npm - @vybestack/llxprt-code-core - Versions diffs - 0.1.12 → 0.1.13 - Mend

@vybestack/llxprt-code-core 0.1.12 → 0.1.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (329) hide show

package/dist/src/mcp/oauth-provider.d.ts ADDED Viewed

@@ -0,0 +1,142 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { MCPOAuthToken } from './oauth-token-storage.js';
+/**
+ * OAuth configuration for an MCP server.
+ */
+export interface MCPOAuthConfig {
+    enabled?: boolean;
+    clientId?: string;
+    clientSecret?: string;
+    authorizationUrl?: string;
+    tokenUrl?: string;
+    scopes?: string[];
+    redirectUri?: string;
+    tokenParamName?: string;
+}
+/**
+ * OAuth authorization response.
+ */
+export interface OAuthAuthorizationResponse {
+    code: string;
+    state: string;
+}
+/**
+ * OAuth token response from the authorization server.
+ */
+export interface OAuthTokenResponse {
+    access_token: string;
+    token_type: string;
+    expires_in?: number;
+    refresh_token?: string;
+    scope?: string;
+}
+/**
+ * Dynamic client registration request.
+ */
+export interface OAuthClientRegistrationRequest {
+    client_name: string;
+    redirect_uris: string[];
+    grant_types: string[];
+    response_types: string[];
+    token_endpoint_auth_method: string;
+    code_challenge_method?: string[];
+    scope?: string;
+}
+/**
+ * Dynamic client registration response.
+ */
+export interface OAuthClientRegistrationResponse {
+    client_id: string;
+    client_secret?: string;
+    client_id_issued_at?: number;
+    client_secret_expires_at?: number;
+    redirect_uris: string[];
+    grant_types: string[];
+    response_types: string[];
+    token_endpoint_auth_method: string;
+    code_challenge_method?: string[];
+    scope?: string;
+}
+/**
+ * Provider for handling OAuth authentication for MCP servers.
+ */
+export declare class MCPOAuthProvider {
+    private static readonly REDIRECT_PORT;
+    private static readonly REDIRECT_PATH;
+    private static readonly HTTP_OK;
+    private static readonly HTTP_REDIRECT;
+    /**
+     * Register a client dynamically with the OAuth server.
+     *
+     * @param registrationUrl The client registration endpoint URL
+     * @param config OAuth configuration
+     * @returns The registered client information
+     */
+    private static registerClient;
+    /**
+     * Discover OAuth configuration from an MCP server URL.
+     *
+     * @param mcpServerUrl The MCP server URL
+     * @returns OAuth configuration if discovered, null otherwise
+     */
+    private static discoverOAuthFromMCPServer;
+    /**
+     * Generate PKCE parameters for OAuth flow.
+     *
+     * @returns PKCE parameters including code verifier, challenge, and state
+     */
+    private static generatePKCEParams;
+    /**
+     * Start a local HTTP server to handle OAuth callback.
+     *
+     * @param expectedState The state parameter to validate
+     * @returns Promise that resolves with the authorization code
+     */
+    private static startCallbackServer;
+    /**
+     * Build the authorization URL with PKCE parameters.
+     *
+     * @param config OAuth configuration
+     * @param pkceParams PKCE parameters
+     * @returns The authorization URL
+     */
+    private static buildAuthorizationUrl;
+    /**
+     * Exchange authorization code for tokens.
+     *
+     * @param config OAuth configuration
+     * @param code Authorization code
+     * @param codeVerifier PKCE code verifier
+     * @returns The token response
+     */
+    private static exchangeCodeForToken;
+    /**
+     * Refresh an access token using a refresh token.
+     *
+     * @param config OAuth configuration
+     * @param refreshToken The refresh token
+     * @returns The new token response
+     */
+    static refreshAccessToken(config: MCPOAuthConfig, refreshToken: string, tokenUrl: string): Promise<OAuthTokenResponse>;
+    /**
+     * Perform the full OAuth authorization code flow with PKCE.
+     *
+     * @param serverName The name of the MCP server
+     * @param config OAuth configuration
+     * @param mcpServerUrl Optional MCP server URL for OAuth discovery
+     * @returns The obtained OAuth token
+     */
+    static authenticate(serverName: string, config: MCPOAuthConfig, mcpServerUrl?: string): Promise<MCPOAuthToken>;
+    /**
+     * Get a valid access token for an MCP server, refreshing if necessary.
+     *
+     * @param serverName The name of the MCP server
+     * @param config OAuth configuration
+     * @returns A valid access token or null if not authenticated
+     */
+    static getValidToken(serverName: string, config: MCPOAuthConfig): Promise<string | null>;
+}

package/dist/src/mcp/oauth-provider.js ADDED Viewed

@@ -0,0 +1,446 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import * as http from 'node:http';
+import * as crypto from 'node:crypto';
+import { URL } from 'node:url';
+import open from 'open';
+import { MCPOAuthTokenStorage } from './oauth-token-storage.js';
+import { getErrorMessage } from '../utils/errors.js';
+import { OAuthUtils } from './oauth-utils.js';
+/**
+ * Provider for handling OAuth authentication for MCP servers.
+ */
+export class MCPOAuthProvider {
+    static REDIRECT_PORT = 7777;
+    static REDIRECT_PATH = '/oauth/callback';
+    static HTTP_OK = 200;
+    static HTTP_REDIRECT = 302;
+    /**
+     * Register a client dynamically with the OAuth server.
+     *
+     * @param registrationUrl The client registration endpoint URL
+     * @param config OAuth configuration
+     * @returns The registered client information
+     */
+    static async registerClient(registrationUrl, config) {
+        const redirectUri = config.redirectUri ||
+            `http://localhost:${this.REDIRECT_PORT}${this.REDIRECT_PATH}`;
+        const registrationRequest = {
+            client_name: 'Gemini CLI MCP Client',
+            redirect_uris: [redirectUri],
+            grant_types: ['authorization_code', 'refresh_token'],
+            response_types: ['code'],
+            token_endpoint_auth_method: 'none', // Public client
+            code_challenge_method: ['S256'],
+            scope: config.scopes?.join(' ') || '',
+        };
+        const response = await fetch(registrationUrl, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify(registrationRequest),
+        });
+        if (!response.ok) {
+            const errorText = await response.text();
+            throw new Error(`Client registration failed: ${response.status} ${response.statusText} - ${errorText}`);
+        }
+        return (await response.json());
+    }
+    /**
+     * Discover OAuth configuration from an MCP server URL.
+     *
+     * @param mcpServerUrl The MCP server URL
+     * @returns OAuth configuration if discovered, null otherwise
+     */
+    static async discoverOAuthFromMCPServer(mcpServerUrl) {
+        const baseUrl = OAuthUtils.extractBaseUrl(mcpServerUrl);
+        return OAuthUtils.discoverOAuthConfig(baseUrl);
+    }
+    /**
+     * Generate PKCE parameters for OAuth flow.
+     *
+     * @returns PKCE parameters including code verifier, challenge, and state
+     */
+    static generatePKCEParams() {
+        // Generate code verifier (43-128 characters)
+        const codeVerifier = crypto.randomBytes(32).toString('base64url');
+        // Generate code challenge using SHA256
+        const codeChallenge = crypto
+            .createHash('sha256')
+            .update(codeVerifier)
+            .digest('base64url');
+        // Generate state for CSRF protection
+        const state = crypto.randomBytes(16).toString('base64url');
+        return { codeVerifier, codeChallenge, state };
+    }
+    /**
+     * Start a local HTTP server to handle OAuth callback.
+     *
+     * @param expectedState The state parameter to validate
+     * @returns Promise that resolves with the authorization code
+     */
+    static async startCallbackServer(expectedState) {
+        return new Promise((resolve, reject) => {
+            const server = http.createServer(async (req, res) => {
+                try {
+                    const url = new URL(req.url, `http://localhost:${this.REDIRECT_PORT}`);
+                    if (url.pathname !== this.REDIRECT_PATH) {
+                        res.writeHead(404);
+                        res.end('Not found');
+                        return;
+                    }
+                    const code = url.searchParams.get('code');
+                    const state = url.searchParams.get('state');
+                    const error = url.searchParams.get('error');
+                    if (error) {
+                        res.writeHead(this.HTTP_OK, { 'Content-Type': 'text/html' });
+                        res.end(`
+              <html>
+                <body>
+                  <h1>Authentication Failed</h1>
+                  <p>Error: ${error.replace(/</g, '&lt;').replace(/>/g, '&gt;')}</p>
+                  <p>${(url.searchParams.get('error_description') || '').replace(/</g, '&lt;').replace(/>/g, '&gt;')}</p>
+                  <p>You can close this window.</p>
+                </body>
+              </html>
+            `);
+                        server.close();
+                        reject(new Error(`OAuth error: ${error}`));
+                        return;
+                    }
+                    if (!code || !state) {
+                        res.writeHead(400);
+                        res.end('Missing code or state parameter');
+                        return;
+                    }
+                    if (state !== expectedState) {
+                        res.writeHead(400);
+                        res.end('Invalid state parameter');
+                        server.close();
+                        reject(new Error('State mismatch - possible CSRF attack'));
+                        return;
+                    }
+                    // Send success response to browser
+                    res.writeHead(this.HTTP_OK, { 'Content-Type': 'text/html' });
+                    res.end(`
+            <html>
+              <body>
+                <h1>Authentication Successful!</h1>
+                <p>You can close this window and return to Gemini CLI.</p>
+                <script>window.close();</script>
+              </body>
+            </html>
+          `);
+                    server.close();
+                    resolve({ code, state });
+                }
+                catch (error) {
+                    server.close();
+                    reject(error);
+                }
+            });
+            server.on('error', reject);
+            server.listen(this.REDIRECT_PORT, () => {
+                console.log(`OAuth callback server listening on port ${this.REDIRECT_PORT}`);
+            });
+            // Timeout after 5 minutes
+            setTimeout(() => {
+                server.close();
+                reject(new Error('OAuth callback timeout'));
+            }, 5 * 60 * 1000);
+        });
+    }
+    /**
+     * Build the authorization URL with PKCE parameters.
+     *
+     * @param config OAuth configuration
+     * @param pkceParams PKCE parameters
+     * @returns The authorization URL
+     */
+    static buildAuthorizationUrl(config, pkceParams) {
+        const redirectUri = config.redirectUri ||
+            `http://localhost:${this.REDIRECT_PORT}${this.REDIRECT_PATH}`;
+        const params = new URLSearchParams({
+            client_id: config.clientId,
+            response_type: 'code',
+            redirect_uri: redirectUri,
+            state: pkceParams.state,
+            code_challenge: pkceParams.codeChallenge,
+            code_challenge_method: 'S256',
+        });
+        if (config.scopes && config.scopes.length > 0) {
+            params.append('scope', config.scopes.join(' '));
+        }
+        // Add resource parameter for MCP OAuth spec compliance
+        params.append('resource', OAuthUtils.buildResourceParameter(config.authorizationUrl));
+        return `${config.authorizationUrl}?${params.toString()}`;
+    }
+    /**
+     * Exchange authorization code for tokens.
+     *
+     * @param config OAuth configuration
+     * @param code Authorization code
+     * @param codeVerifier PKCE code verifier
+     * @returns The token response
+     */
+    static async exchangeCodeForToken(config, code, codeVerifier) {
+        const redirectUri = config.redirectUri ||
+            `http://localhost:${this.REDIRECT_PORT}${this.REDIRECT_PATH}`;
+        const params = new URLSearchParams({
+            grant_type: 'authorization_code',
+            code,
+            redirect_uri: redirectUri,
+            code_verifier: codeVerifier,
+            client_id: config.clientId,
+        });
+        if (config.clientSecret) {
+            params.append('client_secret', config.clientSecret);
+        }
+        // Add resource parameter for MCP OAuth spec compliance
+        params.append('resource', OAuthUtils.buildResourceParameter(config.tokenUrl));
+        const response = await fetch(config.tokenUrl, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/x-www-form-urlencoded',
+            },
+            body: params.toString(),
+        });
+        if (!response.ok) {
+            const errorText = await response.text();
+            throw new Error(`Token exchange failed: ${response.status} - ${errorText}`);
+        }
+        return (await response.json());
+    }
+    /**
+     * Refresh an access token using a refresh token.
+     *
+     * @param config OAuth configuration
+     * @param refreshToken The refresh token
+     * @returns The new token response
+     */
+    static async refreshAccessToken(config, refreshToken, tokenUrl) {
+        const params = new URLSearchParams({
+            grant_type: 'refresh_token',
+            refresh_token: refreshToken,
+            client_id: config.clientId,
+        });
+        if (config.clientSecret) {
+            params.append('client_secret', config.clientSecret);
+        }
+        if (config.scopes && config.scopes.length > 0) {
+            params.append('scope', config.scopes.join(' '));
+        }
+        // Add resource parameter for MCP OAuth spec compliance
+        params.append('resource', OAuthUtils.buildResourceParameter(tokenUrl));
+        const response = await fetch(tokenUrl, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/x-www-form-urlencoded',
+            },
+            body: params.toString(),
+        });
+        if (!response.ok) {
+            const errorText = await response.text();
+            throw new Error(`Token refresh failed: ${response.status} - ${errorText}`);
+        }
+        return (await response.json());
+    }
+    /**
+     * Perform the full OAuth authorization code flow with PKCE.
+     *
+     * @param serverName The name of the MCP server
+     * @param config OAuth configuration
+     * @param mcpServerUrl Optional MCP server URL for OAuth discovery
+     * @returns The obtained OAuth token
+     */
+    static async authenticate(serverName, config, mcpServerUrl) {
+        // If no authorization URL is provided, try to discover OAuth configuration
+        if (!config.authorizationUrl && mcpServerUrl) {
+            console.log('No authorization URL provided, attempting OAuth discovery...');
+            // For SSE URLs, first check if authentication is required
+            if (OAuthUtils.isSSEEndpoint(mcpServerUrl)) {
+                try {
+                    const response = await fetch(mcpServerUrl, {
+                        method: 'HEAD',
+                        headers: {
+                            Accept: 'text/event-stream',
+                        },
+                    });
+                    if (response.status === 401 || response.status === 307) {
+                        const wwwAuthenticate = response.headers.get('www-authenticate');
+                        if (wwwAuthenticate) {
+                            const discoveredConfig = await OAuthUtils.discoverOAuthFromWWWAuthenticate(wwwAuthenticate);
+                            if (discoveredConfig) {
+                                config = {
+                                    ...config,
+                                    ...discoveredConfig,
+                                    scopes: discoveredConfig.scopes || config.scopes || [],
+                                };
+                            }
+                        }
+                    }
+                }
+                catch (error) {
+                    console.debug(`Failed to check SSE endpoint for authentication requirements: ${getErrorMessage(error)}`);
+                }
+            }
+            // If we still don't have OAuth config, try the standard discovery
+            if (!config.authorizationUrl) {
+                const discoveredConfig = await this.discoverOAuthFromMCPServer(mcpServerUrl);
+                if (discoveredConfig) {
+                    config = { ...config, ...discoveredConfig };
+                    console.log('OAuth configuration discovered successfully');
+                }
+                else {
+                    throw new Error('Failed to discover OAuth configuration from MCP server');
+                }
+            }
+        }
+        // If no client ID is provided, try dynamic client registration
+        if (!config.clientId) {
+            // Extract server URL from authorization URL
+            if (!config.authorizationUrl) {
+                throw new Error('Cannot perform dynamic registration without authorization URL');
+            }
+            const authUrl = new URL(config.authorizationUrl);
+            const serverUrl = `${authUrl.protocol}//${authUrl.host}`;
+            console.log('No client ID provided, attempting dynamic client registration...');
+            // Get the authorization server metadata for registration
+            const authServerMetadataUrl = new URL('/.well-known/oauth-authorization-server', serverUrl).toString();
+            const authServerMetadata = await OAuthUtils.fetchAuthorizationServerMetadata(authServerMetadataUrl);
+            if (!authServerMetadata) {
+                throw new Error('Failed to fetch authorization server metadata for client registration');
+            }
+            // Register client if registration endpoint is available
+            if (authServerMetadata.registration_endpoint) {
+                const clientRegistration = await this.registerClient(authServerMetadata.registration_endpoint, config);
+                config.clientId = clientRegistration.client_id;
+                if (clientRegistration.client_secret) {
+                    config.clientSecret = clientRegistration.client_secret;
+                }
+                console.log('Dynamic client registration successful');
+            }
+            else {
+                throw new Error('No client ID provided and dynamic registration not supported');
+            }
+        }
+        // Validate configuration
+        if (!config.clientId || !config.authorizationUrl || !config.tokenUrl) {
+            throw new Error('Missing required OAuth configuration after discovery and registration');
+        }
+        // Generate PKCE parameters
+        const pkceParams = this.generatePKCEParams();
+        // Build authorization URL
+        const authUrl = this.buildAuthorizationUrl(config, pkceParams);
+        console.log('\nOpening browser for OAuth authentication...');
+        console.log('If the browser does not open, please visit:');
+        console.log('');
+        // Get terminal width or default to 80
+        const terminalWidth = process.stdout.columns || 80;
+        const separatorLength = Math.min(terminalWidth - 2, 80);
+        const separator = '━'.repeat(separatorLength);
+        console.log(separator);
+        console.log('COPY THE ENTIRE URL BELOW (select all text between the lines):');
+        console.log(separator);
+        console.log(authUrl);
+        console.log(separator);
+        console.log('');
+        console.log('💡 TIP: Triple-click to select the entire URL, then copy and paste it into your browser.');
+        console.log('⚠️  Make sure to copy the COMPLETE URL - it may wrap across multiple lines.');
+        console.log('');
+        // Start callback server
+        const callbackPromise = this.startCallbackServer(pkceParams.state);
+        // Open browser
+        try {
+            await open(authUrl);
+        }
+        catch (error) {
+            console.warn('Failed to open browser automatically:', getErrorMessage(error));
+        }
+        // Wait for callback
+        const { code } = await callbackPromise;
+        console.log('\nAuthorization code received, exchanging for tokens...');
+        // Exchange code for tokens
+        const tokenResponse = await this.exchangeCodeForToken(config, code, pkceParams.codeVerifier);
+        // Convert to our token format
+        const token = {
+            accessToken: tokenResponse.access_token,
+            tokenType: tokenResponse.token_type,
+            refreshToken: tokenResponse.refresh_token,
+            scope: tokenResponse.scope,
+        };
+        if (tokenResponse.expires_in) {
+            token.expiresAt = Date.now() + tokenResponse.expires_in * 1000;
+        }
+        // Save token
+        try {
+            await MCPOAuthTokenStorage.saveToken(serverName, token, config.clientId, config.tokenUrl);
+            console.log('Authentication successful! Token saved.');
+            // Verify token was saved
+            const savedToken = await MCPOAuthTokenStorage.getToken(serverName);
+            if (savedToken) {
+                console.log(`Token verification successful: ${savedToken.token.accessToken.substring(0, 20)}...`);
+            }
+            else {
+                console.error('Token verification failed: token not found after save');
+            }
+        }
+        catch (saveError) {
+            console.error(`Failed to save token: ${getErrorMessage(saveError)}`);
+            throw saveError;
+        }
+        return token;
+    }
+    /**
+     * Get a valid access token for an MCP server, refreshing if necessary.
+     *
+     * @param serverName The name of the MCP server
+     * @param config OAuth configuration
+     * @returns A valid access token or null if not authenticated
+     */
+    static async getValidToken(serverName, config) {
+        console.debug(`Getting valid token for server: ${serverName}`);
+        const credentials = await MCPOAuthTokenStorage.getToken(serverName);
+        if (!credentials) {
+            console.debug(`No credentials found for server: ${serverName}`);
+            return null;
+        }
+        const { token } = credentials;
+        console.debug(`Found token for server: ${serverName}, expired: ${MCPOAuthTokenStorage.isTokenExpired(token)}`);
+        // Check if token is expired
+        if (!MCPOAuthTokenStorage.isTokenExpired(token)) {
+            console.debug(`Returning valid token for server: ${serverName}`);
+            return token.accessToken;
+        }
+        // Try to refresh if we have a refresh token
+        if (token.refreshToken && config.clientId && credentials.tokenUrl) {
+            try {
+                console.log(`Refreshing expired token for MCP server: ${serverName}`);
+                const newTokenResponse = await this.refreshAccessToken(config, token.refreshToken, credentials.tokenUrl);
+                // Update stored token
+                const newToken = {
+                    accessToken: newTokenResponse.access_token,
+                    tokenType: newTokenResponse.token_type,
+                    refreshToken: newTokenResponse.refresh_token || token.refreshToken,
+                    scope: newTokenResponse.scope || token.scope,
+                };
+                if (newTokenResponse.expires_in) {
+                    newToken.expiresAt = Date.now() + newTokenResponse.expires_in * 1000;
+                }
+                await MCPOAuthTokenStorage.saveToken(serverName, newToken, config.clientId, credentials.tokenUrl);
+                return newToken.accessToken;
+            }
+            catch (error) {
+                console.error(`Failed to refresh token: ${getErrorMessage(error)}`);
+                // Remove invalid token
+                await MCPOAuthTokenStorage.removeToken(serverName);
+            }
+        }
+        return null;
+    }
+}
+//# sourceMappingURL=oauth-provider.js.map

package/dist/src/mcp/oauth-provider.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth-provider.js","sourceRoot":"","sources":["../../../src/mcp/oauth-provider.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAC/B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAiB,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAC/E,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAyE9C;;GAEG;AACH,MAAM,OAAO,gBAAgB;IACnB,MAAM,CAAU,aAAa,GAAG,IAAI,CAAC;IACrC,MAAM,CAAU,aAAa,GAAG,iBAAiB,CAAC;IAClD,MAAM,CAAU,OAAO,GAAG,GAAG,CAAC;IAC9B,MAAM,CAAU,aAAa,GAAG,GAAG,CAAC;IAE5C;;;;;;OAMG;IACK,MAAM,CAAC,KAAK,CAAC,cAAc,CACjC,eAAuB,EACvB,MAAsB;QAEtB,MAAM,WAAW,GACf,MAAM,CAAC,WAAW;YAClB,oBAAoB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAEhE,MAAM,mBAAmB,GAAmC;YAC1D,WAAW,EAAE,uBAAuB;YACpC,aAAa,EAAE,CAAC,WAAW,CAAC;YAC5B,WAAW,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;YACpD,cAAc,EAAE,CAAC,MAAM,CAAC;YACxB,0BAA0B,EAAE,MAAM,EAAE,gBAAgB;YACpD,qBAAqB,EAAE,CAAC,MAAM,CAAC;YAC/B,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;SACtC,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,eAAe,EAAE;YAC5C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,mBAAmB,CAAC;SAC1C,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CACb,+BAA+B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,MAAM,SAAS,EAAE,CACvF,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAoC,CAAC;IACpE,CAAC;IAED;;;;;OAKG;IACK,MAAM,CAAC,KAAK,CAAC,0BAA0B,CAC7C,YAAoB;QAEpB,MAAM,OAAO,GAAG,UAAU,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;QACxD,OAAO,UAAU,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;IACjD,CAAC;IAED;;;;OAIG;IACK,MAAM,CAAC,kBAAkB;QAC/B,6CAA6C;QAC7C,MAAM,YAAY,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAElE,uCAAuC;QACvC,MAAM,aAAa,GAAG,MAAM;aACzB,UAAU,CAAC,QAAQ,CAAC;aACpB,MAAM,CAAC,YAAY,CAAC;aACpB,MAAM,CAAC,WAAW,CAAC,CAAC;QAEvB,qCAAqC;QACrC,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAE3D,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;IAChD,CAAC;IAED;;;;;OAKG;IACK,MAAM,CAAC,KAAK,CAAC,mBAAmB,CACtC,aAAqB;QAErB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAC9B,KAAK,EAAE,GAAyB,EAAE,GAAwB,EAAE,EAAE;gBAC5D,IAAI,CAAC;oBACH,MAAM,GAAG,GAAG,IAAI,GAAG,CACjB,GAAG,CAAC,GAAI,EACR,oBAAoB,IAAI,CAAC,aAAa,EAAE,CACzC,CAAC;oBAEF,IAAI,GAAG,CAAC,QAAQ,KAAK,IAAI,CAAC,aAAa,EAAE,CAAC;wBACxC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;wBACrB,OAAO;oBACT,CAAC;oBAED,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;oBAC5C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;oBAE5C,IAAI,KAAK,EAAE,CAAC;wBACV,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;wBAC7D,GAAG,CAAC,GAAG,CAAC;;;;8BAIS,KAAgB,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;uBACnE,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,EAAE,CAAY,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;;;;aAInH,CAAC,CAAC;wBACD,MAAM,CAAC,KAAK,EAAE,CAAC;wBACf,MAAM,CAAC,IAAI,KAAK,CAAC,gBAAgB,KAAK,EAAE,CAAC,CAAC,CAAC;wBAC3C,OAAO;oBACT,CAAC;oBAED,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;wBACpB,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;wBAC3C,OAAO;oBACT,CAAC;oBAED,IAAI,KAAK,KAAK,aAAa,EAAE,CAAC;wBAC5B,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;wBACnC,MAAM,CAAC,KAAK,EAAE,CAAC;wBACf,MAAM,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAC;wBAC3D,OAAO;oBACT,CAAC;oBAED,mCAAmC;oBACnC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBAC7D,GAAG,CAAC,GAAG,CAAC;;;;;;;;WAQT,CAAC,CAAC;oBAED,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,OAAO,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;gBAC3B,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,KAAK,CAAC,CAAC;gBAChB,CAAC;YACH,CAAC,CACF,CAAC;YAEF,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC3B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,GAAG,EAAE;gBACrC,OAAO,CAAC,GAAG,CACT,2CAA2C,IAAI,CAAC,aAAa,EAAE,CAChE,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,0BAA0B;YAC1B,UAAU,CACR,GAAG,EAAE;gBACH,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC;YAC9C,CAAC,EACD,CAAC,GAAG,EAAE,GAAG,IAAI,CACd,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACK,MAAM,CAAC,qBAAqB,CAClC,MAAsB,EACtB,UAAsB;QAEtB,MAAM,WAAW,GACf,MAAM,CAAC,WAAW;YAClB,oBAAoB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAEhE,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,SAAS,EAAE,MAAM,CAAC,QAAS;YAC3B,aAAa,EAAE,MAAM;YACrB,YAAY,EAAE,WAAW;YACzB,KAAK,EAAE,UAAU,CAAC,KAAK;YACvB,cAAc,EAAE,UAAU,CAAC,aAAa;YACxC,qBAAqB,EAAE,MAAM;SAC9B,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9C,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAClD,CAAC;QAED,uDAAuD;QACvD,MAAM,CAAC,MAAM,CACX,UAAU,EACV,UAAU,CAAC,sBAAsB,CAAC,MAAM,CAAC,gBAAiB,CAAC,CAC5D,CAAC;QAEF,OAAO,GAAG,MAAM,CAAC,gBAAgB,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IAC3D,CAAC;IAED;;;;;;;OAOG;IACK,MAAM,CAAC,KAAK,CAAC,oBAAoB,CACvC,MAAsB,EACtB,IAAY,EACZ,YAAoB;QAEpB,MAAM,WAAW,GACf,MAAM,CAAC,WAAW;YAClB,oBAAoB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAEhE,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,UAAU,EAAE,oBAAoB;YAChC,IAAI;YACJ,YAAY,EAAE,WAAW;YACzB,aAAa,EAAE,YAAY;YAC3B,SAAS,EAAE,MAAM,CAAC,QAAS;SAC5B,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;YACxB,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;QACtD,CAAC;QAED,uDAAuD;QACvD,MAAM,CAAC,MAAM,CACX,UAAU,EACV,UAAU,CAAC,sBAAsB,CAAC,MAAM,CAAC,QAAS,CAAC,CACpD,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,QAAS,EAAE;YAC7C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;SACxB,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CACb,0BAA0B,QAAQ,CAAC,MAAM,MAAM,SAAS,EAAE,CAC3D,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAuB,CAAC;IACvD,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAC7B,MAAsB,EACtB,YAAoB,EACpB,QAAgB;QAEhB,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,UAAU,EAAE,eAAe;YAC3B,aAAa,EAAE,YAAY;YAC3B,SAAS,EAAE,MAAM,CAAC,QAAS;SAC5B,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;YACxB,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;QACtD,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9C,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAClD,CAAC;QAED,uDAAuD;QACvD,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,UAAU,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC,CAAC;QAEvE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;YACrC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;SACxB,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CACb,yBAAyB,QAAQ,CAAC,MAAM,MAAM,SAAS,EAAE,CAC1D,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAuB,CAAC;IACvD,CAAC;IAED;;;;;;;OAOG;IACH,MAAM,CAAC,KAAK,CAAC,YAAY,CACvB,UAAkB,EAClB,MAAsB,EACtB,YAAqB;QAErB,2EAA2E;QAC3E,IAAI,CAAC,MAAM,CAAC,gBAAgB,IAAI,YAAY,EAAE,CAAC;YAC7C,OAAO,CAAC,GAAG,CACT,8DAA8D,CAC/D,CAAC;YAEF,0DAA0D;YAC1D,IAAI,UAAU,CAAC,aAAa,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC3C,IAAI,CAAC;oBACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,YAAY,EAAE;wBACzC,MAAM,EAAE,MAAM;wBACd,OAAO,EAAE;4BACP,MAAM,EAAE,mBAAmB;yBAC5B;qBACF,CAAC,CAAC;oBAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;wBACvD,MAAM,eAAe,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;wBACjE,IAAI,eAAe,EAAE,CAAC;4BACpB,MAAM,gBAAgB,GACpB,MAAM,UAAU,CAAC,gCAAgC,CAC/C,eAAe,CAChB,CAAC;4BACJ,IAAI,gBAAgB,EAAE,CAAC;gCACrB,MAAM,GAAG;oCACP,GAAG,MAAM;oCACT,GAAG,gBAAgB;oCACnB,MAAM,EAAE,gBAAgB,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,IAAI,EAAE;iCACvD,CAAC;4BACJ,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,OAAO,CAAC,KAAK,CACX,iEAAiE,eAAe,CAAC,KAAK,CAAC,EAAE,CAC1F,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,kEAAkE;YAClE,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;gBAC7B,MAAM,gBAAgB,GACpB,MAAM,IAAI,CAAC,0BAA0B,CAAC,YAAY,CAAC,CAAC;gBACtD,IAAI,gBAAgB,EAAE,CAAC;oBACrB,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,GAAG,gBAAgB,EAAE,CAAC;oBAC5C,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;gBAC7D,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,KAAK,CACb,wDAAwD,CACzD,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,+DAA+D;QAC/D,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACrB,4CAA4C;YAC5C,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CACb,+DAA+D,CAChE,CAAC;YACJ,CAAC;YAED,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;YACjD,MAAM,SAAS,GAAG,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,IAAI,EAAE,CAAC;YAEzD,OAAO,CAAC,GAAG,CACT,kEAAkE,CACnE,CAAC;YAEF,yDAAyD;YACzD,MAAM,qBAAqB,GAAG,IAAI,GAAG,CACnC,yCAAyC,EACzC,SAAS,CACV,CAAC,QAAQ,EAAE,CAAC;YAEb,MAAM,kBAAkB,GACtB,MAAM,UAAU,CAAC,gCAAgC,CAC/C,qBAAqB,CACtB,CAAC;YACJ,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,MAAM,IAAI,KAAK,CACb,uEAAuE,CACxE,CAAC;YACJ,CAAC;YAED,wDAAwD;YACxD,IAAI,kBAAkB,CAAC,qBAAqB,EAAE,CAAC;gBAC7C,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,cAAc,CAClD,kBAAkB,CAAC,qBAAqB,EACxC,MAAM,CACP,CAAC;gBAEF,MAAM,CAAC,QAAQ,GAAG,kBAAkB,CAAC,SAAS,CAAC;gBAC/C,IAAI,kBAAkB,CAAC,aAAa,EAAE,CAAC;oBACrC,MAAM,CAAC,YAAY,GAAG,kBAAkB,CAAC,aAAa,CAAC;gBACzD,CAAC;gBAED,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACxD,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CACb,8DAA8D,CAC/D,CAAC;YACJ,CAAC;QACH,CAAC;QAED,yBAAyB;QACzB,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,gBAAgB,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACrE,MAAM,IAAI,KAAK,CACb,uEAAuE,CACxE,CAAC;QACJ,CAAC;QAED,2BAA2B;QAC3B,MAAM,UAAU,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAE7C,0BAA0B;QAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAE/D,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;QAC3D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,sCAAsC;QACtC,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;QACnD,MAAM,eAAe,GAAG,IAAI,CAAC,GAAG,CAAC,aAAa,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;QACxD,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QAE9C,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACvB,OAAO,CAAC,GAAG,CACT,gEAAgE,CACjE,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACvB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACvB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CACT,0FAA0F,CAC3F,CAAC;QACF,OAAO,CAAC,GAAG,CACT,6EAA6E,CAC9E,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,wBAAwB;QACxB,MAAM,eAAe,GAAG,IAAI,CAAC,mBAAmB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAEnE,eAAe;QACf,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC;QACtB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CACV,uCAAuC,EACvC,eAAe,CAAC,KAAK,CAAC,CACvB,CAAC;QACJ,CAAC;QAED,oBAAoB;QACpB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,eAAe,CAAC;QAEvC,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAC;QAEvE,2BAA2B;QAC3B,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,oBAAoB,CACnD,MAAM,EACN,IAAI,EACJ,UAAU,CAAC,YAAY,CACxB,CAAC;QAEF,8BAA8B;QAC9B,MAAM,KAAK,GAAkB;YAC3B,WAAW,EAAE,aAAa,CAAC,YAAY;YACvC,SAAS,EAAE,aAAa,CAAC,UAAU;YACnC,YAAY,EAAE,aAAa,CAAC,aAAa;YACzC,KAAK,EAAE,aAAa,CAAC,KAAK;SAC3B,CAAC;QAEF,IAAI,aAAa,CAAC,UAAU,EAAE,CAAC;YAC7B,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,CAAC,UAAU,GAAG,IAAI,CAAC;QACjE,CAAC;QAED,aAAa;QACb,IAAI,CAAC;YACH,MAAM,oBAAoB,CAAC,SAAS,CAClC,UAAU,EACV,KAAK,EACL,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,QAAQ,CAChB,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;YAEvD,yBAAyB;YACzB,MAAM,UAAU,GAAG,MAAM,oBAAoB,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YACnE,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CACT,kCAAkC,UAAU,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CACrF,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,uDAAuD,CAAC,CAAC;YACzE,CAAC;QACH,CAAC;QAAC,OAAO,SAAS,EAAE,CAAC;YACnB,OAAO,CAAC,KAAK,CAAC,yBAAyB,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;YACrE,MAAM,SAAS,CAAC;QAClB,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,KAAK,CAAC,aAAa,CACxB,UAAkB,EAClB,MAAsB;QAEtB,OAAO,CAAC,KAAK,CAAC,mCAAmC,UAAU,EAAE,CAAC,CAAC;QAC/D,MAAM,WAAW,GAAG,MAAM,oBAAoB,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QAEpE,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,CAAC,KAAK,CAAC,oCAAoC,UAAU,EAAE,CAAC,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,EAAE,KAAK,EAAE,GAAG,WAAW,CAAC;QAC9B,OAAO,CAAC,KAAK,CACX,2BAA2B,UAAU,cAAc,oBAAoB,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,CAChG,CAAC;QAEF,4BAA4B;QAC5B,IAAI,CAAC,oBAAoB,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;YAChD,OAAO,CAAC,KAAK,CAAC,qCAAqC,UAAU,EAAE,CAAC,CAAC;YACjE,OAAO,KAAK,CAAC,WAAW,CAAC;QAC3B,CAAC;QAED,4CAA4C;QAC5C,IAAI,KAAK,CAAC,YAAY,IAAI,MAAM,CAAC,QAAQ,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;YAClE,IAAI,CAAC;gBACH,OAAO,CAAC,GAAG,CAAC,4CAA4C,UAAU,EAAE,CAAC,CAAC;gBAEtE,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,kBAAkB,CACpD,MAAM,EACN,KAAK,CAAC,YAAY,EAClB,WAAW,CAAC,QAAQ,CACrB,CAAC;gBAEF,sBAAsB;gBACtB,MAAM,QAAQ,GAAkB;oBAC9B,WAAW,EAAE,gBAAgB,CAAC,YAAY;oBAC1C,SAAS,EAAE,gBAAgB,CAAC,UAAU;oBACtC,YAAY,EAAE,gBAAgB,CAAC,aAAa,IAAI,KAAK,CAAC,YAAY;oBAClE,KAAK,EAAE,gBAAgB,CAAC,KAAK,IAAI,KAAK,CAAC,KAAK;iBAC7C,CAAC;gBAEF,IAAI,gBAAgB,CAAC,UAAU,EAAE,CAAC;oBAChC,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,CAAC,UAAU,GAAG,IAAI,CAAC;gBACvE,CAAC;gBAED,MAAM,oBAAoB,CAAC,SAAS,CAClC,UAAU,EACV,QAAQ,EACR,MAAM,CAAC,QAAQ,EACf,WAAW,CAAC,QAAQ,CACrB,CAAC;gBAEF,OAAO,QAAQ,CAAC,WAAW,CAAC;YAC9B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;gBACpE,uBAAuB;gBACvB,MAAM,oBAAoB,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;YACrD,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC"}