@wlfi-agent/cli 1.4.14 → 1.4.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/Cargo.lock +1 -0
- package/Cargo.toml +1 -1
- package/README.md +10 -2
- package/crates/vault-cli-admin/src/main.rs +21 -2
- package/crates/vault-cli-admin/src/tui.rs +634 -129
- package/crates/vault-cli-daemon/Cargo.toml +1 -0
- package/crates/vault-cli-daemon/src/bin/wlfi-agent-system-keychain.rs +122 -8
- package/crates/vault-cli-daemon/src/main.rs +24 -4
- package/crates/vault-cli-daemon/src/relay_sync.rs +155 -35
- package/crates/vault-cli-daemon/tests/system_keychain_helper_acl.rs +23 -18
- package/crates/vault-daemon/src/daemon_parts/api_impl_and_utils.rs +6 -0
- package/crates/vault-daemon/src/daemon_parts/types_api_rpc.rs +6 -0
- package/crates/vault-daemon/src/tests.rs +2 -2
- package/crates/vault-daemon/src/tests_parts/part4.rs +110 -0
- package/crates/vault-transport-unix/src/lib.rs +22 -3
- package/crates/vault-transport-xpc/src/lib.rs +20 -2
- package/dist/cli.cjs +20842 -25552
- package/dist/cli.cjs.map +1 -1
- package/package.json +18 -18
- package/packages/cache/.turbo/turbo-build.log +20 -20
- package/packages/cache/coverage/base.css +224 -0
- package/packages/cache/coverage/block-navigation.js +87 -0
- package/packages/cache/coverage/clover.xml +585 -0
- package/packages/cache/coverage/coverage-final.json +5 -0
- package/packages/cache/coverage/favicon.png +0 -0
- package/packages/cache/coverage/index.html +161 -0
- package/packages/cache/coverage/prettify.css +1 -0
- package/packages/cache/coverage/prettify.js +2 -0
- package/packages/cache/coverage/sort-arrow-sprite.png +0 -0
- package/packages/cache/coverage/sorter.js +210 -0
- package/packages/cache/coverage/src/client/index.html +116 -0
- package/packages/cache/coverage/src/client/index.ts.html +253 -0
- package/packages/cache/coverage/src/errors/index.html +116 -0
- package/packages/cache/coverage/src/errors/index.ts.html +244 -0
- package/packages/cache/coverage/src/index.html +116 -0
- package/packages/cache/coverage/src/index.ts.html +94 -0
- package/packages/cache/coverage/src/service/index.html +116 -0
- package/packages/cache/coverage/src/service/index.ts.html +2212 -0
- package/packages/cache/dist/{chunk-ALQ6H7KG.cjs → chunk-QF4XKEIA.cjs} +189 -45
- package/packages/cache/dist/chunk-QF4XKEIA.cjs.map +1 -0
- package/packages/cache/dist/{chunk-FGJEEF5N.js → chunk-QNK6GOTI.js} +182 -38
- package/packages/cache/dist/chunk-QNK6GOTI.js.map +1 -0
- package/packages/cache/dist/index.cjs +2 -2
- package/packages/cache/dist/index.js +1 -1
- package/packages/cache/dist/service/index.cjs +2 -2
- package/packages/cache/dist/service/index.d.cts +2 -0
- package/packages/cache/dist/service/index.d.ts +2 -0
- package/packages/cache/dist/service/index.js +1 -1
- package/packages/cache/node_modules/.bin/jiti +0 -0
- package/packages/cache/node_modules/.bin/tsc +0 -0
- package/packages/cache/node_modules/.bin/tsserver +0 -0
- package/packages/cache/node_modules/.bin/tsup +0 -0
- package/packages/cache/node_modules/.bin/tsup-node +0 -0
- package/packages/cache/node_modules/.bin/tsx +0 -0
- package/packages/cache/node_modules/.bin/vitest +0 -0
- package/packages/cache/node_modules/.vite/vitest/da39a3ee5e6b4b0d3255bfef95601890afd80709/results.json +1 -0
- package/packages/cache/src/service/index.test.ts +575 -0
- package/packages/cache/src/service/index.ts +234 -51
- package/packages/config/.turbo/turbo-build.log +17 -18
- package/packages/config/dist/index.cjs +0 -0
- package/packages/config/node_modules/.bin/jiti +0 -0
- package/packages/config/node_modules/.bin/tsc +2 -2
- package/packages/config/node_modules/.bin/tsserver +2 -2
- package/packages/config/node_modules/.bin/tsup +2 -2
- package/packages/config/node_modules/.bin/tsup-node +2 -2
- package/packages/config/node_modules/.bin/tsx +0 -0
- package/packages/rpc/.turbo/turbo-build.log +31 -32
- package/packages/rpc/dist/_esm-BCLXDO2R.cjs +0 -0
- package/packages/rpc/dist/ccip-OWJLAW55.cjs +0 -0
- package/packages/rpc/dist/chunk-APQIFZ3B.cjs +0 -0
- package/packages/rpc/dist/chunk-CDO2GWRD.cjs +0 -0
- package/packages/rpc/dist/chunk-QGTNTFJ7.cjs +0 -0
- package/packages/rpc/dist/chunk-TZDTAHWR.cjs +0 -0
- package/packages/rpc/dist/index.cjs +0 -0
- package/packages/rpc/dist/secp256k1-WCNM675D.cjs +0 -0
- package/packages/rpc/node_modules/.bin/jiti +0 -0
- package/packages/rpc/node_modules/.bin/tsc +2 -2
- package/packages/rpc/node_modules/.bin/tsserver +2 -2
- package/packages/rpc/node_modules/.bin/tsup +2 -2
- package/packages/rpc/node_modules/.bin/tsup-node +2 -2
- package/packages/rpc/node_modules/.bin/tsx +0 -0
- package/packages/ui/.turbo/turbo-build.log +43 -44
- package/packages/ui/node_modules/.bin/jiti +0 -0
- package/packages/ui/node_modules/.bin/tsc +0 -0
- package/packages/ui/node_modules/.bin/tsserver +0 -0
- package/packages/ui/node_modules/.bin/tsup +0 -0
- package/packages/ui/node_modules/.bin/tsup-node +0 -0
- package/packages/ui/node_modules/.bin/tsx +0 -0
- package/scripts/install-rust-binaries.mjs +164 -58
- package/scripts/launchd/install-user-daemon.sh +0 -0
- package/scripts/launchd/run-vault-daemon.sh +0 -0
- package/scripts/launchd/run-wlfi-agent-daemon.sh +0 -0
- package/scripts/launchd/uninstall-user-daemon.sh +0 -0
- package/src/cli.ts +51 -39
- package/src/lib/admin-passthrough.js +1 -0
- package/src/lib/admin-reset.js +1 -0
- package/src/lib/admin-reset.ts +26 -16
- package/src/lib/admin-setup.js +1 -0
- package/src/lib/admin-setup.ts +32 -20
- package/src/lib/agent-auth-revoke.js +1 -0
- package/src/lib/agent-auth-rotate.js +1 -0
- package/src/lib/agent-auth.js +1 -0
- package/src/lib/config-mutation.js +1 -0
- package/src/lib/launchd-assets.js +1 -0
- package/src/lib/launchd-assets.ts +29 -0
- package/src/lib/local-admin-access.js +1 -0
- package/src/lib/rust.ts +1 -1
- package/src/lib/status-repair-cli.js +1 -0
- package/packages/cache/dist/chunk-ALQ6H7KG.cjs.map +0 -1
- package/packages/cache/dist/chunk-FGJEEF5N.js.map +0 -1
|
@@ -24,7 +24,6 @@ var relayUpdateStatuses = [
|
|
|
24
24
|
"failed"
|
|
25
25
|
];
|
|
26
26
|
var defaultNamespace = "wlfi:relay";
|
|
27
|
-
var activeApprovalUpdateScanLimit = 250;
|
|
28
27
|
var approvalCapabilityFailureWindowMs = 5 * 60 * 1e3;
|
|
29
28
|
var approvalCapabilityMaxFailures = 5;
|
|
30
29
|
var approvalCapabilityBlockWindowMs = 10 * 60 * 1e3;
|
|
@@ -44,10 +43,30 @@ var clampLimit = (limit, fallback, max) => {
|
|
|
44
43
|
};
|
|
45
44
|
var createApprovalCapabilityToken = () => _crypto.randomBytes.call(void 0, 32).toString("hex");
|
|
46
45
|
var approvalCapabilityHash = (token) => _crypto.createHash.call(void 0, "sha256").update(token, "utf8").digest("hex");
|
|
46
|
+
var isActiveApprovalUpdateRecord = (record, approvalRequestId) => Boolean(
|
|
47
|
+
record && record.type === "manual_approval_decision" && record.targetApprovalRequestId === approvalRequestId && (record.status === "pending" || record.status === "inflight")
|
|
48
|
+
);
|
|
49
|
+
var preserveRotatedApprovalCapability = (incoming, existing) => {
|
|
50
|
+
const existingMetadata = _optionalChain([existing, 'optionalAccess', _3 => _3.metadata]);
|
|
51
|
+
const incomingMetadata = incoming.metadata;
|
|
52
|
+
const preservedCapabilityToken = _optionalChain([existingMetadata, 'optionalAccess', _4 => _4.approvalCapabilityToken, 'optionalAccess', _5 => _5.trim, 'call', _6 => _6()]);
|
|
53
|
+
const preservedCapabilityHash = _optionalChain([existingMetadata, 'optionalAccess', _7 => _7.approvalCapabilityHash, 'optionalAccess', _8 => _8.trim, 'call', _9 => _9()]);
|
|
54
|
+
if (!preservedCapabilityToken && !preservedCapabilityHash) {
|
|
55
|
+
return incoming;
|
|
56
|
+
}
|
|
57
|
+
return {
|
|
58
|
+
...incoming,
|
|
59
|
+
metadata: {
|
|
60
|
+
..._nullishCoalesce(incomingMetadata, () => ( {})),
|
|
61
|
+
...preservedCapabilityToken ? { approvalCapabilityToken: preservedCapabilityToken } : {},
|
|
62
|
+
...preservedCapabilityHash ? { approvalCapabilityHash: preservedCapabilityHash } : {}
|
|
63
|
+
}
|
|
64
|
+
};
|
|
65
|
+
};
|
|
47
66
|
var RelayCacheService = (_class = class {
|
|
48
67
|
|
|
49
68
|
|
|
50
|
-
constructor(options = {}) {;_class.prototype.__init.call(this);_class.prototype.__init2.call(this);_class.prototype.__init3.call(this);_class.prototype.__init4.call(this);_class.prototype.__init5.call(this);_class.prototype.__init6.call(this);_class.prototype.__init7.call(this);_class.prototype.__init8.call(this);_class.prototype.__init9.call(this);_class.prototype.__init10.call(this);
|
|
69
|
+
constructor(options = {}) {;_class.prototype.__init.call(this);_class.prototype.__init2.call(this);_class.prototype.__init3.call(this);_class.prototype.__init4.call(this);_class.prototype.__init5.call(this);_class.prototype.__init6.call(this);_class.prototype.__init7.call(this);_class.prototype.__init8.call(this);_class.prototype.__init9.call(this);_class.prototype.__init10.call(this);_class.prototype.__init11.call(this);_class.prototype.__init12.call(this);
|
|
51
70
|
this.client = _nullishCoalesce(options.client, () => ( _chunkUYNEHZHBcjs.getCacheClient.call(void 0, )));
|
|
52
71
|
this.namespace = _nullishCoalesce(options.namespace, () => ( defaultNamespace));
|
|
53
72
|
}
|
|
@@ -83,7 +102,13 @@ var RelayCacheService = (_class = class {
|
|
|
83
102
|
}
|
|
84
103
|
if (input.approvalRequests) {
|
|
85
104
|
for (const approvalRequest of input.approvalRequests) {
|
|
86
|
-
const
|
|
105
|
+
const existing = await this.readJson(
|
|
106
|
+
this.approvalKey(approvalRequest.approvalRequestId)
|
|
107
|
+
);
|
|
108
|
+
const normalized = preserveRotatedApprovalCapability(
|
|
109
|
+
{ ...approvalRequest, daemonId: profile.daemonId },
|
|
110
|
+
existing
|
|
111
|
+
);
|
|
87
112
|
await this.writeJson(this.approvalKey(normalized.approvalRequestId), normalized);
|
|
88
113
|
await this.client.zadd(
|
|
89
114
|
this.daemonApprovalsKey(profile.daemonId),
|
|
@@ -93,9 +118,9 @@ var RelayCacheService = (_class = class {
|
|
|
93
118
|
}
|
|
94
119
|
}
|
|
95
120
|
return {
|
|
96
|
-
agentKeyCount: _nullishCoalesce(_optionalChain([input, 'access',
|
|
97
|
-
approvalRequestCount: _nullishCoalesce(_optionalChain([input, 'access',
|
|
98
|
-
policyCount: _nullishCoalesce(_optionalChain([input, 'access',
|
|
121
|
+
agentKeyCount: _nullishCoalesce(_optionalChain([input, 'access', _10 => _10.agentKeys, 'optionalAccess', _11 => _11.length]), () => ( 0)),
|
|
122
|
+
approvalRequestCount: _nullishCoalesce(_optionalChain([input, 'access', _12 => _12.approvalRequests, 'optionalAccess', _13 => _13.length]), () => ( 0)),
|
|
123
|
+
policyCount: _nullishCoalesce(_optionalChain([input, 'access', _14 => _14.policies, 'optionalAccess', _15 => _15.length]), () => ( 0))
|
|
99
124
|
};
|
|
100
125
|
} catch (error) {
|
|
101
126
|
throw _chunk2QFWMUXTcjs.toCacheError.call(void 0, error, {
|
|
@@ -142,6 +167,41 @@ var RelayCacheService = (_class = class {
|
|
|
142
167
|
return requests.filter((request) => Boolean(request)).filter((request) => filters.daemonId ? request.daemonId === filters.daemonId : true).filter((request) => filters.status ? request.status === filters.status : true).filter((request) => matchesOptionalFilter(request.destination, filters.destination)).filter((request) => matchesOptionalFilter(request.tokenAddress, filters.tokenAddress)).sort((left, right) => Date.parse(right.requestedAt) - Date.parse(left.requestedAt)).slice(0, limit);
|
|
143
168
|
}
|
|
144
169
|
async createEncryptedUpdate(input) {
|
|
170
|
+
if (input.type === "manual_approval_decision") {
|
|
171
|
+
if (!input.targetApprovalRequestId) {
|
|
172
|
+
throw new (0, _chunk2QFWMUXTcjs.CacheError)({
|
|
173
|
+
code: _chunk2QFWMUXTcjs.cacheErrorCodes.invalidPayload,
|
|
174
|
+
message: "Manual approval updates require a target approval request id",
|
|
175
|
+
operation: "createEncryptedUpdate"
|
|
176
|
+
});
|
|
177
|
+
}
|
|
178
|
+
const approvalKey = this.approvalKey(input.targetApprovalRequestId);
|
|
179
|
+
const approval = await this.readJson(approvalKey);
|
|
180
|
+
if (!approval) {
|
|
181
|
+
throw new (0, _chunk2QFWMUXTcjs.CacheError)({
|
|
182
|
+
code: _chunk2QFWMUXTcjs.cacheErrorCodes.notFound,
|
|
183
|
+
key: approvalKey,
|
|
184
|
+
message: `Unknown approval '${input.targetApprovalRequestId}'`,
|
|
185
|
+
operation: "createEncryptedUpdate"
|
|
186
|
+
});
|
|
187
|
+
}
|
|
188
|
+
if (approval.daemonId !== input.daemonId) {
|
|
189
|
+
throw new (0, _chunk2QFWMUXTcjs.CacheError)({
|
|
190
|
+
code: _chunk2QFWMUXTcjs.cacheErrorCodes.invalidPayload,
|
|
191
|
+
key: approvalKey,
|
|
192
|
+
message: `Approval '${input.targetApprovalRequestId}' belongs to daemon '${approval.daemonId}', not '${input.daemonId}'`,
|
|
193
|
+
operation: "createEncryptedUpdate"
|
|
194
|
+
});
|
|
195
|
+
}
|
|
196
|
+
if (approval.status !== "pending") {
|
|
197
|
+
throw new (0, _chunk2QFWMUXTcjs.CacheError)({
|
|
198
|
+
code: _chunk2QFWMUXTcjs.cacheErrorCodes.invalidPayload,
|
|
199
|
+
key: approvalKey,
|
|
200
|
+
message: `Approval '${input.targetApprovalRequestId}' is '${approval.status}' and cannot accept new updates`,
|
|
201
|
+
operation: "createEncryptedUpdate"
|
|
202
|
+
});
|
|
203
|
+
}
|
|
204
|
+
}
|
|
145
205
|
const updateId = _nullishCoalesce(input.updateId, () => ( _crypto.randomUUID.call(void 0, )));
|
|
146
206
|
const now = toIsoTimestamp();
|
|
147
207
|
const record = {
|
|
@@ -155,26 +215,63 @@ var RelayCacheService = (_class = class {
|
|
|
155
215
|
updateId,
|
|
156
216
|
updatedAt: now
|
|
157
217
|
};
|
|
158
|
-
|
|
159
|
-
|
|
218
|
+
const activeApprovalKey = input.type === "manual_approval_decision" && input.targetApprovalRequestId ? this.activeApprovalUpdateKey(input.targetApprovalRequestId) : null;
|
|
219
|
+
const updateKey = this.updateKey(updateId);
|
|
220
|
+
let ownsActiveApprovalSlot = false;
|
|
221
|
+
await this.writeJson(updateKey, record);
|
|
222
|
+
try {
|
|
223
|
+
if (activeApprovalKey) {
|
|
224
|
+
const reserved = await this.client.set(activeApprovalKey, updateId, "NX");
|
|
225
|
+
if (reserved !== "OK") {
|
|
226
|
+
const existingUpdateId = await this.client.get(activeApprovalKey);
|
|
227
|
+
const existingRecord = existingUpdateId ? await this.readJson(this.updateKey(existingUpdateId)) : null;
|
|
228
|
+
if (isActiveApprovalUpdateRecord(existingRecord, input.targetApprovalRequestId)) {
|
|
229
|
+
throw new (0, _chunk2QFWMUXTcjs.CacheError)({
|
|
230
|
+
code: _chunk2QFWMUXTcjs.cacheErrorCodes.invalidPayload,
|
|
231
|
+
key: activeApprovalKey,
|
|
232
|
+
message: `Approval '${input.targetApprovalRequestId}' already has a queued operator update`,
|
|
233
|
+
operation: "createEncryptedUpdate"
|
|
234
|
+
});
|
|
235
|
+
}
|
|
236
|
+
await this.client.del(activeApprovalKey);
|
|
237
|
+
const retriedReservation = await this.client.set(activeApprovalKey, updateId, "NX");
|
|
238
|
+
if (retriedReservation !== "OK") {
|
|
239
|
+
throw new (0, _chunk2QFWMUXTcjs.CacheError)({
|
|
240
|
+
code: _chunk2QFWMUXTcjs.cacheErrorCodes.invalidPayload,
|
|
241
|
+
key: activeApprovalKey,
|
|
242
|
+
message: `Approval '${input.targetApprovalRequestId}' already has a queued operator update`,
|
|
243
|
+
operation: "createEncryptedUpdate"
|
|
244
|
+
});
|
|
245
|
+
}
|
|
246
|
+
}
|
|
247
|
+
ownsActiveApprovalSlot = true;
|
|
248
|
+
}
|
|
249
|
+
await this.client.zadd(this.daemonUpdatesKey(input.daemonId), Date.now(), updateId);
|
|
250
|
+
} catch (error) {
|
|
251
|
+
await this.client.del(updateKey);
|
|
252
|
+
if (activeApprovalKey && ownsActiveApprovalSlot) {
|
|
253
|
+
await this.client.del(activeApprovalKey);
|
|
254
|
+
}
|
|
255
|
+
throw error;
|
|
256
|
+
}
|
|
160
257
|
return record;
|
|
161
258
|
}
|
|
162
259
|
async hasActiveApprovalUpdate(daemonId, approvalRequestId) {
|
|
163
|
-
const
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
260
|
+
const indexedUpdateId = await this.client.get(this.activeApprovalUpdateKey(approvalRequestId));
|
|
261
|
+
if (indexedUpdateId) {
|
|
262
|
+
const indexedRecord = await this.readJson(
|
|
263
|
+
this.updateKey(indexedUpdateId)
|
|
264
|
+
);
|
|
265
|
+
if (isActiveApprovalUpdateRecord(indexedRecord, approvalRequestId)) {
|
|
266
|
+
return true;
|
|
267
|
+
}
|
|
268
|
+
await this.client.del(this.activeApprovalUpdateKey(approvalRequestId));
|
|
269
|
+
}
|
|
270
|
+
const updateIds = await this.client.zrange(this.daemonUpdatesKey(daemonId), 0, -1, "REV");
|
|
169
271
|
for (const updateId of updateIds) {
|
|
170
272
|
const record = await this.readJson(this.updateKey(updateId));
|
|
171
|
-
if (
|
|
172
|
-
|
|
173
|
-
}
|
|
174
|
-
if (record.type !== "manual_approval_decision" || record.targetApprovalRequestId !== approvalRequestId) {
|
|
175
|
-
continue;
|
|
176
|
-
}
|
|
177
|
-
if (record.status === "pending" || record.status === "inflight") {
|
|
273
|
+
if (isActiveApprovalUpdateRecord(record, approvalRequestId)) {
|
|
274
|
+
await this.client.set(this.activeApprovalUpdateKey(approvalRequestId), updateId, "NX");
|
|
178
275
|
return true;
|
|
179
276
|
}
|
|
180
277
|
}
|
|
@@ -220,14 +317,14 @@ var RelayCacheService = (_class = class {
|
|
|
220
317
|
const now = /* @__PURE__ */ new Date();
|
|
221
318
|
const nowMs = now.getTime();
|
|
222
319
|
const existing = await this.readJson(key);
|
|
223
|
-
if (_optionalChain([existing, 'optionalAccess',
|
|
320
|
+
if (_optionalChain([existing, 'optionalAccess', _16 => _16.blockedUntil]) && Date.parse(existing.blockedUntil) > nowMs) {
|
|
224
321
|
return {
|
|
225
322
|
attempts: existing.attempts,
|
|
226
323
|
blocked: true,
|
|
227
324
|
blockedUntil: existing.blockedUntil
|
|
228
325
|
};
|
|
229
326
|
}
|
|
230
|
-
const firstFailedAtMs = _optionalChain([existing, 'optionalAccess',
|
|
327
|
+
const firstFailedAtMs = _optionalChain([existing, 'optionalAccess', _17 => _17.firstFailedAt]) ? Date.parse(existing.firstFailedAt) : Number.NaN;
|
|
231
328
|
const withinWindow = Number.isFinite(firstFailedAtMs) && nowMs - firstFailedAtMs <= approvalCapabilityFailureWindowMs;
|
|
232
329
|
const attempts = withinWindow && existing ? existing.attempts + 1 : 1;
|
|
233
330
|
const firstFailedAt = withinWindow && existing ? existing.firstFailedAt : now.toISOString();
|
|
@@ -294,26 +391,47 @@ var RelayCacheService = (_class = class {
|
|
|
294
391
|
if (claimed.length >= limit) {
|
|
295
392
|
break;
|
|
296
393
|
}
|
|
297
|
-
const
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
394
|
+
const claimLockKey = this.updateClaimLockKey(updateId);
|
|
395
|
+
let ownsClaimLock = false;
|
|
396
|
+
try {
|
|
397
|
+
const reserved = await this.client.set(claimLockKey, claimUntil, "NX");
|
|
398
|
+
if (reserved !== "OK") {
|
|
399
|
+
const existingClaimLockUntil = await this.client.get(claimLockKey);
|
|
400
|
+
if (existingClaimLockUntil && Number.isFinite(Date.parse(existingClaimLockUntil)) && Date.parse(existingClaimLockUntil) > nowMs) {
|
|
401
|
+
continue;
|
|
402
|
+
}
|
|
403
|
+
await this.client.del(claimLockKey);
|
|
404
|
+
const retriedReservation = await this.client.set(claimLockKey, claimUntil, "NX");
|
|
405
|
+
if (retriedReservation !== "OK") {
|
|
406
|
+
continue;
|
|
407
|
+
}
|
|
408
|
+
}
|
|
409
|
+
ownsClaimLock = true;
|
|
410
|
+
const record = await this.readJson(this.updateKey(updateId));
|
|
411
|
+
if (!record) {
|
|
412
|
+
continue;
|
|
413
|
+
}
|
|
414
|
+
if (record.status === "applied" || record.status === "failed" || record.status === "rejected") {
|
|
415
|
+
continue;
|
|
416
|
+
}
|
|
417
|
+
if (record.status === "inflight" && record.claimUntil && Date.parse(record.claimUntil) > nowMs) {
|
|
418
|
+
continue;
|
|
419
|
+
}
|
|
420
|
+
const nextRecord = {
|
|
421
|
+
...record,
|
|
422
|
+
claimToken: _crypto.randomUUID.call(void 0, ),
|
|
423
|
+
claimUntil,
|
|
424
|
+
lastDeliveredAt: now.toISOString(),
|
|
425
|
+
status: "inflight",
|
|
426
|
+
updatedAt: now.toISOString()
|
|
427
|
+
};
|
|
428
|
+
await this.writeJson(this.updateKey(updateId), nextRecord);
|
|
429
|
+
claimed.push(nextRecord);
|
|
430
|
+
} finally {
|
|
431
|
+
if (ownsClaimLock) {
|
|
432
|
+
await this.client.del(claimLockKey);
|
|
433
|
+
}
|
|
306
434
|
}
|
|
307
|
-
const nextRecord = {
|
|
308
|
-
...record,
|
|
309
|
-
claimToken: _crypto.randomUUID.call(void 0, ),
|
|
310
|
-
claimUntil,
|
|
311
|
-
lastDeliveredAt: now.toISOString(),
|
|
312
|
-
status: "inflight",
|
|
313
|
-
updatedAt: now.toISOString()
|
|
314
|
-
};
|
|
315
|
-
await this.writeJson(this.updateKey(updateId), nextRecord);
|
|
316
|
-
claimed.push(nextRecord);
|
|
317
435
|
}
|
|
318
436
|
return claimed;
|
|
319
437
|
}
|
|
@@ -353,14 +471,38 @@ var RelayCacheService = (_class = class {
|
|
|
353
471
|
updatedAt: toIsoTimestamp()
|
|
354
472
|
};
|
|
355
473
|
await this.writeJson(key, nextRecord);
|
|
474
|
+
if (record.targetApprovalRequestId && record.type === "manual_approval_decision") {
|
|
475
|
+
const activeApprovalKey = this.activeApprovalUpdateKey(record.targetApprovalRequestId);
|
|
476
|
+
const indexedUpdateId = await this.client.get(activeApprovalKey);
|
|
477
|
+
if (indexedUpdateId === input.updateId) {
|
|
478
|
+
await this.client.del(activeApprovalKey);
|
|
479
|
+
}
|
|
480
|
+
}
|
|
356
481
|
return nextRecord;
|
|
357
482
|
}
|
|
358
483
|
async getEncryptedUpdate(updateId) {
|
|
359
484
|
return await this.readJson(this.updateKey(updateId));
|
|
360
485
|
}
|
|
361
486
|
async removeEncryptedUpdate(daemonId, updateId) {
|
|
487
|
+
const key = this.updateKey(updateId);
|
|
488
|
+
const record = await this.readJson(key);
|
|
489
|
+
if (!record || record.daemonId !== daemonId) {
|
|
490
|
+
throw new (0, _chunk2QFWMUXTcjs.CacheError)({
|
|
491
|
+
code: _chunk2QFWMUXTcjs.cacheErrorCodes.notFound,
|
|
492
|
+
key,
|
|
493
|
+
message: `Unknown update '${updateId}' for daemon '${daemonId}'`,
|
|
494
|
+
operation: "removeEncryptedUpdate"
|
|
495
|
+
});
|
|
496
|
+
}
|
|
362
497
|
await this.client.zrem(this.daemonUpdatesKey(daemonId), updateId);
|
|
363
|
-
await this.client.del(
|
|
498
|
+
await this.client.del(key);
|
|
499
|
+
if (record.targetApprovalRequestId && record.type === "manual_approval_decision") {
|
|
500
|
+
const activeApprovalKey = this.activeApprovalUpdateKey(record.targetApprovalRequestId);
|
|
501
|
+
const indexedUpdateId = await this.client.get(activeApprovalKey);
|
|
502
|
+
if (indexedUpdateId === updateId) {
|
|
503
|
+
await this.client.del(activeApprovalKey);
|
|
504
|
+
}
|
|
505
|
+
}
|
|
364
506
|
}
|
|
365
507
|
__init() {this.daemonIndexKey = () => `${this.namespace}:daemons`}
|
|
366
508
|
__init2() {this.daemonProfileKey = (daemonId) => `${this.namespace}:daemon:${daemonId}:profile`}
|
|
@@ -371,7 +513,9 @@ var RelayCacheService = (_class = class {
|
|
|
371
513
|
__init7() {this.approvalKey = (approvalRequestId) => `${this.namespace}:approval:${approvalRequestId}`}
|
|
372
514
|
__init8() {this.approvalCapabilityConsumedKey = (approvalRequestId, capabilityHash) => `${this.namespace}:approval:${approvalRequestId}:capability:${capabilityHash}:consumed`}
|
|
373
515
|
__init9() {this.approvalCapabilityFailuresKey = (approvalRequestId) => `${this.namespace}:approval:${approvalRequestId}:capability-failures`}
|
|
374
|
-
__init10() {this.
|
|
516
|
+
__init10() {this.activeApprovalUpdateKey = (approvalRequestId) => `${this.namespace}:approval:${approvalRequestId}:active-update`}
|
|
517
|
+
__init11() {this.updateClaimLockKey = (updateId) => `${this.namespace}:update:${updateId}:claim-lock`}
|
|
518
|
+
__init12() {this.updateKey = (updateId) => `${this.namespace}:update:${updateId}`}
|
|
375
519
|
async readJson(key) {
|
|
376
520
|
try {
|
|
377
521
|
const payload = await this.client.get(key);
|
|
@@ -401,4 +545,4 @@ var createRelayCacheService = (options = {}) => {
|
|
|
401
545
|
|
|
402
546
|
|
|
403
547
|
exports.relayApprovalStatuses = relayApprovalStatuses; exports.relayUpdateStatuses = relayUpdateStatuses; exports.RelayCacheService = RelayCacheService; exports.createRelayCacheService = createRelayCacheService;
|
|
404
|
-
//# sourceMappingURL=chunk-
|
|
548
|
+
//# sourceMappingURL=chunk-QF4XKEIA.cjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/packages/cache/dist/chunk-QF4XKEIA.cjs","../src/service/index.ts"],"names":[],"mappings":"AAAA;AACE;AACF,wDAA6B;AAC7B;AACE;AACA;AACA;AACF,wDAA6B;AAC7B;AACA;ACTA,gCAAoD;AAK7C,IAAM,sBAAA,EAAwB;AAAA,EACnC,SAAA;AAAA,EACA,UAAA;AAAA,EACA,UAAA;AAAA,EACA,WAAA;AAAA,EACA;AACF,CAAA;AAGO,IAAM,oBAAA,EAAsB;AAAA,EACjC,SAAA;AAAA,EACA,UAAA;AAAA,EACA,SAAA;AAAA,EACA,UAAA;AAAA,EACA;AACF,CAAA;AA+JA,IAAM,iBAAA,EAAmB,YAAA;AACzB,IAAM,kCAAA,EAAoC,EAAA,EAAI,GAAA,EAAK,GAAA;AACnD,IAAM,8BAAA,EAAgC,CAAA;AACtC,IAAM,gCAAA,EAAkC,GAAA,EAAK,GAAA,EAAK,GAAA;AAElD,IAAM,eAAA,EAAiB,CAAC,MAAA,kBAAQ,IAAI,IAAA,CAAK,CAAA,EAAA,GAAc,KAAA,CAAM,WAAA,CAAY,CAAA;AAEzE,IAAM,OAAA,EAAS,CAAI,MAAA,EAAA,GAAqB,CAAC,GAAG,IAAI,GAAA,CAAI,MAAM,CAAC,CAAA;AAE3D,IAAM,sBAAA,EAAwB,CAC5B,KAAA,EACA,QAAA,EAAA,GACY;AACZ,EAAA,GAAA,CAAI,CAAC,QAAA,EAAU;AACb,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,uBAAO,KAAA,2BAAO,WAAA,mBAAY,IAAA,IAAM,QAAA,CAAS,WAAA,CAAY,CAAA;AACvD,CAAA;AAEA,IAAM,WAAA,EAAa,CAAC,KAAA,EAA2B,QAAA,EAAkB,GAAA,EAAA,GAAwB;AACvF,EAAA,GAAA,CAAI,CAAC,MAAA,GAAS,MAAA,CAAO,KAAA,CAAM,KAAK,CAAA,EAAG;AACjC,IAAA,OAAO,QAAA;AAAA,EACT;AAEA,EAAA,OAAO,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,IAAA,CAAK,GAAA,CAAI,KAAA,EAAO,GAAG,CAAC,CAAA;AACzC,CAAA;AAEA,IAAM,8BAAA,EAAgC,CAAA,EAAA,GAAc,iCAAA,EAAc,CAAA,CAAE,QAAA,CAAS,KAAK,CAAA;AAElF,IAAM,uBAAA,EAAyB,CAAC,KAAA,EAAA,GAC9B,gCAAA,QAAmB,CAAA,CAAE,MAAA,CAAO,KAAA,EAAO,MAAM,CAAA,CAAE,MAAA,CAAO,KAAK,CAAA;AAEzD,IAAM,6BAAA,EAA+B,CACnC,MAAA,EACA,iBAAA,EAAA,GAEA,OAAA;AAAA,EACE,OAAA,GACE,MAAA,CAAO,KAAA,IAAS,2BAAA,GAChB,MAAA,CAAO,wBAAA,IAA4B,kBAAA,GAAA,CAClC,MAAA,CAAO,OAAA,IAAW,UAAA,GAAa,MAAA,CAAO,OAAA,IAAW,UAAA;AACtD,CAAA;AAEF,IAAM,kCAAA,EAAoC,CACxC,QAAA,EACA,QAAA,EAAA,GAC+B;AAC/B,EAAA,MAAM,iBAAA,kBAAmB,QAAA,6BAAU,UAAA;AACnC,EAAA,MAAM,iBAAA,EAAmB,QAAA,CAAS,QAAA;AAClC,EAAA,MAAM,yBAAA,kBAA2B,gBAAA,6BAAkB,uBAAA,6BAAyB,IAAA,mBAAK,GAAA;AACjF,EAAA,MAAM,wBAAA,kBAA0B,gBAAA,6BAAkB,sBAAA,6BAAwB,IAAA,mBAAK,GAAA;AAE/E,EAAA,GAAA,CAAI,CAAC,yBAAA,GAA4B,CAAC,uBAAA,EAAyB;AACzD,IAAA,OAAO,QAAA;AAAA,EACT;AAEA,EAAA,OAAO;AAAA,IACL,GAAG,QAAA;AAAA,IACH,QAAA,EAAU;AAAA,MACR,oBAAI,gBAAA,UAAoB,CAAC,GAAA;AAAA,MACzB,GAAI,yBAAA,EACA,EAAE,uBAAA,EAAyB,yBAAyB,EAAA,EACpD,CAAC,CAAA;AAAA,MACL,GAAI,wBAAA,EAA0B,EAAE,sBAAA,EAAwB,wBAAwB,EAAA,EAAI,CAAC;AAAA,IACvF;AAAA,EACF,CAAA;AACF,CAAA;AAEO,IAAM,kBAAA,YAAN,MAAwB;AAAA,EACZ;AAAA,EACA;AAAA,EAEjB,WAAA,CAAY,QAAA,EAAkD,CAAC,CAAA,EAAG;AAChE,IAAA,IAAA,CAAK,OAAA,mBAAU,OAAA,CAAQ,MAAA,UAAU,8CAAA,GAAe;AAChD,IAAA,IAAA,CAAK,UAAA,mBAAY,OAAA,CAAQ,SAAA,UAAa,kBAAA;AAAA,EACxC;AAAA,EAEA,MAAM,IAAA,CAAA,EAAwB;AAC5B,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,IAAA,CAAK,MAAA,CAAO,IAAA,CAAK,CAAA;AAAA,IAChC,EAAA,MAAA,CAAS,KAAA,EAAO;AACd,MAAA,MAAM,4CAAA,KAAa,EAAO,EAAE,SAAA,EAAW,OAAO,CAAC,CAAA;AAAA,IACjD;AAAA,EACF;AAAA,EAEA,MAAM,sBAAA,CAAuB,KAAA,EAI1B;AACD,IAAA,MAAM,QAAA,EAAU;AAAA,MACd,GAAG,KAAA,CAAM,MAAA;AAAA,MACT,UAAA,EAAY,KAAA,CAAM,MAAA,CAAO,WAAA,GAAc,cAAA,CAAe,CAAA;AAAA,MACtD,SAAA,EAAW,KAAA,CAAM,MAAA,CAAO,UAAA,GAAa,cAAA,CAAe;AAAA,IACtD,CAAA;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,CAAK,SAAA,CAAU,IAAA,CAAK,gBAAA,CAAiB,OAAA,CAAQ,QAAQ,CAAA,EAAG,OAAO,CAAA;AACrE,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,cAAA,CAAe,CAAA,EAAG,OAAA,CAAQ,QAAQ,CAAA;AAE9D,MAAA,GAAA,CAAI,KAAA,CAAM,QAAA,EAAU;AAClB,QAAA,MAAM,SAAA,EAAW,KAAA,CAAM,QAAA,CAAS,GAAA,CAAI,CAAC,MAAA,EAAA,GAAA,CAAY;AAAA,UAC/C,GAAG,MAAA;AAAA,UACH,QAAA,EAAU,OAAA,CAAQ;AAAA,QACpB,CAAA,CAAE,CAAA;AACF,QAAA,MAAM,IAAA,CAAK,SAAA,CAAU,IAAA,CAAK,iBAAA,CAAkB,OAAA,CAAQ,QAAQ,CAAA,EAAG,QAAQ,CAAA;AAAA,MACzE;AAEA,MAAA,GAAA,CAAI,KAAA,CAAM,SAAA,EAAW;AACnB,QAAA,MAAM,UAAA,EAAY,KAAA,CAAM,SAAA,CAAU,GAAA,CAAI,CAAC,QAAA,EAAA,GAAA,CAAc;AAAA,UACnD,GAAG,QAAA;AAAA,UACH,QAAA,EAAU,OAAA,CAAQ;AAAA,QACpB,CAAA,CAAE,CAAA;AACF,QAAA,MAAM,IAAA,CAAK,SAAA,CAAU,IAAA,CAAK,kBAAA,CAAmB,OAAA,CAAQ,QAAQ,CAAA,EAAG,SAAS,CAAA;AAAA,MAC3E;AAEA,MAAA,GAAA,CAAI,KAAA,CAAM,gBAAA,EAAkB;AAC1B,QAAA,IAAA,CAAA,MAAW,gBAAA,GAAmB,KAAA,CAAM,gBAAA,EAAkB;AACpD,UAAA,MAAM,SAAA,EAAW,MAAM,IAAA,CAAK,QAAA;AAAA,YAC1B,IAAA,CAAK,WAAA,CAAY,eAAA,CAAgB,iBAAiB;AAAA,UACpD,CAAA;AACA,UAAA,MAAM,WAAA,EAAa,iCAAA;AAAA,YACjB,EAAE,GAAG,eAAA,EAAiB,QAAA,EAAU,OAAA,CAAQ,SAAS,CAAA;AAAA,YACjD;AAAA,UACF,CAAA;AACA,UAAA,MAAM,IAAA,CAAK,SAAA,CAAU,IAAA,CAAK,WAAA,CAAY,UAAA,CAAW,iBAAiB,CAAA,EAAG,UAAU,CAAA;AAC/E,UAAA,MAAM,IAAA,CAAK,MAAA,CAAO,IAAA;AAAA,YAChB,IAAA,CAAK,kBAAA,CAAmB,OAAA,CAAQ,QAAQ,CAAA;AAAA,YACxC,IAAA,CAAK,KAAA,CAAM,UAAA,CAAW,WAAW,CAAA;AAAA,YACjC,UAAA,CAAW;AAAA,UACb,CAAA;AAAA,QACF;AAAA,MACF;AAEA,MAAA,OAAO;AAAA,QACL,aAAA,mCAAe,KAAA,uBAAM,SAAA,+BAAW,QAAA,UAAU,GAAA;AAAA,QAC1C,oBAAA,mCAAsB,KAAA,uBAAM,gBAAA,+BAAkB,QAAA,UAAU,GAAA;AAAA,QACxD,WAAA,mCAAa,KAAA,uBAAM,QAAA,+BAAU,QAAA,UAAU;AAAA,MACzC,CAAA;AAAA,IACF,EAAA,MAAA,CAAS,KAAA,EAAO;AACd,MAAA,MAAM,4CAAA,KAAa,EAAO;AAAA,QACxB,GAAA,EAAK,IAAA,CAAK,gBAAA,CAAiB,OAAA,CAAQ,QAAQ,CAAA;AAAA,QAC3C,SAAA,EAAW;AAAA,MACb,CAAC,CAAA;AAAA,IACH;AAAA,EACF;AAAA,EAEA,MAAM,WAAA,CAAA,EAA6C;AACjD,IAAA,MAAM,UAAA,EAAY,MAAM,IAAA,CAAK,MAAA,CAAO,QAAA,CAAS,IAAA,CAAK,cAAA,CAAe,CAAC,CAAA;AAClE,IAAA,MAAM,SAAA,EAAW,MAAM,OAAA,CAAQ,GAAA;AAAA,MAC7B,SAAA,CAAU,GAAA;AAAA,QAAI,CAAC,QAAA,EAAA,GACb,IAAA,CAAK,QAAA,CAA6B,IAAA,CAAK,gBAAA,CAAiB,QAAQ,CAAC;AAAA,MACnE;AAAA,IACF,CAAA;AAEA,IAAA,OAAO,QAAA,CAAS,MAAA,CAAO,CAAC,OAAA,EAAA,GAA2C,OAAA,CAAQ,OAAO,CAAC,CAAA;AAAA,EACrF;AAAA,EAEA,MAAM,gBAAA,CAAiB,QAAA,EAAsD;AAC3E,IAAA,OAAO,MAAM,IAAA,CAAK,QAAA,CAA6B,IAAA,CAAK,gBAAA,CAAiB,QAAQ,CAAC,CAAA;AAAA,EAChF;AAAA,EAEA,MAAM,iBAAA,CAAkB,QAAA,EAAgD;AACtE,IAAA,mCAAQ,MAAM,IAAA,CAAK,QAAA,CAA8B,IAAA,CAAK,iBAAA,CAAkB,QAAQ,CAAC,CAAA,gBAAM,CAAC,GAAA;AAAA,EAC1F;AAAA,EAEA,MAAM,kBAAA,CAAmB,QAAA,EAAkD;AACzE,IAAA,mCAAQ,MAAM,IAAA,CAAK,QAAA,CAAgC,IAAA,CAAK,kBAAA,CAAmB,QAAQ,CAAC,CAAA,gBAAM,CAAC,GAAA;AAAA,EAC7F;AAAA,EAEA,MAAM,kBAAA,CAAmB,iBAAA,EAAuE;AAC9F,IAAA,OAAO,MAAM,IAAA,CAAK,QAAA,CAAqC,IAAA,CAAK,WAAA,CAAY,iBAAiB,CAAC,CAAA;AAAA,EAC5F;AAAA,EAEA,MAAM,oBAAA,CACJ,QAAA,EAAkC,CAAC,CAAA,EACI;AACvC,IAAA,MAAM,MAAA,EAAQ,UAAA,CAAW,OAAA,CAAQ,KAAA,EAAO,GAAA,EAAK,GAAG,CAAA;AAChD,IAAA,MAAM,UAAA,EAAY,OAAA,CAAQ,SAAA,EACtB,CAAC,OAAA,CAAQ,QAAQ,EAAA,EACjB,MAAM,IAAA,CAAK,MAAA,CAAO,QAAA,CAAS,IAAA,CAAK,cAAA,CAAe,CAAC,CAAA;AACpD,IAAA,MAAM,mBAAA,EAAqB,MAAM,OAAA,CAAQ,GAAA;AAAA,MACvC,SAAA,CAAU,GAAA;AAAA,QAAI,CAAC,QAAA,EAAA,GACb,IAAA,CAAK,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,kBAAA,CAAmB,QAAQ,CAAA,EAAG,CAAA,EAAG,MAAA,EAAQ,CAAA,EAAG,KAAK;AAAA,MAC3E;AAAA,IACF,CAAA;AACA,IAAA,MAAM,WAAA,EAAa,MAAA,CAAO,kBAAA,CAAmB,IAAA,CAAK,CAAC,CAAA,CAAE,KAAA,CAAM,CAAA,EAAG,MAAA,EAAQ,CAAC,CAAA;AACvE,IAAA,MAAM,SAAA,EAAW,MAAM,OAAA,CAAQ,GAAA;AAAA,MAC7B,UAAA,CAAW,GAAA;AAAA,QAAI,CAAC,SAAA,EAAA,GACd,IAAA,CAAK,QAAA,CAAqC,IAAA,CAAK,WAAA,CAAY,SAAS,CAAC;AAAA,MACvE;AAAA,IACF,CAAA;AAEA,IAAA,OAAO,QAAA,CACJ,MAAA,CAAO,CAAC,OAAA,EAAA,GAAmD,OAAA,CAAQ,OAAO,CAAC,CAAA,CAC3E,MAAA,CAAO,CAAC,OAAA,EAAA,GAAa,OAAA,CAAQ,SAAA,EAAW,OAAA,CAAQ,SAAA,IAAa,OAAA,CAAQ,SAAA,EAAW,IAAK,CAAA,CACrF,MAAA,CAAO,CAAC,OAAA,EAAA,GAAa,OAAA,CAAQ,OAAA,EAAS,OAAA,CAAQ,OAAA,IAAW,OAAA,CAAQ,OAAA,EAAS,IAAK,CAAA,CAC/E,MAAA,CAAO,CAAC,OAAA,EAAA,GAAY,qBAAA,CAAsB,OAAA,CAAQ,WAAA,EAAa,OAAA,CAAQ,WAAW,CAAC,CAAA,CACnF,MAAA,CAAO,CAAC,OAAA,EAAA,GAAY,qBAAA,CAAsB,OAAA,CAAQ,YAAA,EAAc,OAAA,CAAQ,YAAY,CAAC,CAAA,CACrF,IAAA,CAAK,CAAC,IAAA,EAAM,KAAA,EAAA,GAAU,IAAA,CAAK,KAAA,CAAM,KAAA,CAAM,WAAW,EAAA,EAAI,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,WAAW,CAAC,CAAA,CAClF,KAAA,CAAM,CAAA,EAAG,KAAK,CAAA;AAAA,EACnB;AAAA,EAEA,MAAM,qBAAA,CACJ,KAAA,EACqC;AACrC,IAAA,GAAA,CAAI,KAAA,CAAM,KAAA,IAAS,0BAAA,EAA4B;AAC7C,MAAA,GAAA,CAAI,CAAC,KAAA,CAAM,uBAAA,EAAyB;AAClC,QAAA,MAAM,IAAI,iCAAA,CAAW;AAAA,UACnB,IAAA,EAAM,iCAAA,CAAgB,cAAA;AAAA,UACtB,OAAA,EAAS,8DAAA;AAAA,UACT,SAAA,EAAW;AAAA,QACb,CAAC,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,YAAA,EAAc,IAAA,CAAK,WAAA,CAAY,KAAA,CAAM,uBAAuB,CAAA;AAClE,MAAA,MAAM,SAAA,EAAW,MAAM,IAAA,CAAK,QAAA,CAAqC,WAAW,CAAA;AAC5E,MAAA,GAAA,CAAI,CAAC,QAAA,EAAU;AACb,QAAA,MAAM,IAAI,iCAAA,CAAW;AAAA,UACnB,IAAA,EAAM,iCAAA,CAAgB,QAAA;AAAA,UACtB,GAAA,EAAK,WAAA;AAAA,UACL,OAAA,EAAS,CAAA,kBAAA,EAAqB,KAAA,CAAM,uBAAuB,CAAA,CAAA,CAAA;AAAA,UAC3D,SAAA,EAAW;AAAA,QACb,CAAC,CAAA;AAAA,MACH;AAEA,MAAA,GAAA,CAAI,QAAA,CAAS,SAAA,IAAa,KAAA,CAAM,QAAA,EAAU;AACxC,QAAA,MAAM,IAAI,iCAAA,CAAW;AAAA,UACnB,IAAA,EAAM,iCAAA,CAAgB,cAAA;AAAA,UACtB,GAAA,EAAK,WAAA;AAAA,UACL,OAAA,EAAS,CAAA,UAAA,EAAa,KAAA,CAAM,uBAAuB,CAAA,qBAAA,EAAwB,QAAA,CAAS,QAAQ,CAAA,QAAA,EAAW,KAAA,CAAM,QAAQ,CAAA,CAAA,CAAA;AAAA,UACrH,SAAA,EAAW;AAAA,QACb,CAAC,CAAA;AAAA,MACH;AAEA,MAAA,GAAA,CAAI,QAAA,CAAS,OAAA,IAAW,SAAA,EAAW;AACjC,QAAA,MAAM,IAAI,iCAAA,CAAW;AAAA,UACnB,IAAA,EAAM,iCAAA,CAAgB,cAAA;AAAA,UACtB,GAAA,EAAK,WAAA;AAAA,UACL,OAAA,EAAS,CAAA,UAAA,EAAa,KAAA,CAAM,uBAAuB,CAAA,MAAA,EAAS,QAAA,CAAS,MAAM,CAAA,+BAAA,CAAA;AAAA,UAC3E,SAAA,EAAW;AAAA,QACb,CAAC,CAAA;AAAA,MACH;AAAA,IACF;AAEA,IAAA,MAAM,SAAA,mBAAW,KAAA,CAAM,QAAA,UAAY,gCAAA,GAAW;AAC9C,IAAA,MAAM,IAAA,EAAM,cAAA,CAAe,CAAA;AAC3B,IAAA,MAAM,OAAA,EAAqC;AAAA,MACzC,SAAA,EAAW,GAAA;AAAA,MACX,QAAA,EAAU,KAAA,CAAM,QAAA;AAAA,MAChB,QAAA,EAAU,KAAA,CAAM,QAAA;AAAA,MAChB,OAAA,EAAS,KAAA,CAAM,OAAA;AAAA,MACf,MAAA,EAAQ,SAAA;AAAA,MACR,uBAAA,EAAyB,KAAA,CAAM,uBAAA;AAAA,MAC/B,IAAA,EAAM,KAAA,CAAM,IAAA;AAAA,MACZ,QAAA;AAAA,MACA,SAAA,EAAW;AAAA,IACb,CAAA;AAEA,IAAA,MAAM,kBAAA,EACJ,KAAA,CAAM,KAAA,IAAS,2BAAA,GAA8B,KAAA,CAAM,wBAAA,EAC/C,IAAA,CAAK,uBAAA,CAAwB,KAAA,CAAM,uBAAuB,EAAA,EAC1D,IAAA;AACN,IAAA,MAAM,UAAA,EAAY,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAA;AACzC,IAAA,IAAI,uBAAA,EAAyB,KAAA;AAE7B,IAAA,MAAM,IAAA,CAAK,SAAA,CAAU,SAAA,EAAW,MAAM,CAAA;AAEtC,IAAA,IAAI;AACF,MAAA,GAAA,CAAI,iBAAA,EAAmB;AACrB,QAAA,MAAM,SAAA,EAAW,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,iBAAA,EAAmB,QAAA,EAAU,IAAI,CAAA;AACxE,QAAA,GAAA,CAAI,SAAA,IAAa,IAAA,EAAM;AACrB,UAAA,MAAM,iBAAA,EAAmB,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,iBAAiB,CAAA;AAChE,UAAA,MAAM,eAAA,EAAiB,iBAAA,EACnB,MAAM,IAAA,CAAK,QAAA,CAAqC,IAAA,CAAK,SAAA,CAAU,gBAAgB,CAAC,EAAA,EAChF,IAAA;AAEJ,UAAA,GAAA,CAAI,4BAAA,CAA6B,cAAA,EAAgB,KAAA,CAAM,uBAAwB,CAAA,EAAG;AAChF,YAAA,MAAM,IAAI,iCAAA,CAAW;AAAA,cACnB,IAAA,EAAM,iCAAA,CAAgB,cAAA;AAAA,cACtB,GAAA,EAAK,iBAAA;AAAA,cACL,OAAA,EAAS,CAAA,UAAA,EAAa,KAAA,CAAM,uBAAuB,CAAA,sCAAA,CAAA;AAAA,cACnD,SAAA,EAAW;AAAA,YACb,CAAC,CAAA;AAAA,UACH;AAEA,UAAA,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,iBAAiB,CAAA;AACvC,UAAA,MAAM,mBAAA,EAAqB,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,iBAAA,EAAmB,QAAA,EAAU,IAAI,CAAA;AAClF,UAAA,GAAA,CAAI,mBAAA,IAAuB,IAAA,EAAM;AAC/B,YAAA,MAAM,IAAI,iCAAA,CAAW;AAAA,cACnB,IAAA,EAAM,iCAAA,CAAgB,cAAA;AAAA,cACtB,GAAA,EAAK,iBAAA;AAAA,cACL,OAAA,EAAS,CAAA,UAAA,EAAa,KAAA,CAAM,uBAAuB,CAAA,sCAAA,CAAA;AAAA,cACnD,SAAA,EAAW;AAAA,YACb,CAAC,CAAA;AAAA,UACH;AAAA,QACF;AAEA,QAAA,uBAAA,EAAyB,IAAA;AAAA,MAC3B;AAEA,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,gBAAA,CAAiB,KAAA,CAAM,QAAQ,CAAA,EAAG,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,QAAQ,CAAA;AAAA,IACpF,EAAA,MAAA,CAAS,KAAA,EAAO;AACd,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,SAAS,CAAA;AAC/B,MAAA,GAAA,CAAI,kBAAA,GAAqB,sBAAA,EAAwB;AAC/C,QAAA,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,iBAAiB,CAAA;AAAA,MACzC;AACA,MAAA,MAAM,KAAA;AAAA,IACR;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,MAAM,uBAAA,CAAwB,QAAA,EAAkB,iBAAA,EAA6C;AAC3F,IAAA,MAAM,gBAAA,EAAkB,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,IAAA,CAAK,uBAAA,CAAwB,iBAAiB,CAAC,CAAA;AAC7F,IAAA,GAAA,CAAI,eAAA,EAAiB;AACnB,MAAA,MAAM,cAAA,EAAgB,MAAM,IAAA,CAAK,QAAA;AAAA,QAC/B,IAAA,CAAK,SAAA,CAAU,eAAe;AAAA,MAChC,CAAA;AACA,MAAA,GAAA,CAAI,4BAAA,CAA6B,aAAA,EAAe,iBAAiB,CAAA,EAAG;AAClE,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,IAAA,CAAK,uBAAA,CAAwB,iBAAiB,CAAC,CAAA;AAAA,IACvE;AAEA,IAAA,MAAM,UAAA,EAAY,MAAM,IAAA,CAAK,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,gBAAA,CAAiB,QAAQ,CAAA,EAAG,CAAA,EAAG,CAAA,CAAA,EAAI,KAAK,CAAA;AAExF,IAAA,IAAA,CAAA,MAAW,SAAA,GAAY,SAAA,EAAW;AAChC,MAAA,MAAM,OAAA,EAAS,MAAM,IAAA,CAAK,QAAA,CAAqC,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAC,CAAA;AACvF,MAAA,GAAA,CAAI,4BAAA,CAA6B,MAAA,EAAQ,iBAAiB,CAAA,EAAG;AAC3D,QAAA,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,IAAA,CAAK,uBAAA,CAAwB,iBAAiB,CAAA,EAAG,QAAA,EAAU,IAAI,CAAA;AACrF,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAEA,IAAA,OAAO,KAAA;AAAA,EACT;AAAA,EAEA,MAAM,yBAAA,CACJ,iBAAA,EACA,cAAA,EACkB;AAClB,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,EAAS,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA;AAAA,QAC/B,IAAA,CAAK,6BAAA,CAA8B,iBAAA,EAAmB,cAAc,CAAA;AAAA,QACpE,cAAA,CAAe,CAAA;AAAA,QACf;AAAA,MACF,CAAA;AACA,MAAA,OAAO,OAAA,IAAW,IAAA;AAAA,IACpB,EAAA,MAAA,CAAS,KAAA,EAAO;AACd,MAAA,MAAM,4CAAA,KAAa,EAAO;AAAA,QACxB,GAAA,EAAK,IAAA,CAAK,6BAAA,CAA8B,iBAAA,EAAmB,cAAc,CAAA;AAAA,QACzE,SAAA,EAAW;AAAA,MACb,CAAC,CAAA;AAAA,IACH;AAAA,EACF;AAAA,EAEA,MAAM,oCAAA,CACJ,iBAAA,EACA,cAAA,EACe;AACf,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,IAAA,CAAK,6BAAA,CAA8B,iBAAA,EAAmB,cAAc,CAAC,CAAA;AAAA,IAC7F,EAAA,MAAA,CAAS,KAAA,EAAO;AACd,MAAA,MAAM,4CAAA,KAAa,EAAO;AAAA,QACxB,GAAA,EAAK,IAAA,CAAK,6BAAA,CAA8B,iBAAA,EAAmB,cAAc,CAAA;AAAA,QACzE,SAAA,EAAW;AAAA,MACb,CAAC,CAAA;AAAA,IACH;AAAA,EACF;AAAA,EAEA,MAAM,+BAAA,CAAgC,iBAAA,EAA0C;AAC9E,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,IAAA,CAAK,6BAAA,CAA8B,iBAAiB,CAAC,CAAA;AAAA,IAC7E,EAAA,MAAA,CAAS,KAAA,EAAO;AACd,MAAA,MAAM,4CAAA,KAAa,EAAO;AAAA,QACxB,GAAA,EAAK,IAAA,CAAK,6BAAA,CAA8B,iBAAiB,CAAA;AAAA,QACzD,SAAA,EAAW;AAAA,MACb,CAAC,CAAA;AAAA,IACH;AAAA,EACF;AAAA,EAEA,MAAM,+BAAA,CACJ,iBAAA,EACgD;AAChD,IAAA,MAAM,IAAA,EAAM,IAAA,CAAK,6BAAA,CAA8B,iBAAiB,CAAA;AAChE,IAAA,MAAM,IAAA,kBAAM,IAAI,IAAA,CAAK,CAAA;AACrB,IAAA,MAAM,MAAA,EAAQ,GAAA,CAAI,OAAA,CAAQ,CAAA;AAC1B,IAAA,MAAM,SAAA,EAAW,MAAM,IAAA,CAAK,QAAA,CAA0C,GAAG,CAAA;AAEzE,IAAA,GAAA,iBAAI,QAAA,+BAAU,eAAA,GAAgB,IAAA,CAAK,KAAA,CAAM,QAAA,CAAS,YAAY,EAAA,EAAI,KAAA,EAAO;AACvE,MAAA,OAAO;AAAA,QACL,QAAA,EAAU,QAAA,CAAS,QAAA;AAAA,QACnB,OAAA,EAAS,IAAA;AAAA,QACT,YAAA,EAAc,QAAA,CAAS;AAAA,MACzB,CAAA;AAAA,IACF;AAEA,IAAA,MAAM,gBAAA,kBAAkB,QAAA,+BAAU,gBAAA,EAC9B,IAAA,CAAK,KAAA,CAAM,QAAA,CAAS,aAAa,EAAA,EACjC,MAAA,CAAO,GAAA;AACX,IAAA,MAAM,aAAA,EACJ,MAAA,CAAO,QAAA,CAAS,eAAe,EAAA,GAC/B,MAAA,EAAQ,gBAAA,GAAmB,iCAAA;AAC7B,IAAA,MAAM,SAAA,EAAW,aAAA,GAAgB,SAAA,EAAW,QAAA,CAAS,SAAA,EAAW,EAAA,EAAI,CAAA;AACpE,IAAA,MAAM,cAAA,EAAgB,aAAA,GAAgB,SAAA,EAAW,QAAA,CAAS,cAAA,EAAgB,GAAA,CAAI,WAAA,CAAY,CAAA;AAC1F,IAAA,MAAM,aAAA,EACJ,SAAA,GAAY,8BAAA,EACR,IAAI,IAAA,CAAK,MAAA,EAAQ,+BAA+B,CAAA,CAAE,WAAA,CAAY,EAAA,EAC9D,KAAA,CAAA;AAEN,IAAA,MAAM,IAAA,CAAK,SAAA,CAAU,GAAA,EAAK;AAAA,MACxB,QAAA;AAAA,MACA,YAAA;AAAA,MACA,aAAA;AAAA,MACA,YAAA,EAAc,GAAA,CAAI,WAAA,CAAY;AAAA,IAChC,CAA2C,CAAA;AAE3C,IAAA,OAAO;AAAA,MACL,QAAA;AAAA,MACA,OAAA,EAAS,aAAA,IAAiB,KAAA,CAAA;AAAA,MAC1B,YAAA,mBAAc,YAAA,UAAgB;AAAA,IAChC,CAAA;AAAA,EACF;AAAA,EAEA,MAAM,wBAAA,CAAyB,iBAAA,EAAgE;AAC7F,IAAA,MAAM,IAAA,EAAM,IAAA,CAAK,WAAA,CAAY,iBAAiB,CAAA;AAC9C,IAAA,MAAM,SAAA,EAAW,MAAM,IAAA,CAAK,QAAA,CAAqC,GAAG,CAAA;AAEpE,IAAA,GAAA,CAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,iCAAA,CAAW;AAAA,QACnB,IAAA,EAAM,iCAAA,CAAgB,QAAA;AAAA,QACtB,GAAA;AAAA,QACA,OAAA,EAAS,CAAA,kBAAA,EAAqB,iBAAiB,CAAA,CAAA,CAAA;AAAA,QAC/C,SAAA,EAAW;AAAA,MACb,CAAC,CAAA;AAAA,IACH;AAEA,IAAA,GAAA,CAAI,QAAA,CAAS,OAAA,IAAW,SAAA,EAAW;AACjC,MAAA,MAAM,IAAI,iCAAA,CAAW;AAAA,QACnB,IAAA,EAAM,iCAAA,CAAgB,cAAA;AAAA,QACtB,GAAA;AAAA,QACA,OAAA,EAAS,CAAA,UAAA,EAAa,iBAAiB,CAAA,MAAA,EAAS,QAAA,CAAS,MAAM,CAAA,8CAAA,CAAA;AAAA,QAC/D,SAAA,EAAW;AAAA,MACb,CAAC,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,gBAAA,EAAkB,6BAAA,CAA8B,CAAA;AACtD,IAAA,MAAM,WAAA,EAAyC;AAAA,MAC7C,GAAG,QAAA;AAAA,MACH,QAAA,EAAU;AAAA,QACR,oBAAI,QAAA,CAAS,QAAA,UAAY,CAAC,GAAA;AAAA,QAC1B,sBAAA,EAAwB,sBAAA,CAAuB,eAAe,CAAA;AAAA,QAC9D,uBAAA,EAAyB;AAAA,MAC3B,CAAA;AAAA,MACA,SAAA,EAAW,cAAA,CAAe;AAAA,IAC5B,CAAA;AAEA,IAAA,MAAM,IAAA,CAAK,SAAA,CAAU,GAAA,EAAK,UAAU,CAAA;AACpC,IAAA,MAAM,IAAA,CAAK,+BAAA,CAAgC,iBAAiB,CAAA;AAE5D,IAAA,OAAO,UAAA;AAAA,EACT;AAAA,EAEA,MAAM,qBAAA,CACJ,KAAA,EACuC;AACvC,IAAA,MAAM,MAAA,EAAQ,UAAA,CAAW,KAAA,CAAM,KAAA,EAAO,EAAA,EAAI,GAAG,CAAA;AAC7C,IAAA,MAAM,aAAA,EAAe,UAAA,CAAW,KAAA,CAAM,YAAA,EAAc,EAAA,EAAI,GAAG,CAAA;AAC3D,IAAA,MAAM,IAAA,kBAAM,IAAI,IAAA,CAAK,CAAA;AACrB,IAAA,MAAM,MAAA,EAAQ,GAAA,CAAI,OAAA,CAAQ,CAAA;AAC1B,IAAA,MAAM,WAAA,EAAa,IAAI,IAAA,CAAK,MAAA,EAAQ,aAAA,EAAe,GAAI,CAAA,CAAE,WAAA,CAAY,CAAA;AACrE,IAAA,MAAM,UAAA,EAAY,MAAM,IAAA,CAAK,MAAA,CAAO,MAAA;AAAA,MAClC,IAAA,CAAK,gBAAA,CAAiB,KAAA,CAAM,QAAQ,CAAA;AAAA,MACpC,CAAA;AAAA,MACA,MAAA,EAAQ,CAAA;AAAA,MACR;AAAA,IACF,CAAA;AACA,IAAA,MAAM,QAAA,EAAwC,CAAC,CAAA;AAE/C,IAAA,IAAA,CAAA,MAAW,SAAA,GAAY,SAAA,EAAW;AAChC,MAAA,GAAA,CAAI,OAAA,CAAQ,OAAA,GAAU,KAAA,EAAO;AAC3B,QAAA,KAAA;AAAA,MACF;AAEA,MAAA,MAAM,aAAA,EAAe,IAAA,CAAK,kBAAA,CAAmB,QAAQ,CAAA;AACrD,MAAA,IAAI,cAAA,EAAgB,KAAA;AAEpB,MAAA,IAAI;AACF,QAAA,MAAM,SAAA,EAAW,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,YAAA,EAAc,UAAA,EAAY,IAAI,CAAA;AACrE,QAAA,GAAA,CAAI,SAAA,IAAa,IAAA,EAAM;AACrB,UAAA,MAAM,uBAAA,EAAyB,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,YAAY,CAAA;AACjE,UAAA,GAAA,CACE,uBAAA,GACA,MAAA,CAAO,QAAA,CAAS,IAAA,CAAK,KAAA,CAAM,sBAAsB,CAAC,EAAA,GAClD,IAAA,CAAK,KAAA,CAAM,sBAAsB,EAAA,EAAI,KAAA,EACrC;AACA,YAAA,QAAA;AAAA,UACF;AAEA,UAAA,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,YAAY,CAAA;AAClC,UAAA,MAAM,mBAAA,EAAqB,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,YAAA,EAAc,UAAA,EAAY,IAAI,CAAA;AAC/E,UAAA,GAAA,CAAI,mBAAA,IAAuB,IAAA,EAAM;AAC/B,YAAA,QAAA;AAAA,UACF;AAAA,QACF;AAEA,QAAA,cAAA,EAAgB,IAAA;AAEhB,QAAA,MAAM,OAAA,EAAS,MAAM,IAAA,CAAK,QAAA,CAAqC,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAC,CAAA;AACvF,QAAA,GAAA,CAAI,CAAC,MAAA,EAAQ;AACX,UAAA,QAAA;AAAA,QACF;AAEA,QAAA,GAAA,CACE,MAAA,CAAO,OAAA,IAAW,UAAA,GAClB,MAAA,CAAO,OAAA,IAAW,SAAA,GAClB,MAAA,CAAO,OAAA,IAAW,UAAA,EAClB;AACA,UAAA,QAAA;AAAA,QACF;AAEA,QAAA,GAAA,CACE,MAAA,CAAO,OAAA,IAAW,WAAA,GAClB,MAAA,CAAO,WAAA,GACP,IAAA,CAAK,KAAA,CAAM,MAAA,CAAO,UAAU,EAAA,EAAI,KAAA,EAChC;AACA,UAAA,QAAA;AAAA,QACF;AAEA,QAAA,MAAM,WAAA,EAAyC;AAAA,UAC7C,GAAG,MAAA;AAAA,UACH,UAAA,EAAY,gCAAA,CAAW;AAAA,UACvB,UAAA;AAAA,UACA,eAAA,EAAiB,GAAA,CAAI,WAAA,CAAY,CAAA;AAAA,UACjC,MAAA,EAAQ,UAAA;AAAA,UACR,SAAA,EAAW,GAAA,CAAI,WAAA,CAAY;AAAA,QAC7B,CAAA;AACA,QAAA,MAAM,IAAA,CAAK,SAAA,CAAU,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAA,EAAG,UAAU,CAAA;AACzD,QAAA,OAAA,CAAQ,IAAA,CAAK,UAAU,CAAA;AAAA,MACzB,EAAA,QAAE;AACA,QAAA,GAAA,CAAI,aAAA,EAAe;AACjB,UAAA,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,YAAY,CAAA;AAAA,QACpC;AAAA,MACF;AAAA,IACF;AAEA,IAAA,OAAO,OAAA;AAAA,EACT;AAAA,EAEA,MAAM,oBAAA,CACJ,KAAA,EACqC;AACrC,IAAA,MAAM,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,KAAA,CAAM,QAAQ,CAAA;AACzC,IAAA,MAAM,OAAA,EAAS,MAAM,IAAA,CAAK,QAAA,CAAqC,GAAG,CAAA;AAElE,IAAA,GAAA,CAAI,CAAC,OAAA,GAAU,MAAA,CAAO,SAAA,IAAa,KAAA,CAAM,QAAA,EAAU;AACjD,MAAA,MAAM,IAAI,iCAAA,CAAW;AAAA,QACnB,IAAA,EAAM,iCAAA,CAAgB,QAAA;AAAA,QACtB,GAAA;AAAA,QACA,OAAA,EAAS,CAAA,gBAAA,EAAmB,KAAA,CAAM,QAAQ,CAAA,cAAA,EAAiB,KAAA,CAAM,QAAQ,CAAA,CAAA,CAAA;AAAA,QACzE,SAAA,EAAW;AAAA,MACb,CAAC,CAAA;AAAA,IACH;AAEA,IAAA,GAAA,CAAI,CAAC,MAAA,CAAO,WAAA,GAAc,MAAA,CAAO,WAAA,IAAe,KAAA,CAAM,UAAA,EAAY;AAChE,MAAA,MAAM,IAAI,iCAAA,CAAW;AAAA,QACnB,IAAA,EAAM,iCAAA,CAAgB,cAAA;AAAA,QACtB,GAAA;AAAA,QACA,OAAA,EAAS,CAAA,iCAAA,EAAoC,KAAA,CAAM,QAAQ,CAAA,CAAA,CAAA;AAAA,QAC3D,SAAA,EAAW;AAAA,MACb,CAAC,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,SAAA,EAAsC;AAAA,MAC1C,QAAA,EAAU,KAAA,CAAM,QAAA;AAAA,MAChB,OAAA,EAAS,KAAA,CAAM,OAAA;AAAA,MACf,UAAA,EAAY,cAAA,CAAe,CAAA;AAAA,MAC3B,OAAA,EAAS,KAAA,CAAM,OAAA;AAAA,MACf,MAAA,EAAQ,KAAA,CAAM,MAAA;AAAA,MACd,QAAA,EAAU,KAAA,CAAM;AAAA,IAClB,CAAA;AACA,IAAA,MAAM,WAAA,EAAyC;AAAA,MAC7C,GAAG,MAAA;AAAA,MACH,UAAA,EAAY,KAAA,CAAA;AAAA,MACZ,UAAA,EAAY,KAAA,CAAA;AAAA,MACZ,QAAA;AAAA,MACA,MAAA,EAAQ,KAAA,CAAM,MAAA;AAAA,MACd,SAAA,EAAW,cAAA,CAAe;AAAA,IAC5B,CAAA;AAEA,IAAA,MAAM,IAAA,CAAK,SAAA,CAAU,GAAA,EAAK,UAAU,CAAA;AACpC,IAAA,GAAA,CAAI,MAAA,CAAO,wBAAA,GAA2B,MAAA,CAAO,KAAA,IAAS,0BAAA,EAA4B;AAChF,MAAA,MAAM,kBAAA,EAAoB,IAAA,CAAK,uBAAA,CAAwB,MAAA,CAAO,uBAAuB,CAAA;AACrF,MAAA,MAAM,gBAAA,EAAkB,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,iBAAiB,CAAA;AAC/D,MAAA,GAAA,CAAI,gBAAA,IAAoB,KAAA,CAAM,QAAA,EAAU;AACtC,QAAA,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,iBAAiB,CAAA;AAAA,MACzC;AAAA,IACF;AACA,IAAA,OAAO,UAAA;AAAA,EACT;AAAA,EAEA,MAAM,kBAAA,CAAmB,QAAA,EAA8D;AACrF,IAAA,OAAO,MAAM,IAAA,CAAK,QAAA,CAAqC,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAC,CAAA;AAAA,EACjF;AAAA,EAEA,MAAM,qBAAA,CAAsB,QAAA,EAAkB,QAAA,EAAiC;AAC7E,IAAA,MAAM,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAA;AACnC,IAAA,MAAM,OAAA,EAAS,MAAM,IAAA,CAAK,QAAA,CAAqC,GAAG,CAAA;AAClE,IAAA,GAAA,CAAI,CAAC,OAAA,GAAU,MAAA,CAAO,SAAA,IAAa,QAAA,EAAU;AAC3C,MAAA,MAAM,IAAI,iCAAA,CAAW;AAAA,QACnB,IAAA,EAAM,iCAAA,CAAgB,QAAA;AAAA,QACtB,GAAA;AAAA,QACA,OAAA,EAAS,CAAA,gBAAA,EAAmB,QAAQ,CAAA,cAAA,EAAiB,QAAQ,CAAA,CAAA,CAAA;AAAA,QAC7D,SAAA,EAAW;AAAA,MACb,CAAC,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,IAAA,CAAK,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,gBAAA,CAAiB,QAAQ,CAAA,EAAG,QAAQ,CAAA;AAChE,IAAA,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,GAAG,CAAA;AACzB,IAAA,GAAA,CAAI,MAAA,CAAO,wBAAA,GAA2B,MAAA,CAAO,KAAA,IAAS,0BAAA,EAA4B;AAChF,MAAA,MAAM,kBAAA,EAAoB,IAAA,CAAK,uBAAA,CAAwB,MAAA,CAAO,uBAAuB,CAAA;AACrF,MAAA,MAAM,gBAAA,EAAkB,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,iBAAiB,CAAA;AAC/D,MAAA,GAAA,CAAI,gBAAA,IAAoB,QAAA,EAAU;AAChC,QAAA,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,iBAAiB,CAAA;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AAAA,iBAEiB,eAAA,EAAiB,CAAA,EAAA,GAAc,CAAA,EAAA;AACX,kBAAA;AAEC,kBAAA;AAEC,kBAAA;AAEA,kBAAA;AAEF,kBAAA;AAEL,kBAAA;AAEf,kBAAA;AAKA,kBAAA;AAEA,mBAAA;AAEsB,mBAAA;AAET,mBAAA;AAE4B,EAAA;AACpD,IAAA;AACc,MAAA;AACA,MAAA;AACP,QAAA;AACT,MAAA;AAEkB,MAAA;AACJ,IAAA;AACK,MAAA;AACrB,IAAA;AACF,EAAA;AAEqC,EAAA;AAC/B,IAAA;AACgB,MAAA;AACJ,IAAA;AACK,MAAA;AACrB,IAAA;AACF,EAAA;AACF;AAEa;AACA,EAAA;AACb;ADhU0B;AACA;AACA;AACA;AACA;AACA;AACA","file":"/Users/hanzhi/Documents/WLFI/wlfi-agent-sdk/packages/cache/dist/chunk-QF4XKEIA.cjs","sourcesContent":[null,"import { createHash, randomBytes, randomUUID } from 'node:crypto';\nimport type Redis from 'ioredis';\nimport { getCacheClient } from '../client/index.js';\nimport { CacheError, cacheErrorCodes, toCacheError } from '../errors/index.js';\n\nexport const relayApprovalStatuses = [\n 'pending',\n 'approved',\n 'rejected',\n 'completed',\n 'expired',\n] as const;\nexport type RelayApprovalStatus = (typeof relayApprovalStatuses)[number];\n\nexport const relayUpdateStatuses = [\n 'pending',\n 'inflight',\n 'applied',\n 'rejected',\n 'failed',\n] as const;\nexport type RelayUpdateStatus = (typeof relayUpdateStatuses)[number];\n\nexport interface RelayDaemonProfile {\n daemonId: string;\n daemonPublicKey: string;\n ethereumAddress: string;\n label?: string;\n lastSeenAt: string;\n registeredAt: string;\n relayUrl?: string;\n signerBackend?: string;\n status: 'active' | 'paused';\n updatedAt: string;\n version?: string;\n}\n\nexport interface RelayPolicyRecord {\n action: string;\n amountMaxWei?: string;\n amountMinWei?: string;\n chainId?: number;\n daemonId: string;\n destination: string;\n metadata?: Record<string, string>;\n policyId: string;\n requiresManualApproval: boolean;\n scope: 'default' | 'override';\n tokenAddress?: string;\n updatedAt: string;\n}\n\nexport interface RelayAgentKeyRecord {\n agentKeyId: string;\n createdAt?: string;\n daemonId: string;\n label?: string;\n metadata?: Record<string, string>;\n status: 'active' | 'revoked';\n updatedAt: string;\n}\n\nexport interface RelayApprovalRequestRecord {\n agentKeyId?: string;\n amountWei?: string;\n approvalRequestId: string;\n chainId?: number;\n daemonId: string;\n destination: string;\n metadata?: Record<string, string>;\n network?: string;\n reason?: string;\n requestedAt: string;\n status: RelayApprovalStatus;\n tokenAddress?: string;\n transactionType: string;\n updatedAt: string;\n}\n\nexport interface RelayEncryptedPayload {\n aadBase64?: string;\n algorithm: string;\n ciphertextBase64: string;\n contentSha256Hex?: string;\n encapsulatedKeyBase64: string;\n nonceBase64: string;\n schemaVersion: number;\n}\n\nexport interface RelayUpdateFeedbackRecord {\n daemonId: string;\n details?: Record<string, string>;\n feedbackAt: string;\n message?: string;\n status: Extract<RelayUpdateStatus, 'applied' | 'failed' | 'rejected'>;\n updateId: string;\n}\n\nexport interface RelayEncryptedUpdateRecord {\n claimToken?: string;\n claimUntil?: string;\n createdAt: string;\n daemonId: string;\n feedback?: RelayUpdateFeedbackRecord;\n lastDeliveredAt?: string;\n metadata?: Record<string, string>;\n payload: RelayEncryptedPayload;\n status: RelayUpdateStatus;\n targetApprovalRequestId?: string;\n type: string;\n updateId: string;\n updatedAt: string;\n}\n\nexport interface SyncDaemonRegistrationInput {\n agentKeys?: RelayAgentKeyRecord[];\n approvalRequests?: RelayApprovalRequestRecord[];\n daemon: RelayDaemonProfile;\n policies?: RelayPolicyRecord[];\n}\n\nexport interface ApprovalRequestFilters {\n daemonId?: string;\n destination?: string;\n limit?: number;\n status?: RelayApprovalStatus;\n tokenAddress?: string;\n}\n\nexport interface CreateEncryptedUpdateInput {\n daemonId: string;\n metadata?: Record<string, string>;\n payload: RelayEncryptedPayload;\n targetApprovalRequestId?: string;\n type: string;\n updateId?: string;\n}\n\nexport interface ClaimEncryptedUpdatesInput {\n daemonId: string;\n leaseSeconds?: number;\n limit?: number;\n}\n\nexport interface SubmitUpdateFeedbackInput {\n claimToken: string;\n daemonId: string;\n details?: Record<string, string>;\n message?: string;\n status: Extract<RelayUpdateStatus, 'applied' | 'failed' | 'rejected'>;\n updateId: string;\n}\n\nexport interface ApprovalCapabilityFailureRecord {\n attempts: number;\n blockedUntil?: string;\n firstFailedAt: string;\n lastFailedAt: string;\n}\n\nexport interface RecordApprovalCapabilityFailureResult {\n attempts: number;\n blocked: boolean;\n blockedUntil: string | null;\n}\n\ninterface JsonCache {\n del(key: string): Promise<number>;\n get(key: string): Promise<string | null>;\n ping(): Promise<string>;\n quit(): Promise<string>;\n sadd(key: string, ...members: string[]): Promise<number>;\n set(key: string, value: string, mode?: 'NX' | 'XX'): Promise<'OK' | null>;\n smembers(key: string): Promise<string[]>;\n zadd(key: string, ...args: (string | number)[]): Promise<number>;\n zrange(key: string, start: number, stop: number, ...args: string[]): Promise<string[]>;\n zrem(key: string, ...members: string[]): Promise<number>;\n}\n\nconst defaultNamespace = 'wlfi:relay';\nconst approvalCapabilityFailureWindowMs = 5 * 60 * 1000;\nconst approvalCapabilityMaxFailures = 5;\nconst approvalCapabilityBlockWindowMs = 10 * 60 * 1000;\n\nconst toIsoTimestamp = (value = new Date()): string => value.toISOString();\n\nconst dedupe = <T>(values: T[]): T[] => [...new Set(values)];\n\nconst matchesOptionalFilter = (\n value: string | undefined,\n expected: string | undefined,\n): boolean => {\n if (!expected) {\n return true;\n }\n\n return value?.toLowerCase() === expected.toLowerCase();\n};\n\nconst clampLimit = (limit: number | undefined, fallback: number, max: number): number => {\n if (!limit || Number.isNaN(limit)) {\n return fallback;\n }\n\n return Math.max(1, Math.min(limit, max));\n};\n\nconst createApprovalCapabilityToken = (): string => randomBytes(32).toString('hex');\n\nconst approvalCapabilityHash = (token: string): string =>\n createHash('sha256').update(token, 'utf8').digest('hex');\n\nconst isActiveApprovalUpdateRecord = (\n record: RelayEncryptedUpdateRecord | null | undefined,\n approvalRequestId: string,\n): record is RelayEncryptedUpdateRecord =>\n Boolean(\n record &&\n record.type === 'manual_approval_decision' &&\n record.targetApprovalRequestId === approvalRequestId &&\n (record.status === 'pending' || record.status === 'inflight'),\n );\n\nconst preserveRotatedApprovalCapability = (\n incoming: RelayApprovalRequestRecord,\n existing: RelayApprovalRequestRecord | null,\n): RelayApprovalRequestRecord => {\n const existingMetadata = existing?.metadata;\n const incomingMetadata = incoming.metadata;\n const preservedCapabilityToken = existingMetadata?.approvalCapabilityToken?.trim();\n const preservedCapabilityHash = existingMetadata?.approvalCapabilityHash?.trim();\n\n if (!preservedCapabilityToken && !preservedCapabilityHash) {\n return incoming;\n }\n\n return {\n ...incoming,\n metadata: {\n ...(incomingMetadata ?? {}),\n ...(preservedCapabilityToken\n ? { approvalCapabilityToken: preservedCapabilityToken }\n : {}),\n ...(preservedCapabilityHash ? { approvalCapabilityHash: preservedCapabilityHash } : {}),\n },\n };\n};\n\nexport class RelayCacheService {\n private readonly client: JsonCache;\n private readonly namespace: string;\n\n constructor(options: { client?: Redis; namespace?: string } = {}) {\n this.client = (options.client ?? getCacheClient()) as unknown as JsonCache;\n this.namespace = options.namespace ?? defaultNamespace;\n }\n\n async ping(): Promise<string> {\n try {\n return await this.client.ping();\n } catch (error) {\n throw toCacheError(error, { operation: 'ping' });\n }\n }\n\n async syncDaemonRegistration(input: SyncDaemonRegistrationInput): Promise<{\n agentKeyCount: number;\n approvalRequestCount: number;\n policyCount: number;\n }> {\n const profile = {\n ...input.daemon,\n lastSeenAt: input.daemon.lastSeenAt || toIsoTimestamp(),\n updatedAt: input.daemon.updatedAt || toIsoTimestamp(),\n } satisfies RelayDaemonProfile;\n\n try {\n await this.writeJson(this.daemonProfileKey(profile.daemonId), profile);\n await this.client.sadd(this.daemonIndexKey(), profile.daemonId);\n\n if (input.policies) {\n const policies = input.policies.map((policy) => ({\n ...policy,\n daemonId: profile.daemonId,\n }));\n await this.writeJson(this.daemonPoliciesKey(profile.daemonId), policies);\n }\n\n if (input.agentKeys) {\n const agentKeys = input.agentKeys.map((agentKey) => ({\n ...agentKey,\n daemonId: profile.daemonId,\n }));\n await this.writeJson(this.daemonAgentKeysKey(profile.daemonId), agentKeys);\n }\n\n if (input.approvalRequests) {\n for (const approvalRequest of input.approvalRequests) {\n const existing = await this.readJson<RelayApprovalRequestRecord>(\n this.approvalKey(approvalRequest.approvalRequestId),\n );\n const normalized = preserveRotatedApprovalCapability(\n { ...approvalRequest, daemonId: profile.daemonId },\n existing,\n );\n await this.writeJson(this.approvalKey(normalized.approvalRequestId), normalized);\n await this.client.zadd(\n this.daemonApprovalsKey(profile.daemonId),\n Date.parse(normalized.requestedAt),\n normalized.approvalRequestId,\n );\n }\n }\n\n return {\n agentKeyCount: input.agentKeys?.length ?? 0,\n approvalRequestCount: input.approvalRequests?.length ?? 0,\n policyCount: input.policies?.length ?? 0,\n };\n } catch (error) {\n throw toCacheError(error, {\n key: this.daemonProfileKey(profile.daemonId),\n operation: 'syncDaemonRegistration',\n });\n }\n }\n\n async listDaemons(): Promise<RelayDaemonProfile[]> {\n const daemonIds = await this.client.smembers(this.daemonIndexKey());\n const profiles = await Promise.all(\n daemonIds.map((daemonId) =>\n this.readJson<RelayDaemonProfile>(this.daemonProfileKey(daemonId)),\n ),\n );\n\n return profiles.filter((profile): profile is RelayDaemonProfile => Boolean(profile));\n }\n\n async getDaemonProfile(daemonId: string): Promise<RelayDaemonProfile | null> {\n return await this.readJson<RelayDaemonProfile>(this.daemonProfileKey(daemonId));\n }\n\n async getDaemonPolicies(daemonId: string): Promise<RelayPolicyRecord[]> {\n return (await this.readJson<RelayPolicyRecord[]>(this.daemonPoliciesKey(daemonId))) ?? [];\n }\n\n async getDaemonAgentKeys(daemonId: string): Promise<RelayAgentKeyRecord[]> {\n return (await this.readJson<RelayAgentKeyRecord[]>(this.daemonAgentKeysKey(daemonId))) ?? [];\n }\n\n async getApprovalRequest(approvalRequestId: string): Promise<RelayApprovalRequestRecord | null> {\n return await this.readJson<RelayApprovalRequestRecord>(this.approvalKey(approvalRequestId));\n }\n\n async listApprovalRequests(\n filters: ApprovalRequestFilters = {},\n ): Promise<RelayApprovalRequestRecord[]> {\n const limit = clampLimit(filters.limit, 100, 500);\n const daemonIds = filters.daemonId\n ? [filters.daemonId]\n : await this.client.smembers(this.daemonIndexKey());\n const requestIdsByDaemon = await Promise.all(\n daemonIds.map((daemonId) =>\n this.client.zrange(this.daemonApprovalsKey(daemonId), 0, limit * 2, 'REV'),\n ),\n );\n const requestIds = dedupe(requestIdsByDaemon.flat()).slice(0, limit * 3);\n const requests = await Promise.all(\n requestIds.map((requestId) =>\n this.readJson<RelayApprovalRequestRecord>(this.approvalKey(requestId)),\n ),\n );\n\n return requests\n .filter((request): request is RelayApprovalRequestRecord => Boolean(request))\n .filter((request) => (filters.daemonId ? request.daemonId === filters.daemonId : true))\n .filter((request) => (filters.status ? request.status === filters.status : true))\n .filter((request) => matchesOptionalFilter(request.destination, filters.destination))\n .filter((request) => matchesOptionalFilter(request.tokenAddress, filters.tokenAddress))\n .sort((left, right) => Date.parse(right.requestedAt) - Date.parse(left.requestedAt))\n .slice(0, limit);\n }\n\n async createEncryptedUpdate(\n input: CreateEncryptedUpdateInput,\n ): Promise<RelayEncryptedUpdateRecord> {\n if (input.type === 'manual_approval_decision') {\n if (!input.targetApprovalRequestId) {\n throw new CacheError({\n code: cacheErrorCodes.invalidPayload,\n message: 'Manual approval updates require a target approval request id',\n operation: 'createEncryptedUpdate',\n });\n }\n\n const approvalKey = this.approvalKey(input.targetApprovalRequestId);\n const approval = await this.readJson<RelayApprovalRequestRecord>(approvalKey);\n if (!approval) {\n throw new CacheError({\n code: cacheErrorCodes.notFound,\n key: approvalKey,\n message: `Unknown approval '${input.targetApprovalRequestId}'`,\n operation: 'createEncryptedUpdate',\n });\n }\n\n if (approval.daemonId !== input.daemonId) {\n throw new CacheError({\n code: cacheErrorCodes.invalidPayload,\n key: approvalKey,\n message: `Approval '${input.targetApprovalRequestId}' belongs to daemon '${approval.daemonId}', not '${input.daemonId}'`,\n operation: 'createEncryptedUpdate',\n });\n }\n\n if (approval.status !== 'pending') {\n throw new CacheError({\n code: cacheErrorCodes.invalidPayload,\n key: approvalKey,\n message: `Approval '${input.targetApprovalRequestId}' is '${approval.status}' and cannot accept new updates`,\n operation: 'createEncryptedUpdate',\n });\n }\n }\n\n const updateId = input.updateId ?? randomUUID();\n const now = toIsoTimestamp();\n const record: RelayEncryptedUpdateRecord = {\n createdAt: now,\n daemonId: input.daemonId,\n metadata: input.metadata,\n payload: input.payload,\n status: 'pending',\n targetApprovalRequestId: input.targetApprovalRequestId,\n type: input.type,\n updateId,\n updatedAt: now,\n };\n\n const activeApprovalKey =\n input.type === 'manual_approval_decision' && input.targetApprovalRequestId\n ? this.activeApprovalUpdateKey(input.targetApprovalRequestId)\n : null;\n const updateKey = this.updateKey(updateId);\n let ownsActiveApprovalSlot = false;\n\n await this.writeJson(updateKey, record);\n\n try {\n if (activeApprovalKey) {\n const reserved = await this.client.set(activeApprovalKey, updateId, 'NX');\n if (reserved !== 'OK') {\n const existingUpdateId = await this.client.get(activeApprovalKey);\n const existingRecord = existingUpdateId\n ? await this.readJson<RelayEncryptedUpdateRecord>(this.updateKey(existingUpdateId))\n : null;\n\n if (isActiveApprovalUpdateRecord(existingRecord, input.targetApprovalRequestId!)) {\n throw new CacheError({\n code: cacheErrorCodes.invalidPayload,\n key: activeApprovalKey,\n message: `Approval '${input.targetApprovalRequestId}' already has a queued operator update`,\n operation: 'createEncryptedUpdate',\n });\n }\n\n await this.client.del(activeApprovalKey);\n const retriedReservation = await this.client.set(activeApprovalKey, updateId, 'NX');\n if (retriedReservation !== 'OK') {\n throw new CacheError({\n code: cacheErrorCodes.invalidPayload,\n key: activeApprovalKey,\n message: `Approval '${input.targetApprovalRequestId}' already has a queued operator update`,\n operation: 'createEncryptedUpdate',\n });\n }\n }\n\n ownsActiveApprovalSlot = true;\n }\n\n await this.client.zadd(this.daemonUpdatesKey(input.daemonId), Date.now(), updateId);\n } catch (error) {\n await this.client.del(updateKey);\n if (activeApprovalKey && ownsActiveApprovalSlot) {\n await this.client.del(activeApprovalKey);\n }\n throw error;\n }\n\n return record;\n }\n\n async hasActiveApprovalUpdate(daemonId: string, approvalRequestId: string): Promise<boolean> {\n const indexedUpdateId = await this.client.get(this.activeApprovalUpdateKey(approvalRequestId));\n if (indexedUpdateId) {\n const indexedRecord = await this.readJson<RelayEncryptedUpdateRecord>(\n this.updateKey(indexedUpdateId),\n );\n if (isActiveApprovalUpdateRecord(indexedRecord, approvalRequestId)) {\n return true;\n }\n\n await this.client.del(this.activeApprovalUpdateKey(approvalRequestId));\n }\n\n const updateIds = await this.client.zrange(this.daemonUpdatesKey(daemonId), 0, -1, 'REV');\n\n for (const updateId of updateIds) {\n const record = await this.readJson<RelayEncryptedUpdateRecord>(this.updateKey(updateId));\n if (isActiveApprovalUpdateRecord(record, approvalRequestId)) {\n await this.client.set(this.activeApprovalUpdateKey(approvalRequestId), updateId, 'NX');\n return true;\n }\n }\n\n return false;\n }\n\n async consumeApprovalCapability(\n approvalRequestId: string,\n capabilityHash: string,\n ): Promise<boolean> {\n try {\n const result = await this.client.set(\n this.approvalCapabilityConsumedKey(approvalRequestId, capabilityHash),\n toIsoTimestamp(),\n 'NX',\n );\n return result === 'OK';\n } catch (error) {\n throw toCacheError(error, {\n key: this.approvalCapabilityConsumedKey(approvalRequestId, capabilityHash),\n operation: 'consumeApprovalCapability',\n });\n }\n }\n\n async releaseApprovalCapabilityConsumption(\n approvalRequestId: string,\n capabilityHash: string,\n ): Promise<void> {\n try {\n await this.client.del(this.approvalCapabilityConsumedKey(approvalRequestId, capabilityHash));\n } catch (error) {\n throw toCacheError(error, {\n key: this.approvalCapabilityConsumedKey(approvalRequestId, capabilityHash),\n operation: 'releaseApprovalCapabilityConsumption',\n });\n }\n }\n\n async clearApprovalCapabilityFailures(approvalRequestId: string): Promise<void> {\n try {\n await this.client.del(this.approvalCapabilityFailuresKey(approvalRequestId));\n } catch (error) {\n throw toCacheError(error, {\n key: this.approvalCapabilityFailuresKey(approvalRequestId),\n operation: 'clearApprovalCapabilityFailures',\n });\n }\n }\n\n async recordApprovalCapabilityFailure(\n approvalRequestId: string,\n ): Promise<RecordApprovalCapabilityFailureResult> {\n const key = this.approvalCapabilityFailuresKey(approvalRequestId);\n const now = new Date();\n const nowMs = now.getTime();\n const existing = await this.readJson<ApprovalCapabilityFailureRecord>(key);\n\n if (existing?.blockedUntil && Date.parse(existing.blockedUntil) > nowMs) {\n return {\n attempts: existing.attempts,\n blocked: true,\n blockedUntil: existing.blockedUntil,\n };\n }\n\n const firstFailedAtMs = existing?.firstFailedAt\n ? Date.parse(existing.firstFailedAt)\n : Number.NaN;\n const withinWindow =\n Number.isFinite(firstFailedAtMs) &&\n nowMs - firstFailedAtMs <= approvalCapabilityFailureWindowMs;\n const attempts = withinWindow && existing ? existing.attempts + 1 : 1;\n const firstFailedAt = withinWindow && existing ? existing.firstFailedAt : now.toISOString();\n const blockedUntil =\n attempts >= approvalCapabilityMaxFailures\n ? new Date(nowMs + approvalCapabilityBlockWindowMs).toISOString()\n : undefined;\n\n await this.writeJson(key, {\n attempts,\n blockedUntil,\n firstFailedAt,\n lastFailedAt: now.toISOString(),\n } satisfies ApprovalCapabilityFailureRecord);\n\n return {\n attempts,\n blocked: blockedUntil !== undefined,\n blockedUntil: blockedUntil ?? null,\n };\n }\n\n async rotateApprovalCapability(approvalRequestId: string): Promise<RelayApprovalRequestRecord> {\n const key = this.approvalKey(approvalRequestId);\n const approval = await this.readJson<RelayApprovalRequestRecord>(key);\n\n if (!approval) {\n throw new CacheError({\n code: cacheErrorCodes.notFound,\n key,\n message: `Unknown approval '${approvalRequestId}'`,\n operation: 'rotateApprovalCapability',\n });\n }\n\n if (approval.status !== 'pending') {\n throw new CacheError({\n code: cacheErrorCodes.invalidPayload,\n key,\n message: `Approval '${approvalRequestId}' is '${approval.status}' and cannot accept a new secure approval link`,\n operation: 'rotateApprovalCapability',\n });\n }\n\n const capabilityToken = createApprovalCapabilityToken();\n const nextRecord: RelayApprovalRequestRecord = {\n ...approval,\n metadata: {\n ...(approval.metadata ?? {}),\n approvalCapabilityHash: approvalCapabilityHash(capabilityToken),\n approvalCapabilityToken: capabilityToken,\n },\n updatedAt: toIsoTimestamp(),\n };\n\n await this.writeJson(key, nextRecord);\n await this.clearApprovalCapabilityFailures(approvalRequestId);\n\n return nextRecord;\n }\n\n async claimEncryptedUpdates(\n input: ClaimEncryptedUpdatesInput,\n ): Promise<RelayEncryptedUpdateRecord[]> {\n const limit = clampLimit(input.limit, 25, 100);\n const leaseSeconds = clampLimit(input.leaseSeconds, 30, 300);\n const now = new Date();\n const nowMs = now.getTime();\n const claimUntil = new Date(nowMs + leaseSeconds * 1000).toISOString();\n const updateIds = await this.client.zrange(\n this.daemonUpdatesKey(input.daemonId),\n 0,\n limit * 4,\n 'REV',\n );\n const claimed: RelayEncryptedUpdateRecord[] = [];\n\n for (const updateId of updateIds) {\n if (claimed.length >= limit) {\n break;\n }\n\n const claimLockKey = this.updateClaimLockKey(updateId);\n let ownsClaimLock = false;\n\n try {\n const reserved = await this.client.set(claimLockKey, claimUntil, 'NX');\n if (reserved !== 'OK') {\n const existingClaimLockUntil = await this.client.get(claimLockKey);\n if (\n existingClaimLockUntil &&\n Number.isFinite(Date.parse(existingClaimLockUntil)) &&\n Date.parse(existingClaimLockUntil) > nowMs\n ) {\n continue;\n }\n\n await this.client.del(claimLockKey);\n const retriedReservation = await this.client.set(claimLockKey, claimUntil, 'NX');\n if (retriedReservation !== 'OK') {\n continue;\n }\n }\n\n ownsClaimLock = true;\n\n const record = await this.readJson<RelayEncryptedUpdateRecord>(this.updateKey(updateId));\n if (!record) {\n continue;\n }\n\n if (\n record.status === 'applied' ||\n record.status === 'failed' ||\n record.status === 'rejected'\n ) {\n continue;\n }\n\n if (\n record.status === 'inflight' &&\n record.claimUntil &&\n Date.parse(record.claimUntil) > nowMs\n ) {\n continue;\n }\n\n const nextRecord: RelayEncryptedUpdateRecord = {\n ...record,\n claimToken: randomUUID(),\n claimUntil,\n lastDeliveredAt: now.toISOString(),\n status: 'inflight',\n updatedAt: now.toISOString(),\n };\n await this.writeJson(this.updateKey(updateId), nextRecord);\n claimed.push(nextRecord);\n } finally {\n if (ownsClaimLock) {\n await this.client.del(claimLockKey);\n }\n }\n }\n\n return claimed;\n }\n\n async submitUpdateFeedback(\n input: SubmitUpdateFeedbackInput,\n ): Promise<RelayEncryptedUpdateRecord> {\n const key = this.updateKey(input.updateId);\n const record = await this.readJson<RelayEncryptedUpdateRecord>(key);\n\n if (!record || record.daemonId !== input.daemonId) {\n throw new CacheError({\n code: cacheErrorCodes.notFound,\n key,\n message: `Unknown update '${input.updateId}' for daemon '${input.daemonId}'`,\n operation: 'submitUpdateFeedback',\n });\n }\n\n if (!record.claimToken || record.claimToken !== input.claimToken) {\n throw new CacheError({\n code: cacheErrorCodes.invalidPayload,\n key,\n message: `Claim token mismatch for update '${input.updateId}'`,\n operation: 'submitUpdateFeedback',\n });\n }\n\n const feedback: RelayUpdateFeedbackRecord = {\n daemonId: input.daemonId,\n details: input.details,\n feedbackAt: toIsoTimestamp(),\n message: input.message,\n status: input.status,\n updateId: input.updateId,\n };\n const nextRecord: RelayEncryptedUpdateRecord = {\n ...record,\n claimToken: undefined,\n claimUntil: undefined,\n feedback,\n status: input.status,\n updatedAt: toIsoTimestamp(),\n };\n\n await this.writeJson(key, nextRecord);\n if (record.targetApprovalRequestId && record.type === 'manual_approval_decision') {\n const activeApprovalKey = this.activeApprovalUpdateKey(record.targetApprovalRequestId);\n const indexedUpdateId = await this.client.get(activeApprovalKey);\n if (indexedUpdateId === input.updateId) {\n await this.client.del(activeApprovalKey);\n }\n }\n return nextRecord;\n }\n\n async getEncryptedUpdate(updateId: string): Promise<RelayEncryptedUpdateRecord | null> {\n return await this.readJson<RelayEncryptedUpdateRecord>(this.updateKey(updateId));\n }\n\n async removeEncryptedUpdate(daemonId: string, updateId: string): Promise<void> {\n const key = this.updateKey(updateId);\n const record = await this.readJson<RelayEncryptedUpdateRecord>(key);\n if (!record || record.daemonId !== daemonId) {\n throw new CacheError({\n code: cacheErrorCodes.notFound,\n key,\n message: `Unknown update '${updateId}' for daemon '${daemonId}'`,\n operation: 'removeEncryptedUpdate',\n });\n }\n\n await this.client.zrem(this.daemonUpdatesKey(daemonId), updateId);\n await this.client.del(key);\n if (record.targetApprovalRequestId && record.type === 'manual_approval_decision') {\n const activeApprovalKey = this.activeApprovalUpdateKey(record.targetApprovalRequestId);\n const indexedUpdateId = await this.client.get(activeApprovalKey);\n if (indexedUpdateId === updateId) {\n await this.client.del(activeApprovalKey);\n }\n }\n }\n\n private readonly daemonIndexKey = (): string => `${this.namespace}:daemons`;\n private readonly daemonProfileKey = (daemonId: string): string =>\n `${this.namespace}:daemon:${daemonId}:profile`;\n private readonly daemonPoliciesKey = (daemonId: string): string =>\n `${this.namespace}:daemon:${daemonId}:policies`;\n private readonly daemonAgentKeysKey = (daemonId: string): string =>\n `${this.namespace}:daemon:${daemonId}:agent-keys`;\n private readonly daemonApprovalsKey = (daemonId: string): string =>\n `${this.namespace}:daemon:${daemonId}:approvals`;\n private readonly daemonUpdatesKey = (daemonId: string): string =>\n `${this.namespace}:daemon:${daemonId}:updates`;\n private readonly approvalKey = (approvalRequestId: string): string =>\n `${this.namespace}:approval:${approvalRequestId}`;\n private readonly approvalCapabilityConsumedKey = (\n approvalRequestId: string,\n capabilityHash: string,\n ): string =>\n `${this.namespace}:approval:${approvalRequestId}:capability:${capabilityHash}:consumed`;\n private readonly approvalCapabilityFailuresKey = (approvalRequestId: string): string =>\n `${this.namespace}:approval:${approvalRequestId}:capability-failures`;\n private readonly activeApprovalUpdateKey = (approvalRequestId: string): string =>\n `${this.namespace}:approval:${approvalRequestId}:active-update`;\n private readonly updateClaimLockKey = (updateId: string): string =>\n `${this.namespace}:update:${updateId}:claim-lock`;\n private readonly updateKey = (updateId: string): string => `${this.namespace}:update:${updateId}`;\n\n private async readJson<T>(key: string): Promise<T | null> {\n try {\n const payload = await this.client.get(key);\n if (payload === null) {\n return null;\n }\n\n return JSON.parse(payload) as T;\n } catch (error) {\n throw toCacheError(error, { key, operation: 'readJson' });\n }\n }\n\n private async writeJson(key: string, value: unknown): Promise<void> {\n try {\n await this.client.set(key, JSON.stringify(value));\n } catch (error) {\n throw toCacheError(error, { key, operation: 'writeJson' });\n }\n }\n}\n\nexport const createRelayCacheService = (options: { client?: Redis; namespace?: string } = {}) => {\n return new RelayCacheService(options);\n};\n"]}
|