {\n steps.push({ step: `delete access profile ${principalId}`, ok: true, skipped: true, error: 'skipped — pre-existed this run' });\n } else {\n try {\n await client.auth.deleteAccessProfile({ contextId: blueprint.contextId, principalId });\n steps.push({ step: `delete access profile ${principalId}`, ok: true });\n } catch (e) {\n steps.push({ step: `delete access profile ${principalId}`, ok: false, error: errMsg(e) });\n }\n }\n\n // 3b. Delete each role this run CREATED — created-only, mirroring schemas:\n // skip a roleId that pre-existed (idempotent create re-touched it) and skip\n // all if the snapshot is untrustworthy (orphan > wrongful delete).\n for (const roleId of result.roleIds) {\n if (snapshot.failed) {\n steps.push({ step: `delete role ${roleId}`, ok: true, skipped: true, error: 'skipped — pre-apply snapshot failed; cannot prove ownership' });\n continue;\n }\n if (snapshot.existingRoleIds.has(roleId)) {\n steps.push({ step: `delete role ${roleId}`, ok: true, skipped: true, error: 'skipped — pre-existed this run' });\n continue;\n }\n try {\n await client.auth.deleteRole({ contextId: blueprint.contextId, roleId });\n steps.push({ step: `delete role ${roleId}`, ok: true });\n } catch (e) {\n steps.push({ step: `delete role ${roleId}`, ok: false, error: errMsg(e) });\n }\n }\n\n // 4. Delete each schema this run CREATED — skip any whose typeName already\n // existed (the idempotent create returned a pre-existing schema's id).\n const toDelete: Array<[string, string]> = []; // [typeName, schemaId]\n for (const [typeName, schemaId] of Object.entries(result.schemaIds)) {\n if (snapshot.failed) {\n steps.push({ step: `delete schema ${typeName}`, ok: true, skipped: true, error: 'skipped — pre-apply snapshot failed; cannot prove ownership' });\n continue;\n }\n if (snapshot.existingSchemaTypes.has(typeName)) {\n steps.push({ step: `delete schema ${typeName}`, ok: true, skipped: true, error: 'skipped — pre-existed this run' });\n continue;\n }\n toDelete.push([typeName, schemaId]);\n }\n // Retry until no progress: a schema referenced by another (a `reference` field) can't\n // be deleted while its referrer still exists, and deletion order is creation order\n // (referent before referrer) → ConflictError. Each pass deletes what it can; once a\n // referrer is gone its referent becomes deletable. Bounded by toDelete shrinking.\n const lastError = new Map<string, string>();\n while (toDelete.length > 0) {\n const before = toDelete.length;\n for (let i = toDelete.length - 1; i >= 0; i--) {\n const [typeName, schemaId] = toDelete[i];\n try {\n await client.schemas.deleteSchema({ id: schemaId });\n steps.push({ step: `delete schema ${typeName}`, ok: true });\n toDelete.splice(i, 1);\n } catch (e) {\n lastError.set(typeName, errMsg(e));\n }\n }\n if (toDelete.length === before) break; // a full pass deleted nothing → genuinely stuck\n }\n for (const [typeName] of toDelete) {\n steps.push({ step: `delete schema ${typeName}`, ok: false, error: lastError.get(typeName) ?? 'could not delete' });\n }\n\n return steps;\n}\n\n/**\n * Run the full snapshot → apply → assert → teardown harness for a blueprint.\n * Returns a structured {@link HarnessReport}; never throws for an API-level\n * failure (the caller maps `passed` to an exit code). Teardown ALWAYS runs\n * (unless `keep`), even when an assertion failed or threw.\n *\n * The blueprint must already be validated + scope-gated by the caller (the live\n * runner does this); the loader re-asserts the scope gate as defense in depth.\n */\nexport async function runBlueprintHarness(\n client: HarnessApiClient,\n input: HarnessInput,\n deps: HarnessDeps,\n): Promise<HarnessReport> {\n const { blueprint, tenantId, machineId, vectrosDir, keep = false, log, remintForContext } = input;\n\n // In-context work (snapshot reads, assert reads, teardown deletes) needs a client\n // with DATA-PLANE scope IN the blueprint's context. Under the two-token bootstrap\n // the primary `client` is the NARROW provisioning token (creates the context\n // but holds no schemas:/records: scope), so those phases run through a per-context\n // re-mint. Single-token callers (the unit suite's fully-scoped fake) omit the\n // re-mint and every phase uses `client`.\n const remint = remintForContext ?? (async (): Promise<HarnessApiClient> => client);\n\n // SNAPSHOT — capture pre-existing resources so teardown deletes only what we create.\n // With a re-mint wired, a brand-new context CANNOT be re-minted yet (it doesn't\n // exist) — and that failure is the signal that it holds nothing pre-existing → an\n // EMPTY snapshot, not a failure. An existing context (re-run / default) re-mints\n // fine and gets a real read.\n let snapshot: ExistenceSnapshot;\n if (remintForContext) {\n try {\n snapshot = await captureSnapshot(await remintForContext(blueprint.contextId), blueprint);\n } catch (e) {\n // The re-mint threw. A 404 means the context doesn't exist yet (a new\n // blueprint's first apply) → it can hold NOTHING pre-existing, so an empty\n // snapshot is correct and created-only teardown can delete all this run makes.\n // Any OTHER failure (network / 5xx / expired token) against an EXISTING context\n // is NOT proof of emptiness — mark `failed` so teardown conservatively SKIPS\n // the idempotent deletes rather than risk destroying pre-existing data.\n snapshot = {\n existingSchemaTypes: new Set(),\n existingProfilePrincipals: new Set(),\n existingRoleIds: new Set(),\n failed: !isNotFound(e),\n };\n }\n } else {\n snapshot = await captureSnapshot(client, blueprint);\n }\n\n let result: LoaderResult | undefined;\n let assertions: AssertionResult[] = [];\n let applyError: string | undefined;\n\n try {\n // APPLY — the real deterministic loader. It creates the context with the bootstrap\n // `client`, then (via remintForContext) re-mints a per-context client for the\n // in-context writes (schemas/profile/key/seed).\n result = await runLoader(client, { blueprint, tenantId, machineId, vectrosDir, log, remintForContext });\n log.debug({ component: 'harness', contextId: result.contextId, keyName: result.keyName }, 'applied');\n\n // ASSERT — read the graph back + prove the credential, through the per-context\n // client (the context now exists, so the re-mint succeeds).\n assertions = await runAssertions(await remint(blueprint.contextId), deps, blueprint, tenantId, result);\n } catch (e) {\n applyError = errMsg(e);\n log.warn({ component: 'harness', err: applyError }, 'apply phase failed');\n }\n\n // TEARDOWN — always (unless keep), through the per-context client (deletes are\n // in-context). Falls back to the primary client if the re-mint fails (e.g. the\n // context was never created because apply threw early).\n let teardown: TeardownResult[] = [];\n if (!keep) {\n let tdClient = client;\n try {\n tdClient = await remint(blueprint.contextId);\n } catch {\n /* context absent (apply failed before creating it) → primary client */\n }\n teardown = await runTeardown(tdClient, blueprint, machineId, snapshot, result);\n }\n\n const passed = applyError === undefined && assertions.length > 0 && assertions.every((a) => a.ok);\n\n return {\n passed,\n applied: result\n ? {\n contextId: result.contextId,\n principalId: `usr_${result.servicePrincipalUserId}`,\n keyName: result.keyName,\n keyAction: result.keyAction,\n schemaIds: result.schemaIds,\n seededCount: result.seededCount,\n }\n : undefined,\n assertions,\n teardown,\n kept: keep,\n error: applyError,\n };\n}\n","/**\n * Build-time provenance for the published CLI.\n *\n * `@vectros-ai/sdk` and `@vectros-ai/blueprints` are **bundled** into the binary\n * (tsup `noExternal`), so at runtime there is no `node_modules/@vectros-ai/*`\n * to read their versions from — the only way to know *which* SDK/blueprints a\n * given `@vectros-ai/cli` build shipped is to capture it at build time.\n *\n * tsup's `define` (see tsup.config.ts) replaces the `__*_VERSION__` tokens with\n * the versions RESOLVED AT BUILD TIME. Under `tsx` (the unit-test runner, which\n * doesn't apply tsup's define) the tokens are undefined → the `'dev'` fallback.\n * The `typeof` guard keeps the else-branch from ReferenceError-ing under tsx.\n */\ndeclare const __CLI_VERSION__: string | undefined;\ndeclare const __SDK_VERSION__: string | undefined;\ndeclare const __BLUEPRINTS_VERSION__: string | undefined;\n\nexport const BUILD_INFO = {\n cli: typeof __CLI_VERSION__ !== 'undefined' ? __CLI_VERSION__ : 'dev',\n sdk: typeof __SDK_VERSION__ !== 'undefined' ? __SDK_VERSION__ : 'dev',\n blueprints:\n typeof __BLUEPRINTS_VERSION__ !== 'undefined' ? __BLUEPRINTS_VERSION__ : 'dev',\n} as const;\n\n/** One-line provenance string, e.g. `vectros 0.5.0 (sdk 0.29.5, blueprints 0.5.0)`. */\nexport function formatBuildInfo(): string {\n return `vectros ${BUILD_INFO.cli} (sdk ${BUILD_INFO.sdk}, blueprints ${BUILD_INFO.blueprints})`;\n}\n","#!/usr/bin/env node\n/**\n * `vectros` — the Vectros provisioning CLI (the bin entry).\n *\n * Command groups:\n * bootstrap One-shot: provision a least-privilege MCP credential (ssk_* +\n * AccessProfile + optional blueprint) WITHOUT the root sk_*\n * `vectros bootstrap --help`.\n * blueprint Author + inspect blueprints (init, validate, plan, list).\n * Creds-free. `vectros blueprint --help`.\n * whoami Show the authenticated session (tenant, env, principal).\n *\n * PARSING — why two layers. `bootstrap` and `blueprint` carry their own mature,\n * extensively-tested hand-rolled arg parsers (`parseBootstrapArgs` /\n * `parseBlueprintArgs`). They are dispatched DIRECTLY (the pre-commander check\n * below) so their behavior + tests stay untouched. Everything new is parsed by\n * `commander` (the program built in {@link buildProgram}, in `program.ts`) for\n * consistent nested subcommands, `--help`, and option validation across the\n * growing verb catalog. The two legacy commands are listed in `--help` via an\n * epilogue so the catalog still reads as one CLI.\n *\n * The verb catalog lives in `program.ts` (importable + testable) — this file is\n * just the entry: legacy-passthrough dispatch + the commander hand-off. main()\n * runs unconditionally on import — there is intentionally no\n * `require.main === module` guard, because the tsup CJS bundle would\n * mis-evaluate it (CONVENTIONS § 46).\n */\nimport { runBootstrapCli } from './cli-bootstrap.js';\nimport { runBlueprintCli } from './cli-blueprint.js';\nimport { buildProgram } from './program.js';\n\n/** Legacy command groups dispatched directly to their own parsers (see header). */\nconst PASSTHROUGH_COMMANDS: Record<string, (argv: string[]) => Promise<number>> = {\n bootstrap: runBootstrapCli,\n blueprint: runBlueprintCli,\n};\n\nasync function main(): Promise<void> {\n const sub = process.argv[2];\n\n // Legacy groups: dispatch directly to their own tested parsers (see header).\n const passthrough = sub ? PASSTHROUGH_COMMANDS[sub] : undefined;\n if (passthrough) {\n process.exit(await passthrough(process.argv.slice(3)));\n }\n\n // Everything else (incl. --help / --version / the verb catalog) → commander.\n await buildProgram().parseAsync(process.argv);\n}\n\nmain().catch((err) => {\n // Last-ditch fallback — anything not caught above. Print the message by\n // default; the full stack only under VECTROS_MCP_DEBUG (parity with bootstrap).\n process.stderr.write(`fatal: ${err instanceof Error ? err.message : String(err)}\\n`);\n if (process.env.VECTROS_MCP_DEBUG && err instanceof Error && err.stack) {\n process.stderr.write(`${err.stack}\\n`);\n }\n process.exit(2);\n});\n"],"mappings":";;;AAsBA,YAAY,cAAc;;;ACtB1B,IAAI,YAAY,OAAO;AACvB,IAAI,WAAW,CAAC,QAAQ,QAAQ;AAC9B,WAAS,QAAQ;AACf,cAAU,QAAQ,MAAM,EAAE,KAAK,IAAI,IAAI,GAAG,YAAY,KAAK,CAAC;AAChE;AAGA,IAAI,cAAc,CAAC;AACnB,SAAS,aAAa;AAAA,EACpB,sBAAsB,MAAM;AAAA,EAC5B,oBAAoB,MAAM;AAAA,EAC1B,iBAAiB,MAAM;AAAA,EACvB,mBAAmB,MAAM;AAAA,EACzB,mBAAmB,MAAM;AAAA,EACzB,kBAAkB,MAAM;AAAA,EACxB,aAAa,MAAM;AAAA,EACnB,eAAe,MAAM;AAAA,EACrB,eAAe,MAAM;AAAA,EACrB,mBAAmB,MAAM;AAAA,EACzB,sBAAsB,MAAM;AAAA,EAC5B,sBAAsB,MAAM;AAAA,EAC5B,uBAAuB,MAAM;AAAA,EAC7B,iBAAiB,MAAM;AAAA,EACvB,kBAAkB,MAAM;AAAA,EACxB,WAAW,MAAM;AAAA,EACjB,oBAAoB,MAAM;AAAA,EAC1B,gBAAgB,MAAM;AAAA,EACtB,wBAAwB,MAAM;AAAA,EAC9B,YAAY,MAAM;AAAA,EAClB,gBAAgB,MAAM;AAAA,EACtB,eAAe,MAAM;AAAA,EACrB,uBAAuB,MAAM;AAAA,EAC7B,UAAU,MAAM;AAAA,EAChB,mBAAmB,MAAM;AAAA,EACzB,gBAAgB,MAAM;AAAA,EACtB,uBAAuB,MAAM;AAAA,EAC7B,qBAAqB,MAAM;AAAA,EAC3B,yBAAyB,MAAM;AAAA,EAC/B,sBAAsB,MAAM;AAAA,EAC5B,uBAAuB,MAAM;AAAA,EAC7B,6BAA6B,MAAM;AAAA,EACnC,2BAA2B,MAAM;AAAA,EACjC,0BAA0B,MAAM;AAAA,EAChC,eAAe,MAAM;AAAA,EACrB,qBAAqB,MAAM;AAAA,EAC3B,YAAY,MAAM;AAAA,EAClB,sBAAsB,MAAM;AAAA,EAC5B,cAAc,MAAM;AAAA,EACpB,WAAW,MAAM;AAAA,EACjB,uBAAuB,MAAM;AAAA,EAC7B,qBAAqB,MAAM;AAAA,EAC3B,eAAe,MAAM;AAAA,EACrB,gBAAgB,MAAM;AAAA,EACtB,eAAe,MAAM;AAAA,EACrB,eAAe,MAAM;AAAA,EACrB,gBAAgB,MAAM;AAAA,EACtB,mBAAmB,MAAM;AAAA,EACzB,eAAe,MAAM;AAAA,EACrB,cAAc,MAAM;AAAA,EACpB,oBAAoB,MAAM;AAAA,EAC1B,sBAAsB,MAAM;AAAA,EAC5B,wBAAwB,MAAM;AAAA,EAC9B,mBAAmB,MAAM;AAAA,EACzB,aAAa,MAAM;AAAA,EACnB,cAAc,MAAM;AAAA,EACpB,MAAM,MAAM;AAAA,EACZ,YAAY,MAAM;AAAA,EAClB,WAAW,MAAM;AAAA,EACjB,SAAS,MAAM;AAAA,EACf,UAAU,MAAM;AAAA,EAChB,WAAW,MAAM;AAAA,EACjB,SAAS,MAAM;AAAA,EACf,SAAS,MAAM;AAAA,EACf,QAAQ,MAAM;AAChB,CAAC;AAGD,IAAI,SAAS,CAAC,OAAO,UAAU,UAAU;AACvC,SAAO,KAAK,UAAU,OAAO,UAAU,KAAK;AAC9C;AACA,SAAS,SAAS,MAAM,SAAS;AAC/B,SAAO,KAAK,MAAM,MAAM,OAAO;AACjC;AAGA,IAAI,eAAe,cAAc,MAAM;AAAA,EACrC,YAAY;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAAG;AACD,UAAM,aAAa,EAAE,SAAS,YAAY,KAAK,CAAC,CAAC;AACjD,WAAO,eAAe,MAAM,WAAW,SAAS;AAChD,QAAI,MAAM,mBAAmB;AAC3B,YAAM,kBAAkB,MAAM,KAAK,WAAW;AAAA,IAChD;AACA,SAAK,OAAO,KAAK,YAAY;AAC7B,SAAK,aAAa;AAClB,SAAK,OAAO;AACZ,SAAK,cAAc;AACnB,QAAI,SAAS,MAAM;AACjB,WAAK,QAAQ;AAAA,IACf;AAAA,EACF;AACF;AACA,SAAS,aAAa;AAAA,EACpB;AAAA,EACA;AAAA,EACA;AACF,GAAG;AACD,QAAM,QAAQ,CAAC;AACf,MAAI,WAAW,MAAM;AACnB,UAAM,KAAK,OAAO;AAAA,EACpB;AACA,MAAI,cAAc,MAAM;AACtB,UAAM,KAAK,gBAAgB,WAAW,SAAS,CAAC,EAAE;AAAA,EACpD;AACA,MAAI,QAAQ,MAAM;AAChB,UAAM,KAAK,SAAS,OAAO,MAAM,QAAQ,CAAC,CAAC,EAAE;AAAA,EAC/C;AACA,SAAO,MAAM,KAAK,IAAI;AACxB;AAGA,IAAI,sBAAsB,cAAc,MAAM;AAAA,EAC5C,YAAY,SAAS,MAAM;AACzB,UAAM,OAAO;AACb,WAAO,eAAe,MAAM,WAAW,SAAS;AAChD,QAAI,MAAM,mBAAmB;AAC3B,YAAM,kBAAkB,MAAM,KAAK,WAAW;AAAA,IAChD;AACA,SAAK,OAAO,KAAK,YAAY;AAC7B,QAAI,MAAM,SAAS,MAAM;AACvB,WAAK,QAAQ,KAAK;AAAA,IACpB;AAAA,EACF;AACF;AAGA,IAAI,kBAAkB,cAAc,aAAa;AAAA,EAC/C,YAAY,MAAM,aAAa;AAC7B,UAAM;AAAA,MACJ,SAAS;AAAA,MACT,YAAY;AAAA,MACZ;AAAA,MACA;AAAA,IACF,CAAC;AACD,WAAO,eAAe,MAAM,WAAW,SAAS;AAChD,QAAI,MAAM,mBAAmB;AAC3B,YAAM,kBAAkB,MAAM,KAAK,WAAW;AAAA,IAChD;AACA,SAAK,OAAO,KAAK,YAAY;AAAA,EAC/B;AACF;AAGA,IAAI,gBAAgB,cAAc,aAAa;AAAA,EAC7C,YAAY,MAAM,aAAa;AAC7B,UAAM;AAAA,MACJ,SAAS;AAAA,MACT,YAAY;AAAA,MACZ;AAAA,MACA;AAAA,IACF,CAAC;AACD,WAAO,eAAe,MAAM,WAAW,SAAS;AAChD,QAAI,MAAM,mBAAmB;AAC3B,YAAM,kBAAkB,MAAM,KAAK,WAAW;AAAA,IAChD;AACA,SAAK,OAAO,KAAK,YAAY;AAAA,EAC/B;AACF;AAGA,IAAI,uBAAuB,cAAc,aAAa;AAAA,EACpD,YAAY,MAAM,aAAa;AAC7B,UAAM;AAAA,MACJ,SAAS;AAAA,MACT,YAAY;AAAA,MACZ;AAAA,MACA;AAAA,IACF,CAAC;AACD,WAAO,eAAe,MAAM,WAAW,SAAS;AAChD,QAAI,MAAM,mBAAmB;AAC3B,YAAM,kBAAkB,MAAM,KAAK,WAAW;AAAA,IAChD;AACA,SAAK,OAAO,KAAK,YAAY;AAAA,EAC/B;AACF;AAGA,IAAI,iBAAiB,cAAc,aAAa;AAAA,EAC9C,YAAY,MAAM,aAAa;AAC7B,UAAM;AAAA,MACJ,SAAS;AAAA,MACT,YAAY;AAAA,MACZ;AAAA,MACA;AAAA,IACF,CAAC;AACD,WAAO,eAAe,MAAM,WAAW,SAAS;AAChD,QAAI,MAAM,mBAAmB;AAC3B,YAAM,kBAAkB,MAAM,KAAK,WAAW;AAAA,IAChD;AACA,SAAK,OAAO,KAAK,YAAY;AAAA,EAC/B;AACF;AAGA,IAAI,sBAAsB,cAAc,aAAa;AAAA,EACnD,YAAY,MAAM,aAAa;AAC7B,UAAM;AAAA,MACJ,SAAS;AAAA,MACT,YAAY;AAAA,MACZ;AAAA,MACA;AAAA,IACF,CAAC;AACD,WAAO,eAAe,MAAM,WAAW,SAAS;AAChD,QAAI,MAAM,mBAAmB;AAC3B,YAAM,kBAAkB,MAAM,KAAK,WAAW;AAAA,IAChD;AACA,SAAK,OAAO,KAAK,YAAY;AAAA,EAC/B;AACF;AAGA,IAAI,gBAAgB,cAAc,aAAa;AAAA,EAC7C,YAAY,MAAM,aAAa;AAC7B,UAAM;AAAA,MACJ,SAAS;AAAA,MACT,YAAY;AAAA,MACZ;AAAA,MACA;AAAA,IACF,CAAC;AACD,WAAO,eAAe,MAAM,WAAW,SAAS;AAChD,QAAI,MAAM,mBAAmB;AAC3B,YAAM,kBAAkB,MAAM,KAAK,WAAW;AAAA,IAChD;AACA,SAAK,OAAO,KAAK,YAAY;AAAA,EAC/B;AACF;AAGA,IAAI,sBAAsB,cAAc,aAAa;AAAA,EACnD,YAAY,MAAM,aAAa;AAC7B,UAAM;AAAA,MACJ,SAAS;AAAA,MACT,YAAY;AAAA,MACZ;AAAA,MACA;AAAA,IACF,CAAC;AACD,WAAO,eAAe,MAAM,WAAW,SAAS;AAChD,QAAI,MAAM,mBAAmB;AAC3B,YAAM,kBAAkB,MAAM,KAAK,WAAW;AAAA,IAChD;AACA,SAAK,OAAO,KAAK,YAAY;AAAA,EAC/B;AACF;AAGA,IAAI,uBAAuB,cAAc,aAAa;AAAA,EACpD,YAAY,MAAM,aAAa;AAC7B,UAAM;AAAA,MACJ,SAAS;AAAA,MACT,YAAY;AAAA,MACZ;AAAA,MACA;AAAA,IACF,CAAC;AACD,WAAO,eAAe,MAAM,WAAW,SAAS;AAChD,QAAI,MAAM,mBAAmB;AAC3B,YAAM,kBAAkB,MAAM,KAAK,WAAW;AAAA,IAChD;AACA,SAAK,OAAO,KAAK,YAAY;AAAA,EAC/B;AACF;AAGA,IAAI,uBAAuB,cAAc,aAAa;AAAA,EACpD,YAAY,MAAM,aAAa;AAC7B,UAAM;AAAA,MACJ,SAAS;AAAA,MACT,YAAY;AAAA,MACZ;AAAA,MACA;AAAA,IACF,CAAC;AACD,WAAO,eAAe,MAAM,WAAW,SAAS;AAChD,QAAI,MAAM,mBAAmB;AAC3B,YAAM,kBAAkB,MAAM,KAAK,WAAW;AAAA,IAChD;AACA,SAAK,OAAO,KAAK,YAAY;AAAA,EAC/B;AACF;AAGA,IAAI,oBAAoB,cAAc,aAAa;AAAA,EACjD,YAAY,MAAM,aAAa;AAC7B,UAAM;AAAA,MACJ,SAAS;AAAA,MACT,YAAY;AAAA,MACZ;AAAA,MACA;AAAA,IACF,CAAC;AACD,WAAO,eAAe,MAAM,WAAW,SAAS;AAChD,QAAI,MAAM,mBAAmB;AAC3B,YAAM,kBAAkB,MAAM,KAAK,WAAW;AAAA,IAChD;AACA,SAAK,OAAO,KAAK,YAAY;AAAA,EAC/B;AACF;AAGA,IAAI,eAAe,CAAC;AAGpB,IAAI;AAAA,CACH,CAAC,oBAAoB;AACpB,kBAAgB,cAAc;AAAA,IAC5B,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,KAAK;AAAA,EACP;AACA,kBAAgB,mBAAmB;AAAA,IACjC,gBAAgB;AAAA,IAChB,OAAO;AAAA,EACT;AACF,GAAG,mBAAmB,iBAAiB,CAAC,EAAE;AAG1C,IAAI;AAAA,CACH,CAAC,mBAAmB;AACnB,iBAAe,QAAQ;AAAA,IACrB,QAAQ;AAAA,IACR,SAAS;AAAA,EACX;AACA,iBAAe,cAAc;AAAA,IAC3B,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,KAAK;AAAA,EACP;AACA,iBAAe,SAAS;AAAA,IACtB,QAAQ;AAAA,EACV;AACF,GAAG,kBAAkB,gBAAgB,CAAC,EAAE;AAGxC,IAAI,qBAAqB,CAAC;AAC1B,SAAS,oBAAoB;AAAA,EAC3B,gBAAgB,MAAM;AAAA,EACtB,eAAe,MAAM;AACvB,CAAC;AAGD,IAAI;AAAA,CACH,CAAC,2BAA2B;AAC3B,yBAAuB,QAAQ;AAAA,IAC7B,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF,GAAG,0BAA0B,wBAAwB,CAAC,EAAE;AAGxD,IAAI;AAAA,CACH,CAAC,uBAAuB;AACvB,qBAAmB,YAAY;AAAA,IAC7B,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,MAAM;AAAA,EACR;AACF,GAAG,sBAAsB,oBAAoB,CAAC,EAAE;AAGhD,IAAI,oBAAoB,CAAC;AACzB,SAAS,mBAAmB;AAAA,EAC1B,uBAAuB,MAAM;AAAA,EAC7B,mBAAmB,MAAM;AAAA,EACzB,6BAA6B,MAAM;AACrC,CAAC;AAGD,IAAI,8BAA8B;AAAA,EAChC,KAAK;AAAA,EACL,MAAM;AACR;AAGA,IAAI,kBAAkB,CAAC;AAGvB,IAAI,mBAAmB,CAAC;AACxB,SAAS,kBAAkB;AAAA,EACzB,yBAAyB,MAAM;AAAA,EAC/B,sBAAsB,MAAM;AAAA,EAC5B,uBAAuB,MAAM;AAC/B,CAAC;AAGD,IAAI,0BAA0B;AAAA,EAC5B,KAAK;AAAA,EACL,MAAM;AACR;AAGA,IAAI,uBAAuB;AAAA,EACzB,KAAK;AAAA,EACL,MAAM;AACR;AAGA,IAAI,wBAAwB;AAAA,EAC1B,KAAK;AAAA,EACL,MAAM;AACR;AAGA,IAAI,oBAAoB,CAAC;AAGzB,IAAI;AAAA,CACH,CAAC,uBAAuB;AACvB,qBAAmB,YAAY;AAAA,IAC7B,cAAc;AAAA,IACd,YAAY;AAAA,EACd;AACF,GAAG,sBAAsB,oBAAoB,CAAC,EAAE;AAGhD,IAAI;AAAA,CACH,CAAC,yBAAyB;AACzB,uBAAqB,QAAQ;AAAA,IAC3B,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF,GAAG,wBAAwB,sBAAsB,CAAC,EAAE;AAGpD,IAAI,kBAAkB,CAAC;AACvB,SAAS,iBAAiB;AAAA,EACxB,mBAAmB,MAAM;AAAA,EACzB,2BAA2B,MAAM;AAAA,EACjC,qBAAqB,MAAM;AAC7B,CAAC;AAGD,IAAI,4BAA4B;AAAA,EAC9B,KAAK;AAAA,EACL,MAAM;AACR;AAGA,IAAI,kBAAkB,CAAC;AAGvB,IAAI;AAAA,CACH,CAAC,mBAAmB;AACnB,iBAAe,OAAO;AAAA,IACpB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,EACR;AACA,iBAAe,WAAW;AAAA,IACxB,IAAI;AAAA,IACJ,KAAK;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,EACX;AACA,MAAI;AACJ,GAAC,CAAC,kBAAkB;AAClB,kBAAc,OAAO;AAAA,MACnB,WAAW;AAAA,MACX,SAAS;AAAA,IACX;AAAA,EACF,GAAG,eAAe,eAAe,iBAAiB,eAAe,eAAe,CAAC,EAAE;AACrF,GAAG,kBAAkB,gBAAgB,CAAC,EAAE;AAGxC,IAAI,iBAAiB,CAAC;AACtB,SAAS,gBAAgB;AAAA,EACvB,eAAe,MAAM;AACvB,CAAC;AAGD,IAAI;AAAA,CACH,CAAC,0BAA0B;AAC1B,wBAAsB,SAAS;AAAA,IAC7B,QAAQ;AAAA,IACR,WAAW;AAAA,EACb;AACF,GAAG,yBAAyB,uBAAuB,CAAC,EAAE;AAGtD,IAAI;AAAA,CACH,CAAC,wBAAwB;AACxB,sBAAoB,SAAS;AAAA,IAC3B,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS;AAAA,EACX;AACF,GAAG,uBAAuB,qBAAqB,CAAC,EAAE;AAGlD,IAAI;AAAA,CACH,CAAC,uBAAuB;AACvB,qBAAmB,SAAS;AAAA,IAC1B,UAAU;AAAA,IACV,UAAU;AAAA,IACV,WAAW;AAAA,EACb;AACF,GAAG,sBAAsB,oBAAoB,CAAC,EAAE;AAGhD,IAAI;AAAA,CACH,CAAC,sBAAsB;AACtB,oBAAkB,SAAS;AAAA,IACzB,SAAS;AAAA,IACT,SAAS;AAAA,IACT,UAAU;AAAA,IACV,SAAS;AAAA,EACX;AACF,GAAG,qBAAqB,mBAAmB,CAAC,EAAE;AAG9C,IAAI;AAAA,CACH,CAAC,iBAAiB;AACjB,eAAa,OAAO;AAAA,IAClB,QAAQ;AAAA,IACR,MAAM;AAAA,IACN,WAAW;AAAA,EACb;AACF,GAAG,gBAAgB,cAAc,CAAC,EAAE;AAGpC,IAAI;AAAA,CACH,CAAC,mBAAmB;AACnB,iBAAe,SAAS;AAAA,IACtB,QAAQ;AAAA,IACR,WAAW;AAAA,EACb;AACF,GAAG,kBAAkB,gBAAgB,CAAC,EAAE;AAGxC,IAAI;AAAA,CACH,CAAC,uBAAuB;AACvB,qBAAmB,QAAQ;AAAA,IACzB,cAAc;AAAA,EAChB;AACF,GAAG,sBAAsB,oBAAoB,CAAC,EAAE;AAGhD,IAAI;AAAA,CACH,CAAC,0BAA0B;AAC1B,wBAAsB,QAAQ;AAAA,IAC5B,iBAAiB;AAAA,EACnB;AACF,GAAG,yBAAyB,uBAAuB,CAAC,EAAE;AAGtD,IAAI;AAAA,CACH,CAAC,qBAAqB;AACrB,mBAAiB,YAAY;AAAA,IAC3B,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,MAAM;AAAA,EACR;AACF,GAAG,oBAAoB,kBAAkB,CAAC,EAAE;AAG5C,IAAI;AAAA,CACH,CAAC,sBAAsB;AACtB,oBAAkB,SAAS;AAAA,IACzB,eAAe;AAAA,IACf,UAAU;AAAA,IACV,YAAY;AAAA,IACZ,cAAc;AAAA,IACd,SAAS;AAAA,IACT,QAAQ;AAAA,IACR,QAAQ;AAAA,EACV;AACA,oBAAkB,YAAY;AAAA,IAC5B,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,MAAM;AAAA,EACR;AACF,GAAG,qBAAqB,mBAAmB,CAAC,EAAE;AAG9C,IAAI;AAAA,CACH,CAAC,eAAe;AACf,aAAW,QAAQ;AAAA,IACjB,MAAM;AAAA,EACR;AACF,GAAG,cAAc,YAAY,CAAC,EAAE;AAGhC,IAAI;AAAA,CACH,CAAC,wBAAwB;AACxB,sBAAoB,mBAAmB;AAAA,IACrC,gBAAgB;AAAA,IAChB,OAAO;AAAA,EACT;AACF,GAAG,uBAAuB,qBAAqB,CAAC,EAAE;AAGlD,IAAI;AAAA,CACH,CAAC,4BAA4B;AAC5B,0BAAwB,SAAS;AAAA,IAC/B,UAAU;AAAA,IACV,YAAY;AAAA,IACZ,WAAW;AAAA,IACX,QAAQ;AAAA,EACV;AACA,0BAAwB,cAAc;AAAA,IACpC,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,KAAK;AAAA,EACP;AACF,GAAG,2BAA2B,yBAAyB,CAAC,EAAE;AAG1D,IAAI;AAAA,CACH,CAAC,gBAAgB;AAChB,cAAY,QAAQ;AAAA,IAClB,OAAO;AAAA,EACT;AACF,GAAG,eAAe,aAAa,CAAC,EAAE;AAGlC,IAAI;AAAA,CACH,CAAC,oBAAoB;AACpB,kBAAgB,SAAS;AAAA,IACvB,QAAQ;AAAA,EACV;AACF,GAAG,mBAAmB,iBAAiB,CAAC,EAAE;AAG1C,IAAI;AAAA,CACH,CAAC,2BAA2B;AAC3B,yBAAuB,SAAS;AAAA,IAC9B,UAAU;AAAA,IACV,YAAY;AAAA,IACZ,WAAW;AAAA,IACX,QAAQ;AAAA,EACV;AACA,yBAAuB,QAAQ;AAAA,IAC7B,QAAQ;AAAA,IACR,SAAS;AAAA,EACX;AACA,yBAAuB,cAAc;AAAA,IACnC,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,KAAK;AAAA,EACP;AACF,GAAG,0BAA0B,wBAAwB,CAAC,EAAE;AAGxD,IAAI;AAAA,CACH,CAAC,cAAc;AACd,YAAU,YAAY;AAAA,IACpB,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,MAAM;AAAA,IACN,MAAM;AAAA,IACN,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,WAAW;AAAA,EACb;AACA,YAAU,gBAAgB;AAAA,IACxB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,KAAK;AAAA,IACL,QAAQ;AAAA,EACV;AACF,GAAG,aAAa,WAAW,CAAC,EAAE;AAG9B,IAAI;AAAA,CACH,CAAC,2BAA2B;AAC3B,yBAAuB,QAAQ;AAAA,IAC7B,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF,GAAG,0BAA0B,wBAAwB,CAAC,EAAE;AAGxD,IAAI;AAAA,CACH,CAAC,8BAA8B;AAC9B,4BAA0B,aAAa;AAAA,IACrC,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,EACV;AACF,GAAG,6BAA6B,2BAA2B,CAAC,EAAE;AAG9D,IAAI;AAAA,CACH,CAAC,gBAAgB;AAChB,cAAY,SAAS;AAAA,IACnB,QAAQ;AAAA,IACR,WAAW;AAAA,EACb;AACF,GAAG,eAAe,aAAa,CAAC,EAAE;AAGlC,IAAI;AAAA,CACH,CAAC,kBAAkB;AAClB,gBAAc,cAAc;AAAA,IAC1B,SAAS;AAAA,IACT,YAAY;AAAA,EACd;AACA,gBAAc,gBAAgB;AAAA,IAC5B,SAAS;AAAA,IACT,WAAW;AAAA,IACX,OAAO;AAAA,EACT;AACF,GAAG,iBAAiB,eAAe,CAAC,EAAE;AAGtC,IAAI;AAAA,CACH,CAAC,eAAe;AACf,aAAW,OAAO;AAAA,IAChB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,EACR;AACA,MAAI;AACJ,GAAC,CAAC,kBAAkB;AAClB,kBAAc,OAAO;AAAA,MACnB,WAAW;AAAA,MACX,SAAS;AAAA,IACX;AAAA,EACF,GAAG,eAAe,WAAW,iBAAiB,WAAW,eAAe,CAAC,EAAE;AAC7E,GAAG,cAAc,YAAY,CAAC,EAAE;AAGhC,IAAI;AAAA,CACH,CAAC,2BAA2B;AAC3B,yBAAuB,cAAc;AAAA,IACnC,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,KAAK;AAAA,EACP;AACA,yBAAuB,SAAS;AAAA,IAC9B,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,KAAK;AAAA,EACP;AACF,GAAG,0BAA0B,wBAAwB,CAAC,EAAE;AAGxD,IAAI;AAAA,CACH,CAAC,mBAAmB;AACnB,iBAAe,YAAY;AAAA,IACzB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,MAAM;AAAA,EACR;AACF,GAAG,kBAAkB,gBAAgB,CAAC,EAAE;AAGxC,IAAI;AAAA,CACH,CAAC,oBAAoB;AACpB,kBAAgB,cAAc;AAAA,IAC5B,cAAc;AAAA,IACd,SAAS;AAAA,IACT,QAAQ;AAAA,EACV;AACA,kBAAgB,YAAY;AAAA,IAC1B,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,MAAM;AAAA,EACR;AACF,GAAG,mBAAmB,iBAAiB,CAAC,EAAE;AAG1C,IAAI;AAAA,CACH,CAAC,mBAAmB;AACnB,iBAAe,SAAS;AAAA,IACtB,MAAM;AAAA,IACN,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AACF,GAAG,kBAAkB,gBAAgB,CAAC,EAAE;AAGxC,IAAI;AAAA,CACH,CAAC,mBAAmB;AACnB,iBAAe,YAAY;AAAA,IACzB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,MAAM;AAAA,EACR;AACA,iBAAe,iBAAiB;AAAA,IAC9B,UAAU;AAAA,IACV,YAAY;AAAA,IACZ,cAAc;AAAA,EAChB;AACA,MAAI;AACJ,GAAC,CAAC,qBAAqB;AACrB,qBAAiB,OAAO;AAAA,MACtB,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,MAAM;AAAA,MACN,KAAK;AAAA,MACL,QAAQ;AAAA,IACV;AAAA,EACF,GAAG,kBAAkB,eAAe,oBAAoB,eAAe,kBAAkB,CAAC,EAAE;AAC9F,GAAG,kBAAkB,gBAAgB,CAAC,EAAE;AAGxC,IAAI;AAAA,CACH,CAAC,oBAAoB;AACpB,kBAAgB,iBAAiB;AAAA,IAC/B,UAAU;AAAA,IACV,YAAY;AAAA,IACZ,cAAc;AAAA,EAChB;AACA,kBAAgB,YAAY;AAAA,IAC1B,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,MAAM;AAAA,EACR;AACA,MAAI;AACJ,GAAC,CAAC,qBAAqB;AACrB,qBAAiB,OAAO;AAAA,MACtB,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,MAAM;AAAA,MACN,KAAK;AAAA,MACL,QAAQ;AAAA,IACV;AAAA,EACF,GAAG,kBAAkB,gBAAgB,oBAAoB,gBAAgB,kBAAkB,CAAC,EAAE;AAChG,GAAG,mBAAmB,iBAAiB,CAAC,EAAE;AAG1C,IAAI;AAAA,CACH,CAAC,uBAAuB;AACvB,qBAAmB,WAAW;AAAA,IAC5B,OAAO;AAAA,IACP,SAAS;AAAA,EACX;AACA,qBAAmB,SAAS;AAAA,IAC1B,QAAQ;AAAA,IACR,SAAS;AAAA,EACX;AACA,qBAAmB,UAAU;AAAA,IAC3B,QAAQ;AAAA,EACV;AACF,GAAG,sBAAsB,oBAAoB,CAAC,EAAE;AAGhD,IAAI;AAAA,CACH,CAAC,kBAAkB;AAClB,gBAAc,aAAa;AAAA,IACzB,iBAAiB;AAAA,IACjB,eAAe;AAAA,EACjB;AACF,GAAG,iBAAiB,eAAe,CAAC,EAAE;AAGtC,IAAI;AAAA,CACH,CAAC,wBAAwB;AACxB,sBAAoB,QAAQ;AAAA,IAC1B,eAAe;AAAA,EACjB;AACF,GAAG,uBAAuB,qBAAqB,CAAC,EAAE;AAGlD,IAAI;AAAA,CACH,CAAC,4BAA4B;AAC5B,0BAAwB,QAAQ;AAAA,IAC9B,mBAAmB;AAAA,EACrB;AACA,0BAAwB,SAAS;AAAA,IAC/B,qBAAqB;AAAA,EACvB;AACF,GAAG,2BAA2B,yBAAyB,CAAC,EAAE;AAG1D,IAAI;AAAA,CACH,CAAC,iBAAiB;AACjB,eAAa,SAAS;AAAA,IACpB,QAAQ;AAAA,IACR,WAAW;AAAA,IACX,SAAS;AAAA,EACX;AACA,eAAa,OAAO;AAAA,IAClB,OAAO;AAAA,IACP,SAAS;AAAA,EACX;AACF,GAAG,gBAAgB,cAAc,CAAC,EAAE;AAGpC,IAAI;AAAA,CACH,CAAC,kBAAkB;AAClB,gBAAc,SAAS;AAAA,IACrB,QAAQ;AAAA,IACR,WAAW;AAAA,IACX,SAAS;AAAA,EACX;AACA,gBAAc,OAAO;AAAA,IACnB,OAAO;AAAA,IACP,SAAS;AAAA,EACX;AACF,GAAG,iBAAiB,eAAe,CAAC,EAAE;AAGtC,SAAS,eAAe,OAAO;AAC7B,SAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,oBAAoB,SAAS,OAAO,MAAM,mBAAmB;AACrH;AAGA,IAAI,mBAAmB,MAAM;AAAA,EAC3B,iBAAiB;AACf,WAAO,QAAQ,QAAQ,EAAE,SAAS,CAAC,EAAE,CAAC;AAAA,EACxC;AACF;AAGA,IAAI,mBAAmB;AAAA,EACrB,KAAK,OAAO,UAAU,QAAQ;AAC5B,QAAI,OAAO,aAAa,YAAY;AAClC,aAAO,SAAS,GAAG;AAAA,IACrB,OAAO;AACL,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAGA,IAAI,WAAW;AAAA,EACb,OAAO;AAAA,EACP,MAAM;AAAA,EACN,MAAM;AAAA,EACN,OAAO;AACT;AACA,IAAI,cAAc;AAAA,EAChB,CAAC,SAAS,KAAK,GAAG;AAAA,EAClB,CAAC,SAAS,IAAI,GAAG;AAAA,EACjB,CAAC,SAAS,IAAI,GAAG;AAAA,EACjB,CAAC,SAAS,KAAK,GAAG;AACpB;AACA,IAAI,gBAAgB,MAAM;AAAA,EACxB,MAAM,YAAY,MAAM;AACtB,YAAQ,MAAM,SAAS,GAAG,IAAI;AAAA,EAChC;AAAA,EACA,KAAK,YAAY,MAAM;AACrB,YAAQ,KAAK,SAAS,GAAG,IAAI;AAAA,EAC/B;AAAA,EACA,KAAK,YAAY,MAAM;AACrB,YAAQ,KAAK,SAAS,GAAG,IAAI;AAAA,EAC/B;AAAA,EACA,MAAM,YAAY,MAAM;AACtB,YAAQ,MAAM,SAAS,GAAG,IAAI;AAAA,EAChC;AACF;AACA,IAAI,SAAS,MAAM;AAAA;AAAA;AAAA;AAAA;AAAA,EAKjB,YAAY,QAAQ;AAClB,SAAK,QAAQ,YAAY,OAAO,KAAK;AACrC,SAAK,SAAS,OAAO;AACrB,SAAK,SAAS,OAAO;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,UAAU,OAAO;AACf,WAAO,CAAC,KAAK,UAAU,KAAK,SAAS,YAAY,KAAK;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,UAAU;AACR,WAAO,KAAK,UAAU,SAAS,KAAK;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,YAAY,MAAM;AACtB,QAAI,KAAK,QAAQ,GAAG;AAClB,WAAK,OAAO,MAAM,SAAS,GAAG,IAAI;AAAA,IACpC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,SAAS;AACP,WAAO,KAAK,UAAU,SAAS,IAAI;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KAAK,YAAY,MAAM;AACrB,QAAI,KAAK,OAAO,GAAG;AACjB,WAAK,OAAO,KAAK,SAAS,GAAG,IAAI;AAAA,IACnC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,SAAS;AACP,WAAO,KAAK,UAAU,SAAS,IAAI;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KAAK,YAAY,MAAM;AACrB,QAAI,KAAK,OAAO,GAAG;AACjB,WAAK,OAAO,KAAK,SAAS,GAAG,IAAI;AAAA,IACnC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,UAAU;AACR,WAAO,KAAK,UAAU,SAAS,KAAK;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,YAAY,MAAM;AACtB,QAAI,KAAK,QAAQ,GAAG;AAClB,WAAK,OAAO,MAAM,SAAS,GAAG,IAAI;AAAA,IACpC;AAAA,EACF;AACF;AACA,SAAS,aAAa,QAAQ;AAC5B,MAAI,UAAU,MAAM;AAClB,WAAO;AAAA,EACT;AACA,MAAI,kBAAkB,QAAQ;AAC5B,WAAO;AAAA,EACT;AACA,WAAS,UAAU,CAAC;AACpB,SAAO,UAAU,OAAO,QAAQ,SAAS;AACzC,SAAO,WAAW,OAAO,SAAS,IAAI,cAAc;AACpD,SAAO,WAAW,OAAO,SAAS;AAClC,SAAO,IAAI,OAAO,MAAM;AAC1B;AACA,IAAI,gBAAgB,IAAI,OAAO;AAAA,EAC7B,OAAO,SAAS;AAAA,EAChB,QAAQ,IAAI,cAAc;AAAA,EAC1B,QAAQ;AACV,CAAC;AAGD,IAAI,mBAAmB;AAAA,EACrB,aAAa;AAAA,EACb,QAAQ;AACV;AACA,SAAS,YAAY,OAAO,cAAc;AACxC,MAAI,UAAU,QAAQ;AACpB,WAAO;AAAA,EACT;AACA,MAAI,UAAU,MAAM;AAClB,WAAO;AAAA,EACT;AACA,QAAM,cAAc,OAAO,KAAK;AAChC,SAAO,eAAe,mBAAmB,WAAW,IAAI;AAC1D;AACA,SAAS,gBAAgB,KAAK,SAAS,IAAI,SAAS;AAClD,QAAM,QAAQ,CAAC;AACf,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,GAAG,GAAG;AAC9C,UAAM,UAAU,SAAS,GAAG,MAAM,IAAI,GAAG,MAAM;AAC/C,QAAI,UAAU,QAAQ;AACpB;AAAA,IACF;AACA,QAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,UAAI,MAAM,WAAW,GAAG;AACtB;AAAA,MACF;AACA,YAAM,kBAAkB,QAAQ;AAChC,UAAI,oBAAoB,SAAS;AAC/B,cAAM,aAAa,QAAQ,SAAS,mBAAmB,OAAO,IAAI;AAClE,cAAM,gBAAgB,MAAM,OAAO,CAAC,SAAS,SAAS,UAAU,SAAS,IAAI,EAAE,IAAI,CAAC,SAAS,YAAY,MAAM,QAAQ,MAAM,CAAC;AAC9H,YAAI,cAAc,SAAS,GAAG;AAC5B,gBAAM,KAAK,GAAG,UAAU,IAAI,cAAc,KAAK,GAAG,CAAC,EAAE;AAAA,QACvD;AAAA,MACF,OAAO;AACL,iBAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,gBAAM,OAAO,MAAM,CAAC;AACpB,cAAI,SAAS,QAAQ;AACnB;AAAA,UACF;AACA,cAAI,OAAO,SAAS,YAAY,CAAC,MAAM,QAAQ,IAAI,KAAK,SAAS,MAAM;AACrE,kBAAM,WAAW,oBAAoB,YAAY,GAAG,OAAO,IAAI,CAAC,MAAM;AACtE,kBAAM,KAAK,GAAG,gBAAgB,MAAM,UAAU,OAAO,CAAC;AAAA,UACxD,OAAO;AACL,kBAAM,WAAW,oBAAoB,YAAY,GAAG,OAAO,IAAI,CAAC,MAAM;AACtE,kBAAM,aAAa,QAAQ,SAAS,mBAAmB,QAAQ,IAAI;AACnE,kBAAM,KAAK,GAAG,UAAU,IAAI,YAAY,MAAM,QAAQ,MAAM,CAAC,EAAE;AAAA,UACjE;AAAA,QACF;AAAA,MACF;AAAA,IACF,WAAW,OAAO,UAAU,YAAY,UAAU,MAAM;AACtD,UAAI,OAAO,KAAK,KAAK,EAAE,WAAW,GAAG;AACnC;AAAA,MACF;AACA,YAAM,KAAK,GAAG,gBAAgB,OAAO,SAAS,OAAO,CAAC;AAAA,IACxD,OAAO;AACL,YAAM,aAAa,QAAQ,SAAS,mBAAmB,OAAO,IAAI;AAClE,YAAM,KAAK,GAAG,UAAU,IAAI,YAAY,OAAO,QAAQ,MAAM,CAAC,EAAE;AAAA,IAClE;AAAA,EACF;AACA,SAAO;AACT;AACA,SAAS,cAAc,KAAK,SAAS;AACnC,MAAI,OAAO,QAAQ,OAAO,QAAQ,UAAU;AAC1C,WAAO;AAAA,EACT;AACA,QAAM,QAAQ,gBAAgB,KAAK,IAAI;AAAA,IACrC,GAAG;AAAA,IACH,GAAG;AAAA,EACL,CAAC;AACD,SAAO,MAAM,KAAK,GAAG;AACvB;AAGA,SAAS,iBAAiB,SAAS,iBAAiB;AAClD,QAAM,cAAc,cAAc,iBAAiB,EAAE,aAAa,SAAS,CAAC;AAC5E,SAAO,cAAc,GAAG,OAAO,IAAI,WAAW,KAAK;AACrD;AAGA,SAAS,kBAAkB,UAAU;AACnC,QAAM,iBAAiB;AAAA,IACrB,IAAI,WAAW;AACb,aAAO,SAAS;AAAA,IAClB;AAAA,IACA,QAAQ,MAAM,SAAS;AAAA,IACvB,aAAa,SAAS,YAAY,KAAK,QAAQ;AAAA,IAC/C,MAAM,SAAS,KAAK,KAAK,QAAQ;AAAA,EACnC;AACA,MAAI,WAAW,YAAY,OAAO,SAAS,UAAU,YAAY;AAC/D,mBAAe,QAAQ,SAAS,MAAM,KAAK,QAAQ;AAAA,EACrD;AACA,SAAO;AACT;AAGA,eAAe,gBAAgB,UAAU,cAAc;AACrD,UAAQ,cAAc;AAAA,IACpB,KAAK;AACH,aAAO,kBAAkB,QAAQ;AAAA,IACnC,KAAK;AACH,aAAO,MAAM,SAAS,KAAK;AAAA,IAC7B,KAAK;AACH,aAAO,MAAM,SAAS,YAAY;AAAA,IACpC,KAAK;AACH,UAAI,SAAS,QAAQ,MAAM;AACzB,eAAO;AAAA,UACL,IAAI;AAAA,UACJ,OAAO;AAAA,YACL,QAAQ;AAAA,YACR,YAAY,SAAS;AAAA,UACvB;AAAA,QACF;AAAA,MACF;AACA,aAAO,SAAS;AAAA,IAClB,KAAK;AACH,UAAI,SAAS,QAAQ,MAAM;AACzB,eAAO;AAAA,UACL,IAAI;AAAA,UACJ,OAAO;AAAA,YACL,QAAQ;AAAA,YACR,YAAY,SAAS;AAAA,UACvB;AAAA,QACF;AAAA,MACF;AACA,aAAO,SAAS;AAAA,IAClB,KAAK;AACH,aAAO,MAAM,SAAS,KAAK;AAAA,EAC/B;AACA,QAAM,OAAO,MAAM,SAAS,KAAK;AACjC,MAAI,KAAK,SAAS,GAAG;AACnB,QAAI;AACF,YAAM,eAAe,SAAS,IAAI;AAClC,aAAO;AAAA,IACT,SAAS,MAAM;AACb,aAAO;AAAA,QACL,IAAI;AAAA,QACJ,OAAO;AAAA,UACL,QAAQ;AAAA,UACR,YAAY,SAAS;AAAA,UACrB,SAAS;AAAA,QACX;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAGA,eAAe,qBAAqB,UAAU;AAC5C,MAAI,cAAc,SAAS,QAAQ,IAAI,cAAc,GAAG,YAAY;AACpE,MAAI,eAAe,QAAQ,YAAY,WAAW,GAAG;AACnD,WAAO,gBAAgB,QAAQ;AAAA,EACjC;AACA,MAAI,YAAY,QAAQ,GAAG,MAAM,IAAI;AACnC,kBAAc,YAAY,MAAM,GAAG,EAAE,CAAC,GAAG,KAAK,KAAK;AAAA,EACrD;AACA,UAAQ,aAAa;AAAA,IACnB,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK,aAAa;AAChB,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,aAAO,KAAK,SAAS,IAAI,SAAS,IAAI,IAAI;AAAA,IAC5C;AAAA,IACA;AACE,UAAI,YAAY,WAAW,kBAAkB,KAAK,YAAY,SAAS,OAAO,GAAG;AAC/E,cAAM,OAAO,MAAM,SAAS,KAAK;AACjC,eAAO,KAAK,SAAS,IAAI,SAAS,IAAI,IAAI;AAAA,MAC5C;AACA,aAAO,MAAM,SAAS,KAAK;AAAA,EAC/B;AACF;AAGA,eAAe,aAAa;AAC1B,SAAO;AACT;AAGA,eAAe,eAAe,EAAE,MAAM,KAAK,GAAG;AAC5C,MAAI,SAAS,QAAQ;AACnB,WAAO,cAAc,MAAM,EAAE,aAAa,UAAU,QAAQ,KAAK,CAAC;AAAA,EACpE;AACA,MAAI,KAAK,SAAS,MAAM,GAAG;AACzB,WAAO,OAAO,IAAI;AAAA,EACpB,OAAO;AACL,WAAO;AAAA,EACT;AACF;AAGA,IAAI;AACJ,IAAI,OAAO,WAAW,YAAY,aAAa;AAC7C,aAAW,WAAW;AACxB,OAAO;AACL,aAAW,MAAM,SAAS;AAAA,IACxB,YAAY,MAAM;AAChB,WAAK,UAA0B,oBAAI,IAAI;AACvC,UAAI,MAAM;AACR,YAAI,gBAAgB,UAAU;AAC5B,eAAK,QAAQ,CAAC,OAAO,QAAQ,KAAK,OAAO,KAAK,KAAK,CAAC;AAAA,QACtD,WAAW,MAAM,QAAQ,IAAI,GAAG;AAC9B,qBAAW,CAAC,KAAK,KAAK,KAAK,MAAM;AAC/B,gBAAI,OAAO,QAAQ,YAAY,OAAO,UAAU,UAAU;AACxD,mBAAK,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO;AACL,oBAAM,IAAI,UAAU,oDAAoD;AAAA,YAC1E;AAAA,UACF;AAAA,QACF,OAAO;AACL,qBAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,IAAI,GAAG;AAC/C,gBAAI,OAAO,UAAU,UAAU;AAC7B,mBAAK,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO;AACL,oBAAM,IAAI,UAAU,+BAA+B;AAAA,YACrD;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,OAAO,MAAM,OAAO;AAClB,YAAM,MAAM,KAAK,YAAY;AAC7B,YAAM,WAAW,KAAK,QAAQ,IAAI,GAAG,KAAK,CAAC;AAC3C,WAAK,QAAQ,IAAI,KAAK,CAAC,GAAG,UAAU,KAAK,CAAC;AAAA,IAC5C;AAAA,IACA,OAAO,MAAM;AACX,YAAM,MAAM,KAAK,YAAY;AAC7B,WAAK,QAAQ,OAAO,GAAG;AAAA,IACzB;AAAA,IACA,IAAI,MAAM;AACR,YAAM,MAAM,KAAK,YAAY;AAC7B,YAAM,SAAS,KAAK,QAAQ,IAAI,GAAG;AACnC,aAAO,SAAS,OAAO,KAAK,IAAI,IAAI;AAAA,IACtC;AAAA,IACA,IAAI,MAAM;AACR,YAAM,MAAM,KAAK,YAAY;AAC7B,aAAO,KAAK,QAAQ,IAAI,GAAG;AAAA,IAC7B;AAAA,IACA,IAAI,MAAM,OAAO;AACf,YAAM,MAAM,KAAK,YAAY;AAC7B,WAAK,QAAQ,IAAI,KAAK,CAAC,KAAK,CAAC;AAAA,IAC/B;AAAA,IACA,QAAQ,YAAY,SAAS;AAC3B,YAAM,gBAAgB,UAAU,WAAW,KAAK,OAAO,IAAI;AAC3D,WAAK,QAAQ,QAAQ,CAAC,QAAQ,QAAQ,cAAc,OAAO,KAAK,IAAI,GAAG,KAAK,IAAI,CAAC;AAAA,IACnF;AAAA,IACA,eAAe;AACb,aAAO,KAAK,QAAQ,IAAI,YAAY,KAAK,CAAC;AAAA,IAC5C;AAAA,IACA,CAAC,UAAU;AACT,iBAAW,CAAC,KAAK,MAAM,KAAK,KAAK,QAAQ,QAAQ,GAAG;AAClD,cAAM,CAAC,KAAK,OAAO,KAAK,IAAI,CAAC;AAAA,MAC/B;AAAA,IACF;AAAA,IACA,CAAC,OAAO;AACN,aAAO,KAAK,QAAQ,KAAK;AAAA,IAC3B;AAAA,IACA,CAAC,SAAS;AACR,iBAAW,UAAU,KAAK,QAAQ,OAAO,GAAG;AAC1C,cAAM,OAAO,KAAK,IAAI;AAAA,MACxB;AAAA,IACF;AAAA,IACA,CAAC,OAAO,QAAQ,IAAI;AAClB,aAAO,KAAK,QAAQ;AAAA,IACtB;AAAA,EACF;AACF;AAGA,IAAI,UAAU;AACd,SAAS,iBAAiB,WAAW;AACnC,QAAM,aAAa,IAAI,gBAAgB;AACvC,QAAM,UAAU,WAAW,MAAM,WAAW,MAAM,OAAO,GAAG,SAAS;AACrE,SAAO,EAAE,QAAQ,WAAW,QAAQ,QAAQ;AAC9C;AACA,SAAS,aAAa,MAAM;AAC1B,QAAM,UAAU,KAAK,WAAW,KAAK,MAAM,QAAQ,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,IAAI;AACxE,QAAM,aAAa,IAAI,gBAAgB;AACvC,aAAW,UAAU,SAAS;AAC5B,QAAI,OAAO,SAAS;AAClB,iBAAW,MAAM,QAAQ,MAAM;AAC/B;AAAA,IACF;AACA,WAAO,iBAAiB,SAAS,MAAM,WAAW,MAAM,QAAQ,MAAM,GAAG;AAAA,MACvE,QAAQ,WAAW;AAAA,IACrB,CAAC;AAAA,EACH;AACA,SAAO,WAAW;AACpB;AAGA,IAAI;AACJ,SAAS,0BAA0B;AACjC,MAAI,0BAA0B,MAAM;AAClC,WAAO;AAAA,EACT;AACA,MAAI;AACF,QAAI,QAAQ,oBAAoB,EAAE,OAAO,WAAW,CAAC;AACrD,6BAAyB;AAAA,EAC3B,QAAQ;AACN,6BAAyB;AAAA,EAC3B;AACA,SAAO;AACT;AACA,IAAI,cAAc,OAAO,SAAS,KAAK,QAAQ,SAAS,aAAa,WAAW,aAAa,iBAAiB,QAAQ,iBAAiB;AACrI,QAAM,UAAU,CAAC;AACjB,MAAI;AACJ,MAAI,aAAa,MAAM;AACrB,UAAM,EAAE,QAAQ,QAAQ,IAAI,iBAAiB,SAAS;AACtD,qBAAiB;AACjB,YAAQ,KAAK,MAAM;AAAA,EACrB;AACA,MAAI,eAAe,MAAM;AACvB,YAAQ,KAAK,WAAW;AAAA,EAC1B;AACA,QAAM,aAAa,UAAU,OAAO;AACpC,QAAM,WAAW,MAAM,QAAQ,KAAK;AAAA,IAClC;AAAA,IACA;AAAA,IACA,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,aAAa,kBAAkB,YAAY;AAAA;AAAA,IAE3C;AAAA,IACA,GAAG,gBAAgB,wBAAwB,IAAI,EAAE,OAAO,WAAW,IAAI,CAAC;AAAA,EAC1E,CAAC;AACD,MAAI,kBAAkB,MAAM;AAC1B,iBAAa,cAAc;AAAA,EAC7B;AACA,SAAO;AACT;AAGA,IAAI,mBAAmB;AAAA,EACrB,SAAS,IAAI,SAAS;AAAA,EACtB,YAAY;AAAA,EACZ,QAAQ;AAAA,EACR,YAAY;AAAA,EACZ,MAAM;AAAA,EACN,KAAK;AACP;AACA,IAAI,qBAAqB;AAAA,EACvB,SAAS,IAAI,SAAS;AAAA,EACtB,YAAY;AAAA,EACZ,QAAQ;AAAA,EACR,YAAY;AAAA,EACZ,MAAM;AAAA,EACN,KAAK;AACP;AACA,SAAS,cAAc,UAAU;AAC/B,SAAO;AAAA,IACL,SAAS,SAAS;AAAA,IAClB,YAAY,SAAS;AAAA,IACrB,QAAQ,SAAS;AAAA,IACjB,YAAY,SAAS;AAAA,IACrB,MAAM,SAAS;AAAA,IACf,KAAK,SAAS;AAAA,EAChB;AACF;AAGA,IAAI,sBAAsB;AAC1B,IAAI,kBAAkB;AACtB,IAAI,sBAAsB;AAC1B,IAAI,gBAAgB;AACpB,SAAS,sBAAsB,YAAY;AACzC,SAAO,CAAC,KAAK,GAAG,EAAE,SAAS,UAAU,KAAK,cAAc;AAC1D;AACA,SAAS,kBAAkB,OAAO;AAChC,QAAM,mBAAmB,IAAI,KAAK,OAAO,IAAI;AAC7C,SAAO,QAAQ;AACjB;AACA,SAAS,mBAAmB,OAAO;AACjC,QAAM,mBAAmB,KAAK,KAAK,OAAO,IAAI,OAAO;AACrD,SAAO,QAAQ;AACjB;AACA,SAAS,yBAAyB,UAAU,cAAc;AACxD,QAAM,aAAa,SAAS,QAAQ,IAAI,aAAa;AACrD,MAAI,YAAY;AACd,UAAM,oBAAoB,SAAS,YAAY,EAAE;AACjD,QAAI,CAAC,OAAO,MAAM,iBAAiB,KAAK,oBAAoB,GAAG;AAC7D,aAAO,KAAK,IAAI,oBAAoB,KAAK,eAAe;AAAA,IAC1D;AACA,UAAM,iBAAiB,IAAI,KAAK,UAAU;AAC1C,QAAI,CAAC,OAAO,MAAM,eAAe,QAAQ,CAAC,GAAG;AAC3C,YAAM,QAAQ,eAAe,QAAQ,IAAI,KAAK,IAAI;AAClD,UAAI,QAAQ,GAAG;AACb,eAAO,KAAK,IAAI,KAAK,IAAI,OAAO,CAAC,GAAG,eAAe;AAAA,MACrD;AAAA,IACF;AAAA,EACF;AACA,QAAM,iBAAiB,SAAS,QAAQ,IAAI,mBAAmB;AAC/D,MAAI,gBAAgB;AAClB,UAAM,YAAY,SAAS,gBAAgB,EAAE;AAC7C,QAAI,CAAC,OAAO,MAAM,SAAS,GAAG;AAC5B,YAAM,QAAQ,YAAY,MAAM,KAAK,IAAI;AACzC,UAAI,QAAQ,GAAG;AACb,eAAO,kBAAkB,KAAK,IAAI,OAAO,eAAe,CAAC;AAAA,MAC3D;AAAA,IACF;AAAA,EACF;AACA,SAAO,mBAAmB,KAAK,IAAI,sBAAsB,KAAK,cAAc,eAAe,CAAC;AAC9F;AACA,eAAe,mBAAmB,WAAW,aAAa,qBAAqB;AAC7E,MAAI,WAAW,MAAM,UAAU;AAC/B,WAAS,IAAI,GAAG,IAAI,YAAY,EAAE,GAAG;AACnC,QAAI,sBAAsB,SAAS,MAAM,GAAG;AAC1C,YAAM,QAAQ,yBAAyB,UAAU,CAAC;AAClD,YAAM,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,KAAK,CAAC;AACzD,iBAAW,MAAM,UAAU;AAAA,IAC7B,OAAO;AACL;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAGA,IAAI,oBAAoC,oBAAI,IAAI;AAAA,EAC9C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AACD,SAAS,cAAc,SAAS;AAC9B,QAAM,WAAW,CAAC;AAClB,aAAW,CAAC,KAAK,KAAK,KAAK,mBAAmB,WAAW,QAAQ,QAAQ,IAAI,OAAO,QAAQ,OAAO,GAAG;AACpG,QAAI,kBAAkB,IAAI,IAAI,YAAY,CAAC,GAAG;AAC5C,eAAS,GAAG,IAAI;AAAA,IAClB,OAAO;AACL,eAAS,GAAG,IAAI;AAAA,IAClB;AAAA,EACF;AACA,SAAO;AACT;AACA,IAAI,yBAAyC,oBAAI,IAAI;AAAA,EACnD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AACD,SAAS,sBAAsB,iBAAiB;AAC9C,MAAI,mBAAmB,MAAM;AAC3B,WAAO;AAAA,EACT;AACA,QAAM,WAAW,CAAC;AAClB,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,eAAe,GAAG;AAC1D,aAAS,GAAG,IAAI,uBAAuB,IAAI,IAAI,YAAY,CAAC,IAAI,eAAe;AAAA,EACjF;AACA,SAAO;AACT;AACA,SAAS,UAAU,KAAK;AACtB,QAAM,gBAAgB,IAAI,QAAQ,KAAK;AACvC,MAAI,kBAAkB,GAAI,QAAO;AACjC,QAAM,gBAAgB,gBAAgB;AACtC,QAAM,YAAY,IAAI,QAAQ,KAAK,aAAa;AAChD,MAAI,aAAa,IAAI,QAAQ,KAAK,aAAa;AAC/C,MAAI,gBAAgB,IAAI,QAAQ,KAAK,aAAa;AAClD,QAAM,iBAAiB,KAAK;AAAA,IAC1B,cAAc,KAAK,IAAI,SAAS;AAAA,IAChC,eAAe,KAAK,IAAI,SAAS;AAAA,IACjC,kBAAkB,KAAK,IAAI,SAAS;AAAA,EACtC;AACA,MAAI,UAAU;AACd,WAAS,IAAI,eAAe,IAAI,gBAAgB,KAAK;AACnD,QAAI,IAAI,CAAC,MAAM,KAAK;AAClB,gBAAU;AAAA,IACZ;AAAA,EACF;AACA,MAAI,YAAY,IAAI;AAClB,UAAM,GAAG,IAAI,MAAM,GAAG,aAAa,CAAC,cAAc,IAAI,MAAM,UAAU,CAAC,CAAC;AAAA,EAC1E;AACA,eAAa,IAAI,QAAQ,GAAG;AAC5B,MAAI,eAAe,GAAI,QAAO;AAC9B,kBAAgB,IAAI,QAAQ,KAAK,UAAU;AAC3C,QAAM,WAAW,kBAAkB,KAAK,gBAAgB,IAAI;AAC5D,QAAM,cAAc,IAAI,MAAM,aAAa,GAAG,QAAQ;AACtD,MAAI,YAAY,WAAW,EAAG,QAAO;AACrC,QAAM,QAAQ,YAAY,YAAY;AACtC,QAAM,eAAe,MAAM,SAAS,OAAO,KAAK,MAAM,SAAS,KAAK,KAAK,MAAM,SAAS,UAAU,KAAK,MAAM,SAAS,QAAQ,KAAK,MAAM,SAAS,QAAQ,KAAK,MAAM,SAAS,SAAS,KAAK,MAAM,SAAS,MAAM;AACjN,MAAI,CAAC,cAAc;AACjB,WAAO;AAAA,EACT;AACA,QAAM,iBAAiB,CAAC;AACxB,QAAM,SAAS,YAAY,MAAM,GAAG;AACpC,aAAW,SAAS,QAAQ;AAC1B,UAAM,aAAa,MAAM,QAAQ,GAAG;AACpC,QAAI,eAAe,IAAI;AACrB,qBAAe,KAAK,KAAK;AACzB;AAAA,IACF;AACA,UAAM,MAAM,MAAM,MAAM,GAAG,UAAU;AACrC,QAAI,eAAe,uBAAuB,IAAI,IAAI,YAAY,CAAC;AAC/D,QAAI,CAAC,gBAAgB,IAAI,SAAS,GAAG,GAAG;AACtC,UAAI;AACF,cAAM,aAAa,mBAAmB,GAAG;AACzC,uBAAe,uBAAuB,IAAI,WAAW,YAAY,CAAC;AAAA,MACpE,QAAQ;AAAA,MACR;AAAA,IACF;AACA,mBAAe,KAAK,eAAe,GAAG,GAAG,gBAAgB,KAAK;AAAA,EAChE;AACA,SAAO,IAAI,MAAM,GAAG,aAAa,CAAC,IAAI,eAAe,KAAK,GAAG,IAAI,IAAI,MAAM,QAAQ;AACrF;AACA,eAAe,WAAW,MAAM;AAC9B,QAAM,aAAa,IAAI,SAAS;AAChC,aAAW;AAAA,IACT;AAAA,IACA,KAAK,iBAAiB,SAAS,qBAAqB,KAAK,iBAAiB,SAAS,eAAe,KAAK,iBAAiB,QAAQ,sBAAsB;AAAA,EACxJ;AACA,MAAI,KAAK,SAAS,UAAU,KAAK,eAAe,MAAM;AACpD,eAAW,IAAI,gBAAgB,KAAK,WAAW;AAAA,EACjD;AACA,MAAI,KAAK,WAAW,MAAM;AACxB,WAAO;AAAA,EACT;AACA,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,KAAK,OAAO,GAAG;AACvD,UAAM,SAAS,MAAM,iBAAiB,IAAI,OAAO,EAAE,kBAAkB,KAAK,oBAAoB,CAAC,EAAE,CAAC;AAClG,QAAI,OAAO,WAAW,UAAU;AAC9B,iBAAW,IAAI,KAAK,MAAM;AAC1B;AAAA,IACF;AACA,QAAI,UAAU,MAAM;AAClB;AAAA,IACF;AACA,eAAW,IAAI,KAAK,GAAG,MAAM,EAAE;AAAA,EACjC;AACA,SAAO;AACT;AACA,eAAe,YAAY,MAAM;AAC/B,MAAI,MAAM,KAAK;AACf,MAAI,KAAK,eAAe,QAAQ,KAAK,YAAY,SAAS,GAAG;AAC3D,UAAM,GAAG,GAAG,IAAI,KAAK,WAAW;AAAA,EAClC,OAAO;AACL,UAAM,iBAAiB,KAAK,KAAK,KAAK,eAAe;AAAA,EACvD;AACA,QAAM,cAAc,MAAM,eAAe;AAAA,IACvC,MAAM,KAAK;AAAA,IACX,MAAM,KAAK,eAAe;AAAA,EAC5B,CAAC;AACD,QAAM,UAAU,KAAK,WAAW,MAAM,WAAW;AACjD,QAAM,UAAU,MAAM,WAAW,IAAI;AACrC,QAAM,SAAS,aAAa,KAAK,OAAO;AACxC,MAAI,OAAO,QAAQ,GAAG;AACpB,UAAM,WAAW;AAAA,MACf,QAAQ,KAAK;AAAA,MACb,KAAK,UAAU,GAAG;AAAA,MAClB,SAAS,cAAc,OAAO;AAAA,MAC9B,iBAAiB,sBAAsB,KAAK,eAAe;AAAA,MAC3D,SAAS,eAAe;AAAA,IAC1B;AACA,WAAO,MAAM,uBAAuB,QAAQ;AAAA,EAC9C;AACA,MAAI;AACF,UAAM,WAAW,MAAM;AAAA,MACrB,YAAY;AAAA,QACV;AAAA,QACA;AAAA,QACA,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK,iBAAiB,eAAe,KAAK,iBAAiB;AAAA,MAC7D;AAAA,MACA,KAAK;AAAA,IACP;AACA,QAAI,SAAS,UAAU,OAAO,SAAS,SAAS,KAAK;AACnD,UAAI,OAAO,QAAQ,GAAG;AACpB,cAAM,WAAW;AAAA,UACf,QAAQ,KAAK;AAAA,UACb,KAAK,UAAU,GAAG;AAAA,UAClB,YAAY,SAAS;AAAA,UACrB,iBAAiB,cAAc,SAAS,OAAO;AAAA,QACjD;AACA,eAAO,MAAM,0BAA0B,QAAQ;AAAA,MACjD;AACA,YAAM,OAAO,MAAM,gBAAgB,UAAU,KAAK,YAAY;AAC9D,aAAO;AAAA,QACL,IAAI;AAAA,QACJ;AAAA,QACA,SAAS,SAAS;AAAA,QAClB,aAAa,cAAc,QAAQ;AAAA,MACrC;AAAA,IACF,OAAO;AACL,UAAI,OAAO,QAAQ,GAAG;AACpB,cAAM,WAAW;AAAA,UACf,QAAQ,KAAK;AAAA,UACb,KAAK,UAAU,GAAG;AAAA,UAClB,YAAY,SAAS;AAAA,UACrB,iBAAiB,cAAc,OAAO,YAAY,SAAS,QAAQ,QAAQ,CAAC,CAAC;AAAA,QAC/E;AACA,eAAO,MAAM,yCAAyC,QAAQ;AAAA,MAChE;AACA,aAAO;AAAA,QACL,IAAI;AAAA,QACJ,OAAO;AAAA,UACL,QAAQ;AAAA,UACR,YAAY,SAAS;AAAA,UACrB,MAAM,MAAM,qBAAqB,QAAQ;AAAA,QAC3C;AAAA,QACA,aAAa,cAAc,QAAQ;AAAA,MACrC;AAAA,IACF;AAAA,EACF,SAAS,OAAO;AACd,QAAI,KAAK,aAAa,SAAS;AAC7B,UAAI,OAAO,QAAQ,GAAG;AACpB,cAAM,WAAW;AAAA,UACf,QAAQ,KAAK;AAAA,UACb,KAAK,UAAU,GAAG;AAAA,QACpB;AACA,eAAO,MAAM,4BAA4B,QAAQ;AAAA,MACnD;AACA,aAAO;AAAA,QACL,IAAI;AAAA,QACJ,OAAO;AAAA,UACL,QAAQ;AAAA,UACR,cAAc;AAAA,UACd,OAAO;AAAA,QACT;AAAA,QACA,aAAa;AAAA,MACf;AAAA,IACF,WAAW,iBAAiB,SAAS,MAAM,SAAS,cAAc;AAChE,UAAI,OAAO,QAAQ,GAAG;AACpB,cAAM,WAAW;AAAA,UACf,QAAQ,KAAK;AAAA,UACb,KAAK,UAAU,GAAG;AAAA,UAClB,WAAW,KAAK;AAAA,QAClB;AACA,eAAO,MAAM,0BAA0B,QAAQ;AAAA,MACjD;AACA,aAAO;AAAA,QACL,IAAI;AAAA,QACJ,OAAO;AAAA,UACL,QAAQ;AAAA,UACR,OAAO;AAAA,QACT;AAAA,QACA,aAAa;AAAA,MACf;AAAA,IACF,WAAW,iBAAiB,OAAO;AACjC,UAAI,OAAO,QAAQ,GAAG;AACpB,cAAM,WAAW;AAAA,UACf,QAAQ,KAAK;AAAA,UACb,KAAK,UAAU,GAAG;AAAA,UAClB,cAAc,MAAM;AAAA,QACtB;AACA,eAAO,MAAM,kCAAkC,QAAQ;AAAA,MACzD;AACA,aAAO;AAAA,QACL,IAAI;AAAA,QACJ,OAAO;AAAA,UACL,QAAQ;AAAA,UACR,cAAc,MAAM;AAAA,UACpB,OAAO;AAAA,QACT;AAAA,QACA,aAAa;AAAA,MACf;AAAA,IACF;AACA,QAAI,OAAO,QAAQ,GAAG;AACpB,YAAM,WAAW;AAAA,QACf,QAAQ,KAAK;AAAA,QACb,KAAK,UAAU,GAAG;AAAA,QAClB,OAAO,OAAO,KAAK;AAAA,MACrB;AACA,aAAO,MAAM,0CAA0C,QAAQ;AAAA,IACjE;AACA,WAAO;AAAA,MACL,IAAI;AAAA,MACJ,OAAO;AAAA,QACL,QAAQ;AAAA,QACR,cAAc,OAAO,KAAK;AAAA,QAC1B,OAAO;AAAA,MACT;AAAA,MACA,aAAa;AAAA,IACf;AAAA,EACF;AACF;AACA,IAAI,UAAU;AAGd,IAAI,sBAAsB,MAAM,6BAA6B,QAAQ;AAAA,EACnE,YAAY,SAAS;AACnB,UAAM,CAAC,YAAY;AACjB,cAAQ,MAAM;AAAA,IAChB,CAAC;AACD,SAAK,eAAe;AAAA,EACtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,OAAO,aAAa,OAAO,MAAM;AAC/B,WAAO,IAAI,qBAAqB,GAAG,GAAG,IAAI,CAAC;AAAA,EAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,kBAAkB,IAAI;AAC3B,WAAO,IAAI,SAAS;AAClB,aAAO,qBAAqB,YAAY,GAAG,GAAG,IAAI,CAAC;AAAA,IACrD;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,YAAY,SAAS;AAC1B,WAAO,IAAI,qBAAqB,OAAO;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,aAAa,UAAU;AAC5B,UAAM,UAAU,IAAI,QAAQ,QAAQ;AACpC,WAAO,IAAI,qBAAqB,OAAO;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,WAAW,QAAQ;AACxB,UAAM,UAAU,QAAQ,QAAQ,MAAM;AACtC,WAAO,IAAI,qBAAqB,OAAO;AAAA,EACzC;AAAA,EACA,SAAS;AACP,QAAI,CAAC,KAAK,kBAAkB;AAC1B,WAAK,mBAAmB,KAAK,aAAa,KAAK,CAAC,EAAE,KAAK,MAAM,IAAI;AAAA,IACnE;AACA,WAAO,KAAK;AAAA,EACd;AAAA;AAAA,EAEA,KAAK,aAAa,YAAY;AAC5B,WAAO,KAAK,OAAO,EAAE,KAAK,aAAa,UAAU;AAAA,EACnD;AAAA;AAAA,EAEA,MAAM,YAAY;AAChB,WAAO,KAAK,OAAO,EAAE,MAAM,UAAU;AAAA,EACvC;AAAA;AAAA,EAEA,QAAQ,WAAW;AACjB,WAAO,KAAK,OAAO,EAAE,QAAQ,SAAS;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,kBAAkB;AACtB,WAAO,MAAM,KAAK;AAAA,EACpB;AACF;AAGA,SAAS,KAAK,SAAS,UAAU;AAC/B,MAAI,CAAC,MAAM;AACT,WAAO;AAAA,EACT;AACA,MAAI,SAAS,WAAW,GAAG;AACzB,WAAO;AAAA,EACT;AACA,MAAI,KAAK,SAAS,KAAK,GAAG;AACxB,QAAI;AACJ,QAAI;AACF,YAAM,IAAI,IAAI,IAAI;AAAA,IACpB,QAAQ;AACN,aAAO,SAAS,MAAM,GAAG,QAAQ;AAAA,IACnC;AACA,UAAM,cAAc,SAAS,SAAS,SAAS,CAAC;AAChD,UAAM,8BAA8B,aAAa,SAAS,GAAG;AAC7D,eAAW,WAAW,UAAU;AAC9B,YAAM,eAAe,YAAY,OAAO;AACxC,UAAI,cAAc;AAChB,YAAI,WAAW,iBAAiB,IAAI,UAAU,YAAY;AAAA,MAC5D;AAAA,IACF;AACA,QAAI,+BAA+B,CAAC,IAAI,SAAS,SAAS,GAAG,GAAG;AAC9D,UAAI,YAAY;AAAA,IAClB;AACA,WAAO,IAAI,SAAS;AAAA,EACtB;AACA,SAAO,SAAS,MAAM,GAAG,QAAQ;AACnC;AACA,SAAS,SAAS,SAAS,UAAU;AACnC,MAAI,SAAS,WAAW,GAAG;AACzB,WAAO;AAAA,EACT;AACA,MAAI,SAAS;AACb,QAAM,cAAc,SAAS,SAAS,SAAS,CAAC;AAChD,QAAM,8BAA8B,aAAa,SAAS,GAAG;AAC7D,aAAW,WAAW,UAAU;AAC9B,UAAM,eAAe,YAAY,OAAO;AACxC,QAAI,cAAc;AAChB,eAAS,iBAAiB,QAAQ,YAAY;AAAA,IAChD;AAAA,EACF;AACA,MAAI,+BAA+B,CAAC,OAAO,SAAS,GAAG,GAAG;AACxD,cAAU;AAAA,EACZ;AACA,SAAO;AACT;AACA,SAAS,iBAAiB,MAAM,OAAO;AACrC,MAAI,KAAK,SAAS,GAAG,GAAG;AACtB,WAAO,OAAO;AAAA,EAChB;AACA,SAAO,GAAG,IAAI,IAAI,KAAK;AACzB;AACA,SAAS,YAAY,KAAK;AACxB,MAAI,CAAC,IAAK,QAAO;AACjB,MAAI,QAAQ;AACZ,MAAI,MAAM,IAAI;AACd,MAAI,IAAI,WAAW,GAAG,EAAG,SAAQ;AACjC,MAAI,IAAI,SAAS,GAAG,EAAG,OAAM,IAAI,SAAS;AAC1C,SAAO,UAAU,KAAK,QAAQ,IAAI,SAAS,MAAM,IAAI,MAAM,OAAO,GAAG;AACvE;AAGA,IAAI,WAAW;AAAA,EACb,KAAK,OAAO,aAAa;AACvB,QAAI,OAAO,aAAa,YAAY;AAClC,aAAO,SAAS;AAAA,IAClB,OAAO;AACL,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAGA,eAAe,uBAAuB,OAAO,MAAM,eAAe,gBAAgB;AAChF,QAAM,SAAS,aAAa,cAAc,OAAO;AACjD,MAAI;AACJ,MAAI,gBAAgB;AACpB,MAAI,iBAAiB,SAAS;AAC5B,UAAM,MAAM;AACZ,QAAI,QAAQ,MAAM;AAChB,sBAAgB;AAAA,QACd,QAAQ,MAAM;AAAA,QACd,SAAS,OAAO,YAAY,MAAM,QAAQ,QAAQ,CAAC;AAAA,QACnD,MAAM,MAAM;AAAA,QACZ,QAAQ,MAAM;AAAA,QACd,aAAa,MAAM;AAAA,QACnB,OAAO,MAAM;AAAA,QACb,UAAU,MAAM;AAAA,QAChB,UAAU,MAAM;AAAA,QAChB,WAAW,MAAM;AAAA,QACjB,MAAM,MAAM;AAAA,MACd;AAAA,IACF;AAAA,EACF,OAAO;AACL,UAAM,iBAAiB,MAAM,MAAM,SAAS,IAAI;AAAA,EAClD;AACA,QAAM,WAAW,cAAc,WAAW,OAAO,MAAM,SAAS,IAAI,cAAc,OAAO,IAAI,YAAY,cAAc,eAAe,OAAO,MAAM,SAAS,IAAI,cAAc,WAAW,IAAI;AAC7L,MAAI;AACJ,MAAI,IAAI,WAAW,SAAS,KAAK,IAAI,WAAW,UAAU,GAAG;AAC3D,cAAU;AAAA,EACZ,WAAW,WAAW,MAAM;AAC1B,cAAU,KAAK,SAAS,GAAG;AAAA,EAC7B,OAAO;AACL,cAAU;AAAA,EACZ;AACA,QAAM,gBAAgB,CAAC;AACvB,MAAI,cAAc,WAAW,MAAM;AACjC,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,cAAc,OAAO,GAAG;AAChE,YAAM,WAAW,MAAM,iBAAiB,IAAI,OAAO,EAAE,kBAAkB,CAAC,EAAE,CAAC;AAC3E,UAAI,YAAY,MAAM;AACpB,sBAAc,IAAI,YAAY,CAAC,IAAI,GAAG,QAAQ;AAAA,MAChD;AAAA,IACF;AAAA,EACF;AACA,MAAI,cAAc,kBAAkB,MAAM;AACxC,UAAM,cAAc,MAAM,cAAc,eAAe;AACvD,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,WAAW,GAAG;AACtD,oBAAc,IAAI,YAAY,CAAC,IAAI;AAAA,IACrC;AAAA,EACF;AACA,MAAI,eAAe,WAAW,MAAM;AAClC,UAAM,cAAc,cAAc,mBAAmB,UAAU,OAAO,YAAY,cAAc,QAAQ,QAAQ,CAAC,IAAI,MAAM,QAAQ,cAAc,OAAO,IAAI,OAAO,YAAY,cAAc,OAAO,IAAI,cAAc;AACtN,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,WAAW,GAAG;AACtD,UAAI,SAAS,MAAM;AACjB,sBAAc,IAAI,YAAY,CAAC,IAAI;AAAA,MACrC;AAAA,IACF;AAAA,EACF;AACA,MAAI,gBAAgB,WAAW,MAAM;AACnC,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,eAAe,OAAO,GAAG;AACjE,oBAAc,IAAI,YAAY,CAAC,IAAI;AAAA,IACrC;AAAA,EACF;AACA,QAAM,SAAS,eAAe,UAAU;AACxC,QAAM,OAAO,eAAe;AAC5B,QAAM,mBAAmB,gBAAgB,oBAAoB,cAAc;AAC3E,QAAM,YAAY,oBAAoB,OAAO,mBAAmB,MAAM;AACtE,QAAM,aAAa,gBAAgB,cAAc,cAAc;AAC/D,QAAM,cAAc,gBAAgB,eAAe,eAAe,UAAU;AAC5E,QAAM,UAAU,cAAc,SAAS,MAAM,WAAW;AACxD,MAAI,OAAO,QAAQ,GAAG;AACpB,WAAO,MAAM,mCAAmC;AAAA,MAC9C;AAAA,MACA,KAAK;AAAA,MACL,SAAS,QAAQ;AAAA,IACnB,CAAC;AAAA,EACH;AACA,QAAM,WAAW,MAAM;AAAA,IACrB,YAAY;AAAA,MACV;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,MACA,eAAe,gBAAgB;AAAA,MAC/B;AAAA;AAAA,MAEA;AAAA;AAAA,IAEF;AAAA,IACA;AAAA,EACF;AACA,MAAI,OAAO,QAAQ,GAAG;AACpB,WAAO,MAAM,sCAAsC;AAAA,MACjD;AAAA,MACA,KAAK;AAAA,MACL,YAAY,SAAS;AAAA,IACvB,CAAC;AAAA,EACH;AACA,SAAO;AACT;AAGA,IAAI,kBAAkB,CAAC;AACvB,SAAS,iBAAiB;AAAA,EACxB,eAAe,MAAM;AAAA,EACrB,UAAU,MAAM;AAAA,EAChB,QAAQ,MAAM;AAAA,EACd,cAAc,MAAM;AACtB,CAAC;AAGD,IAAI,UAAU,gBAAgB;AAC9B,SAAS,kBAAkB;AACzB,QAAM,YAAY,OAAO,WAAW,eAAe,OAAO,OAAO,aAAa;AAC9E,MAAI,WAAW;AACb,WAAO;AAAA,MACL,MAAM;AAAA,MACN,SAAS,OAAO,UAAU;AAAA,IAC5B;AAAA,EACF;AACA,QAAM,eAAe,OAAO,eAAe,eAAe,YAAY,WAAW,cAAc;AAC/F,MAAI,cAAc;AAChB,WAAO;AAAA,MACL,MAAM;AAAA,IACR;AAAA,EACF;AACA,QAAM,gBAAgB,OAAO,gBAAgB;AAC7C,MAAI,eAAe;AACjB,WAAO;AAAA,MACL,MAAM;AAAA,IACR;AAAA,EACF;AACA,QAAM,cAAc,OAAO,SAAS,YAAY,OAAO,MAAM,kBAAkB,eAAe,KAAK,aAAa,SAAS,gCAAgC,KAAK,aAAa,SAAS,8BAA8B,KAAK,aAAa,SAAS;AAC7O,MAAI,aAAa;AACf,WAAO;AAAA,MACL,MAAM;AAAA,IACR;AAAA,EACF;AACA,QAAM,SAAS,OAAO,SAAS,eAAe,OAAO,KAAK,YAAY,eAAe,OAAO,KAAK,QAAQ,SAAS;AAClH,MAAI,QAAQ;AACV,WAAO;AAAA,MACL,MAAM;AAAA,MACN,SAAS,KAAK,QAAQ;AAAA,IACxB;AAAA,EACF;AACA,QAAM,QAAQ,OAAO,QAAQ,eAAe,OAAO,IAAI,YAAY;AACnE,MAAI,OAAO;AACT,WAAO;AAAA,MACL,MAAM;AAAA,MACN,SAAS,IAAI;AAAA,IACf;AAAA,EACF;AACA,QAAM,gBAAgB,OAAO,cAAc,eAAe,WAAW,YAAY;AACjF,MAAI,eAAe;AACjB,WAAO;AAAA,MACL,MAAM;AAAA,IACR;AAAA,EACF;AACA,QAAM,WAAW,OAAO,YAAY,cAAc,UAAU;AAC5D,QAAM,SAAS,OAAO,aAAa,eAAe,OAAO,SAAS,UAAU,SAAS;AACrF,MAAI,QAAQ;AACV,WAAO;AAAA,MACL,MAAM;AAAA,MACN,SAAS,SAAS,SAAS;AAAA,MAC3B,eAAe,OAAO,SAAS,SAAS,KAAK,MAAM,GAAG,EAAE,CAAC,CAAC;AAAA,IAC5D;AAAA,EACF;AACA,SAAO;AAAA,IACL,MAAM;AAAA,EACR;AACF;AAGA,IAAI,cAAc;AAClB,IAAI,eAAe;AACnB,IAAI,SAAS,MAAM;AAAA,EACjB,YAAY,EAAE,QAAQ,OAAO,YAAY,OAAO,GAAG;AACjD,SAAK,aAAa,IAAI,gBAAgB;AACtC,SAAK,SAAS;AACd,SAAK,QAAQ;AACb,QAAI,WAAW,SAAS,OAAO;AAC7B,WAAK,SAAS;AACd,WAAK,oBAAoB;AACzB,WAAK,mBAAmB,WAAW;AACnC,WAAK,qBAAqB,WAAW;AAAA,IACvC,OAAO;AACL,WAAK,oBAAoB,WAAW;AAAA,IACtC;AACA,YAAQ,iBAAiB,SAAS,MAAM,KAAK,WAAW,MAAM,CAAC;AAC/D,QAAI,OAAO,gBAAgB,aAAa;AACtC,WAAK,UAAU,IAAI,YAAY,OAAO;AAAA,IACxC;AAAA,EACF;AAAA,EACA,OAAO,eAAe;AACpB,QAAI,KAAK,sBAAsB,MAAM;AACnC,aAAO,KAAK,cAAc;AAAA,IAC5B,OAAO;AACL,aAAO,KAAK,iBAAiB;AAAA,IAC/B;AAAA,EACF;AAAA,EACA,OAAO,mBAAmB;AACxB,UAAM,SAAS,4BAA4B,KAAK,MAAM;AACtD,QAAI,MAAM;AACV,QAAI,aAAa;AACjB,qBAAiB,SAAS,QAAQ;AAChC,aAAO,KAAK,YAAY,KAAK;AAC7B,UAAI;AACJ,cAAQ,kBAAkB,IAAI,QAAQ,KAAK,iBAAiB,MAAM,GAAG;AACnE,YAAI,OAAO,IAAI,MAAM,GAAG,eAAe;AACvC,cAAM,IAAI,MAAM,kBAAkB,KAAK,kBAAkB,MAAM;AAC/D,YAAI,CAAC,KAAK,KAAK,GAAG;AAChB;AAAA,QACF;AACA,YAAI,CAAC,cAAc,KAAK,UAAU,MAAM;AACtC,gBAAM,cAAc,KAAK,QAAQ,KAAK,MAAM;AAC5C,cAAI,gBAAgB,IAAI;AACtB;AAAA,UACF;AACA,uBAAa;AACb,iBAAO,KAAK,MAAM,cAAc,KAAK,OAAO,MAAM;AAAA,QACpD;AACA,YAAI,KAAK,oBAAoB,QAAQ,KAAK,SAAS,KAAK,gBAAgB,GAAG;AACzE;AAAA,QACF;AACA,cAAM,UAAU,MAAM,KAAK,MAAM,SAAS,IAAI,CAAC;AAC/C,cAAM;AACN,qBAAa;AAAA,MACf;AAAA,IACF;AAAA,EACF;AAAA,EACA,OAAO,gBAAgB;AACrB,UAAM,SAAS,4BAA4B,KAAK,MAAM;AACtD,QAAI,MAAM;AACV,QAAI;AACJ,QAAI;AACJ,qBAAiB,SAAS,QAAQ;AAChC,aAAO,KAAK,YAAY,KAAK;AAC7B,UAAI;AACJ,cAAQ,kBAAkB,IAAI,QAAQ,IAAI,MAAM,GAAG;AACjD,cAAM,OAAO,IAAI,MAAM,GAAG,eAAe,EAAE,QAAQ,OAAO,EAAE;AAC5D,cAAM,IAAI,MAAM,kBAAkB,CAAC;AACnC,YAAI,CAAC,KAAK,KAAK,GAAG;AAChB,cAAI,aAAa,MAAM;AACrB,kBAAM,UAAU,MAAM,KAAK,iBAAiB,WAAW,SAAS;AAChE,gBAAI,WAAW,MAAM;AACnB;AAAA,YACF;AACA,kBAAM;AAAA,UACR;AACA,sBAAY;AACZ,sBAAY;AACZ;AAAA,QACF;AACA,YAAI,KAAK,WAAW,YAAY,GAAG;AACjC,sBAAY,KAAK,MAAM,aAAa,MAAM,EAAE,KAAK;AAAA,QACnD,WAAW,KAAK,WAAW,WAAW,GAAG;AACvC,gBAAM,MAAM,KAAK,MAAM,YAAY,MAAM,EAAE,KAAK;AAChD,sBAAY,aAAa,OAAO,GAAG,SAAS;AAAA,EACpD,GAAG,KAAK;AAAA,QACF;AAAA,MACF;AAAA,IACF;AACA,QAAI,aAAa,MAAM;AACrB,YAAM,UAAU,MAAM,KAAK,iBAAiB,WAAW,SAAS;AAChE,UAAI,WAAW,MAAM;AACnB,cAAM;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAIA,MAAM,iBAAiB,WAAW,WAAW;AAC3C,QAAI,KAAK,oBAAoB,QAAQ,UAAU,SAAS,KAAK,gBAAgB,GAAG;AAC9E,aAAO;AAAA,IACT;AACA,WAAO,KAAK,MAAM,KAAK,oBAAoB,SAAS,SAAS,GAAG,SAAS,CAAC;AAAA,EAC5E;AAAA,EACA,oBAAoB,QAAQ,WAAW;AACrC,QAAI,KAAK,sBAAsB,QAAQ,aAAa,MAAM;AACxD,aAAO;AAAA,IACT;AACA,QAAI,UAAU,QAAQ,OAAO,WAAW,YAAY,MAAM,QAAQ,MAAM,GAAG;AACzE,aAAO;AAAA,IACT;AACA,UAAM,MAAM;AACZ,QAAI,KAAK,sBAAsB,KAAK;AAClC,aAAO;AAAA,IACT;AACA,WAAO,EAAE,CAAC,KAAK,kBAAkB,GAAG,WAAW,GAAG,IAAI;AAAA,EACxD;AAAA,EACA,QAAQ,OAAO,aAAa,IAAI;AAC9B,qBAAiB,WAAW,KAAK,aAAa,GAAG;AAC/C,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EACA,YAAY,OAAO;AACjB,QAAI,UAAU;AACd,QAAI,KAAK,WAAW,MAAM;AACxB,iBAAW,KAAK,QAAQ,OAAO,OAAO,EAAE,QAAQ,KAAK,CAAC;AAAA,IACxD,WAAW,QAAQ,SAAS,UAAU,OAAO,UAAU,aAAa;AAClE,iBAAW,OAAO,SAAS,KAAK,IAAI,QAAQ,OAAO,KAAK,KAAK;AAAA,IAC/D;AACA,WAAO;AAAA,EACT;AACF;AACA,SAAS,4BAA4B,QAAQ;AAC3C,MAAI,OAAO,OAAO,aAAa,GAAG;AAChC,WAAO;AAAA,EACT;AACA,QAAM,SAAS,OAAO,UAAU;AAChC,SAAO;AAAA,IACL,MAAM,OAAO;AACX,UAAI;AACF,cAAM,SAAS,MAAM,OAAO,KAAK;AACjC,YAAI,QAAQ,MAAM;AAChB,iBAAO,YAAY;AAAA,QACrB;AACA,eAAO;AAAA,MACT,SAAS,GAAG;AACV,eAAO,YAAY;AACnB,cAAM;AAAA,MACR;AAAA,IACF;AAAA,IACA,MAAM,SAAS;AACb,YAAM,gBAAgB,OAAO,OAAO;AACpC,aAAO,YAAY;AACnB,YAAM;AACN,aAAO,EAAE,MAAM,MAAM,OAAO,OAAO;AAAA,IACrC;AAAA,IACA,CAAC,OAAO,aAAa,IAAI;AACvB,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAGA,IAAI,cAAc,CAAC;AACnB,SAAS,aAAa;AAAA,EACpB,iBAAiB,MAAM;AAAA,EACvB,MAAM,MAAM;AAAA,EACZ,cAAc,MAAM;AAAA,EACpB,eAAe,MAAM;AACvB,CAAC;AAGD,SAAS,gBAAgB,OAAO;AAC9B,MAAI,UAAU,MAAM;AAClB,WAAO;AAAA,EACT;AACA,QAAM,cAAc,OAAO;AAC3B,UAAQ,aAAa;AAAA,IACnB,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AACH;AAAA,IACF;AACE,cAAQ,OAAO,KAAK;AACpB;AAAA,EACJ;AACA,SAAO,mBAAmB,KAAK;AACjC;AAGA,SAAS,eAAe;AACtB,SAAO,IAAI,mBAAmB;AAChC;AACA,IAAI,qBAAqB,MAAM;AAAA,EAC7B,cAAc;AACZ,SAAK,QAAwB,oBAAI,IAAI;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,IAAI,KAAK,OAAO,SAAS;AACvB,QAAI,UAAU,UAAU,UAAU,MAAM;AACtC,aAAO;AAAA,IACT;AACA,UAAM,aAAa;AAAA,MACjB,EAAE,CAAC,GAAG,GAAG,MAAM;AAAA,MACf,EAAE,aAAa,SAAS,UAAU,UAAU,UAAU,SAAS;AAAA,IACjE;AACA,QAAI,WAAW,SAAS,GAAG;AACzB,WAAK,MAAM,IAAI,KAAK,UAAU;AAAA,IAChC;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,QAAQ,QAAQ;AACd,QAAI,UAAU,MAAM;AAClB,iBAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,MAAM,GAAG;AACjD,aAAK,IAAI,KAAK,KAAK;AAAA,MACrB;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,gBAAgB,kBAAkB;AAChC,QAAI,oBAAoB,MAAM;AAC5B,iBAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,gBAAgB,GAAG;AAC3D,YAAI,UAAU,UAAU,UAAU,MAAM;AACtC;AAAA,QACF;AACA,cAAM,aAAa,cAAc,EAAE,CAAC,GAAG,GAAG,MAAM,GAAG,EAAE,aAAa,SAAS,CAAC;AAC5E,YAAI,WAAW,SAAS,GAAG;AACzB,eAAK,MAAM,IAAI,KAAK,UAAU;AAAA,QAChC;AAAA,MACF;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,QAAQ;AACN,WAAO,CAAC,GAAG,KAAK,MAAM,OAAO,CAAC,EAAE,KAAK,GAAG;AAAA,EAC1C;AACF;AAGA,IAAI,cAAc;AAClB,IAAI,qBAAqB,MAAM,oBAAoB;AAAA,EACjD,YAAY,SAAS;AACnB,SAAK,UAAU;AAAA,EACjB;AAAA,EACA,OAAO,UAAU,SAAS;AACxB,WAAO,UAAU,WAAW,KAAK;AAAA,EACnC;AAAA,EACA,MAAM,eAAe;AAAA,IACnB;AAAA,EACF,IAAI,CAAC,GAAG;AACN,UAAM,QAAQ,MAAM,SAAS,IAAI,KAAK,QAAQ,WAAW,CAAC;AAC1D,QAAI,SAAS,MAAM;AACjB,YAAM,IAAI,aAAa;AAAA,QACrB,SAAS,oBAAoB;AAAA,MAC/B,CAAC;AAAA,IACH;AACA,WAAO;AAAA,MACL,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG;AAAA,IAC9C;AAAA,EACF;AACF;AAAA,CACC,CAAC,wBAAwB;AACxB,sBAAoB,cAAc;AAClC,sBAAoB,4BAA4B,mBAAmB,WAAW;AAC9E,WAAS,eAAe,SAAS;AAC/B,WAAO,IAAI,oBAAoB,OAAO;AAAA,EACxC;AACA,sBAAoB,iBAAiB;AACvC,GAAG,uBAAuB,qBAAqB,CAAC,EAAE;AAGlD,SAAS,gBAAgB,cAAc;AACrC,QAAM,SAAS,CAAC;AAChB,aAAW,CAAC,KAAK,KAAK,KAAK,aAAa,OAAO,CAAC,YAAY,WAAW,IAAI,EAAE,QAAQ,CAAC,YAAY,OAAO,QAAQ,OAAO,CAAC,GAAG;AAC1H,UAAM,iBAAiB,IAAI,YAAY;AACvC,QAAI,SAAS,MAAM;AACjB,aAAO,cAAc,IAAI;AAAA,IAC3B,WAAW,kBAAkB,QAAQ;AACnC,aAAO,OAAO,cAAc;AAAA,IAC9B;AAAA,EACF;AACA,SAAO;AACT;AAGA,SAAS,uBAAuB,SAAS;AACvC,QAAM,UAAU;AAAA,IACd;AAAA,MACE,mBAAmB;AAAA,MACnB,kBAAkB,QAAQ;AAAA,MAC1B,0BAA0B,QAAQ;AAAA,IACpC;AAAA,IACA,SAAS;AAAA,EACX;AACA,SAAO;AAAA,IACL,GAAG;AAAA,IACH,SAAS,gBAAgB,aAAa,SAAS,OAAO;AAAA,IACtD;AAAA,EACF;AACF;AACA,SAAS,+BAA+B,SAAS;AAC/C,QAAM,aAAa,uBAAuB,OAAO;AACjD,MAAI,QAAQ,SAAS,OAAO;AAC1B,eAAW,eAAe,IAAI,iBAAiB;AAC/C,WAAO;AAAA,EACT;AACA,MAAI,QAAQ,QAAQ,MAAM;AACxB,QAAI,OAAO,QAAQ,SAAS,YAAY;AACtC,iBAAW,eAAe,EAAE,gBAAgB,QAAQ,KAAK;AACzD,aAAO;AAAA,IACT;AACA,QAAI,eAAe,QAAQ,IAAI,GAAG;AAChC,iBAAW,eAAe,QAAQ;AAClC,aAAO;AAAA,IACT;AACA,WAAO,OAAO,YAAY,QAAQ,IAAI;AAAA,EACxC;AACA,QAAM,iCAAiC,qBAAqB,UAAU;AACtE,aAAW,iBAAiB,WAAW,eAAe,IAAI,mBAAmB,8BAA8B;AAC3G,SAAO;AACT;AACA,SAAS,qBAAqB,SAAS;AACrC,SAAO;AAAA,IACL,GAAG;AAAA,IACH,cAAc,IAAI,iBAAiB;AAAA,EACrC;AACF;AAGA,SAAS,yBAAyB,OAAO,aAAa,QAAQA,OAAM;AAClE,UAAQ,MAAM,QAAQ;AAAA,IACpB,KAAK;AACH,YAAM,IAAI,aAAa;AAAA,QACrB,YAAY,MAAM;AAAA,QAClB,MAAM,MAAM;AAAA,QACZ;AAAA,MACF,CAAC;AAAA,IACH,KAAK;AACH,YAAM,IAAI,aAAa;AAAA,QACrB,YAAY,MAAM;AAAA,QAClB;AAAA,MACF,CAAC;AAAA,IACH,KAAK;AACH,YAAM,IAAI,oBAAoB,iCAAiC,MAAM,IAAIA,KAAI,KAAK;AAAA,QAChF,OAAO,MAAM;AAAA,MACf,CAAC;AAAA,IACH,KAAK;AACH,YAAM,IAAI,aAAa;AAAA,QACrB,SAAS,MAAM;AAAA,QACf;AAAA,QACA,OAAO,MAAM;AAAA,MACf,CAAC;AAAA,IACH;AACE,YAAM,IAAI,aAAa;AAAA,QACrB,SAAS;AAAA,QACT;AAAA,MACF,CAAC;AAAA,EACL;AACF;AAGA,IAAI,aAAa,MAAM;AAAA,EACrB,YAAY,SAAS;AACnB,SAAK,WAAW,+BAA+B,OAAO;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,QAAQ,gBAAgB;AACtB,WAAO,oBAAoB,YAAY,KAAK,UAAU,cAAc,CAAC;AAAA,EACvE;AAAA,EACA,MAAM,UAAU,gBAAgB;AAC9B,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,oBAAoB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QAC3E;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,eAAe;AAAA,EAChG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsBA,aAAa,UAAU,CAAC,GAAG,gBAAgB;AACzC,WAAO,oBAAoB,YAAY,KAAK,eAAe,SAAS,cAAc,CAAC;AAAA,EACrF;AAAA,EACA,MAAM,eAAe,UAAU,CAAC,GAAG,gBAAgB;AACjD,UAAM;AAAA,MACJ;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,IAAI;AACJ,UAAM,eAAe;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,sBAAsB;AAAA,EACvG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,eAAe,gBAAgB;AAC7B,WAAO,oBAAoB,YAAY,KAAK,iBAAiB,cAAc,CAAC;AAAA,EAC9E;AAAA,EACA,MAAM,iBAAiB,gBAAgB;AACrC,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,uBAAuB;AAAA,EACxG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,gBAAgB,SAAS,gBAAgB;AACvC,WAAO,oBAAoB,YAAY,KAAK,kBAAkB,SAAS,cAAc,CAAC;AAAA,EACxF;AAAA,EACA,MAAM,kBAAkB,SAAS,gBAAgB;AAC/C,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,uBAAuB;AAAA,EACzG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,aAAa,SAAS,gBAAgB;AACpC,WAAO,oBAAoB,YAAY,KAAK,eAAe,SAAS,cAAc,CAAC;AAAA,EACrF;AAAA,EACA,MAAM,eAAe,SAAS,gBAAgB;AAC5C,UAAM,EAAE,MAAM,IAAI;AAClB,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,wBAAwB,YAAY,gBAAgB,KAAK,CAAC;AAAA,MAC5D;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,+BAA+B;AAAA,EAChH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,gBAAgB,SAAS,gBAAgB;AACvC,WAAO,oBAAoB,YAAY,KAAK,kBAAkB,SAAS,cAAc,CAAC;AAAA,EACxF;AAAA,EACA,MAAM,kBAAkB,SAAS,gBAAgB;AAC/C,UAAM,EAAE,MAAM,IAAI;AAClB,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,wBAAwB,YAAY,gBAAgB,KAAK,CAAC;AAAA,MAC5D;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,QAAQ,aAAa,UAAU,YAAY;AAAA,IAC5D;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,MACL,UAAU;AAAA,MACV,UAAU;AAAA,MACV;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,aAAa,SAAS,gBAAgB;AACpC,WAAO,oBAAoB,YAAY,KAAK,eAAe,SAAS,cAAc,CAAC;AAAA,EACrF;AAAA,EACA,MAAM,eAAe,SAAS,gBAAgB;AAC5C,UAAM,EAAE,WAAW,SAAS,UAAU,QAAQ,OAAO,WAAW,YAAY,MAAM,IAAI;AACtF,UAAM,eAAe;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,gBAAgB;AAAA,EACjG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,mBAAmB,SAAS,gBAAgB;AAC1C,WAAO,oBAAoB,YAAY,KAAK,qBAAqB,SAAS,cAAc,CAAC;AAAA,EAC3F;AAAA,EACA,MAAM,qBAAqB,SAAS,gBAAgB;AAClD,UAAM,EAAE,WAAW,WAAW,MAAM,IAAI;AACxC,UAAM,eAAe;AAAA,MACnB;AAAA,MACA;AAAA,IACF;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,mBAAmB,YAAY,gBAAgB,SAAS,CAAC;AAAA,MAC3D;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,MACL,UAAU;AAAA,MACV,UAAU;AAAA,MACV;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,oBAAoB,SAAS,gBAAgB;AAC3C,WAAO,oBAAoB,YAAY,KAAK,sBAAsB,SAAS,cAAc,CAAC;AAAA,EAC5F;AAAA,EACA,MAAM,sBAAsB,SAAS,gBAAgB;AACnD,UAAM,EAAE,WAAW,MAAM,MAAM,IAAI;AACnC,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,mBAAmB,YAAY,gBAAgB,SAAS,CAAC;AAAA,MAC3D;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,MACL,UAAU;AAAA,MACV,UAAU;AAAA,MACV;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,gBAAgB,UAAU,CAAC,GAAG,gBAAgB;AAC5C,WAAO,oBAAoB,YAAY,KAAK,kBAAkB,SAAS,cAAc,CAAC;AAAA,EACxF;AAAA,EACA,MAAM,kBAAkB,UAAU,CAAC,GAAG,gBAAgB;AACpD,UAAM,EAAE,WAAW,MAAM,IAAI;AAC7B,UAAM,eAAe;AAAA,MACnB;AAAA,MACA;AAAA,IACF;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,kBAAkB;AAAA,EACnG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,iBAAiB,SAAS,gBAAgB;AACxC,WAAO,oBAAoB,YAAY,KAAK,mBAAmB,SAAS,cAAc,CAAC;AAAA,EACzF;AAAA,EACA,MAAM,mBAAmB,SAAS,gBAAgB;AAChD,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,kBAAkB;AAAA,EACpG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,UAAU,SAAS,gBAAgB;AACjC,WAAO,oBAAoB,YAAY,KAAK,YAAY,SAAS,cAAc,CAAC;AAAA,EAClF;AAAA,EACA,MAAM,YAAY,SAAS,gBAAgB;AACzC,UAAM,EAAE,WAAW,WAAW,MAAM,IAAI;AACxC,UAAM,eAAe;AAAA,MACnB;AAAA,MACA;AAAA,IACF;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,mBAAmB,YAAY,gBAAgB,SAAS,CAAC;AAAA,MAC3D;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,MACL,UAAU;AAAA,MACV,UAAU;AAAA,MACV;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAuBA,WAAW,SAAS,gBAAgB;AAClC,WAAO,oBAAoB,YAAY,KAAK,aAAa,SAAS,cAAc,CAAC;AAAA,EACnF;AAAA,EACA,MAAM,aAAa,SAAS,gBAAgB;AAC1C,UAAM,EAAE,WAAW,MAAM,MAAM,IAAI;AACnC,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,mBAAmB,YAAY,gBAAgB,SAAS,CAAC;AAAA,MAC3D;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,MACL,UAAU;AAAA,MACV,UAAU;AAAA,MACV;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,iBAAiB,SAAS,gBAAgB;AACxC,WAAO,oBAAoB,YAAY,KAAK,mBAAmB,SAAS,cAAc,CAAC;AAAA,EACzF;AAAA,EACA,MAAM,mBAAmB,SAAS,gBAAgB;AAChD,UAAM,EAAE,WAAW,YAAY,IAAI;AACnC,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,mBAAmB,YAAY,gBAAgB,SAAS,CAAC,aAAa,YAAY,gBAAgB,WAAW,CAAC;AAAA,MAChH;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,MACL,UAAU;AAAA,MACV,UAAU;AAAA,MACV;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,oBAAoB,SAAS,gBAAgB;AAC3C,WAAO,oBAAoB,YAAY,KAAK,sBAAsB,SAAS,cAAc,CAAC;AAAA,EAC5F;AAAA,EACA,MAAM,sBAAsB,SAAS,gBAAgB;AACnD,UAAM,EAAE,WAAW,aAAa,MAAM,MAAM,IAAI;AAChD,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,mBAAmB,YAAY,gBAAgB,SAAS,CAAC,aAAa,YAAY,gBAAgB,WAAW,CAAC;AAAA,MAChH;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,MACL,UAAU;AAAA,MACV,UAAU;AAAA,MACV;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,oBAAoB,SAAS,gBAAgB;AAC3C,WAAO,oBAAoB,YAAY,KAAK,sBAAsB,SAAS,cAAc,CAAC;AAAA,EAC5F;AAAA,EACA,MAAM,sBAAsB,SAAS,gBAAgB;AACnD,UAAM,EAAE,WAAW,YAAY,IAAI;AACnC,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,mBAAmB,YAAY,gBAAgB,SAAS,CAAC,aAAa,YAAY,gBAAgB,WAAW,CAAC;AAAA,MAChH;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,QAAQ,aAAa,UAAU,YAAY;AAAA,IAC5D;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,MACL,UAAU;AAAA,MACV,UAAU;AAAA,MACV;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,cAAc,SAAS,gBAAgB;AACrC,WAAO,oBAAoB,YAAY,KAAK,gBAAgB,SAAS,cAAc,CAAC;AAAA,EACtF;AAAA,EACA,MAAM,gBAAgB,SAAS,gBAAgB;AAC7C,UAAM,EAAE,UAAU,IAAI;AACtB,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,mBAAmB,YAAY,gBAAgB,SAAS,CAAC;AAAA,MAC3D;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,8BAA8B;AAAA,EAC/G;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,iBAAiB,SAAS,gBAAgB;AACxC,WAAO,oBAAoB,YAAY,KAAK,mBAAmB,SAAS,cAAc,CAAC;AAAA,EACzF;AAAA,EACA,MAAM,mBAAmB,SAAS,gBAAgB;AAChD,UAAM,EAAE,WAAW,MAAM,MAAM,IAAI;AACnC,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,mBAAmB,YAAY,gBAAgB,SAAS,CAAC;AAAA,MAC3D;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,8BAA8B;AAAA,EAC/G;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,iBAAiB,SAAS,gBAAgB;AACxC,WAAO,oBAAoB,YAAY,KAAK,mBAAmB,SAAS,cAAc,CAAC;AAAA,EACzF;AAAA,EACA,MAAM,mBAAmB,SAAS,gBAAgB;AAChD,UAAM,EAAE,WAAW,QAAQ,IAAI;AAC/B,UAAM,eAAe;AAAA,MACnB;AAAA,IACF;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,mBAAmB,YAAY,gBAAgB,SAAS,CAAC;AAAA,MAC3D;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,QAAQ,aAAa,UAAU,YAAY;AAAA,IAC5D;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,MACL,UAAU;AAAA,MACV,UAAU;AAAA,MACV;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,QAAQ,SAAS,gBAAgB;AAC/B,WAAO,oBAAoB,YAAY,KAAK,UAAU,SAAS,cAAc,CAAC;AAAA,EAChF;AAAA,EACA,MAAM,UAAU,SAAS,gBAAgB;AACvC,UAAM,EAAE,WAAW,OAAO,IAAI;AAC9B,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,mBAAmB,YAAY,gBAAgB,SAAS,CAAC,UAAU,YAAY,gBAAgB,MAAM,CAAC;AAAA,MACxG;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,MACL,UAAU;AAAA,MACV,UAAU;AAAA,MACV;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAuBA,WAAW,SAAS,gBAAgB;AAClC,WAAO,oBAAoB,YAAY,KAAK,aAAa,SAAS,cAAc,CAAC;AAAA,EACnF;AAAA,EACA,MAAM,aAAa,SAAS,gBAAgB;AAC1C,UAAM,EAAE,WAAW,QAAQ,MAAM,MAAM,IAAI;AAC3C,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,mBAAmB,YAAY,gBAAgB,SAAS,CAAC,UAAU,YAAY,gBAAgB,MAAM,CAAC;AAAA,MACxG;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,MACL,UAAU;AAAA,MACV,UAAU;AAAA,MACV;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,WAAW,SAAS,gBAAgB;AAClC,WAAO,oBAAoB,YAAY,KAAK,aAAa,SAAS,cAAc,CAAC;AAAA,EACnF;AAAA,EACA,MAAM,aAAa,SAAS,gBAAgB;AAC1C,UAAM,EAAE,WAAW,OAAO,IAAI;AAC9B,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,mBAAmB,YAAY,gBAAgB,SAAS,CAAC,UAAU,YAAY,gBAAgB,MAAM,CAAC;AAAA,MACxG;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,QAAQ,aAAa,UAAU,YAAY;AAAA,IAC5D;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,MACL,UAAU;AAAA,MACV,UAAU;AAAA,MACV;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,yBAAyB,SAAS,gBAAgB;AAChD,WAAO,oBAAoB,YAAY,KAAK,2BAA2B,SAAS,cAAc,CAAC;AAAA,EACjG;AAAA,EACA,MAAM,2BAA2B,SAAS,gBAAgB;AACxD,UAAM,EAAE,WAAW,aAAa,UAAU,IAAI;AAC9C,UAAM,eAAe;AAAA,MACnB;AAAA,IACF;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,mBAAmB,YAAY,gBAAgB,SAAS,CAAC,aAAa,YAAY,gBAAgB,WAAW,CAAC;AAAA,MAChH;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,MACL,UAAU;AAAA,MACV,UAAU;AAAA,MACV;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,gBAAgB,SAAS,gBAAgB;AACvC,WAAO,oBAAoB,YAAY,KAAK,kBAAkB,SAAS,cAAc,CAAC;AAAA,EACxF;AAAA,EACA,MAAM,kBAAkB,SAAS,gBAAgB;AAC/C,UAAM,EAAE,WAAW,QAAQ,UAAU,IAAI;AACzC,UAAM,eAAe;AAAA,MACnB;AAAA,IACF;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,mBAAmB,YAAY,gBAAgB,SAAS,CAAC,UAAU,YAAY,gBAAgB,MAAM,CAAC;AAAA,MACxG;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,MACL,UAAU;AAAA,MACV,UAAU;AAAA,MACV;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,SAAS,UAAU,CAAC,GAAG,gBAAgB;AACrC,WAAO,oBAAoB,YAAY,KAAK,WAAW,SAAS,cAAc,CAAC;AAAA,EACjF;AAAA,EACA,MAAM,WAAW,UAAU,CAAC,GAAG,gBAAgB;AAC7C,UAAM,EAAE,MAAM,OAAO,UAAU,IAAI;AACnC,UAAM,eAAe;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,WAAW;AAAA,EAC5F;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,KAAK,gBAAgB;AACnB,WAAO,oBAAoB,YAAY,KAAK,OAAO,cAAc,CAAC;AAAA,EACpE;AAAA,EACA,MAAM,OAAO,gBAAgB;AAC3B,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,YAAM,IAAI,aAAa;AAAA,QACrB,YAAY,UAAU,MAAM;AAAA,QAC5B,MAAM,UAAU,MAAM;AAAA,QACtB,aAAa,UAAU;AAAA,MACzB,CAAC;AAAA,IACH;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,UAAU;AAAA,EAC3F;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,yBAAyB,SAAS,gBAAgB;AAChD,WAAO,oBAAoB,YAAY,KAAK,2BAA2B,SAAS,cAAc,CAAC;AAAA,EACjG;AAAA,EACA,MAAM,2BAA2B,SAAS,gBAAgB;AACxD,UAAM,EAAE,aAAa,WAAW,MAAM,IAAI;AAC1C,UAAM,eAAe;AAAA,MACnB;AAAA,MACA;AAAA,IACF;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,iBAAiB,YAAY,gBAAgB,WAAW,CAAC;AAAA,MAC3D;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,MACL,UAAU;AAAA,MACV,UAAU;AAAA,MACV;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAyBA,UAAU,SAAS,gBAAgB;AACjC,WAAO,oBAAoB,YAAY,KAAK,YAAY,SAAS,cAAc,CAAC;AAAA,EAClF;AAAA,EACA,MAAM,YAAY,SAAS,gBAAgB;AACzC,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,gBAAgB;AAAA,EAClG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,aAAa,SAAS,gBAAgB;AACpC,WAAO,oBAAoB,YAAY,KAAK,eAAe,SAAS,cAAc,CAAC;AAAA,EACrF;AAAA,EACA,MAAM,eAAe,SAAS,gBAAgB;AAC5C,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,kBAAkB;AAAA,EACpG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBA,aAAa,SAAS,gBAAgB;AACpC,WAAO,oBAAoB,YAAY,KAAK,eAAe,SAAS,cAAc,CAAC;AAAA,EACrF;AAAA,EACA,MAAM,eAAe,SAAS,gBAAgB;AAC5C,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,yBAAyB;AAAA,EAC3G;AACF;AAGA,IAAI,mBAAmB,MAAM;AAAA,EAC3B,YAAY,SAAS;AACnB,SAAK,WAAW,+BAA+B,OAAO;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,qBAAqB,SAAS,gBAAgB;AAC5C,WAAO,oBAAoB,YAAY,KAAK,uBAAuB,SAAS,cAAc,CAAC;AAAA,EAC7F;AAAA,EACA,MAAM,uBAAuB,SAAS,gBAAgB;AACpD,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,oBAAoB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QAC3E;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,sBAAsB;AAAA,EACxG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,kBAAkB,SAAS,gBAAgB;AACzC,WAAO,oBAAoB,YAAY,KAAK,oBAAoB,SAAS,cAAc,CAAC;AAAA,EAC1F;AAAA,EACA,MAAM,oBAAoB,SAAS,gBAAgB;AACjD,UAAM,EAAE,GAAG,IAAI;AACf,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,uBAAuB,YAAY,gBAAgB,EAAE,CAAC;AAAA,MACxD;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE,KAAK;AACH,gBAAM,IAAI,oBAAoB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QAC3E;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,2BAA2B;AAAA,EAC5G;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,aAAa,UAAU,CAAC,GAAG,gBAAgB;AACzC,WAAO,oBAAoB,YAAY,KAAK,eAAe,SAAS,cAAc,CAAC;AAAA,EACrF;AAAA,EACA,MAAM,eAAe,UAAU,CAAC,GAAG,gBAAgB;AACjD,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,oBAAoB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QAC3E;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,kBAAkB;AAAA,EACpG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,UAAU,SAAS,gBAAgB;AACjC,WAAO,oBAAoB,YAAY,KAAK,YAAY,SAAS,cAAc,CAAC;AAAA,EAClF;AAAA,EACA,MAAM,YAAY,SAAS,gBAAgB;AACzC,UAAM,EAAE,GAAG,IAAI;AACf,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,mBAAmB,YAAY,gBAAgB,EAAE,CAAC;AAAA,MACpD;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE,KAAK;AACH,gBAAM,IAAI,oBAAoB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QAC3E;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,uBAAuB;AAAA,EACxG;AACF;AAGA,IAAI,kBAAkB,MAAM;AAAA,EAC1B,YAAY,SAAS;AACnB,SAAK,WAAW,+BAA+B,OAAO;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,cAAc,UAAU,CAAC,GAAG,gBAAgB;AAC1C,WAAO,oBAAoB,YAAY,KAAK,gBAAgB,SAAS,cAAc,CAAC;AAAA,EACtF;AAAA,EACA,MAAM,gBAAgB,UAAU,CAAC,GAAG,gBAAgB;AAClD,UAAM,EAAE,QAAQ,OAAO,UAAU,UAAU,WAAW,MAAM,IAAI;AAChE,UAAM,eAAe;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,YAAM,IAAI,aAAa;AAAA,QACrB,YAAY,UAAU,MAAM;AAAA,QAC5B,MAAM,UAAU,MAAM;AAAA,QACtB,aAAa,UAAU;AAAA,MACzB,CAAC;AAAA,IACH;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,eAAe;AAAA,EAChG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,eAAe,SAAS,gBAAgB;AACtC,WAAO,oBAAoB,YAAY,KAAK,iBAAiB,SAAS,cAAc,CAAC;AAAA,EACvF;AAAA,EACA,MAAM,iBAAiB,SAAS,gBAAgB;AAC9C,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,eAAe;AAAA,EACjG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,YAAY,SAAS,gBAAgB;AACnC,WAAO,oBAAoB,YAAY,KAAK,cAAc,SAAS,cAAc,CAAC;AAAA,EACpF;AAAA,EACA,MAAM,cAAc,SAAS,gBAAgB;AAC3C,UAAM,EAAE,GAAG,IAAI;AACf,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,gBAAgB,YAAY,gBAAgB,EAAE,CAAC;AAAA,MACjD;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,oBAAoB;AAAA,EACrG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,eAAe,SAAS,gBAAgB;AACtC,WAAO,oBAAoB,YAAY,KAAK,iBAAiB,SAAS,cAAc,CAAC;AAAA,EACvF;AAAA,EACA,MAAM,iBAAiB,SAAS,gBAAgB;AAC9C,UAAM,EAAE,IAAI,MAAM,MAAM,IAAI;AAC5B,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,gBAAgB,YAAY,gBAAgB,EAAE,CAAC;AAAA,MACjD;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,oBAAoB;AAAA,EACrG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,eAAe,SAAS,gBAAgB;AACtC,WAAO,oBAAoB,YAAY,KAAK,iBAAiB,SAAS,cAAc,CAAC;AAAA,EACvF;AAAA,EACA,MAAM,iBAAiB,SAAS,gBAAgB;AAC9C,UAAM,EAAE,GAAG,IAAI;AACf,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,gBAAgB,YAAY,gBAAgB,EAAE,CAAC;AAAA,MACjD;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,QAAQ,aAAa,UAAU,YAAY;AAAA,IAC5D;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,UAAU,oBAAoB;AAAA,EACxG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,cAAc,SAAS,gBAAgB;AACrC,WAAO,oBAAoB,YAAY,KAAK,gBAAgB,SAAS,cAAc,CAAC;AAAA,EACtF;AAAA,EACA,MAAM,gBAAgB,SAAS,gBAAgB;AAC7C,UAAM,EAAE,IAAI,MAAM,MAAM,IAAI;AAC5B,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,gBAAgB,YAAY,gBAAgB,EAAE,CAAC;AAAA,MACjD;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,SAAS,oBAAoB;AAAA,EACvG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,gBAAgB,SAAS,gBAAgB;AACvC,WAAO,oBAAoB,YAAY,KAAK,kBAAkB,SAAS,cAAc,CAAC;AAAA,EACxF;AAAA,EACA,MAAM,kBAAkB,SAAS,gBAAgB;AAC/C,UAAM,EAAE,MAAM,OAAO,OAAO,OAAO,MAAM,OAAO,IAAI,QAAQ,WAAW,OAAO,MAAM,IAAI;AACxF,UAAM,eAAe;AAAA,MACnB,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,OAAO,SAAS,OAAO,QAAQ;AAAA,IACjC;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,YAAM,IAAI,aAAa;AAAA,QACrB,YAAY,UAAU,MAAM;AAAA,QAC5B,MAAM,UAAU,MAAM;AAAA,QACtB,aAAa,UAAU;AAAA,MACzB,CAAC;AAAA,IACH;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,sBAAsB;AAAA,EACvG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,sBAAsB,SAAS,gBAAgB;AAC7C,WAAO,oBAAoB,YAAY,KAAK,wBAAwB,SAAS,cAAc,CAAC;AAAA,EAC9F;AAAA,EACA,MAAM,wBAAwB,SAAS,gBAAgB;AACrD,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,sBAAsB;AAAA,EACxG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,uBAAuB,SAAS,gBAAgB;AAC9C,WAAO,oBAAoB,YAAY,KAAK,yBAAyB,SAAS,cAAc,CAAC;AAAA,EAC/F;AAAA,EACA,MAAM,yBAAyB,SAAS,gBAAgB;AACtD,UAAM,EAAE,GAAG,IAAI;AACf,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,gBAAgB,YAAY,gBAAgB,EAAE,CAAC;AAAA,MACjD;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,6BAA6B;AAAA,EAC9G;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,gBAAgB,SAAS,gBAAgB;AACvC,WAAO,oBAAoB,YAAY,KAAK,kBAAkB,SAAS,cAAc,CAAC;AAAA,EACxF;AAAA,EACA,MAAM,kBAAkB,SAAS,gBAAgB;AAC/C,UAAM,EAAE,GAAG,IAAI;AACf,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,gBAAgB,YAAY,gBAAgB,EAAE,CAAC;AAAA,MACjD;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,yBAAyB;AAAA,EAC1G;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,oBAAoB,SAAS,gBAAgB;AAC3C,WAAO,oBAAoB,YAAY,KAAK,sBAAsB,SAAS,cAAc,CAAC;AAAA,EAC5F;AAAA,EACA,MAAM,sBAAsB,SAAS,gBAAgB;AACnD,UAAM,EAAE,IAAI,UAAU,IAAI;AAC1B,UAAM,eAAe;AAAA,MACnB;AAAA,IACF;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,gBAAgB,YAAY,gBAAgB,EAAE,CAAC;AAAA,MACjD;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,6BAA6B;AAAA,EAC9G;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,eAAe,SAAS,gBAAgB;AACtC,WAAO,oBAAoB,YAAY,KAAK,iBAAiB,SAAS,cAAc,CAAC;AAAA,EACvF;AAAA,EACA,MAAM,iBAAiB,SAAS,gBAAgB;AAC9C,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,sBAAsB;AAAA,EACxG;AACF;AAGA,IAAI,gBAAgB,MAAM;AAAA,EACxB,YAAY,SAAS;AACnB,SAAK,WAAW,+BAA+B,OAAO;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,YAAY,UAAU,CAAC,GAAG,gBAAgB;AACxC,WAAO,oBAAoB,YAAY,KAAK,cAAc,SAAS,cAAc,CAAC;AAAA,EACpF;AAAA,EACA,MAAM,cAAc,UAAU,CAAC,GAAG,gBAAgB;AAChD,UAAM,EAAE,gBAAgB,OAAO,QAAQ,UAAU,WAAW,MAAM,IAAI;AACtE,UAAM,eAAe;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,YAAM,IAAI,aAAa;AAAA,QACrB,YAAY,UAAU,MAAM;AAAA,QAC5B,MAAM,UAAU,MAAM;AAAA,QACtB,aAAa,UAAU;AAAA,MACzB,CAAC;AAAA,IACH;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,aAAa;AAAA,EAC9F;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,aAAa,SAAS,gBAAgB;AACpC,WAAO,oBAAoB,YAAY,KAAK,eAAe,SAAS,cAAc,CAAC;AAAA,EACrF;AAAA,EACA,MAAM,eAAe,SAAS,gBAAgB;AAC5C,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,aAAa;AAAA,EAC/F;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,UAAU,SAAS,gBAAgB;AACjC,WAAO,oBAAoB,YAAY,KAAK,YAAY,SAAS,cAAc,CAAC;AAAA,EAClF;AAAA,EACA,MAAM,YAAY,SAAS,gBAAgB;AACzC,UAAM,EAAE,GAAG,IAAI;AACf,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,cAAc,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC/C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,kBAAkB;AAAA,EACnG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,aAAa,SAAS,gBAAgB;AACpC,WAAO,oBAAoB,YAAY,KAAK,eAAe,SAAS,cAAc,CAAC;AAAA,EACrF;AAAA,EACA,MAAM,eAAe,SAAS,gBAAgB;AAC5C,UAAM,EAAE,IAAI,MAAM,MAAM,IAAI;AAC5B,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,cAAc,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC/C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,kBAAkB;AAAA,EACnG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,aAAa,SAAS,gBAAgB;AACpC,WAAO,oBAAoB,YAAY,KAAK,eAAe,SAAS,cAAc,CAAC;AAAA,EACrF;AAAA,EACA,MAAM,eAAe,SAAS,gBAAgB;AAC5C,UAAM,EAAE,GAAG,IAAI;AACf,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,cAAc,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC/C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,QAAQ,aAAa,UAAU,YAAY;AAAA,IAC5D;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,UAAU,kBAAkB;AAAA,EACtG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,YAAY,SAAS,gBAAgB;AACnC,WAAO,oBAAoB,YAAY,KAAK,cAAc,SAAS,cAAc,CAAC;AAAA,EACpF;AAAA,EACA,MAAM,cAAc,SAAS,gBAAgB;AAC3C,UAAM,EAAE,IAAI,MAAM,MAAM,IAAI;AAC5B,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,cAAc,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC/C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,SAAS,kBAAkB;AAAA,EACrG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,kBAAkB,SAAS,gBAAgB;AACzC,WAAO,oBAAoB,YAAY,KAAK,oBAAoB,SAAS,cAAc,CAAC;AAAA,EAC1F;AAAA,EACA,MAAM,oBAAoB,SAAS,gBAAgB;AACjD,UAAM,EAAE,IAAI,UAAU,IAAI;AAC1B,UAAM,eAAe;AAAA,MACnB;AAAA,IACF;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,cAAc,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC/C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,2BAA2B;AAAA,EAC5G;AACF;AAGA,IAAI,iBAAiB,MAAM;AAAA,EACzB,YAAY,SAAS;AACnB,SAAK,WAAW,+BAA+B,OAAO;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,YAAY,UAAU,CAAC,GAAG,gBAAgB;AACxC,WAAO,oBAAoB,YAAY,KAAK,cAAc,SAAS,cAAc,CAAC;AAAA,EACpF;AAAA,EACA,MAAM,cAAc,UAAU,CAAC,GAAG,gBAAgB;AAChD,UAAM;AAAA,MACJ;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA;AAAA,IACF,IAAI;AACJ,UAAM,eAAe;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA,OAAO,SAAS,OAAO,QAAQ;AAAA,IACjC;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,YAAM,IAAI,aAAa;AAAA,QACrB,YAAY,UAAU,MAAM;AAAA,QAC5B,MAAM,UAAU,MAAM;AAAA,QACtB,aAAa,UAAU;AAAA,MACzB,CAAC;AAAA,IACH;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,aAAa;AAAA,EAC9F;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,aAAa,SAAS,gBAAgB;AACpC,WAAO,oBAAoB,YAAY,KAAK,eAAe,SAAS,cAAc,CAAC;AAAA,EACrF;AAAA,EACA,MAAM,eAAe,SAAS,gBAAgB;AAC5C,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,aAAa;AAAA,EAC/F;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,UAAU,SAAS,gBAAgB;AACjC,WAAO,oBAAoB,YAAY,KAAK,YAAY,SAAS,cAAc,CAAC;AAAA,EAClF;AAAA,EACA,MAAM,YAAY,SAAS,gBAAgB;AACzC,UAAM,EAAE,GAAG,IAAI;AACf,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,cAAc,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC/C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,kBAAkB;AAAA,EACnG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,aAAa,SAAS,gBAAgB;AACpC,WAAO,oBAAoB,YAAY,KAAK,eAAe,SAAS,cAAc,CAAC;AAAA,EACrF;AAAA,EACA,MAAM,eAAe,SAAS,gBAAgB;AAC5C,UAAM,EAAE,IAAI,MAAM,MAAM,IAAI;AAC5B,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,cAAc,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC/C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,kBAAkB;AAAA,EACnG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,aAAa,SAAS,gBAAgB;AACpC,WAAO,oBAAoB,YAAY,KAAK,eAAe,SAAS,cAAc,CAAC;AAAA,EACrF;AAAA,EACA,MAAM,eAAe,SAAS,gBAAgB;AAC5C,UAAM,EAAE,GAAG,IAAI;AACf,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,cAAc,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC/C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,QAAQ,aAAa,UAAU,YAAY;AAAA,IAC5D;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,UAAU,kBAAkB;AAAA,EACtG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,cAAc,SAAS,gBAAgB;AACrC,WAAO,oBAAoB,YAAY,KAAK,gBAAgB,SAAS,cAAc,CAAC;AAAA,EACtF;AAAA,EACA,MAAM,gBAAgB,SAAS,gBAAgB;AAC7C,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,oBAAoB;AAAA,EACtG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,kBAAkB,SAAS,gBAAgB;AACzC,WAAO,oBAAoB,YAAY,KAAK,oBAAoB,SAAS,cAAc,CAAC;AAAA,EAC1F;AAAA,EACA,MAAM,oBAAoB,SAAS,gBAAgB;AACjD,UAAM,EAAE,IAAI,UAAU,IAAI;AAC1B,UAAM,eAAe;AAAA,MACnB;AAAA,IACF;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,cAAc,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC/C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,2BAA2B;AAAA,EAC5G;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBA,SAAS,UAAU,CAAC,GAAG,gBAAgB;AACrC,WAAO,oBAAoB,YAAY,KAAK,WAAW,SAAS,cAAc,CAAC;AAAA,EACjF;AAAA,EACA,MAAM,WAAW,UAAU,CAAC,GAAG,gBAAgB;AAC7C,UAAM;AAAA,MACJ;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA;AAAA,IACF,IAAI;AACJ,UAAM,eAAe;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA,OAAO,SAAS,OAAO,QAAQ;AAAA,IACjC;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,YAAM,IAAI,aAAa;AAAA,QACrB,YAAY,UAAU,MAAM;AAAA,QAC5B,MAAM,UAAU,MAAM;AAAA,QACtB,aAAa,UAAU;AAAA,MACzB,CAAC;AAAA,IACH;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,UAAU;AAAA,EAC3F;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,UAAU,SAAS,gBAAgB;AACjC,WAAO,oBAAoB,YAAY,KAAK,YAAY,SAAS,cAAc,CAAC;AAAA,EAClF;AAAA,EACA,MAAM,YAAY,SAAS,gBAAgB;AACzC,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,UAAU;AAAA,EAC5F;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,OAAO,SAAS,gBAAgB;AAC9B,WAAO,oBAAoB,YAAY,KAAK,SAAS,SAAS,cAAc,CAAC;AAAA,EAC/E;AAAA,EACA,MAAM,SAAS,SAAS,gBAAgB;AACtC,UAAM,EAAE,GAAG,IAAI;AACf,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,WAAW,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC5C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,eAAe;AAAA,EAChG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,UAAU,SAAS,gBAAgB;AACjC,WAAO,oBAAoB,YAAY,KAAK,YAAY,SAAS,cAAc,CAAC;AAAA,EAClF;AAAA,EACA,MAAM,YAAY,SAAS,gBAAgB;AACzC,UAAM,EAAE,IAAI,MAAM,MAAM,IAAI;AAC5B,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,WAAW,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC5C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,eAAe;AAAA,EAChG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,UAAU,SAAS,gBAAgB;AACjC,WAAO,oBAAoB,YAAY,KAAK,YAAY,SAAS,cAAc,CAAC;AAAA,EAClF;AAAA,EACA,MAAM,YAAY,SAAS,gBAAgB;AACzC,UAAM,EAAE,GAAG,IAAI;AACf,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,WAAW,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC5C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,QAAQ,aAAa,UAAU,YAAY;AAAA,IAC5D;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,UAAU,eAAe;AAAA,EACnG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,WAAW,SAAS,gBAAgB;AAClC,WAAO,oBAAoB,YAAY,KAAK,aAAa,SAAS,cAAc,CAAC;AAAA,EACnF;AAAA,EACA,MAAM,aAAa,SAAS,gBAAgB;AAC1C,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,iBAAiB;AAAA,EACnG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,eAAe,SAAS,gBAAgB;AACtC,WAAO,oBAAoB,YAAY,KAAK,iBAAiB,SAAS,cAAc,CAAC;AAAA,EACvF;AAAA,EACA,MAAM,iBAAiB,SAAS,gBAAgB;AAC9C,UAAM,EAAE,IAAI,UAAU,IAAI;AAC1B,UAAM,eAAe;AAAA,MACnB;AAAA,IACF;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,WAAW,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC5C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,wBAAwB;AAAA,EACzG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,UAAU,UAAU,CAAC,GAAG,gBAAgB;AACtC,WAAO,oBAAoB,YAAY,KAAK,YAAY,SAAS,cAAc,CAAC;AAAA,EAClF;AAAA,EACA,MAAM,YAAY,UAAU,CAAC,GAAG,gBAAgB;AAC9C,UAAM,EAAE,YAAY,WAAW,OAAO,MAAM,OAAO,OAAO,OAAO,MAAM,OAAO,IAAI,QAAQ,MAAM,IAAI;AACpG,UAAM,eAAe;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA,OAAO,SAAS,OAAO,QAAQ;AAAA,IACjC;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,YAAM,IAAI,aAAa;AAAA,QACrB,YAAY,UAAU,MAAM;AAAA,QAC5B,MAAM,UAAU,MAAM;AAAA,QACtB,aAAa,UAAU;AAAA,MACzB,CAAC;AAAA,IACH;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,WAAW;AAAA,EAC5F;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,WAAW,SAAS,gBAAgB;AAClC,WAAO,oBAAoB,YAAY,KAAK,aAAa,SAAS,cAAc,CAAC;AAAA,EACnF;AAAA,EACA,MAAM,aAAa,SAAS,gBAAgB;AAC1C,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,WAAW;AAAA,EAC7F;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,QAAQ,SAAS,gBAAgB;AAC/B,WAAO,oBAAoB,YAAY,KAAK,UAAU,SAAS,cAAc,CAAC;AAAA,EAChF;AAAA,EACA,MAAM,UAAU,SAAS,gBAAgB;AACvC,UAAM,EAAE,GAAG,IAAI;AACf,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,YAAY,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC7C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,gBAAgB;AAAA,EACjG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,WAAW,SAAS,gBAAgB;AAClC,WAAO,oBAAoB,YAAY,KAAK,aAAa,SAAS,cAAc,CAAC;AAAA,EACnF;AAAA,EACA,MAAM,aAAa,SAAS,gBAAgB;AAC1C,UAAM,EAAE,IAAI,MAAM,MAAM,IAAI;AAC5B,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,YAAY,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC7C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,gBAAgB;AAAA,EACjG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,WAAW,SAAS,gBAAgB;AAClC,WAAO,oBAAoB,YAAY,KAAK,aAAa,SAAS,cAAc,CAAC;AAAA,EACnF;AAAA,EACA,MAAM,aAAa,SAAS,gBAAgB;AAC1C,UAAM,EAAE,GAAG,IAAI;AACf,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,YAAY,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC7C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,QAAQ,aAAa,UAAU,YAAY;AAAA,IAC5D;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,UAAU,gBAAgB;AAAA,EACpG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,YAAY,SAAS,gBAAgB;AACnC,WAAO,oBAAoB,YAAY,KAAK,cAAc,SAAS,cAAc,CAAC;AAAA,EACpF;AAAA,EACA,MAAM,cAAc,SAAS,gBAAgB;AAC3C,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,kBAAkB;AAAA,EACpG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,gBAAgB,SAAS,gBAAgB;AACvC,WAAO,oBAAoB,YAAY,KAAK,kBAAkB,SAAS,cAAc,CAAC;AAAA,EACxF;AAAA,EACA,MAAM,kBAAkB,SAAS,gBAAgB;AAC/C,UAAM,EAAE,IAAI,UAAU,IAAI;AAC1B,UAAM,eAAe;AAAA,MACnB;AAAA,IACF;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,YAAY,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC7C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,yBAAyB;AAAA,EAC1G;AACF;AAGA,IAAI,kBAAkB,MAAM;AAAA,EAC1B,YAAY,SAAS;AACnB,SAAK,WAAW,+BAA+B,OAAO;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,oBAAoB,gBAAgB;AAClC,WAAO,oBAAoB,YAAY,KAAK,sBAAsB,cAAc,CAAC;AAAA,EACnF;AAAA,EACA,MAAM,sBAAsB,gBAAgB;AAC1C,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,YAAM,IAAI,aAAa;AAAA,QACrB,YAAY,UAAU,MAAM;AAAA,QAC5B,MAAM,UAAU,MAAM;AAAA,QACtB,aAAa,UAAU;AAAA,MACzB,CAAC;AAAA,IACH;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,YAAY;AAAA,EAC7F;AAAA;AAAA;AAAA;AAAA,EAIA,cAAc,SAAS,gBAAgB;AACrC,WAAO,oBAAoB,YAAY,KAAK,gBAAgB,SAAS,cAAc,CAAC;AAAA,EACtF;AAAA,EACA,MAAM,gBAAgB,SAAS,gBAAgB;AAC7C,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,cAAc;AAAA,MACd,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO;AAAA,QACL,MAAM,IAAI,OAAO;AAAA,UACf,QAAQ,UAAU;AAAA,UAClB,OAAO,CAAC,SAAS;AAAA,UACjB,QAAQ,gBAAgB;AAAA,UACxB,YAAY;AAAA,YACV,MAAM;AAAA,UACR;AAAA,QACF,CAAC;AAAA,QACD,aAAa,UAAU;AAAA,MACzB;AAAA,IACF;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,kBAAkB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACzE,KAAK;AACH,gBAAM,IAAI,qBAAqB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QAC5E,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,qBAAqB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QAC5E;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,UAAU;AAAA,EAC5F;AAAA;AAAA;AAAA;AAAA,EAIA,YAAY,SAAS,gBAAgB;AACnC,WAAO,oBAAoB,YAAY,KAAK,cAAc,SAAS,cAAc,CAAC;AAAA,EACpF;AAAA,EACA,MAAM,cAAc,SAAS,gBAAgB;AAC3C,UAAM,EAAE,IAAI,GAAG,MAAM,IAAI;AACzB,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,gBAAgB,YAAY,gBAAgB,EAAE,CAAC;AAAA,MACjD;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,cAAc;AAAA,MACd,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO;AAAA,QACL,MAAM,IAAI,OAAO;AAAA,UACf,QAAQ,UAAU;AAAA,UAClB,OAAO,CAAC,SAAS;AAAA,UACjB,QAAQ,gBAAgB;AAAA,UACxB,YAAY;AAAA,YACV,MAAM;AAAA,UACR;AAAA,QACF,CAAC;AAAA,QACD,aAAa,UAAU;AAAA,MACzB;AAAA,IACF;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,kBAAkB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACzE,KAAK;AACH,gBAAM,IAAI,qBAAqB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QAC5E,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE,KAAK;AACH,gBAAM,IAAI,qBAAqB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QAC5E,KAAK;AACH,gBAAM,IAAI,qBAAqB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QAC5E;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,wBAAwB;AAAA,EAC1G;AAAA;AAAA;AAAA;AAAA,EAIA,aAAa,SAAS,gBAAgB;AACpC,WAAO,oBAAoB,YAAY,KAAK,eAAe,SAAS,cAAc,CAAC;AAAA,EACrF;AAAA,EACA,MAAM,eAAe,SAAS,gBAAgB;AAC5C,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,cAAc;AAAA,MACd,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO;AAAA,QACL,MAAM,IAAI,OAAO;AAAA,UACf,QAAQ,UAAU;AAAA,UAClB,OAAO,CAAC,SAAS;AAAA,UACjB,QAAQ,gBAAgB;AAAA,UACxB,YAAY;AAAA,YACV,MAAM;AAAA,UACR;AAAA,QACF,CAAC;AAAA,QACD,aAAa,UAAU;AAAA,MACzB;AAAA,IACF;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,kBAAkB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACzE,KAAK;AACH,gBAAM,IAAI,qBAAqB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QAC5E,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,qBAAqB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QAC5E,KAAK;AACH,gBAAM,IAAI,oBAAoB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QAC3E;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,SAAS;AAAA,EAC3F;AACF;AAGA,IAAI,gBAAgB,MAAM;AAAA,EACxB,YAAY,SAAS;AACnB,SAAK,WAAW,+BAA+B,OAAO;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,gBAAgB,UAAU,CAAC,GAAG,gBAAgB;AAC5C,WAAO,oBAAoB,YAAY,KAAK,kBAAkB,SAAS,cAAc,CAAC;AAAA,EACxF;AAAA,EACA,MAAM,kBAAkB,UAAU,CAAC,GAAG,gBAAgB;AACpD,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,oBAAoB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QAC3E;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,uBAAuB;AAAA,EACzG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,mBAAmB,UAAU,CAAC,GAAG,gBAAgB;AAC/C,WAAO,oBAAoB,YAAY,KAAK,qBAAqB,SAAS,cAAc,CAAC;AAAA,EAC3F;AAAA,EACA,MAAM,qBAAqB,UAAU,CAAC,GAAG,gBAAgB;AACvD,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,oBAAoB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QAC3E;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,0BAA0B;AAAA,EAC5G;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,kBAAkB,UAAU,CAAC,GAAG,gBAAgB;AAC9C,WAAO,oBAAoB,YAAY,KAAK,oBAAoB,SAAS,cAAc,CAAC;AAAA,EAC1F;AAAA,EACA,MAAM,oBAAoB,UAAU,CAAC,GAAG,gBAAgB;AACtD,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE,KAAK;AACH,gBAAM,IAAI,oBAAoB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QAC3E;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,mBAAmB;AAAA,EACrG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,YAAY,UAAU,CAAC,GAAG,gBAAgB;AACxC,WAAO,oBAAoB,YAAY,KAAK,cAAc,SAAS,cAAc,CAAC;AAAA,EACpF;AAAA,EACA,MAAM,cAAc,UAAU,CAAC,GAAG,gBAAgB;AAChD,UAAM,EAAE,MAAM,OAAO,UAAU,QAAQ,OAAO,UAAU,WAAW,OAAO,gBAAgB,OAAO,IAAI;AACrG,UAAM,eAAe;AAAA,MACnB,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,YAAM,IAAI,aAAa;AAAA,QACrB,YAAY,UAAU,MAAM;AAAA,QAC5B,MAAM,UAAU,MAAM;AAAA,QACtB,aAAa,UAAU;AAAA,MACzB,CAAC;AAAA,IACH;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,aAAa;AAAA,EAC9F;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAqBA,aAAa,SAAS,gBAAgB;AACpC,WAAO,oBAAoB,YAAY,KAAK,eAAe,SAAS,cAAc,CAAC;AAAA,EACrF;AAAA,EACA,MAAM,eAAe,SAAS,gBAAgB;AAC5C,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,aAAa;AAAA,EAC/F;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,UAAU,SAAS,gBAAgB;AACjC,WAAO,oBAAoB,YAAY,KAAK,YAAY,SAAS,cAAc,CAAC;AAAA,EAClF;AAAA,EACA,MAAM,YAAY,SAAS,gBAAgB;AACzC,UAAM,EAAE,GAAG,IAAI;AACf,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,cAAc,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC/C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,kBAAkB;AAAA,EACnG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,aAAa,SAAS,gBAAgB;AACpC,WAAO,oBAAoB,YAAY,KAAK,eAAe,SAAS,cAAc,CAAC;AAAA,EACrF;AAAA,EACA,MAAM,eAAe,SAAS,gBAAgB;AAC5C,UAAM,EAAE,IAAI,MAAM,MAAM,IAAI;AAC5B,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,cAAc,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC/C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,kBAAkB;AAAA,EACnG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,aAAa,SAAS,gBAAgB;AACpC,WAAO,oBAAoB,YAAY,KAAK,eAAe,SAAS,cAAc,CAAC;AAAA,EACrF;AAAA,EACA,MAAM,eAAe,SAAS,gBAAgB;AAC5C,UAAM,EAAE,GAAG,IAAI;AACf,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,cAAc,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC/C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,QAAQ,aAAa,UAAU,YAAY;AAAA,IAC5D;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,UAAU,kBAAkB;AAAA,EACtG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsBA,YAAY,SAAS,gBAAgB;AACnC,WAAO,oBAAoB,YAAY,KAAK,cAAc,SAAS,cAAc,CAAC;AAAA,EACpF;AAAA,EACA,MAAM,cAAc,SAAS,gBAAgB;AAC3C,UAAM,EAAE,IAAI,MAAM,MAAM,IAAI;AAC5B,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,cAAc,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC/C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,SAAS,kBAAkB;AAAA,EACrG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBA,cAAc,SAAS,gBAAgB;AACrC,WAAO,oBAAoB,YAAY,KAAK,gBAAgB,SAAS,cAAc,CAAC;AAAA,EACtF;AAAA,EACA,MAAM,gBAAgB,SAAS,gBAAgB;AAC7C,UAAM,EAAE,MAAM,OAAO,OAAO,OAAO,MAAM,OAAO,IAAI,QAAQ,WAAW,OAAO,gBAAgB,MAAM,IAAI;AACxG,UAAM,eAAe;AAAA,MACnB,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,OAAO,SAAS,OAAO,QAAQ;AAAA,IACjC;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,oBAAoB;AAAA,EACrG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,oBAAoB,SAAS,gBAAgB;AAC3C,WAAO,oBAAoB,YAAY,KAAK,sBAAsB,SAAS,cAAc,CAAC;AAAA,EAC5F;AAAA,EACA,MAAM,sBAAsB,SAAS,gBAAgB;AACnD,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,oBAAoB;AAAA,EACtG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,mBAAmB,SAAS,gBAAgB;AAC1C,WAAO,oBAAoB,YAAY,KAAK,qBAAqB,SAAS,cAAc,CAAC;AAAA,EAC3F;AAAA,EACA,MAAM,qBAAqB,SAAS,gBAAgB;AAClD,UAAM,EAAE,GAAG,IAAI;AACf,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,cAAc,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC/C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,4BAA4B;AAAA,EAC7G;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,kBAAkB,SAAS,gBAAgB;AACzC,WAAO,oBAAoB,YAAY,KAAK,oBAAoB,SAAS,cAAc,CAAC;AAAA,EAC1F;AAAA,EACA,MAAM,oBAAoB,SAAS,gBAAgB;AACjD,UAAM,EAAE,IAAI,UAAU,IAAI;AAC1B,UAAM,eAAe;AAAA,MACnB;AAAA,IACF;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,cAAc,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC/C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,2BAA2B;AAAA,EAC5G;AACF;AAGA,IAAI,gBAAgB,MAAM;AAAA,EACxB,YAAY,SAAS;AACnB,SAAK,WAAW,+BAA+B,OAAO;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,YAAY,UAAU,CAAC,GAAG,gBAAgB;AACxC,WAAO,oBAAoB,YAAY,KAAK,cAAc,SAAS,cAAc,CAAC;AAAA,EACpF;AAAA,EACA,MAAM,cAAc,UAAU,CAAC,GAAG,gBAAgB;AAChD,UAAM,EAAE,QAAQ,OAAO,SAAS,YAAY,WAAW,MAAM,IAAI;AACjE,UAAM,eAAe;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,YAAM,IAAI,aAAa;AAAA,QACrB,YAAY,UAAU,MAAM;AAAA,QAC5B,MAAM,UAAU,MAAM;AAAA,QACtB,aAAa,UAAU;AAAA,MACzB,CAAC;AAAA,IACH;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,aAAa;AAAA,EAC9F;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkCA,aAAa,SAAS,gBAAgB;AACpC,WAAO,oBAAoB,YAAY,KAAK,eAAe,SAAS,cAAc,CAAC;AAAA,EACrF;AAAA,EACA,MAAM,eAAe,SAAS,gBAAgB;AAC5C,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,aAAa;AAAA,EAC/F;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,UAAU,SAAS,gBAAgB;AACjC,WAAO,oBAAoB,YAAY,KAAK,YAAY,SAAS,cAAc,CAAC;AAAA,EAClF;AAAA,EACA,MAAM,YAAY,SAAS,gBAAgB;AACzC,UAAM,EAAE,GAAG,IAAI;AACf,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,cAAc,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC/C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,kBAAkB;AAAA,EACnG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAoBA,aAAa,SAAS,gBAAgB;AACpC,WAAO,oBAAoB,YAAY,KAAK,eAAe,SAAS,cAAc,CAAC;AAAA,EACrF;AAAA,EACA,MAAM,eAAe,SAAS,gBAAgB;AAC5C,UAAM,EAAE,IAAI,MAAM,MAAM,IAAI;AAC5B,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,cAAc,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC/C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,kBAAkB;AAAA,EACnG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,aAAa,SAAS,gBAAgB;AACpC,WAAO,oBAAoB,YAAY,KAAK,eAAe,SAAS,cAAc,CAAC;AAAA,EACrF;AAAA,EACA,MAAM,eAAe,SAAS,gBAAgB;AAC5C,UAAM,EAAE,GAAG,IAAI;AACf,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,cAAc,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC/C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,QAAQ,aAAa,UAAU,YAAY;AAAA,IAC5D;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,UAAU,kBAAkB;AAAA,EACtG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,kBAAkB,SAAS,gBAAgB;AACzC,WAAO,oBAAoB,YAAY,KAAK,oBAAoB,SAAS,cAAc,CAAC;AAAA,EAC1F;AAAA,EACA,MAAM,oBAAoB,SAAS,gBAAgB;AACjD,UAAM,EAAE,IAAI,UAAU,IAAI;AAC1B,UAAM,eAAe;AAAA,MACnB;AAAA,IACF;AACA,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF,cAAc,YAAY,gBAAgB,EAAE,CAAC;AAAA,MAC/C;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa,YAAY,aAAa,EAAE,QAAQ,YAAY,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MACjH,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,cAAc,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACrE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,OAAO,2BAA2B;AAAA,EAC5G;AACF;AAGA,IAAI,eAAe,MAAM;AAAA,EACvB,YAAY,SAAS;AACnB,SAAK,WAAW,+BAA+B,OAAO;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,QAAQ,SAAS,gBAAgB;AAC/B,WAAO,oBAAoB,YAAY,KAAK,UAAU,SAAS,cAAc,CAAC;AAAA,EAChF;AAAA,EACA,MAAM,UAAU,SAAS,gBAAgB;AACvC,UAAM,eAAe,MAAM,KAAK,SAAS,aAAa,eAAe;AACrE,UAAM,WAAW;AAAA,MACf,aAAa;AAAA,MACb,KAAK,UAAU;AAAA,MACf,gBAAgB;AAAA,IAClB;AACA,UAAM,YAAY,MAAM,QAAQ;AAAA,MAC9B,KAAK,YAAY;AAAA,QACf,MAAM,SAAS,IAAI,KAAK,SAAS,OAAO,KAAK,MAAM,SAAS,IAAI,KAAK,SAAS,WAAW;AAAA,QACzF;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa,YAAY,aAAa,EAAE,gBAAgB,gBAAgB,WAAW,EAAE,MAAM;AAAA,MAC3F,aAAa;AAAA,MACb,MAAM;AAAA,MACN,YAAY,gBAAgB,oBAAoB,KAAK,UAAU,oBAAoB,MAAM;AAAA,MACzF,YAAY,gBAAgB,cAAc,KAAK,UAAU;AAAA,MACzD,aAAa,gBAAgB;AAAA,MAC7B,SAAS,KAAK,UAAU;AAAA,MACxB,SAAS,KAAK,SAAS;AAAA,IACzB,CAAC;AACD,QAAI,UAAU,IAAI;AAChB,aAAO,EAAE,MAAM,UAAU,MAAM,aAAa,UAAU,YAAY;AAAA,IACpE;AACA,QAAI,UAAU,MAAM,WAAW,eAAe;AAC5C,cAAQ,UAAU,MAAM,YAAY;AAAA,QAClC,KAAK;AACH,gBAAM,IAAI,gBAAgB,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACvE,KAAK;AACH,gBAAM,IAAI,eAAe,UAAU,MAAM,MAAM,UAAU,WAAW;AAAA,QACtE;AACE,gBAAM,IAAI,aAAa;AAAA,YACrB,YAAY,UAAU,MAAM;AAAA,YAC5B,MAAM,UAAU,MAAM;AAAA,YACtB,aAAa,UAAU;AAAA,UACzB,CAAC;AAAA,MACL;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,OAAO,UAAU,aAAa,QAAQ,YAAY;AAAA,EAC9F;AACF;AAGA,IAAI,gBAAgB,MAAM;AAAA,EACxB,YAAY,SAAS;AACnB,SAAK,WAAW,+BAA+B,OAAO;AAAA,EACxD;AAAA,EACA,IAAI,OAAO;AACT,WAAO,KAAK,UAAU,KAAK,QAAQ,IAAI,WAAW,KAAK,QAAQ;AAAA,EACjE;AAAA,EACA,IAAI,WAAW;AACb,WAAO,KAAK,cAAc,KAAK,YAAY,IAAI,eAAe,KAAK,QAAQ;AAAA,EAC7E;AAAA,EACA,IAAI,YAAY;AACd,WAAO,KAAK,eAAe,KAAK,aAAa,IAAI,gBAAgB,KAAK,QAAQ;AAAA,EAChF;AAAA,EACA,IAAI,aAAa;AACf,WAAO,KAAK,gBAAgB,KAAK,cAAc,IAAI,iBAAiB,KAAK,QAAQ;AAAA,EACnF;AAAA,EACA,IAAI,UAAU;AACZ,WAAO,KAAK,aAAa,KAAK,WAAW,IAAI,cAAc,KAAK,QAAQ;AAAA,EAC1E;AAAA,EACA,IAAI,YAAY;AACd,WAAO,KAAK,eAAe,KAAK,aAAa,IAAI,gBAAgB,KAAK,QAAQ;AAAA,EAChF;AAAA,EACA,IAAI,UAAU;AACZ,WAAO,KAAK,aAAa,KAAK,WAAW,IAAI,cAAc,KAAK,QAAQ;AAAA,EAC1E;AAAA,EACA,IAAI,UAAU;AACZ,WAAO,KAAK,aAAa,KAAK,WAAW,IAAI,cAAc,KAAK,QAAQ;AAAA,EAC1E;AAAA,EACA,IAAI,SAAS;AACX,WAAO,KAAK,YAAY,KAAK,UAAU,IAAI,aAAa,KAAK,QAAQ;AAAA,EACvE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,MAAM,OAAO,MAAM,gBAAgB;AACvC,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,QACE,SAAS,KAAK,SAAS,WAAW,KAAK,SAAS;AAAA,QAChD,SAAS,KAAK,SAAS;AAAA,QACvB,kBAAkB,KAAK,SAAS;AAAA,QAChC,YAAY,KAAK,SAAS;AAAA,QAC1B,OAAO,KAAK,SAAS;AAAA,QACrB,SAAS,KAAK,SAAS;AAAA,QACvB,gBAAgB,aAAa,MAAM,KAAK,SAAS,aAAa,eAAe,GAAG;AAAA,MAClF;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;AAGA,IAAI;AAAA,CACH,CAAC,aAAa;AACb,WAAS,WAAW;AACpB,WAAS,gBAAgB;AAC3B,GAAG,YAAY,UAAU,CAAC,EAAE;;;ACj+Q5B,SAAS,SAAS;AEWlB,SAAS,KAAAC,UAAS;AFPlB,IAAM,gBAAgB;AAOtB,IAAM,wBAAwB,EAC3B,OAAO;EACN,UAAU,EAAE,QAAQ,EAAE,SAAS;EAC/B,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;EACrC,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;EACrC,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;EAC/B,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;EAC/B,SAAS,EAAE,OAAO,EAAE,SAAS;EAC7B,OAAO,EAAE,QAAQ,EAAE,SAAS;EAC5B,KAAK,EAAE,QAAQ,EAAE,SAAS;EAC1B,OAAO,EAAE,QAAQ,EAAE,SAAS;EAC5B,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;EAChC,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;EACtC,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;EACpC,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AACtC,CAAC,EACA,OAAO;AAKV,IAAM,oBAAoB,EACvB,OAAO;EACN,OAAO,EAAE,OAAO,EAAE,SAAS;EAC3B,QAAQ,EAAE,KAAK,CAAC,QAAQ,YAAY,UAAU,QAAQ,UAAU,CAAC,EAAE,SAAS;EAC5E,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;EACjC,SAAS,EAAE,OAAO,EAAE,SAAS;EAC7B,UAAU,EAAE,OAAO,EAAE,SAAS;;;;;EAK9B,cAAc,EAAE,QAAQ,EAAE,SAAS;AACrC,CAAC,EACA,OAAO;AAEV,IAAM,0BAA0B,EAC7B,OAAO;EACN,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC;EACzB,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;EAC3B,UAAU,EAAE,QAAQ,EAAE,SAAS;EAC/B,YAAY,EAAE,QAAQ,EAAE,SAAS;EACjC,YAAY,EAAE,QAAQ,EAAE,SAAS;EACjC,YAAY,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;EACzC,aAAa,EAAE,OAAO,EAAE,SAAS;;EAEjC,YAAY,sBAAsB,SAAS;EAC3C,aAAa,kBAAkB,SAAS;;;;;;EAMxC,WAAW,EAAE,QAAQ,EAAE,SAAS;;;;;;;EAOhC,gBAAgB,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;;;;EAI3C,aAAa,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;;;;EAIxC,eAAe,EAAE,KAAK,CAAC,UAAU,YAAY,QAAQ,OAAO,QAAQ,CAAC,EAAE,SAAS;EAChF,aAAa,EAAE,KAAK,CAAC,OAAO,MAAM,CAAC,EAAE,SAAS;AAChD,CAAC,EACA,OAAO,EACP,YAAY,CAAC,OAAO,QAAQ;AAC3B,QAAM,cAAc,MAAM,cAAc;AACxC,QAAM,aACJ,MAAM,mBAAmB,UACzB,MAAM,gBAAgB,UACtB,MAAM,kBAAkB,UACxB,MAAM,gBAAgB;AACxB,MAAI,eAAe,MAAM,mBAAmB,QAAW;AACrD,QAAI,SAAS;MACX,MAAM,EAAE,aAAa;MACrB,MAAM,CAAC,gBAAgB;MACvB,SAAS;IACX,CAAC;EACH;AACA,MAAI,eAAe,MAAM,kBAAkB,QAAW;AACpD,QAAI,SAAS;MACX,MAAM,EAAE,aAAa;MACrB,MAAM,CAAC,eAAe;MACtB,SACE;IACJ,CAAC;EACH;AACA,MAAI,CAAC,eAAe,YAAY;AAC9B,QAAI,SAAS;MACX,MAAM,EAAE,aAAa;MACrB,MAAM,CAAC,WAAW;MAClB,SACE;IACJ,CAAC;EACH;AACF,CAAC;AAMH,IAAM,6BAA6B,EAAE,MAAM;EACzC,EAAE,OAAO,EAAE,IAAI,CAAC;EAChB,EACG,OAAO;IACN,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;IAC3B,QAAQ,EAAE,QAAQ,EAAE,SAAS;;;;IAI7B,cAAc,EAAE,QAAQ,EAAE,SAAS;;;IAGnC,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;;;IAGnC,eAAe,EAAE,QAAQ,EAAE,SAAS;EACtC,CAAC,EACA,OAAO;AACZ,CAAC;AAID,IAAM,8BAA8B,EACjC,OAAO;EACN,cAAc,EAAE,QAAQ,EAAE,SAAS;AACrC,CAAC,EACA,OAAO;AAEV,IAAM,wBAAwB,EAC3B,OAAO;EACN,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC;EAC1B,aAAa,EAAE,OAAO,EAAE,IAAI,CAAC;EAC7B,aAAa,EAAE,OAAO,EAAE,SAAS;EACjC,WAAW,EAAE,KAAK,CAAC,UAAU,YAAY,MAAM,CAAC,EAAE,SAAS;EAC3D,QAAQ,EAAE,MAAM,uBAAuB,EAAE,QAAQ,CAAC,CAAC;EACnD,cAAc,EAAE,MAAM,0BAA0B,EAAE,IAAI,EAAE,EAAE,SAAS;;;;EAInE,iBAAiB,EAAE,MAAM,EAAE,KAAK,CAAC,UAAU,YAAY,QAAQ,OAAO,QAAQ,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,SAAS;;EAElG,cAAc,4BAA4B,SAAS;;EAEnD,QAAQ,EAAE,QAAQ,EAAE,SAAS;;;;EAI7B,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;EACnC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;EAClC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AACvC,CAAC,EACA,OAAO;AAEV,IAAM,+BAA+B,EAClC,OAAO;;;EAGN,gBAAgB,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC;;;;;;;;;;EAUhD,WAAW,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,SAAS;AAChF,CAAC,EACA,OAAO;AASV,IAAM,4BAA4B,EAC/B,OAAO;EACN,gBAAgB,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC;EAChD,WAAW,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,SAAS;AAChF,CAAC,EACA,OAAO;AAOV,IAAM,uBAAuB,EAAE,OAAO,EAAE,MAAM,yBAAyB,EAAE,IAAI,CAAC,CAAC;AAQ/E,IAAM,qBAAqB,EACxB,OAAO;EACN,MAAM,EAAE,KAAK,CAAC,QAAQ,OAAO,QAAQ,CAAC;EACtC,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC;EAC5B,aAAa,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;EACxC,UAAU,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE,SAAS;AAC3C,CAAC,EACA,OAAO;AAIH,IAAM,uBAAuB,EAAE,OAAO,kBAAkB;AAE/D,IAAM,kCAAkC,EACrC,OAAO;EACN,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC;EAC5B,aAAa,EAAE,OAAO,EAAE,IAAI,CAAC;AAC/B,CAAC,EACA,OAAO;AAEV,IAAM,4BAA4B,EAC/B,OAAO;EACN,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC;EAC1B,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC;EAC5B,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC;AAC9B,CAAC,EACA,OAAO;AAOV,IAAM,gBAAgB;AAEtB,SAAS,uBAAuB,OAAgB,KAA4B;AAC1E,QAAM,OAAO,CAAC,MAAeC,OAA2B,oBAAmC;AACzF,QAAI,OAAO,SAAS,UAAU;AAC5B,UAAI,CAAC,mBAAmB,cAAc,KAAK,IAAI,GAAG;AAChD,YAAI,SAAS;UACX,MAAM,EAAE,aAAa;UACrB,MAAAA;UACA,SACE;QACJ,CAAC;MACH;AACA;IACF;AACA,QAAI,MAAM,QAAQ,IAAI,GAAG;AACvB,WAAK,QAAQ,CAAC,GAAG,MAAM,KAAK,GAAG,CAAC,GAAGA,OAAM,CAAC,GAAG,eAAe,CAAC;AAC7D;IACF;AACA,QAAI,QAAQ,OAAO,SAAS,UAAU;AACpC,iBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,IAA+B,GAAG;AAGpE,cAAM,WACJ,mBAAoBA,MAAK,WAAW,KAAKA,MAAK,CAAC,MAAM,WAAW,MAAM;AACxE,aAAK,GAAG,CAAC,GAAGA,OAAM,CAAC,GAAG,QAAQ;MAChC;IACF;EACF;AACA,OAAK,OAAO,CAAC,GAAG,KAAK;AACvB;AAKA,IAAM,kBAAkB;AAExB,SAAS,yBAAyB,OAAgB,KAA4B;AAC5E,QAAM,WAAW,IAAI;IACnB,SAAS,OAAO,UAAU,YAAY,gBAAgB,SAAU,MAAmC,aAC/F,OAAO,KAAM,MAAkD,UAAU,IACzE,CAAC;EACP;AACA,QAAM,OAAO,CAAC,MAAeA,UAAoC;AAC/D,QAAI,OAAO,SAAS,UAAU;AAC5B,iBAAW,KAAK,KAAK,SAAS,eAAe,GAAG;AAC9C,YAAI,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,GAAG;AACvB,cAAI,SAAS;YACX,MAAM,EAAE,aAAa;YACrB,MAAAA;YACA,SAAS,oBAAoB,EAAE,CAAC,CAAC,sDAAiD,EAAE,CAAC,CAAC;UACxF,CAAC;QACH;MACF;AACA;IACF;AACA,QAAI,MAAM,QAAQ,IAAI,GAAG;AACvB,WAAK,QAAQ,CAAC,GAAG,MAAM,KAAK,GAAG,CAAC,GAAGA,OAAM,CAAC,CAAC,CAAC;IAC9C,WAAW,QAAQ,OAAO,SAAS,UAAU;AAE3C,iBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,IAA+B,GAAG;AACpE,YAAIA,MAAK,WAAW,KAAK,MAAM,aAAc;AAC7C,aAAK,GAAG,CAAC,GAAGA,OAAM,CAAC,CAAC;MACtB;IACF;EACF;AACA,OAAK,OAAO,CAAC,CAAC;AAChB;AAEO,IAAM,kBAAkB,EAC5B,OAAO;;EAEN,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC;EACtB,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC;EACzB,aAAa,EAAE,OAAO,EAAE,IAAI,CAAC;;EAE7B,WAAW,EAAE,OAAO,EAAE,MAAM,eAAe;IACzC,SACE;EACJ,CAAC;;EAED,aAAa,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;EACxC,SAAS,EAAE,MAAM,qBAAqB,EAAE,QAAQ,CAAC,CAAC;EAClD,eAAe;EACf,kBAAkB;EAClB,MAAM,EAAE,MAAM,yBAAyB,EAAE,SAAS;;EAElD,OAAO,qBAAqB,SAAS;;EAErC,YAAY,qBAAqB,SAAS;AAC5C,CAAC,EACA,OAAO,EACP,YAAY,CAAC,IAAI,QAAQ;AACxB,yBAAuB,IAAI,GAAG;AAC9B,2BAAyB,IAAI,GAAG;AAClC,CAAC;AA2BH,SAAS,gBAAgBA,OAA8C;AACrE,MAAI,MAAM;AACV,aAAW,OAAOA,OAAM;AACtB,QAAI,OAAO,QAAQ,SAAU,QAAO,IAAI,GAAG;QACtC,QAAO,IAAI,SAAS,IAAI,GAAG,KAAK;EACvC;AACA,SAAO,IAAI,SAAS,MAAM;AAC5B;AAGA,SAAS,kBAAkB,OAAqC;AAC9D,SAAO,MAAM,OAAO,IAAI,CAAC,OAAO,EAAE,MAAM,gBAAgB,EAAE,IAAI,GAAG,SAAS,EAAE,QAAQ,EAAE;AACxF;AAGA,SAAS,aAAa,QAAkC;AACtD,SAAO,OAAO,IAAI,CAAC,MAAM,YAAO,EAAE,IAAI,KAAK,EAAE,OAAO,EAAE,EAAE,KAAK,IAAI;AACnE;AAEO,IAAM,2BAAN,cAAuC,MAAM;;;;;;EAMzC;EACT,YAAY,SAAiB,SAA2B,CAAC,GAAG;AAC1D,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS;EAChB;AACF;AAQO,SAAS,eAAe,OAA2B;AACxD,QAAM,SAAS,gBAAgB,UAAU,KAAK;AAC9C,MAAI,CAAC,OAAO,SAAS;AACnB,UAAM,SAAS,kBAAkB,OAAO,KAAK;AAC7C,UAAM,IAAI,yBAAyB;EAAyB,aAAa,MAAM,CAAC,IAAI,MAAM;EAC5F;AACA,SAAO,OAAO;AAChB;AAoBO,SAAS,cAAc,WAA8B;AAC1D,SAAO,UAAU,eAAe,cAAS,UAAU,IAAI;AACzD;ACjbA,IAAM,oBAAoB;AAgBnB,SAAS,0BAA0B,OAA0B;AAClE,QAAM,QAAQ,oBAAI,IAAY;AAC9B,QAAM,OAAO,CAAC,SAAwB;AACpC,QAAI,OAAO,SAAS,UAAU;AAC5B,iBAAW,KAAK,KAAK,SAAS,iBAAiB,EAAG,OAAM,IAAI,EAAE,CAAC,CAAC;IAClE,WAAW,MAAM,QAAQ,IAAI,GAAG;AAC9B,WAAK,QAAQ,IAAI;IACnB,WAAW,QAAQ,OAAO,SAAS,UAAU;AAC3C,aAAO,OAAO,IAA+B,EAAE,QAAQ,IAAI;IAC7D;EACF;AACA,OAAK,KAAK;AACV,SAAO,CAAC,GAAG,KAAK;AAClB;ACrBA,IAAM,gBAAgB;AAMtB,IAAM,kBAAkBC,GACrB,OAAO;EACN,MAAMA,GAAE,KAAK,CAAC,UAAU,UAAU,SAAS,CAAC;EAC5C,UAAUA,GAAE,QAAQ,EAAE,SAAS;EAC/B,SAASA,GAAE,MAAM,CAACA,GAAE,OAAO,GAAGA,GAAE,OAAO,GAAGA,GAAE,QAAQ,CAAC,CAAC,EAAE,SAAS;EACjE,aAAaA,GAAE,OAAO,EAAE,SAAS;AACnC,CAAC,EACA,OAAO;AAGH,IAAM,mBAAmBA,GAAE,OAAO,eAAe;AAUjD,IAAM,sBAAN,cAAkC,MAAM;EACpC;EACT,YAAY,SAAiB,SAA2B,CAAC,GAAG;AAC1D,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS;EAChB;AACF;AAEA,SAASC,cAAa,QAAkC;AACtD,SAAO,OAAO,IAAI,CAAC,MAAM,YAAO,EAAE,IAAI,KAAK,EAAE,OAAO,EAAE,EAAE,KAAK,IAAI;AACnE;AAEA,SAAS,WAAW,GAAuD;AACzE,MAAI,OAAO,MAAM,SAAU,QAAO;AAClC,MAAI,OAAO,MAAM,SAAU,QAAO;AAClC,MAAI,OAAO,MAAM,UAAW,QAAO;AACnC,SAAO;AACT;AAUO,SAAS,aAAa,WAA2B;AACtD,MAAI,IAAI;AACR,WAAS,IAAI,GAAG,IAAI,UAAU,QAAQ,KAAK;AACzC,SAAK,UAAU,WAAW,CAAC;AAC3B,QAAI,KAAK,KAAK,GAAG,QAAU;EAC7B;AACA,UAAQ,MAAM,GAAG,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG;AAC/C;AAYA,IAAM,iBAAiB;AAOvB,IAAM,gBAAgB;AAEtB,IAAM,eAAe;AAarB,IAAM,sBAAsB,oBAAI,IAAI,CAAC,QAAQ,YAAY,CAAC;AAG1D,SAAS,WAAW,IAAY,MAAc,KAAiBC,OAAuC;AACpG,MAAI,OAAO,UAAU;AACnB,QAAI,EAAE,QAAQ,IAAI,WAAW;AAC3B,UAAI,OAAO,KAAK;QACd,MAAAA;QACA,SAAS,yBAAyB,IAAI;MACxC,CAAC;AACD,aAAO;IACT;AACA,QAAI,EAAE,QAAQ,IAAI,SAAS;AACzB,UAAI,OAAO,KAAK;QACd,MAAAA;QACA,SAAS,iBAAiB,IAAI,0CAAqC,IAAI;MACzE,CAAC;AACD,aAAO;IACT;AACA,WAAO,IAAI,OAAO,IAAI;EACxB;AACA,MAAI,OAAO,WAAW;AACpB,QAAI,SAAS,aAAa,SAAS,UAAU;AAC3C,UAAI,OAAO,KAAK;QACd,MAAAA;QACA,SAAS,6BAA6B,IAAI;MAC5C,CAAC;AACD,aAAO;IACT;AACA,QAAI,CAAC,IAAI,UAAU;AACjB,UAAI,OAAO,KAAK;QACd,MAAAA;QACA,SAAS,YAAY,IAAI;MAC3B,CAAC;AACD,aAAO;IACT;AACA,WAAO,IAAI,SAAS,IAAI;EAC1B;AACA,MAAI,OAAO,KAAK;IACd,MAAAA;IACA,SAAS,sBAAsB,EAAE,cAAc,EAAE,IAAI,IAAI;EAC3D,CAAC;AACD,SAAO;AACT;AAGA,SAAS,YAAY,KAAa,KAAiBA,OAAsB;AACvE,MAAI,MAAM;AACV,MAAI,OAAO;AACX,gBAAc,YAAY;AAC1B,MAAI;AACJ,UAAQ,IAAI,cAAc,KAAK,GAAG,OAAO,MAAM;AAC7C,WAAO,IAAI,MAAM,MAAM,EAAE,KAAK;AAC9B,QAAI,EAAE,CAAC,MAAM,QAAQ;AACnB,aAAO;IACT,WAAW,EAAE,CAAC,MAAM,SAAS,EAAE,CAAC,MAAM,QAAW;AAE/C,UAAI,OAAO,KAAK;QACd,MAAAA;QACA,SAAS;MACX,CAAC;IACH,OAAO;AACL,YAAM,SAAS,EAAE,CAAC,KAAK,IAAI,KAAK;AAChC,YAAM,MAAM,MAAM,MAAM,YAAY;AACpC,UAAI,CAAC,KAAK;AACR,YAAI,OAAO,KAAK;UACd,MAAAA;UACA,SAAS,6BAA6B,KAAK;QAC7C,CAAC;MACH,WAAW,oBAAoB,IAAI,IAAI,CAAC,CAAC,GAAG;AAC1C,eAAO,EAAE,CAAC;MACZ,OAAO;AACL,cAAM,IAAI,WAAW,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,KAAKA,KAAI;AAC9C,YAAI,MAAM,OAAW,QAAO,OAAO,CAAC;MACtC;IACF;AACA,WAAO,cAAc;EACvB;AACA,SAAO,IAAI,MAAM,IAAI;AACrB,SAAO;AACT;AAGA,SAAS,gBAAgB,KAAc,KAAiBA,OAAuB;AAC7E,MAAI,OAAO,QAAQ,UAAU;AAC3B,UAAM,QAAQ,IAAI,MAAM,cAAc;AACtC,QAAI,OAAO;AAET,UAAI,oBAAoB,IAAI,MAAM,CAAC,CAAC,EAAG,QAAO;AAI9C,YAAM,IAAI,WAAW,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,KAAKA,KAAI;AAClD,aAAO,MAAM,SAAY,MAAM;IACjC;AACA,WAAO,YAAY,KAAK,KAAKA,KAAI;EACnC;AACA,MAAI,MAAM,QAAQ,GAAG,GAAG;AACtB,WAAO,IAAI,IAAI,CAAC,GAAG,MAAM,gBAAgB,GAAG,KAAK,GAAGA,KAAI,IAAI,CAAC,GAAG,CAAC;EACnE;AACA,MAAI,QAAQ,QAAQ,OAAO,QAAQ,UAAU;AAC3C,UAAM,MAA+B,CAAC;AACtC,eAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,GAA8B,GAAG;AACnE,UAAI,CAAC,IAAI,gBAAgB,GAAG,KAAKA,QAAO,GAAGA,KAAI,IAAI,CAAC,KAAK,CAAC;IAC5D;AACA,WAAO;EACT;AACA,SAAO;AACT;AAGA,SAAS,OAAO,KAAc,MAAyB,MAAc,QAAmD;AACtH,QAAMA,QAAO,UAAU,IAAI;AAC3B,MAAI,SAAS,UAAU;AACrB,QAAI,OAAO,QAAQ,SAAU,QAAO;AACpC,QAAI,OAAO,QAAQ,YAAY,OAAO,QAAQ,UAAW,QAAO,OAAO,GAAG;AAC1E,WAAO,KAAK,EAAE,MAAAA,OAAM,SAAS,0BAA0B,CAAC;AACxD,WAAO;EACT;AACA,MAAI,SAAS,UAAU;AACrB,QAAI,OAAO,QAAQ,SAAU,QAAO;AACpC,QAAI,OAAO,QAAQ,UAAU;AAC3B,YAAM,IAAI,OAAO,IAAI,KAAK,CAAC;AAC3B,UAAI,IAAI,KAAK,MAAM,MAAM,OAAO,MAAM,CAAC,GAAG;AACxC,eAAO,KAAK,EAAE,MAAAA,OAAM,SAAS,2BAA2B,GAAG,IAAI,CAAC;AAChE,eAAO;MACT;AACA,aAAO;IACT;AACA,WAAO,KAAK,EAAE,MAAAA,OAAM,SAAS,oBAAoB,CAAC;AAClD,WAAO;EACT;AAEA,MAAI,OAAO,QAAQ,UAAW,QAAO;AACrC,MAAI,OAAO,QAAQ,UAAU;AAC3B,UAAM,IAAI,IAAI,KAAK,EAAE,YAAY;AACjC,QAAI,MAAM,OAAQ,QAAO;AACzB,QAAI,MAAM,QAAS,QAAO;AAC1B,WAAO,KAAK,EAAE,MAAAA,OAAM,SAAS,6CAA6C,GAAG,IAAI,CAAC;AAClF,WAAO;EACT;AACA,SAAO,KAAK,EAAE,MAAAA,OAAM,SAAS,qBAAqB,CAAC;AACnD,SAAO;AACT;AAGA,SAAS,cACP,UACA,UACA,QAC6B;AAC7B,QAAM,SAAsC,CAAC;AAG7C,aAAW,KAAK,OAAO,KAAK,QAAQ,GAAG;AACrC,QAAI,EAAE,KAAK,WAAW;AACpB,aAAO,KAAK,EAAE,MAAM,UAAU,CAAC,IAAI,SAAS,mBAAmB,CAAC,gCAAgC,CAAC;IACnG;EACF;AAEA,aAAW,CAAC,MAAM,IAAI,KAAK,OAAO,QAAQ,QAAQ,GAAG;AACnD,QAAI,QAAQ,UAAU;AACpB,YAAM,IAAI,OAAO,SAAS,IAAI,GAAG,KAAK,MAAM,MAAM,MAAM;AACxD,UAAI,MAAM,OAAW,QAAO,IAAI,IAAI;IACtC,WAAW,KAAK,YAAY,QAAW;AACrC,aAAO,IAAI,IAAI,KAAK;IACtB,WAAW,KAAK,UAAU;AACxB,aAAO,KAAK;QACV,MAAM,UAAU,IAAI;QACpB,SAAS,mBAAmB,IAAI,6BAA6B,IAAI;MACnE,CAAC;IACH;EAEF;AACA,SAAO;AACT;AAiBO,SAAS,uBAAuB,KAAc,WAAoC,CAAC,GAAY;AAGpG,MAAI,QAAQ,QAAQ,OAAO,QAAQ,YAAY,MAAM,QAAQ,GAAG,EAAG,QAAO;AAE1E,QAAM,SAA2B,CAAC;AAClC,QAAM,EAAE,QAAQ,WAAW,GAAG,KAAK,IAAI;AAGvC,MAAI,WAAuB,CAAC;AAC5B,MAAI,cAAc,QAAW;AAC3B,UAAM,SAAS,iBAAiB,UAAU,SAAS;AACnD,QAAI,CAAC,OAAO,SAAS;AACnB,iBAAW,KAAK,OAAO,MAAM,QAAQ;AACnC,cAAM,IAAI,EAAE,KAAK,SAAS,UAAU,EAAE,KAAK,KAAK,GAAG,CAAC,KAAK;AACzD,eAAO,KAAK,EAAE,MAAM,GAAG,SAAS,EAAE,QAAQ,CAAC;MAC7C;IACF,OAAO;AACL,iBAAW,OAAO;AAClB,iBAAW,CAAC,MAAM,IAAI,KAAK,OAAO,QAAQ,QAAQ,GAAG;AACnD,YAAI,CAAC,cAAc,KAAK,IAAI,GAAG;AAC7B,iBAAO,KAAK;YACV,MAAM,UAAU,IAAI;YACpB,SAAS,uBAAuB,IAAI;UACtC,CAAC;QACH;AACA,YAAI,KAAK,YAAY,UAAa,WAAW,KAAK,OAAO,MAAM,KAAK,MAAM;AACxE,iBAAO,KAAK;YACV,MAAM,UAAU,IAAI;YACpB,SAAS,gBAAgB,WAAW,KAAK,OAAO,CAAC,8BAA8B,KAAK,IAAI;UAC1F,CAAC;QACH;MACF;IACF;EACF;AAGA,MAAI;AACJ,QAAM,QAAS,KAAiC;AAChD,MAAI,OAAO,UAAU,YAAY,MAAM,SAAS,GAAG;AACjD,QAAI,MAAM,SAAS,KAAK,GAAG;AACzB,aAAO,KAAK;QACV,MAAM;QACN,SAAS;MACX,CAAC;IACH,OAAO;AACL,iBAAW,EAAE,SAAS,OAAO,QAAQ,aAAa,KAAK,EAAE;IAC3D;EACF;AAKA,QAAM,SAAS,cAAc,UAAU,UAAU,MAAM;AACvD,QAAM,MAAkB,EAAE,UAAU,QAAQ,UAAU,OAAO;AAC7D,QAAM,cAAc,gBAAgB,MAAM,KAAK,EAAE;AAEjD,MAAI,OAAO,QAAQ;AACjB,UAAM,IAAI,oBAAoB;EAA0CD,cAAa,MAAM,CAAC,IAAI,MAAM;EACxG;AACA,SAAO;AACT;ACjWA,IAAM,iBAA4B;EAChC,MAAM;EACN,SAAS;EACT,aAAa;EAEb,WAAW;EACX,aAAa;EAEb,SAAS;IACP;MACE,UAAU;MACV,aAAa;MACb,WAAW;;MACX,QAAQ;QACN;UACE,SAAS;UACT,WAAW;UACX,UAAU;UACV,YAAY;UACZ,YAAY,EAAE,WAAW,GAAG,WAAW,IAAI;UAC3C,aAAa,EAAE,OAAO,SAAS,QAAQ,QAAQ,OAAO,GAAG,SAAS,QAAQ,cAAc,KAAK;QAC/F;QACA;UACE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,aAAa;UACb,YAAY,EAAE,WAAW,IAAK;UAC9B,aAAa,EAAE,OAAO,eAAe,QAAQ,YAAY,OAAO,GAAG,SAAS,OAAO;QACrF;QACA;UACE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,YAAY,CAAC,QAAQ,eAAe,WAAW,MAAM;UACrD,aAAa,EAAE,OAAO,UAAU,QAAQ,UAAU,OAAO,GAAG,SAAS,WAAW;QAClF;QACA;UACE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,YAAY,CAAC,OAAO,UAAU,QAAQ,QAAQ;;;;UAI9C,aAAa,EAAE,OAAO,YAAY,QAAQ,UAAU,OAAO,GAAG,SAAS,WAAW;QACpF;QACA;UACE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,aAAa;UACb,aAAa,EAAE,OAAO,YAAY,QAAQ,QAAQ,OAAO,GAAG,SAAS,WAAW;QAClF;QACA;UACE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,aAAa;UACb,aAAa,EAAE,OAAO,WAAW,QAAQ,QAAQ,OAAO,GAAG,SAAS,WAAW;QACjF;QACA;UACE,SAAS;UACT,WAAW;UACX,aAAa;UACb,aAAa,EAAE,OAAO,YAAY,QAAQ,QAAQ,OAAO,GAAG,SAAS,WAAW;QAClF;QACA;UACE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,aAAa,EAAE,OAAO,QAAQ,OAAO,GAAG,SAAS,WAAW;QAC9D;;;;MAIF;;;;;;;;;;;;MAYA,cAAc,CAAC,WAAW,EAAE,WAAW,WAAW,cAAc,KAAK,CAAC;IACxE;EACF;;;EAIA,eAAe;IACb,gBAAgB,CAAC,aAAa,aAAa,aAAa,YAAY,WAAW;;;EAGjF;EAEA,kBAAkB;IAChB,YAAY;IACZ,aAAa;EACf;EAEA,MAAM;IACJ;MACE,UAAU;MACV,YAAY;MACZ,QAAQ;QACN,OAAO;QACP,aAAa;QACb,QAAQ;QACR,UAAU;QACV,SAAS;QACT,SAAS;MACX;IACF;EACF;AACF;AAEA,IAAO,0BAAQ;AC1Hf,IAAM,oBAA+B;EACnC,MAAM;EACN,SAAS;EACT,aACE;EAEF,WAAW;EACX,aAAa;EAEb,SAAS;IACP;;;;MAIE,UAAU;MACV,aAAa;MACb,WAAW;;MACX,QAAQ;QACN;UACE,SAAS;UACT,WAAW;UACX,UAAU;UACV,YAAY;UACZ,YAAY,EAAE,WAAW,GAAG,WAAW,IAAI;UAC3C,aAAa,EAAE,OAAO,SAAS,QAAQ,QAAQ,OAAO,GAAG,cAAc,KAAK;QAC9E;QACA;UACE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,aAAa;UACb,aAAa,EAAE,OAAO,aAAa,QAAQ,YAAY,OAAO,EAAE;QAClE;QACA;UACE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,aAAa;UACb,aAAa,EAAE,OAAO,aAAa,QAAQ,YAAY,OAAO,EAAE;QAClE;QACA;UACE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,YAAY,CAAC,YAAY,UAAU,YAAY;UAC/C,aAAa,EAAE,OAAO,UAAU,QAAQ,UAAU,OAAO,EAAE;QAC7D;QACA;UACE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,aAAa;UACb,aAAa,EAAE,OAAO,QAAQ,QAAQ,QAAQ,OAAO,EAAE;QACzD;QACA;UACE,SAAS;UACT,WAAW;UACX,aAAa;UACb,aAAa,EAAE,OAAO,cAAc,QAAQ,QAAQ,OAAO,EAAE;QAC/D;;;;MAIF;;;;;;;MAOA,cAAc,CAAC,QAAQ,UAAU,EAAE,WAAW,aAAa,cAAc,KAAK,CAAC;IACjF;IACA;;;MAGE,UAAU;MACV,aAAa;MACb,WAAW;MACX,QAAQ;QACN;UACE,SAAS;UACT,WAAW;UACX,UAAU;UACV,YAAY;UACZ,YAAY,EAAE,WAAW,GAAG,WAAW,IAAI;UAC3C,aAAa,EAAE,OAAO,QAAQ,QAAQ,QAAQ,OAAO,GAAG,cAAc,KAAK;QAC7E;QACA;UACE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,aAAa;UACb,aAAa,EAAE,OAAO,QAAQ,QAAQ,YAAY,OAAO,EAAE;QAC7D;QACA;UACE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,aAAa,EAAE,OAAO,QAAQ,QAAQ,QAAQ,OAAO,EAAE;QACzD;QACA;;;UAGE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,YAAY,CAAC,UAAU,SAAS;UAChC,aAAa,EAAE,OAAO,UAAU,QAAQ,UAAU,OAAO,EAAE;QAC7D;QACA;;;;;;;;UAQE,SAAS;UACT,WAAW;UACX,gBAAgB;UAChB,eAAe;UACf,aAAa;UACb,aAAa;UACb,aAAa,EAAE,OAAO,6BAA6B,OAAO,EAAE;QAC9D;QACA;UACE,SAAS;UACT,WAAW;UACX,aAAa;UACb,aAAa,EAAE,OAAO,cAAc,QAAQ,QAAQ,OAAO,EAAE;QAC/D;;MAEF;;;;;;;;;MASA,cAAc,CAAC,QAAQ,UAAU,yBAAyB,EAAE,WAAW,aAAa,cAAc,KAAK,CAAC;IAC1G;IACA;;;MAGE,UAAU;MACV,aAAa;MACb,WAAW;MACX,QAAQ;QACN;UACE,SAAS;UACT,WAAW;UACX,UAAU;UACV,YAAY;UACZ,YAAY,EAAE,WAAW,GAAG,WAAW,IAAI;UAC3C,aAAa,EAAE,OAAO,WAAW,QAAQ,YAAY,OAAO,GAAG,cAAc,KAAK;QACpF;QACA;UACE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,aAAa,EAAE,OAAO,SAAS,QAAQ,YAAY,OAAO,EAAE;QAC9D;QACA;UACE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,aAAa,EAAE,OAAO,OAAO,QAAQ,YAAY,OAAO,EAAE;QAC5D;QACA;UACE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,aAAa,EAAE,OAAO,QAAQ,QAAQ,QAAQ,OAAO,EAAE;QACzD;QACA;;;UAGE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,YAAY,CAAC,UAAU,SAAS;UAChC,aAAa,EAAE,OAAO,UAAU,QAAQ,UAAU,OAAO,EAAE;QAC7D;QACA;UACE,SAAS;UACT,WAAW;UACX,aAAa;UACb,aAAa,EAAE,OAAO,iBAAiB,QAAQ,QAAQ,OAAO,EAAE;QAClE;;MAEF;;;;MAIA,cAAc,CAAC,QAAQ,UAAU,EAAE,WAAW,gBAAgB,cAAc,KAAK,CAAC;IACpF;EACF;;;;;EAMA,eAAe;IACb,gBAAgB,CAAC,aAAa,aAAa,aAAa,YAAY,aAAa,aAAa;EAChG;EAEA,kBAAkB;IAChB,YAAY;IACZ,aAAa;EACf;EAEA,MAAM;IACJ;;;;MAIE,UAAU;MACV,YAAY;MACZ,QAAQ;QACN,OAAO;QACP,WACE;QACF,WACE;QACF,QAAQ;QACR,MAAM;QACN,WAAW;MACb;IACF;IACA;;;;MAIE,UAAU;MACV,YAAY;MACZ,QAAQ;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,QAAQ;QACR,uBAAuB;QACvB,WAAW;MACb;IACF;EACF;AACF;AAEA,IAAO,8BAAQ;AC5Pf,IAAM,cAAyB;EAC7B,MAAM;EACN,SAAS;EACT,aAAa;EAEb,WAAW;EACX,aAAa;EAEb,SAAS;IACP;MACE,UAAU;MACV,aAAa;MACb,WAAW;;MACX,QAAQ;QACN;UACE,SAAS;UACT,WAAW;UACX,UAAU;UACV,YAAY;UACZ,YAAY,EAAE,WAAW,GAAG,WAAW,IAAI;UAC3C,aAAa,EAAE,OAAO,SAAS,QAAQ,QAAQ,OAAO,GAAG,SAAS,QAAQ,cAAc,KAAK;QAC/F;QACA;UACE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,aAAa;UACb,YAAY,EAAE,WAAW,IAAM;UAC/B,aAAa,EAAE,OAAO,QAAQ,QAAQ,YAAY,OAAO,GAAG,SAAS,OAAO;QAC9E;QACA;UACE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,aAAa;UACb,aAAa,EAAE,OAAO,QAAQ,OAAO,GAAG,SAAS,WAAW;QAC9D;QACA;;;;UAIE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,YAAY,CAAC,WAAW,OAAO,WAAW,QAAQ,WAAW,OAAO;UACpE,aAAa;UACb,aAAa,EAAE,OAAO,UAAU,QAAQ,UAAU,OAAO,GAAG,SAAS,WAAW;QAClF;QACA;UACE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,YAAY,CAAC,UAAU,UAAU;UACjC,aAAa;UACb,aAAa,EAAE,OAAO,UAAU,QAAQ,UAAU,OAAO,GAAG,SAAS,WAAW;QAClF;QACA;UACE,SAAS;UACT,WAAW;UACX,aAAa;UACb,aAAa,EAAE,OAAO,YAAY,QAAQ,QAAQ,OAAO,GAAG,SAAS,WAAW;QAClF;;;;MAIF;;;;;;;;;;;;MAYA,cAAc;QACZ,EAAE,WAAW,UAAU,QAAQ,cAAc;QAC7C;QACA,EAAE,WAAW,cAAc,cAAc,KAAK;MAChD;IACF;EACF;;;;EAKA,eAAe;IACb,gBAAgB,CAAC,aAAa,aAAa,aAAa,YAAY,aAAa,aAAa;EAChG;EAEA,kBAAkB;IAChB,YAAY;IACZ,aAAa;EACf;EAEA,MAAM;IACJ;MACE,UAAU;MACV,YAAY;MACZ,QAAQ;QACN,OAAO;QACP,MAAM;QACN,MAAM,CAAC,iBAAiB;QACxB,QAAQ;QACR,QAAQ;QACR,YAAY;MACd;IACF;EACF;AACF;AAEA,IAAO,uBAAQ;ACxGf,IAAM,iBAA4B;EAChC,MAAM;EACN,SAAS;EACT,aACE;EAEF,WAAW;EACX,aAAa;EAEb,SAAS;IACP;MACE,UAAU;MACV,aAAa;MACb,WAAW;MACX,cAAc,EAAE,cAAc,KAAK;;MACnC,QAAQ;;QAEN;UACE,SAAS;UACT,WAAW;UACX,UAAU;UACV,aAAa;UACb,YAAY,EAAE,WAAW,GAAG,WAAW,GAAG;UAC1C,aAAa,EAAE,OAAO,WAAW,QAAQ,QAAQ,OAAO,GAAG,SAAS,UAAU,cAAc,KAAK;QACnG;QACA;UACE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,aAAa;UACb,YAAY,EAAE,WAAW,IAAK;UAC9B,aAAa,EAAE,OAAO,sBAAsB,QAAQ,YAAY,OAAO,GAAG,SAAS,SAAS;QAC9F;QACA;UACE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,aAAa;UACb,aAAa,EAAE,OAAO,WAAW,QAAQ,QAAQ,OAAO,GAAG,SAAS,SAAS;QAC/E;QACA;UACE,SAAS;UACT,WAAW;UACX,YAAY;UACZ,YAAY,CAAC,OAAO,aAAa,aAAa,QAAQ;UACtD,aAAa,EAAE,OAAO,UAAU,QAAQ,UAAU,OAAO,GAAG,SAAS,SAAS;QAChF;QACA;UACE,SAAS;UACT,WAAW;UACX,aAAa;UACb,aAAa,EAAE,OAAO,aAAa,QAAQ,QAAQ,OAAO,GAAG,SAAS,SAAS;QACjF;;QAGA;UACE,SAAS;UACT,WAAW;UACX,WAAW;UACX,aAAa;UACb,aAAa,EAAE,OAAO,eAAe,QAAQ,QAAQ,OAAO,IAAI,SAAS,eAAe;QAC1F;QACA;UACE,SAAS;UACT,WAAW;UACX,WAAW;UACX,aAAa;UACb,aAAa,EAAE,OAAO,iBAAiB,QAAQ,QAAQ,OAAO,IAAI,SAAS,eAAe;QAC5F;QACA;UACE,SAAS;UACT,WAAW;UACX,WAAW;UACX,aAAa;UACb,YAAY,EAAE,SAAS,yBAAyB;UAChD,aAAa,EAAE,OAAO,OAAO,QAAQ,QAAQ,OAAO,IAAI,SAAS,eAAe;QAClF;QACA;UACE,SAAS;UACT,WAAW;UACX,WAAW;UACX,aAAa;UACb,aAAa,EAAE,OAAO,iBAAiB,QAAQ,YAAY,OAAO,IAAI,SAAS,eAAe;QAChG;MACF;;;;;;;;;;;;;;;MAeA,cAAc;QACZ,EAAE,WAAW,UAAU,QAAQ,KAAK;QACpC;QACA;QACA;QACA,EAAE,WAAW,eAAe,cAAc,KAAK;MACjD;IACF;EACF;;;;EAKA,eAAe;IACb,gBAAgB,CAAC,aAAa,aAAa,aAAa,YAAY,WAAW;EACjF;EAEA,kBAAkB;IAChB,YAAY;IACZ,aAAa;EACf;EAEA,MAAM;IACJ;MACE,UAAU;MACV,YAAY;MACZ,QAAQ;QACN,QAAQ;QACR,mBAAmB;QACnB,SAAS;QACT,QAAQ;QACR,aAAa;;QAEb,YAAY;QACZ,aAAa;QACb,KAAK;QACL,cACE;MACJ;IACF;EACF;AACF;AAEA,IAAO,0BAAQ;ACzHR,IAAM,qBAA2C;EACtD;EACA;EACA;EACA;AACF;AAGO,IAAM,kBAAqC,mBAAmB,IAAI,CAAC,MAAM,EAAE,IAAI;AAG/E,SAAS,aAAa,MAAqC;AAChE,SAAO,mBAAmB,KAAK,CAAC,MAAM,EAAE,SAAS,IAAI;AACvD;;;ACzDA,OAAO,UAA2B;AAY3B,SAASE,cAAa,MAAkB,CAAC,GAAW;AACzD,QAAM,eAAe,IAAI,SAAS,QAAQ,IAAI,sBAAsB;AAEpE,SAAO;AAAA,IACL;AAAA,MACE,OAAO,eAAe,UAAU;AAAA,MAChC,MAAM,EAAE,WAAW,kBAAkB;AAAA,MACrC,WAAW,KAAK,iBAAiB;AAAA,IACnC;AAAA,IACA,KAAK,YAAY,CAAC;AAAA,EACpB;AACF;;;ACRA,IAAM,oBAAoB;AAC1B,IAAM,sBAAsB;AAGrB,IAAM,wBAAwB;AAG9B,IAAM,sBAAN,cAAkC,MAAM;AAAA,EAC7C,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO;AAAA,EACd;AACF;AAaA,SAAS,eAAe,UAA2B;AACjD,QAAM,IAAI,SAAS,YAAY;AAC/B,SAAO,MAAM,eAAe,MAAM,eAAe,MAAM,SAAS,MAAM;AACxE;AAEA,SAAS,wBAAiC;AACxC,QAAM,KAAK,QAAQ,IAAI,qBAAqB,KAAK,IAAI,YAAY;AACjE,SAAO,MAAM,OAAO,MAAM,UAAU,MAAM;AAC5C;AAEA,SAAS,YAAY,KAAmB;AACtC,UAAQ,OAAO,MAAM,GAAG,GAAG;AAAA,CAAI;AACjC;AAMO,SAAS,gBAAgB,QAAgB,OAA+B,CAAC,GAAW;AACzF,MAAI;AACJ,MAAI;AACF,UAAM,IAAI,IAAI,MAAM;AAAA,EACtB,QAAQ;AACN,UAAM,IAAI;AAAA,MACR,oBAAoB,KAAK,UAAU,MAAM,CAAC;AAAA,IAE5C;AAAA,EACF;AAEA,QAAM,gBAAgB,KAAK,iBAAiB,sBAAsB;AAClE,QAAM,SAAS,IAAI;AAGnB,QAAM,OAAO,IAAI,SAAS,YAAY,EAAE,QAAQ,OAAO,EAAE;AACzD,QAAM,WAAW,eAAe,IAAI;AAIpC,MAAI,eAAe;AACjB,QAAI,WAAW,YAAY,WAAW,SAAS;AAC7C,YAAM,IAAI;AAAA,QACR,kCAAkC,MAAM;AAAA,MAC1C;AAAA,IACF;AACA,KAAC,KAAK,QAAQ;AAAA,MACZ,YAAY,qBAAqB,mEACV,IAAI,IAAI;AAAA,IAGjC;AACA,WAAO;AAAA,EACT;AAGA,MAAI,WAAW,SAAS;AACtB,QAAI,CAAC,UAAU;AACb,YAAM,IAAI;AAAA,QACR,6DAA6D,IAAI,IAAI,2BAC3C,qBAAqB;AAAA,MACjD;AAAA,IACF;AACA,WAAO;AAAA,EACT;AACA,MAAI,WAAW,UAAU;AACvB,UAAM,IAAI;AAAA,MACR,kCAAkC,MAAM;AAAA,IAC1C;AAAA,EACF;AAGA,MAAI,SAAU,QAAO;AACrB,MAAI,SAAS,qBAAqB,KAAK,SAAS,mBAAmB,GAAG;AACpE,WAAO;AAAA,EACT;AAEA,QAAM,IAAI;AAAA,IACR,2BAA2B,IAAI,IAAI,gGACI,qBAAqB;AAAA,EAE9D;AACF;;;AClHO,IAAM,gBAAwC;AAAA,EACnD,YAAY;AAAA;AAAA;AAAA,EAGZ,SAAS;AACX;AAWO,SAAS,aAAa,KAAa,UAA2B;AACnE,SAAO,gBAAgB,YAAY,cAAc,GAAG,CAAC;AACvD;;;ACHO,IAAM,2BAA2B;AACjC,IAAM,oBAAoB;AAG1B,IAAM,6BAA6B;AAuCnC,IAAM,kBAAN,cAA8B,MAAM;AAAA,EAChC;AAAA,EACT,YAAY,SAAiB,YAAqB;AAChD,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,aAAa;AAAA,EACpB;AACF;AAGO,SAAS,gBAAgB,iBAAiB,OAAe;AAC9D,SAAO,iBAAiB,oBAAoB;AAC9C;AAOA,eAAe,aACb,KACA,cACA,WACA,WACA,YAAwC,MAAM,IACxB;AACtB,MAAI;AACJ,MAAI;AACF,UAAM,MAAM,UAAU,KAAK;AAAA,MACzB,QAAQ;AAAA,MACR,SAAS,EAAE,eAAe,UAAU,YAAY,GAAG;AAAA,IACrD,CAAC;AAAA,EACH,SAAS,KAAK;AACZ,UAAM,IAAI;AAAA,MACR,yBAAyB,SAAS,YAAY,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA,IAChG;AAAA,EACF;AAEA,MAAI,CAAC,IAAI,IAAI;AACX,UAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,MAAM,EAAE;AAC5C,UAAM,OAAO,UAAU,IAAI,MAAM;AACjC,UAAM,IAAI;AAAA,MACR,2BAA2B,IAAI,MAAM,SAAS,SAAS,GAAG,IAAI,GAAG,OAAO,WAAM,IAAI,KAAK,EAAE;AAAA,MACzF,IAAI;AAAA,IACN;AAAA,EACF;AAEA,MAAI;AACJ,MAAI;AACF,aAAU,MAAM,IAAI,KAAK;AAAA,EAC3B,QAAQ;AACN,UAAM,IAAI,gBAAgB,4CAA4C,SAAS,EAAE;AAAA,EACnF;AAEA,QAAM,QAAQ,OAAO,OAAO,UAAU,WAAW,OAAO,QAAQ;AAChE,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,gBAAgB,4BAA4B,SAAS,uBAAuB;AAAA,EACxF;AACA,MAAI,CAAC,MAAM,WAAW,KAAK,GAAG;AAC5B,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA,WAAW,OAAO,OAAO,cAAc,WAAW,OAAO,YAAY;AAAA,EACvE;AACF;AAaA,eAAsB,gBAAgB,MAA+C;AACnF,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,aAAa;AAAA,IACb,SAAS;AAAA,IACT,iBAAiB;AAAA,IACjB,YAAY;AAAA,EACd,IAAI;AAEJ,QAAM,OAAO,WAAW,QAAQ,OAAO,EAAE;AACzC,QAAMC,QAAO,gBAAgB,cAAc;AAC3C,QAAM,MAAM,GAAG,IAAI,GAAGA,KAAI,QAAQ,mBAAmB,OAAO,UAAU,CAAC,CAAC,WAAW,mBAAmB,MAAM,CAAC;AAE7G,SAAO;AAAA,IAAa;AAAA,IAAK;AAAA,IAAc;AAAA,IAAWA;AAAA,IAAM,CAAC,WACvD,WAAW,OAAO,CAAC,iBACf,mBAAmB,wBAAwB,kGAE3C;AAAA,EACN;AACF;AAcA,eAAsB,iBAAiB,MAAqD;AAC1F,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA,aAAa;AAAA,IACb,SAAS;AAAA,IACT,YAAY;AAAA,EACd,IAAI;AAEJ,QAAM,OAAO,WAAW,QAAQ,OAAO,EAAE;AACzC,QAAM,MACJ,GAAG,IAAI,GAAG,iBAAiB,QAAQ,mBAAmB,OAAO,UAAU,CAAC,CAAC,WAC9D,mBAAmB,MAAM,CAAC,YAAY,mBAAmB,SAAS,CAAC;AAEhF,SAAO,aAAa,KAAK,cAAc,WAAW,GAAG,iBAAiB,YAAY,SAAS,EAAE;AAC/F;;;AC1KO,SAAS,kBACd,aACsC;AACtC,MAAI,CAAC,YAAa,QAAO;AACzB,MAAI,YAAY,SAAS,SAAS,EAAG,QAAO;AAC5C,MAAI,YAAY,SAAS,gBAAgB,EAAG,QAAO;AACnD,SAAO;AACT;AAEO,SAAS,oBACd,QACiD;AACjD,MAAI,CAAC,OAAQ,QAAO;AACpB,QAAM,SAAS,OAAO,MAAM,GAAG,EAAE,CAAC;AAClC,MAAI,WAAW,KAAM,QAAO;AAC5B,MAAI,WAAW,MAAO,QAAO;AAC7B,MAAI,WAAW,KAAM,QAAO;AAC5B,SAAO;AACT;AAkBA,eAAsB,gBAAgB;AAAA,EACpC;AAAA,EACA;AAAA,EACA;AACF,GAA+C;AAC7C,QAAM,UAAyB;AAAA,IAC7B,QAAQ;AAAA,IACR,aAAa,kBAAkB,WAAW;AAAA,IAC1C,eAAe,oBAAoB,MAAM;AAAA,EAC3C;AAEA,MAAI,CAAC,UAAU,CAAC,aAAa;AAC3B,QAAI,MAAM,EAAE,WAAW,YAAY,MAAM,eAAe,GAAG,6BAA6B;AACxF,WAAO;AAAA,EACT;AAEA,QAAM,MAAM,GAAG,YAAY,QAAQ,OAAO,EAAE,CAAC;AAC7C,QAAM,MAAM,MAAM,MAAM,KAAK;AAAA,IAC3B,SAAS,EAAE,eAAe,UAAU,MAAM,GAAG;AAAA,EAC/C,CAAC;AAED,MAAI,CAAC,IAAI,IAAI;AACX,UAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,MAAM,EAAE;AAC5C,UAAM,IAAI,IAAI,MAAM,QAAQ,IAAI,MAAM,KAAK,QAAQ,IAAI,UAAU,EAAE;AAGnE,MAAE,aAAa,IAAI;AACnB,UAAM;AAAA,EACR;AAIA,MAAI,WAAoC,CAAC;AACzC,QAAM,UAAU,MAAM,IAAI,KAAK;AAC/B,MAAI,QAAQ,KAAK,EAAE,SAAS,GAAG;AAC7B,QAAI;AACF,iBAAW,KAAK,MAAM,OAAO;AAAA,IAC/B,QAAQ;AACN,UAAI;AAAA,QACF,EAAE,WAAW,YAAY,YAAY,QAAQ,OAAO;AAAA,QACpD;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAIA,QAAM,SAAwB,EAAE,GAAG,SAAS,GAAG,UAAU,QAAQ,KAAK;AAEtE,MAAI;AAAA,IACF;AAAA,MACE,WAAW;AAAA,MACX,MAAM,QAAQ,KAAK,EAAE,SAAS,IAAI,aAAa;AAAA,MAC/C,QAAQ,OAAO,KAAK,MAAM;AAAA,IAC5B;AAAA,IACA;AAAA,EACF;AAEA,SAAO;AACT;;;ACrHA,SAAS,OAAO,UAAU,WAAW,UAAU;AAC/C,SAAS,eAAe;AACxB,SAAS,QAAAC,aAAY;;;ACPrB,SAAS,YAAY,mBAAmB;;;ACkBxC,IAAM,UAAoE;AAAA,EACxE,SAAS,EAAE,cAAc,6BAA6B,QAAQ,YAAY;AAAA,EAC1E,YAAY,EAAE,cAAc,qBAAqB,QAAQ,YAAY;AACvE;AAUA,IAAM,mBAAoD;AAAA,EACxD,SAAS;AAAA;AAAA,EACT,YAAY;AAAA;AACd;AAGO,IAAM,8BAAN,cAA0C,MAAM;AAAA,EACrD,YAAY,KAAa;AACvB;AAAA,MACE,6BAA6B,GAAG;AAAA,IAGlC;AACA,SAAK,OAAO;AAAA,EACd;AACF;AAGO,SAAS,qBAAqB,KAA4B;AAC/D,QAAM,MAAM,QAAQ,GAAG;AACvB,QAAM,SAAS,QAAQ,IAAI,0BAA0B,IAAI;AACzD,QAAM,SACJ,QAAQ,IAAI,0BAA0B,WAAW,IAAI,YAAY,SAAS,MAAM;AAClF,QAAM,WAAW,QAAQ,IAAI,6BAA6B,iBAAiB,GAAG;AAC9E,MAAI,CAAC,SAAU,OAAM,IAAI,4BAA4B,GAAG;AACxD,SAAO,EAAE,QAAQ,OAAO,QAAQ,OAAO,EAAE,GAAG,UAAU,OAAO;AAC/D;AAGO,IAAM,iBAAiB,CAAC,MAAM,MAAM,IAAI;AAGxC,IAAM,eAAe,CAAC,UAAU,SAAS,SAAS;AAGlD,SAAS,eAAe,MAAsB;AACnD,SAAO,oBAAoB,IAAI;AACjC;;;AD/DA,SAAS,UAAU,KAAqB;AACtC,SAAO,IAAI,SAAS,QAAQ,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,EAAE;AACzF;AAUO,SAAS,eAAyB;AACvC,QAAM,WAAW,UAAU,YAAY,EAAE,CAAC;AAC1C,QAAM,YAAY,UAAU,WAAW,QAAQ,EAAE,OAAO,QAAQ,EAAE,OAAO,CAAC;AAC1E,SAAO,EAAE,UAAU,UAAU;AAC/B;AAGO,SAAS,gBAAwB;AACtC,SAAO,UAAU,YAAY,EAAE,CAAC;AAClC;AAGO,SAAS,kBACd,QACA,QACQ;AACR,QAAM,IAAI,IAAI,gBAAgB;AAAA,IAC5B,eAAe;AAAA,IACf,WAAW,OAAO;AAAA,IAClB,cAAc,OAAO;AAAA,IACrB,OAAO,aAAa,KAAK,GAAG;AAAA,IAC5B,OAAO,OAAO;AAAA,IACd,gBAAgB,OAAO;AAAA,IACvB,uBAAuB;AAAA,EACzB,CAAC;AACD,SAAO,GAAG,OAAO,MAAM,qBAAqB,EAAE,SAAS,CAAC;AAC1D;AAGO,SAAS,cAAc,QAA+B;AAC3D,SAAO,GAAG,OAAO,MAAM;AACzB;AAGO,SAAS,sBACd,QACA,QACiB;AACjB,SAAO,IAAI,gBAAgB;AAAA,IACzB,YAAY;AAAA,IACZ,WAAW,OAAO;AAAA,IAClB,MAAM,OAAO;AAAA,IACb,cAAc,OAAO;AAAA,IACrB,eAAe,OAAO;AAAA,EACxB,CAAC;AACH;AAGO,SAAS,iBAAiB,QAAuB,cAAuC;AAC7F,SAAO,IAAI,gBAAgB;AAAA,IACzB,YAAY;AAAA,IACZ,WAAW,OAAO;AAAA,IAClB,eAAe;AAAA,EACjB,CAAC;AACH;AAUO,SAAS,cAAc,YAAoC;AAEhE,QAAM,MAAM,IAAI,IAAI,YAAY,kBAAkB;AAClD,SAAO;AAAA,IACL,MAAM,IAAI,aAAa,IAAI,MAAM,KAAK;AAAA,IACtC,OAAO,IAAI,aAAa,IAAI,OAAO,KAAK;AAAA,IACxC,OAAO,IAAI,aAAa,IAAI,OAAO,KAAK;AAAA,IACxC,kBAAkB,IAAI,aAAa,IAAI,mBAAmB,KAAK;AAAA,EACjE;AACF;;;ADjEA,IAAM,WAAW;AACjB,IAAM,YAAY;AAGX,SAAS,YAAY,SAA0B;AACpD,SAAOC,MAAK,WAAWA,MAAK,QAAQ,GAAG,QAAQ,GAAG,SAAS;AAC7D;AAGA,eAAsB,YAAY,SAAwB,SAAiC;AACzF,QAAM,MAAM,WAAWA,MAAK,QAAQ,GAAG,QAAQ;AAC/C,QAAM,MAAM,KAAK,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AACjD,QAAM,UAAU,YAAY,OAAO,GAAG,KAAK,UAAU,SAAS,MAAM,CAAC,GAAG,EAAE,UAAU,QAAQ,MAAM,IAAM,CAAC;AAC3G;AAGA,eAAsB,YAAY,SAAsD;AACtF,MAAI;AACJ,MAAI;AACF,UAAM,MAAM,SAAS,YAAY,OAAO,GAAG,MAAM;AAAA,EACnD,QAAQ;AACN,WAAO;AAAA,EACT;AACA,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,GAAG;AAG7B,UAAM,QAAQ,OAAO,QAAQ,aAAa,OAAO,QAAQ;AACzD,QAAI,OAAO,OAAO,iBAAiB,YAAY,OAAO;AACpD,aAAO,EAAE,KAAK,OAAO,KAAe,cAAc,OAAO,cAAc,YAAY,OAAO,WAAW;AAAA,IACvG;AAAA,EACF,QAAQ;AAAA,EAER;AACA,SAAO;AACT;AAGA,eAAsB,aAAa,SAAoC;AACrE,MAAI;AACF,UAAM,GAAG,YAAY,OAAO,CAAC;AAC7B,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAGA,eAAe,UACb,QACA,MACA,WACmB;AACnB,QAAM,MAAM,MAAM,UAAU,cAAc,MAAM,GAAG;AAAA,IACjD,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,IAC/D,MAAM,KAAK,SAAS;AAAA,EACtB,CAAC;AACD,QAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,MAAM,EAAE;AAC5C,MAAI,CAAC,IAAI,IAAI;AACX,UAAM,IAAI,MAAM,uBAAuB,IAAI,MAAM,GAAG,OAAO,WAAM,IAAI,KAAK,EAAE,EAAE;AAAA,EAChF;AACA,MAAI;AACF,WAAO,KAAK,MAAM,IAAI;AAAA,EACxB,QAAQ;AACN,UAAM,IAAI,MAAM,yCAAyC;AAAA,EAC3D;AACF;AAGA,eAAsB,aACpB,QACA,QACA,YAA0B,OACP;AACnB,SAAO,UAAU,QAAQ,sBAAsB,QAAQ,MAAM,GAAG,SAAS;AAC3E;AAGA,eAAsB,cACpB,QACA,cACA,YAA0B,OACP;AACnB,SAAO,UAAU,QAAQ,iBAAiB,QAAQ,YAAY,GAAG,SAAS;AAC5E;;;AGpFO,IAAM,oBAAoB;AAqD1B,IAAM,yBAAN,cAAqC,MAAM;AAAA,EAChD,cAAc;AACZ;AAAA,MACE,4BAA4B,iBAAiB;AAAA,IAE/C;AACA,SAAK,OAAO;AAAA,EACd;AACF;AAOO,SAAS,wBAAwB,UAAuC;AAC7E,MAAI,YAAY,SAAS,KAAK,EAAG,QAAO,SAAS,KAAK;AACtD,QAAM,UAAU,QAAQ,IAAI,iBAAiB;AAC7C,MAAI,WAAW,QAAQ,KAAK,EAAG,QAAO,QAAQ,KAAK;AACnD,SAAO;AACT;AASA,eAAsB,oBAAoB,KAAa,UAAoC;AACzF,QAAM,OAAO,wBAAwB,QAAQ;AAC7C,MAAI,KAAM,QAAO;AAEjB,QAAM,UAAU,MAAM,YAAY;AAClC,MAAI,WAAW,QAAQ,QAAQ,KAAK;AAClC,UAAM,SAAS,qBAAqB,GAAG;AACvC,UAAM,SAAS,MAAM,cAAc,QAAQ,QAAQ,YAAY;AAG/D,UAAM,SAAS,OAAO,YAAY,OAAO;AACzC,QAAI,OAAQ,QAAO;AAAA,EACrB;AACA,QAAM,IAAI,uBAAuB;AACnC;AAQA,eAAsB,mBAAmB,MAAgD;AACvF,QAAM,UAAU,aAAa,KAAK,KAAK,KAAK,WAAW,QAAQ,IAAI,oBAAoB;AACvF,QAAM,eAAe,MAAM,oBAAoB,KAAK,KAAK,KAAK,KAAK;AAQnE,QAAM,SAAS,KAAK,eAChB,MAAM,gBAAgB,EAAE,cAAc,YAAY,QAAQ,CAAC,IAC3D,MAAM,iBAAiB,EAAE,cAAc,YAAY,SAAS,WAAW,KAAK,WAAW,UAAU,CAAC;AAEtG,QAAM,SAAS,IAAI,cAAc,EAAE,OAAO,OAAO,OAAO,aAAa,QAAQ,CAAC;AAC9E,QAAM,WAAW,MAAM,gBAAgB,EAAE,KAAK,KAAK,KAAK,QAAQ,OAAO,OAAO,aAAa,QAAQ,CAAC;AAEpG,SAAO;AAAA,IACL;AAAA,IACA,QAAQ,OAAO;AAAA,IACf;AAAA,IACA;AAAA,IACA,KAAK,KAAK;AAAA,IACV;AAAA,IACA,UAAU,OAAO,SAAS,aAAa,WAAW,SAAS,WAAW;AAAA,EACxE;AACF;;;AC3IA,SAAS,YAAAC,iBAAgB;AACzB,SAAS,eAAe;AACxB,SAAS,SAAS,WAAW,sBAAsB;AAc5C,SAAS,cAAc,OAAwB;AACpD,SACE,MAAM,SAAS,GAAG,KAClB,MAAM,SAAS,IAAI,KACnB,MAAM,WAAW,IAAI,KACrB,MAAM,WAAW,KAAK,KACtB,mBAAmB,KAAK,KAAK;AAEjC;AAIA,SAAS,cAAc,KAAa,UAA2B;AAC7D,QAAM,MAAM,QAAQ,QAAQ,EAAE,YAAY;AAC1C,MAAI,QAAQ,WAAW,QAAQ,QAAQ;AACrC,QAAI;AACF,aAAO,UAAU,GAAG;AAAA,IACtB,SAAS,KAAK;AACZ,UAAI,eAAe,gBAAgB;AACjC,cAAM,IAAI,MAAM,iCAAiC,QAAQ,MAAM,IAAI,OAAO,EAAE;AAAA,MAC9E;AACA,YAAM;AAAA,IACR;AAAA,EACF;AACA,MAAI;AACF,WAAO,KAAK,MAAM,GAAG;AAAA,EACvB,SAAS,KAAK;AACZ,UAAM,IAAI;AAAA,MACR,mCAAmC,QAAQ,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA,IACnG;AAAA,EACF;AACF;AAcA,eAAsB,kBACpB,UACA,WAAoC,CAAC,GACjB;AACpB,MAAI;AACJ,MAAI;AACF,UAAM,MAAMC,UAAS,UAAU,MAAM;AAAA,EACvC,SAAS,KAAK;AACZ,UAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC3D,UAAM,IAAI,MAAM,+BAA+B,QAAQ,MAAM,GAAG,EAAE;AAAA,EACpE;AAEA,QAAM,SAAS,cAAc,KAAK,QAAQ;AAG1C,QAAM,WAAW,uBAAuB,QAAQ,QAAQ;AAExD,SAAO,eAAe,QAAQ;AAChC;AAOO,SAAS,cAAc,UAAqD;AACjF,QAAM,MAA8B,CAAC;AACrC,aAAW,KAAK,UAAU;AACxB,UAAM,KAAK,EAAE,QAAQ,GAAG;AACxB,QAAI,MAAM,GAAG;AACX,YAAM,IAAI,MAAM,kBAAkB,CAAC,uDAAuD;AAAA,IAC5F;AACA,QAAI,EAAE,MAAM,GAAG,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,CAAC;AAAA,EACtC;AACA,SAAO;AACT;AAOA,eAAsB,eAAe,UAAoD;AACvF,MAAI;AACJ,MAAI;AACF,UAAM,MAAMA,UAAS,UAAU,MAAM;AAAA,EACvC,SAAS,KAAK;AACZ,UAAM,IAAI,MAAM,8BAA8B,QAAQ,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC,EAAE;AAAA,EAChH;AACA,QAAM,SAAS,cAAc,KAAK,QAAQ;AAC1C,MAAI,WAAW,QAAQ,OAAO,WAAW,YAAY,MAAM,QAAQ,MAAM,GAAG;AAC1E,UAAM,IAAI,MAAM,kBAAkB,QAAQ,uCAAuC;AAAA,EACnF;AACA,SAAO;AACT;AAOA,eAAsB,iBACpB,UACA,YACkC;AAClC,QAAM,WAAoC,CAAC;AAC3C,MAAI,WAAY,QAAO,OAAO,UAAU,MAAM,eAAe,UAAU,CAAC;AACxE,SAAO,OAAO,UAAU,cAAc,QAAQ,CAAC;AAC/C,SAAO;AACT;;;ACnGO,IAAM,uBAAuB;AAAA,EAClC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAUO,IAAM,gCAAgC;AAAA,EAC3C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,YAAY,oBAAI,IAAI,CAAC,KAAK,KAAK,KAAK,GAAG,CAAC;AAE9C,IAAM,iBAAsC,IAAI,IAAI,oBAAoB;AACxE,IAAM,oBAAyC,IAAI,IAAI,6BAA6B;AAGpF,IAAM,iBAAiB,qBAAqB,KAAK,GAAG;AAwB7C,IAAM,iBAAN,cAA6B,MAAM;AAAA,EAC/B;AAAA,EACT,YAAY,UAA4B;AACtC,UAAM,UAAU,SAAS,IAAI,CAAC,MAAM,YAAO,EAAE,MAAM,KAAK,EAAE,MAAM,EAAE,EAAE,KAAK,IAAI;AAC7E;AAAA,MACE,uBAAuB,SAAS,MAAM,gFAEhC,cAAc;AAAA,EAAmC,OAAO;AAAA,IAChE;AACA,SAAK,OAAO;AACZ,SAAK,WAAW;AAAA,EAClB;AACF;AAQO,SAAS,mBAAmB,QAAuC;AACxE,QAAM,QAAQ,OAAO,KAAK;AAE1B,MAAI,MAAM,WAAW,GAAG;AACtB,WAAO,EAAE,QAAQ,QAAQ,oBAAoB;AAAA,EAC/C;AAGA,MAAI,UAAU,KAAK;AACjB,WAAO;AAAA,MACL;AAAA,MACA,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,QAAM,QAAQ,MAAM,MAAM,GAAG;AAC7B,QAAM,WAAW,MAAM,CAAC;AACxB,QAAM,MAAM,MAAM,CAAC;AAGnB,MAAI,MAAM,SAAS,KAAK,SAAS,WAAW,KAAK,QAAQ,UAAa,IAAI,WAAW,GAAG;AACtF,WAAO;AAAA,MACL;AAAA,MACA,QAAQ;AAAA,IACV;AAAA,EACF;AAGA,MAAI,CAAC,eAAe,IAAI,QAAQ,GAAG;AACjC,QAAI,kBAAkB,IAAI,QAAQ,GAAG;AACnC,aAAO;AAAA,QACL;AAAA,QACA,QACE,oCAAoC,QAAQ;AAAA,MAGhD;AAAA,IACF;AACA,WAAO;AAAA,MACL;AAAA,MACA,QACE,4CAA4C,QAAQ,oDACd,cAAc,UAAU,QAAQ;AAAA,IAE1E;AAAA,EACF;AAKA,MAAI,QAAQ,KAAK;AACf,WAAO;AAAA,EACT;AAIA,aAAW,MAAM,KAAK;AACpB,QAAI,CAAC,UAAU,IAAI,EAAE,GAAG;AACtB,aAAO;AAAA,QACL;AAAA,QACA,QAAQ,gCAAgC,EAAE;AAAA,MAC5C;AAAA,IACF;AAAA,EACF;AAGA,SAAO;AACT;AAQO,SAAS,kBAAkB,gBAAoD;AACpF,QAAM,WAAqB,CAAC;AAC5B,QAAM,WAA6B,CAAC;AACpC,aAAW,UAAU,gBAAgB;AACnC,UAAM,YAAY,mBAAmB,MAAM;AAC3C,QAAI,WAAW;AACb,eAAS,KAAK,SAAS;AAAA,IACzB,OAAO;AACL,eAAS,KAAK,MAAM;AAAA,IACtB;AAAA,EACF;AACA,SAAO,EAAE,IAAI,SAAS,WAAW,GAAG,UAAU,SAAS;AACzD;AAQO,SAAS,gBAAgB,gBAAyC;AACvE,QAAM,SAAS,kBAAkB,cAAc;AAC/C,MAAI,CAAC,OAAO,IAAI;AACd,UAAM,IAAI,eAAe,OAAO,QAAQ;AAAA,EAC1C;AACF;;;AC3NA,SAAS,YAAY,UAAU;AAC/B,OAAO,QAAQ;AACf,OAAO,UAAU;AACjB,SAAS,kBAAkB;AAGpB,SAAS,eAAeC,WAAkB,GAAG,QAAQ,GAAW;AACrE,SAAO,KAAK,KAAKA,UAAS,UAAU;AACtC;AAOA,eAAsB,iBAAiB,MAAc,eAAe,GAAoB;AACtF,QAAM,SAAS,KAAK,KAAK,KAAK,YAAY;AAC1C,MAAI;AACF,UAAM,YAAY,MAAM,GAAG,SAAS,QAAQ,MAAM,GAAG,KAAK;AAC1D,QAAI,SAAS,SAAS,EAAG,QAAO;AAAA,EAClC,QAAQ;AAAA,EAER;AACA,QAAM,KAAK,WAAW;AACtB,MAAI;AACF,UAAM,GAAG,MAAM,KAAK,EAAE,WAAW,KAAK,CAAC;AACvC,UAAM,GAAG,UAAU,QAAQ,GAAG,EAAE;AAAA,GAAM,EAAE,UAAU,QAAQ,MAAM,IAAM,CAAC;AACvE,WAAO;AAAA,EACT,QAAQ;AAEN,WAAO,GAAG,SAAS;AAAA,EACrB;AACF;AAMO,SAAS,WAAW,MAAc,WAA2B;AAClE,SAAO,GAAG,IAAI,IAAI,SAAS;AAC7B;AAkBO,SAAS,YAAY,MAAc,MAAc,eAAe,GAAW;AAChF,SAAO,KAAK,KAAK,KAAK,GAAG,IAAI,WAAW;AAC1C;AAGA,eAAsB,WACpB,MACA,QACA,MAAc,eAAe,GACZ;AACjB,QAAM,GAAG,MAAM,KAAK,EAAE,WAAW,KAAK,CAAC;AACvC,QAAM,UAAU,YAAY,MAAM,GAAG;AACrC,QAAM,GAAG,UAAU,SAAS,GAAG,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAAA,GAAM;AAAA,IAClE,UAAU;AAAA,IACV,MAAM;AAAA,EACR,CAAC;AACD,SAAO;AACT;AAOA,eAAsB,iBACpB,MACA,MAAc,eAAe,GACY;AACzC,MAAI;AACF,UAAM,OAAO,MAAM,GAAG,SAAS,YAAY,MAAM,GAAG,GAAG,MAAM,GAAG,KAAK;AACrE,QAAI,IAAI,WAAW,EAAG,QAAO;AAC7B,UAAM,SAAS,KAAK,MAAM,GAAG;AAC7B,QAAI,OAAO,OAAO,WAAW,YAAY,OAAO,OAAO,UAAU,UAAU;AACzE,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;ACqIO,IAAM,eAAN,cAA2B,MAAM;AAAA,EACtC,YAA4B,SAAiB;AAC3C;AAAA,MACE,eAAe,OAAO;AAAA,IAGxB;AAL0B;AAM1B,SAAK,OAAO;AAAA,EACd;AAAA,EAP4B;AAQ9B;AAGA,SAAS,cAAc,YAAyE;AAC9F,MAAI,CAAC,WAAY,QAAO;AACxB,SAAO,WAAW,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE;AAC9C;AAIA,SAAS,YAAY,WAAsB,aAAoC;AAC7E,SAAO,UAAU,QAAQ,WAAW,EAAE,OAAO,IAAI,CAAC,OAAO;AAAA,IACvD,SAAS,EAAE;AAAA;AAAA;AAAA;AAAA,IAIX,WAAW,EAAE;AAAA,IACb,UAAU,EAAE;AAAA,IACZ,YAAY,EAAE;AAAA,IACd,YAAY,EAAE;AAAA,IACd,aAAa,EAAE;AAAA,IACf,YAAY,cAAc,EAAE,UAAU;AAAA;AAAA;AAAA;AAAA;AAAA,IAKtC,YAAY,EAAE;AAAA;AAAA;AAAA;AAAA;AAAA,IAKd,WAAW,EAAE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOb,gBAAgB,EAAE;AAAA,IAClB,aAAa,EAAE;AAAA,IACf,eAAe,EAAE;AAAA,IACjB,aAAa,EAAE;AAAA,EACjB,EAAE;AACJ;AAWA,SAAS,aACP,cAC4B;AAC5B,SAAO,cAAc,IAAI,CAAC,OAAO;AAC/B,QAAI,OAAO,OAAO,SAAU,QAAO,EAAE,WAAW,GAAG;AAGnD,UAAM,MAAoB,EAAE,WAAW,GAAG,UAAU;AACpD,QAAI,GAAG,WAAW,OAAW,KAAI,SAAS,GAAG;AAC7C,QAAI,GAAG,iBAAiB,OAAW,KAAI,eAAe,GAAG;AACzD,QAAI,GAAG,WAAW,OAAW,KAAI,SAAS,GAAG;AAC7C,QAAI,GAAG,kBAAkB,OAAW,KAAI,gBAAgB,GAAG;AAC3D,WAAO;AAAA,EACT,CAAC;AACH;AAQA,SAAS,gBACP,QAC8C;AAC9C,QAAM,MAAwC,CAAC;AAC/C,aAAW,KAAK,OAAO,QAAQ;AAC7B,QAAI,EAAE,YAAa,KAAI,EAAE,OAAO,IAAI,EAAE;AAAA,EACxC;AACA,SAAO,OAAO,KAAK,GAAG,EAAE,SAAS,IAAI,MAAM;AAC7C;AAQA,SAAS,eACP,cACqC;AACrC,MAAI,CAAC,aAAc,QAAO;AAC1B,QAAM,MAA+B,CAAC;AACtC,MAAI,aAAa,iBAAiB,OAAW,KAAI,eAAe,aAAa;AAC7E,SAAO,OAAO,KAAK,GAAG,EAAE,SAAS,IAAI,MAAM;AAC7C;AAWA,SAAS,mBACP,SACsB;AACtB,SAAO,QAAQ,IAAI,CAAC,OAAO;AAAA,IACzB,iBAAiB,EAAE;AAAA,IACnB,YAAY,EAAE;AAAA,EAChB,EAAE;AACJ;AAkBO,IAAM,4BAAN,cAAwC,MAAM;AAAA,EACnD,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO;AAAA,EACd;AACF;AAEO,SAAS,6BAA6B,WAA4B;AACvE,QAAM,WAAW,UAAU,cAAc,OAAO,KAAK,UAAU,UAAU,EAAE,SAAS;AACpF,QAAM,OAAO,0BAA0B,SAAS;AAChD,MAAI,YAAY,KAAK,SAAS,GAAG;AAC/B,UAAM,SAAS,WACX,mCACA,cAAc,KAAK,IAAI,CAAC,MAAM,mBAAmB,CAAC,KAAK,EAAE,KAAK,IAAI,CAAC;AACvE,UAAM,IAAI;AAAA,MACR,aAAa,MAAM;AAAA,IAIrB;AAAA,EACF;AACF;AASO,IAAM,uBAAN,cAAmC,MAAM;AAAA,EAC9C,YAAY,UAAkB,OAAgB;AAC5C,UAAM,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACpE;AAAA,MACE,WAAW,QAAQ,kEAAkE,MAAM;AAAA;AAAA,IAI7F;AACA,SAAK,OAAO;AAAA,EACd;AACF;AASA,SAAS,qBAAqB,GAAqB;AACjD,MAAI,OAAO,MAAM,YAAY,MAAM,KAAM,QAAO;AAChD,QAAM,MAAM;AACZ,QAAM,SAAS,IAAI;AACnB,QAAM,OAAO,GAAG,IAAI,WAAW,EAAE,IAAI,IAAI,MAAM,WAAW,EAAE,GAAG,YAAY;AAC3E,UAAQ,WAAW,OAAO,WAAW,QAAQ,KAAK,SAAS,gBAAgB;AAC7E;AAWA,eAAe,qBACb,QACA,UACA,OAC6B;AAC7B,MAAI;AACJ,aAAS;AACP,UAAM,OAAO,MAAM,OAAO,QAAQ,YAAY;AAAA,MAC5C,QAAQ,MAAM;AAAA,MACd,OAAO,MAAM;AAAA,MACb,OAAO;AAAA,MACP;AAAA,IACF,CAAC;AACD,UAAM,SAAS,KAAK,QAAQ,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,aAAa,QAAQ;AACnE,QAAI,OAAO,GAAI,QAAO,MAAM;AAC5B,UAAM,OAAO,KAAK;AAClB,QAAI,CAAC,KAAM,QAAO;AAClB,gBAAY;AAAA,EACd;AACF;AAOA,eAAsB,UACpB,QACA,OACuB;AACvB,QAAM,EAAE,WAAW,UAAU,WAAW,SAAS,OAAO,YAAY,IAAI,IAAI;AAM5E,kBAAgB,UAAU,cAAc,cAAc;AACtD,aAAW,WAAW,OAAO,OAAO,UAAU,SAAS,CAAC,CAAC,GAAG;AAC1D,eAAW,UAAU,QAAS,iBAAgB,OAAO,cAAc;AAAA,EACrE;AAEA,+BAA6B,SAAS;AAWtC,QAAM,OAAO,KAAK,iBAAiB,EAAE,WAAW,UAAU,WAAW,MAAM,cAAc,SAAS,EAAE,CAAC;AACrG,MAAI,MAAM,EAAE,WAAW,UAAU,WAAW,UAAU,UAAU,GAAG,qBAAqB;AAGxF,QAAM,OAAO,MAAM,OAAO,SAAS,WAAW;AAAA,IAC5C,YAAY,UAAU,iBAAiB;AAAA,IACvC,MAAM;AAAA;AAAA;AAAA,IAGN,SAAS,EAAE,aAAa,UAAU,iBAAiB,YAAY;AAAA,EACjE,CAAC;AACD,QAAM,SAAS,KAAK;AACpB,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,MAAM,8EAA8E;AAAA,EAChG;AACA,MAAI,MAAM,EAAE,WAAW,UAAU,YAAY,UAAU,iBAAiB,YAAY,OAAO,GAAG,2BAA2B;AAKzH,QAAM,YAAY,MAAM,mBACpB,MAAM,MAAM,iBAAiB,UAAU,SAAS,IAChD;AACJ,MAAI,MAAM,EAAE,WAAW,UAAU,WAAW,UAAU,UAAU,GAAG,8BAA8B;AAGjG,QAAM,YAAoC,CAAC;AAC3C,WAAS,IAAI,GAAG,IAAI,UAAU,QAAQ,QAAQ,KAAK;AACjD,UAAM,IAAI,UAAU,QAAQ,CAAC;AAG7B,UAAM,aAAiC;AAAA,MACrC,UAAU,EAAE;AAAA,MACZ,aAAa,EAAE;AAAA,MACf,aAAa,EAAE;AAAA,MACf,WAAW,EAAE;AAAA,MACb,QAAQ,YAAY,WAAW,CAAC;AAAA;AAAA;AAAA,MAGhC,cAAc,aAAa,EAAE,YAAY;AAAA;AAAA;AAAA;AAAA;AAAA,MAKzC,iBAAkB,EAAE,mBAAmB,CAAC,QAAQ;AAAA;AAAA;AAAA,MAGhD,aAAa,gBAAgB,CAAC;AAAA,MAC9B,cAAc,eAAe,EAAE,YAAY;AAAA,MAC3C,QAAQ,EAAE;AAAA,MACV,QAAQ,EAAE;AAAA,MACV,OAAO,EAAE;AAAA,MACT,UAAU,EAAE;AAAA,IACd;AACA,QAAI;AACJ,QAAI;AACF,aAAO,MAAM,UAAU,QAAQ,aAAa,UAAU;AAAA,IACxD,SAAS,GAAG;AAQV,UAAI,CAAC,qBAAqB,CAAC,EAAG,OAAM;AAGpC,UAAI,EAAE,SAAU,OAAM;AACtB,YAAM,aAAa,MAAM,qBAAqB,WAAW,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,OAAO,EAAE,MAAM,CAAC;AACzG,UAAI,CAAC,WAAY,OAAM;AACvB,UAAI;AACF,eAAO,MAAM,UAAU,QAAQ,aAAa,EAAE,IAAI,YAAY,MAAM,WAAW,CAAC;AAAA,MAClF,SAAS,IAAI;AACX,cAAM,IAAI,qBAAqB,EAAE,UAAU,EAAE;AAAA,MAC/C;AACA,UAAI,MAAM,EAAE,WAAW,UAAU,UAAU,EAAE,UAAU,UAAU,WAAW,GAAG,uDAAuD;AAAA,IACxI;AACA,QAAI,KAAK,GAAI,WAAU,EAAE,QAAQ,IAAI,KAAK;AAC1C,QAAI,MAAM,EAAE,WAAW,UAAU,UAAU,EAAE,UAAU,UAAU,KAAK,GAAG,GAAG,gBAAgB;AAAA,EAC9F;AAQA,QAAM,cAAc;AAAA,IAClB,aAAa,OAAO,MAAM;AAAA,IAC1B,QAAQ;AAAA,MACN;AAAA,QACE,iBAAiB,UAAU,cAAc;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,QAOzC,YAAY,UAAU,cAAc;AAAA,MAGtC;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,EAIF;AACA,QAAM,UAAU,MAAM,UAAU,KAAK,oBAAoB;AAAA,IACvD,WAAW,UAAU;AAAA,IACrB,MAAM;AAAA,EACR,CAAC;AAED,QAAM,UAAU,KAAK,oBAAoB;AAAA,IACvC,WAAW,UAAU;AAAA,IACrB,aAAa,OAAO,MAAM;AAAA,IAC1B,MAAM;AAAA,EACR,CAAC;AACD,MAAI,MAAM,EAAE,WAAW,UAAU,aAAa,OAAO,MAAM,IAAI,iBAAiB,QAAQ,GAAG,GAAG,wDAAwD;AAMtJ,QAAM,UAAoB,CAAC;AAC3B,aAAW,CAAC,QAAQ,OAAO,KAAK,OAAO,QAAQ,UAAU,SAAS,CAAC,CAAC,GAAG;AACrE,UAAM,UAAU,KAAK,WAAW;AAAA,MAC9B,WAAW,UAAU;AAAA,MACrB,MAAM;AAAA,QACJ;AAAA;AAAA,QAEA,MAAM;AAAA,QACN,QAAQ,mBAAmB,OAAO;AAAA,MACpC;AAAA,IACF,CAAC;AACD,YAAQ,KAAK,MAAM;AACnB,QAAI,MAAM,EAAE,WAAW,UAAU,QAAQ,SAAS,QAAQ,OAAO,GAAG,cAAc;AAAA,EACpF;AAGA,QAAM,UAAU,WAAW,UAAU,MAAM,SAAS;AACpD,MAAI,YAAuB;AAE3B,MAAI,QAAQ;AACV,UAAM,WAAW,MAAM,iBAAiB,UAAU,MAAM,UAAU;AAClE,QAAI,UAAU,OAAO;AACnB,YAAM,UAAU,KAAK,gBAAgB,EAAE,OAAO,SAAS,MAAM,CAAC;AAC9D,UAAI,MAAM,EAAE,WAAW,UAAU,OAAO,SAAS,MAAM,GAAG,8BAA8B;AAAA,IAC1F;AACA,gBAAY;AAAA,EACd;AAEA,QAAM,UAAU,MAAM,UAAU,KAAK,gBAAgB,EAAE,SAAS,UAAU,WAAW,UAAU,WAAW,OAAO,CAAC;AAElH,MAAI;AACJ,MAAI,QAAQ,QAAQ;AAElB,UAAM,SAA6B;AAAA,MACjC,OAAO,QAAQ,SAAS;AAAA,MACxB,QAAQ,QAAQ;AAAA,MAChB;AAAA,IACF;AACA,UAAM,WAAW,UAAU,MAAM,QAAQ,UAAU;AACnD,aAAS,QAAQ;AACjB,QAAI,cAAc,UAAW,aAAY;AAAA,EAC3C,OAAO;AAEL,UAAM,WAAW,MAAM,iBAAiB,UAAU,MAAM,UAAU;AAClE,QAAI,CAAC,UAAU;AACb,YAAM,IAAI,aAAa,OAAO;AAAA,IAChC;AACA,aAAS,SAAS;AAClB,gBAAY;AAAA,EACd;AACA,MAAI,MAAM,EAAE,WAAW,UAAU,SAAS,UAAU,GAAG,qBAAqB;AAG5E,MAAI,cAAc;AAClB,QAAM,kBAA4B,CAAC;AACnC,aAAW,OAAO,UAAU,QAAQ,CAAC,GAAG;AACtC,UAAM,WAAW,UAAU,IAAI,QAAQ;AACvC,QAAI,CAAC,UAAU;AACb,UAAI,KAAK,EAAE,WAAW,UAAU,UAAU,IAAI,SAAS,GAAG,8CAAyC;AACnG;AAAA,IACF;AACA,UAAM,UAAU,MAAM,UAAU,QAAQ,aAAa;AAAA,MACnD,UAAU,IAAI;AAAA,MACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAOA,YAAY,IAAI;AAAA,MAChB,SAAS,IAAI;AAAA,IACf,CAAC;AACD,QAAI,QAAQ,GAAI,iBAAgB,KAAK,QAAQ,EAAE;AAC/C;AAAA,EACF;AAEA,SAAO;AAAA,IACL,WAAW,UAAU;AAAA,IACrB,wBAAwB;AAAA,IACxB,iBAAiB,QAAQ;AAAA,IACzB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAsCO,SAAS,UAAU,WAAkC;AAC1D,QAAM,QAAoB,CAAC;AAS3B,QAAM,KAAK,EAAE,MAAM,WAAW,SAAS,YAAY,UAAU,SAAS,MAAM,cAAc,SAAS,CAAC,IAAI,CAAC;AAGzG,QAAM,KAAK;AAAA,IACT,MAAM;AAAA,IACN,SAAS,cAAc,UAAU,iBAAiB,UAAU;AAAA,EAC9D,CAAC;AAGD,aAAW,KAAK,UAAU,SAAS;AACjC,UAAM,UAAU,aAAa,EAAE,YAAY,GAAG,IAAI,CAAC,MAAM,EAAE,SAAS,KAAK,CAAC;AAC1E,UAAM,aAAa,QAAQ,SAAS,aAAa,QAAQ,KAAK,IAAI,CAAC,MAAM;AAIzE,UAAM,cAAc,EAAE,kBAAkB,eAAe,EAAE,gBAAgB,KAAK,IAAI,CAAC,MAAM;AAIzF,UAAM,YAAY,EAAE,OAAO,OAAO,CAAC,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,MAAM,EAAE,OAAO;AAC1E,UAAM,gBAAgB,UAAU,SAAS,gBAAgB,UAAU,KAAK,IAAI,CAAC,MAAM;AACnF,UAAM,KAAK;AAAA,MACT,MAAM;AAAA,MACN,SAAS,WAAW,EAAE,QAAQ,MAAM,EAAE,OAAO,MAAM,SAAS,EAAE,OAAO,WAAW,IAAI,KAAK,GAAG,KAAK,EAAE,aAAa,QAAQ,IAAI,UAAU,GAAG,WAAW,GAAG,aAAa;AAAA,IACtK,CAAC;AAAA,EACH;AAGA,QAAM,UAAU,UAAU,cAAc;AACxC,QAAM,YACJ,UAAU,cAAc,aAAa,OAAO,KAAK,UAAU,cAAc,SAAS,EAAE,SAChF,eAAe,OAAO,KAAK,UAAU,cAAc,SAAS,EAAE,KAAK,IAAI,CAAC,KACxE;AACN,QAAM,KAAK;AAAA,IACT,MAAM;AAAA,IACN,SAAS,mBAAmB,QAAQ,KAAK,IAAI,CAAC,wBAAmB,SAAS;AAAA,EAC5E,CAAC;AAID,aAAW,CAAC,QAAQ,OAAO,KAAK,OAAO,QAAQ,UAAU,SAAS,CAAC,CAAC,GAAG;AACrE,UAAM,YAAY,CAAC,GAAG,IAAI,IAAI,QAAQ,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;AACvE,UAAM,KAAK;AAAA,MACT,MAAM;AAAA,MACN,SAAS,SAAS,MAAM,MAAM,QAAQ,MAAM,UAAU,QAAQ,WAAW,IAAI,KAAK,GAAG,cAAc,UAAU,KAAK,IAAI,CAAC;AAAA,IACzH,CAAC;AAAA,EACH;AAGA,QAAM,KAAK,EAAE,MAAM,OAAO,SAAS,OAAO,UAAU,IAAI,mCAAmC,CAAC;AAG5F,QAAM,YAAY,UAAU,MAAM,UAAU;AAC5C,MAAI,YAAY,GAAG;AACjB,UAAM,KAAK,EAAE,MAAM,QAAQ,SAAS,QAAQ,SAAS,aAAa,CAAC;AAAA,EACrE;AAEA,SAAO;AACT;AAMO,SAAS,WAAW,WAAsB,OAA2B;AAC1E,QAAM,SAAS,yBAAyB,UAAU,IAAI,OAAO,UAAU,OAAO,qBAAgB,UAAU,SAAS;AACjH,QAAM,QAAQ,MAAM,IAAI,CAAC,MAAM,SAAS,EAAE,OAAO,EAAE;AACnD,SAAO,CAAC,QAAQ,GAAG,KAAK,EAAE,KAAK,IAAI;AACrC;;;ACtzBA,SAAS,YAAYC,WAAU;AAC/B,OAAOC,SAAQ;AACf,OAAOC,WAAU;AAuBV,SAAS,wBACd,WAA4B,QAAQ,UACpC,MAAyB,QAAQ,KACjCC,WAAkBF,IAAG,QAAQ,GACrB;AACR,QAAM,OAAO;AACb,MAAI,aAAa,UAAU;AACzB,WAAOC,MAAK,KAAKC,UAAS,WAAW,uBAAuB,UAAU,IAAI;AAAA,EAC5E;AACA,MAAI,aAAa,SAAS;AACxB,UAAM,UAAU,IAAI,WAAWD,MAAK,KAAKC,UAAS,WAAW,SAAS;AACtE,WAAOD,MAAK,KAAK,SAAS,UAAU,IAAI;AAAA,EAC1C;AAEA,QAAM,MAAM,IAAI,mBAAmBA,MAAK,KAAKC,UAAS,SAAS;AAC/D,SAAOD,MAAK,KAAK,KAAK,UAAU,IAAI;AACtC;AAOO,SAAS,wBAAwB,MAGrB;AACjB,QAAM,MAA8B,EAAE,iBAAiB,KAAK,OAAO;AACnE,MAAI,KAAK,cAAc,KAAK,eAAe,0BAA0B;AACnE,QAAI,uBAAuB,KAAK;AAAA,EAClC;AACA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,MAAM,CAAC,MAAM,wBAAwB;AAAA,IACrC;AAAA,EACF;AACF;AAcO,SAAS,4BAA4B,MAAc,QAAQ,IAAI,GAAW;AAC/E,SAAOA,MAAK,KAAK,KAAK,WAAW;AACnC;AAYO,SAAS,0BAA0B,OAAuB,YAAY,WAAmB;AAC9F,QAAM,WAAW,OAAO,QAAQ,MAAM,OAAO,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,MAAM,CAAC,IAAI,CAAC,EAAE;AAC/E,SAAO,CAAC,UAAU,OAAO,OAAO,WAAW,GAAG,UAAU,MAAM,MAAM,SAAS,GAAG,MAAM,IAAI,EAAE,KAAK,GAAG;AACtG;AAeO,SAAS,iBACd,UACA,OACA,YAAY,WACC;AACb,QAAM,OAA4B,WAAW,EAAE,GAAG,SAAS,IAAI,CAAC;AAChE,QAAM,UAA0C,EAAE,GAAI,KAAK,cAAc,CAAC,EAAG;AAC7E,QAAM,SAAS,OAAO,UAAU,eAAe,KAAK,SAAS,SAAS;AACtE,UAAQ,SAAS,IAAI;AACrB,OAAK,aAAa;AAClB,SAAO,EAAE,QAAQ,MAAM,QAAQ,SAAS,cAAc,QAAQ;AAChE;AAsBA,eAAsB,oBAAoB,MAIb;AAC3B,QAAM,EAAE,YAAY,OAAO,YAAY,UAAU,IAAI;AAErD,MAAI;AACJ,MAAI,cAAc;AAClB,MAAI;AACF,UAAM,MAAM,MAAMF,IAAG,SAAS,YAAY,MAAM;AAChD,kBAAc;AACd,QAAI,IAAI,KAAK,EAAE,SAAS,GAAG;AACzB,iBAAW,KAAK,MAAM,GAAG;AAAA,IAC3B;AAAA,EACF,SAAS,KAAK;AACZ,UAAM,OAAQ,IAA8B;AAC5C,QAAI,SAAS,UAAU;AACrB,iBAAW;AAAA,IACb,WAAW,eAAe,aAAa;AACrC,YAAM,IAAI;AAAA,QACR,qCAAqC,UAAU,uBACzC,IAAI,OAAO;AAAA,MACnB;AAAA,IACF,OAAO;AACL,YAAM;AAAA,IACR;AAAA,EACF;AAEA,QAAM,EAAE,QAAQ,QAAQ,YAAY,IAAI,iBAAiB,UAAU,OAAO,SAAS;AAGnF,MAAI;AACJ,MAAI,aAAa;AACf,iBAAa,GAAG,UAAU;AAC1B,UAAMA,IAAG,SAAS,YAAY,UAAU;AAAA,EAC1C,OAAO;AACL,UAAMA,IAAG,MAAME,MAAK,QAAQ,UAAU,GAAG,EAAE,WAAW,KAAK,CAAC;AAAA,EAC9D;AAGA,QAAM,UAAU,GAAG,UAAU;AAC7B,QAAM,aAAa,GAAG,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAAA;AACrD,QAAMF,IAAG,UAAU,SAAS,YAAY,EAAE,UAAU,QAAQ,MAAM,IAAM,CAAC;AACzE,QAAMA,IAAG,OAAO,SAAS,UAAU;AAEnC,SAAO;AAAA,IACL;AAAA,IACA,QAAQ,cAAc,cAAc;AAAA,IACpC;AAAA,EACF;AACF;;;AvBlHO,SAAS,kBAAkB,OAA2B;AAC3D,QAAM,YAAY,eAAe,KAAK;AACtC,kBAAgB,UAAU,cAAc,cAAc;AAGtD,aAAW,WAAW,OAAO,OAAO,UAAU,SAAS,CAAC,CAAC,GAAG;AAC1D,eAAW,UAAU,QAAS,iBAAgB,OAAO,cAAc;AAAA,EACrE;AAEA,+BAA6B,SAAS;AACtC,SAAO;AACT;AAGO,IAAM,cAAyB;AAAA,EACpC,MAAM;AAAA,EACN,SAAS;AAAA,EACT,aAAa;AAAA,EACb,WAAW;AAAA,EACX,aAAa;AAAA,EACb,SAAS,CAAC;AAAA,EACV,eAAe;AAAA,IACb,gBAAgB,CAAC,aAAa,YAAY,aAAa,eAAe,aAAa;AAAA,EACrF;AAAA,EACA,kBAAkB,EAAE,YAAY,aAAa,aAAa,yBAAoB;AAChF;AAGO,SAAS,mBAAmB,MAA+B;AAChE,QAAM,OAAsB;AAAA,IAC1B,KAAK;AAAA,IACL,KAAK;AAAA,IACL,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,gBAAgB;AAAA,IAChB,YAAY;AAAA,IACZ,QAAQ;AAAA,IACR,MAAM;AAAA,EACR;AACA,WAAS,IAAI,GAAG,IAAI,KAAK,QAAQ,KAAK;AACpC,UAAM,IAAI,KAAK,CAAC;AAChB,YAAQ,GAAG;AAAA,MACT,KAAK;AACH,aAAK,YAAY,KAAK,EAAE,CAAC;AACzB;AAAA,MACF,KAAK,SAAS;AACZ,cAAM,IAAI,KAAK,EAAE,CAAC;AAClB,YAAI,MAAM,aAAa,MAAM,cAAc;AACzC,gBAAM,IAAI,MAAM,iDAAiD,KAAK,EAAE,IAAI;AAAA,QAC9E;AACA,aAAK,MAAM;AACX;AAAA,MACF;AAAA,MACA,KAAK;AACH,aAAK,UAAU,KAAK,EAAE,CAAC;AACvB;AAAA,MACF,KAAK,YAAY;AACf,cAAM,IAAI,KAAK,EAAE,CAAC;AAClB,YAAI,MAAM,aAAa,MAAM,QAAQ;AACnC,gBAAM,IAAI,MAAM,8CAA8C,KAAK,EAAE,IAAI;AAAA,QAC3E;AACA,aAAK,SAAS;AACd;AAAA,MACF;AAAA,MACA,KAAK;AACH,aAAK,QAAQ,KAAK,EAAE,CAAC;AACrB;AAAA,MACF,KAAK;AAAA,MACL,KAAK;AACH,aAAK,MAAM;AACX;AAAA,MACF,KAAK;AACH,aAAK,QAAQ;AACb;AAAA,MACF,KAAK;AACH,aAAK,SAAS;AACd;AAAA,MACF,KAAK;AACH,aAAK,iBAAiB;AACtB;AAAA,MACF,KAAK;AAAA,MACL,KAAK;AACH,aAAK,aAAa;AAClB;AAAA,MACF,KAAK;AAAA,MACL,KAAK;AACH,aAAK,OAAO;AACZ;AAAA,MACF;AACE,cAAM,IAAI,MAAM,2BAA2B,CAAC,EAAE;AAAA,IAClD;AAAA,EACF;AACA,SAAO;AACT;AAEO,IAAM,iBAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kDASoB,gBAAgB,KAAK,IAAI,CAAC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AA2B5E,eAAsB,iBACpB,MACA,QACA,OACoB;AACpB,MAAI,KAAK,WAAY,QAAO;AAC5B,MAAI,KAAK,WAAW;AAIlB,QAAI,cAAc,KAAK,SAAS,GAAG;AACjC,aAAO,MAAM,kBAAkB,KAAK,SAAS;AAAA,IAC/C;AACA,UAAM,IAAI,aAAa,KAAK,SAAS;AACrC,QAAI,CAAC,GAAG;AACN,YAAM,IAAI;AAAA,QACR,sBAAsB,KAAK,SAAS,0BAA0B,gBAAgB,KAAK,IAAI,CAAC;AAAA,MAE1F;AAAA,IACF;AACA,WAAO;AAAA,EACT;AACA,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,MAAM,2EAA2E;AAAA,EAC7F;AAEA,QAAM,UAA0D;AAAA,IAC9D,EAAE,OAAO,iCAAiC,WAAW,YAAY;AAAA,IACjE,GAAG,mBAAmB,IAAI,CAAC,OAAO,EAAE,OAAO,GAAG,EAAE,IAAI,WAAM,EAAE,WAAW,IAAI,WAAW,EAAE,EAAE;AAAA,EAC5F;AACA,UAAQ,OAAO,MAAM,mCAAmC;AACxD,UAAQ,QAAQ,CAAC,GAAG,QAAQ,QAAQ,OAAO,MAAM,OAAO,MAAM,CAAC,KAAK,EAAE,KAAK;AAAA,CAAI,CAAC;AAChF,QAAM,UAAU,MAAM,OAAO,gBAAgB,GAAG,KAAK;AACrD,QAAM,SAAS,WAAW,KAAK,IAAI,OAAO,SAAS,QAAQ,EAAE;AAC7D,QAAM,WAAW,QAAQ,SAAS,CAAC;AACnC,MAAI,CAAC,SAAU,OAAM,IAAI,MAAM,mBAAmB,MAAM,EAAE;AAC1D,SAAO,SAAS;AAClB;AAgBA,eAAsB,0BACpB,MACA,QACA,OACA,iBAAkC,qBACjB;AACjB,MAAI;AACF,WAAO,MAAM,eAAe,KAAK,KAAK,KAAK,KAAK;AAAA,EAClD,SAAS,KAAK;AAGZ,QAAI,EAAE,eAAe,wBAAyB,OAAM;AAAA,EACtD;AACA,MAAI,CAAC,OAAO;AACV,UAAM,IAAI;AAAA,MACR;AAAA,IAEF;AAAA,EACF;AACA,UAAQ,OAAO;AAAA,IACb;AAAA,EAEF;AACA,QAAM,UAAU,MAAM,OAAO,iBAAiB,GAAG,KAAK;AACtD,MAAI,CAAC,OAAQ,OAAM,IAAI,MAAM,mBAAmB;AAChD,SAAO;AACT;AAkBA,eAAsB,gBAAgB,MAAgB,OAAsB,CAAC,GAAoB;AAC/F,QAAM,MAAM,KAAK,OAAOI,cAAa;AAErC,MAAI;AACJ,MAAI;AACF,WAAO,mBAAmB,IAAI;AAAA,EAChC,SAAS,KAAK;AACZ,YAAQ,OAAO,MAAM,GAAG,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA;AAAA,EAAO,cAAc;AAAA,CAAI;AACjG,WAAO;AAAA,EACT;AACA,MAAI,KAAK,MAAM;AACb,YAAQ,OAAO,MAAM,GAAG,cAAc;AAAA,CAAI;AAC1C,WAAO;AAAA,EACT;AAEA,QAAM,QAAQ,KAAK,SAAS,QAAQ,QAAQ,MAAM,KAAK;AACvD,QAAM,YAAY,KAAK,eACnB,KAAK,aAAa,KACjB,MAAM;AACL,UAAM,KAAc,yBAAgB,EAAE,OAAO,QAAQ,OAAO,QAAQ,QAAQ,OAAO,CAAC;AACpF,WAAO,EAAE,QAAQ,CAAC,MAAc,GAAG,SAAS,CAAC,GAAG,OAAO,MAAM,GAAG,MAAM,EAAE;AAAA,EAC1E,GAAG;AAEP,MAAI;AACF,UAAM,UAAU,aAAa,KAAK,KAAK,KAAK,WAAW,QAAQ,IAAI,oBAAoB;AAGvF,UAAM,YAAY,MAAM,iBAAiB,MAAM,UAAU,QAAQ,KAAK;AACtE,QAAI;AACF,wBAAkB,SAAS;AAAA,IAC7B,SAAS,KAAK;AACZ,UAAI,eAAe,gBAAgB;AACjC,gBAAQ,OAAO,MAAM;AAAA,yCAAuC,UAAU,IAAI;AAAA,CAAM;AAChF,mBAAW,KAAK,IAAI,SAAU,SAAQ,OAAO,MAAM,gBAAW,EAAE,MAAM,KAAK,EAAE,MAAM;AAAA,CAAI;AACvF,gBAAQ,OAAO,MAAM,sBAAsB;AAC3C,eAAO;AAAA,MACT;AAGA,UAAI,eAAe,2BAA2B;AAC5C,gBAAQ,OAAO,MAAM;AAAA,WAAS,IAAI,OAAO;AAAA;AAAA,CAAwB;AACjE,eAAO;AAAA,MACT;AACA,YAAM;AAAA,IACR;AACA,UAAM,OAAO,kBAAkB,UAAU,cAAc,cAAc;AACrE,YAAQ,OAAO,MAAM;AAAA,eAAkB,UAAU,IAAI;AAAA,wBAAsB,KAAK,SAAS,KAAK,IAAI,CAAC;AAAA,CAAwB;AAK3H,UAAM,YAAY,UAAU,SAAS;AACrC,YAAQ,OAAO,MAAM;AAAA,EAAK,WAAW,WAAW,SAAS,CAAC;AAAA,CAAI;AAC9D,QAAI,CAAC,KAAK,OAAO,CAAC,KAAK,SAAS,OAAO;AACrC,YAAM,OAAO,MAAM,UAAU,OAAO,8BAA8B,GAAG,KAAK,EAAE,YAAY;AACxF,UAAI,QAAQ,OAAO,QAAQ,OAAO;AAChC,gBAAQ,OAAO,MAAM,oCAA+B;AACpD,eAAO;AAAA,MACT;AAAA,IACF;AAKA,UAAM,eAAe,MAAM;AAAA,MACzB;AAAA,MACA,UAAU;AAAA,MACV;AAAA,MACA,KAAK;AAAA,IACP;AACA,UAAM,SAAS,MAAM,gBAAgB;AAAA,MACnC;AAAA,MACA,YAAY;AAAA,MACZ,gBAAgB,KAAK;AAAA,IACvB,CAAC;AACD,YAAQ,OAAO,MAAM,+CAA0C;AAG/D,UAAM,SAAS,IAAI,cAAc,EAAE,OAAO,OAAO,OAAO,aAAa,QAAQ,CAAC;AAC9E,UAAM,WAAW,MAAM,gBAAgB,EAAE,KAAK,QAAQ,OAAO,OAAO,aAAa,QAAQ,CAAC;AAC1F,UAAM,WAAW,SAAS;AAC1B,QAAI,CAAC,YAAY,OAAO,aAAa,UAAU;AAC7C,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAMA,UAAM,YAAY,MAAM,iBAAiB;AACzC,UAAM,SAAS,MAAM,UAAU,QAAyC;AAAA,MACtE;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ,KAAK;AAAA,MACb,kBAAkB,OAAO,cAAsB;AAC7C,cAAM,WAAW,MAAM,iBAAiB,EAAE,cAAc,YAAY,SAAS,UAAU,CAAC;AACxF,eAAO,IAAI,cAAc;AAAA,UACvB,OAAO,SAAS;AAAA,UAChB,aAAa;AAAA,QACf,CAAC;AAAA,MACH;AAAA,MACA;AAAA,IACF,CAAC;AACD,YAAQ,OAAO;AAAA,MACb,iCAA4B,OAAO,SAAS,YAAO,OAAO,OAAO;AAAA,KAC9D,OAAO,cAAc,mBAAc,OAAO,WAAW;AAAA,IAAiB;AAAA,IAC3E;AAMA,UAAM,QAAQ,wBAAwB,EAAE,QAAQ,OAAO,QAAQ,YAAY,QAAQ,CAAC;AACpF,UAAM,SAAS,KAAK,WAAW;AAC/B,UAAM,aAAa,SAAS,4BAA4B,IAAI,wBAAwB;AACpF,UAAM,UAAU,KAAK,UAAU,EAAE,YAAY,EAAE,SAAS,MAAM,EAAE,GAAG,MAAM,CAAC;AAI1E,UAAM,iBAAiB,SAAS,0BAA0B,KAAK,IAAI;AACnE,UAAM,cAAc,iBAAiB;AAAA;AAAA;AAAA,IAAoB,cAAc;AAAA,IAAO;AAE9E,QAAI,KAAK,OAAO;AACd,YAAM,QAAQ,SAAS,oCAAoC;AAC3D,cAAQ,OAAO,MAAM;AAAA,gBAAmB,KAAK;AAAA;AAAA,EAAQ,OAAO;AAAA,EAAK,WAAW,EAAE;AAC9E,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,KAAK;AACnB,QAAI,CAAC,WAAW,OAAO;AACrB,YAAM,OAAO,MAAM,UAAU,OAAO;AAAA,oCAAuC,UAAU,WAAW,GAAG,KAAK,EAAE,YAAY;AACtH,gBAAU,QAAQ,MAAM,QAAQ,OAAO,QAAQ;AAAA,IACjD;AACA,QAAI,CAAC,SAAS;AACZ,cAAQ,OAAO,MAAM;AAAA;AAAA;AAAA,EAAkC,OAAO;AAAA,EAAK,WAAW,EAAE;AAChF,aAAO;AAAA,IACT;AAEA,QAAI;AACF,YAAM,SAAS,MAAM,oBAAoB,EAAE,YAAY,MAAM,CAAC;AAC9D,YAAM,cAAc,SAChB,+FACA;AACJ,cAAQ,OAAO;AAAA,QACb,mBAAc,OAAO,MAAM,GAAG,OAAO,aAAa,aAAa,OAAO,UAAU,MAAM,EAAE;AAAA,IACtF;AAAA,MACJ;AAAA,IACF,SAAS,KAAK;AAEZ,cAAQ,OAAO,MAAM,oCAA+B,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA,CAAM;AAC1G,cAAQ,OAAO,MAAM;AAAA;AAAA;AAAA,EAAqC,OAAO;AAAA,EAAK,WAAW,EAAE;AAAA,IACrF;AACA,WAAO;AAAA,EACT,SAAS,KAAK;AACZ,QAAI,eAAe,cAAc;AAC/B,cAAQ,OAAO,MAAM;AAAA,WAAS,IAAI,OAAO;AAAA,CAAI;AAC7C,aAAO;AAAA,IACT;AACA,YAAQ,OAAO,MAAM;AAAA,6BAA2B,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA,CAAI;AACpG,QAAI,QAAQ,IAAI,qBAAqB,eAAe,SAAS,IAAI,OAAO;AACtE,cAAQ,OAAO,MAAM,GAAG,IAAI,KAAK;AAAA,CAAI;AAAA,IACvC;AACA,WAAO;AAAA,EACT,UAAE;AACA,cAAU,MAAM;AAAA,EAClB;AACF;;;AwBvdA,SAAS,aAAAC,YAAW,cAAc;;;ACUlC,IAAM,wBAAwB,oBAAI,IAAI,CAAC,QAAQ,UAAU,UAAU,CAAC;AAGpE,SAAS,gBAAgB,IAA4C;AACnE,SAAO,OAAO,OAAO,WAAW,KAAK,GAAG;AAC1C;AAMO,SAAS,cAAc,IAA8B;AAC1D,QAAM,WAA0B,CAAC;AACjC,QAAM,YAAY,oBAAI,IAAY;AAElC,aAAW,UAAU,GAAG,SAAS;AAC/B,cAAU,IAAI,OAAO,QAAQ;AAC7B,UAAM,WAAW,oBAAI,IAAY;AAEjC,eAAW,KAAK,OAAO,QAAQ;AAE7B,UAAI,SAAS,IAAI,EAAE,OAAO,GAAG;AAC3B,iBAAS,KAAK;AAAA,UACZ,UAAU;AAAA,UACV,MAAM;AAAA,UACN,SAAS,WAAW,OAAO,QAAQ,yBAAyB,EAAE,OAAO;AAAA,QACvE,CAAC;AAAA,MACH;AACA,eAAS,IAAI,EAAE,OAAO;AAGtB,UAAI,EAAE,cAAc,EAAE,WAAW,SAAS,KAAK,CAAC,sBAAsB,IAAI,EAAE,SAAS,GAAG;AACtF,iBAAS,KAAK;AAAA,UACZ,UAAU;AAAA,UACV,MAAM;AAAA,UACN,SACE,WAAW,OAAO,QAAQ,aAAa,EAAE,OAAO,mCAClC,EAAE,SAAS;AAAA,QAC7B,CAAC;AAAA,MACH;AAAA,IACF;AAGA,eAAW,MAAM,OAAO,gBAAgB,CAAC,GAAG;AAC1C,YAAM,OAAO,gBAAgB,EAAE;AAC/B,UAAI,CAAC,SAAS,IAAI,IAAI,GAAG;AACvB,iBAAS,KAAK;AAAA,UACZ,UAAU;AAAA,UACV,MAAM;AAAA,UACN,SAAS,WAAW,OAAO,QAAQ,mBAAmB,IAAI;AAAA,QAC5D,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAGA,aAAW,OAAO,GAAG,QAAQ,CAAC,GAAG;AAC/B,QAAI,CAAC,UAAU,IAAI,IAAI,QAAQ,GAAG;AAChC,eAAS,KAAK;AAAA,QACZ,UAAU;AAAA,QACV,MAAM;AAAA,QACN,SACE,SAAS,IAAI,UAAU,gBAAgB,IAAI,QAAQ;AAAA,MAEvD,CAAC;AAAA,IACH;AAAA,EACF;AAOA,QAAM,KAAK,GAAG,cAAc;AAC5B,MAAI,IAAI;AACN,eAAW,CAAC,KAAK,MAAM,KAAK,OAAO,QAAQ,EAAE,GAAG;AAC9C,UAAI,OAAO,SAAS,KAAK,CAAC,OAAO,SAAS,IAAI,GAAG;AAC/C,iBAAS,KAAK;AAAA,UACZ,UAAU;AAAA,UACV,MAAM;AAAA,UACN,SACE,2BAA2B,GAAG,wKAEE,OAAO,OAAO,CAAC,CAAC,CAAC;AAAA,QACrD,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAMA,aAAW,UAAU,OAAO,KAAK,GAAG,SAAS,CAAC,CAAC,GAAG;AAChD,QAAI,CAAC,WAAW,KAAK,MAAM,GAAG;AAC5B,eAAS,KAAK;AAAA,QACZ,UAAU;AAAA,QACV,MAAM;AAAA,QACN,SACE,SAAS,MAAM;AAAA,MAEnB,CAAC;AAAA,IACH;AAAA,EACF;AAKA,aAAW,CAAC,QAAQ,OAAO,KAAK,OAAO,QAAQ,GAAG,SAAS,CAAC,CAAC,GAAG;AAC9D,YAAQ,QAAQ,CAAC,QAAQ,MAAM;AAC7B,YAAM,MAAM,OAAO;AACnB,UAAI,CAAC,IAAK;AACV,iBAAW,CAAC,KAAK,MAAM,KAAK,OAAO,QAAQ,GAAG,GAAG;AAC/C,YAAI,OAAO,SAAS,KAAK,CAAC,OAAO,SAAS,IAAI,GAAG;AAC/C,mBAAS,KAAK;AAAA,YACZ,UAAU;AAAA,YACV,MAAM;AAAA,YACN,SACE,SAAS,MAAM,YAAY,CAAC,eAAe,GAAG,8JAE1B,OAAO,OAAO,CAAC,CAAC,CAAC;AAAA,UACzC,CAAC;AAAA,QACH;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAGA,IAAM,aAAa;AAGZ,SAAS,WAAW,UAAkC;AAC3D,SAAO,CAAC,SAAS,KAAK,CAAC,MAAM,EAAE,aAAa,OAAO;AACrD;;;AClJA,SAAS,aAAa,qBAAqB;AAIpC,SAAS,aAAa,MAAsB;AACjD,SAAO,KAAK,IAAI;AAClB;AAOO,SAAS,gBAAgB,MAAsB;AACpD,SAAO,KAAK,IAAI;AAAA,4DAC0C,IAAI;AAAA,yDACP,IAAI;AAAA,gEACG,IAAI;AAAA;AAAA,QAE5D,IAAI;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,gBA8BI,IAAI;AAAA,iBACH,IAAI;AAAA;AAAA;AAAA;AAAA;AAAA,mCAKc,IAAI;AAAA;AAEvC;AAOO,SAAS,cAAc,MAAc,MAA0B;AACpE,MAAI,CAAC,KAAM,QAAO,gBAAgB,IAAI;AAKtC,QAAM,OAAkB;AAAA,IACtB,GAAG;AAAA,IACH;AAAA,IACA,kBAAkB;AAAA,MAChB,GAAG,KAAK;AAAA,MACR,YAAY,GAAG,IAAI;AAAA,IACrB;AAAA,EACF;AACA,QAAM,SACJ,KAAK,IAAI,mDAA8C,KAAK,IAAI;AAAA,6CAClB,IAAI;AAAA;AACpD,SAAO,SAAS,cAAc,IAAI;AACpC;;;AFvDO,SAAS,mBAAmB,MAA+B;AAChE,QAAM,OAAsB,EAAE,MAAM,OAAO,OAAO,OAAO,KAAK,CAAC,EAAE;AACjE,QAAM,cAAwB,CAAC;AAC/B,WAAS,IAAI,GAAG,IAAI,KAAK,QAAQ,KAAK;AACpC,UAAM,IAAI,KAAK,CAAC;AAChB,YAAQ,GAAG;AAAA,MACT,KAAK;AAAA,MACL,KAAK;AACH,aAAK,OAAO;AACZ;AAAA,MACF,KAAK;AACH,aAAK,OAAO,KAAK,EAAE,CAAC;AACpB;AAAA,MACF,KAAK;AACH,aAAK,MAAM,KAAK,EAAE,CAAC;AACnB;AAAA,MACF,KAAK;AACH,aAAK,QAAQ;AACb;AAAA,MACF,KAAK;AACH,aAAK,IAAI,KAAK,KAAK,EAAE,CAAC,CAAC;AACvB;AAAA,MACF,KAAK;AACH,aAAK,SAAS,KAAK,EAAE,CAAC;AACtB;AAAA,MACF;AACE,YAAI,EAAE,WAAW,GAAG,EAAG,OAAM,IAAI,MAAM,2BAA2B,CAAC,EAAE;AACrE,oBAAY,KAAK,CAAC;AAAA,IACtB;AAAA,EACF;AACA,OAAK,MAAM,YAAY,CAAC;AACxB,OAAK,OAAO,YAAY,CAAC;AACzB,SAAO;AACT;AAEO,IAAM,iBAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,gEAoBkC,gBAAgB,KAAK,IAAI,CAAC;AAAA;AAAA;AAAA;AAAA;AAAA;AAa1F,eAAe,oBAAoB,KAAa,UAAuD;AACrG,MAAI,cAAc,GAAG,EAAG,QAAO,kBAAkB,KAAK,QAAQ;AAG9D,MAAI,OAAO,KAAK,QAAQ,EAAE,SAAS,GAAG;AACpC,UAAM,IAAI;AAAA,MACR,kDAAkD,GAAG;AAAA,IACvD;AAAA,EACF;AACA,QAAM,IAAI,aAAa,GAAG;AAC1B,MAAI,CAAC,GAAG;AACN,UAAM,IAAI;AAAA,MACR,sBAAsB,GAAG,eAAe,gBAAgB,KAAK,IAAI,CAAC;AAAA,IACpE;AAAA,EACF;AACA,SAAO;AACT;AASA,eAAe,mBACb,KACA,MACA,UAC2B;AAC3B,MAAI,CAAC,KAAK;AACR,YAAQ,OAAO,MAAM,YAAO,IAAI,4CAA4C,IAAI;AAAA,CAAgB;AAChG,WAAO;AAAA,EACT;AAGA,MAAI;AACJ,MAAI;AACF,gBAAY,MAAM,oBAAoB,KAAK,QAAQ;AAAA,EACrD,SAAS,KAAK;AACZ,YAAQ,OAAO,MAAM,YAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA,CAAI;AAChF,WAAO;AAAA,EACT;AAQA,MAAI;AACF,oBAAgB,UAAU,cAAc,cAAc;AACtD,eAAW,WAAW,OAAO,OAAO,UAAU,SAAS,CAAC,CAAC,GAAG;AAC1D,iBAAW,UAAU,QAAS,iBAAgB,OAAO,cAAc;AAAA,IACrE;AAAA,EACF,SAAS,KAAK;AACZ,QAAI,eAAe,gBAAgB;AACjC,cAAQ,OAAO,MAAM,iCAA4B,UAAU,IAAI;AAAA,CAAM;AACrE,iBAAW,KAAK,IAAI,SAAU,SAAQ,OAAO,MAAM,gBAAW,EAAE,MAAM,KAAK,EAAE,MAAM;AAAA,CAAI;AACvF,aAAO;AAAA,IACT;AACA,UAAM;AAAA,EACR;AAIA,MAAI;AACF,iCAA6B,SAAS;AAAA,EACxC,SAAS,KAAK;AACZ,YAAQ,OAAO,MAAM,YAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA,CAAI;AAChF,WAAO;AAAA,EACT;AAGA,QAAM,WAAW,cAAc,SAAS;AACxC,aAAW,KAAK,UAAU;AACxB,UAAM,OAAO,EAAE,aAAa,UAAU,WAAM;AAC5C,UAAM,SAAS,EAAE,aAAa,UAAU,QAAQ,SAAS,QAAQ;AACjE,WAAO,MAAM,KAAK,IAAI,KAAK,EAAE,IAAI,KAAK,EAAE,OAAO;AAAA,CAAI;AAAA,EACrD;AACA,MAAI,CAAC,WAAW,QAAQ,GAAG;AACzB,YAAQ,OAAO,MAAM,aAAQ,UAAU,IAAI;AAAA,CAAkC;AAC7E,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAOA,eAAe,YAAY,MAAsC;AAC/D,MAAI;AACJ,MAAI;AACF,eAAW,MAAM,iBAAiB,KAAK,KAAK,KAAK,MAAM;AAAA,EACzD,SAAS,KAAK;AACZ,YAAQ,OAAO,MAAM,YAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA,CAAI;AAChF,WAAO;AAAA,EACT;AACA,QAAM,YAAY,MAAM,mBAAmB,KAAK,MAAM,YAAY,QAAQ;AAC1E,MAAI,CAAC,UAAW,QAAO;AAEvB,QAAM,OAAO,kBAAkB,UAAU,cAAc,cAAc;AACrE,QAAM,YAAY,cAAc,SAAS,EAAE;AAC3C,UAAQ,OAAO;AAAA,IACb,aAAQ,UAAU,IAAI,2DACc,KAAK,SAAS,KAAK,IAAI,CAAC,oBACzD,YAAY,KAAK,SAAS,WAAW,cAAc,IAAI,KAAK,GAAG,MAAM,MACtE;AAAA,EACJ;AACA,SAAO;AACT;AAQA,eAAe,QAAQ,MAAsC;AAC3D,MAAI;AACJ,MAAI;AACF,eAAW,MAAM,iBAAiB,KAAK,KAAK,KAAK,MAAM;AAAA,EACzD,SAAS,KAAK;AACZ,YAAQ,OAAO,MAAM,YAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA,CAAI;AAChF,WAAO;AAAA,EACT;AACA,QAAM,YAAY,MAAM,mBAAmB,KAAK,MAAM,QAAQ,QAAQ;AACtE,MAAI,CAAC,UAAW,QAAO;AAEvB,QAAM,QAAQ,UAAU,SAAS;AACjC,UAAQ,OAAO,MAAM;AAAA,EAAK,WAAW,WAAW,KAAK,CAAC;AAAA,CAAI;AAE1D,QAAM,UAAU,CAAC,GAAG,KAAK,GAAG,EAAE,KAAK,SAAS;AAC5C,UAAQ,OAAO;AAAA,IACb;AAAA,IAAO,MAAM,MAAM;AAAA,8CAC8B,KAAK,IAAI,MACvD,KAAK,IAAI,SAAS,UAAU,OAAO,KAAK,OACxC,KAAK,SAAS,aAAa,KAAK,MAAM,KAAK,MAC5C;AAAA,EACJ;AACA,SAAO;AACT;AAGA,IAAM,eAAe;AAQrB,eAAe,QAAQ,MAAsC;AAC3D,QAAM,OAAO,KAAK;AAClB,MAAI,CAAC,MAAM;AACT,YAAQ,OAAO,MAAM,gEAA2D;AAChF,WAAO;AAAA,EACT;AACA,MAAI,CAAC,aAAa,KAAK,IAAI,GAAG;AAC5B,YAAQ,OAAO;AAAA,MACb,0BAAqB,IAAI;AAAA;AAAA,IAE3B;AACA,WAAO;AAAA,EACT;AAGA,MAAI;AACJ,MAAI,KAAK,MAAM;AACb,WAAO,aAAa,KAAK,IAAI;AAC7B,QAAI,CAAC,MAAM;AACT,cAAQ,OAAO;AAAA,QACb,sCAAiC,KAAK,IAAI,eAAe,gBAAgB,KAAK,IAAI,CAAC;AAAA;AAAA,MACrF;AACA,aAAO;AAAA,IACT;AAAA,EACF;AAEA,QAAM,UAAU,KAAK,OAAO,aAAa,IAAI;AAC7C,MAAI,CAAC,KAAK,OAAO;AACf,UAAM,SAAS,MAAM,OAAO,OAAO,EAAE;AAAA,MACnC,MAAM;AAAA,MACN,MAAM;AAAA,IACR;AACA,QAAI,QAAQ;AACV,cAAQ,OAAO,MAAM,YAAO,OAAO;AAAA,CAA+C;AAClF,aAAO;AAAA,IACT;AAAA,EACF;AAEA,QAAM,WAAW,cAAc,MAAM,IAAI;AACzC,MAAI;AACF,UAAMC,WAAU,SAAS,UAAU,MAAM;AAAA,EAC3C,SAAS,KAAK;AACZ,YAAQ,OAAO,MAAM,4BAAuB,OAAO,KAAK,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA,CAAI;AAC5G,WAAO;AAAA,EACT;AAEA,UAAQ,OAAO;AAAA,IACb,kBAAa,OAAO,GAAG,OAAO,WAAW,KAAK,IAAI,OAAO,EAAE;AAAA,oDACJ,OAAO;AAAA;AAAA,EAChE;AACA,SAAO;AACT;AAGA,SAAS,UAAkB;AACzB,UAAQ,OAAO,MAAM,2BAA2B;AAChD,aAAW,KAAK,oBAAoB;AAClC,YAAQ,OAAO,MAAM,cAAS,EAAE,IAAI,MAAM,EAAE,OAAO,YAAO,EAAE,WAAW;AAAA,CAAI;AAAA,EAC7E;AACA,UAAQ,OAAO;AAAA,IACb;AAAA;AAAA;AAAA;AAAA;AAAA,EAGF;AACA,SAAO;AACT;AAUA,eAAsB,gBAAgB,MAAgB,OAAyB,CAAC,GAAoB;AAClG,OAAK;AAEL,MAAI;AACJ,MAAI;AACF,WAAO,mBAAmB,IAAI;AAAA,EAChC,SAAS,KAAK;AACZ,YAAQ,OAAO,MAAM,GAAG,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA;AAAA,EAAO,cAAc;AAAA,CAAI;AACjG,WAAO;AAAA,EACT;AAGA,MAAI,KAAK,MAAM;AACb,YAAQ,OAAO,MAAM,GAAG,cAAc;AAAA,CAAI;AAC1C,WAAO;AAAA,EACT;AACA,MAAI,CAAC,KAAK,KAAK;AACb,YAAQ,OAAO,MAAM,GAAG,cAAc;AAAA,CAAI;AAC1C,WAAO;AAAA,EACT;AAEA,UAAQ,KAAK,KAAK;AAAA,IAChB,KAAK;AACH,aAAO,QAAQ,IAAI;AAAA,IACrB,KAAK;AACH,aAAO,YAAY,IAAI;AAAA,IACzB,KAAK;AACH,aAAO,QAAQ,IAAI;AAAA,IACrB,KAAK;AACH,aAAO,QAAQ;AAAA,IACjB;AACE,cAAQ,OAAO;AAAA,QACb,iCAAiC,KAAK,GAAG,cAC3B,gBAAgB,KAAK,IAAI,CAAC;AAAA;AAAA,EAAO,cAAc;AAAA;AAAA,MAC/D;AACA,aAAO;AAAA,EACX;AACF;;;AGjXA,SAAS,SAAS,cAAc;;;ACGzB,SAAS,WAAW,OAAwB;AACjD,SAAO,KAAK,UAAU,OAAO,MAAM,CAAC;AACtC;AAWO,SAAS,gBAAgB,OAA0D;AACxF,MAAI,MAAM,WAAW,EAAG,QAAO;AAC/B,QAAM,QAAQ,KAAK,IAAI,GAAG,MAAM,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC;AACtD,SAAO,MACJ,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,KAAK,GAAG,CAAC,IAAI,OAAO,QAAQ,CAAC,CAAC,IAAI,YAAY,CAAC,CAAC,EAAE,EAClE,KAAK,IAAI;AACd;AAYO,SAAS,YACd,MACA,SACQ;AACR,QAAM,QAAQ,KAAK,IAAI,CAAC,MAAM,QAAQ,IAAI,CAAC,MAAM,YAAY,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;AACvE,QAAM,SAAS,QAAQ;AAAA,IAAI,CAAC,GAAG,MAC7B,KAAK,IAAI,EAAE,OAAO,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,IAAI,CAAC,EAAE,MAAM,GAAG,CAAC;AAAA,EACnE;AACA,QAAM,MAAM,CAAC,GAAW,MAAsB,EAAE,OAAO,OAAO,CAAC,CAAC;AAEhE,QAAM,SAAS,QAAQ,IAAI,CAAC,GAAG,MAAM,IAAI,EAAE,OAAO,YAAY,GAAG,CAAC,CAAC,EAAE,KAAK,IAAI;AAC9E,QAAM,YAAY,OAAO,IAAI,CAAC,MAAM,SAAI,OAAO,CAAC,CAAC,EAAE,KAAK,IAAI;AAC5D,MAAI,KAAK,WAAW,EAAG,QAAO,KAAK,MAAM;AAAA,IAAO,SAAS;AAAA;AAEzD,QAAM,OAAO,MAAM,IAAI,CAAC,QAAQ,KAAK,IAAI,IAAI,GAAG,EAAE,KAAK,IAAI,CAAC,EAAE,EAAE,KAAK,IAAI;AACzE,SAAO,KAAK,MAAM;AAAA,IAAO,SAAS;AAAA,EAAK,IAAI;AAC7C;AAGA,SAAS,YAAY,GAAoB;AACvC,MAAI,MAAM,UAAa,MAAM,QAAQ,MAAM,GAAI,QAAO;AACtD,MAAI,OAAO,MAAM,SAAU,QAAO;AAClC,MAAI,OAAO,MAAM,YAAY,OAAO,MAAM,UAAW,QAAO,OAAO,CAAC;AACpE,SAAO,KAAK,UAAU,CAAC;AACzB;AAGO,SAAS,YAAY,KAAsB;AAChD,MAAI,eAAe,MAAO,QAAO,IAAI;AACrC,SAAO,OAAO,GAAG;AACnB;;;ACnBA,eAAsB,SACpB,MACA,MACA,MACiB;AACjB,QAAM,MAAM,KAAK,OAAOC,cAAa;AACrC,QAAM,cAAc,KAAK,eAAe;AAExC,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,YAAY;AAAA,MACvB,KAAK,KAAK;AAAA,MACV,SAAS,KAAK;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,SAAS,KAAK;AAAA,MACd,cAAc,KAAK;AAAA,MACnB,gBAAgB,KAAK;AAAA,MACrB;AAAA,IACF,CAAC;AAAA,EACH,SAAS,KAAK;AACZ,QAAI,eAAe,wBAAwB;AACzC,cAAQ,OAAO,MAAM,YAAO,IAAI,OAAO;AAAA,CAAI;AAC3C,aAAO;AAAA,IACT;AACA,YAAQ,OAAO,MAAM,YAAO,YAAY,GAAG,CAAC;AAAA,CAAI;AAChD,WAAO;AAAA,EACT;AAEA,SAAO,KAAK,MAAM,GAAG;AACvB;AAOO,SAAS,gBAAgB,MAA2B;AACzD,MAAI,CAAC,KAAK,UAAU;AAClB,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,SAAO,KAAK;AACd;AAGO,SAAS,yBAAyB,WAA2B;AAClE,SAAO,UAAU,WAAW,MAAM,IAAI,UAAU,MAAM,OAAO,MAAM,IAAI;AACzE;AAGO,SAAS,SAAS,KAAuB;AAC9C,SAAO,IACJ,MAAM,GAAG,EACT,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EACnB,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC;AAC/B;;;ACxFA,eAAsB,UAAU,SAAwB,OAAmB,CAAC,GAAoB;AAC9F,SAAO,SAAS,SAAS,MAAM,OAAO,SAAS;AAC7C,UAAM,EAAE,UAAU,QAAQ,IAAI;AAE9B,QAAI,QAAQ,MAAM;AAChB,cAAQ,OAAO,MAAM,GAAG,WAAW,QAAQ,CAAC;AAAA,CAAI;AAChD,aAAO;AAAA,IACT;AAEA,UAAM,SACJ,OAAO,SAAS,mBAAmB,WAC/B,IAAI,KAAK,SAAS,iBAAiB,GAAI,EAAE,YAAY,IACrD;AAEN,YAAQ,OAAO;AAAA,MACb,OACE,gBAAgB;AAAA,QACd,CAAC,UAAU,SAAS,QAAQ;AAAA,QAC5B,CAAC,eAAe,SAAS,WAAW;AAAA,QACpC,CAAC,aAAa,SAAS,aAAa;AAAA,QACpC,CAAC,gBAAgB,SAAS,cAAc;AAAA,QACxC,CAAC,SAAS,SAAS,cAAc;AAAA,QACjC,CAAC,mBAAmB,SAAS,gBAAgB,SAAS,SAAS,eAAe,KAAK,IAAI,IAAI,MAAS;AAAA,QACpG,CAAC,iBAAiB,MAAM;AAAA,QACxB,CAAC,OAAO,OAAO;AAAA,MACjB,CAAC,IACD;AAAA,IACJ;AACA,WAAO;AAAA,EACT,CAAC;AACH;;;ACjCO,IAAM,aAAa;AAW1B,eAAsB,WAAcC,QAA+D;AACjG,QAAM,MAAW,CAAC;AAClB,MAAI;AACJ,aAAS;AACP,UAAM,OAAO,MAAMA,OAAM,SAAS;AAClC,QAAI,KAAK,KAAM,KAAI,KAAK,GAAG,KAAK,IAAI;AACpC,UAAM,OAAO,KAAK;AAClB,QAAI,CAAC,KAAM;AACX,gBAAY;AAAA,EACd;AACA,SAAO;AACT;;;AC+BO,IAAM,mBAAmB;AA0BhC,SAAS,cAAc,KAAc,QAAyB;AAC5D,QAAM,MAAM,IAAI,UAAU;AAC1B,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,cAAQ,OAAO,MAAM,GAAG,GAAG;AAAA,CAAI;AAC/B;AAAA,IACF,KAAK;AACH,cAAQ,OAAO,MAAM,mBAAmB,GAAG;AAAA,CAAI;AAC/C;AAAA,IACF,KAAK;AACH,cAAQ,OAAO,MAAM,GAAG,WAAW,GAAG,CAAC;AAAA,CAAI;AAC3C;AAAA,IACF,KAAK;AACH,cAAQ,OAAO;AAAA,QACb,OACE,gBAAgB;AAAA,UACd,CAAC,UAAU,IAAI,KAAK;AAAA,UACpB,CAAC,QAAQ,IAAI,OAAO;AAAA,UACpB,CAAC,WAAW,IAAI,SAAS;AAAA,UACzB,CAAC,aAAa,IAAI,SAAS,OAAO,IAAI,MAAM,KAAK,MAAS;AAAA,UAC1D,CAAC,UAAU,IAAI,MAAM;AAAA,QACvB,CAAC,IACD;AAAA;AAAA,oBAAyB,GAAG;AAAA;AAAA;AAAA,MAEhC;AAAA,EACJ;AACF;AAGA,SAAS,aAAa,GAAY,WAAmB,QAAgB,SAA0B;AAC7F,SAAO,EAAE,cAAc,aAAa,EAAE,WAAW,UAAU,EAAE,YAAY,WAAW,EAAE,WAAW;AACnG;AAQA,eAAsB,YAAY,MAAuB,OAAiB,CAAC,GAAoB;AAC7F,SAAO,SAAS,MAAM,MAAM,OAAO,SAAS;AAC1C,UAAM,SAAS,KAAK;AACpB,QAAI;AACF,YAAM,WAAW,gBAAgB,IAAI;AACrC,YAAM,SAAS,yBAAyB,KAAK,SAAS;AACtD,YAAM,UAAU,KAAK,QAAQ;AAE7B,YAAM,MAAM,MAAM,OAAO,KAAK,gBAAgB;AAAA,QAC5C;AAAA,QACA;AAAA,QACA,WAAW,KAAK;AAAA,QAChB;AAAA,QACA,OAAO,KAAK;AAAA,MACd,CAAC;AAED,UAAI,CAAC,IAAI,QAAQ;AACf,gBAAQ,OAAO;AAAA,UACb,yBAAoB,OAAO,4BAA4B,MAAM,QAAQ,KAAK,OAAO;AAAA;AAAA;AAAA,QAGnF;AACA,eAAO;AAAA,MACT;AAEA,oBAAc,KAAK,KAAK,MAAM;AAC9B,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,OAAO,MAAM,8BAAyB,YAAY,GAAG,CAAC;AAAA,CAAI;AAClE,aAAO;AAAA,IACT;AAAA,EACF,CAAC;AACH;AAQA,eAAsB,WAAW,MAAsB,OAAiB,CAAC,GAAoB;AAC3F,SAAO,SAAS,MAAM,MAAM,OAAO,SAAS;AAC1C,UAAM,SAAS,KAAK;AACpB,QAAI;AACF,YAAM,eAAe,KAAK,YAAY,yBAAyB,KAAK,SAAS,IAAI;AACjF,YAAM,QAAQ,MAAM,WAAW,MAAM,OAAO,KAAK,eAAe,CAAC,GAAG;AAAA,QAClE,CAAC,OACE,CAAC,KAAK,WAAW,EAAE,cAAc,KAAK,aACtC,CAAC,gBAAgB,EAAE,WAAW;AAAA,MACnC;AAEA,UAAI,KAAK,MAAM;AACb,gBAAQ,OAAO,MAAM,GAAG,WAAW,IAAI,CAAC;AAAA,CAAI;AAC5C,eAAO;AAAA,MACT;AACA,cAAQ,OAAO;AAAA,QACb,OACE,YAAY,MAAM;AAAA,UAChB,EAAE,QAAQ,UAAU,KAAK,CAAC,MAAM,EAAE,MAAM;AAAA,UACxC,EAAE,QAAQ,QAAQ,KAAK,CAAC,MAAM,EAAE,QAAQ;AAAA,UACxC,EAAE,QAAQ,WAAW,KAAK,CAAC,MAAM,EAAE,UAAU;AAAA,UAC7C,EAAE,QAAQ,aAAa,KAAK,CAAC,MAAO,EAAE,SAAS,OAAO,EAAE,MAAM,KAAK,OAAW;AAAA,UAC9E,EAAE,QAAQ,QAAQ,KAAK,CAAC,MAAM,EAAE,SAAS;AAAA,UACzC,EAAE,QAAQ,UAAU,KAAK,CAAC,MAAM,EAAE,OAAO;AAAA,UACzC,EAAE,QAAQ,aAAa,KAAK,CAAC,MAAM,EAAE,WAAW;AAAA,UAChD,EAAE,QAAQ,WAAW,KAAK,CAAC,MAAM,EAAE,UAAU;AAAA,QAC/C,CAAC,IACD;AAAA,MACJ;AACA,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,OAAO,MAAM,6BAAwB,YAAY,GAAG,CAAC;AAAA,CAAI;AACjE,aAAO;AAAA,IACT;AAAA,EACF,CAAC;AACH;AAOA,eAAsB,UACpB,OACA,MACA,OAAiB,CAAC,GACD;AACjB,SAAO,SAAS,MAAM,MAAM,OAAO,SAAS;AAC1C,UAAM,SAAS,KAAK;AACpB,QAAI;AACF,YAAM,MAAM,MAAM,OAAO,KAAK,aAAa,EAAE,MAAM,CAAC;AACpD,UAAI,KAAK,MAAM;AACb,gBAAQ,OAAO,MAAM,GAAG,WAAW,GAAG,CAAC;AAAA,CAAI;AAC3C,eAAO;AAAA,MACT;AACA,cAAQ,OAAO;AAAA,QACb,OACE,gBAAgB;AAAA,UACd,CAAC,UAAU,IAAI,KAAK;AAAA,UACpB,CAAC,QAAQ,IAAI,OAAO;AAAA,UACpB,CAAC,WAAW,IAAI,SAAS;AAAA,UACzB,CAAC,aAAa,IAAI,SAAS,OAAO,IAAI,MAAM,KAAK,MAAS;AAAA,UAC1D,CAAC,QAAQ,IAAI,QAAQ;AAAA,UACrB,CAAC,UAAU,IAAI,MAAM;AAAA,UACrB,CAAC,aAAa,IAAI,UAAU;AAAA,UAC5B,CAAC,WAAW,IAAI,SAAS;AAAA,QAC3B,CAAC,IACD;AAAA,MACJ;AACA,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,OAAO,MAAM,4BAAuB,YAAY,GAAG,CAAC;AAAA,CAAI;AAChE,aAAO;AAAA,IACT;AAAA,EACF,CAAC;AACH;AAUA,eAAsB,aACpB,OACA,MACA,OAAiB,CAAC,GACD;AACjB,SAAO,SAAS,MAAM,MAAM,OAAO,SAAS;AAC1C,UAAM,SAAS,KAAK;AACpB,QAAI;AACF,YAAM,OAAO,KAAK,gBAAgB,EAAE,MAAM,CAAC;AAC3C,YAAM,QAAQ,KAAK,UAAU,gBAAgB,KAAK,OAAO,MAAM;AAC/D,cAAQ,OAAO;AAAA,QACb,oBAAe,KAAK,GAAG,KAAK;AAAA;AAAA,MAC9B;AACA,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,OAAO,MAAM,+BAA0B,YAAY,GAAG,CAAC;AAAA,CAAI;AACnE,aAAO;AAAA,IACT;AAAA,EACF,CAAC;AACH;AAQA,eAAsB,aAAa,MAAwB,OAAiB,CAAC,GAAoB;AAC/F,SAAO,SAAS,MAAM,MAAM,OAAO,SAAS;AAC1C,UAAM,SAAS,KAAK;AACpB,QAAI;AACF,YAAM,WAAW,gBAAgB,IAAI;AACrC,YAAM,SAAS,yBAAyB,KAAK,SAAS;AACtD,YAAM,UAAU,KAAK,QAAQ;AAE7B,YAAM,YAAY,MAAM,WAAW,MAAM,OAAO,KAAK,eAAe,CAAC,GAAG;AAAA,QAAK,CAAC,MAC5E,aAAa,GAAG,KAAK,SAAS,QAAQ,OAAO;AAAA,MAC/C;AACA,UAAI,UAAU,OAAO;AACnB,cAAM,OAAO,KAAK,gBAAgB,EAAE,OAAO,SAAS,MAAM,CAAC;AAC3D,gBAAQ,OAAO,MAAM,8BAAyB,SAAS,KAAK;AAAA,CAAI;AAAA,MAClE;AAEA,YAAM,MAAM,MAAM,OAAO,KAAK,gBAAgB;AAAA,QAC5C;AAAA,QACA;AAAA,QACA,WAAW,KAAK;AAAA,QAChB;AAAA,QACA,OAAO;AAAA,MACT,CAAC;AACD,UAAI,CAAC,IAAI,QAAQ;AAGf,gBAAQ,OAAO;AAAA,UACb;AAAA,QACF;AACA,eAAO;AAAA,MACT;AACA,oBAAc,KAAK,KAAK,MAAM;AAC9B,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,OAAO,MAAM,+BAA0B,YAAY,GAAG,CAAC;AAAA,CAAI;AACnE,aAAO;AAAA,IACT;AAAA,EACF,CAAC;AACH;;;AC/NA,SAAS,cAAc,KAA8D;AACnF,MAAI,QAAQ,OAAW,QAAO;AAC9B,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,GAAG;AAAA,EACzB,QAAQ;AACN,UAAM,IAAI,MAAM,iCAAiC,GAAG,EAAE;AAAA,EACxD;AACA,MAAI,OAAO,WAAW,YAAY,WAAW,QAAQ,MAAM,QAAQ,MAAM,GAAG;AAC1E,UAAM,IAAI,MAAM,2DAA6D;AAAA,EAC/E;AACA,SAAO;AACT;AAGA,eAAe,eACb,QACA,MACA,SACuB;AACvB,QAAM,aAAa,KAAK;AAQxB,UAAQ,KAAK,MAAM;AAAA,IACjB,KAAK;AAEH,aAAO,OAAO,SAAS,WAAW;AAAA,QAChC;AAAA,QACA,OAAO,KAAK;AAAA,QACZ,MAAM,KAAK,UAAU,YAAY;AAAA,QACjC;AAAA,MACF,CAAC;AAAA,IACH,KAAK;AACH,aAAO,OAAO,SAAS,UAAU,EAAE,YAAY,MAAM,KAAK,MAAM,QAAQ,CAAC;AAAA,IAC3E,KAAK;AACH,aAAO,OAAO,SAAS,aAAa;AAAA,QAClC;AAAA,QACA,MAAM,KAAK;AAAA,QACX,OAAO,KAAK;AAAA,QACZ;AAAA,MACF,CAAC;AAAA,EACL;AACF;AAWA,eAAe,eACb,QACA,MACyB;AACzB,QAAM,YAAY,CAAC,cAAoD;AACrE,UAAM,MAAM,EAAE,YAAY,KAAK,YAAY,OAAO,KAAK,SAAS,YAAY,UAAU;AACtF,YAAQ,KAAK,MAAM;AAAA,MACjB,KAAK;AACH,eAAO,OAAO,SAAS,UAAU,GAAsB;AAAA,MACzD,KAAK;AACH,eAAO,OAAO,SAAS,SAAS,GAAqB;AAAA,MACvD,KAAK;AACH,eAAO,OAAO,SAAS,YAAY,GAAwB;AAAA,IAC/D;AAAA,EACF;AAEA,MAAI,KAAK,UAAU,OAAW,SAAQ,MAAM,UAAU,GAAG,QAAQ,CAAC;AAClE,SAAO,WAAW,SAAS;AAC7B;AAGA,eAAe,YAAY,QAA2B,MAAiB,IAAmC;AACxG,UAAQ,MAAM;AAAA,IACZ,KAAK;AACH,aAAO,OAAO,SAAS,QAAQ,EAAE,GAAG,CAAkB;AAAA,IACxD,KAAK;AACH,aAAO,OAAO,SAAS,OAAO,EAAE,GAAG,CAAiB;AAAA,IACtD,KAAK;AACH,aAAO,OAAO,SAAS,UAAU,EAAE,GAAG,CAAoB;AAAA,EAC9D;AACF;AAGA,eAAe,eAAe,QAA2B,MAAiB,IAA2B;AACnG,UAAQ,MAAM;AAAA,IACZ,KAAK;AACH,aAAO,OAAO,SAAS,WAAW,EAAE,GAAG,CAAqB;AAAA,IAC9D,KAAK;AACH,aAAO,OAAO,SAAS,UAAU,EAAE,GAAG,CAAoB;AAAA,IAC5D,KAAK;AACH,aAAO,OAAO,SAAS,aAAa,EAAE,GAAG,CAAuB;AAAA,EACpE;AACF;AAGA,SAAS,eAAe,MAAiB,GAAyB;AAChE,SAAO,gBAAgB;AAAA,IACrB,CAAC,MAAM,EAAE,EAAE;AAAA,IACX,CAAC,eAAe,EAAE,UAAU;AAAA;AAAA,IAE5B,GAAI,SAAS,SACR,CAAC,CAAC,SAAS,EAAE,KAAK,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,IACrC,CAAC,CAAC,QAAQ,EAAE,IAAI,CAAC;AAAA,IACtB,GAAI,SAAS,WAAY,CAAC,CAAC,OAAO,EAAE,KAAK,CAAC,IAAiC,CAAC;AAAA,IAC5E,CAAC,UAAU,EAAE,MAAM;AAAA,IACnB,CAAC,WAAW,EAAE,SAAS;AAAA,EACzB,CAAC;AACH;AAGA,eAAsB,kBAAkB,MAA6B,OAAiB,CAAC,GAAoB;AACzG,MAAI;AACJ,MAAI;AACF,eAAW,cAAc,KAAK,QAAQ;AAAA,EACxC,SAAS,KAAK;AACZ,YAAQ,OAAO,MAAM,YAAO,YAAY,GAAG,CAAC;AAAA,CAAI;AAChD,WAAO;AAAA,EACT;AACA,MAAI,KAAK,SAAS,YAAY,KAAK,KAAK;AACtC,YAAQ,OAAO,MAAM,iDAA4C;AACjE,WAAO;AAAA,EACT;AACA,MAAI,KAAK,SAAS,UAAU,KAAK,SAAS;AACxC,YAAQ,OAAO,MAAM,mDAA8C;AACnE,WAAO;AAAA,EACT;AAEA,MAAI,KAAK,SAAS,UAAU,KAAK,MAAM;AACrC,YAAQ,OAAO,MAAM,+DAA0D;AAC/E,WAAO;AAAA,EACT;AACA,MAAI,KAAK,SAAS,UAAU,KAAK,OAAO;AACtC,YAAQ,OAAO,MAAM,iDAA4C;AACjE,WAAO;AAAA,EACT;AAEA,SAAO,SAAS,MAAM,MAAM,OAAO,SAAS;AAC1C,UAAM,SAAS,KAAK;AACpB,QAAI;AACF,YAAM,UAAU,MAAM,eAAe,QAAQ,MAAM,QAAQ;AAC3D,UAAI,KAAK,MAAM;AACb,gBAAQ,OAAO,MAAM,GAAG,WAAW,OAAO,CAAC;AAAA,CAAI;AAC/C,eAAO;AAAA,MACT;AACA,cAAQ,OAAO,MAAM;AAAA,WAAS,KAAK,IAAI,KAAK,KAAK,UAAU;AAAA,EAAc,eAAe,KAAK,MAAM,OAAO,CAAC;AAAA,CAAI;AAC/G,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,OAAO,MAAM,oCAA+B,YAAY,GAAG,CAAC;AAAA,CAAI;AACxE,aAAO;AAAA,IACT;AAAA,EACF,CAAC;AACH;AAGA,eAAsB,gBAAgB,MAA2B,OAAiB,CAAC,GAAoB;AACrG,SAAO,SAAS,MAAM,MAAM,OAAO,SAAS;AAC1C,UAAM,SAAS,KAAK;AACpB,QAAI;AACF,YAAM,OAAO,MAAM,eAAe,QAAQ,IAAI;AAC9C,UAAI,KAAK,MAAM;AACb,gBAAQ,OAAO,MAAM,GAAG,WAAW,IAAI,CAAC;AAAA,CAAI;AAC5C,eAAO;AAAA,MACT;AACA,cAAQ,OAAO;AAAA,QACb,OACE,YAAY,MAAM;AAAA,UAChB,EAAE,QAAQ,MAAM,KAAK,CAAC,MAAM,EAAE,GAAG;AAAA,UACjC,EAAE,QAAQ,eAAe,KAAK,CAAC,MAAM,EAAE,WAAW;AAAA;AAAA,UAElD,KAAK,SAAS,SACV,EAAE,QAAQ,SAAS,KAAK,CAAC,MAAoB,EAAE,MAAM,IACrD,EAAE,QAAQ,QAAQ,KAAK,CAAC,MAAoB,EAAE,KAAK;AAAA;AAAA,UAEvD,GAAI,KAAK,SAAS,SACd,CAAC,EAAE,QAAQ,QAAQ,KAAK,CAAC,MAAoB,EAAE,KAAK,CAAC,IACrD,KAAK,SAAS,WACZ,CAAC,EAAE,QAAQ,OAAO,KAAK,CAAC,MAAoB,EAAE,MAAM,CAAC,IACrD,CAAC;AAAA,UACP,EAAE,QAAQ,UAAU,KAAK,CAAC,MAAM,EAAE,OAAO;AAAA,QAC3C,CAAC,IACD;AAAA,MACJ;AACA,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,OAAO,MAAM,kCAA6B,YAAY,GAAG,CAAC;AAAA,CAAI;AACtE,aAAO;AAAA,IACT;AAAA,EACF,CAAC;AACH;AAGA,eAAsB,eAAe,MAA0B,OAAiB,CAAC,GAAoB;AACnG,SAAO,SAAS,MAAM,MAAM,OAAO,SAAS;AAC1C,UAAM,SAAS,KAAK;AACpB,QAAI;AACF,YAAM,IAAI,MAAM,YAAY,QAAQ,KAAK,MAAM,KAAK,EAAE;AACtD,UAAI,KAAK,MAAM;AACb,gBAAQ,OAAO,MAAM,GAAG,WAAW,CAAC,CAAC;AAAA,CAAI;AACzC,eAAO;AAAA,MACT;AACA,cAAQ,OAAO,MAAM;AAAA,EAAK,eAAe,KAAK,MAAM,CAAC,CAAC;AAAA,CAAI;AAC1D,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,OAAO,MAAM,iCAA4B,YAAY,GAAG,CAAC;AAAA,CAAI;AACrE,aAAO;AAAA,IACT;AAAA,EACF,CAAC;AACH;AAGA,eAAsB,kBAAkB,MAA0B,OAAiB,CAAC,GAAoB;AACtG,SAAO,SAAS,MAAM,MAAM,OAAO,SAAS;AAC1C,UAAM,SAAS,KAAK;AACpB,QAAI;AACF,YAAM,eAAe,QAAQ,KAAK,MAAM,KAAK,EAAE;AAC/C,cAAQ,OAAO,MAAM,oBAAe,KAAK,IAAI,IAAI,KAAK,EAAE;AAAA,CAAI;AAC5D,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,OAAO,MAAM,oCAA+B,YAAY,GAAG,CAAC;AAAA,CAAI;AACxE,aAAO;AAAA,IACT;AAAA,EACF,CAAC;AACH;;;ACrQA,SAAS,qBAAqB,WAAyB;AACrD,MAAI,CAAC,UAAU,WAAW,MAAM,KAAK,CAAC,UAAU,WAAW,MAAM,GAAG;AAClE,UAAM,IAAI,MAAM,6DAA6D,SAAS,KAAK;AAAA,EAC7F;AACF;AAEA,SAAS,cAAc,GAA8B;AACnD,SAAO,gBAAgB;AAAA,IACrB,CAAC,WAAW,EAAE,SAAS;AAAA,IACvB,CAAC,aAAa,EAAE,WAAW;AAAA,IAC3B,CAAC,QAAQ,EAAE,MAAM;AAAA,IACjB,CAAC,UAAU,EAAE,QAAQ,SAAS,GAAG,EAAE,OAAO,MAAM,eAAe,MAAS;AAAA,IACxE,CAAC,UAAU,EAAE,MAAM;AAAA,EACrB,CAAC;AACH;AAMA,eAAsB,eAAe,MAA0B,OAAiB,CAAC,GAAoB;AACnG,QAAM,UAAU,QAAQ,KAAK,IAAI;AACjC,QAAM,aAAa,QAAQ,KAAK,OAAO;AACvC,MAAI,YAAY,YAAY;AAC1B,YAAQ,OAAO,MAAM,uEAAkE;AACvF,WAAO;AAAA,EACT;AACA,MAAI;AACF,yBAAqB,KAAK,SAAS;AAAA,EACrC,SAAS,KAAK;AACZ,YAAQ,OAAO,MAAM,YAAO,YAAY,GAAG,CAAC;AAAA,CAAI;AAChD,WAAO;AAAA,EACT;AAEA,SAAO,SAAS,MAAM,MAAM,OAAO,SAAS;AAC1C,UAAM,SAAS,KAAK;AACpB,QAAI;AACF,YAAM,SAAS,aACV,CAAC,EAAE,iBAAiB,SAAS,KAAK,OAAiB,EAAE,CAAC,IACvD;AACJ,YAAM,UAAU,MAAM,OAAO,KAAK,oBAAoB;AAAA,QACpD,WAAW,KAAK;AAAA,QAChB,MAAM;AAAA,UACJ,aAAa,KAAK;AAAA,UAClB,QAAQ,KAAK;AAAA,UACb;AAAA,QACF;AAAA,MACF,CAAwB;AAExB,UAAI,KAAK,MAAM;AACb,gBAAQ,OAAO,MAAM,GAAG,WAAW,OAAO,CAAC;AAAA,CAAI;AAC/C,eAAO;AAAA,MACT;AACA,cAAQ,OAAO;AAAA,QACb;AAAA,mBAAiB,KAAK,SAAS,QAAQ,KAAK,OAAO,OAChD,UAAU,cAAc,KAAK,IAAI,MAAM,SAAS,SAAS,KAAK,OAAiB,EAAE,MAAM,gBACxF;AAAA,EAAK,cAAc,OAAO,CAAC;AAAA;AAAA,MAC/B;AACA,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,OAAO,MAAM,iCAA4B,YAAY,GAAG,CAAC;AAAA,CAAI;AACrE,aAAO;AAAA,IACT;AAAA,EACF,CAAC;AACH;AAGA,eAAsB,gBAAgB,MAAwB,OAAiB,CAAC,GAAoB;AAClG,MAAI;AACF,yBAAqB,KAAK,SAAS;AAAA,EACrC,SAAS,KAAK;AACZ,YAAQ,OAAO,MAAM,YAAO,YAAY,GAAG,CAAC;AAAA,CAAI;AAChD,WAAO;AAAA,EACT;AACA,SAAO,SAAS,MAAM,MAAM,OAAO,SAAS;AAC1C,UAAM,SAAS,KAAK;AACpB,QAAI;AACF,YAAM,OAAO,KAAK,oBAAoB,EAAE,WAAW,KAAK,SAAS,aAAa,KAAK,UAAU,CAAC;AAC9F,cAAQ,OAAO,MAAM,oBAAe,KAAK,SAAS,UAAU,KAAK,OAAO;AAAA,CAAK;AAC7E,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,OAAO,MAAM,kCAA6B,YAAY,GAAG,CAAC;AAAA,CAAI;AACtE,aAAO;AAAA,IACT;AAAA,EACF,CAAC;AACH;AAMA,eAAsB,cAAc,MAAyB,OAAiB,CAAC,GAAoB;AACjG,MAAI,QAAQ,KAAK,OAAO,MAAM,QAAQ,KAAK,SAAS,GAAG;AACrD,YAAQ,OAAO,MAAM,qEAAgE;AACrF,WAAO;AAAA,EACT;AACA,MAAI,KAAK,WAAW;AAClB,QAAI;AACF,2BAAqB,KAAK,SAAS;AAAA,IACrC,SAAS,KAAK;AACZ,cAAQ,OAAO,MAAM,YAAO,YAAY,GAAG,CAAC;AAAA,CAAI;AAChD,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO,SAAS,MAAM,MAAM,OAAO,SAAS;AAC1C,UAAM,SAAS,KAAK;AACpB,QAAI;AACF,YAAM,OAAO,KAAK,UACd,MAAM;AAAA,QAAW,CAAC,cAChB,OAAO,KAAK,mBAAmB,EAAE,WAAW,KAAK,SAAS,WAAW,OAAO,WAAW,CAAuB;AAAA,MAChH,IACA,MAAM;AAAA,QAAW,CAAC,cAChB,OAAO,KAAK,yBAAyB,EAAE,aAAa,KAAK,WAAW,WAAW,OAAO,WAAW,CAA2B;AAAA,MAC9H;AAEJ,UAAI,KAAK,MAAM;AACb,gBAAQ,OAAO,MAAM,GAAG,WAAW,IAAI,CAAC;AAAA,CAAI;AAC5C,eAAO;AAAA,MACT;AACA,cAAQ,OAAO;AAAA,QACb,OACE,YAAY,MAAM;AAAA,UAChB,EAAE,QAAQ,WAAW,KAAK,CAAC,MAAM,EAAE,UAAU;AAAA,UAC7C,EAAE,QAAQ,aAAa,KAAK,CAAC,MAAM,EAAE,YAAY;AAAA,UACjD,EAAE,QAAQ,QAAQ,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,SAAS,aAAa,QAAW;AAAA,UACtF,EAAE,QAAQ,UAAU,KAAK,CAAC,MAAM,EAAE,OAAO;AAAA,QAC3C,CAAC,IACD;AAAA,MACJ;AACA,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,OAAO,MAAM,gCAA2B,YAAY,GAAG,CAAC;AAAA,CAAI;AACpE,aAAO;AAAA,IACT;AAAA,EACF,CAAC;AACH;AAGA,eAAsB,aAAa,MAAwB,OAAiB,CAAC,GAAoB;AAC/F,MAAI;AACF,yBAAqB,KAAK,SAAS;AAAA,EACrC,SAAS,KAAK;AACZ,YAAQ,OAAO,MAAM,YAAO,YAAY,GAAG,CAAC;AAAA,CAAI;AAChD,WAAO;AAAA,EACT;AACA,SAAO,SAAS,MAAM,MAAM,OAAO,SAAS;AAC1C,UAAM,SAAS,KAAK;AACpB,QAAI;AACF,YAAM,IAAI,MAAM,OAAO,KAAK,iBAAiB,EAAE,WAAW,KAAK,SAAS,aAAa,KAAK,UAAU,CAAC;AACrG,UAAI,KAAK,MAAM;AACb,gBAAQ,OAAO,MAAM,GAAG,WAAW,CAAC,CAAC;AAAA,CAAI;AACzC,eAAO;AAAA,MACT;AACA,cAAQ,OAAO,MAAM;AAAA,EAAK,cAAc,CAAC,CAAC;AAAA,CAAI;AAC9C,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,OAAO,MAAM,+BAA0B,YAAY,GAAG,CAAC;AAAA,CAAI;AACnE,aAAO;AAAA,IACT;AAAA,EACF,CAAC;AACH;;;AC3KA,SAAS,WAAW,GAAqB;AACvC,SAAO,gBAAgB;AAAA,IACrB,CAAC,WAAW,EAAE,MAAM;AAAA,IACpB,CAAC,QAAQ,EAAE,IAAI;AAAA,IACf,CAAC,WAAW,EAAE,SAAS;AAAA,IACvB,CAAC,eAAe,EAAE,WAAW;AAAA,IAC7B,CAAC,UAAU,EAAE,QAAQ,SAAS,GAAG,EAAE,OAAO,MAAM,eAAe,MAAS;AAAA,EAC1E,CAAC;AACH;AAMA,eAAsB,cAAc,MAAyB,OAAiB,CAAC,GAAoB;AACjG,QAAM,UAAU,SAAS,KAAK,OAAO;AACrC,MAAI,QAAQ,WAAW,GAAG;AACxB,YAAQ,OAAO,MAAM,iFAA4E;AACjG,WAAO;AAAA,EACT;AAEA,SAAO,SAAS,MAAM,MAAM,OAAO,SAAS;AAC1C,UAAM,SAAS,KAAK;AACpB,QAAI;AACF,YAAM,OAAO,MAAM,OAAO,KAAK,WAAW;AAAA,QACxC,WAAW,KAAK;AAAA,QAChB,MAAM;AAAA,UACJ,QAAQ,KAAK;AAAA,UACb,MAAM,KAAK;AAAA,UACX,aAAa,KAAK;AAAA,UAClB,QAAQ,CAAC,EAAE,iBAAiB,QAAQ,CAAC;AAAA,QACvC;AAAA,MACF,CAAqB;AAErB,UAAI,KAAK,MAAM;AACb,gBAAQ,OAAO,MAAM,GAAG,WAAW,IAAI,CAAC;AAAA,CAAI;AAC5C,eAAO;AAAA,MACT;AACA,cAAQ,OAAO,MAAM;AAAA,iBAAe,KAAK,MAAM,iBAAiB,KAAK,OAAO;AAAA,EAAM,WAAW,IAAI,CAAC;AAAA,CAAI;AACtG,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,OAAO,MAAM,gCAA2B,YAAY,GAAG,CAAC;AAAA,CAAI;AACpE,aAAO;AAAA,IACT;AAAA,EACF,CAAC;AACH;AAGA,eAAsB,YAAY,MAAuB,OAAiB,CAAC,GAAoB;AAC7F,SAAO,SAAS,MAAM,MAAM,OAAO,SAAS;AAC1C,UAAM,SAAS,KAAK;AACpB,QAAI;AACF,YAAM,OAAO,MAAM;AAAA,QAAW,CAAC,cAC7B,OAAO,KAAK,UAAU,EAAE,WAAW,KAAK,SAAS,WAAW,OAAO,WAAW,CAAoB;AAAA,MACpG;AACA,UAAI,KAAK,MAAM;AACb,gBAAQ,OAAO,MAAM,GAAG,WAAW,IAAI,CAAC;AAAA,CAAI;AAC5C,eAAO;AAAA,MACT;AACA,cAAQ,OAAO;AAAA,QACb,OACE,YAAY,MAAM;AAAA,UAChB,EAAE,QAAQ,WAAW,KAAK,CAAC,MAAM,EAAE,OAAO;AAAA,UAC1C,EAAE,QAAQ,QAAQ,KAAK,CAAC,MAAM,EAAE,KAAK;AAAA,UACrC,EAAE,QAAQ,UAAU,KAAK,CAAC,MAAO,EAAE,QAAQ,SAAS,GAAG,EAAE,OAAO,MAAM,KAAK,OAAW;AAAA,QACxF,CAAC,IACD;AAAA,MACJ;AACA,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,OAAO,MAAM,8BAAyB,YAAY,GAAG,CAAC;AAAA,CAAI;AAClE,aAAO;AAAA,IACT;AAAA,EACF,CAAC;AACH;AAGA,eAAsB,WAAW,MAAsB,OAAiB,CAAC,GAAoB;AAC3F,SAAO,SAAS,MAAM,MAAM,OAAO,SAAS;AAC1C,UAAM,SAAS,KAAK;AACpB,QAAI;AACF,YAAM,IAAI,MAAM,OAAO,KAAK,QAAQ,EAAE,WAAW,KAAK,SAAS,QAAQ,KAAK,OAAO,CAAkB;AACrG,UAAI,KAAK,MAAM;AACb,gBAAQ,OAAO,MAAM,GAAG,WAAW,CAAC,CAAC;AAAA,CAAI;AACzC,eAAO;AAAA,MACT;AACA,cAAQ,OAAO,MAAM;AAAA,EAAK,WAAW,CAAC,CAAC;AAAA,CAAI;AAC3C,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,OAAO,MAAM,6BAAwB,YAAY,GAAG,CAAC;AAAA,CAAI;AACjE,aAAO;AAAA,IACT;AAAA,EACF,CAAC;AACH;AAMA,eAAsB,cAAc,MAAsB,OAAiB,CAAC,GAAoB;AAC9F,SAAO,SAAS,MAAM,MAAM,OAAO,SAAS;AAC1C,UAAM,SAAS,KAAK;AACpB,QAAI;AACF,YAAM,OAAO,KAAK,WAAW,EAAE,WAAW,KAAK,SAAS,QAAQ,KAAK,OAAO,CAAqB;AACjG,cAAQ,OAAO;AAAA,QACb,0BAAqB,KAAK,MAAM,WAAW,KAAK,OAAO;AAAA;AAAA;AAAA,MAEzD;AACA,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,OAAO,MAAM,gCAA2B,YAAY,GAAG,CAAC;AAAA,CAAI;AACpE,aAAO;AAAA,IACT;AAAA,EACF,CAAC;AACH;;;AClIA,SAAS,cAAc,GAAwB;AAC7C,SAAO,gBAAgB;AAAA,IACrB,CAAC,WAAW,EAAE,SAAS;AAAA,IACvB,CAAC,QAAQ,EAAE,IAAI;AAAA,IACf,CAAC,eAAe,EAAE,WAAW;AAAA,EAC/B,CAAC;AACH;AAGA,eAAsB,iBAAiB,MAA4B,OAAiB,CAAC,GAAoB;AAGvG,SAAO,SAAS,EAAE,GAAG,MAAM,cAAc,KAAK,GAAG,MAAM,OAAO,SAAS;AACrE,UAAM,SAAS,KAAK;AACpB,QAAI;AAGF,YAAM,MAAM,MAAM,OAAO,KAAK,iBAAiB;AAAA,QAC7C,WAAW,KAAK;AAAA,QAChB,MAAM,KAAK,QAAQ,KAAK;AAAA,MAC1B,CAAwB;AACxB,UAAI,KAAK,MAAM;AACb,gBAAQ,OAAO,MAAM,GAAG,WAAW,GAAG,CAAC;AAAA,CAAI;AAC3C,eAAO;AAAA,MACT;AACA,cAAQ,OAAO,MAAM;AAAA,oBAAkB,KAAK,SAAS;AAAA,EAAc,cAAc,GAAG,CAAC;AAAA,CAAI;AACzF,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,OAAO,MAAM,mCAA8B,YAAY,GAAG,CAAC;AAAA,CAAI;AACvE,aAAO;AAAA,IACT;AAAA,EACF,CAAC;AACH;AAGA,eAAsB,eAAe,MAAyB,OAAiB,CAAC,GAAoB;AAClG,SAAO,SAAS,MAAM,MAAM,OAAO,SAAS;AAC1C,UAAM,SAAS,KAAK;AACpB,QAAI;AACF,YAAM,OAAO,MAAM;AAAA,QAAW,CAAC,cAC7B,OAAO,KAAK,gBAAgB,EAAE,WAAW,OAAO,WAAW,CAAuB;AAAA,MACpF;AACA,UAAI,KAAK,MAAM;AACb,gBAAQ,OAAO,MAAM,GAAG,WAAW,IAAI,CAAC;AAAA,CAAI;AAC5C,eAAO;AAAA,MACT;AACA,cAAQ,OAAO;AAAA,QACb,OACE,YAAY,MAAM;AAAA,UAChB,EAAE,QAAQ,WAAW,KAAK,CAAC,MAAM,EAAE,UAAU;AAAA,UAC7C,EAAE,QAAQ,QAAQ,KAAK,CAAC,MAAM,EAAE,KAAK;AAAA,UACrC,EAAE,QAAQ,eAAe,KAAK,CAAC,MAAM,EAAE,YAAY;AAAA,QACrD,CAAC,IACD;AAAA,MACJ;AACA,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,OAAO,MAAM,iCAA4B,YAAY,GAAG,CAAC;AAAA,CAAI;AACrE,aAAO;AAAA,IACT;AAAA,EACF,CAAC;AACH;AAGA,eAAsB,cAAc,MAAyB,OAAiB,CAAC,GAAoB;AAGjG,SAAO,SAAS,EAAE,GAAG,MAAM,SAAS,KAAK,UAAU,GAAG,MAAM,OAAO,SAAS;AAC1E,UAAM,SAAS,KAAK;AACpB,QAAI;AACF,YAAM,MAAM,MAAM,OAAO,KAAK,cAAc,EAAE,WAAW,KAAK,UAAU,CAAqB;AAC7F,UAAI,KAAK,MAAM;AACb,gBAAQ,OAAO,MAAM,GAAG,WAAW,GAAG,CAAC;AAAA,CAAI;AAC3C,eAAO;AAAA,MACT;AACA,cAAQ,OAAO,MAAM;AAAA,EAAK,cAAc,GAAG,CAAC;AAAA,CAAI;AAChD,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,OAAO,MAAM,gCAA2B,YAAY,GAAG,CAAC;AAAA,CAAI;AACpE,aAAO;AAAA,IACT;AAAA,EACF,CAAC;AACH;;;ACjHA,SAAS,oBAAiC;AAC1C,OAAO,UAAU;AAsCjB,SAAS,mBAAmB,KAAmB;AAC7C,OAAK,KAAK,GAAG,EAAE,MAAM,MAAM;AAAA,EAE3B,CAAC;AACH;AAQA,eAAe,cACb,OACA,QACyB;AACzB,QAAM,SAAS,aAAa,CAAC,KAAK,QAAQ;AACxC,UAAM,SAAS,cAAc,IAAI,OAAO,GAAG;AAC3C,UAAM,OAAO,QAAQ,OAAO,QAAQ,OAAO,KAAK;AAChD,QAAI,UAAU,OAAO,MAAM,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAC/D,QAAI;AAAA,MACF,OACI,2IACA;AAAA,IACN;AACA,QAAI,KAAM,QAAO,MAAM;AAAA,EACzB,CAAC;AAED,aAAW,QAAQ,OAAO;AACxB,UAAM,KAAK,MAAM,IAAI,QAAiB,CAAC,YAAY;AACjD,YAAM,QAAQ,MAAY;AACxB,eAAO,eAAe,SAAS,KAAK;AACpC,gBAAQ,KAAK;AAAA,MACf;AACA,aAAO,KAAK,SAAS,KAAK;AAM1B,aAAO,OAAO,MAAM,aAAa,MAAM;AACrC,eAAO,eAAe,SAAS,KAAK;AACpC,gBAAQ,IAAI;AAAA,MACd,CAAC;AAAA,IACH,CAAC;AACD,QAAI,GAAI,QAAO,EAAE,QAAQ,KAAK;AAAA,EAChC;AACA,QAAM,IAAI,MAAM,+BAA+B,MAAM,KAAK,IAAI,CAAC,iDAA4C;AAC7G;AAGA,eAAsB,SAAS,MAAoB,OAAkB,CAAC,GAAoB;AACxF,QAAM,MAAM,KAAK,OAAOC,cAAa;AACrC,QAAM,cAAc,KAAK,eAAe;AACxC,QAAM,YAAY,KAAK,aAAa;AACpC,QAAM,QAAQ,KAAK,SAAS;AAC5B,QAAM,YAAY,KAAK,aAAa;AAEpC,MAAI;AACJ,MAAI;AACF,aAAS,qBAAqB,KAAK,GAAG;AAAA,EACxC,SAAS,KAAK;AACZ,QAAI,eAAe,6BAA6B;AAC9C,cAAQ,OAAO,MAAM,YAAO,IAAI,OAAO;AAAA,CAAI;AAC3C,aAAO;AAAA,IACT;AACA,YAAQ,OAAO,MAAM,YAAO,YAAY,GAAG,CAAC;AAAA,CAAI;AAChD,WAAO;AAAA,EACT;AAEA,QAAM,EAAE,UAAU,UAAU,IAAI,aAAa;AAC7C,QAAM,QAAQ,cAAc;AAE5B,MAAI;AACJ,QAAM,cAAc,IAAI,QAA0C,CAAC,YAAY;AAC7E,kBAAc;AAAA,EAChB,CAAC;AAED,MAAI;AACJ,MAAI;AACF,eAAW,MAAM,cAAc,OAAO,WAAW;AAAA,EACnD,SAAS,KAAK;AACZ,YAAQ,OAAO,MAAM,YAAO,YAAY,GAAG,CAAC;AAAA,CAAI;AAChD,WAAO;AAAA,EACT;AACA,QAAM,cAAc,eAAe,SAAS,IAAI;AAChD,QAAM,eAAe,kBAAkB,QAAQ,EAAE,aAAa,WAAW,MAAM,CAAC;AAEhF,MAAI;AACF,QAAI,KAAK,WAAW;AAClB,cAAQ,OAAO;AAAA,QACb;AAAA,8CAAiD,KAAK,GAAG;AAAA,MAAW,YAAY;AAAA,gCAC7C,WAAW;AAAA;AAAA,MAChD;AAAA,IACF,OAAO;AACL,cAAQ,OAAO;AAAA,QACb;AAAA,qCAAwC,KAAK,GAAG;AAAA;AAAA,MACT,YAAY;AAAA,gCAChB,WAAW;AAAA;AAAA,MAChD;AACA,YAAM,YAAY,YAAY;AAAA,IAChC;AAEA,UAAM,SAAS,MAAM,YAAY,aAAa,SAAS;AACvD,QAAI,OAAO,OAAO;AAChB,YAAM,IAAI,MAAM,yBAAyB,OAAO,KAAK,GAAG,OAAO,mBAAmB,WAAM,OAAO,gBAAgB,KAAK,EAAE,EAAE;AAAA,IAC1H;AACA,QAAI,OAAO,UAAU,OAAO;AAC1B,YAAM,IAAI,MAAM,iEAA4D;AAAA,IAC9E;AACA,QAAI,CAAC,OAAO,MAAM;AAChB,YAAM,IAAI,MAAM,wCAAwC;AAAA,IAC1D;AAEA,UAAM,SAAS,MAAM,aAAa,QAAQ,EAAE,MAAM,OAAO,MAAM,aAAa,SAAS,GAAG,SAAS;AACjG,QAAI,CAAC,OAAO,eAAe;AACzB,YAAM,IAAI,MAAM,6EAAwE;AAAA,IAC1F;AAEA,UAAM;AAAA,MACJ,EAAE,KAAK,KAAK,KAAK,cAAc,OAAO,eAAe,YAAY,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,EAAE;AAAA,MAC/F,KAAK;AAAA,IACP;AACA,QAAI,MAAM,EAAE,WAAW,SAAS,KAAK,KAAK,IAAI,GAAG,sBAAsB;AACvE,YAAQ,OAAO,MAAM;AAAA,sBAAoB,KAAK,GAAG,gCAAgC,KAAK,GAAG;AAAA,CAAI;AAC7F,WAAO;AAAA,EACT,SAAS,KAAK;AACZ,YAAQ,OAAO,MAAM;AAAA,yBAAuB,YAAY,GAAG,CAAC;AAAA,CAAI;AAChE,WAAO;AAAA,EACT,UAAE;AACA,aAAS,OAAO,MAAM;AAAA,EACxB;AACF;AAGA,eAAsB,UAAU,OAAqB,OAAkB,CAAC,GAAoB;AAC1F,QAAM,UAAU,MAAM,aAAa,KAAK,OAAO;AAC/C,UAAQ,OAAO,MAAM,UAAU,6CAAwC,wBAAwB;AAC/F,SAAO;AACT;AAGA,SAAS,YAAe,GAAe,IAAwB;AAC7D,SAAO,IAAI,QAAW,CAAC,SAAS,WAAW;AACzC,UAAM,IAAI,WAAW,MAAM,OAAO,IAAI,MAAM,mBAAmB,KAAK,MAAM,KAAK,GAAI,CAAC,oCAAoC,CAAC,GAAG,EAAE;AAC9H,MAAE;AAAA,MACA,CAAC,MAAM;AACL,qBAAa,CAAC;AACd,gBAAQ,CAAC;AAAA,MACX;AAAA,MACA,CAAC,MAAM;AACL,qBAAa,CAAC;AACd,eAAO,CAAC;AAAA,MACV;AAAA,IACF;AAAA,EACF,CAAC;AACH;;;AC1LA,SAAS,YAAYC,WAAU;AAC/B,YAAYC,SAAQ;AACpB,YAAYC,WAAU;AACtB,SAAS,cAAAC,mBAAkB;;;ACgM3B,IAAM,SAAS,CAAC,MAAwB,aAAa,QAAQ,EAAE,UAAU,OAAO,CAAC;AAajF,IAAM,aAAa,CAAC,MAClB,OAAO,MAAM,YAAY,MAAM,QAAS,EAA8B,eAAe;AASvF,IAAM,qBAAqB;AAE3B,eAAe,gBAAgB,QAA0B,WAAkD;AACzG,QAAM,sBAAsB,oBAAI,IAAY;AAC5C,QAAM,4BAA4B,oBAAI,IAAY;AAClD,QAAM,kBAAkB,oBAAI,IAAY;AACxC,MAAI,SAAS;AACb,MAAI;AAMF,QAAI;AACJ,eAAS;AACP,YAAM,OAAO,MAAM,OAAO,QAAQ,YAAY,EAAE,OAAO,oBAAoB,WAAW,OAAO,CAAC;AAC9F,iBAAW,KAAK,KAAK,QAAQ,CAAC,EAAG,KAAI,EAAE,SAAU,qBAAoB,IAAI,EAAE,QAAQ;AACnF,YAAM,OAAO,KAAK;AAClB,UAAI,CAAC,KAAM;AACX,eAAS;AAAA,IACX;AAAA,EACF,SAAS,GAAG;AACV,QAAI,CAAC,WAAW,CAAC,EAAG,UAAS;AAAA,EAC/B;AACA,MAAI;AAIF,QAAI;AACJ,eAAS;AACP,YAAM,OAAO,MAAM,OAAO,KAAK,mBAAmB;AAAA,QAChD,WAAW,UAAU;AAAA,QACrB,OAAO;AAAA,QACP;AAAA,MACF,CAAC;AACD,iBAAW,KAAK,KAAK,QAAQ,CAAC,EAAG,KAAI,EAAE,YAAa,2BAA0B,IAAI,EAAE,WAAW;AAC/F,YAAM,OAAO,KAAK;AAClB,UAAI,CAAC,KAAM;AACX,kBAAY;AAAA,IACd;AAAA,EACF,SAAS,GAAG;AACV,QAAI,CAAC,WAAW,CAAC,EAAG,UAAS;AAAA,EAC/B;AACA,MAAI;AAGF,QAAI;AACJ,eAAS;AACP,YAAM,OAAO,MAAM,OAAO,KAAK,UAAU;AAAA,QACvC,WAAW,UAAU;AAAA,QACrB,OAAO;AAAA,QACP;AAAA,MACF,CAAC;AACD,iBAAW,KAAK,KAAK,QAAQ,CAAC,EAAG,KAAI,EAAE,OAAQ,iBAAgB,IAAI,EAAE,MAAM;AAC3E,YAAM,OAAO,KAAK;AAClB,UAAI,CAAC,KAAM;AACX,kBAAY;AAAA,IACd;AAAA,EACF,SAAS,GAAG;AACV,QAAI,CAAC,WAAW,CAAC,EAAG,UAAS;AAAA,EAC/B;AACA,SAAO,EAAE,qBAAqB,2BAA2B,iBAAiB,OAAO;AACnF;AAGA,eAAe,cACb,QACA,MACA,WACA,UACA,QAC4B;AAC5B,QAAM,aAAgC,CAAC;AAYvC,MAAI;AACF,UAAM,OAAO,MAAM,KAAK,YAAY,OAAO,MAAM;AACjD,UAAM,cAAc,UAAU,cAAc;AAC5C,UAAM,MAAM,KAAK,kBAAkB,CAAC;AACpC,UAAM,UAAU,YAAY,OAAO,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,CAAC;AAC1D,UAAM,KACJ,KAAK,kBAAkB,gBAAgB,KAAK,aAAa,YAAY,QAAQ,WAAW;AAC1F,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN;AAAA,MACA,QAAQ,KACJ,+CAA+C,QAAQ,cAAc,IAAI,KAAK,IAAI,CAAC,MACnF,iBAAiB,KAAK,aAAa,WAAW,KAAK,QAAQ,MAC1D,QAAQ,SAAS,qBAAqB,QAAQ,KAAK,IAAI,CAAC,MAAM;AAAA,IACrE,CAAC;AAAA,EACH,SAAS,GAAG;AACV,eAAW,KAAK,EAAE,MAAM,cAAc,IAAI,OAAO,QAAQ,2BAA2B,OAAO,CAAC,CAAC,GAAG,CAAC;AAAA,EACnG;AAGA,MAAI;AACF,UAAM,MAAM,MAAM,OAAO,KAAK,cAAc,EAAE,WAAW,UAAU,UAAU,CAAC;AAC9E,UAAM,KAAK,IAAI,cAAc,UAAU;AACvC,eAAW,KAAK;AAAA,MACd,MAAM;AAAA,MACN;AAAA,MACA,QAAQ,KAAK,YAAY,UAAU,SAAS,cAAc,aAAa,UAAU,SAAS,WAAW,IAAI,aAAa,QAAQ;AAAA,IAChI,CAAC;AAAA,EACH,SAAS,GAAG;AACV,eAAW,KAAK,EAAE,MAAM,WAAW,IAAI,OAAO,QAAQ,yBAAyB,OAAO,CAAC,CAAC,GAAG,CAAC;AAAA,EAC9F;AAGA,aAAW,CAAC,UAAU,QAAQ,KAAK,OAAO,QAAQ,OAAO,SAAS,GAAG;AACnE,QAAI;AACF,YAAM,SAAS,MAAM,OAAO,QAAQ,UAAU,EAAE,IAAI,SAAS,CAAC;AAC9D,YAAM,KAAK,OAAO,aAAa;AAC/B,iBAAW,KAAK;AAAA,QACd,MAAM,UAAU,QAAQ;AAAA,QACxB;AAAA,QACA,QAAQ,KAAK,WAAW,QAAQ,MAAM,QAAQ,eAAe,UAAU,QAAQ,cAAc,OAAO,YAAY,QAAQ,aAAQ,QAAQ;AAAA,MAC1I,CAAC;AAAA,IACH,SAAS,GAAG;AACV,iBAAW,KAAK,EAAE,MAAM,UAAU,QAAQ,IAAI,IAAI,OAAO,QAAQ,aAAa,QAAQ,aAAa,OAAO,CAAC,CAAC,GAAG,CAAC;AAAA,IAClH;AAAA,EACF;AASA,aAAW,OAAO,UAAU,QAAQ,CAAC,GAAG;AACtC,QAAI;AACF,YAAM,OAAO,MAAM,OAAO,QAAQ,cAAc;AAAA,QAC9C,MAAM,IAAI;AAAA,QACV,OAAO;AAAA,QACP,OAAO,IAAI;AAAA,MACb,CAAC;AACD,YAAM,MAAM,KAAK,QAAQ,CAAC,GAAG,UAAU;AACvC,iBAAW,KAAK;AAAA,QACd,MAAM,mBAAmB,IAAI,UAAU;AAAA,QACvC;AAAA,QACA,QAAQ,KACJ,IAAI,IAAI,QAAQ,kCAAkC,IAAI,UAAU,MAChE,IAAI,IAAI,QAAQ,sBAAsB,IAAI,UAAU;AAAA,MAC1D,CAAC;AAAA,IACH,SAAS,GAAG;AACV,iBAAW,KAAK;AAAA,QACd,MAAM,mBAAmB,IAAI,UAAU;AAAA,QACvC,IAAI;AAAA,QACJ,QAAQ,6BAA6B,IAAI,UAAU,cAAc,OAAO,CAAC,CAAC;AAAA,MAC5E,CAAC;AAAA,IACH;AAAA,EACF;AAKA,MAAI,OAAO,QAAQ,SAAS,GAAG;AAC7B,QAAI;AACF,YAAM,UAAU,oBAAI,IAAY;AAChC,UAAI;AACJ,iBAAS;AACP,cAAM,OAAO,MAAM,OAAO,KAAK,UAAU,EAAE,WAAW,UAAU,WAAW,OAAO,KAAK,UAAU,CAAC;AAClG,mBAAW,KAAK,KAAK,QAAQ,CAAC,EAAG,KAAI,EAAE,OAAQ,SAAQ,IAAI,EAAE,MAAM;AACnE,cAAM,OAAO,KAAK;AAClB,YAAI,CAAC,KAAM;AACX,oBAAY;AAAA,MACd;AACA,iBAAW,UAAU,OAAO,SAAS;AACnC,cAAM,KAAK,QAAQ,IAAI,MAAM;AAC7B,mBAAW,KAAK;AAAA,UACd,MAAM,QAAQ,MAAM;AAAA,UACpB;AAAA,UACA,QAAQ,KAAK,SAAS,MAAM,iBAAiB,UAAU,SAAS,MAAM,SAAS,MAAM,mBAAmB,UAAU,SAAS;AAAA,QAC7H,CAAC;AAAA,MACH;AAAA,IACF,SAAS,GAAG;AACV,iBAAW,UAAU,OAAO,SAAS;AACnC,mBAAW,KAAK,EAAE,MAAM,QAAQ,MAAM,IAAI,IAAI,OAAO,QAAQ,qBAAqB,OAAO,CAAC,CAAC,GAAG,CAAC;AAAA,MACjG;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAcA,eAAe,YACb,QACA,WACA,WACA,UACA,QAC2B;AAC3B,QAAM,QAA0B,CAAC;AACjC,QAAM,UAAU,QAAQ,WAAW,WAAW,UAAU,MAAM,SAAS;AAIvE,MAAI;AAIF,UAAM,OAAO,MAAM,OAAO,KAAK,eAAe;AAC9C,UAAM,OAAO,KAAK,QAAQ,CAAC;AAC3B,UAAM,QAAQ,KAAK;AAAA,MACjB,CAAC,MACC,EAAE,YAAY,WACd,EAAE,cAAc,UAAU,cACzB,SAAS,EAAE,WAAW,OAAO,yBAAyB,SACvD,EAAE,WAAW;AAAA,IACjB;AACA,QAAI,OAAO,OAAO;AAChB,YAAM,OAAO,KAAK,gBAAgB,EAAE,OAAO,MAAM,MAAM,CAAC;AACxD,YAAM,KAAK,EAAE,MAAM,cAAc,OAAO,IAAI,IAAI,KAAK,CAAC;AAAA,IACxD,OAAO;AACL,YAAM,KAAK,EAAE,MAAM,cAAc,OAAO,IAAI,IAAI,MAAM,SAAS,MAAM,OAAO,uCAAuC,CAAC;AAAA,IACtH;AAAA,EACF,SAAS,GAAG;AACV,UAAM,KAAK,EAAE,MAAM,cAAc,OAAO,IAAI,IAAI,OAAO,OAAO,OAAO,CAAC,EAAE,CAAC;AAAA,EAC3E;AAGA,MAAI,CAAC,OAAQ,QAAO;AAIpB,aAAW,MAAM,OAAO,iBAAiB;AACvC,QAAI;AACF,YAAM,OAAO,QAAQ,aAAa,EAAE,GAAG,CAAC;AACxC,YAAM,KAAK,EAAE,MAAM,iBAAiB,EAAE,IAAI,IAAI,KAAK,CAAC;AAAA,IACtD,SAAS,GAAG;AACV,YAAM,KAAK,EAAE,MAAM,iBAAiB,EAAE,IAAI,IAAI,OAAO,OAAO,OAAO,CAAC,EAAE,CAAC;AAAA,IACzE;AAAA,EACF;AAIA,QAAM,cAAc,OAAO,OAAO,sBAAsB;AACxD,MAAI,SAAS,QAAQ;AACnB,UAAM,KAAK,EAAE,MAAM,yBAAyB,WAAW,IAAI,IAAI,MAAM,SAAS,MAAM,OAAO,mEAA8D,CAAC;AAAA,EAC5J,WAAW,SAAS,0BAA0B,IAAI,WAAW,GAAG;AAC9D,UAAM,KAAK,EAAE,MAAM,yBAAyB,WAAW,IAAI,IAAI,MAAM,SAAS,MAAM,OAAO,sCAAiC,CAAC;AAAA,EAC/H,OAAO;AACL,QAAI;AACF,YAAM,OAAO,KAAK,oBAAoB,EAAE,WAAW,UAAU,WAAW,YAAY,CAAC;AACrF,YAAM,KAAK,EAAE,MAAM,yBAAyB,WAAW,IAAI,IAAI,KAAK,CAAC;AAAA,IACvE,SAAS,GAAG;AACV,YAAM,KAAK,EAAE,MAAM,yBAAyB,WAAW,IAAI,IAAI,OAAO,OAAO,OAAO,CAAC,EAAE,CAAC;AAAA,IAC1F;AAAA,EACF;AAKA,aAAW,UAAU,OAAO,SAAS;AACnC,QAAI,SAAS,QAAQ;AACnB,YAAM,KAAK,EAAE,MAAM,eAAe,MAAM,IAAI,IAAI,MAAM,SAAS,MAAM,OAAO,mEAA8D,CAAC;AAC3I;AAAA,IACF;AACA,QAAI,SAAS,gBAAgB,IAAI,MAAM,GAAG;AACxC,YAAM,KAAK,EAAE,MAAM,eAAe,MAAM,IAAI,IAAI,MAAM,SAAS,MAAM,OAAO,sCAAiC,CAAC;AAC9G;AAAA,IACF;AACA,QAAI;AACF,YAAM,OAAO,KAAK,WAAW,EAAE,WAAW,UAAU,WAAW,OAAO,CAAC;AACvE,YAAM,KAAK,EAAE,MAAM,eAAe,MAAM,IAAI,IAAI,KAAK,CAAC;AAAA,IACxD,SAAS,GAAG;AACV,YAAM,KAAK,EAAE,MAAM,eAAe,MAAM,IAAI,IAAI,OAAO,OAAO,OAAO,CAAC,EAAE,CAAC;AAAA,IAC3E;AAAA,EACF;AAIA,QAAM,WAAoC,CAAC;AAC3C,aAAW,CAAC,UAAU,QAAQ,KAAK,OAAO,QAAQ,OAAO,SAAS,GAAG;AACnE,QAAI,SAAS,QAAQ;AACnB,YAAM,KAAK,EAAE,MAAM,iBAAiB,QAAQ,IAAI,IAAI,MAAM,SAAS,MAAM,OAAO,mEAA8D,CAAC;AAC/I;AAAA,IACF;AACA,QAAI,SAAS,oBAAoB,IAAI,QAAQ,GAAG;AAC9C,YAAM,KAAK,EAAE,MAAM,iBAAiB,QAAQ,IAAI,IAAI,MAAM,SAAS,MAAM,OAAO,sCAAiC,CAAC;AAClH;AAAA,IACF;AACA,aAAS,KAAK,CAAC,UAAU,QAAQ,CAAC;AAAA,EACpC;AAKA,QAAM,YAAY,oBAAI,IAAoB;AAC1C,SAAO,SAAS,SAAS,GAAG;AAC1B,UAAM,SAAS,SAAS;AACxB,aAAS,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;AAC7C,YAAM,CAAC,UAAU,QAAQ,IAAI,SAAS,CAAC;AACvC,UAAI;AACF,cAAM,OAAO,QAAQ,aAAa,EAAE,IAAI,SAAS,CAAC;AAClD,cAAM,KAAK,EAAE,MAAM,iBAAiB,QAAQ,IAAI,IAAI,KAAK,CAAC;AAC1D,iBAAS,OAAO,GAAG,CAAC;AAAA,MACtB,SAAS,GAAG;AACV,kBAAU,IAAI,UAAU,OAAO,CAAC,CAAC;AAAA,MACnC;AAAA,IACF;AACA,QAAI,SAAS,WAAW,OAAQ;AAAA,EAClC;AACA,aAAW,CAAC,QAAQ,KAAK,UAAU;AACjC,UAAM,KAAK,EAAE,MAAM,iBAAiB,QAAQ,IAAI,IAAI,OAAO,OAAO,UAAU,IAAI,QAAQ,KAAK,mBAAmB,CAAC;AAAA,EACnH;AAEA,SAAO;AACT;AAWA,eAAsB,oBACpB,QACA,OACA,MACwB;AACxB,QAAM,EAAE,WAAW,UAAU,WAAW,YAAY,OAAO,OAAO,KAAK,iBAAiB,IAAI;AAQ5F,QAAM,SAAS,qBAAqB,YAAuC;AAO3E,MAAI;AACJ,MAAI,kBAAkB;AACpB,QAAI;AACF,iBAAW,MAAM,gBAAgB,MAAM,iBAAiB,UAAU,SAAS,GAAG,SAAS;AAAA,IACzF,SAAS,GAAG;AAOV,iBAAW;AAAA,QACT,qBAAqB,oBAAI,IAAI;AAAA,QAC7B,2BAA2B,oBAAI,IAAI;AAAA,QACnC,iBAAiB,oBAAI,IAAI;AAAA,QACzB,QAAQ,CAAC,WAAW,CAAC;AAAA,MACvB;AAAA,IACF;AAAA,EACF,OAAO;AACL,eAAW,MAAM,gBAAgB,QAAQ,SAAS;AAAA,EACpD;AAEA,MAAI;AACJ,MAAI,aAAgC,CAAC;AACrC,MAAI;AAEJ,MAAI;AAIF,aAAS,MAAM,UAAU,QAAQ,EAAE,WAAW,UAAU,WAAW,YAAY,KAAK,iBAAiB,CAAC;AACtG,QAAI,MAAM,EAAE,WAAW,WAAW,WAAW,OAAO,WAAW,SAAS,OAAO,QAAQ,GAAG,SAAS;AAInG,iBAAa,MAAM,cAAc,MAAM,OAAO,UAAU,SAAS,GAAG,MAAM,WAAW,UAAU,MAAM;AAAA,EACvG,SAAS,GAAG;AACV,iBAAa,OAAO,CAAC;AACrB,QAAI,KAAK,EAAE,WAAW,WAAW,KAAK,WAAW,GAAG,oBAAoB;AAAA,EAC1E;AAKA,MAAI,WAA6B,CAAC;AAClC,MAAI,CAAC,MAAM;AACT,QAAI,WAAW;AACf,QAAI;AACF,iBAAW,MAAM,OAAO,UAAU,SAAS;AAAA,IAC7C,QAAQ;AAAA,IAER;AACA,eAAW,MAAM,YAAY,UAAU,WAAW,WAAW,UAAU,MAAM;AAAA,EAC/E;AAEA,QAAM,SAAS,eAAe,UAAa,WAAW,SAAS,KAAK,WAAW,MAAM,CAAC,MAAM,EAAE,EAAE;AAEhG,SAAO;AAAA,IACL;AAAA,IACA,SAAS,SACL;AAAA,MACE,WAAW,OAAO;AAAA,MAClB,aAAa,OAAO,OAAO,sBAAsB;AAAA,MACjD,SAAS,OAAO;AAAA,MAChB,WAAW,OAAO;AAAA,MAClB,WAAW,OAAO;AAAA,MAClB,aAAa,OAAO;AAAA,IACtB,IACA;AAAA,IACJ;AAAA,IACA;AAAA,IACA,MAAM;AAAA,IACN,OAAO;AAAA,EACT;AACF;;;AD7mBA,eAAsB,qBAAqB,YAAwC;AACjF,QAAM,MAAe,cAAc,UAAU,IAAI,MAAM,kBAAkB,UAAU,IAAI,aAAa,UAAU;AAC9G,MAAI,CAAC,KAAK;AACR,UAAM,IAAI;AAAA,MACR,sBAAsB,UAAU,iDAAiD,gBAAgB,KAAK,IAAI,CAAC;AAAA,IAC7G;AAAA,EACF;AACA,SAAO,kBAAkB,GAAG;AAC9B;AAGA,SAAS,aAAa,WAAsB,KAAa,QAA+B;AACtF,QAAM,QAAkB,CAAC;AACzB,QAAM,KAAK,EAAE;AACb,QAAM,KAAK,4BAAuB,UAAU,IAAI,OAAO,UAAU,OAAO,aAAQ,UAAU,SAAS,QAAQ,GAAG,EAAE;AAEhH,MAAI,OAAO,SAAS;AAClB,UAAM,IAAI,OAAO;AACjB,UAAM;AAAA,MACJ,+BAAqB,EAAE,OAAO,KAAK,EAAE,SAAS,MAAM,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,gBAChF,EAAE,cAAc,KAAK,EAAE,WAAW,oBAAoB;AAAA,IAC3D;AAAA,EACF,OAAO;AACL,UAAM,KAAK,gCAAsB,OAAO,SAAS,eAAe,EAAE;AAAA,EACpE;AAEA,MAAI,OAAO,WAAW,QAAQ;AAC5B,UAAM,KAAK,EAAE;AACb,UAAM,KAAK,eAAe;AAC1B,eAAW,KAAK,OAAO,WAAY,OAAM,KAAK,OAAO,EAAE,KAAK,WAAM,QAAG,IAAI,EAAE,IAAI,KAAK,EAAE,MAAM,EAAE;AAAA,EAChG;AAEA,MAAI,OAAO,MAAM;AACf,UAAM,KAAK,EAAE;AACb,UAAM,KAAK,4EAAuE;AAAA,EACpF,WAAW,OAAO,SAAS,QAAQ;AACjC,UAAM,KAAK,EAAE;AACb,UAAM,KAAK,aAAa;AACxB,eAAW,KAAK,OAAO,UAAU;AAC/B,YAAM,OAAO,CAAC,EAAE,KAAK,WAAM,EAAE,UAAU,WAAM;AAC7C,YAAM,KAAK,OAAO,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE,QAAQ,WAAM,EAAE,KAAK,KAAK,EAAE,EAAE;AAAA,IACrE;AACA,UAAM,SAAS,OAAO,SAAS,OAAO,CAAC,MAAM,CAAC,EAAE,EAAE;AAClD,QAAI,OAAO,OAAQ,OAAM,KAAK,YAAO,OAAO,MAAM,+DAA0D;AAAA,EAC9G;AAEA,QAAM,KAAK,EAAE;AACb,QAAM,KAAK,OAAO,SAAS,mBAAmB,gBAAgB;AAC9D,QAAM,KAAK,EAAE;AACb,SAAO,MAAM,KAAK,IAAI;AACxB;AAOA,eAAsB,iBACpB,YACA,MACA,OAAiB,CAAC,GACD;AAGjB,MAAI;AACJ,MAAI;AACF,gBAAY,MAAM,qBAAqB,UAAU;AAAA,EACnD,SAAS,KAAK;AACZ,QAAI,eAAe,gBAAgB;AACjC,cAAQ,OAAO,MAAM;AAAA,CAAqC;AAC1D,iBAAW,KAAK,IAAI,SAAU,SAAQ,OAAO,MAAM,gBAAW,EAAE,MAAM,KAAK,EAAE,MAAM;AAAA,CAAI;AACvF,aAAO;AAAA,IACT;AACA,YAAQ,OAAO,MAAM,YAAO,YAAY,GAAG,CAAC;AAAA,CAAI;AAChD,WAAO;AAAA,EACT;AAIA,SAAO,SAAS,EAAE,GAAG,MAAM,cAAc,KAAK,GAAG,MAAM,OAAO,MAAM,QAAQ;AAG1E,UAAM,aAAa,MAAMC,IAAG,QAAa,WAAQ,WAAO,GAAG,kBAAkB,CAAC;AAI9E,UAAM,YAAY,WAAW,KAAK,IAAI,CAAC,IAAIC,YAAW,EAAE,MAAM,GAAG,CAAC,CAAC;AAEnE,QAAI;AACF,YAAM,WAAW,gBAAgB,IAAI;AACrC,YAAM,SAAS,KAAK;AAGpB,YAAM,cAAc,OAAO,WAAyC;AAClE,cAAM,YAAY,IAAI,cAAc,EAAE,OAAO,QAAQ,aAAa,KAAK,QAAQ,CAAC;AAChF,cAAM,OAAO,MAAM,UAAU,KAAK,KAAK;AACvC,eAAO;AAAA,UACL,eAAe,KAAK;AAAA,UACpB,UAAU,KAAK;AAAA,UACf,gBAAgB,KAAK;AAAA,QACvB;AAAA,MACF;AAKA,YAAM,mBAAmB,OAAO,cAAiD;AAC/E,cAAM,WAAW,MAAM,iBAAiB;AAAA,UACtC,cAAc,KAAK;AAAA,UACnB,YAAY,KAAK;AAAA,UACjB;AAAA,QACF,CAAC;AACD,eAAO,IAAI,cAAc;AAAA,UACvB,OAAO,SAAS;AAAA,UAChB,aAAa,KAAK;AAAA,QACpB,CAAC;AAAA,MACH;AAEA,YAAM,SAAS,MAAM;AAAA,QACnB;AAAA,QACA,EAAE,WAAW,UAAU,WAAW,YAAY,MAAM,KAAK,MAAM,KAAK,iBAAiB;AAAA,QACrF,EAAE,YAAY;AAAA,MAChB;AAEA,UAAI,KAAK,MAAM;AAGb,cAAM,WAAW;AAAA,UACf,WAAW,EAAE,MAAM,UAAU,MAAM,SAAS,UAAU,SAAS,WAAW,UAAU,UAAU;AAAA,UAC9F,KAAK,KAAK;AAAA,UACV,GAAG;AAAA,QACL;AACA,gBAAQ,OAAO,MAAM,GAAG,WAAW,QAAQ,CAAC;AAAA,CAAI;AAAA,MAClD,OAAO;AACL,gBAAQ,OAAO,MAAM,GAAG,aAAa,WAAW,KAAK,KAAK,MAAM,CAAC;AAAA,CAAI;AAAA,MACvE;AACA,aAAO,OAAO,SAAS,IAAI;AAAA,IAC7B,SAAS,KAAK;AACZ,cAAQ,OAAO,MAAM,mCAA8B,YAAY,GAAG,CAAC;AAAA,CAAI;AACvE,aAAO;AAAA,IACT,UAAE;AAEA,YAAMD,IAAG,GAAG,YAAY,EAAE,WAAW,MAAM,OAAO,KAAK,CAAC,EAAE,MAAM,MAAM;AAAA,MAAC,CAAC;AAAA,IAC1E;AAAA,EACF,CAAC;AACH;;;AEzLO,IAAM,aAAa;AAAA,EACxB,KAAK,OAAyC,UAAkB;AAAA,EAChE,KAAK,OAAyC,WAAkB;AAAA,EAChE,YACE,OAAgD,UAAyB;AAC7E;AAGO,SAAS,kBAA0B;AACxC,SAAO,WAAW,WAAW,GAAG,SAAS,WAAW,GAAG,gBAAgB,WAAW,UAAU;AAC9F;;;AbeA,IAAM,cAAc,CAAC,SAAS,OAAO,OAAO,MAAM;AAClD,IAAM,aAAa,CAAC,QAAQ,OAAO,QAAQ;AAM3C,SAAS,eAAe,KAAuB;AAC7C,SAAO,IACJ;AAAA,IACC,IAAI,OAAO,eAAe,oBAAoB,EAAE,QAAQ,CAAC,WAAW,YAAY,CAAC,EAAE,QAAQ,YAAY;AAAA,EACzG,EACC,OAAO,oBAAoB,gEAAgE,EAC3F,OAAO,mBAAmB,4DAA4D,EAItF;AAAA,IACC,IAAI,OAAO,sBAAsB,8CAA8C,EAAE,SAAS;AAAA,EAC5F;AACJ;AAGA,SAAS,qBAAqB,KAAuB;AACnD,SAAO,eAAe,GAAG,EAAE;AAAA,IACzB;AAAA,IACA;AAAA,EACF;AACF;AAYA,SAAS,gBAAgB,OAAwB;AAC/C,SAAO;AAAA,IACL,KAAK,MAAM;AAAA,IACX,SAAS,MAAM;AAAA,IACf,OAAO,MAAM;AAAA,IACb,gBAAgB,QAAQ,MAAM,cAAc;AAAA,IAC5C,MAAM,QAAQ,MAAM,IAAI;AAAA,EAC1B;AACF;AAUO,SAAS,aAAa,OAAiB,CAAC,GAAY;AACzD,QAAM,UAAU,IAAI,QAAQ;AAC5B,UACG,KAAK,SAAS,EACd,YAAY,uFAAkF,EAC9F,QAAQ,gBAAgB,GAAG,iBAAiB,gDAAgD,EAC5F,mBAAmB,EACnB;AAAA,IACC;AAAA,IACA;AAAA,EAGF;AAEF,QAAM,QAAQ,QACX,QAAQ,OAAO,EACf,YAAY,8DAA8D,EAC1E,UAAU,IAAI,OAAO,eAAe,oBAAoB,EAAE,QAAQ,CAAC,WAAW,YAAY,CAAC,EAAE,QAAQ,YAAY,CAAC,EAClH,OAAO,gBAAgB,sEAAsE;AAChG,QAAM,OAAO,OAAO,UAA8C;AAChE,YAAQ,KAAK,MAAM,SAAS,EAAE,KAAK,MAAM,KAAK,MAAM,OAAO,WAAW,MAAM,YAAY,MAAM,CAAC,CAAC;AAAA,EAClG,CAAC;AAED,UACG,QAAQ,QAAQ,EAChB,YAAY,iCAAiC,EAC7C,OAAO,YAAY;AAClB,YAAQ,KAAK,MAAM,UAAU,EAAE,KAAK,cAAc,MAAM,MAAM,CAAC,CAAC;AAAA,EAClE,CAAC;AAEH,QAAM,SAAS,QAAQ,QAAQ,QAAQ,EAAE,YAAY,0DAA0D;AAC/G,uBAAqB,MAAM,EAAE,OAAO,OAAO,UAA2B;AACpE,YAAQ,KAAK,MAAM,UAAU,gBAAgB,KAAK,GAAG,IAAI,CAAC;AAAA,EAC5D,CAAC;AAED,QAAM,gBAAgB,QACnB,QAAQ,gBAAgB,EACxB,YAAY,iGAAiG,EAC7G,SAAS,UAAU,6DAA6D,EAChF,OAAO,UAAU,qEAAqE;AACzF,uBAAqB,aAAa,EAAE;AAAA,IAClC,OAAO,MAAc,UAAgD;AACnE,cAAQ,KAAK,MAAM,iBAAiB,MAAM,EAAE,GAAG,gBAAgB,KAAK,GAAG,MAAM,QAAQ,MAAM,IAAI,EAAE,GAAG,IAAI,CAAC;AAAA,IAC3G;AAAA,EACF;AAEA,sBAAoB,SAAS,IAAI;AACjC,2BAAyB,SAAS,IAAI;AACtC,yBAAuB,SAAS,IAAI;AACpC,uBAAqB,SAAS,IAAI;AAClC,0BAAwB,SAAS,IAAI;AAErC,SAAO;AACT;AAGA,SAAS,wBAAwB,SAAkB,MAAsB;AACvE,QAAM,UAAU,QACb,QAAQ,SAAS,EACjB,YAAY,wDAAwD;AAEvE,QAAM,SAAS,QACZ,QAAQ,QAAQ,EAChB,YAAY,qCAAqC,EACjD,SAAS,eAAe,kEAAkE,EAC1F,OAAO,iBAAiB,qBAAqB;AAChD,uBAAqB,MAAM,EAAE,OAAO,OAAO,WAAmB,UAA+C;AAC3G,YAAQ,KAAK,MAAM,iBAAiB,EAAE,GAAG,gBAAgB,KAAK,GAAG,WAAW,MAAM,MAAM,KAAK,GAAG,IAAI,CAAC;AAAA,EACvG,CAAC;AAED,QAAM,OAAO,QAAQ,QAAQ,MAAM,EAAE,YAAY,sCAAiC;AAClF,uBAAqB,IAAI,EAAE,OAAO,OAAO,UAA2B;AAClE,YAAQ,KAAK,MAAM,eAAe,gBAAgB,KAAK,GAAG,IAAI,CAAC;AAAA,EACjE,CAAC;AAED,QAAM,MAAM,QAAQ,QAAQ,KAAK,EAAE,YAAY,uBAAuB,EAAE,SAAS,aAAa;AAC9F,uBAAqB,GAAG,EAAE,OAAO,OAAO,WAAmB,UAA2B;AACpF,YAAQ,KAAK,MAAM,cAAc,EAAE,GAAG,gBAAgB,KAAK,GAAG,UAAU,GAAG,IAAI,CAAC;AAAA,EAClF,CAAC;AACH;AAGA,SAAS,qBAAqB,SAAkB,MAAsB;AACpE,QAAM,OAAO,QACV,QAAQ,MAAM,EACd,YAAY,qFAAqF;AAEpG,QAAM,SAAS,KACZ,QAAQ,QAAQ,EAChB,YAAY,oEAAoE,EAChF,eAAe,iBAAiB,aAAa,EAC7C,eAAe,kBAAkB,+DAA+D,EAChG,eAAe,iBAAiB,qBAAqB,EACrD,eAAe,mBAAmB,8DAA8D,EAChG,OAAO,wBAAwB,uBAAuB;AACzD,uBAAqB,MAAM,EAAE;AAAA,IAC3B,OACE,UACG;AACH,cAAQ;AAAA,QACN,MAAM,cAAc;AAAA,UAClB,GAAG,gBAAgB,KAAK;AAAA,UACxB,SAAS,MAAM;AAAA,UACf,QAAQ,MAAM;AAAA,UACd,MAAM,MAAM;AAAA,UACZ,SAAS,MAAM;AAAA,UACf,aAAa,MAAM;AAAA,QACrB,GAAG,IAAI;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,QAAM,OAAO,KACV,QAAQ,MAAM,EACd,YAAY,sCAAsC,EAClD,eAAe,iBAAiB,aAAa;AAChD,uBAAqB,IAAI,EAAE,OAAO,OAAO,UAAiD;AACxF,YAAQ,KAAK,MAAM,YAAY,EAAE,GAAG,gBAAgB,KAAK,GAAG,SAAS,MAAM,QAAQ,GAAG,IAAI,CAAC;AAAA,EAC7F,CAAC;AAED,QAAM,MAAM,KACT,QAAQ,KAAK,EACb,YAAY,sBAAsB,EAClC,eAAe,iBAAiB,aAAa,EAC7C,eAAe,kBAAkB,SAAS;AAC7C,uBAAqB,GAAG,EAAE,OAAO,OAAO,UAAiE;AACvG,YAAQ,KAAK,MAAM,WAAW,EAAE,GAAG,gBAAgB,KAAK,GAAG,SAAS,MAAM,SAAS,QAAQ,MAAM,OAAO,GAAG,IAAI,CAAC;AAAA,EAClH,CAAC;AAED,QAAM,MAAM,KACT,QAAQ,QAAQ,EAChB,YAAY,0DAA0D,EACtE,eAAe,iBAAiB,aAAa,EAC7C,eAAe,kBAAkB,SAAS;AAC7C,iBAAe,GAAG,EAAE,OAAO,OAAO,UAAiE;AACjG,YAAQ,KAAK,MAAM,cAAc,EAAE,GAAG,gBAAgB,KAAK,GAAG,SAAS,MAAM,SAAS,QAAQ,MAAM,OAAO,GAAG,IAAI,CAAC;AAAA,EACrH,CAAC;AACH;AAGA,SAAS,uBAAuB,SAAkB,MAAsB;AACtE,QAAME,UAAS,QACZ,QAAQ,QAAQ,EAChB,YAAY,sEAA4D;AAE3E,QAAM,QAAQA,QACX,QAAQ,OAAO,EACf,YAAY,6DAA6D,EACzE,eAAe,mBAAmB,4CAA4C,EAC9E,eAAe,iBAAiB,aAAa,EAC7C,OAAO,mBAAmB,kCAAkC,EAC5D,OAAO,mBAAmB,4DAA4D;AACzF,uBAAqB,KAAK,EAAE;AAAA,IAC1B,OAAO,UAAqG;AAC1G,cAAQ;AAAA,QACN,MAAM,eAAe;AAAA,UACnB,GAAG,gBAAgB,KAAK;AAAA,UACxB,WAAW,MAAM;AAAA,UACjB,SAAS,MAAM;AAAA,UACf,MAAM,MAAM;AAAA,UACZ,SAAS,MAAM;AAAA,QACjB,GAAG,IAAI;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,QAAM,SAASA,QACZ,QAAQ,QAAQ,EAChB,YAAY,iDAA4C,EACxD,eAAe,mBAAmB,4CAA4C,EAC9E,eAAe,iBAAiB,aAAa;AAChD,iBAAe,MAAM,EAAE,OAAO,OAAO,UAAoE;AACvG,YAAQ,KAAK,MAAM,gBAAgB,EAAE,GAAG,gBAAgB,KAAK,GAAG,WAAW,MAAM,WAAW,SAAS,MAAM,QAAQ,GAAG,IAAI,CAAC;AAAA,EAC7H,CAAC;AAED,QAAM,OAAOA,QACV,QAAQ,MAAM,EACd,YAAY,yFAA+E,EAC3F,OAAO,iBAAiB,8BAA8B,EACtD,OAAO,mBAAmB,0CAA0C;AACvE,uBAAqB,IAAI,EAAE,OAAO,OAAO,UAAsE;AAC7G,YAAQ,KAAK,MAAM,cAAc,EAAE,GAAG,gBAAgB,KAAK,GAAG,SAAS,MAAM,SAAS,WAAW,MAAM,UAAU,GAAG,IAAI,CAAC;AAAA,EAC3H,CAAC;AAED,QAAM,MAAMA,QACT,QAAQ,KAAK,EACb,YAAY,iDAA4C,EACxD,eAAe,mBAAmB,4CAA4C,EAC9E,eAAe,iBAAiB,aAAa;AAChD,uBAAqB,GAAG,EAAE,OAAO,OAAO,UAAoE;AAC1G,YAAQ,KAAK,MAAM,aAAa,EAAE,GAAG,gBAAgB,KAAK,GAAG,WAAW,MAAM,WAAW,SAAS,MAAM,QAAQ,GAAG,IAAI,CAAC;AAAA,EAC1H,CAAC;AACH;AAGA,SAAS,kBAA0B;AACjC,SAAO,IAAI,OAAO,gBAAgB,qBAAqB,EAAE,QAAQ,UAAU,EAAE,oBAAoB;AACnG;AAGA,SAAS,yBAAyB,SAAkB,MAAsB;AACxE,QAAM,WAAW,QACd,QAAQ,UAAU,EAClB,YAAY,oFAA+E;AAE9F,QAAM,SAAS,SACZ,QAAQ,QAAQ,EAChB,YAAY,gDAAgD,EAC5D,UAAU,gBAAgB,CAAC,EAC3B,eAAe,sBAAsB,oDAAoD,EACzF,OAAO,iBAAiB,gCAAgC,EACxD,OAAO,mBAAmB,mBAAmB,EAC7C,OAAO,aAAa,qDAAqD,EACzE,OAAO,iBAAiB,gCAAgC,EACxD,OAAO,qBAAqB,yBAAyB;AACxD,uBAAqB,MAAM,EAAE;AAAA,IAC3B,OACE,UASG;AACH,cAAQ;AAAA,QACN,MAAM,kBAAkB;AAAA,UACtB,GAAG,gBAAgB,KAAK;AAAA,UACxB,MAAM,MAAM;AAAA,UACZ,YAAY,MAAM;AAAA,UAClB,MAAM,MAAM;AAAA,UACZ,OAAO,MAAM;AAAA,UACb,SAAS,MAAM;AAAA,UACf,KAAK,MAAM;AAAA,UACX,UAAU,MAAM;AAAA,QAClB,GAAG,IAAI;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,QAAM,OAAO,SACV,QAAQ,MAAM,EACd,YAAY,uDAAuD,EACnE,UAAU,gBAAgB,CAAC,EAC3B,OAAO,sBAAsB,uBAAuB,EACpD,OAAO,eAAe,0BAAqB,CAAC,MAAM,OAAO,SAAS,GAAG,EAAE,CAAC;AAC3E,uBAAqB,IAAI,EAAE;AAAA,IACzB,OAAO,UAAsF;AAC3F,cAAQ;AAAA,QACN,MAAM,gBAAgB;AAAA,UACpB,GAAG,gBAAgB,KAAK;AAAA,UACxB,MAAM,MAAM;AAAA,UACZ,YAAY,MAAM;AAAA,UAClB,OAAO,MAAM;AAAA,QACf,GAAG,IAAI;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,QAAM,MAAM,SACT,QAAQ,KAAK,EACb,YAAY,uCAAuC,EACnD,UAAU,gBAAgB,CAAC,EAC3B,eAAe,oBAAoB,4CAA4C;AAClF,uBAAqB,GAAG,EAAE,OAAO,OAAO,UAA6D;AACnG,YAAQ,KAAK,MAAM,eAAe,EAAE,GAAG,gBAAgB,KAAK,GAAG,MAAM,MAAM,MAAM,IAAI,MAAM,GAAG,GAAG,IAAI,CAAC;AAAA,EACxG,CAAC;AAED,QAAM,MAAM,SACT,QAAQ,QAAQ,EAChB,YAAY,uCAAuC,EACnD,UAAU,gBAAgB,CAAC,EAC3B,eAAe,oBAAoB,yBAAyB;AAC/D,iBAAe,GAAG,EAAE,OAAO,OAAO,UAA6D;AAC7F,YAAQ,KAAK,MAAM,kBAAkB,EAAE,GAAG,gBAAgB,KAAK,GAAG,MAAM,MAAM,MAAM,IAAI,MAAM,GAAG,GAAG,IAAI,CAAC;AAAA,EAC3G,CAAC;AACH;AAYA,SAAS,oBAAoB,SAAkB,MAAsB;AACnE,QAAM,MAAM,QAAQ,QAAQ,KAAK,EAAE,YAAY,oEAA+D;AAE9G,QAAM,QAAQ,IACX,QAAQ,OAAO,EACf,YAAY,0EAA0E,EACtF,eAAe,mBAAmB,mEAAmE,EACrG,eAAe,iBAAiB,iCAAiC,EACjE,OAAO,iBAAiB,0CAA0C,gBAAgB,EAClF,OAAO,mBAAmB,iDAAiD,EAC3E,UAAU,IAAI,OAAO,kBAAkB,wBAAwB,EAAE,QAAQ,WAAW,EAAE,QAAQ,OAAO,CAAC;AACzG,iBAAe,KAAK,EAAE,OAAO,OAAO,UAAwB;AAC1D,YAAQ;AAAA,MACN,MAAM,YAAY;AAAA,QAChB,GAAG,gBAAgB,KAAK;AAAA,QACxB,WAAW,MAAM;AAAA,QACjB,SAAS,MAAM;AAAA,QACf,MAAM,MAAM;AAAA,QACZ,OAAO,MAAM;AAAA,QACb,QAAQ,MAAM;AAAA,MAChB,GAAG,IAAI;AAAA,IACT;AAAA,EACF,CAAC;AAED,QAAM,OAAO,IACV,QAAQ,MAAM,EACd,YAAY,mEAA8D,EAC1E,OAAO,mBAAmB,iDAAiD,EAC3E,OAAO,iBAAiB,2BAA2B;AACtD,uBAAqB,IAAI,EAAE,OAAO,OAAO,UAAsE;AAC7G,YAAQ;AAAA,MACN,MAAM,WAAW,EAAE,GAAG,gBAAgB,KAAK,GAAG,WAAW,MAAM,WAAW,SAAS,MAAM,QAAQ,GAAG,IAAI;AAAA,IAC1G;AAAA,EACF,CAAC;AAED,QAAM,MAAM,IACT,QAAQ,KAAK,EACb,YAAY,2CAAsC,EAClD,SAAS,SAAS,EAClB,OAAO,iBAAiB,4DAA4D;AACvF,uBAAqB,GAAG,EAAE,OAAO,OAAO,OAAe,UAAkD;AACvG,YAAQ,KAAK,MAAM,UAAU,OAAO,EAAE,GAAG,gBAAgB,KAAK,GAAG,SAAS,MAAM,QAAQ,GAAG,IAAI,CAAC;AAAA,EAClG,CAAC;AAED,QAAM,SAAS,IACZ,QAAQ,QAAQ,EAChB,YAAY,oDAAoD,EAChE,SAAS,SAAS,EAClB,OAAO,iBAAiB,4DAA4D;AACvF,iBAAe,MAAM,EAAE,OAAO,OAAO,OAAe,UAAkD;AACpG,YAAQ,KAAK,MAAM,aAAa,OAAO,EAAE,GAAG,gBAAgB,KAAK,GAAG,SAAS,MAAM,QAAQ,GAAG,IAAI,CAAC;AAAA,EACrG,CAAC;AAED,QAAM,SAAS,IACZ,QAAQ,QAAQ,EAChB,YAAY,yDAAyD,EACrE,eAAe,mBAAmB,8BAA8B,EAChE,eAAe,iBAAiB,aAAa,EAC7C,OAAO,iBAAiB,sBAAsB,gBAAgB,EAC9D,UAAU,IAAI,OAAO,kBAAkB,wBAAwB,EAAE,QAAQ,WAAW,EAAE,QAAQ,OAAO,CAAC;AACzG,iBAAe,MAAM,EAAE,OAAO,OAAO,UAAwB;AAC3D,YAAQ;AAAA,MACN,MAAM,aAAa;AAAA,QACjB,GAAG,gBAAgB,KAAK;AAAA,QACxB,WAAW,MAAM;AAAA,QACjB,SAAS,MAAM;AAAA,QACf,MAAM,MAAM;AAAA,QACZ,QAAQ,MAAM;AAAA,MAChB,GAAG,IAAI;AAAA,IACT;AAAA,EACF,CAAC;AACH;;;Ac7aA,IAAM,uBAA4E;AAAA,EAChF,WAAW;AAAA,EACX,WAAW;AACb;AAEA,eAAe,OAAsB;AACnC,QAAM,MAAM,QAAQ,KAAK,CAAC;AAG1B,QAAM,cAAc,MAAM,qBAAqB,GAAG,IAAI;AACtD,MAAI,aAAa;AACf,YAAQ,KAAK,MAAM,YAAY,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC;AAAA,EACvD;AAGA,QAAM,aAAa,EAAE,WAAW,QAAQ,IAAI;AAC9C;AAEA,KAAK,EAAE,MAAM,CAAC,QAAQ;AAGpB,UAAQ,OAAO,MAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA,CAAI;AACnF,MAAI,QAAQ,IAAI,qBAAqB,eAAe,SAAS,IAAI,OAAO;AACtE,YAAQ,OAAO,MAAM,GAAG,IAAI,KAAK;AAAA,CAAI;AAAA,EACvC;AACA,UAAQ,KAAK,CAAC;AAChB,CAAC;","names":["path","z","path","z","renderIssues","path","createLogger","path","join","join","readFile","readFile","homedir","fs","os","path","homedir","createLogger","writeFile","writeFile","createLogger","fetch","createLogger","fs","os","path","randomUUID","fs","randomUUID","access"]}