@vybestack/llxprt-code-auth 0.10.0-nightly.260613.1adad3b34

package/dist/src/flows/codex-device-flow.js

@@ -0,0 +1,437 @@
+/**
+ * @license
+ * Copyright 2025 Vybestack LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { randomBytes, createHash } from 'crypto';
+import { CodexOAuthTokenSchema, CodexTokenResponseSchema, } from '../types.js';
+import { z } from 'zod';
+/**
+ * Codex-specific OAuth configuration
+ * Exported for reuse by CLI and other consumers to ensure single source of truth
+ */
+export const CODEX_CONFIG = {
+    clientId: 'app_EMoamEEZ73f0CkXaXp7hrann',
+    issuer: 'https://auth.openai.com',
+    tokenEndpoint: 'https://auth.openai.com/oauth/token',
+    authorizationEndpoint: 'https://auth.openai.com/oauth/authorize',
+    deviceAuthUserCodeEndpoint: 'https://auth.openai.com/api/accounts/deviceauth/usercode',
+    deviceAuthTokenEndpoint: 'https://auth.openai.com/api/accounts/deviceauth/token',
+    deviceAuthCallbackUri: 'https://auth.openai.com/deviceauth/callback',
+    scopes: ['openid', 'profile', 'email', 'offline_access'],
+    originator: 'codex_cli_rs',
+};
+/**
+ * JWT payload schema for account_id extraction
+ * Handles multiple possible locations of account_id in the JWT
+ */
+const JwtPayloadSchema = z.object({
+    'https://api.openai.com/auth': z
+        .object({
+        chatgpt_account_id: z.string().optional(),
+        account_id: z.string().optional(),
+    })
+        .optional(),
+    account_id: z.string().optional(),
+});
+/**
+ * Codex OAuth PKCE flow implementation
+ * Implements OAuth 2.0 Authorization Code flow with PKCE for Codex authentication
+ */
+export class CodexDeviceFlow {
+    logger;
+    codeVerifiers = new Map();
+    static NO_OP_LOGGER = {
+        debug: () => { },
+        error: () => { },
+        warn: () => { },
+        log: () => { },
+    };
+    constructor(options) {
+        this.logger = options?.logger ?? CodexDeviceFlow.NO_OP_LOGGER;
+    }
+    /**
+     * Build authorization URL for browser-based OAuth flow
+     * @param redirectUri Callback URL for OAuth redirect
+     * @param state Random state parameter for CSRF protection
+     * @returns Authorization URL to open in browser
+     */
+    buildAuthorizationUrl(redirectUri, state) {
+        this.logger.debug(() => `[FLOW] buildAuthorizationUrl() called with redirectUri=${redirectUri}, state=${state.substring(0, 8)}...`);
+        const { verifier, challenge } = this.generatePKCE();
+        this.logger.debug(() => `[FLOW] PKCE generated: verifier length=${verifier.length}, challenge length=${challenge.length}`);
+        this.codeVerifiers.set(state, verifier);
+        this.logger.debug(() => `[FLOW] Stored PKCE verifier for state, codeVerifiers.size=${this.codeVerifiers.size}`);
+        // Manually construct query string to use %20 for spaces (not +)
+        // This ensures proper parsing with decodeURIComponent
+        // Include all required params per shell-scripts/codex-oauth.sh
+        const params = [
+            `response_type=code`,
+            `client_id=${encodeURIComponent(CODEX_CONFIG.clientId)}`,
+            `redirect_uri=${encodeURIComponent(redirectUri)}`,
+            `scope=${encodeURIComponent(CODEX_CONFIG.scopes.join(' '))}`,
+            `code_challenge=${encodeURIComponent(challenge)}`,
+            `code_challenge_method=S256`,
+            `id_token_add_organizations=true`,
+            `codex_cli_simplified_flow=true`,
+            `state=${encodeURIComponent(state)}`,
+            `originator=${encodeURIComponent(CODEX_CONFIG.originator)}`,
+            `theme=dark`,
+        ].join('&');
+        this.logger.debug('[FLOW] Built authorization URL with PKCE S256');
+        return `${CODEX_CONFIG.authorizationEndpoint}?${params}`;
+    }
+    /**
+     * Exchange authorization code for OAuth tokens
+     * @param authCode Authorization code from OAuth callback
+     * @param redirectUri Callback URL (must match the one used in authorization request)
+     * @param state State parameter from OAuth callback
+     * @returns Validated CodexOAuthToken with account_id
+     * @throws Error if code verifier not found for state or token exchange fails
+     */
+    async exchangeCodeForToken(authCode, redirectUri, state) {
+        this.logger.debug(() => `[FLOW] exchangeCodeForToken() called with code=${authCode.substring(0, 10)}..., redirectUri=${redirectUri}, state=${state.substring(0, 8)}...`);
+        const codeVerifier = this.codeVerifiers.get(state);
+        if (!codeVerifier) {
+            this.logger.debug(() => `[FLOW] PKCE verifier NOT FOUND for state! Available states: ${Array.from(this.codeVerifiers.keys())
+                .map((k) => k.substring(0, 8))
+                .join(', ')}`);
+            throw new Error(`PKCE code verifier not found for state: ${state}`);
+        }
+        this.logger.debug(() => `[FLOW] Found PKCE verifier for state, length=${codeVerifier.length}`);
+        const tokenResponse = await this.performTokenExchange(authCode, redirectUri, codeVerifier);
+        const codexToken = this.buildCodexToken(tokenResponse);
+        this.codeVerifiers.delete(state);
+        this.logger.debug(() => `[FLOW] Cleaned up PKCE verifier, remaining: ${this.codeVerifiers.size}`);
+        return codexToken;
+    }
+    /**
+     * POST to the token endpoint and return a validated CodexTokenResponse.
+     * @throws Error if the HTTP request fails or the response is not OK
+     */
+    async performTokenExchange(authCode, redirectUri, codeVerifier) {
+        this.logger.debug(() => `[FLOW] Making token exchange request to ${CODEX_CONFIG.tokenEndpoint}`);
+        const response = await fetch(CODEX_CONFIG.tokenEndpoint, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/x-www-form-urlencoded',
+                Accept: 'application/json',
+            },
+            body: new URLSearchParams({
+                grant_type: 'authorization_code',
+                code: authCode,
+                redirect_uri: redirectUri,
+                client_id: CODEX_CONFIG.clientId,
+                code_verifier: codeVerifier,
+            }).toString(),
+        });
+        this.logger.debug(() => `[FLOW] Token exchange response status: ${response.status}`);
+        if (!response.ok) {
+            const errorText = await response.text();
+            this.logger.debug(`[FLOW] Token exchange FAILED: ${errorText}`);
+            throw new Error(`Token exchange failed: ${response.status} ${errorText}`);
+        }
+        const data = await response.json();
+        this.logger.debug(() => `[FLOW] Token response received, keys: ${Object.keys(data).join(', ')}`);
+        const tokenResponse = CodexTokenResponseSchema.parse(data);
+        this.logger.debug(() => `[FLOW] Token response validated: has_id_token=${!!tokenResponse.id_token}, has_refresh_token=${!!tokenResponse.refresh_token}, expires_in=${tokenResponse.expires_in}`);
+        return tokenResponse;
+    }
+    /**
+     * Validate token response, extract account_id, and build a CodexOAuthToken.
+     * @throws Error if id_token is missing or account_id cannot be extracted
+     */
+    buildCodexToken(tokenResponse) {
+        // Extract account_id from id_token JWT
+        this.logger.debug('[FLOW] Extracting account_id from id_token...');
+        const accountId = tokenResponse.id_token
+            ? this.extractAccountIdFromIdToken(tokenResponse.id_token)
+            : this.throwMissingAccountId();
+        this.logger.debug(() => `[FLOW] Extracted account_id: ${accountId.substring(0, 8)}...`);
+        // Build validated Codex token - use Unix timestamp in SECONDS (not milliseconds)
+        const now = Math.floor(Date.now() / 1000);
+        // expires_in 0 is invalid, treat nullish/NaN/0 as default 1 hour
+        const rawExpiresIn = tokenResponse.expires_in;
+        const expiresIn = typeof rawExpiresIn === 'number' &&
+            !Number.isNaN(rawExpiresIn) &&
+            rawExpiresIn !== 0
+            ? rawExpiresIn
+            : 3600;
+        const expiry = now + expiresIn;
+        this.logger.debug(() => `[FLOW] Building CodexOAuthToken with expiry=${expiry} (in ${expiresIn}s)`);
+        const codexToken = CodexOAuthTokenSchema.parse({
+            access_token: tokenResponse.access_token,
+            token_type: tokenResponse.token_type,
+            expiry,
+            refresh_token: tokenResponse.refresh_token,
+            account_id: accountId,
+            id_token: tokenResponse.id_token,
+        });
+        this.logger.debug(() => `[FLOW] Token exchange successful! account_id=${accountId.substring(0, 8)}..., token_type=${codexToken.token_type}`);
+        return codexToken;
+    }
+    /**
+     * Refresh an expired access token using refresh token
+     * @param refreshToken Valid refresh token
+     * @returns New CodexOAuthToken with updated expiry
+     * @throws Error if refresh fails or id_token missing
+     */
+    async refreshToken(refreshToken) {
+        this.logger.debug('Refreshing expired token');
+        const response = await fetch(CODEX_CONFIG.tokenEndpoint, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/x-www-form-urlencoded',
+                Accept: 'application/json',
+            },
+            body: new URLSearchParams({
+                grant_type: 'refresh_token',
+                refresh_token: refreshToken,
+                client_id: CODEX_CONFIG.clientId,
+            }).toString(),
+        });
+        if (!response.ok) {
+            throw new Error(`Token refresh failed: ${response.status}`);
+        }
+        const data = await response.json();
+        const tokenResponse = CodexTokenResponseSchema.parse(data);
+        // Extract account_id from new id_token if available
+        // For refresh flows, OpenAI may not always return a new id_token,
+        // so we allow undefined here (caller should preserve original account_id)
+        const accountId = tokenResponse.id_token
+            ? this.extractAccountIdFromIdToken(tokenResponse.id_token)
+            : undefined;
+        // Use Unix timestamp in SECONDS
+        const now = Math.floor(Date.now() / 1000);
+        // expires_in 0 is invalid, treat nullish/NaN/0 as default 1 hour
+        const rawExpiresIn = tokenResponse.expires_in;
+        const expiresIn = typeof rawExpiresIn === 'number' &&
+            !Number.isNaN(rawExpiresIn) &&
+            rawExpiresIn !== 0
+            ? rawExpiresIn
+            : 3600;
+        const expiry = now + expiresIn;
+        return CodexOAuthTokenSchema.parse({
+            access_token: tokenResponse.access_token,
+            token_type: tokenResponse.token_type,
+            expiry,
+            refresh_token: tokenResponse.refresh_token ?? refreshToken,
+            account_id: accountId,
+            id_token: tokenResponse.id_token,
+        });
+    }
+    /**
+     * Extract account_id from id_token JWT without external libraries
+     * JWT format: header.payload.signature (base64url encoded)
+     * @param idToken JWT id_token from OAuth response
+     * @returns account_id extracted from JWT claims
+     * @throws Error if JWT format invalid or account_id not found
+     */
+    extractAccountIdFromIdToken(idToken) {
+        const parts = idToken.split('.');
+        if (parts.length !== 3) {
+            throw new Error('Invalid JWT format: expected 3 parts');
+        }
+        // Decode payload (middle part) from base64url
+        const payload = parts[1];
+        const decoded = Buffer.from(payload, 'base64url').toString('utf-8');
+        // Parse and validate with Zod
+        const parsedPayload = JSON.parse(decoded);
+        const validated = JwtPayloadSchema.parse(parsedPayload);
+        // Extract account_id from OpenAI-specific claim or root
+        /* eslint-disable @typescript-eslint/prefer-nullish-coalescing -- intentional falsy coalescing: empty string account_id from JWT claims should fall through to next option */
+        const accountId = validated['https://api.openai.com/auth']?.chatgpt_account_id ||
+            validated['https://api.openai.com/auth']?.account_id ||
+            validated.account_id;
+        /* eslint-enable @typescript-eslint/prefer-nullish-coalescing */
+        if (!accountId) {
+            throw new Error('No account_id found in id_token JWT claims');
+        }
+        return accountId;
+    }
+    /**
+     * Helper to throw error when id_token is missing
+     * @throws Error indicating id_token required
+     */
+    throwMissingAccountId() {
+        throw new Error('Cannot extract account_id: id_token missing from token response');
+    }
+    /**
+     * Request a user code for device authorization flow (browserless authentication)
+     * @returns Device code response with user_code and device_auth_id
+     */
+    async requestDeviceCode() {
+        this.logger.debug(() => `[DEVICE] Requesting user code from ${CODEX_CONFIG.deviceAuthUserCodeEndpoint}`);
+        this.logger.debug(() => `[DEVICE] Using client_id: ${CODEX_CONFIG.clientId}`);
+        const response = await globalThis.fetch(CODEX_CONFIG.deviceAuthUserCodeEndpoint, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({
+                client_id: CODEX_CONFIG.clientId,
+            }),
+        });
+        if (!response.ok) {
+            if (response.status === 404) {
+                throw new Error('Device code authorization is not enabled for this Codex server');
+            }
+            const errorText = await response.text();
+            this.logger.debug(() => `[DEVICE] User code request FAILED: ${errorText}`);
+            throw new Error(`User code request failed: ${response.status} ${errorText}`);
+        }
+        const data = await response.json();
+        // Log only non-sensitive keys to avoid exposing auth data
+        this.logger.debug(() => `[DEVICE] User code response keys: ${Object.keys(data).join(', ')}`);
+        // Parse the response
+        const UserCodeResponseSchema = z.object({
+            device_auth_id: z.string(),
+            user_code: z.string(),
+            interval: z
+                .union([z.number(), z.string()])
+                .transform((val) => typeof val === 'string' ? parseInt(val.trim(), 10) : val)
+                .optional()
+                .default(5),
+        });
+        const result = UserCodeResponseSchema.parse(data);
+        this.logger.debug(`[DEVICE] Received user code: ${result.user_code}`);
+        return result;
+    }
+    /**
+     * Poll for token using device authorization
+     * @param deviceAuthId Device authorization ID
+     * @param userCode User code from device flow
+     * @param intervalSeconds Polling interval in seconds
+     * @returns Authorization code and PKCE codes for token exchange
+     */
+    async pollForDeviceToken(deviceAuthId, userCode, intervalSeconds = 5) {
+        this.logger.debug('[DEVICE] Starting device token polling');
+        const maxWaitMs = 15 * 60 * 1000; // 15 minutes
+        const startTime = Date.now();
+        const intervalMs = intervalSeconds * 1000;
+        // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- Device-flow polling intentionally loops until timeout, authorization, or terminal error.
+        while (true) {
+            if (Date.now() - startTime >= maxWaitMs) {
+                throw new Error('Device authorization timed out after 15 minutes');
+            }
+            this.logger.debug(() => `[DEVICE] Polling ${CODEX_CONFIG.deviceAuthTokenEndpoint} with device_auth_id=${deviceAuthId}, user_code=${userCode}`);
+            const response = await globalThis.fetch(CODEX_CONFIG.deviceAuthTokenEndpoint, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify({
+                    device_auth_id: deviceAuthId,
+                    user_code: userCode,
+                }),
+            });
+            const responseText = await response.text();
+            // Log status only, not the full response body which may contain sensitive data
+            this.logger.debug(() => `[DEVICE] Poll response status: ${response.status}`);
+            if (response.ok) {
+                let data;
+                try {
+                    data = JSON.parse(responseText);
+                }
+                catch (parseError) {
+                    this.logger.debug(() => `[DEVICE] Failed to parse response as JSON: ${parseError}`);
+                    throw new Error(`Failed to parse device token response: ${responseText}`);
+                }
+                // Log only non-sensitive keys to avoid exposing auth data
+                this.logger.debug(() => `[DEVICE] Token polling successful, keys: ${Object.keys(data).join(', ')}`);
+                // Parse the successful response - includes authorization_code for token exchange
+                const CodeSuccessResponseSchema = z.object({
+                    authorization_code: z.string(),
+                    code_verifier: z.string(),
+                    code_challenge: z.string(),
+                });
+                return CodeSuccessResponseSchema.parse(data);
+            }
+            // 403 or 404 means still waiting for user authorization
+            if (response.status === 403 || response.status === 404) {
+                this.logger.debug(() => `[DEVICE] User hasn't authorized yet (${response.status}), waiting ${intervalMs}ms...`);
+                await new Promise((resolve) => setTimeout(resolve, intervalMs));
+                continue;
+            }
+            // Any other status is an error
+            this.logger.debug(`[DEVICE] Token polling FAILED: ${responseText}`);
+            throw new Error(`Device authorization failed: ${response.status} ${responseText}`);
+        }
+    }
+    /**
+     * Complete device authorization flow by exchanging authorization code for tokens
+     * @param authorizationCode Authorization code from polling response
+     * @param codeVerifier PKCE code verifier from polling response
+     * @param redirectUri OAuth redirect URI
+     * @returns Complete OAuth token with access_token, refresh_token, etc.
+     */
+    async completeDeviceAuth(authorizationCode, codeVerifier, redirectUri) {
+        this.logger.debug(() => '[DEVICE] Completing device authorization with code exchange');
+        this.logger.debug(() => `[DEVICE] authCode=${authorizationCode.substring(0, 15)}..., redirectUri=${redirectUri}`);
+        // For device flow, we have the code_verifier directly from OpenAI's response
+        // instead of looking it up from our PKCE state map
+        this.logger.debug(() => `[DEVICE] Making token exchange request to ${CODEX_CONFIG.tokenEndpoint}`);
+        const response = await fetch(CODEX_CONFIG.tokenEndpoint, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/x-www-form-urlencoded',
+                Accept: 'application/json',
+            },
+            body: new URLSearchParams({
+                grant_type: 'authorization_code',
+                code: authorizationCode,
+                redirect_uri: redirectUri,
+                client_id: CODEX_CONFIG.clientId,
+                code_verifier: codeVerifier,
+            }).toString(),
+        });
+        this.logger.debug(() => `[DEVICE] Token exchange response status: ${response.status}`);
+        if (!response.ok) {
+            const errorText = await response.text();
+            this.logger.debug(`[DEVICE] Token exchange FAILED: ${errorText}`);
+            throw new Error(`Token exchange failed: ${response.status} ${errorText}`);
+        }
+        const data = await response.json();
+        this.logger.debug(() => `[DEVICE] Token response received, keys: ${Object.keys(data).join(', ')}`);
+        // Validate with Zod schema
+        const tokenResponse = CodexTokenResponseSchema.parse(data);
+        this.logger.debug(() => `[DEVICE] Token response validated: has_id_token=${!!tokenResponse.id_token}, has_refresh_token=${!!tokenResponse.refresh_token}, expires_in=${tokenResponse.expires_in}`);
+        // Extract account_id from id_token JWT
+        this.logger.debug('[DEVICE] Extracting account_id from id_token...');
+        const accountId = tokenResponse.id_token
+            ? this.extractAccountIdFromIdToken(tokenResponse.id_token)
+            : this.throwMissingAccountId();
+        this.logger.debug(() => `[DEVICE] Extracted account_id: ${accountId.substring(0, 8)}...`);
+        // Build and return the CodexOAuthToken
+        const now = Date.now();
+        // expires_in 0 is invalid, treat nullish/NaN/0 as default 1 hour
+        const rawExpiresIn = tokenResponse.expires_in;
+        const expiresIn = typeof rawExpiresIn === 'number' &&
+            !Number.isNaN(rawExpiresIn) &&
+            rawExpiresIn !== 0
+            ? rawExpiresIn
+            : 3600;
+        const token = CodexOAuthTokenSchema.parse({
+            access_token: tokenResponse.access_token,
+            refresh_token: tokenResponse.refresh_token,
+            id_token: tokenResponse.id_token,
+            token_type: tokenResponse.token_type,
+            expiry: Math.floor(now / 1000) + expiresIn,
+            account_id: accountId,
+        });
+        this.logger.debug(() => '[DEVICE] Device authorization completed successfully');
+        return token;
+    }
+    /**
+     * Generate PKCE code verifier and challenge
+     * @returns Object containing verifier and challenge strings
+     */
+    generatePKCE() {
+        // Generate 64 random bytes for verifier (matches shell script and Rust CLI)
+        const verifier = randomBytes(64).toString('base64url');
+        // Create SHA-256 hash of verifier for challenge (S256 method)
+        const challenge = createHash('sha256').update(verifier).digest('base64url');
+        return { verifier, challenge };
+    }
+}
+//# sourceMappingURL=codex-device-flow.js.map

package/dist/src/flows/codex-device-flow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"codex-device-flow.js","sourceRoot":"","sources":["../../../src/flows/codex-device-flow.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEjD,OAAO,EACL,qBAAqB,EACrB,wBAAwB,GAEzB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;GAGG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,QAAQ,EAAE,8BAA8B;IACxC,MAAM,EAAE,yBAAyB;IACjC,aAAa,EAAE,qCAAqC;IACpD,qBAAqB,EAAE,yCAAyC;IAChE,0BAA0B,EACxB,0DAA0D;IAC5D,uBAAuB,EACrB,uDAAuD;IACzD,qBAAqB,EAAE,6CAA6C;IACpE,MAAM,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,gBAAgB,CAAC;IACxD,UAAU,EAAE,cAAc;CAClB,CAAC;AAEX;;;GAGG;AACH,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,6BAA6B,EAAE,CAAC;SAC7B,MAAM,CAAC;QACN,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACzC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAClC,CAAC;SACD,QAAQ,EAAE;IACb,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAClC,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,OAAO,eAAe;IAClB,MAAM,CAAe;IACrB,aAAa,GAAwB,IAAI,GAAG,EAAE,CAAC;IAE/C,MAAM,CAAU,YAAY,GAAiB;QACnD,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;QACf,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;QACf,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC;QACd,GAAG,EAAE,GAAG,EAAE,GAAE,CAAC;KACd,CAAC;IAEF,YAAY,OAAmC;QAC7C,IAAI,CAAC,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,eAAe,CAAC,YAAY,CAAC;IAChE,CAAC;IAED;;;;;OAKG;IACH,qBAAqB,CAAC,WAAmB,EAAE,KAAa;QACtD,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CACH,0DAA0D,WAAW,WAAW,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAC7G,CAAC;QACF,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QACpD,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CACH,0CAA0C,QAAQ,CAAC,MAAM,sBAAsB,SAAS,CAAC,MAAM,EAAE,CACpG,CAAC;QACF,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QACxC,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CACH,6DAA6D,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,CACzF,CAAC;QACF,gEAAgE;QAChE,sDAAsD;QACtD,+DAA+D;QAC/D,MAAM,MAAM,GAAG;YACb,oBAAoB;YACpB,aAAa,kBAAkB,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE;YACxD,gBAAgB,kBAAkB,CAAC,WAAW,CAAC,EAAE;YACjD,SAAS,kBAAkB,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE;YAC5D,kBAAkB,kBAAkB,CAAC,SAAS,CAAC,EAAE;YACjD,4BAA4B;YAC5B,iCAAiC;YACjC,gCAAgC;YAChC,SAAS,kBAAkB,CAAC,KAAK,CAAC,EAAE;YACpC,cAAc,kBAAkB,CAAC,YAAY,CAAC,UAAU,CAAC,EAAE;YAC3D,YAAY;SACb,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACZ,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,OAAO,GAAG,YAAY,CAAC,qBAAqB,IAAI,MAAM,EAAE,CAAC;IAC3D,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,oBAAoB,CACxB,QAAgB,EAChB,WAAmB,EACnB,KAAa;QAEb,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CACH,kDAAkD,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,oBAAoB,WAAW,WAAW,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAClJ,CAAC;QAEF,MAAM,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnD,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CACH,+DAA+D,KAAK,CAAC,IAAI,CACvE,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,CAC1B;iBACE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;iBAC7B,IAAI,CAAC,IAAI,CAAC,EAAE,CAClB,CAAC;YACF,MAAM,IAAI,KAAK,CAAC,2CAA2C,KAAK,EAAE,CAAC,CAAC;QACtE,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CACH,gDAAgD,YAAY,CAAC,MAAM,EAAE,CACxE,CAAC;QAEF,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,oBAAoB,CACnD,QAAQ,EACR,WAAW,EACX,YAAY,CACb,CAAC;QACF,MAAM,UAAU,GAAG,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;QAEvD,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACjC,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CACH,+CAA+C,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,CAC3E,CAAC;QAEF,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,oBAAoB,CAChC,QAAgB,EAChB,WAAmB,EACnB,YAAoB;QAEpB,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CACH,2CAA2C,YAAY,CAAC,aAAa,EAAE,CAC1E,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,aAAa,EAAE;YACvD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;gBACnD,MAAM,EAAE,kBAAkB;aAC3B;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,UAAU,EAAE,oBAAoB;gBAChC,IAAI,EAAE,QAAQ;gBACd,YAAY,EAAE,WAAW;gBACzB,SAAS,EAAE,YAAY,CAAC,QAAQ;gBAChC,aAAa,EAAE,YAAY;aAC5B,CAAC,CAAC,QAAQ,EAAE;SACd,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CAAC,0CAA0C,QAAQ,CAAC,MAAM,EAAE,CAClE,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACxC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iCAAiC,SAAS,EAAE,CAAC,CAAC;YAChE,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;QAC5E,CAAC;QAED,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC5C,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CACH,yCAAyC,MAAM,CAAC,IAAI,CAAC,IAAc,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACpF,CAAC;QAEF,MAAM,aAAa,GAAG,wBAAwB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3D,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CACH,iDAAiD,CAAC,CAAC,aAAa,CAAC,QAAQ,uBAAuB,CAAC,CAAC,aAAa,CAAC,aAAa,gBAAgB,aAAa,CAAC,UAAU,EAAE,CAC1K,CAAC;QACF,OAAO,aAAa,CAAC;IACvB,CAAC;IAED;;;OAGG;IACK,eAAe,CACrB,aAAuD;QAEvD,uCAAuC;QACvC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,MAAM,SAAS,GAAG,aAAa,CAAC,QAAQ;YACtC,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,aAAa,CAAC,QAAQ,CAAC;YAC1D,CAAC,CAAC,IAAI,CAAC,qBAAqB,EAAE,CAAC;QACjC,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CAAC,gCAAgC,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CACrE,CAAC;QAEF,iFAAiF;QACjF,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,iEAAiE;QACjE,MAAM,YAAY,GAAG,aAAa,CAAC,UAAU,CAAC;QAC9C,MAAM,SAAS,GACb,OAAO,YAAY,KAAK,QAAQ;YAChC,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC;YAC3B,YAAY,KAAK,CAAC;YAChB,CAAC,CAAC,YAAY;YACd,CAAC,CAAC,IAAI,CAAC;QACX,MAAM,MAAM,GAAG,GAAG,GAAG,SAAS,CAAC;QAE/B,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CACH,+CAA+C,MAAM,QAAQ,SAAS,IAAI,CAC7E,CAAC;QAEF,MAAM,UAAU,GAAoB,qBAAqB,CAAC,KAAK,CAAC;YAC9D,YAAY,EAAE,aAAa,CAAC,YAAY;YACxC,UAAU,EAAE,aAAa,CAAC,UAAU;YACpC,MAAM;YACN,aAAa,EAAE,aAAa,CAAC,aAAa;YAC1C,UAAU,EAAE,SAAS;YACrB,QAAQ,EAAE,aAAa,CAAC,QAAQ;SACjC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CACH,gDAAgD,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,mBAAmB,UAAU,CAAC,UAAU,EAAE,CACtH,CAAC;QAEF,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,YAAY,CAAC,YAAoB;QACrC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAE9C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,aAAa,EAAE;YACvD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;gBACnD,MAAM,EAAE,kBAAkB;aAC3B;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,UAAU,EAAE,eAAe;gBAC3B,aAAa,EAAE,YAAY;gBAC3B,SAAS,EAAE,YAAY,CAAC,QAAQ;aACjC,CAAC,CAAC,QAAQ,EAAE;SACd,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QAC9D,CAAC;QAED,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC5C,MAAM,aAAa,GAAG,wBAAwB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE3D,oDAAoD;QACpD,kEAAkE;QAClE,0EAA0E;QAC1E,MAAM,SAAS,GAAG,aAAa,CAAC,QAAQ;YACtC,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,aAAa,CAAC,QAAQ,CAAC;YAC1D,CAAC,CAAC,SAAS,CAAC;QAEd,gCAAgC;QAChC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,iEAAiE;QACjE,MAAM,YAAY,GAAG,aAAa,CAAC,UAAU,CAAC;QAC9C,MAAM,SAAS,GACb,OAAO,YAAY,KAAK,QAAQ;YAChC,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC;YAC3B,YAAY,KAAK,CAAC;YAChB,CAAC,CAAC,YAAY;YACd,CAAC,CAAC,IAAI,CAAC;QACX,MAAM,MAAM,GAAG,GAAG,GAAG,SAAS,CAAC;QAE/B,OAAO,qBAAqB,CAAC,KAAK,CAAC;YACjC,YAAY,EAAE,aAAa,CAAC,YAAY;YACxC,UAAU,EAAE,aAAa,CAAC,UAAU;YACpC,MAAM;YACN,aAAa,EAAE,aAAa,CAAC,aAAa,IAAI,YAAY;YAC1D,UAAU,EAAE,SAAS;YACrB,QAAQ,EAAE,aAAa,CAAC,QAAQ;SACjC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACK,2BAA2B,CAAC,OAAe;QACjD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;QAED,8CAA8C;QAC9C,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACzB,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAEpE,8BAA8B;QAC9B,MAAM,aAAa,GAAY,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnD,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAExD,wDAAwD;QACxD,6KAA6K;QAC7K,MAAM,SAAS,GACb,SAAS,CAAC,6BAA6B,CAAC,EAAE,kBAAkB;YAC5D,SAAS,CAAC,6BAA6B,CAAC,EAAE,UAAU;YACpD,SAAS,CAAC,UAAU,CAAC;QACvB,gEAAgE;QAEhE,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;OAGG;IACK,qBAAqB;QAC3B,MAAM,IAAI,KAAK,CACb,iEAAiE,CAClE,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,iBAAiB;QAKrB,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CACH,sCAAsC,YAAY,CAAC,0BAA0B,EAAE,CAClF,CAAC;QACF,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CAAC,6BAA6B,YAAY,CAAC,QAAQ,EAAE,CAC3D,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,KAAK,CACrC,YAAY,CAAC,0BAA0B,EACvC;YACE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,SAAS,EAAE,YAAY,CAAC,QAAQ;aACjC,CAAC;SACH,CACF,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,MAAM,IAAI,KAAK,CACb,gEAAgE,CACjE,CAAC;YACJ,CAAC;YACD,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACxC,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CAAC,sCAAsC,SAAS,EAAE,CACxD,CAAC;YACF,MAAM,IAAI,KAAK,CACb,6BAA6B,QAAQ,CAAC,MAAM,IAAI,SAAS,EAAE,CAC5D,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC5C,0DAA0D;QAC1D,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CACH,qCAAqC,MAAM,CAAC,IAAI,CAAC,IAAc,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAChF,CAAC;QAEF,qBAAqB;QACrB,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;YACtC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE;YAC1B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;YACrB,QAAQ,EAAE,CAAC;iBACR,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;iBAC/B,SAAS,CAAC,CAAC,GAAG,EAAE,EAAE,CACjB,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CACzD;iBACA,QAAQ,EAAE;iBACV,OAAO,CAAC,CAAC,CAAC;SACd,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,sBAAsB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAElD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gCAAgC,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;QAEtE,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,kBAAkB,CACtB,YAAoB,EACpB,QAAgB,EAChB,kBAA0B,CAAC;QAM3B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAE5D,MAAM,SAAS,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,aAAa;QAC/C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,UAAU,GAAG,eAAe,GAAG,IAAI,CAAC;QAE1C,mKAAmK;QACnK,OAAO,IAAI,EAAE,CAAC;YACZ,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,IAAI,SAAS,EAAE,CAAC;gBACxC,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACrE,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CACH,oBAAoB,YAAY,CAAC,uBAAuB,wBAAwB,YAAY,eAAe,QAAQ,EAAE,CACxH,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,KAAK,CACrC,YAAY,CAAC,uBAAuB,EACpC;gBACE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;iBACnC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,cAAc,EAAE,YAAY;oBAC5B,SAAS,EAAE,QAAQ;iBACpB,CAAC;aACH,CACF,CAAC;YAEF,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAC3C,+EAA+E;YAC/E,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CAAC,kCAAkC,QAAQ,CAAC,MAAM,EAAE,CAC1D,CAAC;YAEF,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,IAAI,IAAa,CAAC;gBAClB,IAAI,CAAC;oBACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;gBAClC,CAAC;gBAAC,OAAO,UAAU,EAAE,CAAC;oBACpB,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CAAC,8CAA8C,UAAU,EAAE,CACjE,CAAC;oBACF,MAAM,IAAI,KAAK,CACb,0CAA0C,YAAY,EAAE,CACzD,CAAC;gBACJ,CAAC;gBAED,0DAA0D;gBAC1D,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CACH,4CAA4C,MAAM,CAAC,IAAI,CAAC,IAAc,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACvF,CAAC;gBAEF,iFAAiF;gBACjF,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;oBACzC,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE;oBAC9B,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE;oBACzB,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE;iBAC3B,CAAC,CAAC;gBAEH,OAAO,yBAAyB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC/C,CAAC;YAED,wDAAwD;YACxD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACvD,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CACH,wCAAwC,QAAQ,CAAC,MAAM,cAAc,UAAU,OAAO,CACzF,CAAC;gBACF,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC;gBAChE,SAAS;YACX,CAAC;YAED,+BAA+B;YAC/B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kCAAkC,YAAY,EAAE,CAAC,CAAC;YACpE,MAAM,IAAI,KAAK,CACb,gCAAgC,QAAQ,CAAC,MAAM,IAAI,YAAY,EAAE,CAClE,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,kBAAkB,CACtB,iBAAyB,EACzB,YAAoB,EACpB,WAAmB;QAEnB,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CAAC,6DAA6D,CACpE,CAAC;QACF,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CACH,qBAAqB,iBAAiB,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,oBAAoB,WAAW,EAAE,CAC3F,CAAC;QAEF,6EAA6E;QAC7E,mDAAmD;QACnD,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CACH,6CAA6C,YAAY,CAAC,aAAa,EAAE,CAC5E,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,aAAa,EAAE;YACvD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;gBACnD,MAAM,EAAE,kBAAkB;aAC3B;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,UAAU,EAAE,oBAAoB;gBAChC,IAAI,EAAE,iBAAiB;gBACvB,YAAY,EAAE,WAAW;gBACzB,SAAS,EAAE,YAAY,CAAC,QAAQ;gBAChC,aAAa,EAAE,YAAY;aAC5B,CAAC,CAAC,QAAQ,EAAE;SACd,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CAAC,4CAA4C,QAAQ,CAAC,MAAM,EAAE,CACpE,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACxC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,SAAS,EAAE,CAAC,CAAC;YAClE,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;QAC5E,CAAC;QAED,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC5C,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CACH,2CAA2C,MAAM,CAAC,IAAI,CAAC,IAAc,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACtF,CAAC;QAEF,2BAA2B;QAC3B,MAAM,aAAa,GAAG,wBAAwB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3D,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CACH,mDAAmD,CAAC,CAAC,aAAa,CAAC,QAAQ,uBAAuB,CAAC,CAAC,aAAa,CAAC,aAAa,gBAAgB,aAAa,CAAC,UAAU,EAAE,CAC5K,CAAC;QAEF,uCAAuC;QACvC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,MAAM,SAAS,GAAG,aAAa,CAAC,QAAQ;YACtC,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,aAAa,CAAC,QAAQ,CAAC;YAC1D,CAAC,CAAC,IAAI,CAAC,qBAAqB,EAAE,CAAC;QACjC,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CAAC,kCAAkC,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CACvE,CAAC;QAEF,uCAAuC;QACvC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,iEAAiE;QACjE,MAAM,YAAY,GAAG,aAAa,CAAC,UAAU,CAAC;QAC9C,MAAM,SAAS,GACb,OAAO,YAAY,KAAK,QAAQ;YAChC,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC;YAC3B,YAAY,KAAK,CAAC;YAChB,CAAC,CAAC,YAAY;YACd,CAAC,CAAC,IAAI,CAAC;QACX,MAAM,KAAK,GAAoB,qBAAqB,CAAC,KAAK,CAAC;YACzD,YAAY,EAAE,aAAa,CAAC,YAAY;YACxC,aAAa,EAAE,aAAa,CAAC,aAAa;YAC1C,QAAQ,EAAE,aAAa,CAAC,QAAQ;YAChC,UAAU,EAAE,aAAa,CAAC,UAAU;YACpC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,SAAS;YAC1C,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,EAAE,CAAC,sDAAsD,CAC7D,CAAC;QAEF,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;OAGG;IACK,YAAY;QAClB,4EAA4E;QAC5E,MAAM,QAAQ,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAEvD,8DAA8D;QAC9D,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAE5E,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACjC,CAAC"}

package/dist/src/flows/qwen-device-flow.d.ts

@@ -0,0 +1,45 @@
+/**
+ * @license
+ * Copyright 2025 Vybestack LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { type DeviceCodeResponse, type OAuthToken } from '../types.js';
+/**
+ * Configuration for Qwen device flow authentication
+ */
+export interface DeviceFlowConfig {
+    clientId: string;
+    authorizationEndpoint: string;
+    tokenEndpoint: string;
+    scopes: string[];
+}
+/**
+ * Qwen OAuth device flow implementation
+ */
+export declare class QwenDeviceFlow {
+    private config;
+    private pkceVerifier;
+    constructor(config: DeviceFlowConfig);
+    /**
+     * Initiates the device authorization flow
+     * @returns Promise resolving to device code response
+     */
+    initiateDeviceFlow(): Promise<DeviceCodeResponse>;
+    /**
+     * Polls the authorization server for an access token
+     * @param deviceCode Device code from initiation response
+     * @returns Promise resolving to OAuth token
+     */
+    pollForToken(deviceCode: string): Promise<OAuthToken>;
+    /**
+     * Refreshes an expired access token
+     * @param refreshToken Valid refresh token
+     * @returns Promise resolving to new OAuth token
+     */
+    refreshToken(refreshToken: string): Promise<OAuthToken>;
+    /**
+     * Generates PKCE code verifier and challenge
+     * @returns Object containing verifier and challenge strings
+     */
+    private generatePKCE;
+}