@vertesia/cli 1.2.0 → 1.4.0-dev.20260615.042549Z

package/lib/profiles/oauth.d.ts

@@ -0,0 +1,17 @@
+import type { OAuthAuthorizationServerMetadata } from '@vertesia/common';
+import type { Profile } from './index.js';
+import type { StoredAuthBundle } from './keyring.js';
+import type { ConfigResult } from './server/index.js';
+type OAuthProfile = Pick<Profile, 'name' | 'studio_server_url' | 'zeno_server_url'> & Partial<Pick<Profile, 'account' | 'config_url' | 'project' | 'oauth_server_url'>>;
+export declare class OAuthUnavailableError extends Error {
+    constructor(message: string);
+}
+export declare function canUseOAuthProfile(profile: Partial<Pick<Profile, 'studio_server_url'>>): boolean;
+export declare function getOAuthClientId(oauthServerUrl: string): string;
+export declare function getOAuthResource(metadata: Pick<OAuthAuthorizationServerMetadata, 'issuer'>): string;
+export declare function startOAuthSession(profile: OAuthProfile, signal?: AbortSignal): Promise<ConfigResult>;
+export declare function refreshOAuthSession(profile: OAuthProfile, refreshToken: string, bundle?: StoredAuthBundle, options?: {
+    projectId?: string;
+}): Promise<ConfigResult>;
+export {};
+//# sourceMappingURL=oauth.d.ts.map

package/lib/profiles/oauth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../src/profiles/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACR,gCAAgC,EAGnC,MAAM,kBAAkB,CAAC;AAI1B,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACrD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAgBtD,KAAK,YAAY,GAAG,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,mBAAmB,GAAG,iBAAiB,CAAC,GAC/E,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,GAAG,YAAY,GAAG,SAAS,GAAG,kBAAkB,CAAC,CAAC,CAAC;AAatF,qBAAa,qBAAsB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM;CAI9B;AAED,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC,GAAG,OAAO,CAehG;AAED,wBAAgB,gBAAgB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,CAE/D;AAED,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,gCAAgC,EAAE,QAAQ,CAAC,GAAG,MAAM,CAEnG;AAED,wBAAsB,iBAAiB,CAAC,OAAO,EAAE,YAAY,EAAE,MAAM,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,YAAY,CAAC,CAwB1G;AAED,wBAAsB,mBAAmB,CACrC,OAAO,EAAE,YAAY,EACrB,YAAY,EAAE,MAAM,EACpB,MAAM,CAAC,EAAE,gBAAgB,EACzB,OAAO,GAAE;IACL,SAAS,CAAC,EAAE,MAAM,CAAC;CACjB,GACP,OAAO,CAAC,YAAY,CAAC,CAQvB"}

package/lib/profiles/oauth.js

@@ -0,0 +1,414 @@
+import { OAUTH_SCOPE_OFFLINE_ACCESS, OAUTH_SCOPE_OPENID, OAUTH_SCOPE_PROFILE, Permission } from '@vertesia/common';
+import jwt from 'jsonwebtoken';
+import open from 'open';
+const OAUTH_AUTHORIZATION_SERVER_PATH = '/.well-known/oauth-authorization-server';
+const OAUTH_CLIENT_METADATA_PATH = '/.well-known/oauth-client/vertesia-cli';
+// Base OIDC scopes that are not platform permissions.
+const BASE_OIDC_SCOPES = [OAUTH_SCOPE_OPENID, OAUTH_SCOPE_PROFILE, OAUTH_SCOPE_OFFLINE_ACCESS];
+// The full set of platform permission scopes. The CLI requests ALL of them and
+// never curates a subset: dropping admin scopes here (e.g. content:admin,
+// account:admin) silently denied legitimate operations — reindex, publish ACE
+// grants — even for account owners / project admins. The authorization server
+// is the right place to gate access: it downscopes the issued token to exactly
+// what the signed-in user's roles allow, so requesting everything is safe and a
+// user only ever receives the permissions they are entitled to.
+const ALL_PERMISSION_SCOPES = Object.values(Permission);
+export class OAuthUnavailableError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'OAuthUnavailableError';
+    }
+}
+export function canUseOAuthProfile(profile) {
+    if (!profile.studio_server_url) {
+        return false;
+    }
+    try {
+        const url = new URL(profile.studio_server_url);
+        const isLoopbackHost = url.hostname === 'localhost' || url.hostname === '127.0.0.1';
+        const isLocalDev = process.env.IS_LOCAL_DEV === 'true';
+        if (url.protocol === 'https:') {
+            return !isLoopbackHost || isLocalDev;
+        }
+        return isLocalDev && url.protocol === 'http:' && isLoopbackHost;
+    }
+    catch {
+        return false;
+    }
+}
+export function getOAuthClientId(oauthServerUrl) {
+    return new URL(OAUTH_CLIENT_METADATA_PATH, withTrailingSlash(oauthServerUrl)).toString();
+}
+export function getOAuthResource(metadata) {
+    return new URL(metadata.issuer).toString();
+}
+export async function startOAuthSession(profile, signal) {
+    assertOAuthProfile(profile);
+    const { metadata, serverUrl } = await discoverAuthorizationServer(profile);
+    const clientId = getOAuthClientId(serverUrl);
+    const resource = getOAuthResource(metadata);
+    const scope = getDefaultOAuthScope(metadata);
+    const deviceAuthorization = await createDeviceAuthorization(metadata, {
+        clientId,
+        resource,
+        scope,
+        projectId: profile.project,
+    });
+    const verificationUrl = buildDeviceVerificationUrl(profile, deviceAuthorization);
+    console.log('Opening browser to', verificationUrl);
+    console.log('The session code is', deviceAuthorization.user_code);
+    console.log('Waiting for browser authorization...');
+    open(verificationUrl).catch((error) => {
+        console.error('Unable to open browser:', error instanceof Error ? error.message : String(error));
+    });
+    const response = await pollDeviceToken(metadata, clientId, deviceAuthorization, signal);
+    return buildConfigResult(profile, response, clientId, resource, serverUrl);
+}
+export async function refreshOAuthSession(profile, refreshToken, bundle, options = {}) {
+    assertOAuthProfile(profile);
+    const { metadata, serverUrl } = await discoverAuthorizationServer(profile);
+    const clientId = getOAuthClientId(serverUrl);
+    const resource = bundle?.oauthResource || readTokenRefs(bundle?.accessToken).audience || getOAuthResource(metadata);
+    const response = await exchangeRefreshToken(metadata, clientId, refreshToken, resource, options.projectId);
+    return buildConfigResult(profile, response, clientId, resource, serverUrl);
+}
+function assertOAuthProfile(profile) {
+    if (!profile.name) {
+        throw new Error('Profile name is required for OAuth authentication.');
+    }
+    if (!profile.studio_server_url || !profile.zeno_server_url) {
+        throw new Error('Studio and Zeno server URLs are required for OAuth authentication.');
+    }
+    if (!canUseOAuthProfile(profile)) {
+        throw new Error(`OAuth login is not supported for studio endpoint "${profile.studio_server_url}".`);
+    }
+}
+function withTrailingSlash(url) {
+    return url.endsWith('/') ? url : `${url}/`;
+}
+async function discoverAuthorizationServer(profile) {
+    const candidates = getOAuthServerUrlCandidates(profile);
+    let unavailableError;
+    for (const candidate of candidates) {
+        try {
+            const metadata = await fetchAuthorizationServerMetadata(candidate);
+            return {
+                metadata: applyProfileAuthorizationEndpoint(metadata, profile),
+                serverUrl: candidate,
+            };
+        }
+        catch (error) {
+            if (error instanceof OAuthUnavailableError) {
+                unavailableError = error;
+                continue;
+            }
+            throw error;
+        }
+    }
+    throw (unavailableError ||
+        new OAuthUnavailableError(`OAuth discovery is not available for ${profile.studio_server_url}.`));
+}
+function getDefaultOAuthScope(metadata) {
+    // Request every scope the server advertises — no exclusions. When the server
+    // does not advertise a list, fall back to the full known permission set. The
+    // authorization server downscopes the issued token to the user's entitlements,
+    // so this never grants more than the signed-in user's roles allow.
+    const requested = Array.isArray(metadata.scopes_supported) && metadata.scopes_supported.length > 0
+        ? metadata.scopes_supported
+        : ALL_PERMISSION_SCOPES;
+    return Array.from(new Set([...BASE_OIDC_SCOPES, ...requested])).join(' ');
+}
+function applyProfileAuthorizationEndpoint(metadata, profile) {
+    if (!profile.config_url) {
+        return metadata;
+    }
+    const configUrl = new URL(profile.config_url);
+    return {
+        ...metadata,
+        authorization_endpoint: new URL('/oauth/authorize', configUrl.origin).toString(),
+    };
+}
+function getOAuthServerUrlCandidates(profile) {
+    if (process.env.VERTESIA_TOKEN_SERVER_URL) {
+        return [process.env.VERTESIA_TOKEN_SERVER_URL];
+    }
+    if (profile.oauth_server_url) {
+        return [profile.oauth_server_url.replace(/\/+$/, '')];
+    }
+    // Back-compat for profiles that predate explicit oauth_server_url: derive the STS host
+    // from the studio URL. studio-server itself is intentionally NOT in this list — it used
+    // to serve OAuth metadata in-process (apps/studio-server/src/public/oauth.ts, deleted in
+    // commit 254532963) but the canonical owner is now token-server (STS).
+    const studioUrl = new URL(profile.studio_server_url);
+    const isLoopbackHost = studioUrl.hostname === 'localhost' || studioUrl.hostname === '127.0.0.1';
+    if (isLoopbackHost) {
+        return ['https://sts.dev1.vertesia.io'];
+    }
+    const candidates = [];
+    // api{,-preview}.{region}.vertesia.io → sts{,-preview}.{region}.vertesia.io
+    if (studioUrl.hostname.startsWith('api')) {
+        const stsHost = studioUrl.hostname.replace(/^api/, 'sts');
+        candidates.push(`${studioUrl.protocol}//${stsHost}`);
+    }
+    // dev branch services (studio-server-dev-*.api.dev1.vertesia.io) → shared dev1 STS
+    if (studioUrl.hostname.endsWith('.api.dev1.vertesia.io') || studioUrl.hostname.endsWith('.ui.dev1.vertesia.io')) {
+        candidates.push('https://sts.dev1.vertesia.io');
+    }
+    return Array.from(new Set(candidates.map((candidate) => candidate.replace(/\/+$/, ''))));
+}
+async function fetchAuthorizationServerMetadata(oauthServerUrl) {
+    let response;
+    try {
+        response = await fetch(new URL(OAUTH_AUTHORIZATION_SERVER_PATH, withTrailingSlash(oauthServerUrl)).toString(), {
+            headers: {
+                Accept: 'application/json',
+            },
+        });
+    }
+    catch (error) {
+        throw new OAuthUnavailableError(`OAuth discovery is not reachable at ${oauthServerUrl}: ${error instanceof Error ? error.message : String(error)}`);
+    }
+    if (!response.ok) {
+        if (response.status === 404 || response.status === 501) {
+            throw new OAuthUnavailableError(`OAuth discovery is not available at ${oauthServerUrl}.`);
+        }
+        throw new Error(`Failed to load OAuth authorization metadata from ${oauthServerUrl} (${response.status} ${response.statusText}).`);
+    }
+    const metadata = (await response.json());
+    if (!metadata.authorization_endpoint || !metadata.token_endpoint || !metadata.issuer) {
+        throw new Error(`Invalid OAuth authorization metadata returned by ${oauthServerUrl}.`);
+    }
+    return metadata;
+}
+async function createDeviceAuthorization(metadata, input) {
+    if (!metadata.device_authorization_endpoint) {
+        throw new OAuthUnavailableError('OAuth device authorization is not available for this endpoint.');
+    }
+    const body = new URLSearchParams({
+        client_id: input.clientId,
+        resource: input.resource,
+        scope: input.scope,
+    });
+    if (input.projectId) {
+        body.set('project_id', input.projectId);
+    }
+    const response = await fetch(metadata.device_authorization_endpoint, {
+        method: 'POST',
+        headers: {
+            Accept: 'application/json',
+            'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        body: body.toString(),
+    });
+    if (!response.ok) {
+        const error = await readOAuthError(response);
+        if (response.status === 404 || response.status === 501) {
+            throw new OAuthUnavailableError(`OAuth device authorization is not available for this endpoint: ${error.message}`);
+        }
+        throw new Error(`OAuth device authorization failed (${response.status}): ${error.message}`);
+    }
+    const payload = (await response.json());
+    if (!payload.device_code ||
+        !payload.user_code ||
+        !payload.verification_uri ||
+        !payload.verification_uri_complete ||
+        typeof payload.expires_in !== 'number' ||
+        typeof payload.interval !== 'number') {
+        throw new Error('OAuth device authorization endpoint returned an invalid response.');
+    }
+    return payload;
+}
+function buildDeviceVerificationUrl(profile, device) {
+    if (!profile.config_url) {
+        return device.verification_uri_complete;
+    }
+    const configUrl = new URL(profile.config_url);
+    const verificationUrl = new URL('/oauth/device', configUrl.origin);
+    verificationUrl.searchParams.set('user_code', device.user_code);
+    return verificationUrl.toString();
+}
+async function pollDeviceToken(metadata, clientId, device, signal) {
+    const expiresAt = Date.now() + device.expires_in * 1000;
+    let intervalMs = Math.max(device.interval, 1) * 1000;
+    while (Date.now() < expiresAt) {
+        throwIfAborted(signal);
+        const body = new URLSearchParams({
+            grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
+            device_code: device.device_code,
+            client_id: clientId,
+        });
+        const response = await fetch(metadata.token_endpoint, {
+            method: 'POST',
+            headers: {
+                Accept: 'application/json',
+                'Content-Type': 'application/x-www-form-urlencoded',
+            },
+            body: body.toString(),
+        });
+        if (response.ok) {
+            const payload = (await response.json());
+            if (!payload.access_token || !payload.token_type || typeof payload.expires_in !== 'number') {
+                throw new Error('OAuth token endpoint returned an invalid response.');
+            }
+            return payload;
+        }
+        const error = await readOAuthError(response);
+        if (response.status === 400 && error.error === 'authorization_pending') {
+            await delay(intervalMs, signal);
+            continue;
+        }
+        if (response.status === 400 && error.error === 'slow_down') {
+            intervalMs += 5000;
+            await delay(intervalMs, signal);
+            continue;
+        }
+        if (response.status === 400 && error.error === 'access_denied') {
+            throw new Error('OAuth device authorization was denied.');
+        }
+        if (response.status === 400 && error.error === 'expired_token') {
+            throw new Error('OAuth device authorization expired.');
+        }
+        throw new Error(`OAuth token exchange failed (${response.status}): ${error.message}`);
+    }
+    throw new Error('OAuth device authorization expired.');
+}
+async function exchangeRefreshToken(metadata, clientId, refreshToken, resource, projectId) {
+    const body = new URLSearchParams({
+        grant_type: 'refresh_token',
+        refresh_token: refreshToken,
+        client_id: clientId,
+        resource,
+    });
+    if (projectId) {
+        body.set('project_id', projectId);
+    }
+    return exchangeToken(metadata.token_endpoint, body);
+}
+async function exchangeToken(endpoint, body) {
+    const response = await fetch(endpoint, {
+        method: 'POST',
+        headers: {
+            Accept: 'application/json',
+            'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        body: body.toString(),
+    });
+    if (!response.ok) {
+        throw new Error(`OAuth token exchange failed (${response.status}): ${await readErrorMessage(response)}`);
+    }
+    const payload = (await response.json());
+    if (!payload.access_token || !payload.token_type || typeof payload.expires_in !== 'number') {
+        throw new Error('OAuth token endpoint returned an invalid response.');
+    }
+    return payload;
+}
+async function readErrorMessage(response) {
+    return (await readOAuthError(response)).message;
+}
+async function readOAuthError(response) {
+    const text = await response.text();
+    if (!text) {
+        return { message: response.statusText || 'Unknown error' };
+    }
+    try {
+        const parsed = JSON.parse(text);
+        const error = typeof parsed.error === 'string' ? parsed.error : undefined;
+        if (typeof parsed.error_description === 'string') {
+            return { error, message: parsed.error_description };
+        }
+        if (error) {
+            return { error, message: error };
+        }
+    }
+    catch {
+        // Ignore non-JSON error responses.
+    }
+    return { message: text };
+}
+function throwIfAborted(signal) {
+    if (signal?.aborted) {
+        throw new Error('Authentication aborted.');
+    }
+}
+async function delay(milliseconds, signal) {
+    throwIfAborted(signal);
+    await new Promise((resolve, reject) => {
+        const timeout = setTimeout(() => {
+            signal?.removeEventListener('abort', onAbort);
+            resolve();
+        }, milliseconds);
+        function onAbort() {
+            clearTimeout(timeout);
+            signal?.removeEventListener('abort', onAbort);
+            reject(new Error('Authentication aborted.'));
+        }
+        signal?.addEventListener('abort', onAbort, { once: true });
+    });
+}
+function buildConfigResult(profile, response, oauthClientId, oauthResource, oauthServerUrl) {
+    const refs = readTokenRefs(response.access_token);
+    const account = refs.account || profile.account;
+    const project = refs.project || profile.project;
+    if (!profile.name || !profile.studio_server_url || !profile.zeno_server_url) {
+        throw new Error('Profile metadata is incomplete after OAuth authentication.');
+    }
+    if (!account || !project) {
+        throw new Error('OAuth access token did not contain an account or project reference.');
+    }
+    return {
+        profile: profile.name,
+        account,
+        project,
+        studio_server_url: profile.studio_server_url,
+        zeno_server_url: profile.zeno_server_url,
+        oauth_server_url: oauthServerUrl,
+        token: response.access_token,
+        id_token: response.id_token,
+        refresh_token: response.refresh_token,
+        expires_in: response.expires_in,
+        oauth_client_id: oauthClientId,
+        oauth_resource: oauthResource,
+    };
+}
+function readTokenRefs(token) {
+    if (!token) {
+        return {};
+    }
+    const decoded = jwt.decode(token, { json: true });
+    if (!decoded || typeof decoded !== 'object') {
+        return {};
+    }
+    const audience = readAudience(decoded);
+    return {
+        account: readRefId(decoded, 'account') || readStringField(decoded, 'account_id'),
+        project: readRefId(decoded, 'project') || readStringField(decoded, 'project_id'),
+        audience,
+    };
+}
+function readAudience(decoded) {
+    const audience = Reflect.get(decoded, 'aud');
+    if (typeof audience === 'string') {
+        return audience;
+    }
+    if (Array.isArray(audience)) {
+        const first = audience.find((value) => typeof value === 'string');
+        return typeof first === 'string' ? first : undefined;
+    }
+    return undefined;
+}
+function readRefId(value, key) {
+    const field = Reflect.get(value, key);
+    if (typeof field === 'string') {
+        return field;
+    }
+    if (!field || typeof field !== 'object' || Array.isArray(field)) {
+        return undefined;
+    }
+    const id = Reflect.get(field, 'id');
+    return typeof id === 'string' ? id : undefined;
+}
+function readStringField(value, key) {
+    const field = Reflect.get(value, key);
+    return typeof field === 'string' ? field : undefined;
+}
+//# sourceMappingURL=oauth.js.map

package/lib/profiles/oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/profiles/oauth.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,0BAA0B,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AACnH,OAAO,GAAG,MAAM,cAAc,CAAC;AAC/B,OAAO,IAAI,MAAM,MAAM,CAAC;AAKxB,MAAM,+BAA+B,GAAG,yCAAyC,CAAC;AAClF,MAAM,0BAA0B,GAAG,wCAAwC,CAAC;AAC5E,sDAAsD;AACtD,MAAM,gBAAgB,GAAG,CAAC,kBAAkB,EAAE,mBAAmB,EAAE,0BAA0B,CAAC,CAAC;AAE/F,+EAA+E;AAC/E,0EAA0E;AAC1E,8EAA8E;AAC9E,8EAA8E;AAC9E,+EAA+E;AAC/E,gFAAgF;AAChF,gEAAgE;AAChE,MAAM,qBAAqB,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAa,CAAC;AAgBpE,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAC5C,YAAY,OAAe;QACvB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACxC,CAAC;CACJ;AAED,MAAM,UAAU,kBAAkB,CAAC,OAAoD;IACnF,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC;QAC7B,OAAO,KAAK,CAAC;IACjB,CAAC;IACD,IAAI,CAAC;QACD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAC/C,MAAM,cAAc,GAAG,GAAG,CAAC,QAAQ,KAAK,WAAW,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,CAAC;QACpF,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,MAAM,CAAC;QACvD,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC5B,OAAO,CAAC,cAAc,IAAI,UAAU,CAAC;QACzC,CAAC;QACD,OAAO,UAAU,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,IAAI,cAAc,CAAC;IACpE,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,KAAK,CAAC;IACjB,CAAC;AACL,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,cAAsB;IACnD,OAAO,IAAI,GAAG,CAAC,0BAA0B,EAAE,iBAAiB,CAAC,cAAc,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;AAC7F,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,QAA0D;IACvF,OAAO,IAAI,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;AAC/C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,OAAqB,EAAE,MAAoB;IAC/E,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAE5B,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,MAAM,2BAA2B,CAAC,OAAO,CAAC,CAAC;IAC3E,MAAM,QAAQ,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC5C,MAAM,KAAK,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAC7C,MAAM,mBAAmB,GAAG,MAAM,yBAAyB,CAAC,QAAQ,EAAE;QAClE,QAAQ;QACR,QAAQ;QACR,KAAK;QACL,SAAS,EAAE,OAAO,CAAC,OAAO;KAC7B,CAAC,CAAC;IACH,MAAM,eAAe,GAAG,0BAA0B,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;IAEjF,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,eAAe,CAAC,CAAC;IACnD,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,mBAAmB,CAAC,SAAS,CAAC,CAAC;IAClE,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;IACpD,IAAI,CAAC,eAAe,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;QAClC,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IACrG,CAAC,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,QAAQ,EAAE,QAAQ,EAAE,mBAAmB,EAAE,MAAM,CAAC,CAAC;IACxF,OAAO,iBAAiB,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;AAC/E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACrC,OAAqB,EACrB,YAAoB,EACpB,MAAyB,EACzB,UAEI,EAAE;IAEN,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAE5B,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,MAAM,2BAA2B,CAAC,OAAO,CAAC,CAAC;IAC3E,MAAM,QAAQ,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,MAAM,EAAE,aAAa,IAAI,aAAa,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,QAAQ,IAAI,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACpH,MAAM,QAAQ,GAAG,MAAM,oBAAoB,CAAC,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAC3G,OAAO,iBAAiB,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,kBAAkB,CACvB,OAAqB;IAErB,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IAC1E,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,iBAAiB,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;QACzD,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;IAC1F,CAAC;IACD,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,qDAAqD,OAAO,CAAC,iBAAiB,IAAI,CAAC,CAAC;IACxG,CAAC;AACL,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IAClC,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC;AAC/C,CAAC;AAED,KAAK,UAAU,2BAA2B,CACtC,OAAuG;IAEvG,MAAM,UAAU,GAAG,2BAA2B,CAAC,OAAO,CAAC,CAAC;IACxD,IAAI,gBAAmD,CAAC;IACxD,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACjC,IAAI,CAAC;YACD,MAAM,QAAQ,GAAG,MAAM,gCAAgC,CAAC,SAAS,CAAC,CAAC;YACnE,OAAO;gBACH,QAAQ,EAAE,iCAAiC,CAAC,QAAQ,EAAE,OAAO,CAAC;gBAC9D,SAAS,EAAE,SAAS;aACvB,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,KAAK,YAAY,qBAAqB,EAAE,CAAC;gBACzC,gBAAgB,GAAG,KAAK,CAAC;gBACzB,SAAS;YACb,CAAC;YACD,MAAM,KAAK,CAAC;QAChB,CAAC;IACL,CAAC;IACD,MAAM,CACF,gBAAgB;QAChB,IAAI,qBAAqB,CAAC,wCAAwC,OAAO,CAAC,iBAAiB,GAAG,CAAC,CAClG,CAAC;AACN,CAAC;AAED,SAAS,oBAAoB,CAAC,QAA6E;IACvG,6EAA6E;IAC7E,6EAA6E;IAC7E,+EAA+E;IAC/E,mEAAmE;IACnE,MAAM,SAAS,GACX,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,QAAQ,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC;QAC5E,CAAC,CAAC,QAAQ,CAAC,gBAAgB;QAC3B,CAAC,CAAC,qBAAqB,CAAC;IAChC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,gBAAgB,EAAE,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,iCAAiC,CACtC,QAA0C,EAC1C,OAA6C;IAE7C,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;QACtB,OAAO,QAAQ,CAAC;IACpB,CAAC;IACD,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC9C,OAAO;QACH,GAAG,QAAQ;QACX,sBAAsB,EAAE,IAAI,GAAG,CAAC,kBAAkB,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE;KACnF,CAAC;AACN,CAAC;AAED,SAAS,2BAA2B,CAChC,OAAwF;IAExF,IAAI,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,CAAC;QACxC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IACnD,CAAC;IACD,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;QAC3B,OAAO,CAAC,OAAO,CAAC,gBAAgB,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC;IAC1D,CAAC;IAED,uFAAuF;IACvF,wFAAwF;IACxF,yFAAyF;IACzF,uEAAuE;IACvE,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;IACrD,MAAM,cAAc,GAAG,SAAS,CAAC,QAAQ,KAAK,WAAW,IAAI,SAAS,CAAC,QAAQ,KAAK,WAAW,CAAC;IAChG,IAAI,cAAc,EAAE,CAAC;QACjB,OAAO,CAAC,8BAA8B,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,4EAA4E;IAC5E,IAAI,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC1D,UAAU,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC,CAAC;IACzD,CAAC;IACD,mFAAmF;IACnF,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,uBAAuB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EAAE,CAAC;QAC9G,UAAU,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7F,CAAC;AAED,KAAK,UAAU,gCAAgC,CAAC,cAAsB;IAClE,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACD,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,GAAG,CAAC,+BAA+B,EAAE,iBAAiB,CAAC,cAAc,CAAC,CAAC,CAAC,QAAQ,EAAE,EAAE;YAC3G,OAAO,EAAE;gBACL,MAAM,EAAE,kBAAkB;aAC7B;SACJ,CAAC,CAAC;IACP,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,MAAM,IAAI,qBAAqB,CAC3B,uCAAuC,cAAc,KAAK,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACrH,CAAC;IACN,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACf,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACrD,MAAM,IAAI,qBAAqB,CAAC,uCAAuC,cAAc,GAAG,CAAC,CAAC;QAC9F,CAAC;QACD,MAAM,IAAI,KAAK,CACX,oDAAoD,cAAc,KAAK,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,IAAI,CACpH,CAAC;IACN,CAAC;IAED,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA8C,CAAC;IACtF,IAAI,CAAC,QAAQ,CAAC,sBAAsB,IAAI,CAAC,QAAQ,CAAC,cAAc,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;QACnF,MAAM,IAAI,KAAK,CAAC,oDAAoD,cAAc,GAAG,CAAC,CAAC;IAC3F,CAAC;IACD,OAAO,QAA4C,CAAC;AACxD,CAAC;AAED,KAAK,UAAU,yBAAyB,CACpC,QAA0C,EAC1C,KAKC;IAED,IAAI,CAAC,QAAQ,CAAC,6BAA6B,EAAE,CAAC;QAC1C,MAAM,IAAI,qBAAqB,CAAC,gEAAgE,CAAC,CAAC;IACtG,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC7B,SAAS,EAAE,KAAK,CAAC,QAAQ;QACzB,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,KAAK,EAAE,KAAK,CAAC,KAAK;KACrB,CAAC,CAAC;IACH,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QAClB,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,6BAA6B,EAAE;QACjE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACL,MAAM,EAAE,kBAAkB;YAC1B,cAAc,EAAE,mCAAmC;SACtD;QACD,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;KACxB,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACf,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACrD,MAAM,IAAI,qBAAqB,CAC3B,kEAAkE,KAAK,CAAC,OAAO,EAAE,CACpF,CAAC;QACN,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,sCAAsC,QAAQ,CAAC,MAAM,MAAM,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAChG,CAAC;IAED,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA8C,CAAC;IACrF,IACI,CAAC,OAAO,CAAC,WAAW;QACpB,CAAC,OAAO,CAAC,SAAS;QAClB,CAAC,OAAO,CAAC,gBAAgB;QACzB,CAAC,OAAO,CAAC,yBAAyB;QAClC,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ;QACtC,OAAO,OAAO,CAAC,QAAQ,KAAK,QAAQ,EACtC,CAAC;QACC,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;IACzF,CAAC;IACD,OAAO,OAA2C,CAAC;AACvD,CAAC;AAED,SAAS,0BAA0B,CAAC,OAAqB,EAAE,MAAwC;IAC/F,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;QACtB,OAAO,MAAM,CAAC,yBAAyB,CAAC;IAC5C,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC9C,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IACnE,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;IAChE,OAAO,eAAe,CAAC,QAAQ,EAAE,CAAC;AACtC,CAAC;AAED,KAAK,UAAU,eAAe,CAC1B,QAA0C,EAC1C,QAAgB,EAChB,MAAwC,EACxC,MAAoB;IAEpB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC;IACxD,IAAI,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC;IAErD,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,EAAE,CAAC;QAC5B,cAAc,CAAC,MAAM,CAAC,CAAC;QACvB,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;YAC7B,UAAU,EAAE,8CAA8C;YAC1D,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,SAAS,EAAE,QAAQ;SACtB,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,cAAc,EAAE;YAClD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,cAAc,EAAE,mCAAmC;aACtD;YACD,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;SACxB,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAgC,CAAC;YACvE,IAAI,CAAC,OAAO,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;gBACzF,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;YAC1E,CAAC;YACD,OAAO,OAA6B,CAAC;QACzC,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,KAAK,KAAK,uBAAuB,EAAE,CAAC;YACrE,MAAM,KAAK,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;YAChC,SAAS;QACb,CAAC;QACD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,KAAK,KAAK,WAAW,EAAE,CAAC;YACzD,UAAU,IAAI,IAAI,CAAC;YACnB,MAAM,KAAK,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;YAChC,SAAS;QACb,CAAC;QACD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,KAAK,KAAK,eAAe,EAAE,CAAC;YAC7D,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC9D,CAAC;QACD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,KAAK,KAAK,eAAe,EAAE,CAAC;YAC7D,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QAC3D,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,gCAAgC,QAAQ,CAAC,MAAM,MAAM,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAC1F,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;AAC3D,CAAC;AAED,KAAK,UAAU,oBAAoB,CAC/B,QAA0C,EAC1C,QAAgB,EAChB,YAAoB,EACpB,QAAgB,EAChB,SAAkB;IAElB,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC7B,UAAU,EAAE,eAAe;QAC3B,aAAa,EAAE,YAAY;QAC3B,SAAS,EAAE,QAAQ;QACnB,QAAQ;KACX,CAAC,CAAC;IACH,IAAI,SAAS,EAAE,CAAC;QACZ,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,aAAa,CAAC,QAAQ,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;AACxD,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,QAAgB,EAAE,IAAqB;IAChE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;QACnC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACL,MAAM,EAAE,kBAAkB;YAC1B,cAAc,EAAE,mCAAmC;SACtD;QACD,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;KACxB,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,gCAAgC,QAAQ,CAAC,MAAM,MAAM,MAAM,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC7G,CAAC;IAED,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAgC,CAAC;IACvE,IAAI,CAAC,OAAO,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;QACzF,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IAC1E,CAAC;IACD,OAAO,OAA6B,CAAC;AACzC,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,QAAkB;IAC9C,OAAO,CAAC,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC;AACpD,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,QAAkB;IAC5C,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,CAAC,IAAI,EAAE,CAAC;QACR,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,IAAI,eAAe,EAAE,CAAC;IAC/D,CAAC;IACD,IAAI,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;QAC3D,MAAM,KAAK,GAAG,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAC1E,IAAI,OAAO,MAAM,CAAC,iBAAiB,KAAK,QAAQ,EAAE,CAAC;YAC/C,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,CAAC,iBAAiB,EAAE,CAAC;QACxD,CAAC;QACD,IAAI,KAAK,EAAE,CAAC;YACR,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QACrC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACL,mCAAmC;IACvC,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC7B,CAAC;AAED,SAAS,cAAc,CAAC,MAAoB;IACxC,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC/C,CAAC;AACL,CAAC;AAED,KAAK,UAAU,KAAK,CAAC,YAAoB,EAAE,MAAoB;IAC3D,cAAc,CAAC,MAAM,CAAC,CAAC;IACvB,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACxC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,MAAM,EAAE,mBAAmB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC9C,OAAO,EAAE,CAAC;QACd,CAAC,EAAE,YAAY,CAAC,CAAC;QACjB,SAAS,OAAO;YACZ,YAAY,CAAC,OAAO,CAAC,CAAC;YACtB,MAAM,EAAE,mBAAmB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC9C,MAAM,CAAC,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC,CAAC;QACjD,CAAC;QACD,MAAM,EAAE,gBAAgB,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,iBAAiB,CACtB,OAAqB,EACrB,QAA4B,EAC5B,aAAqB,EACrB,aAAqB,EACrB,cAAsB;IAEtB,MAAM,IAAI,GAAG,aAAa,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;IAClD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC;IAChD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC;IAEhD,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,iBAAiB,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;QAC1E,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;IAClF,CAAC;IACD,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAC;IAC3F,CAAC;IAED,OAAO;QACH,OAAO,EAAE,OAAO,CAAC,IAAI;QACrB,OAAO;QACP,OAAO;QACP,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;QAC5C,eAAe,EAAE,OAAO,CAAC,eAAe;QACxC,gBAAgB,EAAE,cAAc;QAChC,KAAK,EAAE,QAAQ,CAAC,YAAY;QAC5B,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,aAAa,EAAE,QAAQ,CAAC,aAAa;QACrC,UAAU,EAAE,QAAQ,CAAC,UAAU;QAC/B,eAAe,EAAE,aAAa;QAC9B,cAAc,EAAE,aAAa;KAChC,CAAC;AACN,CAAC;AAED,SAAS,aAAa,CAAC,KAAyB;IAC5C,IAAI,CAAC,KAAK,EAAE,CAAC;QACT,OAAO,EAAE,CAAC;IACd,CAAC;IACD,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IAClD,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC1C,OAAO,EAAE,CAAC;IACd,CAAC;IACD,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IACvC,OAAO;QACH,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC,IAAI,eAAe,CAAC,OAAO,EAAE,YAAY,CAAC;QAChF,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC,IAAI,eAAe,CAAC,OAAO,EAAE,YAAY,CAAC;QAChF,QAAQ;KACX,CAAC;AACN,CAAC;AAED,SAAS,YAAY,CAAC,OAAe;IACjC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC7C,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC/B,OAAO,QAAQ,CAAC;IACpB,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC;QAClE,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;IACzD,CAAC;IACD,OAAO,SAAS,CAAC;AACrB,CAAC;AAED,SAAS,SAAS,CAAC,KAAa,EAAE,GAAW;IACzC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACtC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,KAAK,CAAC;IACjB,CAAC;IACD,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9D,OAAO,SAAS,CAAC;IACrB,CAAC;IACD,MAAM,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IACpC,OAAO,OAAO,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AACnD,CAAC;AAED,SAAS,eAAe,CAAC,KAAa,EAAE,GAAW;IAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACtC,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AACzD,CAAC"}

package/lib/profiles/server/cors.d.ts

@@ -1,3 +1,3 @@
-import { ServerResponse, IncomingMessage } from 'http';
+import type { IncomingMessage, ServerResponse } from 'node:http';
 export declare function handleCors(req: IncomingMessage, res: ServerResponse): boolean;
 //# sourceMappingURL=cors.d.ts.map

package/lib/profiles/server/cors.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cors.d.ts","sourceRoot":"","sources":["../../../src/profiles/server/cors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,MAAM,CAAC;AAUvD,wBAAgB,UAAU,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,WAYnE"}
+{"version":3,"file":"cors.d.ts","sourceRoot":"","sources":["../../../src/profiles/server/cors.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAUjE,wBAAgB,UAAU,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,WAYnE"}

package/lib/profiles/server/cors.js

@@ -3,7 +3,7 @@ const corsHeaders = {
     'Access-Control-Allow-Methods': 'OPTIONS, POST, GET',
     'Access-Control-Allow-Headers': 'Content-Type',
     'Access-Control-Allow-Private-Network': 'true', // Required for Chrome Private Network Access
-    'Access-Control-Max-Age': '86400' // 1 day
+    'Access-Control-Max-Age': '86400', // 1 day
 };
 export function handleCors(req, res) {
     if (req.method === 'OPTIONS') {

package/lib/profiles/server/cors.js.map

@@ -1 +1 @@
-{"version":3,"file":"cors.js","sourceRoot":"","sources":["../../../src/profiles/server/cors.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,GAA2B;IACxC,6BAA6B,EAAE,GAAG;IAClC,8BAA8B,EAAE,oBAAoB;IACpD,8BAA8B,EAAE,cAAc;IAC9C,sCAAsC,EAAE,MAAM,EAAE,6CAA6C;IAC7F,wBAAwB,EAAE,OAAO,CAAC,QAAQ;CAC7C,CAAC;AAEF,MAAM,UAAU,UAAU,CAAC,GAAoB,EAAE,GAAmB;IAChE,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAC3B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAChC,GAAG,CAAC,GAAG,EAAE,CAAC;QACV,OAAO,IAAI,CAAC;IAChB,CAAC;SAAM,CAAC;QACJ,yEAAyE;QACzE,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;YACrD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC9B,CAAC;IACL,CAAC;IACD,OAAO,KAAK,CAAC;AACjB,CAAC"}
+{"version":3,"file":"cors.js","sourceRoot":"","sources":["../../../src/profiles/server/cors.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,GAA2B;IACxC,6BAA6B,EAAE,GAAG;IAClC,8BAA8B,EAAE,oBAAoB;IACpD,8BAA8B,EAAE,cAAc;IAC9C,sCAAsC,EAAE,MAAM,EAAE,6CAA6C;IAC7F,wBAAwB,EAAE,OAAO,EAAE,QAAQ;CAC9C,CAAC;AAEF,MAAM,UAAU,UAAU,CAAC,GAAoB,EAAE,GAAmB;IAChE,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAC3B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAChC,GAAG,CAAC,GAAG,EAAE,CAAC;QACV,OAAO,IAAI,CAAC;IAChB,CAAC;SAAM,CAAC;QACJ,yEAAyE;QACzE,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;YACrD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC9B,CAAC;IACL,CAAC;IACD,OAAO,KAAK,CAAC;AACjB,CAAC"}

package/lib/profiles/server/index.d.ts

@@ -6,7 +6,15 @@ export interface ConfigPayload {
 export interface ConfigResult extends Required<ConfigPayload> {
     studio_server_url: string;
     zeno_server_url: string;
+    oauth_server_url?: string;
     token: string;
+    id_token?: string;
+    refresh_token?: string;
+    expires_in?: number;
+    access_token_expires_at?: number;
+    refresh_token_expires_at?: number;
+    oauth_client_id?: string;
+    oauth_resource?: string;
 }
-export declare function startConfigSession(config_url: string, payload: ConfigPayload, callback: (response: ConfigResult | undefined) => void, signal?: AbortSignal): Promise<void>;
+export declare function startConfigSession(config_url: string, payload: ConfigPayload, callback: (response: ConfigResult | undefined) => void | Promise<void>, signal?: AbortSignal): Promise<void>;
 //# sourceMappingURL=index.d.ts.map

package/lib/profiles/server/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/profiles/server/index.ts"],"names":[],"mappings":"AAUA,MAAM,WAAW,aAAa;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,YAAa,SAAQ,QAAQ,CAAC,aAAa,CAAC;IACzD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,KAAK,EAAE,MAAM,CAAC;CACjB;AAGD,wBAAsB,kBAAkB,CACpC,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,aAAa,EACtB,QAAQ,EAAE,CAAC,QAAQ,EAAE,YAAY,GAAG,SAAS,KAAK,IAAI,EACtD,MAAM,CAAC,EAAE,WAAW,iBA2IvB"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/profiles/server/index.ts"],"names":[],"mappings":"AASA,MAAM,WAAW,aAAa;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,YAAa,SAAQ,QAAQ,CAAC,aAAa,CAAC;IACzD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,cAAc,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,wBAAsB,kBAAkB,CACpC,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,aAAa,EACtB,QAAQ,EAAE,CAAC,QAAQ,EAAE,YAAY,GAAG,SAAS,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,EACtE,MAAM,CAAC,EAAE,WAAW,iBAsLvB"}