@zuplo/runtime 6.70.23 → 6.70.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/out/esm/{chunk-RQLHORT4.js → chunk-BOEEWEWW.js} +3 -3
  2. package/out/esm/{chunk-RQLHORT4.js.map → chunk-BOEEWEWW.js.map} +1 -1
  3. package/out/esm/index.js +1 -1
  4. package/out/esm/mcp-gateway/index.js +14 -15
  5. package/out/esm/mcp-gateway/index.js.map +1 -1
  6. package/out/types/index.d.ts +11 -3
  7. package/package.json +1 -1
  8. /package/out/esm/{chunk-RQLHORT4.js.LEGAL.txt → chunk-BOEEWEWW.js.LEGAL.txt} +0 -0
package/out/esm/mcp-gateway/index.js CHANGED
@@ -22,14 +22,14 @@
22
22
  * DEALINGS IN THE SOFTWARE.
23
23
  *--------------------------------------------------------------------------------------------*/
24
24
 
25
- import{$ as ge,H as Hp,I as tc,J as Rv,K as Lp,L as f,M as Bp,N as ee,O as ae,P as Gp,Q as Vp,R as we,S as C,T as I,U as Ce,V as me,W as rc,X as nc,Y as ue,Z as nt,_ as O,a as sr,aa as Fp,b as jp,ba as oc,ca as Zp,da as Kp,ea as u,fa as ie,j as uo,k as Dp,q as ec,z as Dt}from"../chunk-RQLHORT4.js";import{d as lo}from"../chunk-GDWI24KD.js";import{a as K}from"../chunk-NW4YQXGC.js";import{X as qa,Y as jt,Z as Np,a as o,c as x,e as qp}from"../chunk-JAEQKE5H.js";var Io=x(te=>{"use strict";Object.defineProperty(te,"__esModule",{value:!0});te.regexpCode=te.getEsmExportName=te.getProperty=te.safeStringify=te.stringify=te.strConcat=te.addCodeArg=te.str=te._=te.nil=te._Code=te.Name=te.IDENTIFIER=te._CodeOrName=void 0;var Ro=class{static{o(this,"_CodeOrName")}};te._CodeOrName=Ro;te.IDENTIFIER=/^[a-z$_][a-z$_0-9]*$/i;var Mr=class extends Ro{static{o(this,"Name")}constructor(t){if(super(),!te.IDENTIFIER.test(t))throw new Error("CodeGen: name must be a valid identifier");this.str=t}toString(){return this.str}emptyStr(){return!1}get names(){return{[this.str]:1}}};te.Name=Mr;var ut=class extends Ro{static{o(this,"_Code")}constructor(t){super(),this._items=typeof t=="string"?[t]:t}toString(){return this.str}emptyStr(){if(this._items.length>1)return!1;let t=this._items[0];return t===""||t==='""'}get str(){var t;return(t=this._str)!==null&&t!==void 0?t:this._str=this._items.reduce((r,n)=>`${r}${n}`,"")}get names(){var t;return(t=this._names)!==null&&t!==void 0?t:this._names=this._items.reduce((r,n)=>(n instanceof Mr&&(r[n.str]=(r[n.str]||0)+1),r),{})}};te._Code=ut;te.nil=new ut("");function pm(e,...t){let r=[e[0]],n=0;for(;n<t.length;)Nc(r,t[n]),r.push(e[++n]);return new ut(r)}o(pm,"_");te._=pm;var qc=new ut("+");function mm(e,...t){let r=[Co(e[0])],n=0;for(;n<t.length;)r.push(qc),Nc(r,t[n]),r.push(qc,Co(e[++n]));return Kb(r),new ut(r)}o(mm,"str");te.str=mm;function Nc(e,t){t instanceof ut?e.push(...t._items):t instanceof Mr?e.push(t):e.push(Yb(t))}o(Nc,"addCodeArg");te.addCodeArg=Nc;function Kb(e){let t=1;for(;t<e.length-1;){if(e[t]===qc){let r=Wb(e[t-1],e[t+1]);if(r!==void 0){e.splice(t-1,3,r);continue}e[t++]="+"}t++}}o(Kb,"optimize");function Wb(e,t){if(t==='""')return e;if(e==='""')return t;if(typeof e=="string")return t instanceof Mr||e[e.length-1]!=='"'?void 0:typeof t!="string"?`${e.slice(0,-1)}${t}"`:t[0]==='"'?e.slice(0,-1)+t.slice(1):void 0;if(typeof t=="string"&&t[0]==='"'&&!(e instanceof Mr))return`"${e}${t.slice(1)}`}o(Wb,"mergeExprItems");function Jb(e,t){return t.emptyStr()?e:e.emptyStr()?t:mm`${e}${t}`}o(Jb,"strConcat");te.strConcat=Jb;function Yb(e){return typeof e=="number"||typeof e=="boolean"||e===null?e:Co(Array.isArray(e)?e.join(","):e)}o(Yb,"interpolate");function Qb(e){return new ut(Co(e))}o(Qb,"stringify");te.stringify=Qb;function Co(e){return JSON.stringify(e).replace(/\u2028/g,"\\u2028").replace(/\u2029/g,"\\u2029")}o(Co,"safeStringify");te.safeStringify=Co;function Xb(e){return typeof e=="string"&&te.IDENTIFIER.test(e)?new ut(`.${e}`):pm`[${e}]`}o(Xb,"getProperty");te.getProperty=Xb;function eR(e){if(typeof e=="string"&&te.IDENTIFIER.test(e))return new ut(`${e}`);throw new Error(`CodeGen: invalid export name: ${e}, use explicit $id name mapping`)}o(eR,"getEsmExportName");te.getEsmExportName=eR;function tR(e){return new ut(e.toString())}o(tR,"regexpCode");te.regexpCode=tR});var Hc=x(We=>{"use strict";Object.defineProperty(We,"__esModule",{value:!0});We.ValueScope=We.ValueScopeName=We.Scope=We.varKinds=We.UsedValueState=void 0;var Ke=Io(),jc=class extends Error{static{o(this,"ValueError")}constructor(t){super(`CodeGen: "code" for ${t} not defined`),this.value=t.value}},Xa;(function(e){e[e.Started=0]="Started",e[e.Completed=1]="Completed"})(Xa||(We.UsedValueState=Xa={}));We.varKinds={const:new Ke.Name("const"),let:new Ke.Name("let"),var:new Ke.Name("var")};var ei=class{static{o(this,"Scope")}constructor({prefixes:t,parent:r}={}){this._names={},this._prefixes=t,this._parent=r}toName(t){return t instanceof Ke.Name?t:this.name(t)}name(t){return new Ke.Name(this._newName(t))}_newName(t){let r=this._names[t]||this._nameGroup(t);return`${t}${r.index++}`}_nameGroup(t){var r,n;if(!((n=(r=this._parent)===null||r===void 0?void 0:r._prefixes)===null||n===void 0)&&n.has(t)||this._prefixes&&!this._prefixes.has(t))throw new Error(`CodeGen: prefix "${t}" is not allowed in this scope`);return this._names[t]={prefix:t,index:0}}};We.Scope=ei;var ti=class extends Ke.Name{static{o(this,"ValueScopeName")}constructor(t,r){super(r),this.prefix=t}setValue(t,{property:r,itemIndex:n}){this.value=t,this.scopePath=(0,Ke._)`.${new Ke.Name(r)}[${n}]`}};We.ValueScopeName=ti;var rR=(0,Ke._)`\n`,Dc=class extends ei{static{o(this,"ValueScope")}constructor(t){super(t),this._values={},this._scope=t.scope,this.opts={...t,_n:t.lines?rR:Ke.nil}}get(){return this._scope}name(t){return new ti(t,this._newName(t))}value(t,r){var n;if(r.ref===void 0)throw new Error("CodeGen: ref must be passed in value");let a=this.toName(t),{prefix:i}=a,s=(n=r.key)!==null&&n!==void 0?n:r.ref,c=this._values[i];if(c){let l=c.get(s);if(l)return l}else c=this._values[i]=new Map;c.set(s,a);let d=this._scope[i]||(this._scope[i]=[]),p=d.length;return d[p]=r.ref,a.setValue(r,{property:i,itemIndex:p}),a}getValue(t,r){let n=this._values[t];if(n)return n.get(r)}scopeRefs(t,r=this._values){return this._reduceValues(r,n=>{if(n.scopePath===void 0)throw new Error(`CodeGen: name "${n}" has no value`);return(0,Ke._)`${t}${n.scopePath}`})}scopeCode(t=this._values,r,n){return this._reduceValues(t,a=>{if(a.value===void 0)throw new Error(`CodeGen: name "${a}" has no value`);return a.value.code},r,n)}_reduceValues(t,r,n={},a){let i=Ke.nil;for(let s in t){let c=t[s];if(!c)continue;let d=n[s]=n[s]||new Map;c.forEach(p=>{if(d.has(p))return;d.set(p,Xa.Started);let l=r(p);if(l){let m=this.opts.es5?We.varKinds.var:We.varKinds.const;i=(0,Ke._)`${i}${m} ${p} = ${l};${this.opts._n}`}else if(l=a?.(p))i=(0,Ke._)`${i}${l}${this.opts._n}`;else throw new jc(p);d.set(p,Xa.Completed)})}return i}};We.ValueScope=Dc});var F=x(Z=>{"use strict";Object.defineProperty(Z,"__esModule",{value:!0});Z.or=Z.and=Z.not=Z.CodeGen=Z.operators=Z.varKinds=Z.ValueScopeName=Z.ValueScope=Z.Scope=Z.Name=Z.regexpCode=Z.stringify=Z.getProperty=Z.nil=Z.strConcat=Z.str=Z._=void 0;var Y=Io(),_t=Hc(),gr=Io();Object.defineProperty(Z,"_",{enumerable:!0,get:o(function(){return gr._},"get")});Object.defineProperty(Z,"str",{enumerable:!0,get:o(function(){return gr.str},"get")});Object.defineProperty(Z,"strConcat",{enumerable:!0,get:o(function(){return gr.strConcat},"get")});Object.defineProperty(Z,"nil",{enumerable:!0,get:o(function(){return gr.nil},"get")});Object.defineProperty(Z,"getProperty",{enumerable:!0,get:o(function(){return gr.getProperty},"get")});Object.defineProperty(Z,"stringify",{enumerable:!0,get:o(function(){return gr.stringify},"get")});Object.defineProperty(Z,"regexpCode",{enumerable:!0,get:o(function(){return gr.regexpCode},"get")});Object.defineProperty(Z,"Name",{enumerable:!0,get:o(function(){return gr.Name},"get")});var ai=Hc();Object.defineProperty(Z,"Scope",{enumerable:!0,get:o(function(){return ai.Scope},"get")});Object.defineProperty(Z,"ValueScope",{enumerable:!0,get:o(function(){return ai.ValueScope},"get")});Object.defineProperty(Z,"ValueScopeName",{enumerable:!0,get:o(function(){return ai.ValueScopeName},"get")});Object.defineProperty(Z,"varKinds",{enumerable:!0,get:o(function(){return ai.varKinds},"get")});Z.operators={GT:new Y._Code(">"),GTE:new Y._Code(">="),LT:new Y._Code("<"),LTE:new Y._Code("<="),EQ:new Y._Code("==="),NEQ:new Y._Code("!=="),NOT:new Y._Code("!"),OR:new Y._Code("||"),AND:new Y._Code("&&"),ADD:new Y._Code("+")};var Gt=class{static{o(this,"Node")}optimizeNodes(){return this}optimizeNames(t,r){return this}},Lc=class extends Gt{static{o(this,"Def")}constructor(t,r,n){super(),this.varKind=t,this.name=r,this.rhs=n}render({es5:t,_n:r}){let n=t?_t.varKinds.var:this.varKind,a=this.rhs===void 0?"":` = ${this.rhs}`;return`${n} ${this.name}${a};`+r}optimizeNames(t,r){if(t[this.name.str])return this.rhs&&(this.rhs=Sn(this.rhs,t,r)),this}get names(){return this.rhs instanceof Y._CodeOrName?this.rhs.names:{}}},ri=class extends Gt{static{o(this,"Assign")}constructor(t,r,n){super(),this.lhs=t,this.rhs=r,this.sideEffects=n}render({_n:t}){return`${this.lhs} = ${this.rhs};`+t}optimizeNames(t,r){if(!(this.lhs instanceof Y.Name&&!t[this.lhs.str]&&!this.sideEffects))return this.rhs=Sn(this.rhs,t,r),this}get names(){let t=this.lhs instanceof Y.Name?{}:{...this.lhs.names};return oi(t,this.rhs)}},Bc=class extends ri{static{o(this,"AssignOp")}constructor(t,r,n,a){super(t,n,a),this.op=r}render({_n:t}){return`${this.lhs} ${this.op}= ${this.rhs};`+t}},Gc=class extends Gt{static{o(this,"Label")}constructor(t){super(),this.label=t,this.names={}}render({_n:t}){return`${this.label}:`+t}},Vc=class extends Gt{static{o(this,"Break")}constructor(t){super(),this.label=t,this.names={}}render({_n:t}){return`break${this.label?` ${this.label}`:""};`+t}},Fc=class extends Gt{static{o(this,"Throw")}constructor(t){super(),this.error=t}render({_n:t}){return`throw ${this.error};`+t}get names(){return this.error.names}},Zc=class extends Gt{static{o(this,"AnyCode")}constructor(t){super(),this.code=t}render({_n:t}){return`${this.code};`+t}optimizeNodes(){return`${this.code}`?this:void 0}optimizeNames(t,r){return this.code=Sn(this.code,t,r),this}get names(){return this.code instanceof Y._CodeOrName?this.code.names:{}}},Po=class extends Gt{static{o(this,"ParentNode")}constructor(t=[]){super(),this.nodes=t}render(t){return this.nodes.reduce((r,n)=>r+n.render(t),"")}optimizeNodes(){let{nodes:t}=this,r=t.length;for(;r--;){let n=t[r].optimizeNodes();Array.isArray(n)?t.splice(r,1,...n):n?t[r]=n:t.splice(r,1)}return t.length>0?this:void 0}optimizeNames(t,r){let{nodes:n}=this,a=n.length;for(;a--;){let i=n[a];i.optimizeNames(t,r)||(nR(t,i.names),n.splice(a,1))}return n.length>0?this:void 0}get names(){return this.nodes.reduce((t,r)=>jr(t,r.names),{})}},Vt=class extends Po{static{o(this,"BlockNode")}render(t){return"{"+t._n+super.render(t)+"}"+t._n}},Kc=class extends Po{static{o(this,"Root")}},yn=class extends Vt{static{o(this,"Else")}};yn.kind="else";var qr=class e extends Vt{static{o(this,"If")}constructor(t,r){super(r),this.condition=t}render(t){let r=`if(${this.condition})`+super.render(t);return this.else&&(r+="else "+this.else.render(t)),r}optimizeNodes(){super.optimizeNodes();let t=this.condition;if(t===!0)return this.nodes;let r=this.else;if(r){let n=r.optimizeNodes();r=this.else=Array.isArray(n)?new yn(n):n}if(r)return t===!1?r instanceof e?r:r.nodes:this.nodes.length?this:new e(fm(t),r instanceof e?[r]:r.nodes);if(!(t===!1||!this.nodes.length))return this}optimizeNames(t,r){var n;if(this.else=(n=this.else)===null||n===void 0?void 0:n.optimizeNames(t,r),!!(super.optimizeNames(t,r)||this.else))return this.condition=Sn(this.condition,t,r),this}get names(){let t=super.names;return oi(t,this.condition),this.else&&jr(t,this.else.names),t}};qr.kind="if";var Nr=class extends Vt{static{o(this,"For")}};Nr.kind="for";var Wc=class extends Nr{static{o(this,"ForLoop")}constructor(t){super(),this.iteration=t}render(t){return`for(${this.iteration})`+super.render(t)}optimizeNames(t,r){if(super.optimizeNames(t,r))return this.iteration=Sn(this.iteration,t,r),this}get names(){return jr(super.names,this.iteration.names)}},Jc=class extends Nr{static{o(this,"ForRange")}constructor(t,r,n,a){super(),this.varKind=t,this.name=r,this.from=n,this.to=a}render(t){let r=t.es5?_t.varKinds.var:this.varKind,{name:n,from:a,to:i}=this;return`for(${r} ${n}=${a}; ${n}<${i}; ${n}++)`+super.render(t)}get names(){let t=oi(super.names,this.from);return oi(t,this.to)}},ni=class extends Nr{static{o(this,"ForIter")}constructor(t,r,n,a){super(),this.loop=t,this.varKind=r,this.name=n,this.iterable=a}render(t){return`for(${this.varKind} ${this.name} ${this.loop} ${this.iterable})`+super.render(t)}optimizeNames(t,r){if(super.optimizeNames(t,r))return this.iterable=Sn(this.iterable,t,r),this}get names(){return jr(super.names,this.iterable.names)}},xo=class extends Vt{static{o(this,"Func")}constructor(t,r,n){super(),this.name=t,this.args=r,this.async=n}render(t){return`${this.async?"async ":""}function ${this.name}(${this.args})`+super.render(t)}};xo.kind="func";var Ao=class extends Po{static{o(this,"Return")}render(t){return"return "+super.render(t)}};Ao.kind="return";var Yc=class extends Vt{static{o(this,"Try")}render(t){let r="try"+super.render(t);return this.catch&&(r+=this.catch.render(t)),this.finally&&(r+=this.finally.render(t)),r}optimizeNodes(){var t,r;return super.optimizeNodes(),(t=this.catch)===null||t===void 0||t.optimizeNodes(),(r=this.finally)===null||r===void 0||r.optimizeNodes(),this}optimizeNames(t,r){var n,a;return super.optimizeNames(t,r),(n=this.catch)===null||n===void 0||n.optimizeNames(t,r),(a=this.finally)===null||a===void 0||a.optimizeNames(t,r),this}get names(){let t=super.names;return this.catch&&jr(t,this.catch.names),this.finally&&jr(t,this.finally.names),t}},To=class extends Vt{static{o(this,"Catch")}constructor(t){super(),this.error=t}render(t){return`catch(${this.error})`+super.render(t)}};To.kind="catch";var ko=class extends Vt{static{o(this,"Finally")}render(t){return"finally"+super.render(t)}};ko.kind="finally";var Qc=class{static{o(this,"CodeGen")}constructor(t,r={}){this._values={},this._blockStarts=[],this._constants={},this.opts={...r,_n:r.lines?`
26
- `:""},this._extScope=t,this._scope=new _t.Scope({parent:t}),this._nodes=[new Kc]}toString(){return this._root.render(this.opts)}name(t){return this._scope.name(t)}scopeName(t){return this._extScope.name(t)}scopeValue(t,r){let n=this._extScope.value(t,r);return(this._values[n.prefix]||(this._values[n.prefix]=new Set)).add(n),n}getScopeValue(t,r){return this._extScope.getValue(t,r)}scopeRefs(t){return this._extScope.scopeRefs(t,this._values)}scopeCode(){return this._extScope.scopeCode(this._values)}_def(t,r,n,a){let i=this._scope.toName(r);return n!==void 0&&a&&(this._constants[i.str]=n),this._leafNode(new Lc(t,i,n)),i}const(t,r,n){return this._def(_t.varKinds.const,t,r,n)}let(t,r,n){return this._def(_t.varKinds.let,t,r,n)}var(t,r,n){return this._def(_t.varKinds.var,t,r,n)}assign(t,r,n){return this._leafNode(new ri(t,r,n))}add(t,r){return this._leafNode(new Bc(t,Z.operators.ADD,r))}code(t){return typeof t=="function"?t():t!==Y.nil&&this._leafNode(new Zc(t)),this}object(...t){let r=["{"];for(let[n,a]of t)r.length>1&&r.push(","),r.push(n),(n!==a||this.opts.es5)&&(r.push(":"),(0,Y.addCodeArg)(r,a));return r.push("}"),new Y._Code(r)}if(t,r,n){if(this._blockNode(new qr(t)),r&&n)this.code(r).else().code(n).endIf();else if(r)this.code(r).endIf();else if(n)throw new Error('CodeGen: "else" body without "then" body');return this}elseIf(t){return this._elseNode(new qr(t))}else(){return this._elseNode(new yn)}endIf(){return this._endBlockNode(qr,yn)}_for(t,r){return this._blockNode(t),r&&this.code(r).endFor(),this}for(t,r){return this._for(new Wc(t),r)}forRange(t,r,n,a,i=this.opts.es5?_t.varKinds.var:_t.varKinds.let){let s=this._scope.toName(t);return this._for(new Jc(i,s,r,n),()=>a(s))}forOf(t,r,n,a=_t.varKinds.const){let i=this._scope.toName(t);if(this.opts.es5){let s=r instanceof Y.Name?r:this.var("_arr",r);return this.forRange("_i",0,(0,Y._)`${s}.length`,c=>{this.var(i,(0,Y._)`${s}[${c}]`),n(i)})}return this._for(new ni("of",a,i,r),()=>n(i))}forIn(t,r,n,a=this.opts.es5?_t.varKinds.var:_t.varKinds.const){if(this.opts.ownProperties)return this.forOf(t,(0,Y._)`Object.keys(${r})`,n);let i=this._scope.toName(t);return this._for(new ni("in",a,i,r),()=>n(i))}endFor(){return this._endBlockNode(Nr)}label(t){return this._leafNode(new Gc(t))}break(t){return this._leafNode(new Vc(t))}return(t){let r=new Ao;if(this._blockNode(r),this.code(t),r.nodes.length!==1)throw new Error('CodeGen: "return" should have one node');return this._endBlockNode(Ao)}try(t,r,n){if(!r&&!n)throw new Error('CodeGen: "try" without "catch" and "finally"');let a=new Yc;if(this._blockNode(a),this.code(t),r){let i=this.name("e");this._currNode=a.catch=new To(i),r(i)}return n&&(this._currNode=a.finally=new ko,this.code(n)),this._endBlockNode(To,ko)}throw(t){return this._leafNode(new Fc(t))}block(t,r){return this._blockStarts.push(this._nodes.length),t&&this.code(t).endBlock(r),this}endBlock(t){let r=this._blockStarts.pop();if(r===void 0)throw new Error("CodeGen: not in self-balancing block");let n=this._nodes.length-r;if(n<0||t!==void 0&&n!==t)throw new Error(`CodeGen: wrong number of nodes: ${n} vs ${t} expected`);return this._nodes.length=r,this}func(t,r=Y.nil,n,a){return this._blockNode(new xo(t,r,n)),a&&this.code(a).endFunc(),this}endFunc(){return this._endBlockNode(xo)}optimize(t=1){for(;t-- >0;)this._root.optimizeNodes(),this._root.optimizeNames(this._root.names,this._constants)}_leafNode(t){return this._currNode.nodes.push(t),this}_blockNode(t){this._currNode.nodes.push(t),this._nodes.push(t)}_endBlockNode(t,r){let n=this._currNode;if(n instanceof t||r&&n instanceof r)return this._nodes.pop(),this;throw new Error(`CodeGen: not in block "${r?`${t.kind}/${r.kind}`:t.kind}"`)}_elseNode(t){let r=this._currNode;if(!(r instanceof qr))throw new Error('CodeGen: "else" without "if"');return this._currNode=r.else=t,this}get _root(){return this._nodes[0]}get _currNode(){let t=this._nodes;return t[t.length-1]}set _currNode(t){let r=this._nodes;r[r.length-1]=t}};Z.CodeGen=Qc;function jr(e,t){for(let r in t)e[r]=(e[r]||0)+(t[r]||0);return e}o(jr,"addNames");function oi(e,t){return t instanceof Y._CodeOrName?jr(e,t.names):e}o(oi,"addExprNames");function Sn(e,t,r){if(e instanceof Y.Name)return n(e);if(!a(e))return e;return new Y._Code(e._items.reduce((i,s)=>(s instanceof Y.Name&&(s=n(s)),s instanceof Y._Code?i.push(...s._items):i.push(s),i),[]));function n(i){let s=r[i.str];return s===void 0||t[i.str]!==1?i:(delete t[i.str],s)}function a(i){return i instanceof Y._Code&&i._items.some(s=>s instanceof Y.Name&&t[s.str]===1&&r[s.str]!==void 0)}}o(Sn,"optimizeExpr");function nR(e,t){for(let r in t)e[r]=(e[r]||0)-(t[r]||0)}o(nR,"subtractNames");function fm(e){return typeof e=="boolean"||typeof e=="number"||e===null?!e:(0,Y._)`!${Xc(e)}`}o(fm,"not");Z.not=fm;var oR=hm(Z.operators.AND);function aR(...e){return e.reduce(oR)}o(aR,"and");Z.and=aR;var iR=hm(Z.operators.OR);function sR(...e){return e.reduce(iR)}o(sR,"or");Z.or=sR;function hm(e){return(t,r)=>t===Y.nil?r:r===Y.nil?t:(0,Y._)`${Xc(t)} ${e} ${Xc(r)}`}o(hm,"mappend");function Xc(e){return e instanceof Y.Name?e:(0,Y._)`(${e})`}o(Xc,"par")});var re=x(W=>{"use strict";Object.defineProperty(W,"__esModule",{value:!0});W.checkStrictMode=W.getErrorPath=W.Type=W.useFunc=W.setEvaluated=W.evaluatedPropsToName=W.mergeEvaluated=W.eachItem=W.unescapeJsonPointer=W.escapeJsonPointer=W.escapeFragment=W.unescapeFragment=W.schemaRefOrVal=W.schemaHasRulesButRef=W.schemaHasRules=W.checkUnknownRules=W.alwaysValidSchema=W.toHash=void 0;var se=F(),cR=Io();function uR(e){let t={};for(let r of e)t[r]=!0;return t}o(uR,"toHash");W.toHash=uR;function dR(e,t){return typeof t=="boolean"?t:Object.keys(t).length===0?!0:(Sm(e,t),!_m(t,e.self.RULES.all))}o(dR,"alwaysValidSchema");W.alwaysValidSchema=dR;function Sm(e,t=e.schema){let{opts:r,self:n}=e;if(!r.strictSchema||typeof t=="boolean")return;let a=n.RULES.keywords;for(let i in t)a[i]||bm(e,`unknown keyword: "${i}"`)}o(Sm,"checkUnknownRules");W.checkUnknownRules=Sm;function _m(e,t){if(typeof e=="boolean")return!e;for(let r in e)if(t[r])return!0;return!1}o(_m,"schemaHasRules");W.schemaHasRules=_m;function lR(e,t){if(typeof e=="boolean")return!e;for(let r in e)if(r!=="$ref"&&t.all[r])return!0;return!1}o(lR,"schemaHasRulesButRef");W.schemaHasRulesButRef=lR;function pR({topSchemaRef:e,schemaPath:t},r,n,a){if(!a){if(typeof r=="number"||typeof r=="boolean")return r;if(typeof r=="string")return(0,se._)`${r}`}return(0,se._)`${e}${t}${(0,se.getProperty)(n)}`}o(pR,"schemaRefOrVal");W.schemaRefOrVal=pR;function mR(e){return wm(decodeURIComponent(e))}o(mR,"unescapeFragment");W.unescapeFragment=mR;function fR(e){return encodeURIComponent(tu(e))}o(fR,"escapeFragment");W.escapeFragment=fR;function tu(e){return typeof e=="number"?`${e}`:e.replace(/~/g,"~0").replace(/\//g,"~1")}o(tu,"escapeJsonPointer");W.escapeJsonPointer=tu;function wm(e){return e.replace(/~1/g,"/").replace(/~0/g,"~")}o(wm,"unescapeJsonPointer");W.unescapeJsonPointer=wm;function hR(e,t){if(Array.isArray(e))for(let r of e)t(r);else t(e)}o(hR,"eachItem");W.eachItem=hR;function gm({mergeNames:e,mergeToName:t,mergeValues:r,resultToName:n}){return(a,i,s,c)=>{let d=s===void 0?i:s instanceof se.Name?(i instanceof se.Name?e(a,i,s):t(a,i,s),s):i instanceof se.Name?(t(a,s,i),i):r(i,s);return c===se.Name&&!(d instanceof se.Name)?n(a,d):d}}o(gm,"makeMergeEvaluated");W.mergeEvaluated={props:gm({mergeNames:o((e,t,r)=>e.if((0,se._)`${r} !== true && ${t} !== undefined`,()=>{e.if((0,se._)`${t} === true`,()=>e.assign(r,!0),()=>e.assign(r,(0,se._)`${r} || {}`).code((0,se._)`Object.assign(${r}, ${t})`))}),"mergeNames"),mergeToName:o((e,t,r)=>e.if((0,se._)`${r} !== true`,()=>{t===!0?e.assign(r,!0):(e.assign(r,(0,se._)`${r} || {}`),ru(e,r,t))}),"mergeToName"),mergeValues:o((e,t)=>e===!0?!0:{...e,...t},"mergeValues"),resultToName:vm}),items:gm({mergeNames:o((e,t,r)=>e.if((0,se._)`${r} !== true && ${t} !== undefined`,()=>e.assign(r,(0,se._)`${t} === true ? true : ${r} > ${t} ? ${r} : ${t}`)),"mergeNames"),mergeToName:o((e,t,r)=>e.if((0,se._)`${r} !== true`,()=>e.assign(r,t===!0?!0:(0,se._)`${r} > ${t} ? ${r} : ${t}`)),"mergeToName"),mergeValues:o((e,t)=>e===!0?!0:Math.max(e,t),"mergeValues"),resultToName:o((e,t)=>e.var("items",t),"resultToName")})};function vm(e,t){if(t===!0)return e.var("props",!0);let r=e.var("props",(0,se._)`{}`);return t!==void 0&&ru(e,r,t),r}o(vm,"evaluatedPropsToName");W.evaluatedPropsToName=vm;function ru(e,t,r){Object.keys(r).forEach(n=>e.assign((0,se._)`${t}${(0,se.getProperty)(n)}`,!0))}o(ru,"setEvaluated");W.setEvaluated=ru;var ym={};function gR(e,t){return e.scopeValue("func",{ref:t,code:ym[t.code]||(ym[t.code]=new cR._Code(t.code))})}o(gR,"useFunc");W.useFunc=gR;var eu;(function(e){e[e.Num=0]="Num",e[e.Str=1]="Str"})(eu||(W.Type=eu={}));function yR(e,t,r){if(e instanceof se.Name){let n=t===eu.Num;return r?n?(0,se._)`"[" + ${e} + "]"`:(0,se._)`"['" + ${e} + "']"`:n?(0,se._)`"/" + ${e}`:(0,se._)`"/" + ${e}.replace(/~/g, "~0").replace(/\\//g, "~1")`}return r?(0,se.getProperty)(e).toString():"/"+tu(e)}o(yR,"getErrorPath");W.getErrorPath=yR;function bm(e,t,r=e.opts.strictSchema){if(r){if(t=`strict mode: ${t}`,r===!0)throw new Error(t);e.self.logger.warn(t)}}o(bm,"checkStrictMode");W.checkStrictMode=bm});var Ft=x(nu=>{"use strict";Object.defineProperty(nu,"__esModule",{value:!0});var Ne=F(),SR={data:new Ne.Name("data"),valCxt:new Ne.Name("valCxt"),instancePath:new Ne.Name("instancePath"),parentData:new Ne.Name("parentData"),parentDataProperty:new Ne.Name("parentDataProperty"),rootData:new Ne.Name("rootData"),dynamicAnchors:new Ne.Name("dynamicAnchors"),vErrors:new Ne.Name("vErrors"),errors:new Ne.Name("errors"),this:new Ne.Name("this"),self:new Ne.Name("self"),scope:new Ne.Name("scope"),json:new Ne.Name("json"),jsonPos:new Ne.Name("jsonPos"),jsonLen:new Ne.Name("jsonLen"),jsonPart:new Ne.Name("jsonPart")};nu.default=SR});var Eo=x(je=>{"use strict";Object.defineProperty(je,"__esModule",{value:!0});je.extendErrors=je.resetErrorsCount=je.reportExtraError=je.reportError=je.keyword$DataError=je.keywordError=void 0;var X=F(),ii=re(),Ve=Ft();je.keywordError={message:o(({keyword:e})=>(0,X.str)`must pass "${e}" keyword validation`,"message")};je.keyword$DataError={message:o(({keyword:e,schemaType:t})=>t?(0,X.str)`"${e}" keyword must be ${t} ($data)`:(0,X.str)`"${e}" keyword is invalid ($data)`,"message")};function _R(e,t=je.keywordError,r,n){let{it:a}=e,{gen:i,compositeRule:s,allErrors:c}=a,d=Im(e,t,r);n??(s||c)?Rm(i,d):Cm(a,(0,X._)`[${d}]`)}o(_R,"reportError");je.reportError=_R;function wR(e,t=je.keywordError,r){let{it:n}=e,{gen:a,compositeRule:i,allErrors:s}=n,c=Im(e,t,r);Rm(a,c),i||s||Cm(n,Ve.default.vErrors)}o(wR,"reportExtraError");je.reportExtraError=wR;function vR(e,t){e.assign(Ve.default.errors,t),e.if((0,X._)`${Ve.default.vErrors} !== null`,()=>e.if(t,()=>e.assign((0,X._)`${Ve.default.vErrors}.length`,t),()=>e.assign(Ve.default.vErrors,null)))}o(vR,"resetErrorsCount");je.resetErrorsCount=vR;function bR({gen:e,keyword:t,schemaValue:r,data:n,errsCount:a,it:i}){if(a===void 0)throw new Error("ajv implementation error");let s=e.name("err");e.forRange("i",a,Ve.default.errors,c=>{e.const(s,(0,X._)`${Ve.default.vErrors}[${c}]`),e.if((0,X._)`${s}.instancePath === undefined`,()=>e.assign((0,X._)`${s}.instancePath`,(0,X.strConcat)(Ve.default.instancePath,i.errorPath))),e.assign((0,X._)`${s}.schemaPath`,(0,X.str)`${i.errSchemaPath}/${t}`),i.opts.verbose&&(e.assign((0,X._)`${s}.schema`,r),e.assign((0,X._)`${s}.data`,n))})}o(bR,"extendErrors");je.extendErrors=bR;function Rm(e,t){let r=e.const("err",t);e.if((0,X._)`${Ve.default.vErrors} === null`,()=>e.assign(Ve.default.vErrors,(0,X._)`[${r}]`),(0,X._)`${Ve.default.vErrors}.push(${r})`),e.code((0,X._)`${Ve.default.errors}++`)}o(Rm,"addError");function Cm(e,t){let{gen:r,validateName:n,schemaEnv:a}=e;a.$async?r.throw((0,X._)`new ${e.ValidationError}(${t})`):(r.assign((0,X._)`${n}.errors`,t),r.return(!1))}o(Cm,"returnErrors");var Dr={keyword:new X.Name("keyword"),schemaPath:new X.Name("schemaPath"),params:new X.Name("params"),propertyName:new X.Name("propertyName"),message:new X.Name("message"),schema:new X.Name("schema"),parentSchema:new X.Name("parentSchema")};function Im(e,t,r){let{createErrors:n}=e.it;return n===!1?(0,X._)`{}`:RR(e,t,r)}o(Im,"errorObjectCode");function RR(e,t,r={}){let{gen:n,it:a}=e,i=[CR(a,r),IR(e,r)];return PR(e,t,i),n.object(...i)}o(RR,"errorObject");function CR({errorPath:e},{instancePath:t}){let r=t?(0,X.str)`${e}${(0,ii.getErrorPath)(t,ii.Type.Str)}`:e;return[Ve.default.instancePath,(0,X.strConcat)(Ve.default.instancePath,r)]}o(CR,"errorInstancePath");function IR({keyword:e,it:{errSchemaPath:t}},{schemaPath:r,parentSchema:n}){let a=n?t:(0,X.str)`${t}/${e}`;return r&&(a=(0,X.str)`${a}${(0,ii.getErrorPath)(r,ii.Type.Str)}`),[Dr.schemaPath,a]}o(IR,"errorSchemaPath");function PR(e,{params:t,message:r},n){let{keyword:a,data:i,schemaValue:s,it:c}=e,{opts:d,propertyName:p,topSchemaRef:l,schemaPath:m}=c;n.push([Dr.keyword,a],[Dr.params,typeof t=="function"?t(e):t||(0,X._)`{}`]),d.messages&&n.push([Dr.message,typeof r=="function"?r(e):r]),d.verbose&&n.push([Dr.schema,s],[Dr.parentSchema,(0,X._)`${l}${m}`],[Ve.default.data,i]),p&&n.push([Dr.propertyName,p])}o(PR,"extraErrorProps")});var xm=x(_n=>{"use strict";Object.defineProperty(_n,"__esModule",{value:!0});_n.boolOrEmptySchema=_n.topBoolOrEmptySchema=void 0;var xR=Eo(),AR=F(),TR=Ft(),kR={message:"boolean schema is false"};function ER(e){let{gen:t,schema:r,validateName:n}=e;r===!1?Pm(e,!1):typeof r=="object"&&r.$async===!0?t.return(TR.default.data):(t.assign((0,AR._)`${n}.errors`,null),t.return(!0))}o(ER,"topBoolOrEmptySchema");_n.topBoolOrEmptySchema=ER;function UR(e,t){let{gen:r,schema:n}=e;n===!1?(r.var(t,!1),Pm(e)):r.var(t,!0)}o(UR,"boolOrEmptySchema");_n.boolOrEmptySchema=UR;function Pm(e,t){let{gen:r,data:n}=e,a={gen:r,keyword:"false schema",data:n,schema:!1,schemaCode:!1,schemaValue:!1,params:{},it:e};(0,xR.reportError)(a,kR,void 0,t)}o(Pm,"falseSchemaError")});var ou=x(wn=>{"use strict";Object.defineProperty(wn,"__esModule",{value:!0});wn.getRules=wn.isJSONType=void 0;var OR=["string","number","integer","boolean","null","object","array"],$R=new Set(OR);function zR(e){return typeof e=="string"&&$R.has(e)}o(zR,"isJSONType");wn.isJSONType=zR;function MR(){let e={number:{type:"number",rules:[]},string:{type:"string",rules:[]},array:{type:"array",rules:[]},object:{type:"object",rules:[]}};return{types:{...e,integer:!0,boolean:!0,null:!0},rules:[{rules:[]},e.number,e.string,e.array,e.object],post:{rules:[]},all:{},keywords:{}}}o(MR,"getRules");wn.getRules=MR});var au=x(yr=>{"use strict";Object.defineProperty(yr,"__esModule",{value:!0});yr.shouldUseRule=yr.shouldUseGroup=yr.schemaHasRulesForType=void 0;function qR({schema:e,self:t},r){let n=t.RULES.types[r];return n&&n!==!0&&Am(e,n)}o(qR,"schemaHasRulesForType");yr.schemaHasRulesForType=qR;function Am(e,t){return t.rules.some(r=>Tm(e,r))}o(Am,"shouldUseGroup");yr.shouldUseGroup=Am;function Tm(e,t){var r;return e[t.keyword]!==void 0||((r=t.definition.implements)===null||r===void 0?void 0:r.some(n=>e[n]!==void 0))}o(Tm,"shouldUseRule");yr.shouldUseRule=Tm});var Uo=x(De=>{"use strict";Object.defineProperty(De,"__esModule",{value:!0});De.reportTypeError=De.checkDataTypes=De.checkDataType=De.coerceAndCheckDataType=De.getJSONTypes=De.getSchemaTypes=De.DataType=void 0;var NR=ou(),jR=au(),DR=Eo(),V=F(),km=re(),vn;(function(e){e[e.Correct=0]="Correct",e[e.Wrong=1]="Wrong"})(vn||(De.DataType=vn={}));function HR(e){let t=Em(e.type);if(t.includes("null")){if(e.nullable===!1)throw new Error("type: null contradicts nullable: false")}else{if(!t.length&&e.nullable!==void 0)throw new Error('"nullable" cannot be used without "type"');e.nullable===!0&&t.push("null")}return t}o(HR,"getSchemaTypes");De.getSchemaTypes=HR;function Em(e){let t=Array.isArray(e)?e:e?[e]:[];if(t.every(NR.isJSONType))return t;throw new Error("type must be JSONType or JSONType[]: "+t.join(","))}o(Em,"getJSONTypes");De.getJSONTypes=Em;function LR(e,t){let{gen:r,data:n,opts:a}=e,i=BR(t,a.coerceTypes),s=t.length>0&&!(i.length===0&&t.length===1&&(0,jR.schemaHasRulesForType)(e,t[0]));if(s){let c=su(t,n,a.strictNumbers,vn.Wrong);r.if(c,()=>{i.length?GR(e,t,i):cu(e)})}return s}o(LR,"coerceAndCheckDataType");De.coerceAndCheckDataType=LR;var Um=new Set(["string","number","integer","boolean","null"]);function BR(e,t){return t?e.filter(r=>Um.has(r)||t==="array"&&r==="array"):[]}o(BR,"coerceToTypes");function GR(e,t,r){let{gen:n,data:a,opts:i}=e,s=n.let("dataType",(0,V._)`typeof ${a}`),c=n.let("coerced",(0,V._)`undefined`);i.coerceTypes==="array"&&n.if((0,V._)`${s} == 'object' && Array.isArray(${a}) && ${a}.length == 1`,()=>n.assign(a,(0,V._)`${a}[0]`).assign(s,(0,V._)`typeof ${a}`).if(su(t,a,i.strictNumbers),()=>n.assign(c,a))),n.if((0,V._)`${c} !== undefined`);for(let p of r)(Um.has(p)||p==="array"&&i.coerceTypes==="array")&&d(p);n.else(),cu(e),n.endIf(),n.if((0,V._)`${c} !== undefined`,()=>{n.assign(a,c),VR(e,c)});function d(p){switch(p){case"string":n.elseIf((0,V._)`${s} == "number" || ${s} == "boolean"`).assign(c,(0,V._)`"" + ${a}`).elseIf((0,V._)`${a} === null`).assign(c,(0,V._)`""`);return;case"number":n.elseIf((0,V._)`${s} == "boolean" || ${a} === null
25
+ import{$ as ge,H as Dp,I as rc,J as wv,K as jp,L as f,M as Hp,N as ee,O as ae,P as Lp,Q as Bp,R as we,S as C,T as I,U as Ce,V as me,W as nc,X as oc,Y as ce,Z as nt,_ as O,a as ir,aa as Gp,b as qp,ba as ac,ca as Vp,da as Fp,ea as u,fa as ue,j as po,k as Np,q as ec,z as Dt}from"../chunk-BOEEWEWW.js";import{d as tc}from"../chunk-GDWI24KD.js";import{a as K}from"../chunk-NW4YQXGC.js";import{X as ln,Y as Or,Z as lo,a as o,c as x,e as Mp}from"../chunk-JAEQKE5H.js";var Po=x(te=>{"use strict";Object.defineProperty(te,"__esModule",{value:!0});te.regexpCode=te.getEsmExportName=te.getProperty=te.safeStringify=te.stringify=te.strConcat=te.addCodeArg=te.str=te._=te.nil=te._Code=te.Name=te.IDENTIFIER=te._CodeOrName=void 0;var Co=class{static{o(this,"_CodeOrName")}};te._CodeOrName=Co;te.IDENTIFIER=/^[a-z$_][a-z$_0-9]*$/i;var Mr=class extends Co{static{o(this,"Name")}constructor(t){if(super(),!te.IDENTIFIER.test(t))throw new Error("CodeGen: name must be a valid identifier");this.str=t}toString(){return this.str}emptyStr(){return!1}get names(){return{[this.str]:1}}};te.Name=Mr;var ut=class extends Co{static{o(this,"_Code")}constructor(t){super(),this._items=typeof t=="string"?[t]:t}toString(){return this.str}emptyStr(){if(this._items.length>1)return!1;let t=this._items[0];return t===""||t==='""'}get str(){var t;return(t=this._str)!==null&&t!==void 0?t:this._str=this._items.reduce((r,n)=>`${r}${n}`,"")}get names(){var t;return(t=this._names)!==null&&t!==void 0?t:this._names=this._items.reduce((r,n)=>(n instanceof Mr&&(r[n.str]=(r[n.str]||0)+1),r),{})}};te._Code=ut;te.nil=new ut("");function dm(e,...t){let r=[e[0]],n=0;for(;n<t.length;)Dc(r,t[n]),r.push(e[++n]);return new ut(r)}o(dm,"_");te._=dm;var Nc=new ut("+");function lm(e,...t){let r=[Io(e[0])],n=0;for(;n<t.length;)r.push(Nc),Dc(r,t[n]),r.push(Nc,Io(e[++n]));return Vb(r),new ut(r)}o(lm,"str");te.str=lm;function Dc(e,t){t instanceof ut?e.push(...t._items):t instanceof Mr?e.push(t):e.push(Kb(t))}o(Dc,"addCodeArg");te.addCodeArg=Dc;function Vb(e){let t=1;for(;t<e.length-1;){if(e[t]===Nc){let r=Fb(e[t-1],e[t+1]);if(r!==void 0){e.splice(t-1,3,r);continue}e[t++]="+"}t++}}o(Vb,"optimize");function Fb(e,t){if(t==='""')return e;if(e==='""')return t;if(typeof e=="string")return t instanceof Mr||e[e.length-1]!=='"'?void 0:typeof t!="string"?`${e.slice(0,-1)}${t}"`:t[0]==='"'?e.slice(0,-1)+t.slice(1):void 0;if(typeof t=="string"&&t[0]==='"'&&!(e instanceof Mr))return`"${e}${t.slice(1)}`}o(Fb,"mergeExprItems");function Zb(e,t){return t.emptyStr()?e:e.emptyStr()?t:lm`${e}${t}`}o(Zb,"strConcat");te.strConcat=Zb;function Kb(e){return typeof e=="number"||typeof e=="boolean"||e===null?e:Io(Array.isArray(e)?e.join(","):e)}o(Kb,"interpolate");function Wb(e){return new ut(Io(e))}o(Wb,"stringify");te.stringify=Wb;function Io(e){return JSON.stringify(e).replace(/\u2028/g,"\\u2028").replace(/\u2029/g,"\\u2029")}o(Io,"safeStringify");te.safeStringify=Io;function Jb(e){return typeof e=="string"&&te.IDENTIFIER.test(e)?new ut(`.${e}`):dm`[${e}]`}o(Jb,"getProperty");te.getProperty=Jb;function Yb(e){if(typeof e=="string"&&te.IDENTIFIER.test(e))return new ut(`${e}`);throw new Error(`CodeGen: invalid export name: ${e}, use explicit $id name mapping`)}o(Yb,"getEsmExportName");te.getEsmExportName=Yb;function Qb(e){return new ut(e.toString())}o(Qb,"regexpCode");te.regexpCode=Qb});var Lc=x(We=>{"use strict";Object.defineProperty(We,"__esModule",{value:!0});We.ValueScope=We.ValueScopeName=We.Scope=We.varKinds=We.UsedValueState=void 0;var Ke=Po(),jc=class extends Error{static{o(this,"ValueError")}constructor(t){super(`CodeGen: "code" for ${t} not defined`),this.value=t.value}},Xa;(function(e){e[e.Started=0]="Started",e[e.Completed=1]="Completed"})(Xa||(We.UsedValueState=Xa={}));We.varKinds={const:new Ke.Name("const"),let:new Ke.Name("let"),var:new Ke.Name("var")};var ei=class{static{o(this,"Scope")}constructor({prefixes:t,parent:r}={}){this._names={},this._prefixes=t,this._parent=r}toName(t){return t instanceof Ke.Name?t:this.name(t)}name(t){return new Ke.Name(this._newName(t))}_newName(t){let r=this._names[t]||this._nameGroup(t);return`${t}${r.index++}`}_nameGroup(t){var r,n;if(!((n=(r=this._parent)===null||r===void 0?void 0:r._prefixes)===null||n===void 0)&&n.has(t)||this._prefixes&&!this._prefixes.has(t))throw new Error(`CodeGen: prefix "${t}" is not allowed in this scope`);return this._names[t]={prefix:t,index:0}}};We.Scope=ei;var ti=class extends Ke.Name{static{o(this,"ValueScopeName")}constructor(t,r){super(r),this.prefix=t}setValue(t,{property:r,itemIndex:n}){this.value=t,this.scopePath=(0,Ke._)`.${new Ke.Name(r)}[${n}]`}};We.ValueScopeName=ti;var Xb=(0,Ke._)`\n`,Hc=class extends ei{static{o(this,"ValueScope")}constructor(t){super(t),this._values={},this._scope=t.scope,this.opts={...t,_n:t.lines?Xb:Ke.nil}}get(){return this._scope}name(t){return new ti(t,this._newName(t))}value(t,r){var n;if(r.ref===void 0)throw new Error("CodeGen: ref must be passed in value");let a=this.toName(t),{prefix:i}=a,s=(n=r.key)!==null&&n!==void 0?n:r.ref,c=this._values[i];if(c){let l=c.get(s);if(l)return l}else c=this._values[i]=new Map;c.set(s,a);let d=this._scope[i]||(this._scope[i]=[]),p=d.length;return d[p]=r.ref,a.setValue(r,{property:i,itemIndex:p}),a}getValue(t,r){let n=this._values[t];if(n)return n.get(r)}scopeRefs(t,r=this._values){return this._reduceValues(r,n=>{if(n.scopePath===void 0)throw new Error(`CodeGen: name "${n}" has no value`);return(0,Ke._)`${t}${n.scopePath}`})}scopeCode(t=this._values,r,n){return this._reduceValues(t,a=>{if(a.value===void 0)throw new Error(`CodeGen: name "${a}" has no value`);return a.value.code},r,n)}_reduceValues(t,r,n={},a){let i=Ke.nil;for(let s in t){let c=t[s];if(!c)continue;let d=n[s]=n[s]||new Map;c.forEach(p=>{if(d.has(p))return;d.set(p,Xa.Started);let l=r(p);if(l){let m=this.opts.es5?We.varKinds.var:We.varKinds.const;i=(0,Ke._)`${i}${m} ${p} = ${l};${this.opts._n}`}else if(l=a?.(p))i=(0,Ke._)`${i}${l}${this.opts._n}`;else throw new jc(p);d.set(p,Xa.Completed)})}return i}};We.ValueScope=Hc});var F=x(Z=>{"use strict";Object.defineProperty(Z,"__esModule",{value:!0});Z.or=Z.and=Z.not=Z.CodeGen=Z.operators=Z.varKinds=Z.ValueScopeName=Z.ValueScope=Z.Scope=Z.Name=Z.regexpCode=Z.stringify=Z.getProperty=Z.nil=Z.strConcat=Z.str=Z._=void 0;var Y=Po(),_t=Lc(),hr=Po();Object.defineProperty(Z,"_",{enumerable:!0,get:o(function(){return hr._},"get")});Object.defineProperty(Z,"str",{enumerable:!0,get:o(function(){return hr.str},"get")});Object.defineProperty(Z,"strConcat",{enumerable:!0,get:o(function(){return hr.strConcat},"get")});Object.defineProperty(Z,"nil",{enumerable:!0,get:o(function(){return hr.nil},"get")});Object.defineProperty(Z,"getProperty",{enumerable:!0,get:o(function(){return hr.getProperty},"get")});Object.defineProperty(Z,"stringify",{enumerable:!0,get:o(function(){return hr.stringify},"get")});Object.defineProperty(Z,"regexpCode",{enumerable:!0,get:o(function(){return hr.regexpCode},"get")});Object.defineProperty(Z,"Name",{enumerable:!0,get:o(function(){return hr.Name},"get")});var ai=Lc();Object.defineProperty(Z,"Scope",{enumerable:!0,get:o(function(){return ai.Scope},"get")});Object.defineProperty(Z,"ValueScope",{enumerable:!0,get:o(function(){return ai.ValueScope},"get")});Object.defineProperty(Z,"ValueScopeName",{enumerable:!0,get:o(function(){return ai.ValueScopeName},"get")});Object.defineProperty(Z,"varKinds",{enumerable:!0,get:o(function(){return ai.varKinds},"get")});Z.operators={GT:new Y._Code(">"),GTE:new Y._Code(">="),LT:new Y._Code("<"),LTE:new Y._Code("<="),EQ:new Y._Code("==="),NEQ:new Y._Code("!=="),NOT:new Y._Code("!"),OR:new Y._Code("||"),AND:new Y._Code("&&"),ADD:new Y._Code("+")};var Bt=class{static{o(this,"Node")}optimizeNodes(){return this}optimizeNames(t,r){return this}},Bc=class extends Bt{static{o(this,"Def")}constructor(t,r,n){super(),this.varKind=t,this.name=r,this.rhs=n}render({es5:t,_n:r}){let n=t?_t.varKinds.var:this.varKind,a=this.rhs===void 0?"":` = ${this.rhs}`;return`${n} ${this.name}${a};`+r}optimizeNames(t,r){if(t[this.name.str])return this.rhs&&(this.rhs=_n(this.rhs,t,r)),this}get names(){return this.rhs instanceof Y._CodeOrName?this.rhs.names:{}}},ri=class extends Bt{static{o(this,"Assign")}constructor(t,r,n){super(),this.lhs=t,this.rhs=r,this.sideEffects=n}render({_n:t}){return`${this.lhs} = ${this.rhs};`+t}optimizeNames(t,r){if(!(this.lhs instanceof Y.Name&&!t[this.lhs.str]&&!this.sideEffects))return this.rhs=_n(this.rhs,t,r),this}get names(){let t=this.lhs instanceof Y.Name?{}:{...this.lhs.names};return oi(t,this.rhs)}},Gc=class extends ri{static{o(this,"AssignOp")}constructor(t,r,n,a){super(t,n,a),this.op=r}render({_n:t}){return`${this.lhs} ${this.op}= ${this.rhs};`+t}},Vc=class extends Bt{static{o(this,"Label")}constructor(t){super(),this.label=t,this.names={}}render({_n:t}){return`${this.label}:`+t}},Fc=class extends Bt{static{o(this,"Break")}constructor(t){super(),this.label=t,this.names={}}render({_n:t}){return`break${this.label?` ${this.label}`:""};`+t}},Zc=class extends Bt{static{o(this,"Throw")}constructor(t){super(),this.error=t}render({_n:t}){return`throw ${this.error};`+t}get names(){return this.error.names}},Kc=class extends Bt{static{o(this,"AnyCode")}constructor(t){super(),this.code=t}render({_n:t}){return`${this.code};`+t}optimizeNodes(){return`${this.code}`?this:void 0}optimizeNames(t,r){return this.code=_n(this.code,t,r),this}get names(){return this.code instanceof Y._CodeOrName?this.code.names:{}}},xo=class extends Bt{static{o(this,"ParentNode")}constructor(t=[]){super(),this.nodes=t}render(t){return this.nodes.reduce((r,n)=>r+n.render(t),"")}optimizeNodes(){let{nodes:t}=this,r=t.length;for(;r--;){let n=t[r].optimizeNodes();Array.isArray(n)?t.splice(r,1,...n):n?t[r]=n:t.splice(r,1)}return t.length>0?this:void 0}optimizeNames(t,r){let{nodes:n}=this,a=n.length;for(;a--;){let i=n[a];i.optimizeNames(t,r)||(eR(t,i.names),n.splice(a,1))}return n.length>0?this:void 0}get names(){return this.nodes.reduce((t,r)=>Dr(t,r.names),{})}},Gt=class extends xo{static{o(this,"BlockNode")}render(t){return"{"+t._n+super.render(t)+"}"+t._n}},Wc=class extends xo{static{o(this,"Root")}},Sn=class extends Gt{static{o(this,"Else")}};Sn.kind="else";var qr=class e extends Gt{static{o(this,"If")}constructor(t,r){super(r),this.condition=t}render(t){let r=`if(${this.condition})`+super.render(t);return this.else&&(r+="else "+this.else.render(t)),r}optimizeNodes(){super.optimizeNodes();let t=this.condition;if(t===!0)return this.nodes;let r=this.else;if(r){let n=r.optimizeNodes();r=this.else=Array.isArray(n)?new Sn(n):n}if(r)return t===!1?r instanceof e?r:r.nodes:this.nodes.length?this:new e(pm(t),r instanceof e?[r]:r.nodes);if(!(t===!1||!this.nodes.length))return this}optimizeNames(t,r){var n;if(this.else=(n=this.else)===null||n===void 0?void 0:n.optimizeNames(t,r),!!(super.optimizeNames(t,r)||this.else))return this.condition=_n(this.condition,t,r),this}get names(){let t=super.names;return oi(t,this.condition),this.else&&Dr(t,this.else.names),t}};qr.kind="if";var Nr=class extends Gt{static{o(this,"For")}};Nr.kind="for";var Jc=class extends Nr{static{o(this,"ForLoop")}constructor(t){super(),this.iteration=t}render(t){return`for(${this.iteration})`+super.render(t)}optimizeNames(t,r){if(super.optimizeNames(t,r))return this.iteration=_n(this.iteration,t,r),this}get names(){return Dr(super.names,this.iteration.names)}},Yc=class extends Nr{static{o(this,"ForRange")}constructor(t,r,n,a){super(),this.varKind=t,this.name=r,this.from=n,this.to=a}render(t){let r=t.es5?_t.varKinds.var:this.varKind,{name:n,from:a,to:i}=this;return`for(${r} ${n}=${a}; ${n}<${i}; ${n}++)`+super.render(t)}get names(){let t=oi(super.names,this.from);return oi(t,this.to)}},ni=class extends Nr{static{o(this,"ForIter")}constructor(t,r,n,a){super(),this.loop=t,this.varKind=r,this.name=n,this.iterable=a}render(t){return`for(${this.varKind} ${this.name} ${this.loop} ${this.iterable})`+super.render(t)}optimizeNames(t,r){if(super.optimizeNames(t,r))return this.iterable=_n(this.iterable,t,r),this}get names(){return Dr(super.names,this.iterable.names)}},Ao=class extends Gt{static{o(this,"Func")}constructor(t,r,n){super(),this.name=t,this.args=r,this.async=n}render(t){return`${this.async?"async ":""}function ${this.name}(${this.args})`+super.render(t)}};Ao.kind="func";var ko=class extends xo{static{o(this,"Return")}render(t){return"return "+super.render(t)}};ko.kind="return";var Qc=class extends Gt{static{o(this,"Try")}render(t){let r="try"+super.render(t);return this.catch&&(r+=this.catch.render(t)),this.finally&&(r+=this.finally.render(t)),r}optimizeNodes(){var t,r;return super.optimizeNodes(),(t=this.catch)===null||t===void 0||t.optimizeNodes(),(r=this.finally)===null||r===void 0||r.optimizeNodes(),this}optimizeNames(t,r){var n,a;return super.optimizeNames(t,r),(n=this.catch)===null||n===void 0||n.optimizeNames(t,r),(a=this.finally)===null||a===void 0||a.optimizeNames(t,r),this}get names(){let t=super.names;return this.catch&&Dr(t,this.catch.names),this.finally&&Dr(t,this.finally.names),t}},To=class extends Gt{static{o(this,"Catch")}constructor(t){super(),this.error=t}render(t){return`catch(${this.error})`+super.render(t)}};To.kind="catch";var Eo=class extends Gt{static{o(this,"Finally")}render(t){return"finally"+super.render(t)}};Eo.kind="finally";var Xc=class{static{o(this,"CodeGen")}constructor(t,r={}){this._values={},this._blockStarts=[],this._constants={},this.opts={...r,_n:r.lines?`
26
+ `:""},this._extScope=t,this._scope=new _t.Scope({parent:t}),this._nodes=[new Wc]}toString(){return this._root.render(this.opts)}name(t){return this._scope.name(t)}scopeName(t){return this._extScope.name(t)}scopeValue(t,r){let n=this._extScope.value(t,r);return(this._values[n.prefix]||(this._values[n.prefix]=new Set)).add(n),n}getScopeValue(t,r){return this._extScope.getValue(t,r)}scopeRefs(t){return this._extScope.scopeRefs(t,this._values)}scopeCode(){return this._extScope.scopeCode(this._values)}_def(t,r,n,a){let i=this._scope.toName(r);return n!==void 0&&a&&(this._constants[i.str]=n),this._leafNode(new Bc(t,i,n)),i}const(t,r,n){return this._def(_t.varKinds.const,t,r,n)}let(t,r,n){return this._def(_t.varKinds.let,t,r,n)}var(t,r,n){return this._def(_t.varKinds.var,t,r,n)}assign(t,r,n){return this._leafNode(new ri(t,r,n))}add(t,r){return this._leafNode(new Gc(t,Z.operators.ADD,r))}code(t){return typeof t=="function"?t():t!==Y.nil&&this._leafNode(new Kc(t)),this}object(...t){let r=["{"];for(let[n,a]of t)r.length>1&&r.push(","),r.push(n),(n!==a||this.opts.es5)&&(r.push(":"),(0,Y.addCodeArg)(r,a));return r.push("}"),new Y._Code(r)}if(t,r,n){if(this._blockNode(new qr(t)),r&&n)this.code(r).else().code(n).endIf();else if(r)this.code(r).endIf();else if(n)throw new Error('CodeGen: "else" body without "then" body');return this}elseIf(t){return this._elseNode(new qr(t))}else(){return this._elseNode(new Sn)}endIf(){return this._endBlockNode(qr,Sn)}_for(t,r){return this._blockNode(t),r&&this.code(r).endFor(),this}for(t,r){return this._for(new Jc(t),r)}forRange(t,r,n,a,i=this.opts.es5?_t.varKinds.var:_t.varKinds.let){let s=this._scope.toName(t);return this._for(new Yc(i,s,r,n),()=>a(s))}forOf(t,r,n,a=_t.varKinds.const){let i=this._scope.toName(t);if(this.opts.es5){let s=r instanceof Y.Name?r:this.var("_arr",r);return this.forRange("_i",0,(0,Y._)`${s}.length`,c=>{this.var(i,(0,Y._)`${s}[${c}]`),n(i)})}return this._for(new ni("of",a,i,r),()=>n(i))}forIn(t,r,n,a=this.opts.es5?_t.varKinds.var:_t.varKinds.const){if(this.opts.ownProperties)return this.forOf(t,(0,Y._)`Object.keys(${r})`,n);let i=this._scope.toName(t);return this._for(new ni("in",a,i,r),()=>n(i))}endFor(){return this._endBlockNode(Nr)}label(t){return this._leafNode(new Vc(t))}break(t){return this._leafNode(new Fc(t))}return(t){let r=new ko;if(this._blockNode(r),this.code(t),r.nodes.length!==1)throw new Error('CodeGen: "return" should have one node');return this._endBlockNode(ko)}try(t,r,n){if(!r&&!n)throw new Error('CodeGen: "try" without "catch" and "finally"');let a=new Qc;if(this._blockNode(a),this.code(t),r){let i=this.name("e");this._currNode=a.catch=new To(i),r(i)}return n&&(this._currNode=a.finally=new Eo,this.code(n)),this._endBlockNode(To,Eo)}throw(t){return this._leafNode(new Zc(t))}block(t,r){return this._blockStarts.push(this._nodes.length),t&&this.code(t).endBlock(r),this}endBlock(t){let r=this._blockStarts.pop();if(r===void 0)throw new Error("CodeGen: not in self-balancing block");let n=this._nodes.length-r;if(n<0||t!==void 0&&n!==t)throw new Error(`CodeGen: wrong number of nodes: ${n} vs ${t} expected`);return this._nodes.length=r,this}func(t,r=Y.nil,n,a){return this._blockNode(new Ao(t,r,n)),a&&this.code(a).endFunc(),this}endFunc(){return this._endBlockNode(Ao)}optimize(t=1){for(;t-- >0;)this._root.optimizeNodes(),this._root.optimizeNames(this._root.names,this._constants)}_leafNode(t){return this._currNode.nodes.push(t),this}_blockNode(t){this._currNode.nodes.push(t),this._nodes.push(t)}_endBlockNode(t,r){let n=this._currNode;if(n instanceof t||r&&n instanceof r)return this._nodes.pop(),this;throw new Error(`CodeGen: not in block "${r?`${t.kind}/${r.kind}`:t.kind}"`)}_elseNode(t){let r=this._currNode;if(!(r instanceof qr))throw new Error('CodeGen: "else" without "if"');return this._currNode=r.else=t,this}get _root(){return this._nodes[0]}get _currNode(){let t=this._nodes;return t[t.length-1]}set _currNode(t){let r=this._nodes;r[r.length-1]=t}};Z.CodeGen=Xc;function Dr(e,t){for(let r in t)e[r]=(e[r]||0)+(t[r]||0);return e}o(Dr,"addNames");function oi(e,t){return t instanceof Y._CodeOrName?Dr(e,t.names):e}o(oi,"addExprNames");function _n(e,t,r){if(e instanceof Y.Name)return n(e);if(!a(e))return e;return new Y._Code(e._items.reduce((i,s)=>(s instanceof Y.Name&&(s=n(s)),s instanceof Y._Code?i.push(...s._items):i.push(s),i),[]));function n(i){let s=r[i.str];return s===void 0||t[i.str]!==1?i:(delete t[i.str],s)}function a(i){return i instanceof Y._Code&&i._items.some(s=>s instanceof Y.Name&&t[s.str]===1&&r[s.str]!==void 0)}}o(_n,"optimizeExpr");function eR(e,t){for(let r in t)e[r]=(e[r]||0)-(t[r]||0)}o(eR,"subtractNames");function pm(e){return typeof e=="boolean"||typeof e=="number"||e===null?!e:(0,Y._)`!${eu(e)}`}o(pm,"not");Z.not=pm;var tR=mm(Z.operators.AND);function rR(...e){return e.reduce(tR)}o(rR,"and");Z.and=rR;var nR=mm(Z.operators.OR);function oR(...e){return e.reduce(nR)}o(oR,"or");Z.or=oR;function mm(e){return(t,r)=>t===Y.nil?r:r===Y.nil?t:(0,Y._)`${eu(t)} ${e} ${eu(r)}`}o(mm,"mappend");function eu(e){return e instanceof Y.Name?e:(0,Y._)`(${e})`}o(eu,"par")});var re=x(W=>{"use strict";Object.defineProperty(W,"__esModule",{value:!0});W.checkStrictMode=W.getErrorPath=W.Type=W.useFunc=W.setEvaluated=W.evaluatedPropsToName=W.mergeEvaluated=W.eachItem=W.unescapeJsonPointer=W.escapeJsonPointer=W.escapeFragment=W.unescapeFragment=W.schemaRefOrVal=W.schemaHasRulesButRef=W.schemaHasRules=W.checkUnknownRules=W.alwaysValidSchema=W.toHash=void 0;var ie=F(),aR=Po();function iR(e){let t={};for(let r of e)t[r]=!0;return t}o(iR,"toHash");W.toHash=iR;function sR(e,t){return typeof t=="boolean"?t:Object.keys(t).length===0?!0:(gm(e,t),!ym(t,e.self.RULES.all))}o(sR,"alwaysValidSchema");W.alwaysValidSchema=sR;function gm(e,t=e.schema){let{opts:r,self:n}=e;if(!r.strictSchema||typeof t=="boolean")return;let a=n.RULES.keywords;for(let i in t)a[i]||wm(e,`unknown keyword: "${i}"`)}o(gm,"checkUnknownRules");W.checkUnknownRules=gm;function ym(e,t){if(typeof e=="boolean")return!e;for(let r in e)if(t[r])return!0;return!1}o(ym,"schemaHasRules");W.schemaHasRules=ym;function cR(e,t){if(typeof e=="boolean")return!e;for(let r in e)if(r!=="$ref"&&t.all[r])return!0;return!1}o(cR,"schemaHasRulesButRef");W.schemaHasRulesButRef=cR;function uR({topSchemaRef:e,schemaPath:t},r,n,a){if(!a){if(typeof r=="number"||typeof r=="boolean")return r;if(typeof r=="string")return(0,ie._)`${r}`}return(0,ie._)`${e}${t}${(0,ie.getProperty)(n)}`}o(uR,"schemaRefOrVal");W.schemaRefOrVal=uR;function dR(e){return Sm(decodeURIComponent(e))}o(dR,"unescapeFragment");W.unescapeFragment=dR;function lR(e){return encodeURIComponent(ru(e))}o(lR,"escapeFragment");W.escapeFragment=lR;function ru(e){return typeof e=="number"?`${e}`:e.replace(/~/g,"~0").replace(/\//g,"~1")}o(ru,"escapeJsonPointer");W.escapeJsonPointer=ru;function Sm(e){return e.replace(/~1/g,"/").replace(/~0/g,"~")}o(Sm,"unescapeJsonPointer");W.unescapeJsonPointer=Sm;function pR(e,t){if(Array.isArray(e))for(let r of e)t(r);else t(e)}o(pR,"eachItem");W.eachItem=pR;function fm({mergeNames:e,mergeToName:t,mergeValues:r,resultToName:n}){return(a,i,s,c)=>{let d=s===void 0?i:s instanceof ie.Name?(i instanceof ie.Name?e(a,i,s):t(a,i,s),s):i instanceof ie.Name?(t(a,s,i),i):r(i,s);return c===ie.Name&&!(d instanceof ie.Name)?n(a,d):d}}o(fm,"makeMergeEvaluated");W.mergeEvaluated={props:fm({mergeNames:o((e,t,r)=>e.if((0,ie._)`${r} !== true && ${t} !== undefined`,()=>{e.if((0,ie._)`${t} === true`,()=>e.assign(r,!0),()=>e.assign(r,(0,ie._)`${r} || {}`).code((0,ie._)`Object.assign(${r}, ${t})`))}),"mergeNames"),mergeToName:o((e,t,r)=>e.if((0,ie._)`${r} !== true`,()=>{t===!0?e.assign(r,!0):(e.assign(r,(0,ie._)`${r} || {}`),nu(e,r,t))}),"mergeToName"),mergeValues:o((e,t)=>e===!0?!0:{...e,...t},"mergeValues"),resultToName:_m}),items:fm({mergeNames:o((e,t,r)=>e.if((0,ie._)`${r} !== true && ${t} !== undefined`,()=>e.assign(r,(0,ie._)`${t} === true ? true : ${r} > ${t} ? ${r} : ${t}`)),"mergeNames"),mergeToName:o((e,t,r)=>e.if((0,ie._)`${r} !== true`,()=>e.assign(r,t===!0?!0:(0,ie._)`${r} > ${t} ? ${r} : ${t}`)),"mergeToName"),mergeValues:o((e,t)=>e===!0?!0:Math.max(e,t),"mergeValues"),resultToName:o((e,t)=>e.var("items",t),"resultToName")})};function _m(e,t){if(t===!0)return e.var("props",!0);let r=e.var("props",(0,ie._)`{}`);return t!==void 0&&nu(e,r,t),r}o(_m,"evaluatedPropsToName");W.evaluatedPropsToName=_m;function nu(e,t,r){Object.keys(r).forEach(n=>e.assign((0,ie._)`${t}${(0,ie.getProperty)(n)}`,!0))}o(nu,"setEvaluated");W.setEvaluated=nu;var hm={};function mR(e,t){return e.scopeValue("func",{ref:t,code:hm[t.code]||(hm[t.code]=new aR._Code(t.code))})}o(mR,"useFunc");W.useFunc=mR;var tu;(function(e){e[e.Num=0]="Num",e[e.Str=1]="Str"})(tu||(W.Type=tu={}));function fR(e,t,r){if(e instanceof ie.Name){let n=t===tu.Num;return r?n?(0,ie._)`"[" + ${e} + "]"`:(0,ie._)`"['" + ${e} + "']"`:n?(0,ie._)`"/" + ${e}`:(0,ie._)`"/" + ${e}.replace(/~/g, "~0").replace(/\\//g, "~1")`}return r?(0,ie.getProperty)(e).toString():"/"+ru(e)}o(fR,"getErrorPath");W.getErrorPath=fR;function wm(e,t,r=e.opts.strictSchema){if(r){if(t=`strict mode: ${t}`,r===!0)throw new Error(t);e.self.logger.warn(t)}}o(wm,"checkStrictMode");W.checkStrictMode=wm});var Vt=x(ou=>{"use strict";Object.defineProperty(ou,"__esModule",{value:!0});var Ne=F(),hR={data:new Ne.Name("data"),valCxt:new Ne.Name("valCxt"),instancePath:new Ne.Name("instancePath"),parentData:new Ne.Name("parentData"),parentDataProperty:new Ne.Name("parentDataProperty"),rootData:new Ne.Name("rootData"),dynamicAnchors:new Ne.Name("dynamicAnchors"),vErrors:new Ne.Name("vErrors"),errors:new Ne.Name("errors"),this:new Ne.Name("this"),self:new Ne.Name("self"),scope:new Ne.Name("scope"),json:new Ne.Name("json"),jsonPos:new Ne.Name("jsonPos"),jsonLen:new Ne.Name("jsonLen"),jsonPart:new Ne.Name("jsonPart")};ou.default=hR});var Uo=x(De=>{"use strict";Object.defineProperty(De,"__esModule",{value:!0});De.extendErrors=De.resetErrorsCount=De.reportExtraError=De.reportError=De.keyword$DataError=De.keywordError=void 0;var X=F(),ii=re(),Ve=Vt();De.keywordError={message:o(({keyword:e})=>(0,X.str)`must pass "${e}" keyword validation`,"message")};De.keyword$DataError={message:o(({keyword:e,schemaType:t})=>t?(0,X.str)`"${e}" keyword must be ${t} ($data)`:(0,X.str)`"${e}" keyword is invalid ($data)`,"message")};function gR(e,t=De.keywordError,r,n){let{it:a}=e,{gen:i,compositeRule:s,allErrors:c}=a,d=Rm(e,t,r);n??(s||c)?vm(i,d):bm(a,(0,X._)`[${d}]`)}o(gR,"reportError");De.reportError=gR;function yR(e,t=De.keywordError,r){let{it:n}=e,{gen:a,compositeRule:i,allErrors:s}=n,c=Rm(e,t,r);vm(a,c),i||s||bm(n,Ve.default.vErrors)}o(yR,"reportExtraError");De.reportExtraError=yR;function SR(e,t){e.assign(Ve.default.errors,t),e.if((0,X._)`${Ve.default.vErrors} !== null`,()=>e.if(t,()=>e.assign((0,X._)`${Ve.default.vErrors}.length`,t),()=>e.assign(Ve.default.vErrors,null)))}o(SR,"resetErrorsCount");De.resetErrorsCount=SR;function _R({gen:e,keyword:t,schemaValue:r,data:n,errsCount:a,it:i}){if(a===void 0)throw new Error("ajv implementation error");let s=e.name("err");e.forRange("i",a,Ve.default.errors,c=>{e.const(s,(0,X._)`${Ve.default.vErrors}[${c}]`),e.if((0,X._)`${s}.instancePath === undefined`,()=>e.assign((0,X._)`${s}.instancePath`,(0,X.strConcat)(Ve.default.instancePath,i.errorPath))),e.assign((0,X._)`${s}.schemaPath`,(0,X.str)`${i.errSchemaPath}/${t}`),i.opts.verbose&&(e.assign((0,X._)`${s}.schema`,r),e.assign((0,X._)`${s}.data`,n))})}o(_R,"extendErrors");De.extendErrors=_R;function vm(e,t){let r=e.const("err",t);e.if((0,X._)`${Ve.default.vErrors} === null`,()=>e.assign(Ve.default.vErrors,(0,X._)`[${r}]`),(0,X._)`${Ve.default.vErrors}.push(${r})`),e.code((0,X._)`${Ve.default.errors}++`)}o(vm,"addError");function bm(e,t){let{gen:r,validateName:n,schemaEnv:a}=e;a.$async?r.throw((0,X._)`new ${e.ValidationError}(${t})`):(r.assign((0,X._)`${n}.errors`,t),r.return(!1))}o(bm,"returnErrors");var jr={keyword:new X.Name("keyword"),schemaPath:new X.Name("schemaPath"),params:new X.Name("params"),propertyName:new X.Name("propertyName"),message:new X.Name("message"),schema:new X.Name("schema"),parentSchema:new X.Name("parentSchema")};function Rm(e,t,r){let{createErrors:n}=e.it;return n===!1?(0,X._)`{}`:wR(e,t,r)}o(Rm,"errorObjectCode");function wR(e,t,r={}){let{gen:n,it:a}=e,i=[vR(a,r),bR(e,r)];return RR(e,t,i),n.object(...i)}o(wR,"errorObject");function vR({errorPath:e},{instancePath:t}){let r=t?(0,X.str)`${e}${(0,ii.getErrorPath)(t,ii.Type.Str)}`:e;return[Ve.default.instancePath,(0,X.strConcat)(Ve.default.instancePath,r)]}o(vR,"errorInstancePath");function bR({keyword:e,it:{errSchemaPath:t}},{schemaPath:r,parentSchema:n}){let a=n?t:(0,X.str)`${t}/${e}`;return r&&(a=(0,X.str)`${a}${(0,ii.getErrorPath)(r,ii.Type.Str)}`),[jr.schemaPath,a]}o(bR,"errorSchemaPath");function RR(e,{params:t,message:r},n){let{keyword:a,data:i,schemaValue:s,it:c}=e,{opts:d,propertyName:p,topSchemaRef:l,schemaPath:m}=c;n.push([jr.keyword,a],[jr.params,typeof t=="function"?t(e):t||(0,X._)`{}`]),d.messages&&n.push([jr.message,typeof r=="function"?r(e):r]),d.verbose&&n.push([jr.schema,s],[jr.parentSchema,(0,X._)`${l}${m}`],[Ve.default.data,i]),p&&n.push([jr.propertyName,p])}o(RR,"extraErrorProps")});var Im=x(wn=>{"use strict";Object.defineProperty(wn,"__esModule",{value:!0});wn.boolOrEmptySchema=wn.topBoolOrEmptySchema=void 0;var CR=Uo(),IR=F(),PR=Vt(),xR={message:"boolean schema is false"};function AR(e){let{gen:t,schema:r,validateName:n}=e;r===!1?Cm(e,!1):typeof r=="object"&&r.$async===!0?t.return(PR.default.data):(t.assign((0,IR._)`${n}.errors`,null),t.return(!0))}o(AR,"topBoolOrEmptySchema");wn.topBoolOrEmptySchema=AR;function kR(e,t){let{gen:r,schema:n}=e;n===!1?(r.var(t,!1),Cm(e)):r.var(t,!0)}o(kR,"boolOrEmptySchema");wn.boolOrEmptySchema=kR;function Cm(e,t){let{gen:r,data:n}=e,a={gen:r,keyword:"false schema",data:n,schema:!1,schemaCode:!1,schemaValue:!1,params:{},it:e};(0,CR.reportError)(a,xR,void 0,t)}o(Cm,"falseSchemaError")});var au=x(vn=>{"use strict";Object.defineProperty(vn,"__esModule",{value:!0});vn.getRules=vn.isJSONType=void 0;var TR=["string","number","integer","boolean","null","object","array"],ER=new Set(TR);function UR(e){return typeof e=="string"&&ER.has(e)}o(UR,"isJSONType");vn.isJSONType=UR;function OR(){let e={number:{type:"number",rules:[]},string:{type:"string",rules:[]},array:{type:"array",rules:[]},object:{type:"object",rules:[]}};return{types:{...e,integer:!0,boolean:!0,null:!0},rules:[{rules:[]},e.number,e.string,e.array,e.object],post:{rules:[]},all:{},keywords:{}}}o(OR,"getRules");vn.getRules=OR});var iu=x(gr=>{"use strict";Object.defineProperty(gr,"__esModule",{value:!0});gr.shouldUseRule=gr.shouldUseGroup=gr.schemaHasRulesForType=void 0;function $R({schema:e,self:t},r){let n=t.RULES.types[r];return n&&n!==!0&&Pm(e,n)}o($R,"schemaHasRulesForType");gr.schemaHasRulesForType=$R;function Pm(e,t){return t.rules.some(r=>xm(e,r))}o(Pm,"shouldUseGroup");gr.shouldUseGroup=Pm;function xm(e,t){var r;return e[t.keyword]!==void 0||((r=t.definition.implements)===null||r===void 0?void 0:r.some(n=>e[n]!==void 0))}o(xm,"shouldUseRule");gr.shouldUseRule=xm});var Oo=x(je=>{"use strict";Object.defineProperty(je,"__esModule",{value:!0});je.reportTypeError=je.checkDataTypes=je.checkDataType=je.coerceAndCheckDataType=je.getJSONTypes=je.getSchemaTypes=je.DataType=void 0;var zR=au(),MR=iu(),qR=Uo(),V=F(),Am=re(),bn;(function(e){e[e.Correct=0]="Correct",e[e.Wrong=1]="Wrong"})(bn||(je.DataType=bn={}));function NR(e){let t=km(e.type);if(t.includes("null")){if(e.nullable===!1)throw new Error("type: null contradicts nullable: false")}else{if(!t.length&&e.nullable!==void 0)throw new Error('"nullable" cannot be used without "type"');e.nullable===!0&&t.push("null")}return t}o(NR,"getSchemaTypes");je.getSchemaTypes=NR;function km(e){let t=Array.isArray(e)?e:e?[e]:[];if(t.every(zR.isJSONType))return t;throw new Error("type must be JSONType or JSONType[]: "+t.join(","))}o(km,"getJSONTypes");je.getJSONTypes=km;function DR(e,t){let{gen:r,data:n,opts:a}=e,i=jR(t,a.coerceTypes),s=t.length>0&&!(i.length===0&&t.length===1&&(0,MR.schemaHasRulesForType)(e,t[0]));if(s){let c=cu(t,n,a.strictNumbers,bn.Wrong);r.if(c,()=>{i.length?HR(e,t,i):uu(e)})}return s}o(DR,"coerceAndCheckDataType");je.coerceAndCheckDataType=DR;var Tm=new Set(["string","number","integer","boolean","null"]);function jR(e,t){return t?e.filter(r=>Tm.has(r)||t==="array"&&r==="array"):[]}o(jR,"coerceToTypes");function HR(e,t,r){let{gen:n,data:a,opts:i}=e,s=n.let("dataType",(0,V._)`typeof ${a}`),c=n.let("coerced",(0,V._)`undefined`);i.coerceTypes==="array"&&n.if((0,V._)`${s} == 'object' && Array.isArray(${a}) && ${a}.length == 1`,()=>n.assign(a,(0,V._)`${a}[0]`).assign(s,(0,V._)`typeof ${a}`).if(cu(t,a,i.strictNumbers),()=>n.assign(c,a))),n.if((0,V._)`${c} !== undefined`);for(let p of r)(Tm.has(p)||p==="array"&&i.coerceTypes==="array")&&d(p);n.else(),uu(e),n.endIf(),n.if((0,V._)`${c} !== undefined`,()=>{n.assign(a,c),LR(e,c)});function d(p){switch(p){case"string":n.elseIf((0,V._)`${s} == "number" || ${s} == "boolean"`).assign(c,(0,V._)`"" + ${a}`).elseIf((0,V._)`${a} === null`).assign(c,(0,V._)`""`);return;case"number":n.elseIf((0,V._)`${s} == "boolean" || ${a} === null
27
27
  || (${s} == "string" && ${a} && ${a} == +${a})`).assign(c,(0,V._)`+${a}`);return;case"integer":n.elseIf((0,V._)`${s} === "boolean" || ${a} === null
28
28
  || (${s} === "string" && ${a} && ${a} == +${a} && !(${a} % 1))`).assign(c,(0,V._)`+${a}`);return;case"boolean":n.elseIf((0,V._)`${a} === "false" || ${a} === 0 || ${a} === null`).assign(c,!1).elseIf((0,V._)`${a} === "true" || ${a} === 1`).assign(c,!0);return;case"null":n.elseIf((0,V._)`${a} === "" || ${a} === 0 || ${a} === false`),n.assign(c,null);return;case"array":n.elseIf((0,V._)`${s} === "string" || ${s} === "number"
29
- || ${s} === "boolean" || ${a} === null`).assign(c,(0,V._)`[${a}]`)}}o(d,"coerceSpecificType")}o(GR,"coerceData");function VR({gen:e,parentData:t,parentDataProperty:r},n){e.if((0,V._)`${t} !== undefined`,()=>e.assign((0,V._)`${t}[${r}]`,n))}o(VR,"assignParentData");function iu(e,t,r,n=vn.Correct){let a=n===vn.Correct?V.operators.EQ:V.operators.NEQ,i;switch(e){case"null":return(0,V._)`${t} ${a} null`;case"array":i=(0,V._)`Array.isArray(${t})`;break;case"object":i=(0,V._)`${t} && typeof ${t} == "object" && !Array.isArray(${t})`;break;case"integer":i=s((0,V._)`!(${t} % 1) && !isNaN(${t})`);break;case"number":i=s();break;default:return(0,V._)`typeof ${t} ${a} ${e}`}return n===vn.Correct?i:(0,V.not)(i);function s(c=V.nil){return(0,V.and)((0,V._)`typeof ${t} == "number"`,c,r?(0,V._)`isFinite(${t})`:V.nil)}}o(iu,"checkDataType");De.checkDataType=iu;function su(e,t,r,n){if(e.length===1)return iu(e[0],t,r,n);let a,i=(0,km.toHash)(e);if(i.array&&i.object){let s=(0,V._)`typeof ${t} != "object"`;a=i.null?s:(0,V._)`!${t} || ${s}`,delete i.null,delete i.array,delete i.object}else a=V.nil;i.number&&delete i.integer;for(let s in i)a=(0,V.and)(a,iu(s,t,r,n));return a}o(su,"checkDataTypes");De.checkDataTypes=su;var FR={message:o(({schema:e})=>`must be ${e}`,"message"),params:o(({schema:e,schemaValue:t})=>typeof e=="string"?(0,V._)`{type: ${e}}`:(0,V._)`{type: ${t}}`,"params")};function cu(e){let t=ZR(e);(0,DR.reportError)(t,FR)}o(cu,"reportTypeError");De.reportTypeError=cu;function ZR(e){let{gen:t,data:r,schema:n}=e,a=(0,km.schemaRefOrVal)(e,n,"type");return{gen:t,keyword:"type",data:r,schema:n.type,schemaCode:a,schemaValue:a,parentSchema:n,params:{},it:e}}o(ZR,"getTypeErrorContext")});var $m=x(si=>{"use strict";Object.defineProperty(si,"__esModule",{value:!0});si.assignDefaults=void 0;var bn=F(),KR=re();function WR(e,t){let{properties:r,items:n}=e.schema;if(t==="object"&&r)for(let a in r)Om(e,a,r[a].default);else t==="array"&&Array.isArray(n)&&n.forEach((a,i)=>Om(e,i,a.default))}o(WR,"assignDefaults");si.assignDefaults=WR;function Om(e,t,r){let{gen:n,compositeRule:a,data:i,opts:s}=e;if(r===void 0)return;let c=(0,bn._)`${i}${(0,bn.getProperty)(t)}`;if(a){(0,KR.checkStrictMode)(e,`default is ignored for: ${c}`);return}let d=(0,bn._)`${c} === undefined`;s.useDefaults==="empty"&&(d=(0,bn._)`${d} || ${c} === null || ${c} === ""`),n.if(d,(0,bn._)`${c} = ${(0,bn.stringify)(r)}`)}o(Om,"assignDefault")});var dt=x(oe=>{"use strict";Object.defineProperty(oe,"__esModule",{value:!0});oe.validateUnion=oe.validateArray=oe.usePattern=oe.callValidateCode=oe.schemaProperties=oe.allSchemaProperties=oe.noPropertyInData=oe.propertyInData=oe.isOwnProperty=oe.hasPropFunc=oe.reportMissingProp=oe.checkMissingProp=oe.checkReportMissingProp=void 0;var de=F(),uu=re(),Sr=Ft(),JR=re();function YR(e,t){let{gen:r,data:n,it:a}=e;r.if(lu(r,n,t,a.opts.ownProperties),()=>{e.setParams({missingProperty:(0,de._)`${t}`},!0),e.error()})}o(YR,"checkReportMissingProp");oe.checkReportMissingProp=YR;function QR({gen:e,data:t,it:{opts:r}},n,a){return(0,de.or)(...n.map(i=>(0,de.and)(lu(e,t,i,r.ownProperties),(0,de._)`${a} = ${i}`)))}o(QR,"checkMissingProp");oe.checkMissingProp=QR;function XR(e,t){e.setParams({missingProperty:t},!0),e.error()}o(XR,"reportMissingProp");oe.reportMissingProp=XR;function zm(e){return e.scopeValue("func",{ref:Object.prototype.hasOwnProperty,code:(0,de._)`Object.prototype.hasOwnProperty`})}o(zm,"hasPropFunc");oe.hasPropFunc=zm;function du(e,t,r){return(0,de._)`${zm(e)}.call(${t}, ${r})`}o(du,"isOwnProperty");oe.isOwnProperty=du;function eC(e,t,r,n){let a=(0,de._)`${t}${(0,de.getProperty)(r)} !== undefined`;return n?(0,de._)`${a} && ${du(e,t,r)}`:a}o(eC,"propertyInData");oe.propertyInData=eC;function lu(e,t,r,n){let a=(0,de._)`${t}${(0,de.getProperty)(r)} === undefined`;return n?(0,de.or)(a,(0,de.not)(du(e,t,r))):a}o(lu,"noPropertyInData");oe.noPropertyInData=lu;function Mm(e){return e?Object.keys(e).filter(t=>t!=="__proto__"):[]}o(Mm,"allSchemaProperties");oe.allSchemaProperties=Mm;function tC(e,t){return Mm(t).filter(r=>!(0,uu.alwaysValidSchema)(e,t[r]))}o(tC,"schemaProperties");oe.schemaProperties=tC;function rC({schemaCode:e,data:t,it:{gen:r,topSchemaRef:n,schemaPath:a,errorPath:i},it:s},c,d,p){let l=p?(0,de._)`${e}, ${t}, ${n}${a}`:t,m=[[Sr.default.instancePath,(0,de.strConcat)(Sr.default.instancePath,i)],[Sr.default.parentData,s.parentData],[Sr.default.parentDataProperty,s.parentDataProperty],[Sr.default.rootData,Sr.default.rootData]];s.opts.dynamicRef&&m.push([Sr.default.dynamicAnchors,Sr.default.dynamicAnchors]);let h=(0,de._)`${l}, ${r.object(...m)}`;return d!==de.nil?(0,de._)`${c}.call(${d}, ${h})`:(0,de._)`${c}(${h})`}o(rC,"callValidateCode");oe.callValidateCode=rC;var nC=(0,de._)`new RegExp`;function oC({gen:e,it:{opts:t}},r){let n=t.unicodeRegExp?"u":"",{regExp:a}=t.code,i=a(r,n);return e.scopeValue("pattern",{key:i.toString(),ref:i,code:(0,de._)`${a.code==="new RegExp"?nC:(0,JR.useFunc)(e,a)}(${r}, ${n})`})}o(oC,"usePattern");oe.usePattern=oC;function aC(e){let{gen:t,data:r,keyword:n,it:a}=e,i=t.name("valid");if(a.allErrors){let c=t.let("valid",!0);return s(()=>t.assign(c,!1)),c}return t.var(i,!0),s(()=>t.break()),i;function s(c){let d=t.const("len",(0,de._)`${r}.length`);t.forRange("i",0,d,p=>{e.subschema({keyword:n,dataProp:p,dataPropType:uu.Type.Num},i),t.if((0,de.not)(i),c)})}o(s,"validateItems")}o(aC,"validateArray");oe.validateArray=aC;function iC(e){let{gen:t,schema:r,keyword:n,it:a}=e;if(!Array.isArray(r))throw new Error("ajv implementation error");if(r.some(d=>(0,uu.alwaysValidSchema)(a,d))&&!a.opts.unevaluated)return;let s=t.let("valid",!1),c=t.name("_valid");t.block(()=>r.forEach((d,p)=>{let l=e.subschema({keyword:n,schemaProp:p,compositeRule:!0},c);t.assign(s,(0,de._)`${s} || ${c}`),e.mergeValidEvaluated(l,c)||t.if((0,de.not)(s))})),e.result(s,()=>e.reset(),()=>e.error(!0))}o(iC,"validateUnion");oe.validateUnion=iC});var jm=x(Pt=>{"use strict";Object.defineProperty(Pt,"__esModule",{value:!0});Pt.validateKeywordUsage=Pt.validSchemaType=Pt.funcKeywordCode=Pt.macroKeywordCode=void 0;var Fe=F(),Hr=Ft(),sC=dt(),cC=Eo();function uC(e,t){let{gen:r,keyword:n,schema:a,parentSchema:i,it:s}=e,c=t.macro.call(s.self,a,i,s),d=Nm(r,n,c);s.opts.validateSchema!==!1&&s.self.validateSchema(c,!0);let p=r.name("valid");e.subschema({schema:c,schemaPath:Fe.nil,errSchemaPath:`${s.errSchemaPath}/${n}`,topSchemaRef:d,compositeRule:!0},p),e.pass(p,()=>e.error(!0))}o(uC,"macroKeywordCode");Pt.macroKeywordCode=uC;function dC(e,t){var r;let{gen:n,keyword:a,schema:i,parentSchema:s,$data:c,it:d}=e;pC(d,t);let p=!c&&t.compile?t.compile.call(d.self,i,s,d):t.validate,l=Nm(n,a,p),m=n.let("valid");e.block$data(m,h),e.ok((r=t.valid)!==null&&r!==void 0?r:m);function h(){if(t.errors===!1)S(),t.modifying&&qm(e),w(()=>e.error());else{let v=t.async?y():_();t.modifying&&qm(e),w(()=>lC(e,v))}}o(h,"validateKeyword");function y(){let v=n.let("ruleErrs",null);return n.try(()=>S((0,Fe._)`await `),b=>n.assign(m,!1).if((0,Fe._)`${b} instanceof ${d.ValidationError}`,()=>n.assign(v,(0,Fe._)`${b}.errors`),()=>n.throw(b))),v}o(y,"validateAsync");function _(){let v=(0,Fe._)`${l}.errors`;return n.assign(v,null),S(Fe.nil),v}o(_,"validateSync");function S(v=t.async?(0,Fe._)`await `:Fe.nil){let b=d.opts.passContext?Hr.default.this:Hr.default.self,R=!("compile"in t&&!c||t.schema===!1);n.assign(m,(0,Fe._)`${v}${(0,sC.callValidateCode)(e,l,b,R)}`,t.modifying)}o(S,"assignValid");function w(v){var b;n.if((0,Fe.not)((b=t.valid)!==null&&b!==void 0?b:m),v)}o(w,"reportErrs")}o(dC,"funcKeywordCode");Pt.funcKeywordCode=dC;function qm(e){let{gen:t,data:r,it:n}=e;t.if(n.parentData,()=>t.assign(r,(0,Fe._)`${n.parentData}[${n.parentDataProperty}]`))}o(qm,"modifyData");function lC(e,t){let{gen:r}=e;r.if((0,Fe._)`Array.isArray(${t})`,()=>{r.assign(Hr.default.vErrors,(0,Fe._)`${Hr.default.vErrors} === null ? ${t} : ${Hr.default.vErrors}.concat(${t})`).assign(Hr.default.errors,(0,Fe._)`${Hr.default.vErrors}.length`),(0,cC.extendErrors)(e)},()=>e.error())}o(lC,"addErrs");function pC({schemaEnv:e},t){if(t.async&&!e.$async)throw new Error("async keyword in sync schema")}o(pC,"checkAsyncKeyword");function Nm(e,t,r){if(r===void 0)throw new Error(`keyword "${t}" failed to compile`);return e.scopeValue("keyword",typeof r=="function"?{ref:r}:{ref:r,code:(0,Fe.stringify)(r)})}o(Nm,"useKeyword");function mC(e,t,r=!1){return!t.length||t.some(n=>n==="array"?Array.isArray(e):n==="object"?e&&typeof e=="object"&&!Array.isArray(e):typeof e==n||r&&typeof e>"u")}o(mC,"validSchemaType");Pt.validSchemaType=mC;function fC({schema:e,opts:t,self:r,errSchemaPath:n},a,i){if(Array.isArray(a.keyword)?!a.keyword.includes(i):a.keyword!==i)throw new Error("ajv implementation error");let s=a.dependencies;if(s?.some(c=>!Object.prototype.hasOwnProperty.call(e,c)))throw new Error(`parent schema must have dependencies of ${i}: ${s.join(",")}`);if(a.validateSchema&&!a.validateSchema(e[i])){let d=`keyword "${i}" value is invalid at path "${n}": `+r.errorsText(a.validateSchema.errors);if(t.validateSchema==="log")r.logger.error(d);else throw new Error(d)}}o(fC,"validateKeywordUsage");Pt.validateKeywordUsage=fC});var Hm=x(_r=>{"use strict";Object.defineProperty(_r,"__esModule",{value:!0});_r.extendSubschemaMode=_r.extendSubschemaData=_r.getSubschema=void 0;var xt=F(),Dm=re();function hC(e,{keyword:t,schemaProp:r,schema:n,schemaPath:a,errSchemaPath:i,topSchemaRef:s}){if(t!==void 0&&n!==void 0)throw new Error('both "keyword" and "schema" passed, only one allowed');if(t!==void 0){let c=e.schema[t];return r===void 0?{schema:c,schemaPath:(0,xt._)`${e.schemaPath}${(0,xt.getProperty)(t)}`,errSchemaPath:`${e.errSchemaPath}/${t}`}:{schema:c[r],schemaPath:(0,xt._)`${e.schemaPath}${(0,xt.getProperty)(t)}${(0,xt.getProperty)(r)}`,errSchemaPath:`${e.errSchemaPath}/${t}/${(0,Dm.escapeFragment)(r)}`}}if(n!==void 0){if(a===void 0||i===void 0||s===void 0)throw new Error('"schemaPath", "errSchemaPath" and "topSchemaRef" are required with "schema"');return{schema:n,schemaPath:a,topSchemaRef:s,errSchemaPath:i}}throw new Error('either "keyword" or "schema" must be passed')}o(hC,"getSubschema");_r.getSubschema=hC;function gC(e,t,{dataProp:r,dataPropType:n,data:a,dataTypes:i,propertyName:s}){if(a!==void 0&&r!==void 0)throw new Error('both "data" and "dataProp" passed, only one allowed');let{gen:c}=t;if(r!==void 0){let{errorPath:p,dataPathArr:l,opts:m}=t,h=c.let("data",(0,xt._)`${t.data}${(0,xt.getProperty)(r)}`,!0);d(h),e.errorPath=(0,xt.str)`${p}${(0,Dm.getErrorPath)(r,n,m.jsPropertySyntax)}`,e.parentDataProperty=(0,xt._)`${r}`,e.dataPathArr=[...l,e.parentDataProperty]}if(a!==void 0){let p=a instanceof xt.Name?a:c.let("data",a,!0);d(p),s!==void 0&&(e.propertyName=s)}i&&(e.dataTypes=i);function d(p){e.data=p,e.dataLevel=t.dataLevel+1,e.dataTypes=[],t.definedProperties=new Set,e.parentData=t.data,e.dataNames=[...t.dataNames,p]}o(d,"dataContextProps")}o(gC,"extendSubschemaData");_r.extendSubschemaData=gC;function yC(e,{jtdDiscriminator:t,jtdMetadata:r,compositeRule:n,createErrors:a,allErrors:i}){n!==void 0&&(e.compositeRule=n),a!==void 0&&(e.createErrors=a),i!==void 0&&(e.allErrors=i),e.jtdDiscriminator=t,e.jtdMetadata=r}o(yC,"extendSubschemaMode");_r.extendSubschemaMode=yC});var pu=x(($H,Lm)=>{"use strict";Lm.exports=o(function e(t,r){if(t===r)return!0;if(t&&r&&typeof t=="object"&&typeof r=="object"){if(t.constructor!==r.constructor)return!1;var n,a,i;if(Array.isArray(t)){if(n=t.length,n!=r.length)return!1;for(a=n;a--!==0;)if(!e(t[a],r[a]))return!1;return!0}if(t.constructor===RegExp)return t.source===r.source&&t.flags===r.flags;if(t.valueOf!==Object.prototype.valueOf)return t.valueOf()===r.valueOf();if(t.toString!==Object.prototype.toString)return t.toString()===r.toString();if(i=Object.keys(t),n=i.length,n!==Object.keys(r).length)return!1;for(a=n;a--!==0;)if(!Object.prototype.hasOwnProperty.call(r,i[a]))return!1;for(a=n;a--!==0;){var s=i[a];if(!e(t[s],r[s]))return!1}return!0}return t!==t&&r!==r},"equal")});var Gm=x((MH,Bm)=>{"use strict";var wr=Bm.exports=function(e,t,r){typeof t=="function"&&(r=t,t={}),r=t.cb||r;var n=typeof r=="function"?r:r.pre||function(){},a=r.post||function(){};ci(t,n,a,e,"",e)};wr.keywords={additionalItems:!0,items:!0,contains:!0,additionalProperties:!0,propertyNames:!0,not:!0,if:!0,then:!0,else:!0};wr.arrayKeywords={items:!0,allOf:!0,anyOf:!0,oneOf:!0};wr.propsKeywords={$defs:!0,definitions:!0,properties:!0,patternProperties:!0,dependencies:!0};wr.skipKeywords={default:!0,enum:!0,const:!0,required:!0,maximum:!0,minimum:!0,exclusiveMaximum:!0,exclusiveMinimum:!0,multipleOf:!0,maxLength:!0,minLength:!0,pattern:!0,format:!0,maxItems:!0,minItems:!0,uniqueItems:!0,maxProperties:!0,minProperties:!0};function ci(e,t,r,n,a,i,s,c,d,p){if(n&&typeof n=="object"&&!Array.isArray(n)){t(n,a,i,s,c,d,p);for(var l in n){var m=n[l];if(Array.isArray(m)){if(l in wr.arrayKeywords)for(var h=0;h<m.length;h++)ci(e,t,r,m[h],a+"/"+l+"/"+h,i,a,l,n,h)}else if(l in wr.propsKeywords){if(m&&typeof m=="object")for(var y in m)ci(e,t,r,m[y],a+"/"+l+"/"+SC(y),i,a,l,n,y)}else(l in wr.keywords||e.allKeys&&!(l in wr.skipKeywords))&&ci(e,t,r,m,a+"/"+l,i,a,l,n)}r(n,a,i,s,c,d,p)}}o(ci,"_traverse");function SC(e){return e.replace(/~/g,"~0").replace(/\//g,"~1")}o(SC,"escapeJsonPtr")});var Oo=x(Je=>{"use strict";Object.defineProperty(Je,"__esModule",{value:!0});Je.getSchemaRefs=Je.resolveUrl=Je.normalizeId=Je._getFullPath=Je.getFullPath=Je.inlineRef=void 0;var _C=re(),wC=pu(),vC=Gm(),bC=new Set(["type","format","pattern","maxLength","minLength","maxProperties","minProperties","maxItems","minItems","maximum","minimum","uniqueItems","multipleOf","required","enum","const"]);function RC(e,t=!0){return typeof e=="boolean"?!0:t===!0?!mu(e):t?Vm(e)<=t:!1}o(RC,"inlineRef");Je.inlineRef=RC;var CC=new Set(["$ref","$recursiveRef","$recursiveAnchor","$dynamicRef","$dynamicAnchor"]);function mu(e){for(let t in e){if(CC.has(t))return!0;let r=e[t];if(Array.isArray(r)&&r.some(mu)||typeof r=="object"&&mu(r))return!0}return!1}o(mu,"hasRef");function Vm(e){let t=0;for(let r in e){if(r==="$ref")return 1/0;if(t++,!bC.has(r)&&(typeof e[r]=="object"&&(0,_C.eachItem)(e[r],n=>t+=Vm(n)),t===1/0))return 1/0}return t}o(Vm,"countKeys");function Fm(e,t="",r){r!==!1&&(t=Rn(t));let n=e.parse(t);return Zm(e,n)}o(Fm,"getFullPath");Je.getFullPath=Fm;function Zm(e,t){return e.serialize(t).split("#")[0]+"#"}o(Zm,"_getFullPath");Je._getFullPath=Zm;var IC=/#\/?$/;function Rn(e){return e?e.replace(IC,""):""}o(Rn,"normalizeId");Je.normalizeId=Rn;function PC(e,t,r){return r=Rn(r),e.resolve(t,r)}o(PC,"resolveUrl");Je.resolveUrl=PC;var xC=/^[a-z_][-a-z0-9._]*$/i;function AC(e,t){if(typeof e=="boolean")return{};let{schemaId:r,uriResolver:n}=this.opts,a=Rn(e[r]||t),i={"":a},s=Fm(n,a,!1),c={},d=new Set;return vC(e,{allKeys:!0},(m,h,y,_)=>{if(_===void 0)return;let S=s+h,w=i[_];typeof m[r]=="string"&&(w=v.call(this,m[r])),b.call(this,m.$anchor),b.call(this,m.$dynamicAnchor),i[h]=w;function v(R){let q=this.opts.uriResolver.resolve;if(R=Rn(w?q(w,R):R),d.has(R))throw l(R);d.add(R);let N=this.refs[R];return typeof N=="string"&&(N=this.refs[N]),typeof N=="object"?p(m,N.schema,R):R!==Rn(S)&&(R[0]==="#"?(p(m,c[R],R),c[R]=m):this.refs[R]=S),R}o(v,"addRef");function b(R){if(typeof R=="string"){if(!xC.test(R))throw new Error(`invalid anchor "${R}"`);v.call(this,`#${R}`)}}o(b,"addAnchor")}),c;function p(m,h,y){if(h!==void 0&&!wC(m,h))throw l(y)}o(p,"checkAmbiguosRef");function l(m){return new Error(`reference "${m}" resolves to more than one schema`)}o(l,"ambiguos")}o(AC,"getSchemaRefs");Je.getSchemaRefs=AC});var Mo=x(vr=>{"use strict";Object.defineProperty(vr,"__esModule",{value:!0});vr.getData=vr.KeywordCxt=vr.validateFunctionCode=void 0;var Qm=xm(),Km=Uo(),hu=au(),ui=Uo(),TC=$m(),zo=jm(),fu=Hm(),$=F(),L=Ft(),kC=Oo(),Zt=re(),$o=Eo();function EC(e){if(tf(e)&&(rf(e),ef(e))){$C(e);return}Xm(e,()=>(0,Qm.topBoolOrEmptySchema)(e))}o(EC,"validateFunctionCode");vr.validateFunctionCode=EC;function Xm({gen:e,validateName:t,schema:r,schemaEnv:n,opts:a},i){a.code.es5?e.func(t,(0,$._)`${L.default.data}, ${L.default.valCxt}`,n.$async,()=>{e.code((0,$._)`"use strict"; ${Wm(r,a)}`),OC(e,a),e.code(i)}):e.func(t,(0,$._)`${L.default.data}, ${UC(a)}`,n.$async,()=>e.code(Wm(r,a)).code(i))}o(Xm,"validateFunction");function UC(e){return(0,$._)`{${L.default.instancePath}="", ${L.default.parentData}, ${L.default.parentDataProperty}, ${L.default.rootData}=${L.default.data}${e.dynamicRef?(0,$._)`, ${L.default.dynamicAnchors}={}`:$.nil}}={}`}o(UC,"destructureValCxt");function OC(e,t){e.if(L.default.valCxt,()=>{e.var(L.default.instancePath,(0,$._)`${L.default.valCxt}.${L.default.instancePath}`),e.var(L.default.parentData,(0,$._)`${L.default.valCxt}.${L.default.parentData}`),e.var(L.default.parentDataProperty,(0,$._)`${L.default.valCxt}.${L.default.parentDataProperty}`),e.var(L.default.rootData,(0,$._)`${L.default.valCxt}.${L.default.rootData}`),t.dynamicRef&&e.var(L.default.dynamicAnchors,(0,$._)`${L.default.valCxt}.${L.default.dynamicAnchors}`)},()=>{e.var(L.default.instancePath,(0,$._)`""`),e.var(L.default.parentData,(0,$._)`undefined`),e.var(L.default.parentDataProperty,(0,$._)`undefined`),e.var(L.default.rootData,L.default.data),t.dynamicRef&&e.var(L.default.dynamicAnchors,(0,$._)`{}`)})}o(OC,"destructureValCxtES5");function $C(e){let{schema:t,opts:r,gen:n}=e;Xm(e,()=>{r.$comment&&t.$comment&&of(e),jC(e),n.let(L.default.vErrors,null),n.let(L.default.errors,0),r.unevaluated&&zC(e),nf(e),LC(e)})}o($C,"topSchemaObjCode");function zC(e){let{gen:t,validateName:r}=e;e.evaluated=t.const("evaluated",(0,$._)`${r}.evaluated`),t.if((0,$._)`${e.evaluated}.dynamicProps`,()=>t.assign((0,$._)`${e.evaluated}.props`,(0,$._)`undefined`)),t.if((0,$._)`${e.evaluated}.dynamicItems`,()=>t.assign((0,$._)`${e.evaluated}.items`,(0,$._)`undefined`))}o(zC,"resetEvaluated");function Wm(e,t){let r=typeof e=="object"&&e[t.schemaId];return r&&(t.code.source||t.code.process)?(0,$._)`/*# sourceURL=${r} */`:$.nil}o(Wm,"funcSourceUrl");function MC(e,t){if(tf(e)&&(rf(e),ef(e))){qC(e,t);return}(0,Qm.boolOrEmptySchema)(e,t)}o(MC,"subschemaCode");function ef({schema:e,self:t}){if(typeof e=="boolean")return!e;for(let r in e)if(t.RULES.all[r])return!0;return!1}o(ef,"schemaCxtHasRules");function tf(e){return typeof e.schema!="boolean"}o(tf,"isSchemaObj");function qC(e,t){let{schema:r,gen:n,opts:a}=e;a.$comment&&r.$comment&&of(e),DC(e),HC(e);let i=n.const("_errs",L.default.errors);nf(e,i),n.var(t,(0,$._)`${i} === ${L.default.errors}`)}o(qC,"subSchemaObjCode");function rf(e){(0,Zt.checkUnknownRules)(e),NC(e)}o(rf,"checkKeywords");function nf(e,t){if(e.opts.jtd)return Jm(e,[],!1,t);let r=(0,Km.getSchemaTypes)(e.schema),n=(0,Km.coerceAndCheckDataType)(e,r);Jm(e,r,!n,t)}o(nf,"typeAndKeywords");function NC(e){let{schema:t,errSchemaPath:r,opts:n,self:a}=e;t.$ref&&n.ignoreKeywordsWithRef&&(0,Zt.schemaHasRulesButRef)(t,a.RULES)&&a.logger.warn(`$ref: keywords ignored in schema at path "${r}"`)}o(NC,"checkRefsAndKeywords");function jC(e){let{schema:t,opts:r}=e;t.default!==void 0&&r.useDefaults&&r.strictSchema&&(0,Zt.checkStrictMode)(e,"default is ignored in the schema root")}o(jC,"checkNoDefault");function DC(e){let t=e.schema[e.opts.schemaId];t&&(e.baseId=(0,kC.resolveUrl)(e.opts.uriResolver,e.baseId,t))}o(DC,"updateContext");function HC(e){if(e.schema.$async&&!e.schemaEnv.$async)throw new Error("async schema in sync schema")}o(HC,"checkAsyncSchema");function of({gen:e,schemaEnv:t,schema:r,errSchemaPath:n,opts:a}){let i=r.$comment;if(a.$comment===!0)e.code((0,$._)`${L.default.self}.logger.log(${i})`);else if(typeof a.$comment=="function"){let s=(0,$.str)`${n}/$comment`,c=e.scopeValue("root",{ref:t.root});e.code((0,$._)`${L.default.self}.opts.$comment(${i}, ${s}, ${c}.schema)`)}}o(of,"commentKeyword");function LC(e){let{gen:t,schemaEnv:r,validateName:n,ValidationError:a,opts:i}=e;r.$async?t.if((0,$._)`${L.default.errors} === 0`,()=>t.return(L.default.data),()=>t.throw((0,$._)`new ${a}(${L.default.vErrors})`)):(t.assign((0,$._)`${n}.errors`,L.default.vErrors),i.unevaluated&&BC(e),t.return((0,$._)`${L.default.errors} === 0`))}o(LC,"returnResults");function BC({gen:e,evaluated:t,props:r,items:n}){r instanceof $.Name&&e.assign((0,$._)`${t}.props`,r),n instanceof $.Name&&e.assign((0,$._)`${t}.items`,n)}o(BC,"assignEvaluated");function Jm(e,t,r,n){let{gen:a,schema:i,data:s,allErrors:c,opts:d,self:p}=e,{RULES:l}=p;if(i.$ref&&(d.ignoreKeywordsWithRef||!(0,Zt.schemaHasRulesButRef)(i,l))){a.block(()=>sf(e,"$ref",l.all.$ref.definition));return}d.jtd||GC(e,t),a.block(()=>{for(let h of l.rules)m(h);m(l.post)});function m(h){(0,hu.shouldUseGroup)(i,h)&&(h.type?(a.if((0,ui.checkDataType)(h.type,s,d.strictNumbers)),Ym(e,h),t.length===1&&t[0]===h.type&&r&&(a.else(),(0,ui.reportTypeError)(e)),a.endIf()):Ym(e,h),c||a.if((0,$._)`${L.default.errors} === ${n||0}`))}o(m,"groupKeywords")}o(Jm,"schemaKeywords");function Ym(e,t){let{gen:r,schema:n,opts:{useDefaults:a}}=e;a&&(0,TC.assignDefaults)(e,t.type),r.block(()=>{for(let i of t.rules)(0,hu.shouldUseRule)(n,i)&&sf(e,i.keyword,i.definition,t.type)})}o(Ym,"iterateKeywords");function GC(e,t){e.schemaEnv.meta||!e.opts.strictTypes||(VC(e,t),e.opts.allowUnionTypes||FC(e,t),ZC(e,e.dataTypes))}o(GC,"checkStrictTypes");function VC(e,t){if(t.length){if(!e.dataTypes.length){e.dataTypes=t;return}t.forEach(r=>{af(e.dataTypes,r)||gu(e,`type "${r}" not allowed by context "${e.dataTypes.join(",")}"`)}),WC(e,t)}}o(VC,"checkContextTypes");function FC(e,t){t.length>1&&!(t.length===2&&t.includes("null"))&&gu(e,"use allowUnionTypes to allow union type keyword")}o(FC,"checkMultipleTypes");function ZC(e,t){let r=e.self.RULES.all;for(let n in r){let a=r[n];if(typeof a=="object"&&(0,hu.shouldUseRule)(e.schema,a)){let{type:i}=a.definition;i.length&&!i.some(s=>KC(t,s))&&gu(e,`missing type "${i.join(",")}" for keyword "${n}"`)}}}o(ZC,"checkKeywordTypes");function KC(e,t){return e.includes(t)||t==="number"&&e.includes("integer")}o(KC,"hasApplicableType");function af(e,t){return e.includes(t)||t==="integer"&&e.includes("number")}o(af,"includesType");function WC(e,t){let r=[];for(let n of e.dataTypes)af(t,n)?r.push(n):t.includes("integer")&&n==="number"&&r.push("integer");e.dataTypes=r}o(WC,"narrowSchemaTypes");function gu(e,t){let r=e.schemaEnv.baseId+e.errSchemaPath;t+=` at "${r}" (strictTypes)`,(0,Zt.checkStrictMode)(e,t,e.opts.strictTypes)}o(gu,"strictTypesError");var di=class{static{o(this,"KeywordCxt")}constructor(t,r,n){if((0,zo.validateKeywordUsage)(t,r,n),this.gen=t.gen,this.allErrors=t.allErrors,this.keyword=n,this.data=t.data,this.schema=t.schema[n],this.$data=r.$data&&t.opts.$data&&this.schema&&this.schema.$data,this.schemaValue=(0,Zt.schemaRefOrVal)(t,this.schema,n,this.$data),this.schemaType=r.schemaType,this.parentSchema=t.schema,this.params={},this.it=t,this.def=r,this.$data)this.schemaCode=t.gen.const("vSchema",cf(this.$data,t));else if(this.schemaCode=this.schemaValue,!(0,zo.validSchemaType)(this.schema,r.schemaType,r.allowUndefined))throw new Error(`${n} value must be ${JSON.stringify(r.schemaType)}`);("code"in r?r.trackErrors:r.errors!==!1)&&(this.errsCount=t.gen.const("_errs",L.default.errors))}result(t,r,n){this.failResult((0,$.not)(t),r,n)}failResult(t,r,n){this.gen.if(t),n?n():this.error(),r?(this.gen.else(),r(),this.allErrors&&this.gen.endIf()):this.allErrors?this.gen.endIf():this.gen.else()}pass(t,r){this.failResult((0,$.not)(t),void 0,r)}fail(t){if(t===void 0){this.error(),this.allErrors||this.gen.if(!1);return}this.gen.if(t),this.error(),this.allErrors?this.gen.endIf():this.gen.else()}fail$data(t){if(!this.$data)return this.fail(t);let{schemaCode:r}=this;this.fail((0,$._)`${r} !== undefined && (${(0,$.or)(this.invalid$data(),t)})`)}error(t,r,n){if(r){this.setParams(r),this._error(t,n),this.setParams({});return}this._error(t,n)}_error(t,r){(t?$o.reportExtraError:$o.reportError)(this,this.def.error,r)}$dataError(){(0,$o.reportError)(this,this.def.$dataError||$o.keyword$DataError)}reset(){if(this.errsCount===void 0)throw new Error('add "trackErrors" to keyword definition');(0,$o.resetErrorsCount)(this.gen,this.errsCount)}ok(t){this.allErrors||this.gen.if(t)}setParams(t,r){r?Object.assign(this.params,t):this.params=t}block$data(t,r,n=$.nil){this.gen.block(()=>{this.check$data(t,n),r()})}check$data(t=$.nil,r=$.nil){if(!this.$data)return;let{gen:n,schemaCode:a,schemaType:i,def:s}=this;n.if((0,$.or)((0,$._)`${a} === undefined`,r)),t!==$.nil&&n.assign(t,!0),(i.length||s.validateSchema)&&(n.elseIf(this.invalid$data()),this.$dataError(),t!==$.nil&&n.assign(t,!1)),n.else()}invalid$data(){let{gen:t,schemaCode:r,schemaType:n,def:a,it:i}=this;return(0,$.or)(s(),c());function s(){if(n.length){if(!(r instanceof $.Name))throw new Error("ajv implementation error");let d=Array.isArray(n)?n:[n];return(0,$._)`${(0,ui.checkDataTypes)(d,r,i.opts.strictNumbers,ui.DataType.Wrong)}`}return $.nil}function c(){if(a.validateSchema){let d=t.scopeValue("validate$data",{ref:a.validateSchema});return(0,$._)`!${d}(${r})`}return $.nil}}subschema(t,r){let n=(0,fu.getSubschema)(this.it,t);(0,fu.extendSubschemaData)(n,this.it,t),(0,fu.extendSubschemaMode)(n,t);let a={...this.it,...n,items:void 0,props:void 0};return MC(a,r),a}mergeEvaluated(t,r){let{it:n,gen:a}=this;n.opts.unevaluated&&(n.props!==!0&&t.props!==void 0&&(n.props=Zt.mergeEvaluated.props(a,t.props,n.props,r)),n.items!==!0&&t.items!==void 0&&(n.items=Zt.mergeEvaluated.items(a,t.items,n.items,r)))}mergeValidEvaluated(t,r){let{it:n,gen:a}=this;if(n.opts.unevaluated&&(n.props!==!0||n.items!==!0))return a.if(r,()=>this.mergeEvaluated(t,$.Name)),!0}};vr.KeywordCxt=di;function sf(e,t,r,n){let a=new di(e,r,t);"code"in r?r.code(a,n):a.$data&&r.validate?(0,zo.funcKeywordCode)(a,r):"macro"in r?(0,zo.macroKeywordCode)(a,r):(r.compile||r.validate)&&(0,zo.funcKeywordCode)(a,r)}o(sf,"keywordCode");var JC=/^\/(?:[^~]|~0|~1)*$/,YC=/^([0-9]+)(#|\/(?:[^~]|~0|~1)*)?$/;function cf(e,{dataLevel:t,dataNames:r,dataPathArr:n}){let a,i;if(e==="")return L.default.rootData;if(e[0]==="/"){if(!JC.test(e))throw new Error(`Invalid JSON-pointer: ${e}`);a=e,i=L.default.rootData}else{let p=YC.exec(e);if(!p)throw new Error(`Invalid JSON-pointer: ${e}`);let l=+p[1];if(a=p[2],a==="#"){if(l>=t)throw new Error(d("property/index",l));return n[t-l]}if(l>t)throw new Error(d("data",l));if(i=r[t-l],!a)return i}let s=i,c=a.split("/");for(let p of c)p&&(i=(0,$._)`${i}${(0,$.getProperty)((0,Zt.unescapeJsonPointer)(p))}`,s=(0,$._)`${s} && ${i}`);return s;function d(p,l){return`Cannot access ${p} ${l} levels up, current level is ${t}`}}o(cf,"getData");vr.getData=cf});var li=x(Su=>{"use strict";Object.defineProperty(Su,"__esModule",{value:!0});var yu=class extends Error{static{o(this,"ValidationError")}constructor(t){super("validation failed"),this.errors=t,this.ajv=this.validation=!0}};Su.default=yu});var qo=x(vu=>{"use strict";Object.defineProperty(vu,"__esModule",{value:!0});var _u=Oo(),wu=class extends Error{static{o(this,"MissingRefError")}constructor(t,r,n,a){super(a||`can't resolve reference ${n} from id ${r}`),this.missingRef=(0,_u.resolveUrl)(t,r,n),this.missingSchema=(0,_u.normalizeId)((0,_u.getFullPath)(t,this.missingRef))}};vu.default=wu});var mi=x(lt=>{"use strict";Object.defineProperty(lt,"__esModule",{value:!0});lt.resolveSchema=lt.getCompilingSchema=lt.resolveRef=lt.compileSchema=lt.SchemaEnv=void 0;var wt=F(),QC=li(),Lr=Ft(),vt=Oo(),uf=re(),XC=Mo(),Cn=class{static{o(this,"SchemaEnv")}constructor(t){var r;this.refs={},this.dynamicAnchors={};let n;typeof t.schema=="object"&&(n=t.schema),this.schema=t.schema,this.schemaId=t.schemaId,this.root=t.root||this,this.baseId=(r=t.baseId)!==null&&r!==void 0?r:(0,vt.normalizeId)(n?.[t.schemaId||"$id"]),this.schemaPath=t.schemaPath,this.localRefs=t.localRefs,this.meta=t.meta,this.$async=n?.$async,this.refs={}}};lt.SchemaEnv=Cn;function Ru(e){let t=df.call(this,e);if(t)return t;let r=(0,vt.getFullPath)(this.opts.uriResolver,e.root.baseId),{es5:n,lines:a}=this.opts.code,{ownProperties:i}=this.opts,s=new wt.CodeGen(this.scope,{es5:n,lines:a,ownProperties:i}),c;e.$async&&(c=s.scopeValue("Error",{ref:QC.default,code:(0,wt._)`require("ajv/dist/runtime/validation_error").default`}));let d=s.scopeName("validate");e.validateName=d;let p={gen:s,allErrors:this.opts.allErrors,data:Lr.default.data,parentData:Lr.default.parentData,parentDataProperty:Lr.default.parentDataProperty,dataNames:[Lr.default.data],dataPathArr:[wt.nil],dataLevel:0,dataTypes:[],definedProperties:new Set,topSchemaRef:s.scopeValue("schema",this.opts.code.source===!0?{ref:e.schema,code:(0,wt.stringify)(e.schema)}:{ref:e.schema}),validateName:d,ValidationError:c,schema:e.schema,schemaEnv:e,rootId:r,baseId:e.baseId||r,schemaPath:wt.nil,errSchemaPath:e.schemaPath||(this.opts.jtd?"":"#"),errorPath:(0,wt._)`""`,opts:this.opts,self:this},l;try{this._compilations.add(e),(0,XC.validateFunctionCode)(p),s.optimize(this.opts.code.optimize);let m=s.toString();l=`${s.scopeRefs(Lr.default.scope)}return ${m}`,this.opts.code.process&&(l=this.opts.code.process(l,e));let y=new Function(`${Lr.default.self}`,`${Lr.default.scope}`,l)(this,this.scope.get());if(this.scope.value(d,{ref:y}),y.errors=null,y.schema=e.schema,y.schemaEnv=e,e.$async&&(y.$async=!0),this.opts.code.source===!0&&(y.source={validateName:d,validateCode:m,scopeValues:s._values}),this.opts.unevaluated){let{props:_,items:S}=p;y.evaluated={props:_ instanceof wt.Name?void 0:_,items:S instanceof wt.Name?void 0:S,dynamicProps:_ instanceof wt.Name,dynamicItems:S instanceof wt.Name},y.source&&(y.source.evaluated=(0,wt.stringify)(y.evaluated))}return e.validate=y,e}catch(m){throw delete e.validate,delete e.validateName,l&&this.logger.error("Error compiling schema, function code:",l),m}finally{this._compilations.delete(e)}}o(Ru,"compileSchema");lt.compileSchema=Ru;function eI(e,t,r){var n;r=(0,vt.resolveUrl)(this.opts.uriResolver,t,r);let a=e.refs[r];if(a)return a;let i=nI.call(this,e,r);if(i===void 0){let s=(n=e.localRefs)===null||n===void 0?void 0:n[r],{schemaId:c}=this.opts;s&&(i=new Cn({schema:s,schemaId:c,root:e,baseId:t}))}if(i!==void 0)return e.refs[r]=tI.call(this,i)}o(eI,"resolveRef");lt.resolveRef=eI;function tI(e){return(0,vt.inlineRef)(e.schema,this.opts.inlineRefs)?e.schema:e.validate?e:Ru.call(this,e)}o(tI,"inlineOrCompile");function df(e){for(let t of this._compilations)if(rI(t,e))return t}o(df,"getCompilingSchema");lt.getCompilingSchema=df;function rI(e,t){return e.schema===t.schema&&e.root===t.root&&e.baseId===t.baseId}o(rI,"sameSchemaEnv");function nI(e,t){let r;for(;typeof(r=this.refs[t])=="string";)t=r;return r||this.schemas[t]||pi.call(this,e,t)}o(nI,"resolve");function pi(e,t){let r=this.opts.uriResolver.parse(t),n=(0,vt._getFullPath)(this.opts.uriResolver,r),a=(0,vt.getFullPath)(this.opts.uriResolver,e.baseId,void 0);if(Object.keys(e.schema).length>0&&n===a)return bu.call(this,r,e);let i=(0,vt.normalizeId)(n),s=this.refs[i]||this.schemas[i];if(typeof s=="string"){let c=pi.call(this,e,s);return typeof c?.schema!="object"?void 0:bu.call(this,r,c)}if(typeof s?.schema=="object"){if(s.validate||Ru.call(this,s),i===(0,vt.normalizeId)(t)){let{schema:c}=s,{schemaId:d}=this.opts,p=c[d];return p&&(a=(0,vt.resolveUrl)(this.opts.uriResolver,a,p)),new Cn({schema:c,schemaId:d,root:e,baseId:a})}return bu.call(this,r,s)}}o(pi,"resolveSchema");lt.resolveSchema=pi;var oI=new Set(["properties","patternProperties","enum","dependencies","definitions"]);function bu(e,{baseId:t,schema:r,root:n}){var a;if(((a=e.fragment)===null||a===void 0?void 0:a[0])!=="/")return;for(let c of e.fragment.slice(1).split("/")){if(typeof r=="boolean")return;let d=r[(0,uf.unescapeFragment)(c)];if(d===void 0)return;r=d;let p=typeof r=="object"&&r[this.opts.schemaId];!oI.has(c)&&p&&(t=(0,vt.resolveUrl)(this.opts.uriResolver,t,p))}let i;if(typeof r!="boolean"&&r.$ref&&!(0,uf.schemaHasRulesButRef)(r,this.RULES)){let c=(0,vt.resolveUrl)(this.opts.uriResolver,t,r.$ref);i=pi.call(this,n,c)}let{schemaId:s}=this.opts;if(i=i||new Cn({schema:r,schemaId:s,root:n,baseId:t}),i.schema!==i.root.schema)return i}o(bu,"getJsonPointer")});var lf=x((KH,aI)=>{aI.exports={$id:"https://raw.githubusercontent.com/ajv-validator/ajv/master/lib/refs/data.json#",description:"Meta-schema for $data reference (JSON AnySchema extension proposal)",type:"object",required:["$data"],properties:{$data:{type:"string",anyOf:[{format:"relative-json-pointer"},{format:"json-pointer"}]}},additionalProperties:!1}});var Iu=x((WH,hf)=>{"use strict";var iI=RegExp.prototype.test.bind(/^[\da-f]{8}-[\da-f]{4}-[\da-f]{4}-[\da-f]{4}-[\da-f]{12}$/iu),mf=RegExp.prototype.test.bind(/^(?:(?:25[0-5]|2[0-4]\d|1\d{2}|[1-9]\d|\d)\.){3}(?:25[0-5]|2[0-4]\d|1\d{2}|[1-9]\d|\d)$/u);function Cu(e){let t="",r=0,n=0;for(n=0;n<e.length;n++)if(r=e[n].charCodeAt(0),r!==48){if(!(r>=48&&r<=57||r>=65&&r<=70||r>=97&&r<=102))return"";t+=e[n];break}for(n+=1;n<e.length;n++){if(r=e[n].charCodeAt(0),!(r>=48&&r<=57||r>=65&&r<=70||r>=97&&r<=102))return"";t+=e[n]}return t}o(Cu,"stringArrayToHexStripped");var sI=RegExp.prototype.test.bind(/[^!"$&'()*+,\-.;=_`a-z{}~]/u);function pf(e){return e.length=0,!0}o(pf,"consumeIsZone");function cI(e,t,r){if(e.length){let n=Cu(e);if(n!=="")t.push(n);else return r.error=!0,!1;e.length=0}return!0}o(cI,"consumeHextets");function uI(e){let t=0,r={error:!1,address:"",zone:""},n=[],a=[],i=!1,s=!1,c=cI;for(let d=0;d<e.length;d++){let p=e[d];if(!(p==="["||p==="]"))if(p===":"){if(i===!0&&(s=!0),!c(a,n,r))break;if(++t>7){r.error=!0;break}d>0&&e[d-1]===":"&&(i=!0),n.push(":");continue}else if(p==="%"){if(!c(a,n,r))break;c=pf}else{a.push(p);continue}}return a.length&&(c===pf?r.zone=a.join(""):s?n.push(a.join("")):n.push(Cu(a))),r.address=n.join(""),r}o(uI,"getIPV6");function ff(e){if(dI(e,":")<2)return{host:e,isIPV6:!1};let t=uI(e);if(t.error)return{host:e,isIPV6:!1};{let r=t.address,n=t.address;return t.zone&&(r+="%"+t.zone,n+="%25"+t.zone),{host:r,isIPV6:!0,escapedHost:n}}}o(ff,"normalizeIPv6");function dI(e,t){let r=0;for(let n=0;n<e.length;n++)e[n]===t&&r++;return r}o(dI,"findToken");function lI(e){let t=e,r=[],n=-1,a=0;for(;a=t.length;){if(a===1){if(t===".")break;if(t==="/"){r.push("/");break}else{r.push(t);break}}else if(a===2){if(t[0]==="."){if(t[1]===".")break;if(t[1]==="/"){t=t.slice(2);continue}}else if(t[0]==="/"&&(t[1]==="."||t[1]==="/")){r.push("/");break}}else if(a===3&&t==="/.."){r.length!==0&&r.pop(),r.push("/");break}if(t[0]==="."){if(t[1]==="."){if(t[2]==="/"){t=t.slice(3);continue}}else if(t[1]==="/"){t=t.slice(2);continue}}else if(t[0]==="/"&&t[1]==="."){if(t[2]==="/"){t=t.slice(2);continue}else if(t[2]==="."&&t[3]==="/"){t=t.slice(3),r.length!==0&&r.pop();continue}}if((n=t.indexOf("/",1))===-1){r.push(t);break}else r.push(t.slice(0,n)),t=t.slice(n)}return r.join("")}o(lI,"removeDotSegments");function pI(e,t){let r=t!==!0?escape:unescape;return e.scheme!==void 0&&(e.scheme=r(e.scheme)),e.userinfo!==void 0&&(e.userinfo=r(e.userinfo)),e.host!==void 0&&(e.host=r(e.host)),e.path!==void 0&&(e.path=r(e.path)),e.query!==void 0&&(e.query=r(e.query)),e.fragment!==void 0&&(e.fragment=r(e.fragment)),e}o(pI,"normalizeComponentEncoding");function mI(e){let t=[];if(e.userinfo!==void 0&&(t.push(e.userinfo),t.push("@")),e.host!==void 0){let r=unescape(e.host);if(!mf(r)){let n=ff(r);n.isIPV6===!0?r=`[${n.escapedHost}]`:r=e.host}t.push(r)}return(typeof e.port=="number"||typeof e.port=="string")&&(t.push(":"),t.push(String(e.port))),t.length?t.join(""):void 0}o(mI,"recomposeAuthority");hf.exports={nonSimpleDomain:sI,recomposeAuthority:mI,normalizeComponentEncoding:pI,removeDotSegments:lI,isIPv4:mf,isUUID:iI,normalizeIPv6:ff,stringArrayToHexStripped:Cu}});var wf=x((YH,_f)=>{"use strict";var{isUUID:fI}=Iu(),hI=/([\da-z][\d\-a-z]{0,31}):((?:[\w!$'()*+,\-.:;=@]|%[\da-f]{2})+)/iu,gI=["http","https","ws","wss","urn","urn:uuid"];function yI(e){return gI.indexOf(e)!==-1}o(yI,"isValidSchemeName");function Pu(e){return e.secure===!0?!0:e.secure===!1?!1:e.scheme?e.scheme.length===3&&(e.scheme[0]==="w"||e.scheme[0]==="W")&&(e.scheme[1]==="s"||e.scheme[1]==="S")&&(e.scheme[2]==="s"||e.scheme[2]==="S"):!1}o(Pu,"wsIsSecure");function gf(e){return e.host||(e.error=e.error||"HTTP URIs must have a host."),e}o(gf,"httpParse");function yf(e){let t=String(e.scheme).toLowerCase()==="https";return(e.port===(t?443:80)||e.port==="")&&(e.port=void 0),e.path||(e.path="/"),e}o(yf,"httpSerialize");function SI(e){return e.secure=Pu(e),e.resourceName=(e.path||"/")+(e.query?"?"+e.query:""),e.path=void 0,e.query=void 0,e}o(SI,"wsParse");function _I(e){if((e.port===(Pu(e)?443:80)||e.port==="")&&(e.port=void 0),typeof e.secure=="boolean"&&(e.scheme=e.secure?"wss":"ws",e.secure=void 0),e.resourceName){let[t,r]=e.resourceName.split("?");e.path=t&&t!=="/"?t:void 0,e.query=r,e.resourceName=void 0}return e.fragment=void 0,e}o(_I,"wsSerialize");function wI(e,t){if(!e.path)return e.error="URN can not be parsed",e;let r=e.path.match(hI);if(r){let n=t.scheme||e.scheme||"urn";e.nid=r[1].toLowerCase(),e.nss=r[2];let a=`${n}:${t.nid||e.nid}`,i=xu(a);e.path=void 0,i&&(e=i.parse(e,t))}else e.error=e.error||"URN can not be parsed.";return e}o(wI,"urnParse");function vI(e,t){if(e.nid===void 0)throw new Error("URN without nid cannot be serialized");let r=t.scheme||e.scheme||"urn",n=e.nid.toLowerCase(),a=`${r}:${t.nid||n}`,i=xu(a);i&&(e=i.serialize(e,t));let s=e,c=e.nss;return s.path=`${n||t.nid}:${c}`,t.skipEscape=!0,s}o(vI,"urnSerialize");function bI(e,t){let r=e;return r.uuid=r.nss,r.nss=void 0,!t.tolerant&&(!r.uuid||!fI(r.uuid))&&(r.error=r.error||"UUID is not valid."),r}o(bI,"urnuuidParse");function RI(e){let t=e;return t.nss=(e.uuid||"").toLowerCase(),t}o(RI,"urnuuidSerialize");var Sf={scheme:"http",domainHost:!0,parse:gf,serialize:yf},CI={scheme:"https",domainHost:Sf.domainHost,parse:gf,serialize:yf},fi={scheme:"ws",domainHost:!0,parse:SI,serialize:_I},II={scheme:"wss",domainHost:fi.domainHost,parse:fi.parse,serialize:fi.serialize},PI={scheme:"urn",parse:wI,serialize:vI,skipNormalize:!0},xI={scheme:"urn:uuid",parse:bI,serialize:RI,skipNormalize:!0},hi={http:Sf,https:CI,ws:fi,wss:II,urn:PI,"urn:uuid":xI};Object.setPrototypeOf(hi,null);function xu(e){return e&&(hi[e]||hi[e.toLowerCase()])||void 0}o(xu,"getSchemeHandler");_f.exports={wsIsSecure:Pu,SCHEMES:hi,isValidSchemeName:yI,getSchemeHandler:xu}});var Rf=x((XH,yi)=>{"use strict";var{normalizeIPv6:AI,removeDotSegments:No,recomposeAuthority:TI,normalizeComponentEncoding:gi,isIPv4:kI,nonSimpleDomain:EI}=Iu(),{SCHEMES:UI,getSchemeHandler:vf}=wf();function OI(e,t){return typeof e=="string"?e=At(Kt(e,t),t):typeof e=="object"&&(e=Kt(At(e,t),t)),e}o(OI,"normalize");function $I(e,t,r){let n=r?Object.assign({scheme:"null"},r):{scheme:"null"},a=bf(Kt(e,n),Kt(t,n),n,!0);return n.skipEscape=!0,At(a,n)}o($I,"resolve");function bf(e,t,r,n){let a={};return n||(e=Kt(At(e,r),r),t=Kt(At(t,r),r)),r=r||{},!r.tolerant&&t.scheme?(a.scheme=t.scheme,a.userinfo=t.userinfo,a.host=t.host,a.port=t.port,a.path=No(t.path||""),a.query=t.query):(t.userinfo!==void 0||t.host!==void 0||t.port!==void 0?(a.userinfo=t.userinfo,a.host=t.host,a.port=t.port,a.path=No(t.path||""),a.query=t.query):(t.path?(t.path[0]==="/"?a.path=No(t.path):((e.userinfo!==void 0||e.host!==void 0||e.port!==void 0)&&!e.path?a.path="/"+t.path:e.path?a.path=e.path.slice(0,e.path.lastIndexOf("/")+1)+t.path:a.path=t.path,a.path=No(a.path)),a.query=t.query):(a.path=e.path,t.query!==void 0?a.query=t.query:a.query=e.query),a.userinfo=e.userinfo,a.host=e.host,a.port=e.port),a.scheme=e.scheme),a.fragment=t.fragment,a}o(bf,"resolveComponent");function zI(e,t,r){return typeof e=="string"?(e=unescape(e),e=At(gi(Kt(e,r),!0),{...r,skipEscape:!0})):typeof e=="object"&&(e=At(gi(e,!0),{...r,skipEscape:!0})),typeof t=="string"?(t=unescape(t),t=At(gi(Kt(t,r),!0),{...r,skipEscape:!0})):typeof t=="object"&&(t=At(gi(t,!0),{...r,skipEscape:!0})),e.toLowerCase()===t.toLowerCase()}o(zI,"equal");function At(e,t){let r={host:e.host,scheme:e.scheme,userinfo:e.userinfo,port:e.port,path:e.path,query:e.query,nid:e.nid,nss:e.nss,uuid:e.uuid,fragment:e.fragment,reference:e.reference,resourceName:e.resourceName,secure:e.secure,error:""},n=Object.assign({},t),a=[],i=vf(n.scheme||r.scheme);i&&i.serialize&&i.serialize(r,n),r.path!==void 0&&(n.skipEscape?r.path=unescape(r.path):(r.path=escape(r.path),r.scheme!==void 0&&(r.path=r.path.split("%3A").join(":")))),n.reference!=="suffix"&&r.scheme&&a.push(r.scheme,":");let s=TI(r);if(s!==void 0&&(n.reference!=="suffix"&&a.push("//"),a.push(s),r.path&&r.path[0]!=="/"&&a.push("/")),r.path!==void 0){let c=r.path;!n.absolutePath&&(!i||!i.absolutePath)&&(c=No(c)),s===void 0&&c[0]==="/"&&c[1]==="/"&&(c="/%2F"+c.slice(2)),a.push(c)}return r.query!==void 0&&a.push("?",r.query),r.fragment!==void 0&&a.push("#",r.fragment),a.join("")}o(At,"serialize");var MI=/^(?:([^#/:?]+):)?(?:\/\/((?:([^#/?@]*)@)?(\[[^#/?\]]+\]|[^#/:?]*)(?::(\d*))?))?([^#?]*)(?:\?([^#]*))?(?:#((?:.|[\n\r])*))?/u;function Kt(e,t){let r=Object.assign({},t),n={scheme:void 0,userinfo:void 0,host:"",port:void 0,path:"",query:void 0,fragment:void 0},a=!1;r.reference==="suffix"&&(r.scheme?e=r.scheme+":"+e:e="//"+e);let i=e.match(MI);if(i){if(n.scheme=i[1],n.userinfo=i[3],n.host=i[4],n.port=parseInt(i[5],10),n.path=i[6]||"",n.query=i[7],n.fragment=i[8],isNaN(n.port)&&(n.port=i[5]),n.host)if(kI(n.host)===!1){let d=AI(n.host);n.host=d.host.toLowerCase(),a=d.isIPV6}else a=!0;n.scheme===void 0&&n.userinfo===void 0&&n.host===void 0&&n.port===void 0&&n.query===void 0&&!n.path?n.reference="same-document":n.scheme===void 0?n.reference="relative":n.fragment===void 0?n.reference="absolute":n.reference="uri",r.reference&&r.reference!=="suffix"&&r.reference!==n.reference&&(n.error=n.error||"URI is not a "+r.reference+" reference.");let s=vf(r.scheme||n.scheme);if(!r.unicodeSupport&&(!s||!s.unicodeSupport)&&n.host&&(r.domainHost||s&&s.domainHost)&&a===!1&&EI(n.host))try{n.host=URL.domainToASCII(n.host.toLowerCase())}catch(c){n.error=n.error||"Host's domain name can not be converted to ASCII: "+c}(!s||s&&!s.skipNormalize)&&(e.indexOf("%")!==-1&&(n.scheme!==void 0&&(n.scheme=unescape(n.scheme)),n.host!==void 0&&(n.host=unescape(n.host))),n.path&&(n.path=escape(unescape(n.path))),n.fragment&&(n.fragment=encodeURI(decodeURIComponent(n.fragment)))),s&&s.parse&&s.parse(n,r)}else n.error=n.error||"URI can not be parsed.";return n}o(Kt,"parse");var Au={SCHEMES:UI,normalize:OI,resolve:$I,resolveComponent:bf,equal:zI,serialize:At,parse:Kt};yi.exports=Au;yi.exports.default=Au;yi.exports.fastUri=Au});var If=x(Tu=>{"use strict";Object.defineProperty(Tu,"__esModule",{value:!0});var Cf=Rf();Cf.code='require("ajv/dist/runtime/uri").default';Tu.default=Cf});var Of=x(Ee=>{"use strict";Object.defineProperty(Ee,"__esModule",{value:!0});Ee.CodeGen=Ee.Name=Ee.nil=Ee.stringify=Ee.str=Ee._=Ee.KeywordCxt=void 0;var qI=Mo();Object.defineProperty(Ee,"KeywordCxt",{enumerable:!0,get:o(function(){return qI.KeywordCxt},"get")});var In=F();Object.defineProperty(Ee,"_",{enumerable:!0,get:o(function(){return In._},"get")});Object.defineProperty(Ee,"str",{enumerable:!0,get:o(function(){return In.str},"get")});Object.defineProperty(Ee,"stringify",{enumerable:!0,get:o(function(){return In.stringify},"get")});Object.defineProperty(Ee,"nil",{enumerable:!0,get:o(function(){return In.nil},"get")});Object.defineProperty(Ee,"Name",{enumerable:!0,get:o(function(){return In.Name},"get")});Object.defineProperty(Ee,"CodeGen",{enumerable:!0,get:o(function(){return In.CodeGen},"get")});var NI=li(),kf=qo(),jI=ou(),jo=mi(),DI=F(),Do=Oo(),Si=Uo(),Eu=re(),Pf=lf(),HI=If(),Ef=o((e,t)=>new RegExp(e,t),"defaultRegExp");Ef.code="new RegExp";var LI=["removeAdditional","useDefaults","coerceTypes"],BI=new Set(["validate","serialize","parse","wrapper","root","schema","keyword","pattern","formats","validate$data","func","obj","Error"]),GI={errorDataPath:"",format:"`validateFormats: false` can be used instead.",nullable:'"nullable" keyword is supported by default.',jsonPointers:"Deprecated jsPropertySyntax can be used instead.",extendRefs:"Deprecated ignoreKeywordsWithRef can be used instead.",missingRefs:"Pass empty schema with $id that should be ignored to ajv.addSchema.",processCode:"Use option `code: {process: (code, schemaEnv: object) => string}`",sourceCode:"Use option `code: {source: true}`",strictDefaults:"It is default now, see option `strict`.",strictKeywords:"It is default now, see option `strict`.",uniqueItems:'"uniqueItems" keyword is always validated.',unknownFormats:"Disable strict mode or pass `true` to `ajv.addFormat` (or `formats` option).",cache:"Map is used as cache, schema object as key.",serialize:"Map is used as cache, schema object as key.",ajvErrors:"It is default now."},VI={ignoreKeywordsWithRef:"",jsPropertySyntax:"",unicode:'"minLength"/"maxLength" account for unicode characters by default.'},xf=200;function FI(e){var t,r,n,a,i,s,c,d,p,l,m,h,y,_,S,w,v,b,R,q,N,qe,it,dn,ir;let qt=e.strict,Er=(t=e.code)===null||t===void 0?void 0:t.optimize,no=Er===!0||Er===void 0?1:Er||0,oo=(n=(r=e.code)===null||r===void 0?void 0:r.regExp)!==null&&n!==void 0?n:Ef,ao=(a=e.uriResolver)!==null&&a!==void 0?a:HI.default;return{strictSchema:(s=(i=e.strictSchema)!==null&&i!==void 0?i:qt)!==null&&s!==void 0?s:!0,strictNumbers:(d=(c=e.strictNumbers)!==null&&c!==void 0?c:qt)!==null&&d!==void 0?d:!0,strictTypes:(l=(p=e.strictTypes)!==null&&p!==void 0?p:qt)!==null&&l!==void 0?l:"log",strictTuples:(h=(m=e.strictTuples)!==null&&m!==void 0?m:qt)!==null&&h!==void 0?h:"log",strictRequired:(_=(y=e.strictRequired)!==null&&y!==void 0?y:qt)!==null&&_!==void 0?_:!1,code:e.code?{...e.code,optimize:no,regExp:oo}:{optimize:no,regExp:oo},loopRequired:(S=e.loopRequired)!==null&&S!==void 0?S:xf,loopEnum:(w=e.loopEnum)!==null&&w!==void 0?w:xf,meta:(v=e.meta)!==null&&v!==void 0?v:!0,messages:(b=e.messages)!==null&&b!==void 0?b:!0,inlineRefs:(R=e.inlineRefs)!==null&&R!==void 0?R:!0,schemaId:(q=e.schemaId)!==null&&q!==void 0?q:"$id",addUsedSchema:(N=e.addUsedSchema)!==null&&N!==void 0?N:!0,validateSchema:(qe=e.validateSchema)!==null&&qe!==void 0?qe:!0,validateFormats:(it=e.validateFormats)!==null&&it!==void 0?it:!0,unicodeRegExp:(dn=e.unicodeRegExp)!==null&&dn!==void 0?dn:!0,int32range:(ir=e.int32range)!==null&&ir!==void 0?ir:!0,uriResolver:ao}}o(FI,"requiredOptions");var Ho=class{static{o(this,"Ajv")}constructor(t={}){this.schemas={},this.refs={},this.formats={},this._compilations=new Set,this._loading={},this._cache=new Map,t=this.opts={...t,...FI(t)};let{es5:r,lines:n}=this.opts.code;this.scope=new DI.ValueScope({scope:{},prefixes:BI,es5:r,lines:n}),this.logger=QI(t.logger);let a=t.validateFormats;t.validateFormats=!1,this.RULES=(0,jI.getRules)(),Af.call(this,GI,t,"NOT SUPPORTED"),Af.call(this,VI,t,"DEPRECATED","warn"),this._metaOpts=JI.call(this),t.formats&&KI.call(this),this._addVocabularies(),this._addDefaultMetaSchema(),t.keywords&&WI.call(this,t.keywords),typeof t.meta=="object"&&this.addMetaSchema(t.meta),ZI.call(this),t.validateFormats=a}_addVocabularies(){this.addKeyword("$async")}_addDefaultMetaSchema(){let{$data:t,meta:r,schemaId:n}=this.opts,a=Pf;n==="id"&&(a={...Pf},a.id=a.$id,delete a.$id),r&&t&&this.addMetaSchema(a,a[n],!1)}defaultMeta(){let{meta:t,schemaId:r}=this.opts;return this.opts.defaultMeta=typeof t=="object"?t[r]||t:void 0}validate(t,r){let n;if(typeof t=="string"){if(n=this.getSchema(t),!n)throw new Error(`no schema with key or ref "${t}"`)}else n=this.compile(t);let a=n(r);return"$async"in n||(this.errors=n.errors),a}compile(t,r){let n=this._addSchema(t,r);return n.validate||this._compileSchemaEnv(n)}compileAsync(t,r){if(typeof this.opts.loadSchema!="function")throw new Error("options.loadSchema should be a function");let{loadSchema:n}=this.opts;return a.call(this,t,r);async function a(l,m){await i.call(this,l.$schema);let h=this._addSchema(l,m);return h.validate||s.call(this,h)}async function i(l){l&&!this.getSchema(l)&&await a.call(this,{$ref:l},!0)}async function s(l){try{return this._compileSchemaEnv(l)}catch(m){if(!(m instanceof kf.default))throw m;return c.call(this,m),await d.call(this,m.missingSchema),s.call(this,l)}}function c({missingSchema:l,missingRef:m}){if(this.refs[l])throw new Error(`AnySchema ${l} is loaded but ${m} cannot be resolved`)}async function d(l){let m=await p.call(this,l);this.refs[l]||await i.call(this,m.$schema),this.refs[l]||this.addSchema(m,l,r)}async function p(l){let m=this._loading[l];if(m)return m;try{return await(this._loading[l]=n(l))}finally{delete this._loading[l]}}}addSchema(t,r,n,a=this.opts.validateSchema){if(Array.isArray(t)){for(let s of t)this.addSchema(s,void 0,n,a);return this}let i;if(typeof t=="object"){let{schemaId:s}=this.opts;if(i=t[s],i!==void 0&&typeof i!="string")throw new Error(`schema ${s} must be string`)}return r=(0,Do.normalizeId)(r||i),this._checkUnique(r),this.schemas[r]=this._addSchema(t,n,r,a,!0),this}addMetaSchema(t,r,n=this.opts.validateSchema){return this.addSchema(t,r,!0,n),this}validateSchema(t,r){if(typeof t=="boolean")return!0;let n;if(n=t.$schema,n!==void 0&&typeof n!="string")throw new Error("$schema must be a string");if(n=n||this.opts.defaultMeta||this.defaultMeta(),!n)return this.logger.warn("meta-schema not available"),this.errors=null,!0;let a=this.validate(n,t);if(!a&&r){let i="schema is invalid: "+this.errorsText();if(this.opts.validateSchema==="log")this.logger.error(i);else throw new Error(i)}return a}getSchema(t){let r;for(;typeof(r=Tf.call(this,t))=="string";)t=r;if(r===void 0){let{schemaId:n}=this.opts,a=new jo.SchemaEnv({schema:{},schemaId:n});if(r=jo.resolveSchema.call(this,a,t),!r)return;this.refs[t]=r}return r.validate||this._compileSchemaEnv(r)}removeSchema(t){if(t instanceof RegExp)return this._removeAllSchemas(this.schemas,t),this._removeAllSchemas(this.refs,t),this;switch(typeof t){case"undefined":return this._removeAllSchemas(this.schemas),this._removeAllSchemas(this.refs),this._cache.clear(),this;case"string":{let r=Tf.call(this,t);return typeof r=="object"&&this._cache.delete(r.schema),delete this.schemas[t],delete this.refs[t],this}case"object":{let r=t;this._cache.delete(r);let n=t[this.opts.schemaId];return n&&(n=(0,Do.normalizeId)(n),delete this.schemas[n],delete this.refs[n]),this}default:throw new Error("ajv.removeSchema: invalid parameter")}}addVocabulary(t){for(let r of t)this.addKeyword(r);return this}addKeyword(t,r){let n;if(typeof t=="string")n=t,typeof r=="object"&&(this.logger.warn("these parameters are deprecated, see docs for addKeyword"),r.keyword=n);else if(typeof t=="object"&&r===void 0){if(r=t,n=r.keyword,Array.isArray(n)&&!n.length)throw new Error("addKeywords: keyword must be string or non-empty array")}else throw new Error("invalid addKeywords parameters");if(eP.call(this,n,r),!r)return(0,Eu.eachItem)(n,i=>ku.call(this,i)),this;rP.call(this,r);let a={...r,type:(0,Si.getJSONTypes)(r.type),schemaType:(0,Si.getJSONTypes)(r.schemaType)};return(0,Eu.eachItem)(n,a.type.length===0?i=>ku.call(this,i,a):i=>a.type.forEach(s=>ku.call(this,i,a,s))),this}getKeyword(t){let r=this.RULES.all[t];return typeof r=="object"?r.definition:!!r}removeKeyword(t){let{RULES:r}=this;delete r.keywords[t],delete r.all[t];for(let n of r.rules){let a=n.rules.findIndex(i=>i.keyword===t);a>=0&&n.rules.splice(a,1)}return this}addFormat(t,r){return typeof r=="string"&&(r=new RegExp(r)),this.formats[t]=r,this}errorsText(t=this.errors,{separator:r=", ",dataVar:n="data"}={}){return!t||t.length===0?"No errors":t.map(a=>`${n}${a.instancePath} ${a.message}`).reduce((a,i)=>a+r+i)}$dataMetaSchema(t,r){let n=this.RULES.all;t=JSON.parse(JSON.stringify(t));for(let a of r){let i=a.split("/").slice(1),s=t;for(let c of i)s=s[c];for(let c in n){let d=n[c];if(typeof d!="object")continue;let{$data:p}=d.definition,l=s[c];p&&l&&(s[c]=Uf(l))}}return t}_removeAllSchemas(t,r){for(let n in t){let a=t[n];(!r||r.test(n))&&(typeof a=="string"?delete t[n]:a&&!a.meta&&(this._cache.delete(a.schema),delete t[n]))}}_addSchema(t,r,n,a=this.opts.validateSchema,i=this.opts.addUsedSchema){let s,{schemaId:c}=this.opts;if(typeof t=="object")s=t[c];else{if(this.opts.jtd)throw new Error("schema must be object");if(typeof t!="boolean")throw new Error("schema must be object or boolean")}let d=this._cache.get(t);if(d!==void 0)return d;n=(0,Do.normalizeId)(s||n);let p=Do.getSchemaRefs.call(this,t,n);return d=new jo.SchemaEnv({schema:t,schemaId:c,meta:r,baseId:n,localRefs:p}),this._cache.set(d.schema,d),i&&!n.startsWith("#")&&(n&&this._checkUnique(n),this.refs[n]=d),a&&this.validateSchema(t,!0),d}_checkUnique(t){if(this.schemas[t]||this.refs[t])throw new Error(`schema with key or id "${t}" already exists`)}_compileSchemaEnv(t){if(t.meta?this._compileMetaSchema(t):jo.compileSchema.call(this,t),!t.validate)throw new Error("ajv implementation error");return t.validate}_compileMetaSchema(t){let r=this.opts;this.opts=this._metaOpts;try{jo.compileSchema.call(this,t)}finally{this.opts=r}}};Ho.ValidationError=NI.default;Ho.MissingRefError=kf.default;Ee.default=Ho;function Af(e,t,r,n="error"){for(let a in e){let i=a;i in t&&this.logger[n](`${r}: option ${a}. ${e[i]}`)}}o(Af,"checkOptions");function Tf(e){return e=(0,Do.normalizeId)(e),this.schemas[e]||this.refs[e]}o(Tf,"getSchEnv");function ZI(){let e=this.opts.schemas;if(e)if(Array.isArray(e))this.addSchema(e);else for(let t in e)this.addSchema(e[t],t)}o(ZI,"addInitialSchemas");function KI(){for(let e in this.opts.formats){let t=this.opts.formats[e];t&&this.addFormat(e,t)}}o(KI,"addInitialFormats");function WI(e){if(Array.isArray(e)){this.addVocabulary(e);return}this.logger.warn("keywords option as map is deprecated, pass array");for(let t in e){let r=e[t];r.keyword||(r.keyword=t),this.addKeyword(r)}}o(WI,"addInitialKeywords");function JI(){let e={...this.opts};for(let t of LI)delete e[t];return e}o(JI,"getMetaSchemaOptions");var YI={log(){},warn(){},error(){}};function QI(e){if(e===!1)return YI;if(e===void 0)return console;if(e.log&&e.warn&&e.error)return e;throw new Error("logger must implement log, warn and error methods")}o(QI,"getLogger");var XI=/^[a-z_$][a-z0-9_$:-]*$/i;function eP(e,t){let{RULES:r}=this;if((0,Eu.eachItem)(e,n=>{if(r.keywords[n])throw new Error(`Keyword ${n} is already defined`);if(!XI.test(n))throw new Error(`Keyword ${n} has invalid name`)}),!!t&&t.$data&&!("code"in t||"validate"in t))throw new Error('$data keyword must have "code" or "validate" function')}o(eP,"checkKeyword");function ku(e,t,r){var n;let a=t?.post;if(r&&a)throw new Error('keyword with "post" flag cannot have "type"');let{RULES:i}=this,s=a?i.post:i.rules.find(({type:d})=>d===r);if(s||(s={type:r,rules:[]},i.rules.push(s)),i.keywords[e]=!0,!t)return;let c={keyword:e,definition:{...t,type:(0,Si.getJSONTypes)(t.type),schemaType:(0,Si.getJSONTypes)(t.schemaType)}};t.before?tP.call(this,s,c,t.before):s.rules.push(c),i.all[e]=c,(n=t.implements)===null||n===void 0||n.forEach(d=>this.addKeyword(d))}o(ku,"addRule");function tP(e,t,r){let n=e.rules.findIndex(a=>a.keyword===r);n>=0?e.rules.splice(n,0,t):(e.rules.push(t),this.logger.warn(`rule ${r} is not defined`))}o(tP,"addBeforeRule");function rP(e){let{metaSchema:t}=e;t!==void 0&&(e.$data&&this.opts.$data&&(t=Uf(t)),e.validateSchema=this.compile(t,!0))}o(rP,"keywordMetaschema");var nP={$ref:"https://raw.githubusercontent.com/ajv-validator/ajv/master/lib/refs/data.json#"};function Uf(e){return{anyOf:[e,nP]}}o(Uf,"schemaOrData")});var $f=x(Uu=>{"use strict";Object.defineProperty(Uu,"__esModule",{value:!0});var oP={keyword:"id",code(){throw new Error('NOT SUPPORTED: keyword "id", use "$id" for schema ID')}};Uu.default=oP});var Nf=x(Br=>{"use strict";Object.defineProperty(Br,"__esModule",{value:!0});Br.callRef=Br.getValidate=void 0;var aP=qo(),zf=dt(),Ye=F(),Pn=Ft(),Mf=mi(),_i=re(),iP={keyword:"$ref",schemaType:"string",code(e){let{gen:t,schema:r,it:n}=e,{baseId:a,schemaEnv:i,validateName:s,opts:c,self:d}=n,{root:p}=i;if((r==="#"||r==="#/")&&a===p.baseId)return m();let l=Mf.resolveRef.call(d,p,a,r);if(l===void 0)throw new aP.default(n.opts.uriResolver,a,r);if(l instanceof Mf.SchemaEnv)return h(l);return y(l);function m(){if(i===p)return wi(e,s,i,i.$async);let _=t.scopeValue("root",{ref:p});return wi(e,(0,Ye._)`${_}.validate`,p,p.$async)}function h(_){let S=qf(e,_);wi(e,S,_,_.$async)}function y(_){let S=t.scopeValue("schema",c.code.source===!0?{ref:_,code:(0,Ye.stringify)(_)}:{ref:_}),w=t.name("valid"),v=e.subschema({schema:_,dataTypes:[],schemaPath:Ye.nil,topSchemaRef:S,errSchemaPath:r},w);e.mergeEvaluated(v),e.ok(w)}}};function qf(e,t){let{gen:r}=e;return t.validate?r.scopeValue("validate",{ref:t.validate}):(0,Ye._)`${r.scopeValue("wrapper",{ref:t})}.validate`}o(qf,"getValidate");Br.getValidate=qf;function wi(e,t,r,n){let{gen:a,it:i}=e,{allErrors:s,schemaEnv:c,opts:d}=i,p=d.passContext?Pn.default.this:Ye.nil;n?l():m();function l(){if(!c.$async)throw new Error("async schema referenced by sync schema");let _=a.let("valid");a.try(()=>{a.code((0,Ye._)`await ${(0,zf.callValidateCode)(e,t,p)}`),y(t),s||a.assign(_,!0)},S=>{a.if((0,Ye._)`!(${S} instanceof ${i.ValidationError})`,()=>a.throw(S)),h(S),s||a.assign(_,!1)}),e.ok(_)}o(l,"callAsyncRef");function m(){e.result((0,zf.callValidateCode)(e,t,p),()=>y(t),()=>h(t))}o(m,"callSyncRef");function h(_){let S=(0,Ye._)`${_}.errors`;a.assign(Pn.default.vErrors,(0,Ye._)`${Pn.default.vErrors} === null ? ${S} : ${Pn.default.vErrors}.concat(${S})`),a.assign(Pn.default.errors,(0,Ye._)`${Pn.default.vErrors}.length`)}o(h,"addErrorsFrom");function y(_){var S;if(!i.opts.unevaluated)return;let w=(S=r?.validate)===null||S===void 0?void 0:S.evaluated;if(i.props!==!0)if(w&&!w.dynamicProps)w.props!==void 0&&(i.props=_i.mergeEvaluated.props(a,w.props,i.props));else{let v=a.var("props",(0,Ye._)`${_}.evaluated.props`);i.props=_i.mergeEvaluated.props(a,v,i.props,Ye.Name)}if(i.items!==!0)if(w&&!w.dynamicItems)w.items!==void 0&&(i.items=_i.mergeEvaluated.items(a,w.items,i.items));else{let v=a.var("items",(0,Ye._)`${_}.evaluated.items`);i.items=_i.mergeEvaluated.items(a,v,i.items,Ye.Name)}}o(y,"addEvaluatedFrom")}o(wi,"callRef");Br.callRef=wi;Br.default=iP});var jf=x(Ou=>{"use strict";Object.defineProperty(Ou,"__esModule",{value:!0});var sP=$f(),cP=Nf(),uP=["$schema","$id","$defs","$vocabulary",{keyword:"$comment"},"definitions",sP.default,cP.default];Ou.default=uP});var Df=x($u=>{"use strict";Object.defineProperty($u,"__esModule",{value:!0});var vi=F(),br=vi.operators,bi={maximum:{okStr:"<=",ok:br.LTE,fail:br.GT},minimum:{okStr:">=",ok:br.GTE,fail:br.LT},exclusiveMaximum:{okStr:"<",ok:br.LT,fail:br.GTE},exclusiveMinimum:{okStr:">",ok:br.GT,fail:br.LTE}},dP={message:o(({keyword:e,schemaCode:t})=>(0,vi.str)`must be ${bi[e].okStr} ${t}`,"message"),params:o(({keyword:e,schemaCode:t})=>(0,vi._)`{comparison: ${bi[e].okStr}, limit: ${t}}`,"params")},lP={keyword:Object.keys(bi),type:"number",schemaType:"number",$data:!0,error:dP,code(e){let{keyword:t,data:r,schemaCode:n}=e;e.fail$data((0,vi._)`${r} ${bi[t].fail} ${n} || isNaN(${r})`)}};$u.default=lP});var Hf=x(zu=>{"use strict";Object.defineProperty(zu,"__esModule",{value:!0});var Lo=F(),pP={message:o(({schemaCode:e})=>(0,Lo.str)`must be multiple of ${e}`,"message"),params:o(({schemaCode:e})=>(0,Lo._)`{multipleOf: ${e}}`,"params")},mP={keyword:"multipleOf",type:"number",schemaType:"number",$data:!0,error:pP,code(e){let{gen:t,data:r,schemaCode:n,it:a}=e,i=a.opts.multipleOfPrecision,s=t.let("res"),c=i?(0,Lo._)`Math.abs(Math.round(${s}) - ${s}) > 1e-${i}`:(0,Lo._)`${s} !== parseInt(${s})`;e.fail$data((0,Lo._)`(${n} === 0 || (${s} = ${r}/${n}, ${c}))`)}};zu.default=mP});var Bf=x(Mu=>{"use strict";Object.defineProperty(Mu,"__esModule",{value:!0});function Lf(e){let t=e.length,r=0,n=0,a;for(;n<t;)r++,a=e.charCodeAt(n++),a>=55296&&a<=56319&&n<t&&(a=e.charCodeAt(n),(a&64512)===56320&&n++);return r}o(Lf,"ucs2length");Mu.default=Lf;Lf.code='require("ajv/dist/runtime/ucs2length").default'});var Gf=x(qu=>{"use strict";Object.defineProperty(qu,"__esModule",{value:!0});var Gr=F(),fP=re(),hP=Bf(),gP={message({keyword:e,schemaCode:t}){let r=e==="maxLength"?"more":"fewer";return(0,Gr.str)`must NOT have ${r} than ${t} characters`},params:o(({schemaCode:e})=>(0,Gr._)`{limit: ${e}}`,"params")},yP={keyword:["maxLength","minLength"],type:"string",schemaType:"number",$data:!0,error:gP,code(e){let{keyword:t,data:r,schemaCode:n,it:a}=e,i=t==="maxLength"?Gr.operators.GT:Gr.operators.LT,s=a.opts.unicode===!1?(0,Gr._)`${r}.length`:(0,Gr._)`${(0,fP.useFunc)(e.gen,hP.default)}(${r})`;e.fail$data((0,Gr._)`${s} ${i} ${n}`)}};qu.default=yP});var Vf=x(Nu=>{"use strict";Object.defineProperty(Nu,"__esModule",{value:!0});var SP=dt(),Ri=F(),_P={message:o(({schemaCode:e})=>(0,Ri.str)`must match pattern "${e}"`,"message"),params:o(({schemaCode:e})=>(0,Ri._)`{pattern: ${e}}`,"params")},wP={keyword:"pattern",type:"string",schemaType:"string",$data:!0,error:_P,code(e){let{data:t,$data:r,schema:n,schemaCode:a,it:i}=e,s=i.opts.unicodeRegExp?"u":"",c=r?(0,Ri._)`(new RegExp(${a}, ${s}))`:(0,SP.usePattern)(e,n);e.fail$data((0,Ri._)`!${c}.test(${t})`)}};Nu.default=wP});var Ff=x(ju=>{"use strict";Object.defineProperty(ju,"__esModule",{value:!0});var Bo=F(),vP={message({keyword:e,schemaCode:t}){let r=e==="maxProperties"?"more":"fewer";return(0,Bo.str)`must NOT have ${r} than ${t} properties`},params:o(({schemaCode:e})=>(0,Bo._)`{limit: ${e}}`,"params")},bP={keyword:["maxProperties","minProperties"],type:"object",schemaType:"number",$data:!0,error:vP,code(e){let{keyword:t,data:r,schemaCode:n}=e,a=t==="maxProperties"?Bo.operators.GT:Bo.operators.LT;e.fail$data((0,Bo._)`Object.keys(${r}).length ${a} ${n}`)}};ju.default=bP});var Zf=x(Du=>{"use strict";Object.defineProperty(Du,"__esModule",{value:!0});var Go=dt(),Vo=F(),RP=re(),CP={message:o(({params:{missingProperty:e}})=>(0,Vo.str)`must have required property '${e}'`,"message"),params:o(({params:{missingProperty:e}})=>(0,Vo._)`{missingProperty: ${e}}`,"params")},IP={keyword:"required",type:"object",schemaType:"array",$data:!0,error:CP,code(e){let{gen:t,schema:r,schemaCode:n,data:a,$data:i,it:s}=e,{opts:c}=s;if(!i&&r.length===0)return;let d=r.length>=c.loopRequired;if(s.allErrors?p():l(),c.strictRequired){let y=e.parentSchema.properties,{definedProperties:_}=e.it;for(let S of r)if(y?.[S]===void 0&&!_.has(S)){let w=s.schemaEnv.baseId+s.errSchemaPath,v=`required property "${S}" is not defined at "${w}" (strictRequired)`;(0,RP.checkStrictMode)(s,v,s.opts.strictRequired)}}function p(){if(d||i)e.block$data(Vo.nil,m);else for(let y of r)(0,Go.checkReportMissingProp)(e,y)}o(p,"allErrorsMode");function l(){let y=t.let("missing");if(d||i){let _=t.let("valid",!0);e.block$data(_,()=>h(y,_)),e.ok(_)}else t.if((0,Go.checkMissingProp)(e,r,y)),(0,Go.reportMissingProp)(e,y),t.else()}o(l,"exitOnErrorMode");function m(){t.forOf("prop",n,y=>{e.setParams({missingProperty:y}),t.if((0,Go.noPropertyInData)(t,a,y,c.ownProperties),()=>e.error())})}o(m,"loopAllRequired");function h(y,_){e.setParams({missingProperty:y}),t.forOf(y,n,()=>{t.assign(_,(0,Go.propertyInData)(t,a,y,c.ownProperties)),t.if((0,Vo.not)(_),()=>{e.error(),t.break()})},Vo.nil)}o(h,"loopUntilMissing")}};Du.default=IP});var Kf=x(Hu=>{"use strict";Object.defineProperty(Hu,"__esModule",{value:!0});var Fo=F(),PP={message({keyword:e,schemaCode:t}){let r=e==="maxItems"?"more":"fewer";return(0,Fo.str)`must NOT have ${r} than ${t} items`},params:o(({schemaCode:e})=>(0,Fo._)`{limit: ${e}}`,"params")},xP={keyword:["maxItems","minItems"],type:"array",schemaType:"number",$data:!0,error:PP,code(e){let{keyword:t,data:r,schemaCode:n}=e,a=t==="maxItems"?Fo.operators.GT:Fo.operators.LT;e.fail$data((0,Fo._)`${r}.length ${a} ${n}`)}};Hu.default=xP});var Ci=x(Lu=>{"use strict";Object.defineProperty(Lu,"__esModule",{value:!0});var Wf=pu();Wf.code='require("ajv/dist/runtime/equal").default';Lu.default=Wf});var Jf=x(Gu=>{"use strict";Object.defineProperty(Gu,"__esModule",{value:!0});var Bu=Uo(),Ue=F(),AP=re(),TP=Ci(),kP={message:o(({params:{i:e,j:t}})=>(0,Ue.str)`must NOT have duplicate items (items ## ${t} and ${e} are identical)`,"message"),params:o(({params:{i:e,j:t}})=>(0,Ue._)`{i: ${e}, j: ${t}}`,"params")},EP={keyword:"uniqueItems",type:"array",schemaType:"boolean",$data:!0,error:kP,code(e){let{gen:t,data:r,$data:n,schema:a,parentSchema:i,schemaCode:s,it:c}=e;if(!n&&!a)return;let d=t.let("valid"),p=i.items?(0,Bu.getSchemaTypes)(i.items):[];e.block$data(d,l,(0,Ue._)`${s} === false`),e.ok(d);function l(){let _=t.let("i",(0,Ue._)`${r}.length`),S=t.let("j");e.setParams({i:_,j:S}),t.assign(d,!0),t.if((0,Ue._)`${_} > 1`,()=>(m()?h:y)(_,S))}o(l,"validateUniqueItems");function m(){return p.length>0&&!p.some(_=>_==="object"||_==="array")}o(m,"canOptimize");function h(_,S){let w=t.name("item"),v=(0,Bu.checkDataTypes)(p,w,c.opts.strictNumbers,Bu.DataType.Wrong),b=t.const("indices",(0,Ue._)`{}`);t.for((0,Ue._)`;${_}--;`,()=>{t.let(w,(0,Ue._)`${r}[${_}]`),t.if(v,(0,Ue._)`continue`),p.length>1&&t.if((0,Ue._)`typeof ${w} == "string"`,(0,Ue._)`${w} += "_"`),t.if((0,Ue._)`typeof ${b}[${w}] == "number"`,()=>{t.assign(S,(0,Ue._)`${b}[${w}]`),e.error(),t.assign(d,!1).break()}).code((0,Ue._)`${b}[${w}] = ${_}`)})}o(h,"loopN");function y(_,S){let w=(0,AP.useFunc)(t,TP.default),v=t.name("outer");t.label(v).for((0,Ue._)`;${_}--;`,()=>t.for((0,Ue._)`${S} = ${_}; ${S}--;`,()=>t.if((0,Ue._)`${w}(${r}[${_}], ${r}[${S}])`,()=>{e.error(),t.assign(d,!1).break(v)})))}o(y,"loopN2")}};Gu.default=EP});var Yf=x(Fu=>{"use strict";Object.defineProperty(Fu,"__esModule",{value:!0});var Vu=F(),UP=re(),OP=Ci(),$P={message:"must be equal to constant",params:o(({schemaCode:e})=>(0,Vu._)`{allowedValue: ${e}}`,"params")},zP={keyword:"const",$data:!0,error:$P,code(e){let{gen:t,data:r,$data:n,schemaCode:a,schema:i}=e;n||i&&typeof i=="object"?e.fail$data((0,Vu._)`!${(0,UP.useFunc)(t,OP.default)}(${r}, ${a})`):e.fail((0,Vu._)`${i} !== ${r}`)}};Fu.default=zP});var Qf=x(Zu=>{"use strict";Object.defineProperty(Zu,"__esModule",{value:!0});var Zo=F(),MP=re(),qP=Ci(),NP={message:"must be equal to one of the allowed values",params:o(({schemaCode:e})=>(0,Zo._)`{allowedValues: ${e}}`,"params")},jP={keyword:"enum",schemaType:"array",$data:!0,error:NP,code(e){let{gen:t,data:r,$data:n,schema:a,schemaCode:i,it:s}=e;if(!n&&a.length===0)throw new Error("enum must have non-empty array");let c=a.length>=s.opts.loopEnum,d,p=o(()=>d??(d=(0,MP.useFunc)(t,qP.default)),"getEql"),l;if(c||n)l=t.let("valid"),e.block$data(l,m);else{if(!Array.isArray(a))throw new Error("ajv implementation error");let y=t.const("vSchema",i);l=(0,Zo.or)(...a.map((_,S)=>h(y,S)))}e.pass(l);function m(){t.assign(l,!1),t.forOf("v",i,y=>t.if((0,Zo._)`${p()}(${r}, ${y})`,()=>t.assign(l,!0).break()))}o(m,"loopEnum");function h(y,_){let S=a[_];return typeof S=="object"&&S!==null?(0,Zo._)`${p()}(${r}, ${y}[${_}])`:(0,Zo._)`${r} === ${S}`}o(h,"equalCode")}};Zu.default=jP});var Xf=x(Ku=>{"use strict";Object.defineProperty(Ku,"__esModule",{value:!0});var DP=Df(),HP=Hf(),LP=Gf(),BP=Vf(),GP=Ff(),VP=Zf(),FP=Kf(),ZP=Jf(),KP=Yf(),WP=Qf(),JP=[DP.default,HP.default,LP.default,BP.default,GP.default,VP.default,FP.default,ZP.default,{keyword:"type",schemaType:["string","array"]},{keyword:"nullable",schemaType:"boolean"},KP.default,WP.default];Ku.default=JP});var Ju=x(Ko=>{"use strict";Object.defineProperty(Ko,"__esModule",{value:!0});Ko.validateAdditionalItems=void 0;var Vr=F(),Wu=re(),YP={message:o(({params:{len:e}})=>(0,Vr.str)`must NOT have more than ${e} items`,"message"),params:o(({params:{len:e}})=>(0,Vr._)`{limit: ${e}}`,"params")},QP={keyword:"additionalItems",type:"array",schemaType:["boolean","object"],before:"uniqueItems",error:YP,code(e){let{parentSchema:t,it:r}=e,{items:n}=t;if(!Array.isArray(n)){(0,Wu.checkStrictMode)(r,'"additionalItems" is ignored when "items" is not an array of schemas');return}eh(e,n)}};function eh(e,t){let{gen:r,schema:n,data:a,keyword:i,it:s}=e;s.items=!0;let c=r.const("len",(0,Vr._)`${a}.length`);if(n===!1)e.setParams({len:t.length}),e.pass((0,Vr._)`${c} <= ${t.length}`);else if(typeof n=="object"&&!(0,Wu.alwaysValidSchema)(s,n)){let p=r.var("valid",(0,Vr._)`${c} <= ${t.length}`);r.if((0,Vr.not)(p),()=>d(p)),e.ok(p)}function d(p){r.forRange("i",t.length,c,l=>{e.subschema({keyword:i,dataProp:l,dataPropType:Wu.Type.Num},p),s.allErrors||r.if((0,Vr.not)(p),()=>r.break())})}o(d,"validateItems")}o(eh,"validateAdditionalItems");Ko.validateAdditionalItems=eh;Ko.default=QP});var Yu=x(Wo=>{"use strict";Object.defineProperty(Wo,"__esModule",{value:!0});Wo.validateTuple=void 0;var th=F(),Ii=re(),XP=dt(),ex={keyword:"items",type:"array",schemaType:["object","array","boolean"],before:"uniqueItems",code(e){let{schema:t,it:r}=e;if(Array.isArray(t))return rh(e,"additionalItems",t);r.items=!0,!(0,Ii.alwaysValidSchema)(r,t)&&e.ok((0,XP.validateArray)(e))}};function rh(e,t,r=e.schema){let{gen:n,parentSchema:a,data:i,keyword:s,it:c}=e;l(a),c.opts.unevaluated&&r.length&&c.items!==!0&&(c.items=Ii.mergeEvaluated.items(n,r.length,c.items));let d=n.name("valid"),p=n.const("len",(0,th._)`${i}.length`);r.forEach((m,h)=>{(0,Ii.alwaysValidSchema)(c,m)||(n.if((0,th._)`${p} > ${h}`,()=>e.subschema({keyword:s,schemaProp:h,dataProp:h},d)),e.ok(d))});function l(m){let{opts:h,errSchemaPath:y}=c,_=r.length,S=_===m.minItems&&(_===m.maxItems||m[t]===!1);if(h.strictTuples&&!S){let w=`"${s}" is ${_}-tuple, but minItems or maxItems/${t} are not specified or different at path "${y}"`;(0,Ii.checkStrictMode)(c,w,h.strictTuples)}}o(l,"checkStrictTuple")}o(rh,"validateTuple");Wo.validateTuple=rh;Wo.default=ex});var nh=x(Qu=>{"use strict";Object.defineProperty(Qu,"__esModule",{value:!0});var tx=Yu(),rx={keyword:"prefixItems",type:"array",schemaType:["array"],before:"uniqueItems",code:o(e=>(0,tx.validateTuple)(e,"items"),"code")};Qu.default=rx});var ah=x(Xu=>{"use strict";Object.defineProperty(Xu,"__esModule",{value:!0});var oh=F(),nx=re(),ox=dt(),ax=Ju(),ix={message:o(({params:{len:e}})=>(0,oh.str)`must NOT have more than ${e} items`,"message"),params:o(({params:{len:e}})=>(0,oh._)`{limit: ${e}}`,"params")},sx={keyword:"items",type:"array",schemaType:["object","boolean"],before:"uniqueItems",error:ix,code(e){let{schema:t,parentSchema:r,it:n}=e,{prefixItems:a}=r;n.items=!0,!(0,nx.alwaysValidSchema)(n,t)&&(a?(0,ax.validateAdditionalItems)(e,a):e.ok((0,ox.validateArray)(e)))}};Xu.default=sx});var ih=x(ed=>{"use strict";Object.defineProperty(ed,"__esModule",{value:!0});var pt=F(),Pi=re(),cx={message:o(({params:{min:e,max:t}})=>t===void 0?(0,pt.str)`must contain at least ${e} valid item(s)`:(0,pt.str)`must contain at least ${e} and no more than ${t} valid item(s)`,"message"),params:o(({params:{min:e,max:t}})=>t===void 0?(0,pt._)`{minContains: ${e}}`:(0,pt._)`{minContains: ${e}, maxContains: ${t}}`,"params")},ux={keyword:"contains",type:"array",schemaType:["object","boolean"],before:"uniqueItems",trackErrors:!0,error:cx,code(e){let{gen:t,schema:r,parentSchema:n,data:a,it:i}=e,s,c,{minContains:d,maxContains:p}=n;i.opts.next?(s=d===void 0?1:d,c=p):s=1;let l=t.const("len",(0,pt._)`${a}.length`);if(e.setParams({min:s,max:c}),c===void 0&&s===0){(0,Pi.checkStrictMode)(i,'"minContains" == 0 without "maxContains": "contains" keyword ignored');return}if(c!==void 0&&s>c){(0,Pi.checkStrictMode)(i,'"minContains" > "maxContains" is always invalid'),e.fail();return}if((0,Pi.alwaysValidSchema)(i,r)){let S=(0,pt._)`${l} >= ${s}`;c!==void 0&&(S=(0,pt._)`${S} && ${l} <= ${c}`),e.pass(S);return}i.items=!0;let m=t.name("valid");c===void 0&&s===1?y(m,()=>t.if(m,()=>t.break())):s===0?(t.let(m,!0),c!==void 0&&t.if((0,pt._)`${a}.length > 0`,h)):(t.let(m,!1),h()),e.result(m,()=>e.reset());function h(){let S=t.name("_valid"),w=t.let("count",0);y(S,()=>t.if(S,()=>_(w)))}o(h,"validateItemsWithCount");function y(S,w){t.forRange("i",0,l,v=>{e.subschema({keyword:"contains",dataProp:v,dataPropType:Pi.Type.Num,compositeRule:!0},S),w()})}o(y,"validateItems");function _(S){t.code((0,pt._)`${S}++`),c===void 0?t.if((0,pt._)`${S} >= ${s}`,()=>t.assign(m,!0).break()):(t.if((0,pt._)`${S} > ${c}`,()=>t.assign(m,!1).break()),s===1?t.assign(m,!0):t.if((0,pt._)`${S} >= ${s}`,()=>t.assign(m,!0)))}o(_,"checkLimits")}};ed.default=ux});var uh=x(Tt=>{"use strict";Object.defineProperty(Tt,"__esModule",{value:!0});Tt.validateSchemaDeps=Tt.validatePropertyDeps=Tt.error=void 0;var td=F(),dx=re(),Jo=dt();Tt.error={message:o(({params:{property:e,depsCount:t,deps:r}})=>{let n=t===1?"property":"properties";return(0,td.str)`must have ${n} ${r} when property ${e} is present`},"message"),params:o(({params:{property:e,depsCount:t,deps:r,missingProperty:n}})=>(0,td._)`{property: ${e},
29
+ || ${s} === "boolean" || ${a} === null`).assign(c,(0,V._)`[${a}]`)}}o(d,"coerceSpecificType")}o(HR,"coerceData");function LR({gen:e,parentData:t,parentDataProperty:r},n){e.if((0,V._)`${t} !== undefined`,()=>e.assign((0,V._)`${t}[${r}]`,n))}o(LR,"assignParentData");function su(e,t,r,n=bn.Correct){let a=n===bn.Correct?V.operators.EQ:V.operators.NEQ,i;switch(e){case"null":return(0,V._)`${t} ${a} null`;case"array":i=(0,V._)`Array.isArray(${t})`;break;case"object":i=(0,V._)`${t} && typeof ${t} == "object" && !Array.isArray(${t})`;break;case"integer":i=s((0,V._)`!(${t} % 1) && !isNaN(${t})`);break;case"number":i=s();break;default:return(0,V._)`typeof ${t} ${a} ${e}`}return n===bn.Correct?i:(0,V.not)(i);function s(c=V.nil){return(0,V.and)((0,V._)`typeof ${t} == "number"`,c,r?(0,V._)`isFinite(${t})`:V.nil)}}o(su,"checkDataType");je.checkDataType=su;function cu(e,t,r,n){if(e.length===1)return su(e[0],t,r,n);let a,i=(0,Am.toHash)(e);if(i.array&&i.object){let s=(0,V._)`typeof ${t} != "object"`;a=i.null?s:(0,V._)`!${t} || ${s}`,delete i.null,delete i.array,delete i.object}else a=V.nil;i.number&&delete i.integer;for(let s in i)a=(0,V.and)(a,su(s,t,r,n));return a}o(cu,"checkDataTypes");je.checkDataTypes=cu;var BR={message:o(({schema:e})=>`must be ${e}`,"message"),params:o(({schema:e,schemaValue:t})=>typeof e=="string"?(0,V._)`{type: ${e}}`:(0,V._)`{type: ${t}}`,"params")};function uu(e){let t=GR(e);(0,qR.reportError)(t,BR)}o(uu,"reportTypeError");je.reportTypeError=uu;function GR(e){let{gen:t,data:r,schema:n}=e,a=(0,Am.schemaRefOrVal)(e,n,"type");return{gen:t,keyword:"type",data:r,schema:n.type,schemaCode:a,schemaValue:a,parentSchema:n,params:{},it:e}}o(GR,"getTypeErrorContext")});var Um=x(si=>{"use strict";Object.defineProperty(si,"__esModule",{value:!0});si.assignDefaults=void 0;var Rn=F(),VR=re();function FR(e,t){let{properties:r,items:n}=e.schema;if(t==="object"&&r)for(let a in r)Em(e,a,r[a].default);else t==="array"&&Array.isArray(n)&&n.forEach((a,i)=>Em(e,i,a.default))}o(FR,"assignDefaults");si.assignDefaults=FR;function Em(e,t,r){let{gen:n,compositeRule:a,data:i,opts:s}=e;if(r===void 0)return;let c=(0,Rn._)`${i}${(0,Rn.getProperty)(t)}`;if(a){(0,VR.checkStrictMode)(e,`default is ignored for: ${c}`);return}let d=(0,Rn._)`${c} === undefined`;s.useDefaults==="empty"&&(d=(0,Rn._)`${d} || ${c} === null || ${c} === ""`),n.if(d,(0,Rn._)`${c} = ${(0,Rn.stringify)(r)}`)}o(Em,"assignDefault")});var dt=x(oe=>{"use strict";Object.defineProperty(oe,"__esModule",{value:!0});oe.validateUnion=oe.validateArray=oe.usePattern=oe.callValidateCode=oe.schemaProperties=oe.allSchemaProperties=oe.noPropertyInData=oe.propertyInData=oe.isOwnProperty=oe.hasPropFunc=oe.reportMissingProp=oe.checkMissingProp=oe.checkReportMissingProp=void 0;var de=F(),du=re(),yr=Vt(),ZR=re();function KR(e,t){let{gen:r,data:n,it:a}=e;r.if(pu(r,n,t,a.opts.ownProperties),()=>{e.setParams({missingProperty:(0,de._)`${t}`},!0),e.error()})}o(KR,"checkReportMissingProp");oe.checkReportMissingProp=KR;function WR({gen:e,data:t,it:{opts:r}},n,a){return(0,de.or)(...n.map(i=>(0,de.and)(pu(e,t,i,r.ownProperties),(0,de._)`${a} = ${i}`)))}o(WR,"checkMissingProp");oe.checkMissingProp=WR;function JR(e,t){e.setParams({missingProperty:t},!0),e.error()}o(JR,"reportMissingProp");oe.reportMissingProp=JR;function Om(e){return e.scopeValue("func",{ref:Object.prototype.hasOwnProperty,code:(0,de._)`Object.prototype.hasOwnProperty`})}o(Om,"hasPropFunc");oe.hasPropFunc=Om;function lu(e,t,r){return(0,de._)`${Om(e)}.call(${t}, ${r})`}o(lu,"isOwnProperty");oe.isOwnProperty=lu;function YR(e,t,r,n){let a=(0,de._)`${t}${(0,de.getProperty)(r)} !== undefined`;return n?(0,de._)`${a} && ${lu(e,t,r)}`:a}o(YR,"propertyInData");oe.propertyInData=YR;function pu(e,t,r,n){let a=(0,de._)`${t}${(0,de.getProperty)(r)} === undefined`;return n?(0,de.or)(a,(0,de.not)(lu(e,t,r))):a}o(pu,"noPropertyInData");oe.noPropertyInData=pu;function $m(e){return e?Object.keys(e).filter(t=>t!=="__proto__"):[]}o($m,"allSchemaProperties");oe.allSchemaProperties=$m;function QR(e,t){return $m(t).filter(r=>!(0,du.alwaysValidSchema)(e,t[r]))}o(QR,"schemaProperties");oe.schemaProperties=QR;function XR({schemaCode:e,data:t,it:{gen:r,topSchemaRef:n,schemaPath:a,errorPath:i},it:s},c,d,p){let l=p?(0,de._)`${e}, ${t}, ${n}${a}`:t,m=[[yr.default.instancePath,(0,de.strConcat)(yr.default.instancePath,i)],[yr.default.parentData,s.parentData],[yr.default.parentDataProperty,s.parentDataProperty],[yr.default.rootData,yr.default.rootData]];s.opts.dynamicRef&&m.push([yr.default.dynamicAnchors,yr.default.dynamicAnchors]);let h=(0,de._)`${l}, ${r.object(...m)}`;return d!==de.nil?(0,de._)`${c}.call(${d}, ${h})`:(0,de._)`${c}(${h})`}o(XR,"callValidateCode");oe.callValidateCode=XR;var eC=(0,de._)`new RegExp`;function tC({gen:e,it:{opts:t}},r){let n=t.unicodeRegExp?"u":"",{regExp:a}=t.code,i=a(r,n);return e.scopeValue("pattern",{key:i.toString(),ref:i,code:(0,de._)`${a.code==="new RegExp"?eC:(0,ZR.useFunc)(e,a)}(${r}, ${n})`})}o(tC,"usePattern");oe.usePattern=tC;function rC(e){let{gen:t,data:r,keyword:n,it:a}=e,i=t.name("valid");if(a.allErrors){let c=t.let("valid",!0);return s(()=>t.assign(c,!1)),c}return t.var(i,!0),s(()=>t.break()),i;function s(c){let d=t.const("len",(0,de._)`${r}.length`);t.forRange("i",0,d,p=>{e.subschema({keyword:n,dataProp:p,dataPropType:du.Type.Num},i),t.if((0,de.not)(i),c)})}o(s,"validateItems")}o(rC,"validateArray");oe.validateArray=rC;function nC(e){let{gen:t,schema:r,keyword:n,it:a}=e;if(!Array.isArray(r))throw new Error("ajv implementation error");if(r.some(d=>(0,du.alwaysValidSchema)(a,d))&&!a.opts.unevaluated)return;let s=t.let("valid",!1),c=t.name("_valid");t.block(()=>r.forEach((d,p)=>{let l=e.subschema({keyword:n,schemaProp:p,compositeRule:!0},c);t.assign(s,(0,de._)`${s} || ${c}`),e.mergeValidEvaluated(l,c)||t.if((0,de.not)(s))})),e.result(s,()=>e.reset(),()=>e.error(!0))}o(nC,"validateUnion");oe.validateUnion=nC});var qm=x(Pt=>{"use strict";Object.defineProperty(Pt,"__esModule",{value:!0});Pt.validateKeywordUsage=Pt.validSchemaType=Pt.funcKeywordCode=Pt.macroKeywordCode=void 0;var Fe=F(),Hr=Vt(),oC=dt(),aC=Uo();function iC(e,t){let{gen:r,keyword:n,schema:a,parentSchema:i,it:s}=e,c=t.macro.call(s.self,a,i,s),d=Mm(r,n,c);s.opts.validateSchema!==!1&&s.self.validateSchema(c,!0);let p=r.name("valid");e.subschema({schema:c,schemaPath:Fe.nil,errSchemaPath:`${s.errSchemaPath}/${n}`,topSchemaRef:d,compositeRule:!0},p),e.pass(p,()=>e.error(!0))}o(iC,"macroKeywordCode");Pt.macroKeywordCode=iC;function sC(e,t){var r;let{gen:n,keyword:a,schema:i,parentSchema:s,$data:c,it:d}=e;uC(d,t);let p=!c&&t.compile?t.compile.call(d.self,i,s,d):t.validate,l=Mm(n,a,p),m=n.let("valid");e.block$data(m,h),e.ok((r=t.valid)!==null&&r!==void 0?r:m);function h(){if(t.errors===!1)S(),t.modifying&&zm(e),w(()=>e.error());else{let v=t.async?y():_();t.modifying&&zm(e),w(()=>cC(e,v))}}o(h,"validateKeyword");function y(){let v=n.let("ruleErrs",null);return n.try(()=>S((0,Fe._)`await `),b=>n.assign(m,!1).if((0,Fe._)`${b} instanceof ${d.ValidationError}`,()=>n.assign(v,(0,Fe._)`${b}.errors`),()=>n.throw(b))),v}o(y,"validateAsync");function _(){let v=(0,Fe._)`${l}.errors`;return n.assign(v,null),S(Fe.nil),v}o(_,"validateSync");function S(v=t.async?(0,Fe._)`await `:Fe.nil){let b=d.opts.passContext?Hr.default.this:Hr.default.self,R=!("compile"in t&&!c||t.schema===!1);n.assign(m,(0,Fe._)`${v}${(0,oC.callValidateCode)(e,l,b,R)}`,t.modifying)}o(S,"assignValid");function w(v){var b;n.if((0,Fe.not)((b=t.valid)!==null&&b!==void 0?b:m),v)}o(w,"reportErrs")}o(sC,"funcKeywordCode");Pt.funcKeywordCode=sC;function zm(e){let{gen:t,data:r,it:n}=e;t.if(n.parentData,()=>t.assign(r,(0,Fe._)`${n.parentData}[${n.parentDataProperty}]`))}o(zm,"modifyData");function cC(e,t){let{gen:r}=e;r.if((0,Fe._)`Array.isArray(${t})`,()=>{r.assign(Hr.default.vErrors,(0,Fe._)`${Hr.default.vErrors} === null ? ${t} : ${Hr.default.vErrors}.concat(${t})`).assign(Hr.default.errors,(0,Fe._)`${Hr.default.vErrors}.length`),(0,aC.extendErrors)(e)},()=>e.error())}o(cC,"addErrs");function uC({schemaEnv:e},t){if(t.async&&!e.$async)throw new Error("async keyword in sync schema")}o(uC,"checkAsyncKeyword");function Mm(e,t,r){if(r===void 0)throw new Error(`keyword "${t}" failed to compile`);return e.scopeValue("keyword",typeof r=="function"?{ref:r}:{ref:r,code:(0,Fe.stringify)(r)})}o(Mm,"useKeyword");function dC(e,t,r=!1){return!t.length||t.some(n=>n==="array"?Array.isArray(e):n==="object"?e&&typeof e=="object"&&!Array.isArray(e):typeof e==n||r&&typeof e>"u")}o(dC,"validSchemaType");Pt.validSchemaType=dC;function lC({schema:e,opts:t,self:r,errSchemaPath:n},a,i){if(Array.isArray(a.keyword)?!a.keyword.includes(i):a.keyword!==i)throw new Error("ajv implementation error");let s=a.dependencies;if(s?.some(c=>!Object.prototype.hasOwnProperty.call(e,c)))throw new Error(`parent schema must have dependencies of ${i}: ${s.join(",")}`);if(a.validateSchema&&!a.validateSchema(e[i])){let d=`keyword "${i}" value is invalid at path "${n}": `+r.errorsText(a.validateSchema.errors);if(t.validateSchema==="log")r.logger.error(d);else throw new Error(d)}}o(lC,"validateKeywordUsage");Pt.validateKeywordUsage=lC});var Dm=x(Sr=>{"use strict";Object.defineProperty(Sr,"__esModule",{value:!0});Sr.extendSubschemaMode=Sr.extendSubschemaData=Sr.getSubschema=void 0;var xt=F(),Nm=re();function pC(e,{keyword:t,schemaProp:r,schema:n,schemaPath:a,errSchemaPath:i,topSchemaRef:s}){if(t!==void 0&&n!==void 0)throw new Error('both "keyword" and "schema" passed, only one allowed');if(t!==void 0){let c=e.schema[t];return r===void 0?{schema:c,schemaPath:(0,xt._)`${e.schemaPath}${(0,xt.getProperty)(t)}`,errSchemaPath:`${e.errSchemaPath}/${t}`}:{schema:c[r],schemaPath:(0,xt._)`${e.schemaPath}${(0,xt.getProperty)(t)}${(0,xt.getProperty)(r)}`,errSchemaPath:`${e.errSchemaPath}/${t}/${(0,Nm.escapeFragment)(r)}`}}if(n!==void 0){if(a===void 0||i===void 0||s===void 0)throw new Error('"schemaPath", "errSchemaPath" and "topSchemaRef" are required with "schema"');return{schema:n,schemaPath:a,topSchemaRef:s,errSchemaPath:i}}throw new Error('either "keyword" or "schema" must be passed')}o(pC,"getSubschema");Sr.getSubschema=pC;function mC(e,t,{dataProp:r,dataPropType:n,data:a,dataTypes:i,propertyName:s}){if(a!==void 0&&r!==void 0)throw new Error('both "data" and "dataProp" passed, only one allowed');let{gen:c}=t;if(r!==void 0){let{errorPath:p,dataPathArr:l,opts:m}=t,h=c.let("data",(0,xt._)`${t.data}${(0,xt.getProperty)(r)}`,!0);d(h),e.errorPath=(0,xt.str)`${p}${(0,Nm.getErrorPath)(r,n,m.jsPropertySyntax)}`,e.parentDataProperty=(0,xt._)`${r}`,e.dataPathArr=[...l,e.parentDataProperty]}if(a!==void 0){let p=a instanceof xt.Name?a:c.let("data",a,!0);d(p),s!==void 0&&(e.propertyName=s)}i&&(e.dataTypes=i);function d(p){e.data=p,e.dataLevel=t.dataLevel+1,e.dataTypes=[],t.definedProperties=new Set,e.parentData=t.data,e.dataNames=[...t.dataNames,p]}o(d,"dataContextProps")}o(mC,"extendSubschemaData");Sr.extendSubschemaData=mC;function fC(e,{jtdDiscriminator:t,jtdMetadata:r,compositeRule:n,createErrors:a,allErrors:i}){n!==void 0&&(e.compositeRule=n),a!==void 0&&(e.createErrors=a),i!==void 0&&(e.allErrors=i),e.jtdDiscriminator=t,e.jtdMetadata=r}o(fC,"extendSubschemaMode");Sr.extendSubschemaMode=fC});var mu=x((xH,jm)=>{"use strict";jm.exports=o(function e(t,r){if(t===r)return!0;if(t&&r&&typeof t=="object"&&typeof r=="object"){if(t.constructor!==r.constructor)return!1;var n,a,i;if(Array.isArray(t)){if(n=t.length,n!=r.length)return!1;for(a=n;a--!==0;)if(!e(t[a],r[a]))return!1;return!0}if(t.constructor===RegExp)return t.source===r.source&&t.flags===r.flags;if(t.valueOf!==Object.prototype.valueOf)return t.valueOf()===r.valueOf();if(t.toString!==Object.prototype.toString)return t.toString()===r.toString();if(i=Object.keys(t),n=i.length,n!==Object.keys(r).length)return!1;for(a=n;a--!==0;)if(!Object.prototype.hasOwnProperty.call(r,i[a]))return!1;for(a=n;a--!==0;){var s=i[a];if(!e(t[s],r[s]))return!1}return!0}return t!==t&&r!==r},"equal")});var Lm=x((kH,Hm)=>{"use strict";var _r=Hm.exports=function(e,t,r){typeof t=="function"&&(r=t,t={}),r=t.cb||r;var n=typeof r=="function"?r:r.pre||function(){},a=r.post||function(){};ci(t,n,a,e,"",e)};_r.keywords={additionalItems:!0,items:!0,contains:!0,additionalProperties:!0,propertyNames:!0,not:!0,if:!0,then:!0,else:!0};_r.arrayKeywords={items:!0,allOf:!0,anyOf:!0,oneOf:!0};_r.propsKeywords={$defs:!0,definitions:!0,properties:!0,patternProperties:!0,dependencies:!0};_r.skipKeywords={default:!0,enum:!0,const:!0,required:!0,maximum:!0,minimum:!0,exclusiveMaximum:!0,exclusiveMinimum:!0,multipleOf:!0,maxLength:!0,minLength:!0,pattern:!0,format:!0,maxItems:!0,minItems:!0,uniqueItems:!0,maxProperties:!0,minProperties:!0};function ci(e,t,r,n,a,i,s,c,d,p){if(n&&typeof n=="object"&&!Array.isArray(n)){t(n,a,i,s,c,d,p);for(var l in n){var m=n[l];if(Array.isArray(m)){if(l in _r.arrayKeywords)for(var h=0;h<m.length;h++)ci(e,t,r,m[h],a+"/"+l+"/"+h,i,a,l,n,h)}else if(l in _r.propsKeywords){if(m&&typeof m=="object")for(var y in m)ci(e,t,r,m[y],a+"/"+l+"/"+hC(y),i,a,l,n,y)}else(l in _r.keywords||e.allKeys&&!(l in _r.skipKeywords))&&ci(e,t,r,m,a+"/"+l,i,a,l,n)}r(n,a,i,s,c,d,p)}}o(ci,"_traverse");function hC(e){return e.replace(/~/g,"~0").replace(/\//g,"~1")}o(hC,"escapeJsonPtr")});var $o=x(Je=>{"use strict";Object.defineProperty(Je,"__esModule",{value:!0});Je.getSchemaRefs=Je.resolveUrl=Je.normalizeId=Je._getFullPath=Je.getFullPath=Je.inlineRef=void 0;var gC=re(),yC=mu(),SC=Lm(),_C=new Set(["type","format","pattern","maxLength","minLength","maxProperties","minProperties","maxItems","minItems","maximum","minimum","uniqueItems","multipleOf","required","enum","const"]);function wC(e,t=!0){return typeof e=="boolean"?!0:t===!0?!fu(e):t?Bm(e)<=t:!1}o(wC,"inlineRef");Je.inlineRef=wC;var vC=new Set(["$ref","$recursiveRef","$recursiveAnchor","$dynamicRef","$dynamicAnchor"]);function fu(e){for(let t in e){if(vC.has(t))return!0;let r=e[t];if(Array.isArray(r)&&r.some(fu)||typeof r=="object"&&fu(r))return!0}return!1}o(fu,"hasRef");function Bm(e){let t=0;for(let r in e){if(r==="$ref")return 1/0;if(t++,!_C.has(r)&&(typeof e[r]=="object"&&(0,gC.eachItem)(e[r],n=>t+=Bm(n)),t===1/0))return 1/0}return t}o(Bm,"countKeys");function Gm(e,t="",r){r!==!1&&(t=Cn(t));let n=e.parse(t);return Vm(e,n)}o(Gm,"getFullPath");Je.getFullPath=Gm;function Vm(e,t){return e.serialize(t).split("#")[0]+"#"}o(Vm,"_getFullPath");Je._getFullPath=Vm;var bC=/#\/?$/;function Cn(e){return e?e.replace(bC,""):""}o(Cn,"normalizeId");Je.normalizeId=Cn;function RC(e,t,r){return r=Cn(r),e.resolve(t,r)}o(RC,"resolveUrl");Je.resolveUrl=RC;var CC=/^[a-z_][-a-z0-9._]*$/i;function IC(e,t){if(typeof e=="boolean")return{};let{schemaId:r,uriResolver:n}=this.opts,a=Cn(e[r]||t),i={"":a},s=Gm(n,a,!1),c={},d=new Set;return SC(e,{allKeys:!0},(m,h,y,_)=>{if(_===void 0)return;let S=s+h,w=i[_];typeof m[r]=="string"&&(w=v.call(this,m[r])),b.call(this,m.$anchor),b.call(this,m.$dynamicAnchor),i[h]=w;function v(R){let q=this.opts.uriResolver.resolve;if(R=Cn(w?q(w,R):R),d.has(R))throw l(R);d.add(R);let N=this.refs[R];return typeof N=="string"&&(N=this.refs[N]),typeof N=="object"?p(m,N.schema,R):R!==Cn(S)&&(R[0]==="#"?(p(m,c[R],R),c[R]=m):this.refs[R]=S),R}o(v,"addRef");function b(R){if(typeof R=="string"){if(!CC.test(R))throw new Error(`invalid anchor "${R}"`);v.call(this,`#${R}`)}}o(b,"addAnchor")}),c;function p(m,h,y){if(h!==void 0&&!yC(m,h))throw l(y)}o(p,"checkAmbiguosRef");function l(m){return new Error(`reference "${m}" resolves to more than one schema`)}o(l,"ambiguos")}o(IC,"getSchemaRefs");Je.getSchemaRefs=IC});var qo=x(wr=>{"use strict";Object.defineProperty(wr,"__esModule",{value:!0});wr.getData=wr.KeywordCxt=wr.validateFunctionCode=void 0;var Jm=Im(),Fm=Oo(),gu=iu(),ui=Oo(),PC=Um(),Mo=qm(),hu=Dm(),$=F(),L=Vt(),xC=$o(),Ft=re(),zo=Uo();function AC(e){if(Xm(e)&&(ef(e),Qm(e))){EC(e);return}Ym(e,()=>(0,Jm.topBoolOrEmptySchema)(e))}o(AC,"validateFunctionCode");wr.validateFunctionCode=AC;function Ym({gen:e,validateName:t,schema:r,schemaEnv:n,opts:a},i){a.code.es5?e.func(t,(0,$._)`${L.default.data}, ${L.default.valCxt}`,n.$async,()=>{e.code((0,$._)`"use strict"; ${Zm(r,a)}`),TC(e,a),e.code(i)}):e.func(t,(0,$._)`${L.default.data}, ${kC(a)}`,n.$async,()=>e.code(Zm(r,a)).code(i))}o(Ym,"validateFunction");function kC(e){return(0,$._)`{${L.default.instancePath}="", ${L.default.parentData}, ${L.default.parentDataProperty}, ${L.default.rootData}=${L.default.data}${e.dynamicRef?(0,$._)`, ${L.default.dynamicAnchors}={}`:$.nil}}={}`}o(kC,"destructureValCxt");function TC(e,t){e.if(L.default.valCxt,()=>{e.var(L.default.instancePath,(0,$._)`${L.default.valCxt}.${L.default.instancePath}`),e.var(L.default.parentData,(0,$._)`${L.default.valCxt}.${L.default.parentData}`),e.var(L.default.parentDataProperty,(0,$._)`${L.default.valCxt}.${L.default.parentDataProperty}`),e.var(L.default.rootData,(0,$._)`${L.default.valCxt}.${L.default.rootData}`),t.dynamicRef&&e.var(L.default.dynamicAnchors,(0,$._)`${L.default.valCxt}.${L.default.dynamicAnchors}`)},()=>{e.var(L.default.instancePath,(0,$._)`""`),e.var(L.default.parentData,(0,$._)`undefined`),e.var(L.default.parentDataProperty,(0,$._)`undefined`),e.var(L.default.rootData,L.default.data),t.dynamicRef&&e.var(L.default.dynamicAnchors,(0,$._)`{}`)})}o(TC,"destructureValCxtES5");function EC(e){let{schema:t,opts:r,gen:n}=e;Ym(e,()=>{r.$comment&&t.$comment&&rf(e),MC(e),n.let(L.default.vErrors,null),n.let(L.default.errors,0),r.unevaluated&&UC(e),tf(e),DC(e)})}o(EC,"topSchemaObjCode");function UC(e){let{gen:t,validateName:r}=e;e.evaluated=t.const("evaluated",(0,$._)`${r}.evaluated`),t.if((0,$._)`${e.evaluated}.dynamicProps`,()=>t.assign((0,$._)`${e.evaluated}.props`,(0,$._)`undefined`)),t.if((0,$._)`${e.evaluated}.dynamicItems`,()=>t.assign((0,$._)`${e.evaluated}.items`,(0,$._)`undefined`))}o(UC,"resetEvaluated");function Zm(e,t){let r=typeof e=="object"&&e[t.schemaId];return r&&(t.code.source||t.code.process)?(0,$._)`/*# sourceURL=${r} */`:$.nil}o(Zm,"funcSourceUrl");function OC(e,t){if(Xm(e)&&(ef(e),Qm(e))){$C(e,t);return}(0,Jm.boolOrEmptySchema)(e,t)}o(OC,"subschemaCode");function Qm({schema:e,self:t}){if(typeof e=="boolean")return!e;for(let r in e)if(t.RULES.all[r])return!0;return!1}o(Qm,"schemaCxtHasRules");function Xm(e){return typeof e.schema!="boolean"}o(Xm,"isSchemaObj");function $C(e,t){let{schema:r,gen:n,opts:a}=e;a.$comment&&r.$comment&&rf(e),qC(e),NC(e);let i=n.const("_errs",L.default.errors);tf(e,i),n.var(t,(0,$._)`${i} === ${L.default.errors}`)}o($C,"subSchemaObjCode");function ef(e){(0,Ft.checkUnknownRules)(e),zC(e)}o(ef,"checkKeywords");function tf(e,t){if(e.opts.jtd)return Km(e,[],!1,t);let r=(0,Fm.getSchemaTypes)(e.schema),n=(0,Fm.coerceAndCheckDataType)(e,r);Km(e,r,!n,t)}o(tf,"typeAndKeywords");function zC(e){let{schema:t,errSchemaPath:r,opts:n,self:a}=e;t.$ref&&n.ignoreKeywordsWithRef&&(0,Ft.schemaHasRulesButRef)(t,a.RULES)&&a.logger.warn(`$ref: keywords ignored in schema at path "${r}"`)}o(zC,"checkRefsAndKeywords");function MC(e){let{schema:t,opts:r}=e;t.default!==void 0&&r.useDefaults&&r.strictSchema&&(0,Ft.checkStrictMode)(e,"default is ignored in the schema root")}o(MC,"checkNoDefault");function qC(e){let t=e.schema[e.opts.schemaId];t&&(e.baseId=(0,xC.resolveUrl)(e.opts.uriResolver,e.baseId,t))}o(qC,"updateContext");function NC(e){if(e.schema.$async&&!e.schemaEnv.$async)throw new Error("async schema in sync schema")}o(NC,"checkAsyncSchema");function rf({gen:e,schemaEnv:t,schema:r,errSchemaPath:n,opts:a}){let i=r.$comment;if(a.$comment===!0)e.code((0,$._)`${L.default.self}.logger.log(${i})`);else if(typeof a.$comment=="function"){let s=(0,$.str)`${n}/$comment`,c=e.scopeValue("root",{ref:t.root});e.code((0,$._)`${L.default.self}.opts.$comment(${i}, ${s}, ${c}.schema)`)}}o(rf,"commentKeyword");function DC(e){let{gen:t,schemaEnv:r,validateName:n,ValidationError:a,opts:i}=e;r.$async?t.if((0,$._)`${L.default.errors} === 0`,()=>t.return(L.default.data),()=>t.throw((0,$._)`new ${a}(${L.default.vErrors})`)):(t.assign((0,$._)`${n}.errors`,L.default.vErrors),i.unevaluated&&jC(e),t.return((0,$._)`${L.default.errors} === 0`))}o(DC,"returnResults");function jC({gen:e,evaluated:t,props:r,items:n}){r instanceof $.Name&&e.assign((0,$._)`${t}.props`,r),n instanceof $.Name&&e.assign((0,$._)`${t}.items`,n)}o(jC,"assignEvaluated");function Km(e,t,r,n){let{gen:a,schema:i,data:s,allErrors:c,opts:d,self:p}=e,{RULES:l}=p;if(i.$ref&&(d.ignoreKeywordsWithRef||!(0,Ft.schemaHasRulesButRef)(i,l))){a.block(()=>of(e,"$ref",l.all.$ref.definition));return}d.jtd||HC(e,t),a.block(()=>{for(let h of l.rules)m(h);m(l.post)});function m(h){(0,gu.shouldUseGroup)(i,h)&&(h.type?(a.if((0,ui.checkDataType)(h.type,s,d.strictNumbers)),Wm(e,h),t.length===1&&t[0]===h.type&&r&&(a.else(),(0,ui.reportTypeError)(e)),a.endIf()):Wm(e,h),c||a.if((0,$._)`${L.default.errors} === ${n||0}`))}o(m,"groupKeywords")}o(Km,"schemaKeywords");function Wm(e,t){let{gen:r,schema:n,opts:{useDefaults:a}}=e;a&&(0,PC.assignDefaults)(e,t.type),r.block(()=>{for(let i of t.rules)(0,gu.shouldUseRule)(n,i)&&of(e,i.keyword,i.definition,t.type)})}o(Wm,"iterateKeywords");function HC(e,t){e.schemaEnv.meta||!e.opts.strictTypes||(LC(e,t),e.opts.allowUnionTypes||BC(e,t),GC(e,e.dataTypes))}o(HC,"checkStrictTypes");function LC(e,t){if(t.length){if(!e.dataTypes.length){e.dataTypes=t;return}t.forEach(r=>{nf(e.dataTypes,r)||yu(e,`type "${r}" not allowed by context "${e.dataTypes.join(",")}"`)}),FC(e,t)}}o(LC,"checkContextTypes");function BC(e,t){t.length>1&&!(t.length===2&&t.includes("null"))&&yu(e,"use allowUnionTypes to allow union type keyword")}o(BC,"checkMultipleTypes");function GC(e,t){let r=e.self.RULES.all;for(let n in r){let a=r[n];if(typeof a=="object"&&(0,gu.shouldUseRule)(e.schema,a)){let{type:i}=a.definition;i.length&&!i.some(s=>VC(t,s))&&yu(e,`missing type "${i.join(",")}" for keyword "${n}"`)}}}o(GC,"checkKeywordTypes");function VC(e,t){return e.includes(t)||t==="number"&&e.includes("integer")}o(VC,"hasApplicableType");function nf(e,t){return e.includes(t)||t==="integer"&&e.includes("number")}o(nf,"includesType");function FC(e,t){let r=[];for(let n of e.dataTypes)nf(t,n)?r.push(n):t.includes("integer")&&n==="number"&&r.push("integer");e.dataTypes=r}o(FC,"narrowSchemaTypes");function yu(e,t){let r=e.schemaEnv.baseId+e.errSchemaPath;t+=` at "${r}" (strictTypes)`,(0,Ft.checkStrictMode)(e,t,e.opts.strictTypes)}o(yu,"strictTypesError");var di=class{static{o(this,"KeywordCxt")}constructor(t,r,n){if((0,Mo.validateKeywordUsage)(t,r,n),this.gen=t.gen,this.allErrors=t.allErrors,this.keyword=n,this.data=t.data,this.schema=t.schema[n],this.$data=r.$data&&t.opts.$data&&this.schema&&this.schema.$data,this.schemaValue=(0,Ft.schemaRefOrVal)(t,this.schema,n,this.$data),this.schemaType=r.schemaType,this.parentSchema=t.schema,this.params={},this.it=t,this.def=r,this.$data)this.schemaCode=t.gen.const("vSchema",af(this.$data,t));else if(this.schemaCode=this.schemaValue,!(0,Mo.validSchemaType)(this.schema,r.schemaType,r.allowUndefined))throw new Error(`${n} value must be ${JSON.stringify(r.schemaType)}`);("code"in r?r.trackErrors:r.errors!==!1)&&(this.errsCount=t.gen.const("_errs",L.default.errors))}result(t,r,n){this.failResult((0,$.not)(t),r,n)}failResult(t,r,n){this.gen.if(t),n?n():this.error(),r?(this.gen.else(),r(),this.allErrors&&this.gen.endIf()):this.allErrors?this.gen.endIf():this.gen.else()}pass(t,r){this.failResult((0,$.not)(t),void 0,r)}fail(t){if(t===void 0){this.error(),this.allErrors||this.gen.if(!1);return}this.gen.if(t),this.error(),this.allErrors?this.gen.endIf():this.gen.else()}fail$data(t){if(!this.$data)return this.fail(t);let{schemaCode:r}=this;this.fail((0,$._)`${r} !== undefined && (${(0,$.or)(this.invalid$data(),t)})`)}error(t,r,n){if(r){this.setParams(r),this._error(t,n),this.setParams({});return}this._error(t,n)}_error(t,r){(t?zo.reportExtraError:zo.reportError)(this,this.def.error,r)}$dataError(){(0,zo.reportError)(this,this.def.$dataError||zo.keyword$DataError)}reset(){if(this.errsCount===void 0)throw new Error('add "trackErrors" to keyword definition');(0,zo.resetErrorsCount)(this.gen,this.errsCount)}ok(t){this.allErrors||this.gen.if(t)}setParams(t,r){r?Object.assign(this.params,t):this.params=t}block$data(t,r,n=$.nil){this.gen.block(()=>{this.check$data(t,n),r()})}check$data(t=$.nil,r=$.nil){if(!this.$data)return;let{gen:n,schemaCode:a,schemaType:i,def:s}=this;n.if((0,$.or)((0,$._)`${a} === undefined`,r)),t!==$.nil&&n.assign(t,!0),(i.length||s.validateSchema)&&(n.elseIf(this.invalid$data()),this.$dataError(),t!==$.nil&&n.assign(t,!1)),n.else()}invalid$data(){let{gen:t,schemaCode:r,schemaType:n,def:a,it:i}=this;return(0,$.or)(s(),c());function s(){if(n.length){if(!(r instanceof $.Name))throw new Error("ajv implementation error");let d=Array.isArray(n)?n:[n];return(0,$._)`${(0,ui.checkDataTypes)(d,r,i.opts.strictNumbers,ui.DataType.Wrong)}`}return $.nil}function c(){if(a.validateSchema){let d=t.scopeValue("validate$data",{ref:a.validateSchema});return(0,$._)`!${d}(${r})`}return $.nil}}subschema(t,r){let n=(0,hu.getSubschema)(this.it,t);(0,hu.extendSubschemaData)(n,this.it,t),(0,hu.extendSubschemaMode)(n,t);let a={...this.it,...n,items:void 0,props:void 0};return OC(a,r),a}mergeEvaluated(t,r){let{it:n,gen:a}=this;n.opts.unevaluated&&(n.props!==!0&&t.props!==void 0&&(n.props=Ft.mergeEvaluated.props(a,t.props,n.props,r)),n.items!==!0&&t.items!==void 0&&(n.items=Ft.mergeEvaluated.items(a,t.items,n.items,r)))}mergeValidEvaluated(t,r){let{it:n,gen:a}=this;if(n.opts.unevaluated&&(n.props!==!0||n.items!==!0))return a.if(r,()=>this.mergeEvaluated(t,$.Name)),!0}};wr.KeywordCxt=di;function of(e,t,r,n){let a=new di(e,r,t);"code"in r?r.code(a,n):a.$data&&r.validate?(0,Mo.funcKeywordCode)(a,r):"macro"in r?(0,Mo.macroKeywordCode)(a,r):(r.compile||r.validate)&&(0,Mo.funcKeywordCode)(a,r)}o(of,"keywordCode");var ZC=/^\/(?:[^~]|~0|~1)*$/,KC=/^([0-9]+)(#|\/(?:[^~]|~0|~1)*)?$/;function af(e,{dataLevel:t,dataNames:r,dataPathArr:n}){let a,i;if(e==="")return L.default.rootData;if(e[0]==="/"){if(!ZC.test(e))throw new Error(`Invalid JSON-pointer: ${e}`);a=e,i=L.default.rootData}else{let p=KC.exec(e);if(!p)throw new Error(`Invalid JSON-pointer: ${e}`);let l=+p[1];if(a=p[2],a==="#"){if(l>=t)throw new Error(d("property/index",l));return n[t-l]}if(l>t)throw new Error(d("data",l));if(i=r[t-l],!a)return i}let s=i,c=a.split("/");for(let p of c)p&&(i=(0,$._)`${i}${(0,$.getProperty)((0,Ft.unescapeJsonPointer)(p))}`,s=(0,$._)`${s} && ${i}`);return s;function d(p,l){return`Cannot access ${p} ${l} levels up, current level is ${t}`}}o(af,"getData");wr.getData=af});var li=x(_u=>{"use strict";Object.defineProperty(_u,"__esModule",{value:!0});var Su=class extends Error{static{o(this,"ValidationError")}constructor(t){super("validation failed"),this.errors=t,this.ajv=this.validation=!0}};_u.default=Su});var No=x(bu=>{"use strict";Object.defineProperty(bu,"__esModule",{value:!0});var wu=$o(),vu=class extends Error{static{o(this,"MissingRefError")}constructor(t,r,n,a){super(a||`can't resolve reference ${n} from id ${r}`),this.missingRef=(0,wu.resolveUrl)(t,r,n),this.missingSchema=(0,wu.normalizeId)((0,wu.getFullPath)(t,this.missingRef))}};bu.default=vu});var mi=x(lt=>{"use strict";Object.defineProperty(lt,"__esModule",{value:!0});lt.resolveSchema=lt.getCompilingSchema=lt.resolveRef=lt.compileSchema=lt.SchemaEnv=void 0;var wt=F(),WC=li(),Lr=Vt(),vt=$o(),sf=re(),JC=qo(),In=class{static{o(this,"SchemaEnv")}constructor(t){var r;this.refs={},this.dynamicAnchors={};let n;typeof t.schema=="object"&&(n=t.schema),this.schema=t.schema,this.schemaId=t.schemaId,this.root=t.root||this,this.baseId=(r=t.baseId)!==null&&r!==void 0?r:(0,vt.normalizeId)(n?.[t.schemaId||"$id"]),this.schemaPath=t.schemaPath,this.localRefs=t.localRefs,this.meta=t.meta,this.$async=n?.$async,this.refs={}}};lt.SchemaEnv=In;function Cu(e){let t=cf.call(this,e);if(t)return t;let r=(0,vt.getFullPath)(this.opts.uriResolver,e.root.baseId),{es5:n,lines:a}=this.opts.code,{ownProperties:i}=this.opts,s=new wt.CodeGen(this.scope,{es5:n,lines:a,ownProperties:i}),c;e.$async&&(c=s.scopeValue("Error",{ref:WC.default,code:(0,wt._)`require("ajv/dist/runtime/validation_error").default`}));let d=s.scopeName("validate");e.validateName=d;let p={gen:s,allErrors:this.opts.allErrors,data:Lr.default.data,parentData:Lr.default.parentData,parentDataProperty:Lr.default.parentDataProperty,dataNames:[Lr.default.data],dataPathArr:[wt.nil],dataLevel:0,dataTypes:[],definedProperties:new Set,topSchemaRef:s.scopeValue("schema",this.opts.code.source===!0?{ref:e.schema,code:(0,wt.stringify)(e.schema)}:{ref:e.schema}),validateName:d,ValidationError:c,schema:e.schema,schemaEnv:e,rootId:r,baseId:e.baseId||r,schemaPath:wt.nil,errSchemaPath:e.schemaPath||(this.opts.jtd?"":"#"),errorPath:(0,wt._)`""`,opts:this.opts,self:this},l;try{this._compilations.add(e),(0,JC.validateFunctionCode)(p),s.optimize(this.opts.code.optimize);let m=s.toString();l=`${s.scopeRefs(Lr.default.scope)}return ${m}`,this.opts.code.process&&(l=this.opts.code.process(l,e));let y=new Function(`${Lr.default.self}`,`${Lr.default.scope}`,l)(this,this.scope.get());if(this.scope.value(d,{ref:y}),y.errors=null,y.schema=e.schema,y.schemaEnv=e,e.$async&&(y.$async=!0),this.opts.code.source===!0&&(y.source={validateName:d,validateCode:m,scopeValues:s._values}),this.opts.unevaluated){let{props:_,items:S}=p;y.evaluated={props:_ instanceof wt.Name?void 0:_,items:S instanceof wt.Name?void 0:S,dynamicProps:_ instanceof wt.Name,dynamicItems:S instanceof wt.Name},y.source&&(y.source.evaluated=(0,wt.stringify)(y.evaluated))}return e.validate=y,e}catch(m){throw delete e.validate,delete e.validateName,l&&this.logger.error("Error compiling schema, function code:",l),m}finally{this._compilations.delete(e)}}o(Cu,"compileSchema");lt.compileSchema=Cu;function YC(e,t,r){var n;r=(0,vt.resolveUrl)(this.opts.uriResolver,t,r);let a=e.refs[r];if(a)return a;let i=eI.call(this,e,r);if(i===void 0){let s=(n=e.localRefs)===null||n===void 0?void 0:n[r],{schemaId:c}=this.opts;s&&(i=new In({schema:s,schemaId:c,root:e,baseId:t}))}if(i!==void 0)return e.refs[r]=QC.call(this,i)}o(YC,"resolveRef");lt.resolveRef=YC;function QC(e){return(0,vt.inlineRef)(e.schema,this.opts.inlineRefs)?e.schema:e.validate?e:Cu.call(this,e)}o(QC,"inlineOrCompile");function cf(e){for(let t of this._compilations)if(XC(t,e))return t}o(cf,"getCompilingSchema");lt.getCompilingSchema=cf;function XC(e,t){return e.schema===t.schema&&e.root===t.root&&e.baseId===t.baseId}o(XC,"sameSchemaEnv");function eI(e,t){let r;for(;typeof(r=this.refs[t])=="string";)t=r;return r||this.schemas[t]||pi.call(this,e,t)}o(eI,"resolve");function pi(e,t){let r=this.opts.uriResolver.parse(t),n=(0,vt._getFullPath)(this.opts.uriResolver,r),a=(0,vt.getFullPath)(this.opts.uriResolver,e.baseId,void 0);if(Object.keys(e.schema).length>0&&n===a)return Ru.call(this,r,e);let i=(0,vt.normalizeId)(n),s=this.refs[i]||this.schemas[i];if(typeof s=="string"){let c=pi.call(this,e,s);return typeof c?.schema!="object"?void 0:Ru.call(this,r,c)}if(typeof s?.schema=="object"){if(s.validate||Cu.call(this,s),i===(0,vt.normalizeId)(t)){let{schema:c}=s,{schemaId:d}=this.opts,p=c[d];return p&&(a=(0,vt.resolveUrl)(this.opts.uriResolver,a,p)),new In({schema:c,schemaId:d,root:e,baseId:a})}return Ru.call(this,r,s)}}o(pi,"resolveSchema");lt.resolveSchema=pi;var tI=new Set(["properties","patternProperties","enum","dependencies","definitions"]);function Ru(e,{baseId:t,schema:r,root:n}){var a;if(((a=e.fragment)===null||a===void 0?void 0:a[0])!=="/")return;for(let c of e.fragment.slice(1).split("/")){if(typeof r=="boolean")return;let d=r[(0,sf.unescapeFragment)(c)];if(d===void 0)return;r=d;let p=typeof r=="object"&&r[this.opts.schemaId];!tI.has(c)&&p&&(t=(0,vt.resolveUrl)(this.opts.uriResolver,t,p))}let i;if(typeof r!="boolean"&&r.$ref&&!(0,sf.schemaHasRulesButRef)(r,this.RULES)){let c=(0,vt.resolveUrl)(this.opts.uriResolver,t,r.$ref);i=pi.call(this,n,c)}let{schemaId:s}=this.opts;if(i=i||new In({schema:r,schemaId:s,root:n,baseId:t}),i.schema!==i.root.schema)return i}o(Ru,"getJsonPointer")});var uf=x((HH,rI)=>{rI.exports={$id:"https://raw.githubusercontent.com/ajv-validator/ajv/master/lib/refs/data.json#",description:"Meta-schema for $data reference (JSON AnySchema extension proposal)",type:"object",required:["$data"],properties:{$data:{type:"string",anyOf:[{format:"relative-json-pointer"},{format:"json-pointer"}]}},additionalProperties:!1}});var Pu=x((LH,mf)=>{"use strict";var nI=RegExp.prototype.test.bind(/^[\da-f]{8}-[\da-f]{4}-[\da-f]{4}-[\da-f]{4}-[\da-f]{12}$/iu),lf=RegExp.prototype.test.bind(/^(?:(?:25[0-5]|2[0-4]\d|1\d{2}|[1-9]\d|\d)\.){3}(?:25[0-5]|2[0-4]\d|1\d{2}|[1-9]\d|\d)$/u);function Iu(e){let t="",r=0,n=0;for(n=0;n<e.length;n++)if(r=e[n].charCodeAt(0),r!==48){if(!(r>=48&&r<=57||r>=65&&r<=70||r>=97&&r<=102))return"";t+=e[n];break}for(n+=1;n<e.length;n++){if(r=e[n].charCodeAt(0),!(r>=48&&r<=57||r>=65&&r<=70||r>=97&&r<=102))return"";t+=e[n]}return t}o(Iu,"stringArrayToHexStripped");var oI=RegExp.prototype.test.bind(/[^!"$&'()*+,\-.;=_`a-z{}~]/u);function df(e){return e.length=0,!0}o(df,"consumeIsZone");function aI(e,t,r){if(e.length){let n=Iu(e);if(n!=="")t.push(n);else return r.error=!0,!1;e.length=0}return!0}o(aI,"consumeHextets");function iI(e){let t=0,r={error:!1,address:"",zone:""},n=[],a=[],i=!1,s=!1,c=aI;for(let d=0;d<e.length;d++){let p=e[d];if(!(p==="["||p==="]"))if(p===":"){if(i===!0&&(s=!0),!c(a,n,r))break;if(++t>7){r.error=!0;break}d>0&&e[d-1]===":"&&(i=!0),n.push(":");continue}else if(p==="%"){if(!c(a,n,r))break;c=df}else{a.push(p);continue}}return a.length&&(c===df?r.zone=a.join(""):s?n.push(a.join("")):n.push(Iu(a))),r.address=n.join(""),r}o(iI,"getIPV6");function pf(e){if(sI(e,":")<2)return{host:e,isIPV6:!1};let t=iI(e);if(t.error)return{host:e,isIPV6:!1};{let r=t.address,n=t.address;return t.zone&&(r+="%"+t.zone,n+="%25"+t.zone),{host:r,isIPV6:!0,escapedHost:n}}}o(pf,"normalizeIPv6");function sI(e,t){let r=0;for(let n=0;n<e.length;n++)e[n]===t&&r++;return r}o(sI,"findToken");function cI(e){let t=e,r=[],n=-1,a=0;for(;a=t.length;){if(a===1){if(t===".")break;if(t==="/"){r.push("/");break}else{r.push(t);break}}else if(a===2){if(t[0]==="."){if(t[1]===".")break;if(t[1]==="/"){t=t.slice(2);continue}}else if(t[0]==="/"&&(t[1]==="."||t[1]==="/")){r.push("/");break}}else if(a===3&&t==="/.."){r.length!==0&&r.pop(),r.push("/");break}if(t[0]==="."){if(t[1]==="."){if(t[2]==="/"){t=t.slice(3);continue}}else if(t[1]==="/"){t=t.slice(2);continue}}else if(t[0]==="/"&&t[1]==="."){if(t[2]==="/"){t=t.slice(2);continue}else if(t[2]==="."&&t[3]==="/"){t=t.slice(3),r.length!==0&&r.pop();continue}}if((n=t.indexOf("/",1))===-1){r.push(t);break}else r.push(t.slice(0,n)),t=t.slice(n)}return r.join("")}o(cI,"removeDotSegments");function uI(e,t){let r=t!==!0?escape:unescape;return e.scheme!==void 0&&(e.scheme=r(e.scheme)),e.userinfo!==void 0&&(e.userinfo=r(e.userinfo)),e.host!==void 0&&(e.host=r(e.host)),e.path!==void 0&&(e.path=r(e.path)),e.query!==void 0&&(e.query=r(e.query)),e.fragment!==void 0&&(e.fragment=r(e.fragment)),e}o(uI,"normalizeComponentEncoding");function dI(e){let t=[];if(e.userinfo!==void 0&&(t.push(e.userinfo),t.push("@")),e.host!==void 0){let r=unescape(e.host);if(!lf(r)){let n=pf(r);n.isIPV6===!0?r=`[${n.escapedHost}]`:r=e.host}t.push(r)}return(typeof e.port=="number"||typeof e.port=="string")&&(t.push(":"),t.push(String(e.port))),t.length?t.join(""):void 0}o(dI,"recomposeAuthority");mf.exports={nonSimpleDomain:oI,recomposeAuthority:dI,normalizeComponentEncoding:uI,removeDotSegments:cI,isIPv4:lf,isUUID:nI,normalizeIPv6:pf,stringArrayToHexStripped:Iu}});var Sf=x((GH,yf)=>{"use strict";var{isUUID:lI}=Pu(),pI=/([\da-z][\d\-a-z]{0,31}):((?:[\w!$'()*+,\-.:;=@]|%[\da-f]{2})+)/iu,mI=["http","https","ws","wss","urn","urn:uuid"];function fI(e){return mI.indexOf(e)!==-1}o(fI,"isValidSchemeName");function xu(e){return e.secure===!0?!0:e.secure===!1?!1:e.scheme?e.scheme.length===3&&(e.scheme[0]==="w"||e.scheme[0]==="W")&&(e.scheme[1]==="s"||e.scheme[1]==="S")&&(e.scheme[2]==="s"||e.scheme[2]==="S"):!1}o(xu,"wsIsSecure");function ff(e){return e.host||(e.error=e.error||"HTTP URIs must have a host."),e}o(ff,"httpParse");function hf(e){let t=String(e.scheme).toLowerCase()==="https";return(e.port===(t?443:80)||e.port==="")&&(e.port=void 0),e.path||(e.path="/"),e}o(hf,"httpSerialize");function hI(e){return e.secure=xu(e),e.resourceName=(e.path||"/")+(e.query?"?"+e.query:""),e.path=void 0,e.query=void 0,e}o(hI,"wsParse");function gI(e){if((e.port===(xu(e)?443:80)||e.port==="")&&(e.port=void 0),typeof e.secure=="boolean"&&(e.scheme=e.secure?"wss":"ws",e.secure=void 0),e.resourceName){let[t,r]=e.resourceName.split("?");e.path=t&&t!=="/"?t:void 0,e.query=r,e.resourceName=void 0}return e.fragment=void 0,e}o(gI,"wsSerialize");function yI(e,t){if(!e.path)return e.error="URN can not be parsed",e;let r=e.path.match(pI);if(r){let n=t.scheme||e.scheme||"urn";e.nid=r[1].toLowerCase(),e.nss=r[2];let a=`${n}:${t.nid||e.nid}`,i=Au(a);e.path=void 0,i&&(e=i.parse(e,t))}else e.error=e.error||"URN can not be parsed.";return e}o(yI,"urnParse");function SI(e,t){if(e.nid===void 0)throw new Error("URN without nid cannot be serialized");let r=t.scheme||e.scheme||"urn",n=e.nid.toLowerCase(),a=`${r}:${t.nid||n}`,i=Au(a);i&&(e=i.serialize(e,t));let s=e,c=e.nss;return s.path=`${n||t.nid}:${c}`,t.skipEscape=!0,s}o(SI,"urnSerialize");function _I(e,t){let r=e;return r.uuid=r.nss,r.nss=void 0,!t.tolerant&&(!r.uuid||!lI(r.uuid))&&(r.error=r.error||"UUID is not valid."),r}o(_I,"urnuuidParse");function wI(e){let t=e;return t.nss=(e.uuid||"").toLowerCase(),t}o(wI,"urnuuidSerialize");var gf={scheme:"http",domainHost:!0,parse:ff,serialize:hf},vI={scheme:"https",domainHost:gf.domainHost,parse:ff,serialize:hf},fi={scheme:"ws",domainHost:!0,parse:hI,serialize:gI},bI={scheme:"wss",domainHost:fi.domainHost,parse:fi.parse,serialize:fi.serialize},RI={scheme:"urn",parse:yI,serialize:SI,skipNormalize:!0},CI={scheme:"urn:uuid",parse:_I,serialize:wI,skipNormalize:!0},hi={http:gf,https:vI,ws:fi,wss:bI,urn:RI,"urn:uuid":CI};Object.setPrototypeOf(hi,null);function Au(e){return e&&(hi[e]||hi[e.toLowerCase()])||void 0}o(Au,"getSchemeHandler");yf.exports={wsIsSecure:xu,SCHEMES:hi,isValidSchemeName:fI,getSchemeHandler:Au}});var vf=x((FH,yi)=>{"use strict";var{normalizeIPv6:II,removeDotSegments:Do,recomposeAuthority:PI,normalizeComponentEncoding:gi,isIPv4:xI,nonSimpleDomain:AI}=Pu(),{SCHEMES:kI,getSchemeHandler:_f}=Sf();function TI(e,t){return typeof e=="string"?e=At(Zt(e,t),t):typeof e=="object"&&(e=Zt(At(e,t),t)),e}o(TI,"normalize");function EI(e,t,r){let n=r?Object.assign({scheme:"null"},r):{scheme:"null"},a=wf(Zt(e,n),Zt(t,n),n,!0);return n.skipEscape=!0,At(a,n)}o(EI,"resolve");function wf(e,t,r,n){let a={};return n||(e=Zt(At(e,r),r),t=Zt(At(t,r),r)),r=r||{},!r.tolerant&&t.scheme?(a.scheme=t.scheme,a.userinfo=t.userinfo,a.host=t.host,a.port=t.port,a.path=Do(t.path||""),a.query=t.query):(t.userinfo!==void 0||t.host!==void 0||t.port!==void 0?(a.userinfo=t.userinfo,a.host=t.host,a.port=t.port,a.path=Do(t.path||""),a.query=t.query):(t.path?(t.path[0]==="/"?a.path=Do(t.path):((e.userinfo!==void 0||e.host!==void 0||e.port!==void 0)&&!e.path?a.path="/"+t.path:e.path?a.path=e.path.slice(0,e.path.lastIndexOf("/")+1)+t.path:a.path=t.path,a.path=Do(a.path)),a.query=t.query):(a.path=e.path,t.query!==void 0?a.query=t.query:a.query=e.query),a.userinfo=e.userinfo,a.host=e.host,a.port=e.port),a.scheme=e.scheme),a.fragment=t.fragment,a}o(wf,"resolveComponent");function UI(e,t,r){return typeof e=="string"?(e=unescape(e),e=At(gi(Zt(e,r),!0),{...r,skipEscape:!0})):typeof e=="object"&&(e=At(gi(e,!0),{...r,skipEscape:!0})),typeof t=="string"?(t=unescape(t),t=At(gi(Zt(t,r),!0),{...r,skipEscape:!0})):typeof t=="object"&&(t=At(gi(t,!0),{...r,skipEscape:!0})),e.toLowerCase()===t.toLowerCase()}o(UI,"equal");function At(e,t){let r={host:e.host,scheme:e.scheme,userinfo:e.userinfo,port:e.port,path:e.path,query:e.query,nid:e.nid,nss:e.nss,uuid:e.uuid,fragment:e.fragment,reference:e.reference,resourceName:e.resourceName,secure:e.secure,error:""},n=Object.assign({},t),a=[],i=_f(n.scheme||r.scheme);i&&i.serialize&&i.serialize(r,n),r.path!==void 0&&(n.skipEscape?r.path=unescape(r.path):(r.path=escape(r.path),r.scheme!==void 0&&(r.path=r.path.split("%3A").join(":")))),n.reference!=="suffix"&&r.scheme&&a.push(r.scheme,":");let s=PI(r);if(s!==void 0&&(n.reference!=="suffix"&&a.push("//"),a.push(s),r.path&&r.path[0]!=="/"&&a.push("/")),r.path!==void 0){let c=r.path;!n.absolutePath&&(!i||!i.absolutePath)&&(c=Do(c)),s===void 0&&c[0]==="/"&&c[1]==="/"&&(c="/%2F"+c.slice(2)),a.push(c)}return r.query!==void 0&&a.push("?",r.query),r.fragment!==void 0&&a.push("#",r.fragment),a.join("")}o(At,"serialize");var OI=/^(?:([^#/:?]+):)?(?:\/\/((?:([^#/?@]*)@)?(\[[^#/?\]]+\]|[^#/:?]*)(?::(\d*))?))?([^#?]*)(?:\?([^#]*))?(?:#((?:.|[\n\r])*))?/u;function Zt(e,t){let r=Object.assign({},t),n={scheme:void 0,userinfo:void 0,host:"",port:void 0,path:"",query:void 0,fragment:void 0},a=!1;r.reference==="suffix"&&(r.scheme?e=r.scheme+":"+e:e="//"+e);let i=e.match(OI);if(i){if(n.scheme=i[1],n.userinfo=i[3],n.host=i[4],n.port=parseInt(i[5],10),n.path=i[6]||"",n.query=i[7],n.fragment=i[8],isNaN(n.port)&&(n.port=i[5]),n.host)if(xI(n.host)===!1){let d=II(n.host);n.host=d.host.toLowerCase(),a=d.isIPV6}else a=!0;n.scheme===void 0&&n.userinfo===void 0&&n.host===void 0&&n.port===void 0&&n.query===void 0&&!n.path?n.reference="same-document":n.scheme===void 0?n.reference="relative":n.fragment===void 0?n.reference="absolute":n.reference="uri",r.reference&&r.reference!=="suffix"&&r.reference!==n.reference&&(n.error=n.error||"URI is not a "+r.reference+" reference.");let s=_f(r.scheme||n.scheme);if(!r.unicodeSupport&&(!s||!s.unicodeSupport)&&n.host&&(r.domainHost||s&&s.domainHost)&&a===!1&&AI(n.host))try{n.host=URL.domainToASCII(n.host.toLowerCase())}catch(c){n.error=n.error||"Host's domain name can not be converted to ASCII: "+c}(!s||s&&!s.skipNormalize)&&(e.indexOf("%")!==-1&&(n.scheme!==void 0&&(n.scheme=unescape(n.scheme)),n.host!==void 0&&(n.host=unescape(n.host))),n.path&&(n.path=escape(unescape(n.path))),n.fragment&&(n.fragment=encodeURI(decodeURIComponent(n.fragment)))),s&&s.parse&&s.parse(n,r)}else n.error=n.error||"URI can not be parsed.";return n}o(Zt,"parse");var ku={SCHEMES:kI,normalize:TI,resolve:EI,resolveComponent:wf,equal:UI,serialize:At,parse:Zt};yi.exports=ku;yi.exports.default=ku;yi.exports.fastUri=ku});var Rf=x(Tu=>{"use strict";Object.defineProperty(Tu,"__esModule",{value:!0});var bf=vf();bf.code='require("ajv/dist/runtime/uri").default';Tu.default=bf});var Ef=x(Ee=>{"use strict";Object.defineProperty(Ee,"__esModule",{value:!0});Ee.CodeGen=Ee.Name=Ee.nil=Ee.stringify=Ee.str=Ee._=Ee.KeywordCxt=void 0;var $I=qo();Object.defineProperty(Ee,"KeywordCxt",{enumerable:!0,get:o(function(){return $I.KeywordCxt},"get")});var Pn=F();Object.defineProperty(Ee,"_",{enumerable:!0,get:o(function(){return Pn._},"get")});Object.defineProperty(Ee,"str",{enumerable:!0,get:o(function(){return Pn.str},"get")});Object.defineProperty(Ee,"stringify",{enumerable:!0,get:o(function(){return Pn.stringify},"get")});Object.defineProperty(Ee,"nil",{enumerable:!0,get:o(function(){return Pn.nil},"get")});Object.defineProperty(Ee,"Name",{enumerable:!0,get:o(function(){return Pn.Name},"get")});Object.defineProperty(Ee,"CodeGen",{enumerable:!0,get:o(function(){return Pn.CodeGen},"get")});var zI=li(),Af=No(),MI=au(),jo=mi(),qI=F(),Ho=$o(),Si=Oo(),Uu=re(),Cf=uf(),NI=Rf(),kf=o((e,t)=>new RegExp(e,t),"defaultRegExp");kf.code="new RegExp";var DI=["removeAdditional","useDefaults","coerceTypes"],jI=new Set(["validate","serialize","parse","wrapper","root","schema","keyword","pattern","formats","validate$data","func","obj","Error"]),HI={errorDataPath:"",format:"`validateFormats: false` can be used instead.",nullable:'"nullable" keyword is supported by default.',jsonPointers:"Deprecated jsPropertySyntax can be used instead.",extendRefs:"Deprecated ignoreKeywordsWithRef can be used instead.",missingRefs:"Pass empty schema with $id that should be ignored to ajv.addSchema.",processCode:"Use option `code: {process: (code, schemaEnv: object) => string}`",sourceCode:"Use option `code: {source: true}`",strictDefaults:"It is default now, see option `strict`.",strictKeywords:"It is default now, see option `strict`.",uniqueItems:'"uniqueItems" keyword is always validated.',unknownFormats:"Disable strict mode or pass `true` to `ajv.addFormat` (or `formats` option).",cache:"Map is used as cache, schema object as key.",serialize:"Map is used as cache, schema object as key.",ajvErrors:"It is default now."},LI={ignoreKeywordsWithRef:"",jsPropertySyntax:"",unicode:'"minLength"/"maxLength" account for unicode characters by default.'},If=200;function BI(e){var t,r,n,a,i,s,c,d,p,l,m,h,y,_,S,w,v,b,R,q,N,qe,it,dn,ar;let qt=e.strict,Tr=(t=e.code)===null||t===void 0?void 0:t.optimize,oo=Tr===!0||Tr===void 0?1:Tr||0,ao=(n=(r=e.code)===null||r===void 0?void 0:r.regExp)!==null&&n!==void 0?n:kf,io=(a=e.uriResolver)!==null&&a!==void 0?a:NI.default;return{strictSchema:(s=(i=e.strictSchema)!==null&&i!==void 0?i:qt)!==null&&s!==void 0?s:!0,strictNumbers:(d=(c=e.strictNumbers)!==null&&c!==void 0?c:qt)!==null&&d!==void 0?d:!0,strictTypes:(l=(p=e.strictTypes)!==null&&p!==void 0?p:qt)!==null&&l!==void 0?l:"log",strictTuples:(h=(m=e.strictTuples)!==null&&m!==void 0?m:qt)!==null&&h!==void 0?h:"log",strictRequired:(_=(y=e.strictRequired)!==null&&y!==void 0?y:qt)!==null&&_!==void 0?_:!1,code:e.code?{...e.code,optimize:oo,regExp:ao}:{optimize:oo,regExp:ao},loopRequired:(S=e.loopRequired)!==null&&S!==void 0?S:If,loopEnum:(w=e.loopEnum)!==null&&w!==void 0?w:If,meta:(v=e.meta)!==null&&v!==void 0?v:!0,messages:(b=e.messages)!==null&&b!==void 0?b:!0,inlineRefs:(R=e.inlineRefs)!==null&&R!==void 0?R:!0,schemaId:(q=e.schemaId)!==null&&q!==void 0?q:"$id",addUsedSchema:(N=e.addUsedSchema)!==null&&N!==void 0?N:!0,validateSchema:(qe=e.validateSchema)!==null&&qe!==void 0?qe:!0,validateFormats:(it=e.validateFormats)!==null&&it!==void 0?it:!0,unicodeRegExp:(dn=e.unicodeRegExp)!==null&&dn!==void 0?dn:!0,int32range:(ar=e.int32range)!==null&&ar!==void 0?ar:!0,uriResolver:io}}o(BI,"requiredOptions");var Lo=class{static{o(this,"Ajv")}constructor(t={}){this.schemas={},this.refs={},this.formats={},this._compilations=new Set,this._loading={},this._cache=new Map,t=this.opts={...t,...BI(t)};let{es5:r,lines:n}=this.opts.code;this.scope=new qI.ValueScope({scope:{},prefixes:jI,es5:r,lines:n}),this.logger=WI(t.logger);let a=t.validateFormats;t.validateFormats=!1,this.RULES=(0,MI.getRules)(),Pf.call(this,HI,t,"NOT SUPPORTED"),Pf.call(this,LI,t,"DEPRECATED","warn"),this._metaOpts=ZI.call(this),t.formats&&VI.call(this),this._addVocabularies(),this._addDefaultMetaSchema(),t.keywords&&FI.call(this,t.keywords),typeof t.meta=="object"&&this.addMetaSchema(t.meta),GI.call(this),t.validateFormats=a}_addVocabularies(){this.addKeyword("$async")}_addDefaultMetaSchema(){let{$data:t,meta:r,schemaId:n}=this.opts,a=Cf;n==="id"&&(a={...Cf},a.id=a.$id,delete a.$id),r&&t&&this.addMetaSchema(a,a[n],!1)}defaultMeta(){let{meta:t,schemaId:r}=this.opts;return this.opts.defaultMeta=typeof t=="object"?t[r]||t:void 0}validate(t,r){let n;if(typeof t=="string"){if(n=this.getSchema(t),!n)throw new Error(`no schema with key or ref "${t}"`)}else n=this.compile(t);let a=n(r);return"$async"in n||(this.errors=n.errors),a}compile(t,r){let n=this._addSchema(t,r);return n.validate||this._compileSchemaEnv(n)}compileAsync(t,r){if(typeof this.opts.loadSchema!="function")throw new Error("options.loadSchema should be a function");let{loadSchema:n}=this.opts;return a.call(this,t,r);async function a(l,m){await i.call(this,l.$schema);let h=this._addSchema(l,m);return h.validate||s.call(this,h)}async function i(l){l&&!this.getSchema(l)&&await a.call(this,{$ref:l},!0)}async function s(l){try{return this._compileSchemaEnv(l)}catch(m){if(!(m instanceof Af.default))throw m;return c.call(this,m),await d.call(this,m.missingSchema),s.call(this,l)}}function c({missingSchema:l,missingRef:m}){if(this.refs[l])throw new Error(`AnySchema ${l} is loaded but ${m} cannot be resolved`)}async function d(l){let m=await p.call(this,l);this.refs[l]||await i.call(this,m.$schema),this.refs[l]||this.addSchema(m,l,r)}async function p(l){let m=this._loading[l];if(m)return m;try{return await(this._loading[l]=n(l))}finally{delete this._loading[l]}}}addSchema(t,r,n,a=this.opts.validateSchema){if(Array.isArray(t)){for(let s of t)this.addSchema(s,void 0,n,a);return this}let i;if(typeof t=="object"){let{schemaId:s}=this.opts;if(i=t[s],i!==void 0&&typeof i!="string")throw new Error(`schema ${s} must be string`)}return r=(0,Ho.normalizeId)(r||i),this._checkUnique(r),this.schemas[r]=this._addSchema(t,n,r,a,!0),this}addMetaSchema(t,r,n=this.opts.validateSchema){return this.addSchema(t,r,!0,n),this}validateSchema(t,r){if(typeof t=="boolean")return!0;let n;if(n=t.$schema,n!==void 0&&typeof n!="string")throw new Error("$schema must be a string");if(n=n||this.opts.defaultMeta||this.defaultMeta(),!n)return this.logger.warn("meta-schema not available"),this.errors=null,!0;let a=this.validate(n,t);if(!a&&r){let i="schema is invalid: "+this.errorsText();if(this.opts.validateSchema==="log")this.logger.error(i);else throw new Error(i)}return a}getSchema(t){let r;for(;typeof(r=xf.call(this,t))=="string";)t=r;if(r===void 0){let{schemaId:n}=this.opts,a=new jo.SchemaEnv({schema:{},schemaId:n});if(r=jo.resolveSchema.call(this,a,t),!r)return;this.refs[t]=r}return r.validate||this._compileSchemaEnv(r)}removeSchema(t){if(t instanceof RegExp)return this._removeAllSchemas(this.schemas,t),this._removeAllSchemas(this.refs,t),this;switch(typeof t){case"undefined":return this._removeAllSchemas(this.schemas),this._removeAllSchemas(this.refs),this._cache.clear(),this;case"string":{let r=xf.call(this,t);return typeof r=="object"&&this._cache.delete(r.schema),delete this.schemas[t],delete this.refs[t],this}case"object":{let r=t;this._cache.delete(r);let n=t[this.opts.schemaId];return n&&(n=(0,Ho.normalizeId)(n),delete this.schemas[n],delete this.refs[n]),this}default:throw new Error("ajv.removeSchema: invalid parameter")}}addVocabulary(t){for(let r of t)this.addKeyword(r);return this}addKeyword(t,r){let n;if(typeof t=="string")n=t,typeof r=="object"&&(this.logger.warn("these parameters are deprecated, see docs for addKeyword"),r.keyword=n);else if(typeof t=="object"&&r===void 0){if(r=t,n=r.keyword,Array.isArray(n)&&!n.length)throw new Error("addKeywords: keyword must be string or non-empty array")}else throw new Error("invalid addKeywords parameters");if(YI.call(this,n,r),!r)return(0,Uu.eachItem)(n,i=>Eu.call(this,i)),this;XI.call(this,r);let a={...r,type:(0,Si.getJSONTypes)(r.type),schemaType:(0,Si.getJSONTypes)(r.schemaType)};return(0,Uu.eachItem)(n,a.type.length===0?i=>Eu.call(this,i,a):i=>a.type.forEach(s=>Eu.call(this,i,a,s))),this}getKeyword(t){let r=this.RULES.all[t];return typeof r=="object"?r.definition:!!r}removeKeyword(t){let{RULES:r}=this;delete r.keywords[t],delete r.all[t];for(let n of r.rules){let a=n.rules.findIndex(i=>i.keyword===t);a>=0&&n.rules.splice(a,1)}return this}addFormat(t,r){return typeof r=="string"&&(r=new RegExp(r)),this.formats[t]=r,this}errorsText(t=this.errors,{separator:r=", ",dataVar:n="data"}={}){return!t||t.length===0?"No errors":t.map(a=>`${n}${a.instancePath} ${a.message}`).reduce((a,i)=>a+r+i)}$dataMetaSchema(t,r){let n=this.RULES.all;t=JSON.parse(JSON.stringify(t));for(let a of r){let i=a.split("/").slice(1),s=t;for(let c of i)s=s[c];for(let c in n){let d=n[c];if(typeof d!="object")continue;let{$data:p}=d.definition,l=s[c];p&&l&&(s[c]=Tf(l))}}return t}_removeAllSchemas(t,r){for(let n in t){let a=t[n];(!r||r.test(n))&&(typeof a=="string"?delete t[n]:a&&!a.meta&&(this._cache.delete(a.schema),delete t[n]))}}_addSchema(t,r,n,a=this.opts.validateSchema,i=this.opts.addUsedSchema){let s,{schemaId:c}=this.opts;if(typeof t=="object")s=t[c];else{if(this.opts.jtd)throw new Error("schema must be object");if(typeof t!="boolean")throw new Error("schema must be object or boolean")}let d=this._cache.get(t);if(d!==void 0)return d;n=(0,Ho.normalizeId)(s||n);let p=Ho.getSchemaRefs.call(this,t,n);return d=new jo.SchemaEnv({schema:t,schemaId:c,meta:r,baseId:n,localRefs:p}),this._cache.set(d.schema,d),i&&!n.startsWith("#")&&(n&&this._checkUnique(n),this.refs[n]=d),a&&this.validateSchema(t,!0),d}_checkUnique(t){if(this.schemas[t]||this.refs[t])throw new Error(`schema with key or id "${t}" already exists`)}_compileSchemaEnv(t){if(t.meta?this._compileMetaSchema(t):jo.compileSchema.call(this,t),!t.validate)throw new Error("ajv implementation error");return t.validate}_compileMetaSchema(t){let r=this.opts;this.opts=this._metaOpts;try{jo.compileSchema.call(this,t)}finally{this.opts=r}}};Lo.ValidationError=zI.default;Lo.MissingRefError=Af.default;Ee.default=Lo;function Pf(e,t,r,n="error"){for(let a in e){let i=a;i in t&&this.logger[n](`${r}: option ${a}. ${e[i]}`)}}o(Pf,"checkOptions");function xf(e){return e=(0,Ho.normalizeId)(e),this.schemas[e]||this.refs[e]}o(xf,"getSchEnv");function GI(){let e=this.opts.schemas;if(e)if(Array.isArray(e))this.addSchema(e);else for(let t in e)this.addSchema(e[t],t)}o(GI,"addInitialSchemas");function VI(){for(let e in this.opts.formats){let t=this.opts.formats[e];t&&this.addFormat(e,t)}}o(VI,"addInitialFormats");function FI(e){if(Array.isArray(e)){this.addVocabulary(e);return}this.logger.warn("keywords option as map is deprecated, pass array");for(let t in e){let r=e[t];r.keyword||(r.keyword=t),this.addKeyword(r)}}o(FI,"addInitialKeywords");function ZI(){let e={...this.opts};for(let t of DI)delete e[t];return e}o(ZI,"getMetaSchemaOptions");var KI={log(){},warn(){},error(){}};function WI(e){if(e===!1)return KI;if(e===void 0)return console;if(e.log&&e.warn&&e.error)return e;throw new Error("logger must implement log, warn and error methods")}o(WI,"getLogger");var JI=/^[a-z_$][a-z0-9_$:-]*$/i;function YI(e,t){let{RULES:r}=this;if((0,Uu.eachItem)(e,n=>{if(r.keywords[n])throw new Error(`Keyword ${n} is already defined`);if(!JI.test(n))throw new Error(`Keyword ${n} has invalid name`)}),!!t&&t.$data&&!("code"in t||"validate"in t))throw new Error('$data keyword must have "code" or "validate" function')}o(YI,"checkKeyword");function Eu(e,t,r){var n;let a=t?.post;if(r&&a)throw new Error('keyword with "post" flag cannot have "type"');let{RULES:i}=this,s=a?i.post:i.rules.find(({type:d})=>d===r);if(s||(s={type:r,rules:[]},i.rules.push(s)),i.keywords[e]=!0,!t)return;let c={keyword:e,definition:{...t,type:(0,Si.getJSONTypes)(t.type),schemaType:(0,Si.getJSONTypes)(t.schemaType)}};t.before?QI.call(this,s,c,t.before):s.rules.push(c),i.all[e]=c,(n=t.implements)===null||n===void 0||n.forEach(d=>this.addKeyword(d))}o(Eu,"addRule");function QI(e,t,r){let n=e.rules.findIndex(a=>a.keyword===r);n>=0?e.rules.splice(n,0,t):(e.rules.push(t),this.logger.warn(`rule ${r} is not defined`))}o(QI,"addBeforeRule");function XI(e){let{metaSchema:t}=e;t!==void 0&&(e.$data&&this.opts.$data&&(t=Tf(t)),e.validateSchema=this.compile(t,!0))}o(XI,"keywordMetaschema");var eP={$ref:"https://raw.githubusercontent.com/ajv-validator/ajv/master/lib/refs/data.json#"};function Tf(e){return{anyOf:[e,eP]}}o(Tf,"schemaOrData")});var Uf=x(Ou=>{"use strict";Object.defineProperty(Ou,"__esModule",{value:!0});var tP={keyword:"id",code(){throw new Error('NOT SUPPORTED: keyword "id", use "$id" for schema ID')}};Ou.default=tP});var Mf=x(Br=>{"use strict";Object.defineProperty(Br,"__esModule",{value:!0});Br.callRef=Br.getValidate=void 0;var rP=No(),Of=dt(),Ye=F(),xn=Vt(),$f=mi(),_i=re(),nP={keyword:"$ref",schemaType:"string",code(e){let{gen:t,schema:r,it:n}=e,{baseId:a,schemaEnv:i,validateName:s,opts:c,self:d}=n,{root:p}=i;if((r==="#"||r==="#/")&&a===p.baseId)return m();let l=$f.resolveRef.call(d,p,a,r);if(l===void 0)throw new rP.default(n.opts.uriResolver,a,r);if(l instanceof $f.SchemaEnv)return h(l);return y(l);function m(){if(i===p)return wi(e,s,i,i.$async);let _=t.scopeValue("root",{ref:p});return wi(e,(0,Ye._)`${_}.validate`,p,p.$async)}function h(_){let S=zf(e,_);wi(e,S,_,_.$async)}function y(_){let S=t.scopeValue("schema",c.code.source===!0?{ref:_,code:(0,Ye.stringify)(_)}:{ref:_}),w=t.name("valid"),v=e.subschema({schema:_,dataTypes:[],schemaPath:Ye.nil,topSchemaRef:S,errSchemaPath:r},w);e.mergeEvaluated(v),e.ok(w)}}};function zf(e,t){let{gen:r}=e;return t.validate?r.scopeValue("validate",{ref:t.validate}):(0,Ye._)`${r.scopeValue("wrapper",{ref:t})}.validate`}o(zf,"getValidate");Br.getValidate=zf;function wi(e,t,r,n){let{gen:a,it:i}=e,{allErrors:s,schemaEnv:c,opts:d}=i,p=d.passContext?xn.default.this:Ye.nil;n?l():m();function l(){if(!c.$async)throw new Error("async schema referenced by sync schema");let _=a.let("valid");a.try(()=>{a.code((0,Ye._)`await ${(0,Of.callValidateCode)(e,t,p)}`),y(t),s||a.assign(_,!0)},S=>{a.if((0,Ye._)`!(${S} instanceof ${i.ValidationError})`,()=>a.throw(S)),h(S),s||a.assign(_,!1)}),e.ok(_)}o(l,"callAsyncRef");function m(){e.result((0,Of.callValidateCode)(e,t,p),()=>y(t),()=>h(t))}o(m,"callSyncRef");function h(_){let S=(0,Ye._)`${_}.errors`;a.assign(xn.default.vErrors,(0,Ye._)`${xn.default.vErrors} === null ? ${S} : ${xn.default.vErrors}.concat(${S})`),a.assign(xn.default.errors,(0,Ye._)`${xn.default.vErrors}.length`)}o(h,"addErrorsFrom");function y(_){var S;if(!i.opts.unevaluated)return;let w=(S=r?.validate)===null||S===void 0?void 0:S.evaluated;if(i.props!==!0)if(w&&!w.dynamicProps)w.props!==void 0&&(i.props=_i.mergeEvaluated.props(a,w.props,i.props));else{let v=a.var("props",(0,Ye._)`${_}.evaluated.props`);i.props=_i.mergeEvaluated.props(a,v,i.props,Ye.Name)}if(i.items!==!0)if(w&&!w.dynamicItems)w.items!==void 0&&(i.items=_i.mergeEvaluated.items(a,w.items,i.items));else{let v=a.var("items",(0,Ye._)`${_}.evaluated.items`);i.items=_i.mergeEvaluated.items(a,v,i.items,Ye.Name)}}o(y,"addEvaluatedFrom")}o(wi,"callRef");Br.callRef=wi;Br.default=nP});var qf=x($u=>{"use strict";Object.defineProperty($u,"__esModule",{value:!0});var oP=Uf(),aP=Mf(),iP=["$schema","$id","$defs","$vocabulary",{keyword:"$comment"},"definitions",oP.default,aP.default];$u.default=iP});var Nf=x(zu=>{"use strict";Object.defineProperty(zu,"__esModule",{value:!0});var vi=F(),vr=vi.operators,bi={maximum:{okStr:"<=",ok:vr.LTE,fail:vr.GT},minimum:{okStr:">=",ok:vr.GTE,fail:vr.LT},exclusiveMaximum:{okStr:"<",ok:vr.LT,fail:vr.GTE},exclusiveMinimum:{okStr:">",ok:vr.GT,fail:vr.LTE}},sP={message:o(({keyword:e,schemaCode:t})=>(0,vi.str)`must be ${bi[e].okStr} ${t}`,"message"),params:o(({keyword:e,schemaCode:t})=>(0,vi._)`{comparison: ${bi[e].okStr}, limit: ${t}}`,"params")},cP={keyword:Object.keys(bi),type:"number",schemaType:"number",$data:!0,error:sP,code(e){let{keyword:t,data:r,schemaCode:n}=e;e.fail$data((0,vi._)`${r} ${bi[t].fail} ${n} || isNaN(${r})`)}};zu.default=cP});var Df=x(Mu=>{"use strict";Object.defineProperty(Mu,"__esModule",{value:!0});var Bo=F(),uP={message:o(({schemaCode:e})=>(0,Bo.str)`must be multiple of ${e}`,"message"),params:o(({schemaCode:e})=>(0,Bo._)`{multipleOf: ${e}}`,"params")},dP={keyword:"multipleOf",type:"number",schemaType:"number",$data:!0,error:uP,code(e){let{gen:t,data:r,schemaCode:n,it:a}=e,i=a.opts.multipleOfPrecision,s=t.let("res"),c=i?(0,Bo._)`Math.abs(Math.round(${s}) - ${s}) > 1e-${i}`:(0,Bo._)`${s} !== parseInt(${s})`;e.fail$data((0,Bo._)`(${n} === 0 || (${s} = ${r}/${n}, ${c}))`)}};Mu.default=dP});var Hf=x(qu=>{"use strict";Object.defineProperty(qu,"__esModule",{value:!0});function jf(e){let t=e.length,r=0,n=0,a;for(;n<t;)r++,a=e.charCodeAt(n++),a>=55296&&a<=56319&&n<t&&(a=e.charCodeAt(n),(a&64512)===56320&&n++);return r}o(jf,"ucs2length");qu.default=jf;jf.code='require("ajv/dist/runtime/ucs2length").default'});var Lf=x(Nu=>{"use strict";Object.defineProperty(Nu,"__esModule",{value:!0});var Gr=F(),lP=re(),pP=Hf(),mP={message({keyword:e,schemaCode:t}){let r=e==="maxLength"?"more":"fewer";return(0,Gr.str)`must NOT have ${r} than ${t} characters`},params:o(({schemaCode:e})=>(0,Gr._)`{limit: ${e}}`,"params")},fP={keyword:["maxLength","minLength"],type:"string",schemaType:"number",$data:!0,error:mP,code(e){let{keyword:t,data:r,schemaCode:n,it:a}=e,i=t==="maxLength"?Gr.operators.GT:Gr.operators.LT,s=a.opts.unicode===!1?(0,Gr._)`${r}.length`:(0,Gr._)`${(0,lP.useFunc)(e.gen,pP.default)}(${r})`;e.fail$data((0,Gr._)`${s} ${i} ${n}`)}};Nu.default=fP});var Bf=x(Du=>{"use strict";Object.defineProperty(Du,"__esModule",{value:!0});var hP=dt(),Ri=F(),gP={message:o(({schemaCode:e})=>(0,Ri.str)`must match pattern "${e}"`,"message"),params:o(({schemaCode:e})=>(0,Ri._)`{pattern: ${e}}`,"params")},yP={keyword:"pattern",type:"string",schemaType:"string",$data:!0,error:gP,code(e){let{data:t,$data:r,schema:n,schemaCode:a,it:i}=e,s=i.opts.unicodeRegExp?"u":"",c=r?(0,Ri._)`(new RegExp(${a}, ${s}))`:(0,hP.usePattern)(e,n);e.fail$data((0,Ri._)`!${c}.test(${t})`)}};Du.default=yP});var Gf=x(ju=>{"use strict";Object.defineProperty(ju,"__esModule",{value:!0});var Go=F(),SP={message({keyword:e,schemaCode:t}){let r=e==="maxProperties"?"more":"fewer";return(0,Go.str)`must NOT have ${r} than ${t} properties`},params:o(({schemaCode:e})=>(0,Go._)`{limit: ${e}}`,"params")},_P={keyword:["maxProperties","minProperties"],type:"object",schemaType:"number",$data:!0,error:SP,code(e){let{keyword:t,data:r,schemaCode:n}=e,a=t==="maxProperties"?Go.operators.GT:Go.operators.LT;e.fail$data((0,Go._)`Object.keys(${r}).length ${a} ${n}`)}};ju.default=_P});var Vf=x(Hu=>{"use strict";Object.defineProperty(Hu,"__esModule",{value:!0});var Vo=dt(),Fo=F(),wP=re(),vP={message:o(({params:{missingProperty:e}})=>(0,Fo.str)`must have required property '${e}'`,"message"),params:o(({params:{missingProperty:e}})=>(0,Fo._)`{missingProperty: ${e}}`,"params")},bP={keyword:"required",type:"object",schemaType:"array",$data:!0,error:vP,code(e){let{gen:t,schema:r,schemaCode:n,data:a,$data:i,it:s}=e,{opts:c}=s;if(!i&&r.length===0)return;let d=r.length>=c.loopRequired;if(s.allErrors?p():l(),c.strictRequired){let y=e.parentSchema.properties,{definedProperties:_}=e.it;for(let S of r)if(y?.[S]===void 0&&!_.has(S)){let w=s.schemaEnv.baseId+s.errSchemaPath,v=`required property "${S}" is not defined at "${w}" (strictRequired)`;(0,wP.checkStrictMode)(s,v,s.opts.strictRequired)}}function p(){if(d||i)e.block$data(Fo.nil,m);else for(let y of r)(0,Vo.checkReportMissingProp)(e,y)}o(p,"allErrorsMode");function l(){let y=t.let("missing");if(d||i){let _=t.let("valid",!0);e.block$data(_,()=>h(y,_)),e.ok(_)}else t.if((0,Vo.checkMissingProp)(e,r,y)),(0,Vo.reportMissingProp)(e,y),t.else()}o(l,"exitOnErrorMode");function m(){t.forOf("prop",n,y=>{e.setParams({missingProperty:y}),t.if((0,Vo.noPropertyInData)(t,a,y,c.ownProperties),()=>e.error())})}o(m,"loopAllRequired");function h(y,_){e.setParams({missingProperty:y}),t.forOf(y,n,()=>{t.assign(_,(0,Vo.propertyInData)(t,a,y,c.ownProperties)),t.if((0,Fo.not)(_),()=>{e.error(),t.break()})},Fo.nil)}o(h,"loopUntilMissing")}};Hu.default=bP});var Ff=x(Lu=>{"use strict";Object.defineProperty(Lu,"__esModule",{value:!0});var Zo=F(),RP={message({keyword:e,schemaCode:t}){let r=e==="maxItems"?"more":"fewer";return(0,Zo.str)`must NOT have ${r} than ${t} items`},params:o(({schemaCode:e})=>(0,Zo._)`{limit: ${e}}`,"params")},CP={keyword:["maxItems","minItems"],type:"array",schemaType:"number",$data:!0,error:RP,code(e){let{keyword:t,data:r,schemaCode:n}=e,a=t==="maxItems"?Zo.operators.GT:Zo.operators.LT;e.fail$data((0,Zo._)`${r}.length ${a} ${n}`)}};Lu.default=CP});var Ci=x(Bu=>{"use strict";Object.defineProperty(Bu,"__esModule",{value:!0});var Zf=mu();Zf.code='require("ajv/dist/runtime/equal").default';Bu.default=Zf});var Kf=x(Vu=>{"use strict";Object.defineProperty(Vu,"__esModule",{value:!0});var Gu=Oo(),Ue=F(),IP=re(),PP=Ci(),xP={message:o(({params:{i:e,j:t}})=>(0,Ue.str)`must NOT have duplicate items (items ## ${t} and ${e} are identical)`,"message"),params:o(({params:{i:e,j:t}})=>(0,Ue._)`{i: ${e}, j: ${t}}`,"params")},AP={keyword:"uniqueItems",type:"array",schemaType:"boolean",$data:!0,error:xP,code(e){let{gen:t,data:r,$data:n,schema:a,parentSchema:i,schemaCode:s,it:c}=e;if(!n&&!a)return;let d=t.let("valid"),p=i.items?(0,Gu.getSchemaTypes)(i.items):[];e.block$data(d,l,(0,Ue._)`${s} === false`),e.ok(d);function l(){let _=t.let("i",(0,Ue._)`${r}.length`),S=t.let("j");e.setParams({i:_,j:S}),t.assign(d,!0),t.if((0,Ue._)`${_} > 1`,()=>(m()?h:y)(_,S))}o(l,"validateUniqueItems");function m(){return p.length>0&&!p.some(_=>_==="object"||_==="array")}o(m,"canOptimize");function h(_,S){let w=t.name("item"),v=(0,Gu.checkDataTypes)(p,w,c.opts.strictNumbers,Gu.DataType.Wrong),b=t.const("indices",(0,Ue._)`{}`);t.for((0,Ue._)`;${_}--;`,()=>{t.let(w,(0,Ue._)`${r}[${_}]`),t.if(v,(0,Ue._)`continue`),p.length>1&&t.if((0,Ue._)`typeof ${w} == "string"`,(0,Ue._)`${w} += "_"`),t.if((0,Ue._)`typeof ${b}[${w}] == "number"`,()=>{t.assign(S,(0,Ue._)`${b}[${w}]`),e.error(),t.assign(d,!1).break()}).code((0,Ue._)`${b}[${w}] = ${_}`)})}o(h,"loopN");function y(_,S){let w=(0,IP.useFunc)(t,PP.default),v=t.name("outer");t.label(v).for((0,Ue._)`;${_}--;`,()=>t.for((0,Ue._)`${S} = ${_}; ${S}--;`,()=>t.if((0,Ue._)`${w}(${r}[${_}], ${r}[${S}])`,()=>{e.error(),t.assign(d,!1).break(v)})))}o(y,"loopN2")}};Vu.default=AP});var Wf=x(Zu=>{"use strict";Object.defineProperty(Zu,"__esModule",{value:!0});var Fu=F(),kP=re(),TP=Ci(),EP={message:"must be equal to constant",params:o(({schemaCode:e})=>(0,Fu._)`{allowedValue: ${e}}`,"params")},UP={keyword:"const",$data:!0,error:EP,code(e){let{gen:t,data:r,$data:n,schemaCode:a,schema:i}=e;n||i&&typeof i=="object"?e.fail$data((0,Fu._)`!${(0,kP.useFunc)(t,TP.default)}(${r}, ${a})`):e.fail((0,Fu._)`${i} !== ${r}`)}};Zu.default=UP});var Jf=x(Ku=>{"use strict";Object.defineProperty(Ku,"__esModule",{value:!0});var Ko=F(),OP=re(),$P=Ci(),zP={message:"must be equal to one of the allowed values",params:o(({schemaCode:e})=>(0,Ko._)`{allowedValues: ${e}}`,"params")},MP={keyword:"enum",schemaType:"array",$data:!0,error:zP,code(e){let{gen:t,data:r,$data:n,schema:a,schemaCode:i,it:s}=e;if(!n&&a.length===0)throw new Error("enum must have non-empty array");let c=a.length>=s.opts.loopEnum,d,p=o(()=>d??(d=(0,OP.useFunc)(t,$P.default)),"getEql"),l;if(c||n)l=t.let("valid"),e.block$data(l,m);else{if(!Array.isArray(a))throw new Error("ajv implementation error");let y=t.const("vSchema",i);l=(0,Ko.or)(...a.map((_,S)=>h(y,S)))}e.pass(l);function m(){t.assign(l,!1),t.forOf("v",i,y=>t.if((0,Ko._)`${p()}(${r}, ${y})`,()=>t.assign(l,!0).break()))}o(m,"loopEnum");function h(y,_){let S=a[_];return typeof S=="object"&&S!==null?(0,Ko._)`${p()}(${r}, ${y}[${_}])`:(0,Ko._)`${r} === ${S}`}o(h,"equalCode")}};Ku.default=MP});var Yf=x(Wu=>{"use strict";Object.defineProperty(Wu,"__esModule",{value:!0});var qP=Nf(),NP=Df(),DP=Lf(),jP=Bf(),HP=Gf(),LP=Vf(),BP=Ff(),GP=Kf(),VP=Wf(),FP=Jf(),ZP=[qP.default,NP.default,DP.default,jP.default,HP.default,LP.default,BP.default,GP.default,{keyword:"type",schemaType:["string","array"]},{keyword:"nullable",schemaType:"boolean"},VP.default,FP.default];Wu.default=ZP});var Yu=x(Wo=>{"use strict";Object.defineProperty(Wo,"__esModule",{value:!0});Wo.validateAdditionalItems=void 0;var Vr=F(),Ju=re(),KP={message:o(({params:{len:e}})=>(0,Vr.str)`must NOT have more than ${e} items`,"message"),params:o(({params:{len:e}})=>(0,Vr._)`{limit: ${e}}`,"params")},WP={keyword:"additionalItems",type:"array",schemaType:["boolean","object"],before:"uniqueItems",error:KP,code(e){let{parentSchema:t,it:r}=e,{items:n}=t;if(!Array.isArray(n)){(0,Ju.checkStrictMode)(r,'"additionalItems" is ignored when "items" is not an array of schemas');return}Qf(e,n)}};function Qf(e,t){let{gen:r,schema:n,data:a,keyword:i,it:s}=e;s.items=!0;let c=r.const("len",(0,Vr._)`${a}.length`);if(n===!1)e.setParams({len:t.length}),e.pass((0,Vr._)`${c} <= ${t.length}`);else if(typeof n=="object"&&!(0,Ju.alwaysValidSchema)(s,n)){let p=r.var("valid",(0,Vr._)`${c} <= ${t.length}`);r.if((0,Vr.not)(p),()=>d(p)),e.ok(p)}function d(p){r.forRange("i",t.length,c,l=>{e.subschema({keyword:i,dataProp:l,dataPropType:Ju.Type.Num},p),s.allErrors||r.if((0,Vr.not)(p),()=>r.break())})}o(d,"validateItems")}o(Qf,"validateAdditionalItems");Wo.validateAdditionalItems=Qf;Wo.default=WP});var Qu=x(Jo=>{"use strict";Object.defineProperty(Jo,"__esModule",{value:!0});Jo.validateTuple=void 0;var Xf=F(),Ii=re(),JP=dt(),YP={keyword:"items",type:"array",schemaType:["object","array","boolean"],before:"uniqueItems",code(e){let{schema:t,it:r}=e;if(Array.isArray(t))return eh(e,"additionalItems",t);r.items=!0,!(0,Ii.alwaysValidSchema)(r,t)&&e.ok((0,JP.validateArray)(e))}};function eh(e,t,r=e.schema){let{gen:n,parentSchema:a,data:i,keyword:s,it:c}=e;l(a),c.opts.unevaluated&&r.length&&c.items!==!0&&(c.items=Ii.mergeEvaluated.items(n,r.length,c.items));let d=n.name("valid"),p=n.const("len",(0,Xf._)`${i}.length`);r.forEach((m,h)=>{(0,Ii.alwaysValidSchema)(c,m)||(n.if((0,Xf._)`${p} > ${h}`,()=>e.subschema({keyword:s,schemaProp:h,dataProp:h},d)),e.ok(d))});function l(m){let{opts:h,errSchemaPath:y}=c,_=r.length,S=_===m.minItems&&(_===m.maxItems||m[t]===!1);if(h.strictTuples&&!S){let w=`"${s}" is ${_}-tuple, but minItems or maxItems/${t} are not specified or different at path "${y}"`;(0,Ii.checkStrictMode)(c,w,h.strictTuples)}}o(l,"checkStrictTuple")}o(eh,"validateTuple");Jo.validateTuple=eh;Jo.default=YP});var th=x(Xu=>{"use strict";Object.defineProperty(Xu,"__esModule",{value:!0});var QP=Qu(),XP={keyword:"prefixItems",type:"array",schemaType:["array"],before:"uniqueItems",code:o(e=>(0,QP.validateTuple)(e,"items"),"code")};Xu.default=XP});var nh=x(ed=>{"use strict";Object.defineProperty(ed,"__esModule",{value:!0});var rh=F(),ex=re(),tx=dt(),rx=Yu(),nx={message:o(({params:{len:e}})=>(0,rh.str)`must NOT have more than ${e} items`,"message"),params:o(({params:{len:e}})=>(0,rh._)`{limit: ${e}}`,"params")},ox={keyword:"items",type:"array",schemaType:["object","boolean"],before:"uniqueItems",error:nx,code(e){let{schema:t,parentSchema:r,it:n}=e,{prefixItems:a}=r;n.items=!0,!(0,ex.alwaysValidSchema)(n,t)&&(a?(0,rx.validateAdditionalItems)(e,a):e.ok((0,tx.validateArray)(e)))}};ed.default=ox});var oh=x(td=>{"use strict";Object.defineProperty(td,"__esModule",{value:!0});var pt=F(),Pi=re(),ax={message:o(({params:{min:e,max:t}})=>t===void 0?(0,pt.str)`must contain at least ${e} valid item(s)`:(0,pt.str)`must contain at least ${e} and no more than ${t} valid item(s)`,"message"),params:o(({params:{min:e,max:t}})=>t===void 0?(0,pt._)`{minContains: ${e}}`:(0,pt._)`{minContains: ${e}, maxContains: ${t}}`,"params")},ix={keyword:"contains",type:"array",schemaType:["object","boolean"],before:"uniqueItems",trackErrors:!0,error:ax,code(e){let{gen:t,schema:r,parentSchema:n,data:a,it:i}=e,s,c,{minContains:d,maxContains:p}=n;i.opts.next?(s=d===void 0?1:d,c=p):s=1;let l=t.const("len",(0,pt._)`${a}.length`);if(e.setParams({min:s,max:c}),c===void 0&&s===0){(0,Pi.checkStrictMode)(i,'"minContains" == 0 without "maxContains": "contains" keyword ignored');return}if(c!==void 0&&s>c){(0,Pi.checkStrictMode)(i,'"minContains" > "maxContains" is always invalid'),e.fail();return}if((0,Pi.alwaysValidSchema)(i,r)){let S=(0,pt._)`${l} >= ${s}`;c!==void 0&&(S=(0,pt._)`${S} && ${l} <= ${c}`),e.pass(S);return}i.items=!0;let m=t.name("valid");c===void 0&&s===1?y(m,()=>t.if(m,()=>t.break())):s===0?(t.let(m,!0),c!==void 0&&t.if((0,pt._)`${a}.length > 0`,h)):(t.let(m,!1),h()),e.result(m,()=>e.reset());function h(){let S=t.name("_valid"),w=t.let("count",0);y(S,()=>t.if(S,()=>_(w)))}o(h,"validateItemsWithCount");function y(S,w){t.forRange("i",0,l,v=>{e.subschema({keyword:"contains",dataProp:v,dataPropType:Pi.Type.Num,compositeRule:!0},S),w()})}o(y,"validateItems");function _(S){t.code((0,pt._)`${S}++`),c===void 0?t.if((0,pt._)`${S} >= ${s}`,()=>t.assign(m,!0).break()):(t.if((0,pt._)`${S} > ${c}`,()=>t.assign(m,!1).break()),s===1?t.assign(m,!0):t.if((0,pt._)`${S} >= ${s}`,()=>t.assign(m,!0)))}o(_,"checkLimits")}};td.default=ix});var sh=x(kt=>{"use strict";Object.defineProperty(kt,"__esModule",{value:!0});kt.validateSchemaDeps=kt.validatePropertyDeps=kt.error=void 0;var rd=F(),sx=re(),Yo=dt();kt.error={message:o(({params:{property:e,depsCount:t,deps:r}})=>{let n=t===1?"property":"properties";return(0,rd.str)`must have ${n} ${r} when property ${e} is present`},"message"),params:o(({params:{property:e,depsCount:t,deps:r,missingProperty:n}})=>(0,rd._)`{property: ${e},
30
30
  missingProperty: ${n},
31
31
  depsCount: ${t},
32
- deps: ${r}}`,"params")};var lx={keyword:"dependencies",type:"object",schemaType:"object",error:Tt.error,code(e){let[t,r]=px(e);sh(e,t),ch(e,r)}};function px({schema:e}){let t={},r={};for(let n in e){if(n==="__proto__")continue;let a=Array.isArray(e[n])?t:r;a[n]=e[n]}return[t,r]}o(px,"splitDependencies");function sh(e,t=e.schema){let{gen:r,data:n,it:a}=e;if(Object.keys(t).length===0)return;let i=r.let("missing");for(let s in t){let c=t[s];if(c.length===0)continue;let d=(0,Jo.propertyInData)(r,n,s,a.opts.ownProperties);e.setParams({property:s,depsCount:c.length,deps:c.join(", ")}),a.allErrors?r.if(d,()=>{for(let p of c)(0,Jo.checkReportMissingProp)(e,p)}):(r.if((0,td._)`${d} && (${(0,Jo.checkMissingProp)(e,c,i)})`),(0,Jo.reportMissingProp)(e,i),r.else())}}o(sh,"validatePropertyDeps");Tt.validatePropertyDeps=sh;function ch(e,t=e.schema){let{gen:r,data:n,keyword:a,it:i}=e,s=r.name("valid");for(let c in t)(0,dx.alwaysValidSchema)(i,t[c])||(r.if((0,Jo.propertyInData)(r,n,c,i.opts.ownProperties),()=>{let d=e.subschema({keyword:a,schemaProp:c},s);e.mergeValidEvaluated(d,s)},()=>r.var(s,!0)),e.ok(s))}o(ch,"validateSchemaDeps");Tt.validateSchemaDeps=ch;Tt.default=lx});var lh=x(rd=>{"use strict";Object.defineProperty(rd,"__esModule",{value:!0});var dh=F(),mx=re(),fx={message:"property name must be valid",params:o(({params:e})=>(0,dh._)`{propertyName: ${e.propertyName}}`,"params")},hx={keyword:"propertyNames",type:"object",schemaType:["object","boolean"],error:fx,code(e){let{gen:t,schema:r,data:n,it:a}=e;if((0,mx.alwaysValidSchema)(a,r))return;let i=t.name("valid");t.forIn("key",n,s=>{e.setParams({propertyName:s}),e.subschema({keyword:"propertyNames",data:s,dataTypes:["string"],propertyName:s,compositeRule:!0},i),t.if((0,dh.not)(i),()=>{e.error(!0),a.allErrors||t.break()})}),e.ok(i)}};rd.default=hx});var od=x(nd=>{"use strict";Object.defineProperty(nd,"__esModule",{value:!0});var xi=dt(),bt=F(),gx=Ft(),Ai=re(),yx={message:"must NOT have additional properties",params:o(({params:e})=>(0,bt._)`{additionalProperty: ${e.additionalProperty}}`,"params")},Sx={keyword:"additionalProperties",type:["object"],schemaType:["boolean","object"],allowUndefined:!0,trackErrors:!0,error:yx,code(e){let{gen:t,schema:r,parentSchema:n,data:a,errsCount:i,it:s}=e;if(!i)throw new Error("ajv implementation error");let{allErrors:c,opts:d}=s;if(s.props=!0,d.removeAdditional!=="all"&&(0,Ai.alwaysValidSchema)(s,r))return;let p=(0,xi.allSchemaProperties)(n.properties),l=(0,xi.allSchemaProperties)(n.patternProperties);m(),e.ok((0,bt._)`${i} === ${gx.default.errors}`);function m(){t.forIn("key",a,w=>{!p.length&&!l.length?_(w):t.if(h(w),()=>_(w))})}o(m,"checkAdditionalProperties");function h(w){let v;if(p.length>8){let b=(0,Ai.schemaRefOrVal)(s,n.properties,"properties");v=(0,xi.isOwnProperty)(t,b,w)}else p.length?v=(0,bt.or)(...p.map(b=>(0,bt._)`${w} === ${b}`)):v=bt.nil;return l.length&&(v=(0,bt.or)(v,...l.map(b=>(0,bt._)`${(0,xi.usePattern)(e,b)}.test(${w})`))),(0,bt.not)(v)}o(h,"isAdditional");function y(w){t.code((0,bt._)`delete ${a}[${w}]`)}o(y,"deleteAdditional");function _(w){if(d.removeAdditional==="all"||d.removeAdditional&&r===!1){y(w);return}if(r===!1){e.setParams({additionalProperty:w}),e.error(),c||t.break();return}if(typeof r=="object"&&!(0,Ai.alwaysValidSchema)(s,r)){let v=t.name("valid");d.removeAdditional==="failing"?(S(w,v,!1),t.if((0,bt.not)(v),()=>{e.reset(),y(w)})):(S(w,v),c||t.if((0,bt.not)(v),()=>t.break()))}}o(_,"additionalPropertyCode");function S(w,v,b){let R={keyword:"additionalProperties",dataProp:w,dataPropType:Ai.Type.Str};b===!1&&Object.assign(R,{compositeRule:!0,createErrors:!1,allErrors:!1}),e.subschema(R,v)}o(S,"applyAdditionalSchema")}};nd.default=Sx});var fh=x(id=>{"use strict";Object.defineProperty(id,"__esModule",{value:!0});var _x=Mo(),ph=dt(),ad=re(),mh=od(),wx={keyword:"properties",type:"object",schemaType:"object",code(e){let{gen:t,schema:r,parentSchema:n,data:a,it:i}=e;i.opts.removeAdditional==="all"&&n.additionalProperties===void 0&&mh.default.code(new _x.KeywordCxt(i,mh.default,"additionalProperties"));let s=(0,ph.allSchemaProperties)(r);for(let m of s)i.definedProperties.add(m);i.opts.unevaluated&&s.length&&i.props!==!0&&(i.props=ad.mergeEvaluated.props(t,(0,ad.toHash)(s),i.props));let c=s.filter(m=>!(0,ad.alwaysValidSchema)(i,r[m]));if(c.length===0)return;let d=t.name("valid");for(let m of c)p(m)?l(m):(t.if((0,ph.propertyInData)(t,a,m,i.opts.ownProperties)),l(m),i.allErrors||t.else().var(d,!0),t.endIf()),e.it.definedProperties.add(m),e.ok(d);function p(m){return i.opts.useDefaults&&!i.compositeRule&&r[m].default!==void 0}o(p,"hasDefault");function l(m){e.subschema({keyword:"properties",schemaProp:m,dataProp:m},d)}o(l,"applyPropertySchema")}};id.default=wx});var Sh=x(sd=>{"use strict";Object.defineProperty(sd,"__esModule",{value:!0});var hh=dt(),Ti=F(),gh=re(),yh=re(),vx={keyword:"patternProperties",type:"object",schemaType:"object",code(e){let{gen:t,schema:r,data:n,parentSchema:a,it:i}=e,{opts:s}=i,c=(0,hh.allSchemaProperties)(r),d=c.filter(S=>(0,gh.alwaysValidSchema)(i,r[S]));if(c.length===0||d.length===c.length&&(!i.opts.unevaluated||i.props===!0))return;let p=s.strictSchema&&!s.allowMatchingProperties&&a.properties,l=t.name("valid");i.props!==!0&&!(i.props instanceof Ti.Name)&&(i.props=(0,yh.evaluatedPropsToName)(t,i.props));let{props:m}=i;h();function h(){for(let S of c)p&&y(S),i.allErrors?_(S):(t.var(l,!0),_(S),t.if(l))}o(h,"validatePatternProperties");function y(S){for(let w in p)new RegExp(S).test(w)&&(0,gh.checkStrictMode)(i,`property ${w} matches pattern ${S} (use allowMatchingProperties)`)}o(y,"checkMatchingProperties");function _(S){t.forIn("key",n,w=>{t.if((0,Ti._)`${(0,hh.usePattern)(e,S)}.test(${w})`,()=>{let v=d.includes(S);v||e.subschema({keyword:"patternProperties",schemaProp:S,dataProp:w,dataPropType:yh.Type.Str},l),i.opts.unevaluated&&m!==!0?t.assign((0,Ti._)`${m}[${w}]`,!0):!v&&!i.allErrors&&t.if((0,Ti.not)(l),()=>t.break())})})}o(_,"validateProperties")}};sd.default=vx});var _h=x(cd=>{"use strict";Object.defineProperty(cd,"__esModule",{value:!0});var bx=re(),Rx={keyword:"not",schemaType:["object","boolean"],trackErrors:!0,code(e){let{gen:t,schema:r,it:n}=e;if((0,bx.alwaysValidSchema)(n,r)){e.fail();return}let a=t.name("valid");e.subschema({keyword:"not",compositeRule:!0,createErrors:!1,allErrors:!1},a),e.failResult(a,()=>e.reset(),()=>e.error())},error:{message:"must NOT be valid"}};cd.default=Rx});var wh=x(ud=>{"use strict";Object.defineProperty(ud,"__esModule",{value:!0});var Cx=dt(),Ix={keyword:"anyOf",schemaType:"array",trackErrors:!0,code:Cx.validateUnion,error:{message:"must match a schema in anyOf"}};ud.default=Ix});var vh=x(dd=>{"use strict";Object.defineProperty(dd,"__esModule",{value:!0});var ki=F(),Px=re(),xx={message:"must match exactly one schema in oneOf",params:o(({params:e})=>(0,ki._)`{passingSchemas: ${e.passing}}`,"params")},Ax={keyword:"oneOf",schemaType:"array",trackErrors:!0,error:xx,code(e){let{gen:t,schema:r,parentSchema:n,it:a}=e;if(!Array.isArray(r))throw new Error("ajv implementation error");if(a.opts.discriminator&&n.discriminator)return;let i=r,s=t.let("valid",!1),c=t.let("passing",null),d=t.name("_valid");e.setParams({passing:c}),t.block(p),e.result(s,()=>e.reset(),()=>e.error(!0));function p(){i.forEach((l,m)=>{let h;(0,Px.alwaysValidSchema)(a,l)?t.var(d,!0):h=e.subschema({keyword:"oneOf",schemaProp:m,compositeRule:!0},d),m>0&&t.if((0,ki._)`${d} && ${s}`).assign(s,!1).assign(c,(0,ki._)`[${c}, ${m}]`).else(),t.if(d,()=>{t.assign(s,!0),t.assign(c,m),h&&e.mergeEvaluated(h,ki.Name)})})}o(p,"validateOneOf")}};dd.default=Ax});var bh=x(ld=>{"use strict";Object.defineProperty(ld,"__esModule",{value:!0});var Tx=re(),kx={keyword:"allOf",schemaType:"array",code(e){let{gen:t,schema:r,it:n}=e;if(!Array.isArray(r))throw new Error("ajv implementation error");let a=t.name("valid");r.forEach((i,s)=>{if((0,Tx.alwaysValidSchema)(n,i))return;let c=e.subschema({keyword:"allOf",schemaProp:s},a);e.ok(a),e.mergeEvaluated(c)})}};ld.default=kx});var Ih=x(pd=>{"use strict";Object.defineProperty(pd,"__esModule",{value:!0});var Ei=F(),Ch=re(),Ex={message:o(({params:e})=>(0,Ei.str)`must match "${e.ifClause}" schema`,"message"),params:o(({params:e})=>(0,Ei._)`{failingKeyword: ${e.ifClause}}`,"params")},Ux={keyword:"if",schemaType:["object","boolean"],trackErrors:!0,error:Ex,code(e){let{gen:t,parentSchema:r,it:n}=e;r.then===void 0&&r.else===void 0&&(0,Ch.checkStrictMode)(n,'"if" without "then" and "else" is ignored');let a=Rh(n,"then"),i=Rh(n,"else");if(!a&&!i)return;let s=t.let("valid",!0),c=t.name("_valid");if(d(),e.reset(),a&&i){let l=t.let("ifClause");e.setParams({ifClause:l}),t.if(c,p("then",l),p("else",l))}else a?t.if(c,p("then")):t.if((0,Ei.not)(c),p("else"));e.pass(s,()=>e.error(!0));function d(){let l=e.subschema({keyword:"if",compositeRule:!0,createErrors:!1,allErrors:!1},c);e.mergeEvaluated(l)}o(d,"validateIf");function p(l,m){return()=>{let h=e.subschema({keyword:l},c);t.assign(s,c),e.mergeValidEvaluated(h,s),m?t.assign(m,(0,Ei._)`${l}`):e.setParams({ifClause:l})}}o(p,"validateClause")}};function Rh(e,t){let r=e.schema[t];return r!==void 0&&!(0,Ch.alwaysValidSchema)(e,r)}o(Rh,"hasSchema");pd.default=Ux});var Ph=x(md=>{"use strict";Object.defineProperty(md,"__esModule",{value:!0});var Ox=re(),$x={keyword:["then","else"],schemaType:["object","boolean"],code({keyword:e,parentSchema:t,it:r}){t.if===void 0&&(0,Ox.checkStrictMode)(r,`"${e}" without "if" is ignored`)}};md.default=$x});var xh=x(fd=>{"use strict";Object.defineProperty(fd,"__esModule",{value:!0});var zx=Ju(),Mx=nh(),qx=Yu(),Nx=ah(),jx=ih(),Dx=uh(),Hx=lh(),Lx=od(),Bx=fh(),Gx=Sh(),Vx=_h(),Fx=wh(),Zx=vh(),Kx=bh(),Wx=Ih(),Jx=Ph();function Yx(e=!1){let t=[Vx.default,Fx.default,Zx.default,Kx.default,Wx.default,Jx.default,Hx.default,Lx.default,Dx.default,Bx.default,Gx.default];return e?t.push(Mx.default,Nx.default):t.push(zx.default,qx.default),t.push(jx.default),t}o(Yx,"getApplicator");fd.default=Yx});var Ah=x(hd=>{"use strict";Object.defineProperty(hd,"__esModule",{value:!0});var ve=F(),Qx={message:o(({schemaCode:e})=>(0,ve.str)`must match format "${e}"`,"message"),params:o(({schemaCode:e})=>(0,ve._)`{format: ${e}}`,"params")},Xx={keyword:"format",type:["number","string"],schemaType:"string",$data:!0,error:Qx,code(e,t){let{gen:r,data:n,$data:a,schema:i,schemaCode:s,it:c}=e,{opts:d,errSchemaPath:p,schemaEnv:l,self:m}=c;if(!d.validateFormats)return;a?h():y();function h(){let _=r.scopeValue("formats",{ref:m.formats,code:d.code.formats}),S=r.const("fDef",(0,ve._)`${_}[${s}]`),w=r.let("fType"),v=r.let("format");r.if((0,ve._)`typeof ${S} == "object" && !(${S} instanceof RegExp)`,()=>r.assign(w,(0,ve._)`${S}.type || "string"`).assign(v,(0,ve._)`${S}.validate`),()=>r.assign(w,(0,ve._)`"string"`).assign(v,S)),e.fail$data((0,ve.or)(b(),R()));function b(){return d.strictSchema===!1?ve.nil:(0,ve._)`${s} && !${v}`}o(b,"unknownFmt");function R(){let q=l.$async?(0,ve._)`(${S}.async ? await ${v}(${n}) : ${v}(${n}))`:(0,ve._)`${v}(${n})`,N=(0,ve._)`(typeof ${v} == "function" ? ${q} : ${v}.test(${n}))`;return(0,ve._)`${v} && ${v} !== true && ${w} === ${t} && !${N}`}o(R,"invalidFmt")}o(h,"validate$DataFormat");function y(){let _=m.formats[i];if(!_){b();return}if(_===!0)return;let[S,w,v]=R(_);S===t&&e.pass(q());function b(){if(d.strictSchema===!1){m.logger.warn(N());return}throw new Error(N());function N(){return`unknown format "${i}" ignored in schema at path "${p}"`}}o(b,"unknownFormat");function R(N){let qe=N instanceof RegExp?(0,ve.regexpCode)(N):d.code.formats?(0,ve._)`${d.code.formats}${(0,ve.getProperty)(i)}`:void 0,it=r.scopeValue("formats",{key:i,ref:N,code:qe});return typeof N=="object"&&!(N instanceof RegExp)?[N.type||"string",N.validate,(0,ve._)`${it}.validate`]:["string",N,it]}o(R,"getFormat");function q(){if(typeof _=="object"&&!(_ instanceof RegExp)&&_.async){if(!l.$async)throw new Error("async format in sync schema");return(0,ve._)`await ${v}(${n})`}return typeof w=="function"?(0,ve._)`${v}(${n})`:(0,ve._)`${v}.test(${n})`}o(q,"validCondition")}o(y,"validateFormat")}};hd.default=Xx});var Th=x(gd=>{"use strict";Object.defineProperty(gd,"__esModule",{value:!0});var eA=Ah(),tA=[eA.default];gd.default=tA});var kh=x(xn=>{"use strict";Object.defineProperty(xn,"__esModule",{value:!0});xn.contentVocabulary=xn.metadataVocabulary=void 0;xn.metadataVocabulary=["title","description","default","deprecated","readOnly","writeOnly","examples"];xn.contentVocabulary=["contentMediaType","contentEncoding","contentSchema"]});var Uh=x(yd=>{"use strict";Object.defineProperty(yd,"__esModule",{value:!0});var rA=jf(),nA=Xf(),oA=xh(),aA=Th(),Eh=kh(),iA=[rA.default,nA.default,(0,oA.default)(),aA.default,Eh.metadataVocabulary,Eh.contentVocabulary];yd.default=iA});var $h=x(Ui=>{"use strict";Object.defineProperty(Ui,"__esModule",{value:!0});Ui.DiscrError=void 0;var Oh;(function(e){e.Tag="tag",e.Mapping="mapping"})(Oh||(Ui.DiscrError=Oh={}))});var Mh=x(_d=>{"use strict";Object.defineProperty(_d,"__esModule",{value:!0});var An=F(),Sd=$h(),zh=mi(),sA=qo(),cA=re(),uA={message:o(({params:{discrError:e,tagName:t}})=>e===Sd.DiscrError.Tag?`tag "${t}" must be string`:`value of tag "${t}" must be in oneOf`,"message"),params:o(({params:{discrError:e,tag:t,tagName:r}})=>(0,An._)`{error: ${e}, tag: ${r}, tagValue: ${t}}`,"params")},dA={keyword:"discriminator",type:"object",schemaType:"object",error:uA,code(e){let{gen:t,data:r,schema:n,parentSchema:a,it:i}=e,{oneOf:s}=a;if(!i.opts.discriminator)throw new Error("discriminator: requires discriminator option");let c=n.propertyName;if(typeof c!="string")throw new Error("discriminator: requires propertyName");if(n.mapping)throw new Error("discriminator: mapping is not supported");if(!s)throw new Error("discriminator: requires oneOf keyword");let d=t.let("valid",!1),p=t.const("tag",(0,An._)`${r}${(0,An.getProperty)(c)}`);t.if((0,An._)`typeof ${p} == "string"`,()=>l(),()=>e.error(!1,{discrError:Sd.DiscrError.Tag,tag:p,tagName:c})),e.ok(d);function l(){let y=h();t.if(!1);for(let _ in y)t.elseIf((0,An._)`${p} === ${_}`),t.assign(d,m(y[_]));t.else(),e.error(!1,{discrError:Sd.DiscrError.Mapping,tag:p,tagName:c}),t.endIf()}o(l,"validateMapping");function m(y){let _=t.name("valid"),S=e.subschema({keyword:"oneOf",schemaProp:y},_);return e.mergeEvaluated(S,An.Name),_}o(m,"applyTagSchema");function h(){var y;let _={},S=v(a),w=!0;for(let q=0;q<s.length;q++){let N=s[q];if(N?.$ref&&!(0,cA.schemaHasRulesButRef)(N,i.self.RULES)){let it=N.$ref;if(N=zh.resolveRef.call(i.self,i.schemaEnv.root,i.baseId,it),N instanceof zh.SchemaEnv&&(N=N.schema),N===void 0)throw new sA.default(i.opts.uriResolver,i.baseId,it)}let qe=(y=N?.properties)===null||y===void 0?void 0:y[c];if(typeof qe!="object")throw new Error(`discriminator: oneOf subschemas (or referenced schemas) must have "properties/${c}"`);w=w&&(S||v(N)),b(qe,q)}if(!w)throw new Error(`discriminator: "${c}" must be required`);return _;function v({required:q}){return Array.isArray(q)&&q.includes(c)}function b(q,N){if(q.const)R(q.const,N);else if(q.enum)for(let qe of q.enum)R(qe,N);else throw new Error(`discriminator: "properties/${c}" must have "const" or "enum"`)}function R(q,N){if(typeof q!="string"||q in _)throw new Error(`discriminator: "${c}" values must be unique strings`);_[q]=N}}o(h,"getMapping")}};_d.default=dA});var qh=x((gB,lA)=>{lA.exports={$schema:"http://json-schema.org/draft-07/schema#",$id:"http://json-schema.org/draft-07/schema#",title:"Core schema meta-schema",definitions:{schemaArray:{type:"array",minItems:1,items:{$ref:"#"}},nonNegativeInteger:{type:"integer",minimum:0},nonNegativeIntegerDefault0:{allOf:[{$ref:"#/definitions/nonNegativeInteger"},{default:0}]},simpleTypes:{enum:["array","boolean","integer","null","number","object","string"]},stringArray:{type:"array",items:{type:"string"},uniqueItems:!0,default:[]}},type:["object","boolean"],properties:{$id:{type:"string",format:"uri-reference"},$schema:{type:"string",format:"uri"},$ref:{type:"string",format:"uri-reference"},$comment:{type:"string"},title:{type:"string"},description:{type:"string"},default:!0,readOnly:{type:"boolean",default:!1},examples:{type:"array",items:!0},multipleOf:{type:"number",exclusiveMinimum:0},maximum:{type:"number"},exclusiveMaximum:{type:"number"},minimum:{type:"number"},exclusiveMinimum:{type:"number"},maxLength:{$ref:"#/definitions/nonNegativeInteger"},minLength:{$ref:"#/definitions/nonNegativeIntegerDefault0"},pattern:{type:"string",format:"regex"},additionalItems:{$ref:"#"},items:{anyOf:[{$ref:"#"},{$ref:"#/definitions/schemaArray"}],default:!0},maxItems:{$ref:"#/definitions/nonNegativeInteger"},minItems:{$ref:"#/definitions/nonNegativeIntegerDefault0"},uniqueItems:{type:"boolean",default:!1},contains:{$ref:"#"},maxProperties:{$ref:"#/definitions/nonNegativeInteger"},minProperties:{$ref:"#/definitions/nonNegativeIntegerDefault0"},required:{$ref:"#/definitions/stringArray"},additionalProperties:{$ref:"#"},definitions:{type:"object",additionalProperties:{$ref:"#"},default:{}},properties:{type:"object",additionalProperties:{$ref:"#"},default:{}},patternProperties:{type:"object",additionalProperties:{$ref:"#"},propertyNames:{format:"regex"},default:{}},dependencies:{type:"object",additionalProperties:{anyOf:[{$ref:"#"},{$ref:"#/definitions/stringArray"}]}},propertyNames:{$ref:"#"},const:!0,enum:{type:"array",items:!0,minItems:1,uniqueItems:!0},type:{anyOf:[{$ref:"#/definitions/simpleTypes"},{type:"array",items:{$ref:"#/definitions/simpleTypes"},minItems:1,uniqueItems:!0}]},format:{type:"string"},contentMediaType:{type:"string"},contentEncoding:{type:"string"},if:{$ref:"#"},then:{$ref:"#"},else:{$ref:"#"},allOf:{$ref:"#/definitions/schemaArray"},anyOf:{$ref:"#/definitions/schemaArray"},oneOf:{$ref:"#/definitions/schemaArray"},not:{$ref:"#"}},default:!0}});var vd=x((le,wd)=>{"use strict";Object.defineProperty(le,"__esModule",{value:!0});le.MissingRefError=le.ValidationError=le.CodeGen=le.Name=le.nil=le.stringify=le.str=le._=le.KeywordCxt=le.Ajv=void 0;var pA=Of(),mA=Uh(),fA=Mh(),Nh=qh(),hA=["/properties"],Oi="http://json-schema.org/draft-07/schema",Tn=class extends pA.default{static{o(this,"Ajv")}_addVocabularies(){super._addVocabularies(),mA.default.forEach(t=>this.addVocabulary(t)),this.opts.discriminator&&this.addKeyword(fA.default)}_addDefaultMetaSchema(){if(super._addDefaultMetaSchema(),!this.opts.meta)return;let t=this.opts.$data?this.$dataMetaSchema(Nh,hA):Nh;this.addMetaSchema(t,Oi,!1),this.refs["http://json-schema.org/schema"]=Oi}defaultMeta(){return this.opts.defaultMeta=super.defaultMeta()||(this.getSchema(Oi)?Oi:void 0)}};le.Ajv=Tn;wd.exports=le=Tn;wd.exports.Ajv=Tn;Object.defineProperty(le,"__esModule",{value:!0});le.default=Tn;var gA=Mo();Object.defineProperty(le,"KeywordCxt",{enumerable:!0,get:o(function(){return gA.KeywordCxt},"get")});var kn=F();Object.defineProperty(le,"_",{enumerable:!0,get:o(function(){return kn._},"get")});Object.defineProperty(le,"str",{enumerable:!0,get:o(function(){return kn.str},"get")});Object.defineProperty(le,"stringify",{enumerable:!0,get:o(function(){return kn.stringify},"get")});Object.defineProperty(le,"nil",{enumerable:!0,get:o(function(){return kn.nil},"get")});Object.defineProperty(le,"Name",{enumerable:!0,get:o(function(){return kn.Name},"get")});Object.defineProperty(le,"CodeGen",{enumerable:!0,get:o(function(){return kn.CodeGen},"get")});var yA=li();Object.defineProperty(le,"ValidationError",{enumerable:!0,get:o(function(){return yA.default},"get")});var SA=qo();Object.defineProperty(le,"MissingRefError",{enumerable:!0,get:o(function(){return SA.default},"get")})});var Fh=x(Et=>{"use strict";Object.defineProperty(Et,"__esModule",{value:!0});Et.formatNames=Et.fastFormats=Et.fullFormats=void 0;function kt(e,t){return{validate:e,compare:t}}o(kt,"fmtDef");Et.fullFormats={date:kt(Lh,Id),time:kt(Rd(!0),Pd),"date-time":kt(jh(!0),Gh),"iso-time":kt(Rd(),Bh),"iso-date-time":kt(jh(),Vh),duration:/^P(?!$)((\d+Y)?(\d+M)?(\d+D)?(T(?=\d)(\d+H)?(\d+M)?(\d+S)?)?|(\d+W)?)$/,uri:CA,"uri-reference":/^(?:[a-z][a-z0-9+\-.]*:)?(?:\/?\/(?:(?:[a-z0-9\-._~!$&'()*+,;=:]|%[0-9a-f]{2})*@)?(?:\[(?:(?:(?:(?:[0-9a-f]{1,4}:){6}|::(?:[0-9a-f]{1,4}:){5}|(?:[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){4}|(?:(?:[0-9a-f]{1,4}:){0,1}[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){3}|(?:(?:[0-9a-f]{1,4}:){0,2}[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){2}|(?:(?:[0-9a-f]{1,4}:){0,3}[0-9a-f]{1,4})?::[0-9a-f]{1,4}:|(?:(?:[0-9a-f]{1,4}:){0,4}[0-9a-f]{1,4})?::)(?:[0-9a-f]{1,4}:[0-9a-f]{1,4}|(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?))|(?:(?:[0-9a-f]{1,4}:){0,5}[0-9a-f]{1,4})?::[0-9a-f]{1,4}|(?:(?:[0-9a-f]{1,4}:){0,6}[0-9a-f]{1,4})?::)|[Vv][0-9a-f]+\.[a-z0-9\-._~!$&'()*+,;=:]+)\]|(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?)|(?:[a-z0-9\-._~!$&'"()*+,;=]|%[0-9a-f]{2})*)(?::\d*)?(?:\/(?:[a-z0-9\-._~!$&'"()*+,;=:@]|%[0-9a-f]{2})*)*|\/(?:(?:[a-z0-9\-._~!$&'"()*+,;=:@]|%[0-9a-f]{2})+(?:\/(?:[a-z0-9\-._~!$&'"()*+,;=:@]|%[0-9a-f]{2})*)*)?|(?:[a-z0-9\-._~!$&'"()*+,;=:@]|%[0-9a-f]{2})+(?:\/(?:[a-z0-9\-._~!$&'"()*+,;=:@]|%[0-9a-f]{2})*)*)?(?:\?(?:[a-z0-9\-._~!$&'"()*+,;=:@/?]|%[0-9a-f]{2})*)?(?:#(?:[a-z0-9\-._~!$&'"()*+,;=:@/?]|%[0-9a-f]{2})*)?$/i,"uri-template":/^(?:(?:[^\x00-\x20"'<>%\\^`{|}]|%[0-9a-f]{2})|\{[+#./;?&=,!@|]?(?:[a-z0-9_]|%[0-9a-f]{2})+(?::[1-9][0-9]{0,3}|\*)?(?:,(?:[a-z0-9_]|%[0-9a-f]{2})+(?::[1-9][0-9]{0,3}|\*)?)*\})*$/i,url:/^(?:https?|ftp):\/\/(?:\S+(?::\S*)?@)?(?:(?!(?:10|127)(?:\.\d{1,3}){3})(?!(?:169\.254|192\.168)(?:\.\d{1,3}){2})(?!172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})(?:[1-9]\d?|1\d\d|2[01]\d|22[0-3])(?:\.(?:1?\d{1,2}|2[0-4]\d|25[0-5])){2}(?:\.(?:[1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))|(?:(?:[a-z0-9\u{00a1}-\u{ffff}]+-)*[a-z0-9\u{00a1}-\u{ffff}]+)(?:\.(?:[a-z0-9\u{00a1}-\u{ffff}]+-)*[a-z0-9\u{00a1}-\u{ffff}]+)*(?:\.(?:[a-z\u{00a1}-\u{ffff}]{2,})))(?::\d{2,5})?(?:\/[^\s]*)?$/iu,email:/^[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$/i,hostname:/^(?=.{1,253}\.?$)[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?(?:\.[a-z0-9](?:[-0-9a-z]{0,61}[0-9a-z])?)*\.?$/i,ipv4:/^(?:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)\.){3}(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)$/,ipv6:/^((([0-9a-f]{1,4}:){7}([0-9a-f]{1,4}|:))|(([0-9a-f]{1,4}:){6}(:[0-9a-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9a-f]{1,4}:){5}(((:[0-9a-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9a-f]{1,4}:){4}(((:[0-9a-f]{1,4}){1,3})|((:[0-9a-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9a-f]{1,4}:){3}(((:[0-9a-f]{1,4}){1,4})|((:[0-9a-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9a-f]{1,4}:){2}(((:[0-9a-f]{1,4}){1,5})|((:[0-9a-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9a-f]{1,4}:){1}(((:[0-9a-f]{1,4}){1,6})|((:[0-9a-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9a-f]{1,4}){1,7})|((:[0-9a-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))$/i,regex:EA,uuid:/^(?:urn:uuid:)?[0-9a-f]{8}-(?:[0-9a-f]{4}-){3}[0-9a-f]{12}$/i,"json-pointer":/^(?:\/(?:[^~/]|~0|~1)*)*$/,"json-pointer-uri-fragment":/^#(?:\/(?:[a-z0-9_\-.!$&'()*+,;:=@]|%[0-9a-f]{2}|~0|~1)*)*$/i,"relative-json-pointer":/^(?:0|[1-9][0-9]*)(?:#|(?:\/(?:[^~/]|~0|~1)*)*)$/,byte:IA,int32:{type:"number",validate:AA},int64:{type:"number",validate:TA},float:{type:"number",validate:Hh},double:{type:"number",validate:Hh},password:!0,binary:!0};Et.fastFormats={...Et.fullFormats,date:kt(/^\d\d\d\d-[0-1]\d-[0-3]\d$/,Id),time:kt(/^(?:[0-2]\d:[0-5]\d:[0-5]\d|23:59:60)(?:\.\d+)?(?:z|[+-]\d\d(?::?\d\d)?)$/i,Pd),"date-time":kt(/^\d\d\d\d-[0-1]\d-[0-3]\dt(?:[0-2]\d:[0-5]\d:[0-5]\d|23:59:60)(?:\.\d+)?(?:z|[+-]\d\d(?::?\d\d)?)$/i,Gh),"iso-time":kt(/^(?:[0-2]\d:[0-5]\d:[0-5]\d|23:59:60)(?:\.\d+)?(?:z|[+-]\d\d(?::?\d\d)?)?$/i,Bh),"iso-date-time":kt(/^\d\d\d\d-[0-1]\d-[0-3]\d[t\s](?:[0-2]\d:[0-5]\d:[0-5]\d|23:59:60)(?:\.\d+)?(?:z|[+-]\d\d(?::?\d\d)?)?$/i,Vh),uri:/^(?:[a-z][a-z0-9+\-.]*:)(?:\/?\/)?[^\s]*$/i,"uri-reference":/^(?:(?:[a-z][a-z0-9+\-.]*:)?\/?\/)?(?:[^\\\s#][^\s#]*)?(?:#[^\\\s]*)?$/i,email:/^[a-z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?(?:\.[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?)*$/i};Et.formatNames=Object.keys(Et.fullFormats);function _A(e){return e%4===0&&(e%100!==0||e%400===0)}o(_A,"isLeapYear");var wA=/^(\d\d\d\d)-(\d\d)-(\d\d)$/,vA=[0,31,28,31,30,31,30,31,31,30,31,30,31];function Lh(e){let t=wA.exec(e);if(!t)return!1;let r=+t[1],n=+t[2],a=+t[3];return n>=1&&n<=12&&a>=1&&a<=(n===2&&_A(r)?29:vA[n])}o(Lh,"date");function Id(e,t){if(e&&t)return e>t?1:e<t?-1:0}o(Id,"compareDate");var bd=/^(\d\d):(\d\d):(\d\d(?:\.\d+)?)(z|([+-])(\d\d)(?::?(\d\d))?)?$/i;function Rd(e){return o(function(r){let n=bd.exec(r);if(!n)return!1;let a=+n[1],i=+n[2],s=+n[3],c=n[4],d=n[5]==="-"?-1:1,p=+(n[6]||0),l=+(n[7]||0);if(p>23||l>59||e&&!c)return!1;if(a<=23&&i<=59&&s<60)return!0;let m=i-l*d,h=a-p*d-(m<0?1:0);return(h===23||h===-1)&&(m===59||m===-1)&&s<61},"time")}o(Rd,"getTime");function Pd(e,t){if(!(e&&t))return;let r=new Date("2020-01-01T"+e).valueOf(),n=new Date("2020-01-01T"+t).valueOf();if(r&&n)return r-n}o(Pd,"compareTime");function Bh(e,t){if(!(e&&t))return;let r=bd.exec(e),n=bd.exec(t);if(r&&n)return e=r[1]+r[2]+r[3],t=n[1]+n[2]+n[3],e>t?1:e<t?-1:0}o(Bh,"compareIsoTime");var Cd=/t|\s/i;function jh(e){let t=Rd(e);return o(function(n){let a=n.split(Cd);return a.length===2&&Lh(a[0])&&t(a[1])},"date_time")}o(jh,"getDateTime");function Gh(e,t){if(!(e&&t))return;let r=new Date(e).valueOf(),n=new Date(t).valueOf();if(r&&n)return r-n}o(Gh,"compareDateTime");function Vh(e,t){if(!(e&&t))return;let[r,n]=e.split(Cd),[a,i]=t.split(Cd),s=Id(r,a);if(s!==void 0)return s||Pd(n,i)}o(Vh,"compareIsoDateTime");var bA=/\/|:/,RA=/^(?:[a-z][a-z0-9+\-.]*:)(?:\/?\/(?:(?:[a-z0-9\-._~!$&'()*+,;=:]|%[0-9a-f]{2})*@)?(?:\[(?:(?:(?:(?:[0-9a-f]{1,4}:){6}|::(?:[0-9a-f]{1,4}:){5}|(?:[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){4}|(?:(?:[0-9a-f]{1,4}:){0,1}[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){3}|(?:(?:[0-9a-f]{1,4}:){0,2}[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){2}|(?:(?:[0-9a-f]{1,4}:){0,3}[0-9a-f]{1,4})?::[0-9a-f]{1,4}:|(?:(?:[0-9a-f]{1,4}:){0,4}[0-9a-f]{1,4})?::)(?:[0-9a-f]{1,4}:[0-9a-f]{1,4}|(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?))|(?:(?:[0-9a-f]{1,4}:){0,5}[0-9a-f]{1,4})?::[0-9a-f]{1,4}|(?:(?:[0-9a-f]{1,4}:){0,6}[0-9a-f]{1,4})?::)|[Vv][0-9a-f]+\.[a-z0-9\-._~!$&'()*+,;=:]+)\]|(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?)|(?:[a-z0-9\-._~!$&'()*+,;=]|%[0-9a-f]{2})*)(?::\d*)?(?:\/(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})*)*|\/(?:(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})+(?:\/(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})*)*)?|(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})+(?:\/(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})*)*)(?:\?(?:[a-z0-9\-._~!$&'()*+,;=:@/?]|%[0-9a-f]{2})*)?(?:#(?:[a-z0-9\-._~!$&'()*+,;=:@/?]|%[0-9a-f]{2})*)?$/i;function CA(e){return bA.test(e)&&RA.test(e)}o(CA,"uri");var Dh=/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/gm;function IA(e){return Dh.lastIndex=0,Dh.test(e)}o(IA,"byte");var PA=-(2**31),xA=2**31-1;function AA(e){return Number.isInteger(e)&&e<=xA&&e>=PA}o(AA,"validateInt32");function TA(e){return Number.isInteger(e)}o(TA,"validateInt64");function Hh(){return!0}o(Hh,"validateNumber");var kA=/[^\\]\\Z/;function EA(e){if(kA.test(e))return!1;try{return new RegExp(e),!0}catch{return!1}}o(EA,"regex")});var Zh=x(En=>{"use strict";Object.defineProperty(En,"__esModule",{value:!0});En.formatLimitDefinition=void 0;var UA=vd(),Rt=F(),Rr=Rt.operators,$i={formatMaximum:{okStr:"<=",ok:Rr.LTE,fail:Rr.GT},formatMinimum:{okStr:">=",ok:Rr.GTE,fail:Rr.LT},formatExclusiveMaximum:{okStr:"<",ok:Rr.LT,fail:Rr.GTE},formatExclusiveMinimum:{okStr:">",ok:Rr.GT,fail:Rr.LTE}},OA={message:o(({keyword:e,schemaCode:t})=>(0,Rt.str)`should be ${$i[e].okStr} ${t}`,"message"),params:o(({keyword:e,schemaCode:t})=>(0,Rt._)`{comparison: ${$i[e].okStr}, limit: ${t}}`,"params")};En.formatLimitDefinition={keyword:Object.keys($i),type:"string",schemaType:"string",$data:!0,error:OA,code(e){let{gen:t,data:r,schemaCode:n,keyword:a,it:i}=e,{opts:s,self:c}=i;if(!s.validateFormats)return;let d=new UA.KeywordCxt(i,c.RULES.all.format.definition,"format");d.$data?p():l();function p(){let h=t.scopeValue("formats",{ref:c.formats,code:s.code.formats}),y=t.const("fmt",(0,Rt._)`${h}[${d.schemaCode}]`);e.fail$data((0,Rt.or)((0,Rt._)`typeof ${y} != "object"`,(0,Rt._)`${y} instanceof RegExp`,(0,Rt._)`typeof ${y}.compare != "function"`,m(y)))}o(p,"validate$DataFormat");function l(){let h=d.schema,y=c.formats[h];if(!y||y===!0)return;if(typeof y!="object"||y instanceof RegExp||typeof y.compare!="function")throw new Error(`"${a}": format "${h}" does not define "compare" function`);let _=t.scopeValue("formats",{key:h,ref:y,code:s.code.formats?(0,Rt._)`${s.code.formats}${(0,Rt.getProperty)(h)}`:void 0});e.fail$data(m(_))}o(l,"validateFormat");function m(h){return(0,Rt._)`${h}.compare(${r}, ${n}) ${$i[a].fail} 0`}o(m,"compareCode")},dependencies:["format"]};var $A=o(e=>(e.addKeyword(En.formatLimitDefinition),e),"formatLimitPlugin");En.default=$A});var Yh=x((Yo,Jh)=>{"use strict";Object.defineProperty(Yo,"__esModule",{value:!0});var Un=Fh(),zA=Zh(),xd=F(),Kh=new xd.Name("fullFormats"),MA=new xd.Name("fastFormats"),Ad=o((e,t={keywords:!0})=>{if(Array.isArray(t))return Wh(e,t,Un.fullFormats,Kh),e;let[r,n]=t.mode==="fast"?[Un.fastFormats,MA]:[Un.fullFormats,Kh],a=t.formats||Un.formatNames;return Wh(e,a,r,n),t.keywords&&(0,zA.default)(e),e},"formatsPlugin");Ad.get=(e,t="full")=>{let n=(t==="fast"?Un.fastFormats:Un.fullFormats)[e];if(!n)throw new Error(`Unknown format "${e}"`);return n};function Wh(e,t,r,n){var a,i;(a=(i=e.opts.code).formats)!==null&&a!==void 0||(i.formats=(0,xd._)`require("ajv-formats/dist/formats").${n}`);for(let s of t)e.addFormat(s,r[s])}o(Wh,"addFormats");Jh.exports=Yo=Ad;Object.defineProperty(Yo,"__esModule",{value:!0});Yo.default=Ad});Rv();function cr(e){return!!e._zod}o(cr,"isZ4Schema");function Ge(e,t){return cr(e)?tc(e,t):e.safeParse(t)}o(Ge,"safeParse");function ln(e){if(!e)return;let t;if(cr(e)?t=e._zod?.def?.shape:t=e.shape,!!t){if(typeof t=="function")try{return t()}catch{return}return t}}o(ln,"getObjectShape");function Wp(e){if(cr(e)){let i=e._zod?.def;if(i){if(i.value!==void 0)return i.value;if(Array.isArray(i.values)&&i.values.length>0)return i.values[0]}}let r=e._def;if(r){if(r.value!==void 0)return r.value;if(Array.isArray(r.values)&&r.values.length>0)return r.values[0]}let n=e.value;if(n!==void 0)return n}o(Wp,"getLiteralValue");ie();var dr="2025-11-25",Jp="2025-03-26",lr=[dr,"2025-06-18","2025-03-26","2024-11-05","2024-10-07"],pr="io.modelcontextprotocol/related-task",ja="2.0",Ie=Fp(e=>e!==null&&(typeof e=="object"||typeof e=="function")),Yp=me([f(),ee().int()]),Qp=f(),$q=Ce({ttl:ee().optional(),pollInterval:ee().optional()}),Pv=I({ttl:ee().optional()}),xv=I({taskId:f()}),ac=Ce({progressToken:Yp.optional(),[pr]:xv.optional()}),ot=I({_meta:ac.optional()}),po=ot.extend({task:Pv.optional()}),Xp=o(e=>po.safeParse(e).success,"isTaskAugmentedRequestParams"),Ae=I({method:f(),params:ot.loose().optional()}),st=I({_meta:ac.optional()}),ct=I({method:f(),params:st.loose().optional()}),Te=Ce({_meta:ac.optional()}),Da=me([f(),ee().int()]),em=I({jsonrpc:O(ja),id:Da,...Ae.shape}).strict(),It=o(e=>em.safeParse(e).success,"isJSONRPCRequest"),tm=I({jsonrpc:O(ja),...ct.shape}).strict(),rm=o(e=>tm.safeParse(e).success,"isJSONRPCNotification"),ic=I({jsonrpc:O(ja),id:Da,result:Te}).strict(),St=o(e=>ic.safeParse(e).success,"isJSONRPCResultResponse");var U;(function(e){e[e.ConnectionClosed=-32e3]="ConnectionClosed",e[e.RequestTimeout=-32001]="RequestTimeout",e[e.ParseError=-32700]="ParseError",e[e.InvalidRequest=-32600]="InvalidRequest",e[e.MethodNotFound=-32601]="MethodNotFound",e[e.InvalidParams=-32602]="InvalidParams",e[e.InternalError=-32603]="InternalError",e[e.UrlElicitationRequired=-32042]="UrlElicitationRequired"})(U||(U={}));var sc=I({jsonrpc:O(ja),id:Da.optional(),error:I({code:ee().int(),message:f(),data:we().optional()})}).strict();var mn=o(e=>sc.safeParse(e).success,"isJSONRPCErrorResponse");var $r=me([em,tm,ic,sc]),zq=me([ic,sc]),Ht=Te.strict(),Av=st.extend({requestId:Da.optional(),reason:f().optional()}),Ha=ct.extend({method:O("notifications/cancelled"),params:Av}),Tv=I({src:f(),mimeType:f().optional(),sizes:C(f()).optional(),theme:nt(["light","dark"]).optional()}),mo=I({icons:C(Tv).optional()}),pn=I({name:f(),title:f().optional()}),fn=pn.extend({...pn.shape,...mo.shape,version:f(),websiteUrl:f().optional(),description:f().optional()}),kv=nc(I({applyDefaults:ae().optional()}),ue(f(),we())),Ev=oc(e=>e&&typeof e=="object"&&!Array.isArray(e)&&Object.keys(e).length===0?{form:{}}:e,nc(I({form:kv.optional(),url:Ie.optional()}),ue(f(),we()).optional())),Uv=Ce({list:Ie.optional(),cancel:Ie.optional(),requests:Ce({sampling:Ce({createMessage:Ie.optional()}).optional(),elicitation:Ce({create:Ie.optional()}).optional()}).optional()}),Ov=Ce({list:Ie.optional(),cancel:Ie.optional(),requests:Ce({tools:Ce({call:Ie.optional()}).optional()}).optional()}),$v=I({experimental:ue(f(),Ie).optional(),sampling:I({context:Ie.optional(),tools:Ie.optional()}).optional(),elicitation:Ev.optional(),roots:I({listChanged:ae().optional()}).optional(),tasks:Uv.optional(),extensions:ue(f(),Ie).optional()}),zv=ot.extend({protocolVersion:f(),capabilities:$v,clientInfo:fn}),La=Ae.extend({method:O("initialize"),params:zv}),cc=o(e=>La.safeParse(e).success,"isInitializeRequest"),Mv=I({experimental:ue(f(),Ie).optional(),logging:Ie.optional(),completions:Ie.optional(),prompts:I({listChanged:ae().optional()}).optional(),resources:I({subscribe:ae().optional(),listChanged:ae().optional()}).optional(),tools:I({listChanged:ae().optional()}).optional(),tasks:Ov.optional(),extensions:ue(f(),Ie).optional()}),uc=Te.extend({protocolVersion:f(),capabilities:Mv,serverInfo:fn,instructions:f().optional()}),Ba=ct.extend({method:O("notifications/initialized"),params:st.optional()}),nm=o(e=>Ba.safeParse(e).success,"isInitializedNotification"),Ga=Ae.extend({method:O("ping"),params:ot.optional()}),qv=I({progress:ee(),total:ge(ee()),message:ge(f())}),Nv=I({...st.shape,...qv.shape,progressToken:Yp}),Va=ct.extend({method:O("notifications/progress"),params:Nv}),jv=ot.extend({cursor:Qp.optional()}),fo=Ae.extend({params:jv.optional()}),ho=Te.extend({nextCursor:Qp.optional()}),Dv=nt(["working","input_required","completed","failed","cancelled"]),go=I({taskId:f(),status:Dv,ttl:me([ee(),Gp()]),createdAt:f(),lastUpdatedAt:f(),pollInterval:ge(ee()),statusMessage:ge(f())}),Lt=Te.extend({task:go}),Hv=st.merge(go),yo=ct.extend({method:O("notifications/tasks/status"),params:Hv}),Fa=Ae.extend({method:O("tasks/get"),params:ot.extend({taskId:f()})}),Za=Te.merge(go),Ka=Ae.extend({method:O("tasks/result"),params:ot.extend({taskId:f()})}),Mq=Te.loose(),Wa=fo.extend({method:O("tasks/list")}),Ja=ho.extend({tasks:C(go)}),Ya=Ae.extend({method:O("tasks/cancel"),params:ot.extend({taskId:f()})}),om=Te.merge(go),am=I({uri:f(),mimeType:ge(f()),_meta:ue(f(),we()).optional()}),im=am.extend({text:f()}),dc=f().refine(e=>{try{return atob(e),!0}catch{return!1}},{message:"Invalid Base64 string"}),sm=am.extend({blob:dc}),So=nt(["user","assistant"]),hn=I({audience:C(So).optional(),priority:ee().min(0).max(1).optional(),lastModified:Lp.datetime({offset:!0}).optional()}),cm=I({...pn.shape,...mo.shape,uri:f(),description:ge(f()),mimeType:ge(f()),size:ge(ee()),annotations:hn.optional(),_meta:ge(Ce({}))}),Lv=I({...pn.shape,...mo.shape,uriTemplate:f(),description:ge(f()),mimeType:ge(f()),annotations:hn.optional(),_meta:ge(Ce({}))}),lc=fo.extend({method:O("resources/list")}),pc=ho.extend({resources:C(cm)}),Bv=fo.extend({method:O("resources/templates/list")}),mc=ho.extend({resourceTemplates:C(Lv)}),fc=ot.extend({uri:f()}),Gv=fc,hc=Ae.extend({method:O("resources/read"),params:Gv}),gc=Te.extend({contents:C(me([im,sm]))}),yc=ct.extend({method:O("notifications/resources/list_changed"),params:st.optional()}),Vv=fc,Fv=Ae.extend({method:O("resources/subscribe"),params:Vv}),Zv=fc,Kv=Ae.extend({method:O("resources/unsubscribe"),params:Zv}),Wv=st.extend({uri:f()}),Jv=ct.extend({method:O("notifications/resources/updated"),params:Wv}),Yv=I({name:f(),description:ge(f()),required:ge(ae())}),Qv=I({...pn.shape,...mo.shape,description:ge(f()),arguments:ge(C(Yv)),_meta:ge(Ce({}))}),Sc=fo.extend({method:O("prompts/list")}),_c=ho.extend({prompts:C(Qv)}),Xv=ot.extend({name:f(),arguments:ue(f(),f()).optional()}),wc=Ae.extend({method:O("prompts/get"),params:Xv}),vc=I({type:O("text"),text:f(),annotations:hn.optional(),_meta:ue(f(),we()).optional()}),bc=I({type:O("image"),data:dc,mimeType:f(),annotations:hn.optional(),_meta:ue(f(),we()).optional()}),Rc=I({type:O("audio"),data:dc,mimeType:f(),annotations:hn.optional(),_meta:ue(f(),we()).optional()}),eb=I({type:O("tool_use"),name:f(),id:f(),input:ue(f(),we()),_meta:ue(f(),we()).optional()}),tb=I({type:O("resource"),resource:me([im,sm]),annotations:hn.optional(),_meta:ue(f(),we()).optional()}),rb=cm.extend({type:O("resource_link")}),Cc=me([vc,bc,Rc,rb,tb]),nb=I({role:So,content:Cc}),Ic=Te.extend({description:f().optional(),messages:C(nb)}),Pc=ct.extend({method:O("notifications/prompts/list_changed"),params:st.optional()}),ob=I({title:f().optional(),readOnlyHint:ae().optional(),destructiveHint:ae().optional(),idempotentHint:ae().optional(),openWorldHint:ae().optional()}),ab=I({taskSupport:nt(["required","optional","forbidden"]).optional()}),um=I({...pn.shape,...mo.shape,description:f().optional(),inputSchema:I({type:O("object"),properties:ue(f(),Ie).optional(),required:C(f()).optional()}).catchall(we()),outputSchema:I({type:O("object"),properties:ue(f(),Ie).optional(),required:C(f()).optional()}).catchall(we()).optional(),annotations:ob.optional(),execution:ab.optional(),_meta:ue(f(),we()).optional()}),xc=fo.extend({method:O("tools/list")}),Ac=ho.extend({tools:C(um)}),mr=Te.extend({content:C(Cc).default([]),structuredContent:ue(f(),we()).optional(),isError:ae().optional()}),qq=mr.or(Te.extend({toolResult:we()})),ib=po.extend({name:f(),arguments:ue(f(),we()).optional()}),_o=Ae.extend({method:O("tools/call"),params:ib}),Tc=ct.extend({method:O("notifications/tools/list_changed"),params:st.optional()}),dm=I({autoRefresh:ae().default(!0),debounceMs:ee().int().nonnegative().default(300)}),wo=nt(["debug","info","notice","warning","error","critical","alert","emergency"]),sb=ot.extend({level:wo}),kc=Ae.extend({method:O("logging/setLevel"),params:sb}),cb=st.extend({level:wo,logger:f().optional(),data:we()}),ub=ct.extend({method:O("notifications/message"),params:cb}),db=I({name:f().optional()}),lb=I({hints:C(db).optional(),costPriority:ee().min(0).max(1).optional(),speedPriority:ee().min(0).max(1).optional(),intelligencePriority:ee().min(0).max(1).optional()}),pb=I({mode:nt(["auto","required","none"]).optional()}),mb=I({type:O("tool_result"),toolUseId:f().describe("The unique identifier for the corresponding tool call."),content:C(Cc).default([]),structuredContent:I({}).loose().optional(),isError:ae().optional(),_meta:ue(f(),we()).optional()}),fb=rc("type",[vc,bc,Rc]),Na=rc("type",[vc,bc,Rc,eb,mb]),hb=I({role:So,content:me([Na,C(Na)]),_meta:ue(f(),we()).optional()}),gb=po.extend({messages:C(hb),modelPreferences:lb.optional(),systemPrompt:f().optional(),includeContext:nt(["none","thisServer","allServers"]).optional(),temperature:ee().optional(),maxTokens:ee().int(),stopSequences:C(f()).optional(),metadata:Ie.optional(),tools:C(um).optional(),toolChoice:pb.optional()}),Ec=Ae.extend({method:O("sampling/createMessage"),params:gb}),zr=Te.extend({model:f(),stopReason:ge(nt(["endTurn","stopSequence","maxTokens"]).or(f())),role:So,content:fb}),vo=Te.extend({model:f(),stopReason:ge(nt(["endTurn","stopSequence","maxTokens","toolUse"]).or(f())),role:So,content:me([Na,C(Na)])}),yb=I({type:O("boolean"),title:f().optional(),description:f().optional(),default:ae().optional()}),Sb=I({type:O("string"),title:f().optional(),description:f().optional(),minLength:ee().optional(),maxLength:ee().optional(),format:nt(["email","uri","date","date-time"]).optional(),default:f().optional()}),_b=I({type:nt(["number","integer"]),title:f().optional(),description:f().optional(),minimum:ee().optional(),maximum:ee().optional(),default:ee().optional()}),wb=I({type:O("string"),title:f().optional(),description:f().optional(),enum:C(f()),default:f().optional()}),vb=I({type:O("string"),title:f().optional(),description:f().optional(),oneOf:C(I({const:f(),title:f()})),default:f().optional()}),bb=I({type:O("string"),title:f().optional(),description:f().optional(),enum:C(f()),enumNames:C(f()).optional(),default:f().optional()}),Rb=me([wb,vb]),Cb=I({type:O("array"),title:f().optional(),description:f().optional(),minItems:ee().optional(),maxItems:ee().optional(),items:I({type:O("string"),enum:C(f())}),default:C(f()).optional()}),Ib=I({type:O("array"),title:f().optional(),description:f().optional(),minItems:ee().optional(),maxItems:ee().optional(),items:I({anyOf:C(I({const:f(),title:f()}))}),default:C(f()).optional()}),Pb=me([Cb,Ib]),xb=me([bb,Rb,Pb]),Ab=me([xb,yb,Sb,_b]),Tb=po.extend({mode:O("form").optional(),message:f(),requestedSchema:I({type:O("object"),properties:ue(f(),Ab),required:C(f()).optional()})}),kb=po.extend({mode:O("url"),message:f(),elicitationId:f(),url:f().url()}),Eb=me([Tb,kb]),Uc=Ae.extend({method:O("elicitation/create"),params:Eb}),Ub=st.extend({elicitationId:f()}),Ob=ct.extend({method:O("notifications/elicitation/complete"),params:Ub}),fr=Te.extend({action:nt(["accept","decline","cancel"]),content:oc(e=>e===null?void 0:e,ue(f(),me([f(),ee(),ae(),C(f())])).optional())}),$b=I({type:O("ref/resource"),uri:f()});var zb=I({type:O("ref/prompt"),name:f()}),Mb=ot.extend({ref:me([zb,$b]),argument:I({name:f(),value:f()}),context:I({arguments:ue(f(),f()).optional()}).optional()}),qb=Ae.extend({method:O("completion/complete"),params:Mb});var Oc=Te.extend({completion:Ce({values:C(f()).max(100),total:ge(ee().int()),hasMore:ge(ae())})}),Nb=I({uri:f().startsWith("file://"),name:f().optional(),_meta:ue(f(),we()).optional()}),jb=Ae.extend({method:O("roots/list"),params:ot.optional()}),$c=Te.extend({roots:C(Nb)}),Db=ct.extend({method:O("notifications/roots/list_changed"),params:st.optional()}),Nq=me([Ga,La,qb,kc,wc,Sc,lc,Bv,hc,Fv,Kv,_o,xc,Fa,Ka,Wa,Ya]),jq=me([Ha,Va,Ba,Db,yo]),Dq=me([Ht,zr,vo,fr,$c,Za,Ja,Lt]),Hq=me([Ga,Ec,Uc,jb,Fa,Ka,Wa,Ya]),Lq=me([Ha,Va,ub,Jv,yc,Tc,Pc,yo,Ob]),Bq=me([Ht,uc,Oc,Ic,_c,pc,mc,gc,mr,Ac,Za,Ja,Lt]),A=class e extends Error{static{o(this,"McpError")}constructor(t,r,n){super(`MCP error ${t}: ${r}`),this.code=t,this.data=n,this.name="McpError"}static fromError(t,r,n){if(t===U.UrlElicitationRequired&&n){let a=n;if(a.elicitations)return new ur(a.elicitations,r)}return new e(t,r,n)}},ur=class extends A{static{o(this,"UrlElicitationRequiredError")}constructor(t,r=`URL elicitation${t.length>1?"s":""} required`){super(U.UrlElicitationRequired,r,{elicitations:t})}get elicitations(){return this.data?.elicitations??[]}};function hr(e){return e==="completed"||e==="failed"||e==="cancelled"}o(hr,"isTerminal");var Hb=Symbol("Let zodToJsonSchema decide on which parser to use");var DN=new Set("ABCDEFGHIJKLMNOPQRSTUVXYZabcdefghijklmnopqrstuvxyz0123456789");function zc(e){let r=ln(e)?.method;if(!r)throw new Error("Schema is missing a method literal");let n=Wp(r);if(typeof n!="string")throw new Error("Schema method literal must be a string");return n}o(zc,"getMethodLiteral");function Mc(e,t){let r=Ge(e,t);if(!r.success)throw r.error;return r.data}o(Mc,"parseWithCompat");var Zb=6e4,gn=class{static{o(this,"Protocol")}constructor(t){this._options=t,this._requestMessageId=0,this._requestHandlers=new Map,this._requestHandlerAbortControllers=new Map,this._notificationHandlers=new Map,this._responseHandlers=new Map,this._progressHandlers=new Map,this._timeoutInfo=new Map,this._pendingDebouncedNotifications=new Set,this._taskProgressTokens=new Map,this._requestResolvers=new Map,this.setNotificationHandler(Ha,r=>{this._oncancel(r)}),this.setNotificationHandler(Va,r=>{this._onprogress(r)}),this.setRequestHandler(Ga,r=>({})),this._taskStore=t?.taskStore,this._taskMessageQueue=t?.taskMessageQueue,this._taskStore&&(this.setRequestHandler(Fa,async(r,n)=>{let a=await this._taskStore.getTask(r.params.taskId,n.sessionId);if(!a)throw new A(U.InvalidParams,"Failed to retrieve task: Task not found");return{...a}}),this.setRequestHandler(Ka,async(r,n)=>{let a=o(async()=>{let i=r.params.taskId;if(this._taskMessageQueue){let c;for(;c=await this._taskMessageQueue.dequeue(i,n.sessionId);){if(c.type==="response"||c.type==="error"){let d=c.message,p=d.id,l=this._requestResolvers.get(p);if(l)if(this._requestResolvers.delete(p),c.type==="response")l(d);else{let m=d,h=new A(m.error.code,m.error.message,m.error.data);l(h)}else{let m=c.type==="response"?"Response":"Error";this._onerror(new Error(`${m} handler missing for request ${p}`))}continue}await this._transport?.send(c.message,{relatedRequestId:n.requestId})}}let s=await this._taskStore.getTask(i,n.sessionId);if(!s)throw new A(U.InvalidParams,`Task not found: ${i}`);if(!hr(s.status))return await this._waitForTaskUpdate(i,n.signal),await a();if(hr(s.status)){let c=await this._taskStore.getTaskResult(i,n.sessionId);return this._clearTaskQueue(i),{...c,_meta:{...c._meta,[pr]:{taskId:i}}}}return await a()},"handleTaskResult");return await a()}),this.setRequestHandler(Wa,async(r,n)=>{try{let{tasks:a,nextCursor:i}=await this._taskStore.listTasks(r.params?.cursor,n.sessionId);return{tasks:a,nextCursor:i,_meta:{}}}catch(a){throw new A(U.InvalidParams,`Failed to list tasks: ${a instanceof Error?a.message:String(a)}`)}}),this.setRequestHandler(Ya,async(r,n)=>{try{let a=await this._taskStore.getTask(r.params.taskId,n.sessionId);if(!a)throw new A(U.InvalidParams,`Task not found: ${r.params.taskId}`);if(hr(a.status))throw new A(U.InvalidParams,`Cannot cancel task in terminal status: ${a.status}`);await this._taskStore.updateTaskStatus(r.params.taskId,"cancelled","Client cancelled task execution.",n.sessionId),this._clearTaskQueue(r.params.taskId);let i=await this._taskStore.getTask(r.params.taskId,n.sessionId);if(!i)throw new A(U.InvalidParams,`Task not found after cancellation: ${r.params.taskId}`);return{_meta:{},...i}}catch(a){throw a instanceof A?a:new A(U.InvalidRequest,`Failed to cancel task: ${a instanceof Error?a.message:String(a)}`)}}))}async _oncancel(t){if(!t.params.requestId)return;this._requestHandlerAbortControllers.get(t.params.requestId)?.abort(t.params.reason)}_setupTimeout(t,r,n,a,i=!1){this._timeoutInfo.set(t,{timeoutId:setTimeout(a,r),startTime:Date.now(),timeout:r,maxTotalTimeout:n,resetTimeoutOnProgress:i,onTimeout:a})}_resetTimeout(t){let r=this._timeoutInfo.get(t);if(!r)return!1;let n=Date.now()-r.startTime;if(r.maxTotalTimeout&&n>=r.maxTotalTimeout)throw this._timeoutInfo.delete(t),A.fromError(U.RequestTimeout,"Maximum total timeout exceeded",{maxTotalTimeout:r.maxTotalTimeout,totalElapsed:n});return clearTimeout(r.timeoutId),r.timeoutId=setTimeout(r.onTimeout,r.timeout),!0}_cleanupTimeout(t){let r=this._timeoutInfo.get(t);r&&(clearTimeout(r.timeoutId),this._timeoutInfo.delete(t))}async connect(t){if(this._transport)throw new Error("Already connected to a transport. Call close() before connecting to a new transport, or use a separate Protocol instance per connection.");this._transport=t;let r=this.transport?.onclose;this._transport.onclose=()=>{r?.(),this._onclose()};let n=this.transport?.onerror;this._transport.onerror=i=>{n?.(i),this._onerror(i)};let a=this._transport?.onmessage;this._transport.onmessage=(i,s)=>{a?.(i,s),St(i)||mn(i)?this._onresponse(i):It(i)?this._onrequest(i,s):rm(i)?this._onnotification(i):this._onerror(new Error(`Unknown message type: ${JSON.stringify(i)}`))},await this._transport.start()}_onclose(){let t=this._responseHandlers;this._responseHandlers=new Map,this._progressHandlers.clear(),this._taskProgressTokens.clear(),this._pendingDebouncedNotifications.clear();for(let n of this._timeoutInfo.values())clearTimeout(n.timeoutId);this._timeoutInfo.clear();for(let n of this._requestHandlerAbortControllers.values())n.abort();this._requestHandlerAbortControllers.clear();let r=A.fromError(U.ConnectionClosed,"Connection closed");this._transport=void 0,this.onclose?.();for(let n of t.values())n(r)}_onerror(t){this.onerror?.(t)}_onnotification(t){let r=this._notificationHandlers.get(t.method)??this.fallbackNotificationHandler;r!==void 0&&Promise.resolve().then(()=>r(t)).catch(n=>this._onerror(new Error(`Uncaught error in notification handler: ${n}`)))}_onrequest(t,r){let n=this._requestHandlers.get(t.method)??this.fallbackRequestHandler,a=this._transport,i=t.params?._meta?.[pr]?.taskId;if(n===void 0){let l={jsonrpc:"2.0",id:t.id,error:{code:U.MethodNotFound,message:"Method not found"}};i&&this._taskMessageQueue?this._enqueueTaskMessage(i,{type:"error",message:l,timestamp:Date.now()},a?.sessionId).catch(m=>this._onerror(new Error(`Failed to enqueue error response: ${m}`))):a?.send(l).catch(m=>this._onerror(new Error(`Failed to send an error response: ${m}`)));return}let s=new AbortController;this._requestHandlerAbortControllers.set(t.id,s);let c=Xp(t.params)?t.params.task:void 0,d=this._taskStore?this.requestTaskStore(t,a?.sessionId):void 0,p={signal:s.signal,sessionId:a?.sessionId,_meta:t.params?._meta,sendNotification:o(async l=>{if(s.signal.aborted)return;let m={relatedRequestId:t.id};i&&(m.relatedTask={taskId:i}),await this.notification(l,m)},"sendNotification"),sendRequest:o(async(l,m,h)=>{if(s.signal.aborted)throw new A(U.ConnectionClosed,"Request was cancelled");let y={...h,relatedRequestId:t.id};i&&!y.relatedTask&&(y.relatedTask={taskId:i});let _=y.relatedTask?.taskId??i;return _&&d&&await d.updateTaskStatus(_,"input_required"),await this.request(l,m,y)},"sendRequest"),authInfo:r?.authInfo,requestId:t.id,requestInfo:r?.requestInfo,taskId:i,taskStore:d,taskRequestedTtl:c?.ttl,closeSSEStream:r?.closeSSEStream,closeStandaloneSSEStream:r?.closeStandaloneSSEStream};Promise.resolve().then(()=>{c&&this.assertTaskHandlerCapability(t.method)}).then(()=>n(t,p)).then(async l=>{if(s.signal.aborted)return;let m={result:l,jsonrpc:"2.0",id:t.id};i&&this._taskMessageQueue?await this._enqueueTaskMessage(i,{type:"response",message:m,timestamp:Date.now()},a?.sessionId):await a?.send(m)},async l=>{if(s.signal.aborted)return;let m={jsonrpc:"2.0",id:t.id,error:{code:Number.isSafeInteger(l.code)?l.code:U.InternalError,message:l.message??"Internal error",...l.data!==void 0&&{data:l.data}}};i&&this._taskMessageQueue?await this._enqueueTaskMessage(i,{type:"error",message:m,timestamp:Date.now()},a?.sessionId):await a?.send(m)}).catch(l=>this._onerror(new Error(`Failed to send response: ${l}`))).finally(()=>{this._requestHandlerAbortControllers.get(t.id)===s&&this._requestHandlerAbortControllers.delete(t.id)})}_onprogress(t){let{progressToken:r,...n}=t.params,a=Number(r),i=this._progressHandlers.get(a);if(!i){this._onerror(new Error(`Received a progress notification for an unknown token: ${JSON.stringify(t)}`));return}let s=this._responseHandlers.get(a),c=this._timeoutInfo.get(a);if(c&&s&&c.resetTimeoutOnProgress)try{this._resetTimeout(a)}catch(d){this._responseHandlers.delete(a),this._progressHandlers.delete(a),this._cleanupTimeout(a),s(d);return}i(n)}_onresponse(t){let r=Number(t.id),n=this._requestResolvers.get(r);if(n){if(this._requestResolvers.delete(r),St(t))n(t);else{let s=new A(t.error.code,t.error.message,t.error.data);n(s)}return}let a=this._responseHandlers.get(r);if(a===void 0){this._onerror(new Error(`Received a response for an unknown message ID: ${JSON.stringify(t)}`));return}this._responseHandlers.delete(r),this._cleanupTimeout(r);let i=!1;if(St(t)&&t.result&&typeof t.result=="object"){let s=t.result;if(s.task&&typeof s.task=="object"){let c=s.task;typeof c.taskId=="string"&&(i=!0,this._taskProgressTokens.set(c.taskId,r))}}if(i||this._progressHandlers.delete(r),St(t))a(t);else{let s=A.fromError(t.error.code,t.error.message,t.error.data);a(s)}}get transport(){return this._transport}async close(){await this._transport?.close()}async*requestStream(t,r,n){let{task:a}=n??{};if(!a){try{yield{type:"result",result:await this.request(t,r,n)}}catch(s){yield{type:"error",error:s instanceof A?s:new A(U.InternalError,String(s))}}return}let i;try{let s=await this.request(t,Lt,n);if(s.task)i=s.task.taskId,yield{type:"taskCreated",task:s.task};else throw new A(U.InternalError,"Task creation did not return a task");for(;;){let c=await this.getTask({taskId:i},n);if(yield{type:"taskStatus",task:c},hr(c.status)){c.status==="completed"?yield{type:"result",result:await this.getTaskResult({taskId:i},r,n)}:c.status==="failed"?yield{type:"error",error:new A(U.InternalError,`Task ${i} failed`)}:c.status==="cancelled"&&(yield{type:"error",error:new A(U.InternalError,`Task ${i} was cancelled`)});return}if(c.status==="input_required"){yield{type:"result",result:await this.getTaskResult({taskId:i},r,n)};return}let d=c.pollInterval??this._options?.defaultTaskPollInterval??1e3;await new Promise(p=>setTimeout(p,d)),n?.signal?.throwIfAborted()}}catch(s){yield{type:"error",error:s instanceof A?s:new A(U.InternalError,String(s))}}}request(t,r,n){let{relatedRequestId:a,resumptionToken:i,onresumptiontoken:s,task:c,relatedTask:d}=n??{};return new Promise((p,l)=>{let m=o(b=>{l(b)},"earlyReject");if(!this._transport){m(new Error("Not connected"));return}if(this._options?.enforceStrictCapabilities===!0)try{this.assertCapabilityForMethod(t.method),c&&this.assertTaskCapability(t.method)}catch(b){m(b);return}n?.signal?.throwIfAborted();let h=this._requestMessageId++,y={...t,jsonrpc:"2.0",id:h};n?.onprogress&&(this._progressHandlers.set(h,n.onprogress),y.params={...t.params,_meta:{...t.params?._meta||{},progressToken:h}}),c&&(y.params={...y.params,task:c}),d&&(y.params={...y.params,_meta:{...y.params?._meta||{},[pr]:d}});let _=o(b=>{this._responseHandlers.delete(h),this._progressHandlers.delete(h),this._cleanupTimeout(h),this._transport?.send({jsonrpc:"2.0",method:"notifications/cancelled",params:{requestId:h,reason:String(b)}},{relatedRequestId:a,resumptionToken:i,onresumptiontoken:s}).catch(q=>this._onerror(new Error(`Failed to send cancellation: ${q}`)));let R=b instanceof A?b:new A(U.RequestTimeout,String(b));l(R)},"cancel");this._responseHandlers.set(h,b=>{if(!n?.signal?.aborted){if(b instanceof Error)return l(b);try{let R=Ge(r,b.result);R.success?p(R.data):l(R.error)}catch(R){l(R)}}}),n?.signal?.addEventListener("abort",()=>{_(n?.signal?.reason)});let S=n?.timeout??Zb,w=o(()=>_(A.fromError(U.RequestTimeout,"Request timed out",{timeout:S})),"timeoutHandler");this._setupTimeout(h,S,n?.maxTotalTimeout,w,n?.resetTimeoutOnProgress??!1);let v=d?.taskId;if(v){let b=o(R=>{let q=this._responseHandlers.get(h);q?q(R):this._onerror(new Error(`Response handler missing for side-channeled request ${h}`))},"responseResolver");this._requestResolvers.set(h,b),this._enqueueTaskMessage(v,{type:"request",message:y,timestamp:Date.now()}).catch(R=>{this._cleanupTimeout(h),l(R)})}else this._transport.send(y,{relatedRequestId:a,resumptionToken:i,onresumptiontoken:s}).catch(b=>{this._cleanupTimeout(h),l(b)})})}async getTask(t,r){return this.request({method:"tasks/get",params:t},Za,r)}async getTaskResult(t,r,n){return this.request({method:"tasks/result",params:t},r,n)}async listTasks(t,r){return this.request({method:"tasks/list",params:t},Ja,r)}async cancelTask(t,r){return this.request({method:"tasks/cancel",params:t},om,r)}async notification(t,r){if(!this._transport)throw new Error("Not connected");this.assertNotificationCapability(t.method);let n=r?.relatedTask?.taskId;if(n){let c={...t,jsonrpc:"2.0",params:{...t.params,_meta:{...t.params?._meta||{},[pr]:r.relatedTask}}};await this._enqueueTaskMessage(n,{type:"notification",message:c,timestamp:Date.now()});return}if((this._options?.debouncedNotificationMethods??[]).includes(t.method)&&!t.params&&!r?.relatedRequestId&&!r?.relatedTask){if(this._pendingDebouncedNotifications.has(t.method))return;this._pendingDebouncedNotifications.add(t.method),Promise.resolve().then(()=>{if(this._pendingDebouncedNotifications.delete(t.method),!this._transport)return;let c={...t,jsonrpc:"2.0"};r?.relatedTask&&(c={...c,params:{...c.params,_meta:{...c.params?._meta||{},[pr]:r.relatedTask}}}),this._transport?.send(c,r).catch(d=>this._onerror(d))});return}let s={...t,jsonrpc:"2.0"};r?.relatedTask&&(s={...s,params:{...s.params,_meta:{...s.params?._meta||{},[pr]:r.relatedTask}}}),await this._transport.send(s,r)}setRequestHandler(t,r){let n=zc(t);this.assertRequestHandlerCapability(n),this._requestHandlers.set(n,(a,i)=>{let s=Mc(t,a);return Promise.resolve(r(s,i))})}removeRequestHandler(t){this._requestHandlers.delete(t)}assertCanSetRequestHandler(t){if(this._requestHandlers.has(t))throw new Error(`A request handler for ${t} already exists, which would be overridden`)}setNotificationHandler(t,r){let n=zc(t);this._notificationHandlers.set(n,a=>{let i=Mc(t,a);return Promise.resolve(r(i))})}removeNotificationHandler(t){this._notificationHandlers.delete(t)}_cleanupTaskProgressHandler(t){let r=this._taskProgressTokens.get(t);r!==void 0&&(this._progressHandlers.delete(r),this._taskProgressTokens.delete(t))}async _enqueueTaskMessage(t,r,n){if(!this._taskStore||!this._taskMessageQueue)throw new Error("Cannot enqueue task message: taskStore and taskMessageQueue are not configured");let a=this._options?.maxTaskQueueSize;await this._taskMessageQueue.enqueue(t,r,n,a)}async _clearTaskQueue(t,r){if(this._taskMessageQueue){let n=await this._taskMessageQueue.dequeueAll(t,r);for(let a of n)if(a.type==="request"&&It(a.message)){let i=a.message.id,s=this._requestResolvers.get(i);s?(s(new A(U.InternalError,"Task cancelled or completed")),this._requestResolvers.delete(i)):this._onerror(new Error(`Resolver missing for request ${i} during task ${t} cleanup`))}}}async _waitForTaskUpdate(t,r){let n=this._options?.defaultTaskPollInterval??1e3;try{let a=await this._taskStore?.getTask(t);a?.pollInterval&&(n=a.pollInterval)}catch{}return new Promise((a,i)=>{if(r.aborted){i(new A(U.InvalidRequest,"Request cancelled"));return}let s=setTimeout(a,n);r.addEventListener("abort",()=>{clearTimeout(s),i(new A(U.InvalidRequest,"Request cancelled"))},{once:!0})})}requestTaskStore(t,r){let n=this._taskStore;if(!n)throw new Error("No task store configured");return{createTask:o(async a=>{if(!t)throw new Error("No request provided");return await n.createTask(a,t.id,{method:t.method,params:t.params},r)},"createTask"),getTask:o(async a=>{let i=await n.getTask(a,r);if(!i)throw new A(U.InvalidParams,"Failed to retrieve task: Task not found");return i},"getTask"),storeTaskResult:o(async(a,i,s)=>{await n.storeTaskResult(a,i,s,r);let c=await n.getTask(a,r);if(c){let d=yo.parse({method:"notifications/tasks/status",params:c});await this.notification(d),hr(c.status)&&this._cleanupTaskProgressHandler(a)}},"storeTaskResult"),getTaskResult:o(a=>n.getTaskResult(a,r),"getTaskResult"),updateTaskStatus:o(async(a,i,s)=>{let c=await n.getTask(a,r);if(!c)throw new A(U.InvalidParams,`Task "${a}" not found - it may have been cleaned up`);if(hr(c.status))throw new A(U.InvalidParams,`Cannot update task "${a}" from terminal status "${c.status}" to "${i}". Terminal states (completed, failed, cancelled) cannot transition to other states.`);await n.updateTaskStatus(a,i,s,r);let d=await n.getTask(a,r);if(d){let p=yo.parse({method:"notifications/tasks/status",params:d});await this.notification(p),hr(d.status)&&this._cleanupTaskProgressHandler(a)}},"updateTaskStatus"),listTasks:o(a=>n.listTasks(a,r),"listTasks")}}};function lm(e){return e!==null&&typeof e=="object"&&!Array.isArray(e)}o(lm,"isPlainObject");function Qa(e,t){let r={...e};for(let n in t){let a=n,i=t[a];if(i===void 0)continue;let s=r[a];lm(s)&&lm(i)?r[a]={...s,...i}:r[a]=i}return r}o(Qa,"mergeCapabilities");var Qh=qp(vd(),1),Xh=qp(Yh(),1);function qA(){let e=new Qh.default({strict:!1,validateFormats:!0,validateSchema:!1,allErrors:!0});return(0,Xh.default)(e),e}o(qA,"createDefaultAjvInstance");var On=class{static{o(this,"AjvJsonSchemaValidator")}constructor(t){this._ajv=t??qA()}getValidator(t){let r="$id"in t&&typeof t.$id=="string"?this._ajv.getSchema(t.$id)??this._ajv.compile(t):this._ajv.compile(t);return n=>r(n)?{valid:!0,data:n,errorMessage:void 0}:{valid:!1,data:void 0,errorMessage:this._ajv.errorsText(r.errors)}}};var zi=class{static{o(this,"ExperimentalServerTasks")}constructor(t){this._server=t}requestStream(t,r,n){return this._server.requestStream(t,r,n)}createMessageStream(t,r){let n=this._server.getClientCapabilities();if((t.tools||t.toolChoice)&&!n?.sampling?.tools)throw new Error("Client does not support sampling tools capability.");if(t.messages.length>0){let a=t.messages[t.messages.length-1],i=Array.isArray(a.content)?a.content:[a.content],s=i.some(l=>l.type==="tool_result"),c=t.messages.length>1?t.messages[t.messages.length-2]:void 0,d=c?Array.isArray(c.content)?c.content:[c.content]:[],p=d.some(l=>l.type==="tool_use");if(s){if(i.some(l=>l.type!=="tool_result"))throw new Error("The last message must contain only tool_result content if any is present");if(!p)throw new Error("tool_result blocks are not matching any tool_use from the previous message")}if(p){let l=new Set(d.filter(h=>h.type==="tool_use").map(h=>h.id)),m=new Set(i.filter(h=>h.type==="tool_result").map(h=>h.toolUseId));if(l.size!==m.size||![...l].every(h=>m.has(h)))throw new Error("ids of tool_result blocks and tool_use blocks from previous message do not match")}}return this.requestStream({method:"sampling/createMessage",params:t},zr,r)}elicitInputStream(t,r){let n=this._server.getClientCapabilities(),a=t.mode??"form";switch(a){case"url":{if(!n?.elicitation?.url)throw new Error("Client does not support url elicitation.");break}case"form":{if(!n?.elicitation?.form)throw new Error("Client does not support form elicitation.");break}}let i=a==="form"&&t.mode===void 0?{...t,mode:"form"}:t;return this.requestStream({method:"elicitation/create",params:i},fr,r)}async getTask(t,r){return this._server.getTask({taskId:t},r)}async getTaskResult(t,r,n){return this._server.getTaskResult({taskId:t},r,n)}async listTasks(t,r){return this._server.listTasks(t?{cursor:t}:void 0,r)}async cancelTask(t,r){return this._server.cancelTask({taskId:t},r)}};function Mi(e,t,r){if(!e)throw new Error(`${r} does not support task creation (required for ${t})`);switch(t){case"tools/call":if(!e.tools?.call)throw new Error(`${r} does not support task creation for tools/call (required for ${t})`);break;default:break}}o(Mi,"assertToolsCallTaskCapability");function qi(e,t,r){if(!e)throw new Error(`${r} does not support task creation (required for ${t})`);switch(t){case"sampling/createMessage":if(!e.sampling?.createMessage)throw new Error(`${r} does not support task creation for sampling/createMessage (required for ${t})`);break;case"elicitation/create":if(!e.elicitation?.create)throw new Error(`${r} does not support task creation for elicitation/create (required for ${t})`);break;default:break}}o(qi,"assertClientRequestTaskCapability");var Ni=class extends gn{static{o(this,"Server")}constructor(t,r){super(r),this._serverInfo=t,this._loggingLevels=new Map,this.LOG_LEVEL_SEVERITY=new Map(wo.options.map((n,a)=>[n,a])),this.isMessageIgnored=(n,a)=>{let i=this._loggingLevels.get(a);return i?this.LOG_LEVEL_SEVERITY.get(n)<this.LOG_LEVEL_SEVERITY.get(i):!1},this._capabilities=r?.capabilities??{},this._instructions=r?.instructions,this._jsonSchemaValidator=r?.jsonSchemaValidator??new On,this.setRequestHandler(La,n=>this._oninitialize(n)),this.setNotificationHandler(Ba,()=>this.oninitialized?.()),this._capabilities.logging&&this.setRequestHandler(kc,async(n,a)=>{let i=a.sessionId||a.requestInfo?.headers["mcp-session-id"]||void 0,{level:s}=n.params,c=wo.safeParse(s);return c.success&&this._loggingLevels.set(i,c.data),{}})}get experimental(){return this._experimental||(this._experimental={tasks:new zi(this)}),this._experimental}registerCapabilities(t){if(this.transport)throw new Error("Cannot register capabilities after connecting to transport");this._capabilities=Qa(this._capabilities,t)}setRequestHandler(t,r){let a=ln(t)?.method;if(!a)throw new Error("Schema is missing a method literal");let i;if(cr(a)){let c=a;i=c._zod?.def?.value??c.value}else{let c=a;i=c._def?.value??c.value}if(typeof i!="string")throw new Error("Schema method literal must be a string");if(i==="tools/call"){let c=o(async(d,p)=>{let l=Ge(_o,d);if(!l.success){let _=l.error instanceof Error?l.error.message:String(l.error);throw new A(U.InvalidParams,`Invalid tools/call request: ${_}`)}let{params:m}=l.data,h=await Promise.resolve(r(d,p));if(m.task){let _=Ge(Lt,h);if(!_.success){let S=_.error instanceof Error?_.error.message:String(_.error);throw new A(U.InvalidParams,`Invalid task creation result: ${S}`)}return _.data}let y=Ge(mr,h);if(!y.success){let _=y.error instanceof Error?y.error.message:String(y.error);throw new A(U.InvalidParams,`Invalid tools/call result: ${_}`)}return y.data},"wrappedHandler");return super.setRequestHandler(t,c)}return super.setRequestHandler(t,r)}assertCapabilityForMethod(t){switch(t){case"sampling/createMessage":if(!this._clientCapabilities?.sampling)throw new Error(`Client does not support sampling (required for ${t})`);break;case"elicitation/create":if(!this._clientCapabilities?.elicitation)throw new Error(`Client does not support elicitation (required for ${t})`);break;case"roots/list":if(!this._clientCapabilities?.roots)throw new Error(`Client does not support listing roots (required for ${t})`);break;case"ping":break}}assertNotificationCapability(t){switch(t){case"notifications/message":if(!this._capabilities.logging)throw new Error(`Server does not support logging (required for ${t})`);break;case"notifications/resources/updated":case"notifications/resources/list_changed":if(!this._capabilities.resources)throw new Error(`Server does not support notifying about resources (required for ${t})`);break;case"notifications/tools/list_changed":if(!this._capabilities.tools)throw new Error(`Server does not support notifying of tool list changes (required for ${t})`);break;case"notifications/prompts/list_changed":if(!this._capabilities.prompts)throw new Error(`Server does not support notifying of prompt list changes (required for ${t})`);break;case"notifications/elicitation/complete":if(!this._clientCapabilities?.elicitation?.url)throw new Error(`Client does not support URL elicitation (required for ${t})`);break;case"notifications/cancelled":break;case"notifications/progress":break}}assertRequestHandlerCapability(t){if(this._capabilities)switch(t){case"completion/complete":if(!this._capabilities.completions)throw new Error(`Server does not support completions (required for ${t})`);break;case"logging/setLevel":if(!this._capabilities.logging)throw new Error(`Server does not support logging (required for ${t})`);break;case"prompts/get":case"prompts/list":if(!this._capabilities.prompts)throw new Error(`Server does not support prompts (required for ${t})`);break;case"resources/list":case"resources/templates/list":case"resources/read":if(!this._capabilities.resources)throw new Error(`Server does not support resources (required for ${t})`);break;case"tools/call":case"tools/list":if(!this._capabilities.tools)throw new Error(`Server does not support tools (required for ${t})`);break;case"tasks/get":case"tasks/list":case"tasks/result":case"tasks/cancel":if(!this._capabilities.tasks)throw new Error(`Server does not support tasks capability (required for ${t})`);break;case"ping":case"initialize":break}}assertTaskCapability(t){qi(this._clientCapabilities?.tasks?.requests,t,"Client")}assertTaskHandlerCapability(t){this._capabilities&&Mi(this._capabilities.tasks?.requests,t,"Server")}async _oninitialize(t){let r=t.params.protocolVersion;return this._clientCapabilities=t.params.capabilities,this._clientVersion=t.params.clientInfo,{protocolVersion:lr.includes(r)?r:dr,capabilities:this.getCapabilities(),serverInfo:this._serverInfo,...this._instructions&&{instructions:this._instructions}}}getClientCapabilities(){return this._clientCapabilities}getClientVersion(){return this._clientVersion}getCapabilities(){return this._capabilities}async ping(){return this.request({method:"ping"},Ht)}async createMessage(t,r){if((t.tools||t.toolChoice)&&!this._clientCapabilities?.sampling?.tools)throw new Error("Client does not support sampling tools capability.");if(t.messages.length>0){let n=t.messages[t.messages.length-1],a=Array.isArray(n.content)?n.content:[n.content],i=a.some(p=>p.type==="tool_result"),s=t.messages.length>1?t.messages[t.messages.length-2]:void 0,c=s?Array.isArray(s.content)?s.content:[s.content]:[],d=c.some(p=>p.type==="tool_use");if(i){if(a.some(p=>p.type!=="tool_result"))throw new Error("The last message must contain only tool_result content if any is present");if(!d)throw new Error("tool_result blocks are not matching any tool_use from the previous message")}if(d){let p=new Set(c.filter(m=>m.type==="tool_use").map(m=>m.id)),l=new Set(a.filter(m=>m.type==="tool_result").map(m=>m.toolUseId));if(p.size!==l.size||![...p].every(m=>l.has(m)))throw new Error("ids of tool_result blocks and tool_use blocks from previous message do not match")}}return t.tools?this.request({method:"sampling/createMessage",params:t},vo,r):this.request({method:"sampling/createMessage",params:t},zr,r)}async elicitInput(t,r){switch(t.mode??"form"){case"url":{if(!this._clientCapabilities?.elicitation?.url)throw new Error("Client does not support url elicitation.");let a=t;return this.request({method:"elicitation/create",params:a},fr,r)}case"form":{if(!this._clientCapabilities?.elicitation?.form)throw new Error("Client does not support form elicitation.");let a=t.mode==="form"?t:{...t,mode:"form"},i=await this.request({method:"elicitation/create",params:a},fr,r);if(i.action==="accept"&&i.content&&a.requestedSchema)try{let c=this._jsonSchemaValidator.getValidator(a.requestedSchema)(i.content);if(!c.valid)throw new A(U.InvalidParams,`Elicitation response content does not match requested schema: ${c.errorMessage}`)}catch(s){throw s instanceof A?s:new A(U.InternalError,`Error validating elicitation response: ${s instanceof Error?s.message:String(s)}`)}return i}}}createElicitationCompletionNotifier(t,r){if(!this._clientCapabilities?.elicitation?.url)throw new Error("Client does not support URL elicitation (required for notifications/elicitation/complete)");return()=>this.notification({method:"notifications/elicitation/complete",params:{elicitationId:t}},r)}async listRoots(t,r){return this.request({method:"roots/list",params:t},$c,r)}async sendLoggingMessage(t,r){if(this._capabilities.logging&&!this.isMessageIgnored(t.level,r))return this.notification({method:"notifications/message",params:t})}async sendResourceUpdated(t){return this.notification({method:"notifications/resources/updated",params:t})}async sendResourceListChanged(){return this.notification({method:"notifications/resources/list_changed"})}async sendToolListChanged(){return this.notification({method:"notifications/tools/list_changed"})}async sendPromptListChanged(){return this.notification({method:"notifications/prompts/list_changed"})}};var ji=class{static{o(this,"WebStandardStreamableHTTPServerTransport")}constructor(t={}){this._started=!1,this._hasHandledRequest=!1,this._streamMapping=new Map,this._requestToStreamMapping=new Map,this._requestResponseMap=new Map,this._initialized=!1,this._enableJsonResponse=!1,this._standaloneSseStreamId="_GET_stream",this.sessionIdGenerator=t.sessionIdGenerator,this._enableJsonResponse=t.enableJsonResponse??!1,this._eventStore=t.eventStore,this._onsessioninitialized=t.onsessioninitialized,this._onsessionclosed=t.onsessionclosed,this._allowedHosts=t.allowedHosts,this._allowedOrigins=t.allowedOrigins,this._enableDnsRebindingProtection=t.enableDnsRebindingProtection??!1,this._retryInterval=t.retryInterval}async start(){if(this._started)throw new Error("Transport already started");this._started=!0}createJsonErrorResponse(t,r,n,a){let i={code:r,message:n};return a?.data!==void 0&&(i.data=a.data),new Response(JSON.stringify({jsonrpc:"2.0",error:i,id:null}),{status:t,headers:{"Content-Type":"application/json",...a?.headers}})}validateRequestHeaders(t){if(this._enableDnsRebindingProtection){if(this._allowedHosts&&this._allowedHosts.length>0){let r=t.headers.get("host");if(!r||!this._allowedHosts.includes(r)){let n=`Invalid Host header: ${r}`;return this.onerror?.(new Error(n)),this.createJsonErrorResponse(403,-32e3,n)}}if(this._allowedOrigins&&this._allowedOrigins.length>0){let r=t.headers.get("origin");if(r&&!this._allowedOrigins.includes(r)){let n=`Invalid Origin header: ${r}`;return this.onerror?.(new Error(n)),this.createJsonErrorResponse(403,-32e3,n)}}}}async handleRequest(t,r){if(!this.sessionIdGenerator&&this._hasHandledRequest)throw new Error("Stateless transport cannot be reused across requests. Create a new transport per request.");this._hasHandledRequest=!0;let n=this.validateRequestHeaders(t);if(n)return n;switch(t.method){case"POST":return this.handlePostRequest(t,r);case"GET":return this.handleGetRequest(t);case"DELETE":return this.handleDeleteRequest(t);default:return this.handleUnsupportedRequest()}}async writePrimingEvent(t,r,n,a){if(!this._eventStore||a<"2025-11-25")return;let i=await this._eventStore.storeEvent(n,{}),s=`id: ${i}
32
+ deps: ${r}}`,"params")};var cx={keyword:"dependencies",type:"object",schemaType:"object",error:kt.error,code(e){let[t,r]=ux(e);ah(e,t),ih(e,r)}};function ux({schema:e}){let t={},r={};for(let n in e){if(n==="__proto__")continue;let a=Array.isArray(e[n])?t:r;a[n]=e[n]}return[t,r]}o(ux,"splitDependencies");function ah(e,t=e.schema){let{gen:r,data:n,it:a}=e;if(Object.keys(t).length===0)return;let i=r.let("missing");for(let s in t){let c=t[s];if(c.length===0)continue;let d=(0,Yo.propertyInData)(r,n,s,a.opts.ownProperties);e.setParams({property:s,depsCount:c.length,deps:c.join(", ")}),a.allErrors?r.if(d,()=>{for(let p of c)(0,Yo.checkReportMissingProp)(e,p)}):(r.if((0,rd._)`${d} && (${(0,Yo.checkMissingProp)(e,c,i)})`),(0,Yo.reportMissingProp)(e,i),r.else())}}o(ah,"validatePropertyDeps");kt.validatePropertyDeps=ah;function ih(e,t=e.schema){let{gen:r,data:n,keyword:a,it:i}=e,s=r.name("valid");for(let c in t)(0,sx.alwaysValidSchema)(i,t[c])||(r.if((0,Yo.propertyInData)(r,n,c,i.opts.ownProperties),()=>{let d=e.subschema({keyword:a,schemaProp:c},s);e.mergeValidEvaluated(d,s)},()=>r.var(s,!0)),e.ok(s))}o(ih,"validateSchemaDeps");kt.validateSchemaDeps=ih;kt.default=cx});var uh=x(nd=>{"use strict";Object.defineProperty(nd,"__esModule",{value:!0});var ch=F(),dx=re(),lx={message:"property name must be valid",params:o(({params:e})=>(0,ch._)`{propertyName: ${e.propertyName}}`,"params")},px={keyword:"propertyNames",type:"object",schemaType:["object","boolean"],error:lx,code(e){let{gen:t,schema:r,data:n,it:a}=e;if((0,dx.alwaysValidSchema)(a,r))return;let i=t.name("valid");t.forIn("key",n,s=>{e.setParams({propertyName:s}),e.subschema({keyword:"propertyNames",data:s,dataTypes:["string"],propertyName:s,compositeRule:!0},i),t.if((0,ch.not)(i),()=>{e.error(!0),a.allErrors||t.break()})}),e.ok(i)}};nd.default=px});var ad=x(od=>{"use strict";Object.defineProperty(od,"__esModule",{value:!0});var xi=dt(),bt=F(),mx=Vt(),Ai=re(),fx={message:"must NOT have additional properties",params:o(({params:e})=>(0,bt._)`{additionalProperty: ${e.additionalProperty}}`,"params")},hx={keyword:"additionalProperties",type:["object"],schemaType:["boolean","object"],allowUndefined:!0,trackErrors:!0,error:fx,code(e){let{gen:t,schema:r,parentSchema:n,data:a,errsCount:i,it:s}=e;if(!i)throw new Error("ajv implementation error");let{allErrors:c,opts:d}=s;if(s.props=!0,d.removeAdditional!=="all"&&(0,Ai.alwaysValidSchema)(s,r))return;let p=(0,xi.allSchemaProperties)(n.properties),l=(0,xi.allSchemaProperties)(n.patternProperties);m(),e.ok((0,bt._)`${i} === ${mx.default.errors}`);function m(){t.forIn("key",a,w=>{!p.length&&!l.length?_(w):t.if(h(w),()=>_(w))})}o(m,"checkAdditionalProperties");function h(w){let v;if(p.length>8){let b=(0,Ai.schemaRefOrVal)(s,n.properties,"properties");v=(0,xi.isOwnProperty)(t,b,w)}else p.length?v=(0,bt.or)(...p.map(b=>(0,bt._)`${w} === ${b}`)):v=bt.nil;return l.length&&(v=(0,bt.or)(v,...l.map(b=>(0,bt._)`${(0,xi.usePattern)(e,b)}.test(${w})`))),(0,bt.not)(v)}o(h,"isAdditional");function y(w){t.code((0,bt._)`delete ${a}[${w}]`)}o(y,"deleteAdditional");function _(w){if(d.removeAdditional==="all"||d.removeAdditional&&r===!1){y(w);return}if(r===!1){e.setParams({additionalProperty:w}),e.error(),c||t.break();return}if(typeof r=="object"&&!(0,Ai.alwaysValidSchema)(s,r)){let v=t.name("valid");d.removeAdditional==="failing"?(S(w,v,!1),t.if((0,bt.not)(v),()=>{e.reset(),y(w)})):(S(w,v),c||t.if((0,bt.not)(v),()=>t.break()))}}o(_,"additionalPropertyCode");function S(w,v,b){let R={keyword:"additionalProperties",dataProp:w,dataPropType:Ai.Type.Str};b===!1&&Object.assign(R,{compositeRule:!0,createErrors:!1,allErrors:!1}),e.subschema(R,v)}o(S,"applyAdditionalSchema")}};od.default=hx});var ph=x(sd=>{"use strict";Object.defineProperty(sd,"__esModule",{value:!0});var gx=qo(),dh=dt(),id=re(),lh=ad(),yx={keyword:"properties",type:"object",schemaType:"object",code(e){let{gen:t,schema:r,parentSchema:n,data:a,it:i}=e;i.opts.removeAdditional==="all"&&n.additionalProperties===void 0&&lh.default.code(new gx.KeywordCxt(i,lh.default,"additionalProperties"));let s=(0,dh.allSchemaProperties)(r);for(let m of s)i.definedProperties.add(m);i.opts.unevaluated&&s.length&&i.props!==!0&&(i.props=id.mergeEvaluated.props(t,(0,id.toHash)(s),i.props));let c=s.filter(m=>!(0,id.alwaysValidSchema)(i,r[m]));if(c.length===0)return;let d=t.name("valid");for(let m of c)p(m)?l(m):(t.if((0,dh.propertyInData)(t,a,m,i.opts.ownProperties)),l(m),i.allErrors||t.else().var(d,!0),t.endIf()),e.it.definedProperties.add(m),e.ok(d);function p(m){return i.opts.useDefaults&&!i.compositeRule&&r[m].default!==void 0}o(p,"hasDefault");function l(m){e.subschema({keyword:"properties",schemaProp:m,dataProp:m},d)}o(l,"applyPropertySchema")}};sd.default=yx});var gh=x(cd=>{"use strict";Object.defineProperty(cd,"__esModule",{value:!0});var mh=dt(),ki=F(),fh=re(),hh=re(),Sx={keyword:"patternProperties",type:"object",schemaType:"object",code(e){let{gen:t,schema:r,data:n,parentSchema:a,it:i}=e,{opts:s}=i,c=(0,mh.allSchemaProperties)(r),d=c.filter(S=>(0,fh.alwaysValidSchema)(i,r[S]));if(c.length===0||d.length===c.length&&(!i.opts.unevaluated||i.props===!0))return;let p=s.strictSchema&&!s.allowMatchingProperties&&a.properties,l=t.name("valid");i.props!==!0&&!(i.props instanceof ki.Name)&&(i.props=(0,hh.evaluatedPropsToName)(t,i.props));let{props:m}=i;h();function h(){for(let S of c)p&&y(S),i.allErrors?_(S):(t.var(l,!0),_(S),t.if(l))}o(h,"validatePatternProperties");function y(S){for(let w in p)new RegExp(S).test(w)&&(0,fh.checkStrictMode)(i,`property ${w} matches pattern ${S} (use allowMatchingProperties)`)}o(y,"checkMatchingProperties");function _(S){t.forIn("key",n,w=>{t.if((0,ki._)`${(0,mh.usePattern)(e,S)}.test(${w})`,()=>{let v=d.includes(S);v||e.subschema({keyword:"patternProperties",schemaProp:S,dataProp:w,dataPropType:hh.Type.Str},l),i.opts.unevaluated&&m!==!0?t.assign((0,ki._)`${m}[${w}]`,!0):!v&&!i.allErrors&&t.if((0,ki.not)(l),()=>t.break())})})}o(_,"validateProperties")}};cd.default=Sx});var yh=x(ud=>{"use strict";Object.defineProperty(ud,"__esModule",{value:!0});var _x=re(),wx={keyword:"not",schemaType:["object","boolean"],trackErrors:!0,code(e){let{gen:t,schema:r,it:n}=e;if((0,_x.alwaysValidSchema)(n,r)){e.fail();return}let a=t.name("valid");e.subschema({keyword:"not",compositeRule:!0,createErrors:!1,allErrors:!1},a),e.failResult(a,()=>e.reset(),()=>e.error())},error:{message:"must NOT be valid"}};ud.default=wx});var Sh=x(dd=>{"use strict";Object.defineProperty(dd,"__esModule",{value:!0});var vx=dt(),bx={keyword:"anyOf",schemaType:"array",trackErrors:!0,code:vx.validateUnion,error:{message:"must match a schema in anyOf"}};dd.default=bx});var _h=x(ld=>{"use strict";Object.defineProperty(ld,"__esModule",{value:!0});var Ti=F(),Rx=re(),Cx={message:"must match exactly one schema in oneOf",params:o(({params:e})=>(0,Ti._)`{passingSchemas: ${e.passing}}`,"params")},Ix={keyword:"oneOf",schemaType:"array",trackErrors:!0,error:Cx,code(e){let{gen:t,schema:r,parentSchema:n,it:a}=e;if(!Array.isArray(r))throw new Error("ajv implementation error");if(a.opts.discriminator&&n.discriminator)return;let i=r,s=t.let("valid",!1),c=t.let("passing",null),d=t.name("_valid");e.setParams({passing:c}),t.block(p),e.result(s,()=>e.reset(),()=>e.error(!0));function p(){i.forEach((l,m)=>{let h;(0,Rx.alwaysValidSchema)(a,l)?t.var(d,!0):h=e.subschema({keyword:"oneOf",schemaProp:m,compositeRule:!0},d),m>0&&t.if((0,Ti._)`${d} && ${s}`).assign(s,!1).assign(c,(0,Ti._)`[${c}, ${m}]`).else(),t.if(d,()=>{t.assign(s,!0),t.assign(c,m),h&&e.mergeEvaluated(h,Ti.Name)})})}o(p,"validateOneOf")}};ld.default=Ix});var wh=x(pd=>{"use strict";Object.defineProperty(pd,"__esModule",{value:!0});var Px=re(),xx={keyword:"allOf",schemaType:"array",code(e){let{gen:t,schema:r,it:n}=e;if(!Array.isArray(r))throw new Error("ajv implementation error");let a=t.name("valid");r.forEach((i,s)=>{if((0,Px.alwaysValidSchema)(n,i))return;let c=e.subschema({keyword:"allOf",schemaProp:s},a);e.ok(a),e.mergeEvaluated(c)})}};pd.default=xx});var Rh=x(md=>{"use strict";Object.defineProperty(md,"__esModule",{value:!0});var Ei=F(),bh=re(),Ax={message:o(({params:e})=>(0,Ei.str)`must match "${e.ifClause}" schema`,"message"),params:o(({params:e})=>(0,Ei._)`{failingKeyword: ${e.ifClause}}`,"params")},kx={keyword:"if",schemaType:["object","boolean"],trackErrors:!0,error:Ax,code(e){let{gen:t,parentSchema:r,it:n}=e;r.then===void 0&&r.else===void 0&&(0,bh.checkStrictMode)(n,'"if" without "then" and "else" is ignored');let a=vh(n,"then"),i=vh(n,"else");if(!a&&!i)return;let s=t.let("valid",!0),c=t.name("_valid");if(d(),e.reset(),a&&i){let l=t.let("ifClause");e.setParams({ifClause:l}),t.if(c,p("then",l),p("else",l))}else a?t.if(c,p("then")):t.if((0,Ei.not)(c),p("else"));e.pass(s,()=>e.error(!0));function d(){let l=e.subschema({keyword:"if",compositeRule:!0,createErrors:!1,allErrors:!1},c);e.mergeEvaluated(l)}o(d,"validateIf");function p(l,m){return()=>{let h=e.subschema({keyword:l},c);t.assign(s,c),e.mergeValidEvaluated(h,s),m?t.assign(m,(0,Ei._)`${l}`):e.setParams({ifClause:l})}}o(p,"validateClause")}};function vh(e,t){let r=e.schema[t];return r!==void 0&&!(0,bh.alwaysValidSchema)(e,r)}o(vh,"hasSchema");md.default=kx});var Ch=x(fd=>{"use strict";Object.defineProperty(fd,"__esModule",{value:!0});var Tx=re(),Ex={keyword:["then","else"],schemaType:["object","boolean"],code({keyword:e,parentSchema:t,it:r}){t.if===void 0&&(0,Tx.checkStrictMode)(r,`"${e}" without "if" is ignored`)}};fd.default=Ex});var Ih=x(hd=>{"use strict";Object.defineProperty(hd,"__esModule",{value:!0});var Ux=Yu(),Ox=th(),$x=Qu(),zx=nh(),Mx=oh(),qx=sh(),Nx=uh(),Dx=ad(),jx=ph(),Hx=gh(),Lx=yh(),Bx=Sh(),Gx=_h(),Vx=wh(),Fx=Rh(),Zx=Ch();function Kx(e=!1){let t=[Lx.default,Bx.default,Gx.default,Vx.default,Fx.default,Zx.default,Nx.default,Dx.default,qx.default,jx.default,Hx.default];return e?t.push(Ox.default,zx.default):t.push(Ux.default,$x.default),t.push(Mx.default),t}o(Kx,"getApplicator");hd.default=Kx});var Ph=x(gd=>{"use strict";Object.defineProperty(gd,"__esModule",{value:!0});var ve=F(),Wx={message:o(({schemaCode:e})=>(0,ve.str)`must match format "${e}"`,"message"),params:o(({schemaCode:e})=>(0,ve._)`{format: ${e}}`,"params")},Jx={keyword:"format",type:["number","string"],schemaType:"string",$data:!0,error:Wx,code(e,t){let{gen:r,data:n,$data:a,schema:i,schemaCode:s,it:c}=e,{opts:d,errSchemaPath:p,schemaEnv:l,self:m}=c;if(!d.validateFormats)return;a?h():y();function h(){let _=r.scopeValue("formats",{ref:m.formats,code:d.code.formats}),S=r.const("fDef",(0,ve._)`${_}[${s}]`),w=r.let("fType"),v=r.let("format");r.if((0,ve._)`typeof ${S} == "object" && !(${S} instanceof RegExp)`,()=>r.assign(w,(0,ve._)`${S}.type || "string"`).assign(v,(0,ve._)`${S}.validate`),()=>r.assign(w,(0,ve._)`"string"`).assign(v,S)),e.fail$data((0,ve.or)(b(),R()));function b(){return d.strictSchema===!1?ve.nil:(0,ve._)`${s} && !${v}`}o(b,"unknownFmt");function R(){let q=l.$async?(0,ve._)`(${S}.async ? await ${v}(${n}) : ${v}(${n}))`:(0,ve._)`${v}(${n})`,N=(0,ve._)`(typeof ${v} == "function" ? ${q} : ${v}.test(${n}))`;return(0,ve._)`${v} && ${v} !== true && ${w} === ${t} && !${N}`}o(R,"invalidFmt")}o(h,"validate$DataFormat");function y(){let _=m.formats[i];if(!_){b();return}if(_===!0)return;let[S,w,v]=R(_);S===t&&e.pass(q());function b(){if(d.strictSchema===!1){m.logger.warn(N());return}throw new Error(N());function N(){return`unknown format "${i}" ignored in schema at path "${p}"`}}o(b,"unknownFormat");function R(N){let qe=N instanceof RegExp?(0,ve.regexpCode)(N):d.code.formats?(0,ve._)`${d.code.formats}${(0,ve.getProperty)(i)}`:void 0,it=r.scopeValue("formats",{key:i,ref:N,code:qe});return typeof N=="object"&&!(N instanceof RegExp)?[N.type||"string",N.validate,(0,ve._)`${it}.validate`]:["string",N,it]}o(R,"getFormat");function q(){if(typeof _=="object"&&!(_ instanceof RegExp)&&_.async){if(!l.$async)throw new Error("async format in sync schema");return(0,ve._)`await ${v}(${n})`}return typeof w=="function"?(0,ve._)`${v}(${n})`:(0,ve._)`${v}.test(${n})`}o(q,"validCondition")}o(y,"validateFormat")}};gd.default=Jx});var xh=x(yd=>{"use strict";Object.defineProperty(yd,"__esModule",{value:!0});var Yx=Ph(),Qx=[Yx.default];yd.default=Qx});var Ah=x(An=>{"use strict";Object.defineProperty(An,"__esModule",{value:!0});An.contentVocabulary=An.metadataVocabulary=void 0;An.metadataVocabulary=["title","description","default","deprecated","readOnly","writeOnly","examples"];An.contentVocabulary=["contentMediaType","contentEncoding","contentSchema"]});var Th=x(Sd=>{"use strict";Object.defineProperty(Sd,"__esModule",{value:!0});var Xx=qf(),eA=Yf(),tA=Ih(),rA=xh(),kh=Ah(),nA=[Xx.default,eA.default,(0,tA.default)(),rA.default,kh.metadataVocabulary,kh.contentVocabulary];Sd.default=nA});var Uh=x(Ui=>{"use strict";Object.defineProperty(Ui,"__esModule",{value:!0});Ui.DiscrError=void 0;var Eh;(function(e){e.Tag="tag",e.Mapping="mapping"})(Eh||(Ui.DiscrError=Eh={}))});var $h=x(wd=>{"use strict";Object.defineProperty(wd,"__esModule",{value:!0});var kn=F(),_d=Uh(),Oh=mi(),oA=No(),aA=re(),iA={message:o(({params:{discrError:e,tagName:t}})=>e===_d.DiscrError.Tag?`tag "${t}" must be string`:`value of tag "${t}" must be in oneOf`,"message"),params:o(({params:{discrError:e,tag:t,tagName:r}})=>(0,kn._)`{error: ${e}, tag: ${r}, tagValue: ${t}}`,"params")},sA={keyword:"discriminator",type:"object",schemaType:"object",error:iA,code(e){let{gen:t,data:r,schema:n,parentSchema:a,it:i}=e,{oneOf:s}=a;if(!i.opts.discriminator)throw new Error("discriminator: requires discriminator option");let c=n.propertyName;if(typeof c!="string")throw new Error("discriminator: requires propertyName");if(n.mapping)throw new Error("discriminator: mapping is not supported");if(!s)throw new Error("discriminator: requires oneOf keyword");let d=t.let("valid",!1),p=t.const("tag",(0,kn._)`${r}${(0,kn.getProperty)(c)}`);t.if((0,kn._)`typeof ${p} == "string"`,()=>l(),()=>e.error(!1,{discrError:_d.DiscrError.Tag,tag:p,tagName:c})),e.ok(d);function l(){let y=h();t.if(!1);for(let _ in y)t.elseIf((0,kn._)`${p} === ${_}`),t.assign(d,m(y[_]));t.else(),e.error(!1,{discrError:_d.DiscrError.Mapping,tag:p,tagName:c}),t.endIf()}o(l,"validateMapping");function m(y){let _=t.name("valid"),S=e.subschema({keyword:"oneOf",schemaProp:y},_);return e.mergeEvaluated(S,kn.Name),_}o(m,"applyTagSchema");function h(){var y;let _={},S=v(a),w=!0;for(let q=0;q<s.length;q++){let N=s[q];if(N?.$ref&&!(0,aA.schemaHasRulesButRef)(N,i.self.RULES)){let it=N.$ref;if(N=Oh.resolveRef.call(i.self,i.schemaEnv.root,i.baseId,it),N instanceof Oh.SchemaEnv&&(N=N.schema),N===void 0)throw new oA.default(i.opts.uriResolver,i.baseId,it)}let qe=(y=N?.properties)===null||y===void 0?void 0:y[c];if(typeof qe!="object")throw new Error(`discriminator: oneOf subschemas (or referenced schemas) must have "properties/${c}"`);w=w&&(S||v(N)),b(qe,q)}if(!w)throw new Error(`discriminator: "${c}" must be required`);return _;function v({required:q}){return Array.isArray(q)&&q.includes(c)}function b(q,N){if(q.const)R(q.const,N);else if(q.enum)for(let qe of q.enum)R(qe,N);else throw new Error(`discriminator: "properties/${c}" must have "const" or "enum"`)}function R(q,N){if(typeof q!="string"||q in _)throw new Error(`discriminator: "${c}" values must be unique strings`);_[q]=N}}o(h,"getMapping")}};wd.default=sA});var zh=x((uB,cA)=>{cA.exports={$schema:"http://json-schema.org/draft-07/schema#",$id:"http://json-schema.org/draft-07/schema#",title:"Core schema meta-schema",definitions:{schemaArray:{type:"array",minItems:1,items:{$ref:"#"}},nonNegativeInteger:{type:"integer",minimum:0},nonNegativeIntegerDefault0:{allOf:[{$ref:"#/definitions/nonNegativeInteger"},{default:0}]},simpleTypes:{enum:["array","boolean","integer","null","number","object","string"]},stringArray:{type:"array",items:{type:"string"},uniqueItems:!0,default:[]}},type:["object","boolean"],properties:{$id:{type:"string",format:"uri-reference"},$schema:{type:"string",format:"uri"},$ref:{type:"string",format:"uri-reference"},$comment:{type:"string"},title:{type:"string"},description:{type:"string"},default:!0,readOnly:{type:"boolean",default:!1},examples:{type:"array",items:!0},multipleOf:{type:"number",exclusiveMinimum:0},maximum:{type:"number"},exclusiveMaximum:{type:"number"},minimum:{type:"number"},exclusiveMinimum:{type:"number"},maxLength:{$ref:"#/definitions/nonNegativeInteger"},minLength:{$ref:"#/definitions/nonNegativeIntegerDefault0"},pattern:{type:"string",format:"regex"},additionalItems:{$ref:"#"},items:{anyOf:[{$ref:"#"},{$ref:"#/definitions/schemaArray"}],default:!0},maxItems:{$ref:"#/definitions/nonNegativeInteger"},minItems:{$ref:"#/definitions/nonNegativeIntegerDefault0"},uniqueItems:{type:"boolean",default:!1},contains:{$ref:"#"},maxProperties:{$ref:"#/definitions/nonNegativeInteger"},minProperties:{$ref:"#/definitions/nonNegativeIntegerDefault0"},required:{$ref:"#/definitions/stringArray"},additionalProperties:{$ref:"#"},definitions:{type:"object",additionalProperties:{$ref:"#"},default:{}},properties:{type:"object",additionalProperties:{$ref:"#"},default:{}},patternProperties:{type:"object",additionalProperties:{$ref:"#"},propertyNames:{format:"regex"},default:{}},dependencies:{type:"object",additionalProperties:{anyOf:[{$ref:"#"},{$ref:"#/definitions/stringArray"}]}},propertyNames:{$ref:"#"},const:!0,enum:{type:"array",items:!0,minItems:1,uniqueItems:!0},type:{anyOf:[{$ref:"#/definitions/simpleTypes"},{type:"array",items:{$ref:"#/definitions/simpleTypes"},minItems:1,uniqueItems:!0}]},format:{type:"string"},contentMediaType:{type:"string"},contentEncoding:{type:"string"},if:{$ref:"#"},then:{$ref:"#"},else:{$ref:"#"},allOf:{$ref:"#/definitions/schemaArray"},anyOf:{$ref:"#/definitions/schemaArray"},oneOf:{$ref:"#/definitions/schemaArray"},not:{$ref:"#"}},default:!0}});var bd=x((le,vd)=>{"use strict";Object.defineProperty(le,"__esModule",{value:!0});le.MissingRefError=le.ValidationError=le.CodeGen=le.Name=le.nil=le.stringify=le.str=le._=le.KeywordCxt=le.Ajv=void 0;var uA=Ef(),dA=Th(),lA=$h(),Mh=zh(),pA=["/properties"],Oi="http://json-schema.org/draft-07/schema",Tn=class extends uA.default{static{o(this,"Ajv")}_addVocabularies(){super._addVocabularies(),dA.default.forEach(t=>this.addVocabulary(t)),this.opts.discriminator&&this.addKeyword(lA.default)}_addDefaultMetaSchema(){if(super._addDefaultMetaSchema(),!this.opts.meta)return;let t=this.opts.$data?this.$dataMetaSchema(Mh,pA):Mh;this.addMetaSchema(t,Oi,!1),this.refs["http://json-schema.org/schema"]=Oi}defaultMeta(){return this.opts.defaultMeta=super.defaultMeta()||(this.getSchema(Oi)?Oi:void 0)}};le.Ajv=Tn;vd.exports=le=Tn;vd.exports.Ajv=Tn;Object.defineProperty(le,"__esModule",{value:!0});le.default=Tn;var mA=qo();Object.defineProperty(le,"KeywordCxt",{enumerable:!0,get:o(function(){return mA.KeywordCxt},"get")});var En=F();Object.defineProperty(le,"_",{enumerable:!0,get:o(function(){return En._},"get")});Object.defineProperty(le,"str",{enumerable:!0,get:o(function(){return En.str},"get")});Object.defineProperty(le,"stringify",{enumerable:!0,get:o(function(){return En.stringify},"get")});Object.defineProperty(le,"nil",{enumerable:!0,get:o(function(){return En.nil},"get")});Object.defineProperty(le,"Name",{enumerable:!0,get:o(function(){return En.Name},"get")});Object.defineProperty(le,"CodeGen",{enumerable:!0,get:o(function(){return En.CodeGen},"get")});var fA=li();Object.defineProperty(le,"ValidationError",{enumerable:!0,get:o(function(){return fA.default},"get")});var hA=No();Object.defineProperty(le,"MissingRefError",{enumerable:!0,get:o(function(){return hA.default},"get")})});var Gh=x(Et=>{"use strict";Object.defineProperty(Et,"__esModule",{value:!0});Et.formatNames=Et.fastFormats=Et.fullFormats=void 0;function Tt(e,t){return{validate:e,compare:t}}o(Tt,"fmtDef");Et.fullFormats={date:Tt(jh,Pd),time:Tt(Cd(!0),xd),"date-time":Tt(qh(!0),Lh),"iso-time":Tt(Cd(),Hh),"iso-date-time":Tt(qh(),Bh),duration:/^P(?!$)((\d+Y)?(\d+M)?(\d+D)?(T(?=\d)(\d+H)?(\d+M)?(\d+S)?)?|(\d+W)?)$/,uri:vA,"uri-reference":/^(?:[a-z][a-z0-9+\-.]*:)?(?:\/?\/(?:(?:[a-z0-9\-._~!$&'()*+,;=:]|%[0-9a-f]{2})*@)?(?:\[(?:(?:(?:(?:[0-9a-f]{1,4}:){6}|::(?:[0-9a-f]{1,4}:){5}|(?:[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){4}|(?:(?:[0-9a-f]{1,4}:){0,1}[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){3}|(?:(?:[0-9a-f]{1,4}:){0,2}[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){2}|(?:(?:[0-9a-f]{1,4}:){0,3}[0-9a-f]{1,4})?::[0-9a-f]{1,4}:|(?:(?:[0-9a-f]{1,4}:){0,4}[0-9a-f]{1,4})?::)(?:[0-9a-f]{1,4}:[0-9a-f]{1,4}|(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?))|(?:(?:[0-9a-f]{1,4}:){0,5}[0-9a-f]{1,4})?::[0-9a-f]{1,4}|(?:(?:[0-9a-f]{1,4}:){0,6}[0-9a-f]{1,4})?::)|[Vv][0-9a-f]+\.[a-z0-9\-._~!$&'()*+,;=:]+)\]|(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?)|(?:[a-z0-9\-._~!$&'"()*+,;=]|%[0-9a-f]{2})*)(?::\d*)?(?:\/(?:[a-z0-9\-._~!$&'"()*+,;=:@]|%[0-9a-f]{2})*)*|\/(?:(?:[a-z0-9\-._~!$&'"()*+,;=:@]|%[0-9a-f]{2})+(?:\/(?:[a-z0-9\-._~!$&'"()*+,;=:@]|%[0-9a-f]{2})*)*)?|(?:[a-z0-9\-._~!$&'"()*+,;=:@]|%[0-9a-f]{2})+(?:\/(?:[a-z0-9\-._~!$&'"()*+,;=:@]|%[0-9a-f]{2})*)*)?(?:\?(?:[a-z0-9\-._~!$&'"()*+,;=:@/?]|%[0-9a-f]{2})*)?(?:#(?:[a-z0-9\-._~!$&'"()*+,;=:@/?]|%[0-9a-f]{2})*)?$/i,"uri-template":/^(?:(?:[^\x00-\x20"'<>%\\^`{|}]|%[0-9a-f]{2})|\{[+#./;?&=,!@|]?(?:[a-z0-9_]|%[0-9a-f]{2})+(?::[1-9][0-9]{0,3}|\*)?(?:,(?:[a-z0-9_]|%[0-9a-f]{2})+(?::[1-9][0-9]{0,3}|\*)?)*\})*$/i,url:/^(?:https?|ftp):\/\/(?:\S+(?::\S*)?@)?(?:(?!(?:10|127)(?:\.\d{1,3}){3})(?!(?:169\.254|192\.168)(?:\.\d{1,3}){2})(?!172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})(?:[1-9]\d?|1\d\d|2[01]\d|22[0-3])(?:\.(?:1?\d{1,2}|2[0-4]\d|25[0-5])){2}(?:\.(?:[1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))|(?:(?:[a-z0-9\u{00a1}-\u{ffff}]+-)*[a-z0-9\u{00a1}-\u{ffff}]+)(?:\.(?:[a-z0-9\u{00a1}-\u{ffff}]+-)*[a-z0-9\u{00a1}-\u{ffff}]+)*(?:\.(?:[a-z\u{00a1}-\u{ffff}]{2,})))(?::\d{2,5})?(?:\/[^\s]*)?$/iu,email:/^[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$/i,hostname:/^(?=.{1,253}\.?$)[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?(?:\.[a-z0-9](?:[-0-9a-z]{0,61}[0-9a-z])?)*\.?$/i,ipv4:/^(?:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)\.){3}(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)$/,ipv6:/^((([0-9a-f]{1,4}:){7}([0-9a-f]{1,4}|:))|(([0-9a-f]{1,4}:){6}(:[0-9a-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9a-f]{1,4}:){5}(((:[0-9a-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9a-f]{1,4}:){4}(((:[0-9a-f]{1,4}){1,3})|((:[0-9a-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9a-f]{1,4}:){3}(((:[0-9a-f]{1,4}){1,4})|((:[0-9a-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9a-f]{1,4}:){2}(((:[0-9a-f]{1,4}){1,5})|((:[0-9a-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9a-f]{1,4}:){1}(((:[0-9a-f]{1,4}){1,6})|((:[0-9a-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9a-f]{1,4}){1,7})|((:[0-9a-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))$/i,regex:AA,uuid:/^(?:urn:uuid:)?[0-9a-f]{8}-(?:[0-9a-f]{4}-){3}[0-9a-f]{12}$/i,"json-pointer":/^(?:\/(?:[^~/]|~0|~1)*)*$/,"json-pointer-uri-fragment":/^#(?:\/(?:[a-z0-9_\-.!$&'()*+,;:=@]|%[0-9a-f]{2}|~0|~1)*)*$/i,"relative-json-pointer":/^(?:0|[1-9][0-9]*)(?:#|(?:\/(?:[^~/]|~0|~1)*)*)$/,byte:bA,int32:{type:"number",validate:IA},int64:{type:"number",validate:PA},float:{type:"number",validate:Dh},double:{type:"number",validate:Dh},password:!0,binary:!0};Et.fastFormats={...Et.fullFormats,date:Tt(/^\d\d\d\d-[0-1]\d-[0-3]\d$/,Pd),time:Tt(/^(?:[0-2]\d:[0-5]\d:[0-5]\d|23:59:60)(?:\.\d+)?(?:z|[+-]\d\d(?::?\d\d)?)$/i,xd),"date-time":Tt(/^\d\d\d\d-[0-1]\d-[0-3]\dt(?:[0-2]\d:[0-5]\d:[0-5]\d|23:59:60)(?:\.\d+)?(?:z|[+-]\d\d(?::?\d\d)?)$/i,Lh),"iso-time":Tt(/^(?:[0-2]\d:[0-5]\d:[0-5]\d|23:59:60)(?:\.\d+)?(?:z|[+-]\d\d(?::?\d\d)?)?$/i,Hh),"iso-date-time":Tt(/^\d\d\d\d-[0-1]\d-[0-3]\d[t\s](?:[0-2]\d:[0-5]\d:[0-5]\d|23:59:60)(?:\.\d+)?(?:z|[+-]\d\d(?::?\d\d)?)?$/i,Bh),uri:/^(?:[a-z][a-z0-9+\-.]*:)(?:\/?\/)?[^\s]*$/i,"uri-reference":/^(?:(?:[a-z][a-z0-9+\-.]*:)?\/?\/)?(?:[^\\\s#][^\s#]*)?(?:#[^\\\s]*)?$/i,email:/^[a-z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?(?:\.[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?)*$/i};Et.formatNames=Object.keys(Et.fullFormats);function gA(e){return e%4===0&&(e%100!==0||e%400===0)}o(gA,"isLeapYear");var yA=/^(\d\d\d\d)-(\d\d)-(\d\d)$/,SA=[0,31,28,31,30,31,30,31,31,30,31,30,31];function jh(e){let t=yA.exec(e);if(!t)return!1;let r=+t[1],n=+t[2],a=+t[3];return n>=1&&n<=12&&a>=1&&a<=(n===2&&gA(r)?29:SA[n])}o(jh,"date");function Pd(e,t){if(e&&t)return e>t?1:e<t?-1:0}o(Pd,"compareDate");var Rd=/^(\d\d):(\d\d):(\d\d(?:\.\d+)?)(z|([+-])(\d\d)(?::?(\d\d))?)?$/i;function Cd(e){return o(function(r){let n=Rd.exec(r);if(!n)return!1;let a=+n[1],i=+n[2],s=+n[3],c=n[4],d=n[5]==="-"?-1:1,p=+(n[6]||0),l=+(n[7]||0);if(p>23||l>59||e&&!c)return!1;if(a<=23&&i<=59&&s<60)return!0;let m=i-l*d,h=a-p*d-(m<0?1:0);return(h===23||h===-1)&&(m===59||m===-1)&&s<61},"time")}o(Cd,"getTime");function xd(e,t){if(!(e&&t))return;let r=new Date("2020-01-01T"+e).valueOf(),n=new Date("2020-01-01T"+t).valueOf();if(r&&n)return r-n}o(xd,"compareTime");function Hh(e,t){if(!(e&&t))return;let r=Rd.exec(e),n=Rd.exec(t);if(r&&n)return e=r[1]+r[2]+r[3],t=n[1]+n[2]+n[3],e>t?1:e<t?-1:0}o(Hh,"compareIsoTime");var Id=/t|\s/i;function qh(e){let t=Cd(e);return o(function(n){let a=n.split(Id);return a.length===2&&jh(a[0])&&t(a[1])},"date_time")}o(qh,"getDateTime");function Lh(e,t){if(!(e&&t))return;let r=new Date(e).valueOf(),n=new Date(t).valueOf();if(r&&n)return r-n}o(Lh,"compareDateTime");function Bh(e,t){if(!(e&&t))return;let[r,n]=e.split(Id),[a,i]=t.split(Id),s=Pd(r,a);if(s!==void 0)return s||xd(n,i)}o(Bh,"compareIsoDateTime");var _A=/\/|:/,wA=/^(?:[a-z][a-z0-9+\-.]*:)(?:\/?\/(?:(?:[a-z0-9\-._~!$&'()*+,;=:]|%[0-9a-f]{2})*@)?(?:\[(?:(?:(?:(?:[0-9a-f]{1,4}:){6}|::(?:[0-9a-f]{1,4}:){5}|(?:[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){4}|(?:(?:[0-9a-f]{1,4}:){0,1}[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){3}|(?:(?:[0-9a-f]{1,4}:){0,2}[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){2}|(?:(?:[0-9a-f]{1,4}:){0,3}[0-9a-f]{1,4})?::[0-9a-f]{1,4}:|(?:(?:[0-9a-f]{1,4}:){0,4}[0-9a-f]{1,4})?::)(?:[0-9a-f]{1,4}:[0-9a-f]{1,4}|(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?))|(?:(?:[0-9a-f]{1,4}:){0,5}[0-9a-f]{1,4})?::[0-9a-f]{1,4}|(?:(?:[0-9a-f]{1,4}:){0,6}[0-9a-f]{1,4})?::)|[Vv][0-9a-f]+\.[a-z0-9\-._~!$&'()*+,;=:]+)\]|(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?)|(?:[a-z0-9\-._~!$&'()*+,;=]|%[0-9a-f]{2})*)(?::\d*)?(?:\/(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})*)*|\/(?:(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})+(?:\/(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})*)*)?|(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})+(?:\/(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})*)*)(?:\?(?:[a-z0-9\-._~!$&'()*+,;=:@/?]|%[0-9a-f]{2})*)?(?:#(?:[a-z0-9\-._~!$&'()*+,;=:@/?]|%[0-9a-f]{2})*)?$/i;function vA(e){return _A.test(e)&&wA.test(e)}o(vA,"uri");var Nh=/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/gm;function bA(e){return Nh.lastIndex=0,Nh.test(e)}o(bA,"byte");var RA=-(2**31),CA=2**31-1;function IA(e){return Number.isInteger(e)&&e<=CA&&e>=RA}o(IA,"validateInt32");function PA(e){return Number.isInteger(e)}o(PA,"validateInt64");function Dh(){return!0}o(Dh,"validateNumber");var xA=/[^\\]\\Z/;function AA(e){if(xA.test(e))return!1;try{return new RegExp(e),!0}catch{return!1}}o(AA,"regex")});var Vh=x(Un=>{"use strict";Object.defineProperty(Un,"__esModule",{value:!0});Un.formatLimitDefinition=void 0;var kA=bd(),Rt=F(),br=Rt.operators,$i={formatMaximum:{okStr:"<=",ok:br.LTE,fail:br.GT},formatMinimum:{okStr:">=",ok:br.GTE,fail:br.LT},formatExclusiveMaximum:{okStr:"<",ok:br.LT,fail:br.GTE},formatExclusiveMinimum:{okStr:">",ok:br.GT,fail:br.LTE}},TA={message:o(({keyword:e,schemaCode:t})=>(0,Rt.str)`should be ${$i[e].okStr} ${t}`,"message"),params:o(({keyword:e,schemaCode:t})=>(0,Rt._)`{comparison: ${$i[e].okStr}, limit: ${t}}`,"params")};Un.formatLimitDefinition={keyword:Object.keys($i),type:"string",schemaType:"string",$data:!0,error:TA,code(e){let{gen:t,data:r,schemaCode:n,keyword:a,it:i}=e,{opts:s,self:c}=i;if(!s.validateFormats)return;let d=new kA.KeywordCxt(i,c.RULES.all.format.definition,"format");d.$data?p():l();function p(){let h=t.scopeValue("formats",{ref:c.formats,code:s.code.formats}),y=t.const("fmt",(0,Rt._)`${h}[${d.schemaCode}]`);e.fail$data((0,Rt.or)((0,Rt._)`typeof ${y} != "object"`,(0,Rt._)`${y} instanceof RegExp`,(0,Rt._)`typeof ${y}.compare != "function"`,m(y)))}o(p,"validate$DataFormat");function l(){let h=d.schema,y=c.formats[h];if(!y||y===!0)return;if(typeof y!="object"||y instanceof RegExp||typeof y.compare!="function")throw new Error(`"${a}": format "${h}" does not define "compare" function`);let _=t.scopeValue("formats",{key:h,ref:y,code:s.code.formats?(0,Rt._)`${s.code.formats}${(0,Rt.getProperty)(h)}`:void 0});e.fail$data(m(_))}o(l,"validateFormat");function m(h){return(0,Rt._)`${h}.compare(${r}, ${n}) ${$i[a].fail} 0`}o(m,"compareCode")},dependencies:["format"]};var EA=o(e=>(e.addKeyword(Un.formatLimitDefinition),e),"formatLimitPlugin");Un.default=EA});var Wh=x((Qo,Kh)=>{"use strict";Object.defineProperty(Qo,"__esModule",{value:!0});var On=Gh(),UA=Vh(),Ad=F(),Fh=new Ad.Name("fullFormats"),OA=new Ad.Name("fastFormats"),kd=o((e,t={keywords:!0})=>{if(Array.isArray(t))return Zh(e,t,On.fullFormats,Fh),e;let[r,n]=t.mode==="fast"?[On.fastFormats,OA]:[On.fullFormats,Fh],a=t.formats||On.formatNames;return Zh(e,a,r,n),t.keywords&&(0,UA.default)(e),e},"formatsPlugin");kd.get=(e,t="full")=>{let n=(t==="fast"?On.fastFormats:On.fullFormats)[e];if(!n)throw new Error(`Unknown format "${e}"`);return n};function Zh(e,t,r,n){var a,i;(a=(i=e.opts.code).formats)!==null&&a!==void 0||(i.formats=(0,Ad._)`require("ajv-formats/dist/formats").${n}`);for(let s of t)e.addFormat(s,r[s])}o(Zh,"addFormats");Kh.exports=Qo=kd;Object.defineProperty(Qo,"__esModule",{value:!0});Qo.default=kd});wv();function sr(e){return!!e._zod}o(sr,"isZ4Schema");function Ge(e,t){return sr(e)?rc(e,t):e.safeParse(t)}o(Ge,"safeParse");function pn(e){if(!e)return;let t;if(sr(e)?t=e._zod?.def?.shape:t=e.shape,!!t){if(typeof t=="function")try{return t()}catch{return}return t}}o(pn,"getObjectShape");function Zp(e){if(sr(e)){let i=e._zod?.def;if(i){if(i.value!==void 0)return i.value;if(Array.isArray(i.values)&&i.values.length>0)return i.values[0]}}let r=e._def;if(r){if(r.value!==void 0)return r.value;if(Array.isArray(r.values)&&r.values.length>0)return r.values[0]}let n=e.value;if(n!==void 0)return n}o(Zp,"getLiteralValue");ue();var ur="2025-11-25",Kp="2025-03-26",dr=[ur,"2025-06-18","2025-03-26","2024-11-05","2024-10-07"],lr="io.modelcontextprotocol/related-task",Da="2.0",Ie=Gp(e=>e!==null&&(typeof e=="object"||typeof e=="function")),Wp=me([f(),ee().int()]),Jp=f(),xq=Ce({ttl:ee().optional(),pollInterval:ee().optional()}),Rv=I({ttl:ee().optional()}),Cv=I({taskId:f()}),ic=Ce({progressToken:Wp.optional(),[lr]:Cv.optional()}),ot=I({_meta:ic.optional()}),mo=ot.extend({task:Rv.optional()}),Yp=o(e=>mo.safeParse(e).success,"isTaskAugmentedRequestParams"),Ae=I({method:f(),params:ot.loose().optional()}),st=I({_meta:ic.optional()}),ct=I({method:f(),params:st.loose().optional()}),ke=Ce({_meta:ic.optional()}),ja=me([f(),ee().int()]),Qp=I({jsonrpc:O(Da),id:ja,...Ae.shape}).strict(),It=o(e=>Qp.safeParse(e).success,"isJSONRPCRequest"),Xp=I({jsonrpc:O(Da),...ct.shape}).strict(),em=o(e=>Xp.safeParse(e).success,"isJSONRPCNotification"),sc=I({jsonrpc:O(Da),id:ja,result:ke}).strict(),St=o(e=>sc.safeParse(e).success,"isJSONRPCResultResponse");var U;(function(e){e[e.ConnectionClosed=-32e3]="ConnectionClosed",e[e.RequestTimeout=-32001]="RequestTimeout",e[e.ParseError=-32700]="ParseError",e[e.InvalidRequest=-32600]="InvalidRequest",e[e.MethodNotFound=-32601]="MethodNotFound",e[e.InvalidParams=-32602]="InvalidParams",e[e.InternalError=-32603]="InternalError",e[e.UrlElicitationRequired=-32042]="UrlElicitationRequired"})(U||(U={}));var cc=I({jsonrpc:O(Da),id:ja.optional(),error:I({code:ee().int(),message:f(),data:we().optional()})}).strict();var fn=o(e=>cc.safeParse(e).success,"isJSONRPCErrorResponse");var $r=me([Qp,Xp,sc,cc]),Aq=me([sc,cc]),jt=ke.strict(),Iv=st.extend({requestId:ja.optional(),reason:f().optional()}),Ha=ct.extend({method:O("notifications/cancelled"),params:Iv}),Pv=I({src:f(),mimeType:f().optional(),sizes:C(f()).optional(),theme:nt(["light","dark"]).optional()}),fo=I({icons:C(Pv).optional()}),mn=I({name:f(),title:f().optional()}),hn=mn.extend({...mn.shape,...fo.shape,version:f(),websiteUrl:f().optional(),description:f().optional()}),xv=oc(I({applyDefaults:ae().optional()}),ce(f(),we())),Av=ac(e=>e&&typeof e=="object"&&!Array.isArray(e)&&Object.keys(e).length===0?{form:{}}:e,oc(I({form:xv.optional(),url:Ie.optional()}),ce(f(),we()).optional())),kv=Ce({list:Ie.optional(),cancel:Ie.optional(),requests:Ce({sampling:Ce({createMessage:Ie.optional()}).optional(),elicitation:Ce({create:Ie.optional()}).optional()}).optional()}),Tv=Ce({list:Ie.optional(),cancel:Ie.optional(),requests:Ce({tools:Ce({call:Ie.optional()}).optional()}).optional()}),Ev=I({experimental:ce(f(),Ie).optional(),sampling:I({context:Ie.optional(),tools:Ie.optional()}).optional(),elicitation:Av.optional(),roots:I({listChanged:ae().optional()}).optional(),tasks:kv.optional(),extensions:ce(f(),Ie).optional()}),Uv=ot.extend({protocolVersion:f(),capabilities:Ev,clientInfo:hn}),La=Ae.extend({method:O("initialize"),params:Uv}),uc=o(e=>La.safeParse(e).success,"isInitializeRequest"),Ov=I({experimental:ce(f(),Ie).optional(),logging:Ie.optional(),completions:Ie.optional(),prompts:I({listChanged:ae().optional()}).optional(),resources:I({subscribe:ae().optional(),listChanged:ae().optional()}).optional(),tools:I({listChanged:ae().optional()}).optional(),tasks:Tv.optional(),extensions:ce(f(),Ie).optional()}),dc=ke.extend({protocolVersion:f(),capabilities:Ov,serverInfo:hn,instructions:f().optional()}),Ba=ct.extend({method:O("notifications/initialized"),params:st.optional()}),tm=o(e=>Ba.safeParse(e).success,"isInitializedNotification"),Ga=Ae.extend({method:O("ping"),params:ot.optional()}),$v=I({progress:ee(),total:ge(ee()),message:ge(f())}),zv=I({...st.shape,...$v.shape,progressToken:Wp}),Va=ct.extend({method:O("notifications/progress"),params:zv}),Mv=ot.extend({cursor:Jp.optional()}),ho=Ae.extend({params:Mv.optional()}),go=ke.extend({nextCursor:Jp.optional()}),qv=nt(["working","input_required","completed","failed","cancelled"]),yo=I({taskId:f(),status:qv,ttl:me([ee(),Lp()]),createdAt:f(),lastUpdatedAt:f(),pollInterval:ge(ee()),statusMessage:ge(f())}),Ht=ke.extend({task:yo}),Nv=st.merge(yo),So=ct.extend({method:O("notifications/tasks/status"),params:Nv}),Fa=Ae.extend({method:O("tasks/get"),params:ot.extend({taskId:f()})}),Za=ke.merge(yo),Ka=Ae.extend({method:O("tasks/result"),params:ot.extend({taskId:f()})}),kq=ke.loose(),Wa=ho.extend({method:O("tasks/list")}),Ja=go.extend({tasks:C(yo)}),Ya=Ae.extend({method:O("tasks/cancel"),params:ot.extend({taskId:f()})}),rm=ke.merge(yo),nm=I({uri:f(),mimeType:ge(f()),_meta:ce(f(),we()).optional()}),om=nm.extend({text:f()}),lc=f().refine(e=>{try{return atob(e),!0}catch{return!1}},{message:"Invalid Base64 string"}),am=nm.extend({blob:lc}),_o=nt(["user","assistant"]),gn=I({audience:C(_o).optional(),priority:ee().min(0).max(1).optional(),lastModified:jp.datetime({offset:!0}).optional()}),im=I({...mn.shape,...fo.shape,uri:f(),description:ge(f()),mimeType:ge(f()),size:ge(ee()),annotations:gn.optional(),_meta:ge(Ce({}))}),Dv=I({...mn.shape,...fo.shape,uriTemplate:f(),description:ge(f()),mimeType:ge(f()),annotations:gn.optional(),_meta:ge(Ce({}))}),pc=ho.extend({method:O("resources/list")}),mc=go.extend({resources:C(im)}),jv=ho.extend({method:O("resources/templates/list")}),fc=go.extend({resourceTemplates:C(Dv)}),hc=ot.extend({uri:f()}),Hv=hc,gc=Ae.extend({method:O("resources/read"),params:Hv}),yc=ke.extend({contents:C(me([om,am]))}),Sc=ct.extend({method:O("notifications/resources/list_changed"),params:st.optional()}),Lv=hc,Bv=Ae.extend({method:O("resources/subscribe"),params:Lv}),Gv=hc,Vv=Ae.extend({method:O("resources/unsubscribe"),params:Gv}),Fv=st.extend({uri:f()}),Zv=ct.extend({method:O("notifications/resources/updated"),params:Fv}),Kv=I({name:f(),description:ge(f()),required:ge(ae())}),Wv=I({...mn.shape,...fo.shape,description:ge(f()),arguments:ge(C(Kv)),_meta:ge(Ce({}))}),_c=ho.extend({method:O("prompts/list")}),wc=go.extend({prompts:C(Wv)}),Jv=ot.extend({name:f(),arguments:ce(f(),f()).optional()}),vc=Ae.extend({method:O("prompts/get"),params:Jv}),bc=I({type:O("text"),text:f(),annotations:gn.optional(),_meta:ce(f(),we()).optional()}),Rc=I({type:O("image"),data:lc,mimeType:f(),annotations:gn.optional(),_meta:ce(f(),we()).optional()}),Cc=I({type:O("audio"),data:lc,mimeType:f(),annotations:gn.optional(),_meta:ce(f(),we()).optional()}),Yv=I({type:O("tool_use"),name:f(),id:f(),input:ce(f(),we()),_meta:ce(f(),we()).optional()}),Qv=I({type:O("resource"),resource:me([om,am]),annotations:gn.optional(),_meta:ce(f(),we()).optional()}),Xv=im.extend({type:O("resource_link")}),Ic=me([bc,Rc,Cc,Xv,Qv]),eb=I({role:_o,content:Ic}),Pc=ke.extend({description:f().optional(),messages:C(eb)}),xc=ct.extend({method:O("notifications/prompts/list_changed"),params:st.optional()}),tb=I({title:f().optional(),readOnlyHint:ae().optional(),destructiveHint:ae().optional(),idempotentHint:ae().optional(),openWorldHint:ae().optional()}),rb=I({taskSupport:nt(["required","optional","forbidden"]).optional()}),sm=I({...mn.shape,...fo.shape,description:f().optional(),inputSchema:I({type:O("object"),properties:ce(f(),Ie).optional(),required:C(f()).optional()}).catchall(we()),outputSchema:I({type:O("object"),properties:ce(f(),Ie).optional(),required:C(f()).optional()}).catchall(we()).optional(),annotations:tb.optional(),execution:rb.optional(),_meta:ce(f(),we()).optional()}),Ac=ho.extend({method:O("tools/list")}),kc=go.extend({tools:C(sm)}),pr=ke.extend({content:C(Ic).default([]),structuredContent:ce(f(),we()).optional(),isError:ae().optional()}),Tq=pr.or(ke.extend({toolResult:we()})),nb=mo.extend({name:f(),arguments:ce(f(),we()).optional()}),wo=Ae.extend({method:O("tools/call"),params:nb}),Tc=ct.extend({method:O("notifications/tools/list_changed"),params:st.optional()}),cm=I({autoRefresh:ae().default(!0),debounceMs:ee().int().nonnegative().default(300)}),vo=nt(["debug","info","notice","warning","error","critical","alert","emergency"]),ob=ot.extend({level:vo}),Ec=Ae.extend({method:O("logging/setLevel"),params:ob}),ab=st.extend({level:vo,logger:f().optional(),data:we()}),ib=ct.extend({method:O("notifications/message"),params:ab}),sb=I({name:f().optional()}),cb=I({hints:C(sb).optional(),costPriority:ee().min(0).max(1).optional(),speedPriority:ee().min(0).max(1).optional(),intelligencePriority:ee().min(0).max(1).optional()}),ub=I({mode:nt(["auto","required","none"]).optional()}),db=I({type:O("tool_result"),toolUseId:f().describe("The unique identifier for the corresponding tool call."),content:C(Ic).default([]),structuredContent:I({}).loose().optional(),isError:ae().optional(),_meta:ce(f(),we()).optional()}),lb=nc("type",[bc,Rc,Cc]),Na=nc("type",[bc,Rc,Cc,Yv,db]),pb=I({role:_o,content:me([Na,C(Na)]),_meta:ce(f(),we()).optional()}),mb=mo.extend({messages:C(pb),modelPreferences:cb.optional(),systemPrompt:f().optional(),includeContext:nt(["none","thisServer","allServers"]).optional(),temperature:ee().optional(),maxTokens:ee().int(),stopSequences:C(f()).optional(),metadata:Ie.optional(),tools:C(sm).optional(),toolChoice:ub.optional()}),Uc=Ae.extend({method:O("sampling/createMessage"),params:mb}),zr=ke.extend({model:f(),stopReason:ge(nt(["endTurn","stopSequence","maxTokens"]).or(f())),role:_o,content:lb}),bo=ke.extend({model:f(),stopReason:ge(nt(["endTurn","stopSequence","maxTokens","toolUse"]).or(f())),role:_o,content:me([Na,C(Na)])}),fb=I({type:O("boolean"),title:f().optional(),description:f().optional(),default:ae().optional()}),hb=I({type:O("string"),title:f().optional(),description:f().optional(),minLength:ee().optional(),maxLength:ee().optional(),format:nt(["email","uri","date","date-time"]).optional(),default:f().optional()}),gb=I({type:nt(["number","integer"]),title:f().optional(),description:f().optional(),minimum:ee().optional(),maximum:ee().optional(),default:ee().optional()}),yb=I({type:O("string"),title:f().optional(),description:f().optional(),enum:C(f()),default:f().optional()}),Sb=I({type:O("string"),title:f().optional(),description:f().optional(),oneOf:C(I({const:f(),title:f()})),default:f().optional()}),_b=I({type:O("string"),title:f().optional(),description:f().optional(),enum:C(f()),enumNames:C(f()).optional(),default:f().optional()}),wb=me([yb,Sb]),vb=I({type:O("array"),title:f().optional(),description:f().optional(),minItems:ee().optional(),maxItems:ee().optional(),items:I({type:O("string"),enum:C(f())}),default:C(f()).optional()}),bb=I({type:O("array"),title:f().optional(),description:f().optional(),minItems:ee().optional(),maxItems:ee().optional(),items:I({anyOf:C(I({const:f(),title:f()}))}),default:C(f()).optional()}),Rb=me([vb,bb]),Cb=me([_b,wb,Rb]),Ib=me([Cb,fb,hb,gb]),Pb=mo.extend({mode:O("form").optional(),message:f(),requestedSchema:I({type:O("object"),properties:ce(f(),Ib),required:C(f()).optional()})}),xb=mo.extend({mode:O("url"),message:f(),elicitationId:f(),url:f().url()}),Ab=me([Pb,xb]),Oc=Ae.extend({method:O("elicitation/create"),params:Ab}),kb=st.extend({elicitationId:f()}),Tb=ct.extend({method:O("notifications/elicitation/complete"),params:kb}),mr=ke.extend({action:nt(["accept","decline","cancel"]),content:ac(e=>e===null?void 0:e,ce(f(),me([f(),ee(),ae(),C(f())])).optional())}),Eb=I({type:O("ref/resource"),uri:f()});var Ub=I({type:O("ref/prompt"),name:f()}),Ob=ot.extend({ref:me([Ub,Eb]),argument:I({name:f(),value:f()}),context:I({arguments:ce(f(),f()).optional()}).optional()}),$b=Ae.extend({method:O("completion/complete"),params:Ob});var $c=ke.extend({completion:Ce({values:C(f()).max(100),total:ge(ee().int()),hasMore:ge(ae())})}),zb=I({uri:f().startsWith("file://"),name:f().optional(),_meta:ce(f(),we()).optional()}),Mb=Ae.extend({method:O("roots/list"),params:ot.optional()}),zc=ke.extend({roots:C(zb)}),qb=ct.extend({method:O("notifications/roots/list_changed"),params:st.optional()}),Eq=me([Ga,La,$b,Ec,vc,_c,pc,jv,gc,Bv,Vv,wo,Ac,Fa,Ka,Wa,Ya]),Uq=me([Ha,Va,Ba,qb,So]),Oq=me([jt,zr,bo,mr,zc,Za,Ja,Ht]),$q=me([Ga,Uc,Oc,Mb,Fa,Ka,Wa,Ya]),zq=me([Ha,Va,ib,Zv,Sc,Tc,xc,So,Tb]),Mq=me([jt,dc,$c,Pc,wc,mc,fc,yc,pr,kc,Za,Ja,Ht]),A=class e extends Error{static{o(this,"McpError")}constructor(t,r,n){super(`MCP error ${t}: ${r}`),this.code=t,this.data=n,this.name="McpError"}static fromError(t,r,n){if(t===U.UrlElicitationRequired&&n){let a=n;if(a.elicitations)return new cr(a.elicitations,r)}return new e(t,r,n)}},cr=class extends A{static{o(this,"UrlElicitationRequiredError")}constructor(t,r=`URL elicitation${t.length>1?"s":""} required`){super(U.UrlElicitationRequired,r,{elicitations:t})}get elicitations(){return this.data?.elicitations??[]}};function fr(e){return e==="completed"||e==="failed"||e==="cancelled"}o(fr,"isTerminal");var Nb=Symbol("Let zodToJsonSchema decide on which parser to use");var O1=new Set("ABCDEFGHIJKLMNOPQRSTUVXYZabcdefghijklmnopqrstuvxyz0123456789");function Mc(e){let r=pn(e)?.method;if(!r)throw new Error("Schema is missing a method literal");let n=Zp(r);if(typeof n!="string")throw new Error("Schema method literal must be a string");return n}o(Mc,"getMethodLiteral");function qc(e,t){let r=Ge(e,t);if(!r.success)throw r.error;return r.data}o(qc,"parseWithCompat");var Gb=6e4,yn=class{static{o(this,"Protocol")}constructor(t){this._options=t,this._requestMessageId=0,this._requestHandlers=new Map,this._requestHandlerAbortControllers=new Map,this._notificationHandlers=new Map,this._responseHandlers=new Map,this._progressHandlers=new Map,this._timeoutInfo=new Map,this._pendingDebouncedNotifications=new Set,this._taskProgressTokens=new Map,this._requestResolvers=new Map,this.setNotificationHandler(Ha,r=>{this._oncancel(r)}),this.setNotificationHandler(Va,r=>{this._onprogress(r)}),this.setRequestHandler(Ga,r=>({})),this._taskStore=t?.taskStore,this._taskMessageQueue=t?.taskMessageQueue,this._taskStore&&(this.setRequestHandler(Fa,async(r,n)=>{let a=await this._taskStore.getTask(r.params.taskId,n.sessionId);if(!a)throw new A(U.InvalidParams,"Failed to retrieve task: Task not found");return{...a}}),this.setRequestHandler(Ka,async(r,n)=>{let a=o(async()=>{let i=r.params.taskId;if(this._taskMessageQueue){let c;for(;c=await this._taskMessageQueue.dequeue(i,n.sessionId);){if(c.type==="response"||c.type==="error"){let d=c.message,p=d.id,l=this._requestResolvers.get(p);if(l)if(this._requestResolvers.delete(p),c.type==="response")l(d);else{let m=d,h=new A(m.error.code,m.error.message,m.error.data);l(h)}else{let m=c.type==="response"?"Response":"Error";this._onerror(new Error(`${m} handler missing for request ${p}`))}continue}await this._transport?.send(c.message,{relatedRequestId:n.requestId})}}let s=await this._taskStore.getTask(i,n.sessionId);if(!s)throw new A(U.InvalidParams,`Task not found: ${i}`);if(!fr(s.status))return await this._waitForTaskUpdate(i,n.signal),await a();if(fr(s.status)){let c=await this._taskStore.getTaskResult(i,n.sessionId);return this._clearTaskQueue(i),{...c,_meta:{...c._meta,[lr]:{taskId:i}}}}return await a()},"handleTaskResult");return await a()}),this.setRequestHandler(Wa,async(r,n)=>{try{let{tasks:a,nextCursor:i}=await this._taskStore.listTasks(r.params?.cursor,n.sessionId);return{tasks:a,nextCursor:i,_meta:{}}}catch(a){throw new A(U.InvalidParams,`Failed to list tasks: ${a instanceof Error?a.message:String(a)}`)}}),this.setRequestHandler(Ya,async(r,n)=>{try{let a=await this._taskStore.getTask(r.params.taskId,n.sessionId);if(!a)throw new A(U.InvalidParams,`Task not found: ${r.params.taskId}`);if(fr(a.status))throw new A(U.InvalidParams,`Cannot cancel task in terminal status: ${a.status}`);await this._taskStore.updateTaskStatus(r.params.taskId,"cancelled","Client cancelled task execution.",n.sessionId),this._clearTaskQueue(r.params.taskId);let i=await this._taskStore.getTask(r.params.taskId,n.sessionId);if(!i)throw new A(U.InvalidParams,`Task not found after cancellation: ${r.params.taskId}`);return{_meta:{},...i}}catch(a){throw a instanceof A?a:new A(U.InvalidRequest,`Failed to cancel task: ${a instanceof Error?a.message:String(a)}`)}}))}async _oncancel(t){if(!t.params.requestId)return;this._requestHandlerAbortControllers.get(t.params.requestId)?.abort(t.params.reason)}_setupTimeout(t,r,n,a,i=!1){this._timeoutInfo.set(t,{timeoutId:setTimeout(a,r),startTime:Date.now(),timeout:r,maxTotalTimeout:n,resetTimeoutOnProgress:i,onTimeout:a})}_resetTimeout(t){let r=this._timeoutInfo.get(t);if(!r)return!1;let n=Date.now()-r.startTime;if(r.maxTotalTimeout&&n>=r.maxTotalTimeout)throw this._timeoutInfo.delete(t),A.fromError(U.RequestTimeout,"Maximum total timeout exceeded",{maxTotalTimeout:r.maxTotalTimeout,totalElapsed:n});return clearTimeout(r.timeoutId),r.timeoutId=setTimeout(r.onTimeout,r.timeout),!0}_cleanupTimeout(t){let r=this._timeoutInfo.get(t);r&&(clearTimeout(r.timeoutId),this._timeoutInfo.delete(t))}async connect(t){if(this._transport)throw new Error("Already connected to a transport. Call close() before connecting to a new transport, or use a separate Protocol instance per connection.");this._transport=t;let r=this.transport?.onclose;this._transport.onclose=()=>{r?.(),this._onclose()};let n=this.transport?.onerror;this._transport.onerror=i=>{n?.(i),this._onerror(i)};let a=this._transport?.onmessage;this._transport.onmessage=(i,s)=>{a?.(i,s),St(i)||fn(i)?this._onresponse(i):It(i)?this._onrequest(i,s):em(i)?this._onnotification(i):this._onerror(new Error(`Unknown message type: ${JSON.stringify(i)}`))},await this._transport.start()}_onclose(){let t=this._responseHandlers;this._responseHandlers=new Map,this._progressHandlers.clear(),this._taskProgressTokens.clear(),this._pendingDebouncedNotifications.clear();for(let n of this._timeoutInfo.values())clearTimeout(n.timeoutId);this._timeoutInfo.clear();for(let n of this._requestHandlerAbortControllers.values())n.abort();this._requestHandlerAbortControllers.clear();let r=A.fromError(U.ConnectionClosed,"Connection closed");this._transport=void 0,this.onclose?.();for(let n of t.values())n(r)}_onerror(t){this.onerror?.(t)}_onnotification(t){let r=this._notificationHandlers.get(t.method)??this.fallbackNotificationHandler;r!==void 0&&Promise.resolve().then(()=>r(t)).catch(n=>this._onerror(new Error(`Uncaught error in notification handler: ${n}`)))}_onrequest(t,r){let n=this._requestHandlers.get(t.method)??this.fallbackRequestHandler,a=this._transport,i=t.params?._meta?.[lr]?.taskId;if(n===void 0){let l={jsonrpc:"2.0",id:t.id,error:{code:U.MethodNotFound,message:"Method not found"}};i&&this._taskMessageQueue?this._enqueueTaskMessage(i,{type:"error",message:l,timestamp:Date.now()},a?.sessionId).catch(m=>this._onerror(new Error(`Failed to enqueue error response: ${m}`))):a?.send(l).catch(m=>this._onerror(new Error(`Failed to send an error response: ${m}`)));return}let s=new AbortController;this._requestHandlerAbortControllers.set(t.id,s);let c=Yp(t.params)?t.params.task:void 0,d=this._taskStore?this.requestTaskStore(t,a?.sessionId):void 0,p={signal:s.signal,sessionId:a?.sessionId,_meta:t.params?._meta,sendNotification:o(async l=>{if(s.signal.aborted)return;let m={relatedRequestId:t.id};i&&(m.relatedTask={taskId:i}),await this.notification(l,m)},"sendNotification"),sendRequest:o(async(l,m,h)=>{if(s.signal.aborted)throw new A(U.ConnectionClosed,"Request was cancelled");let y={...h,relatedRequestId:t.id};i&&!y.relatedTask&&(y.relatedTask={taskId:i});let _=y.relatedTask?.taskId??i;return _&&d&&await d.updateTaskStatus(_,"input_required"),await this.request(l,m,y)},"sendRequest"),authInfo:r?.authInfo,requestId:t.id,requestInfo:r?.requestInfo,taskId:i,taskStore:d,taskRequestedTtl:c?.ttl,closeSSEStream:r?.closeSSEStream,closeStandaloneSSEStream:r?.closeStandaloneSSEStream};Promise.resolve().then(()=>{c&&this.assertTaskHandlerCapability(t.method)}).then(()=>n(t,p)).then(async l=>{if(s.signal.aborted)return;let m={result:l,jsonrpc:"2.0",id:t.id};i&&this._taskMessageQueue?await this._enqueueTaskMessage(i,{type:"response",message:m,timestamp:Date.now()},a?.sessionId):await a?.send(m)},async l=>{if(s.signal.aborted)return;let m={jsonrpc:"2.0",id:t.id,error:{code:Number.isSafeInteger(l.code)?l.code:U.InternalError,message:l.message??"Internal error",...l.data!==void 0&&{data:l.data}}};i&&this._taskMessageQueue?await this._enqueueTaskMessage(i,{type:"error",message:m,timestamp:Date.now()},a?.sessionId):await a?.send(m)}).catch(l=>this._onerror(new Error(`Failed to send response: ${l}`))).finally(()=>{this._requestHandlerAbortControllers.get(t.id)===s&&this._requestHandlerAbortControllers.delete(t.id)})}_onprogress(t){let{progressToken:r,...n}=t.params,a=Number(r),i=this._progressHandlers.get(a);if(!i){this._onerror(new Error(`Received a progress notification for an unknown token: ${JSON.stringify(t)}`));return}let s=this._responseHandlers.get(a),c=this._timeoutInfo.get(a);if(c&&s&&c.resetTimeoutOnProgress)try{this._resetTimeout(a)}catch(d){this._responseHandlers.delete(a),this._progressHandlers.delete(a),this._cleanupTimeout(a),s(d);return}i(n)}_onresponse(t){let r=Number(t.id),n=this._requestResolvers.get(r);if(n){if(this._requestResolvers.delete(r),St(t))n(t);else{let s=new A(t.error.code,t.error.message,t.error.data);n(s)}return}let a=this._responseHandlers.get(r);if(a===void 0){this._onerror(new Error(`Received a response for an unknown message ID: ${JSON.stringify(t)}`));return}this._responseHandlers.delete(r),this._cleanupTimeout(r);let i=!1;if(St(t)&&t.result&&typeof t.result=="object"){let s=t.result;if(s.task&&typeof s.task=="object"){let c=s.task;typeof c.taskId=="string"&&(i=!0,this._taskProgressTokens.set(c.taskId,r))}}if(i||this._progressHandlers.delete(r),St(t))a(t);else{let s=A.fromError(t.error.code,t.error.message,t.error.data);a(s)}}get transport(){return this._transport}async close(){await this._transport?.close()}async*requestStream(t,r,n){let{task:a}=n??{};if(!a){try{yield{type:"result",result:await this.request(t,r,n)}}catch(s){yield{type:"error",error:s instanceof A?s:new A(U.InternalError,String(s))}}return}let i;try{let s=await this.request(t,Ht,n);if(s.task)i=s.task.taskId,yield{type:"taskCreated",task:s.task};else throw new A(U.InternalError,"Task creation did not return a task");for(;;){let c=await this.getTask({taskId:i},n);if(yield{type:"taskStatus",task:c},fr(c.status)){c.status==="completed"?yield{type:"result",result:await this.getTaskResult({taskId:i},r,n)}:c.status==="failed"?yield{type:"error",error:new A(U.InternalError,`Task ${i} failed`)}:c.status==="cancelled"&&(yield{type:"error",error:new A(U.InternalError,`Task ${i} was cancelled`)});return}if(c.status==="input_required"){yield{type:"result",result:await this.getTaskResult({taskId:i},r,n)};return}let d=c.pollInterval??this._options?.defaultTaskPollInterval??1e3;await new Promise(p=>setTimeout(p,d)),n?.signal?.throwIfAborted()}}catch(s){yield{type:"error",error:s instanceof A?s:new A(U.InternalError,String(s))}}}request(t,r,n){let{relatedRequestId:a,resumptionToken:i,onresumptiontoken:s,task:c,relatedTask:d}=n??{};return new Promise((p,l)=>{let m=o(b=>{l(b)},"earlyReject");if(!this._transport){m(new Error("Not connected"));return}if(this._options?.enforceStrictCapabilities===!0)try{this.assertCapabilityForMethod(t.method),c&&this.assertTaskCapability(t.method)}catch(b){m(b);return}n?.signal?.throwIfAborted();let h=this._requestMessageId++,y={...t,jsonrpc:"2.0",id:h};n?.onprogress&&(this._progressHandlers.set(h,n.onprogress),y.params={...t.params,_meta:{...t.params?._meta||{},progressToken:h}}),c&&(y.params={...y.params,task:c}),d&&(y.params={...y.params,_meta:{...y.params?._meta||{},[lr]:d}});let _=o(b=>{this._responseHandlers.delete(h),this._progressHandlers.delete(h),this._cleanupTimeout(h),this._transport?.send({jsonrpc:"2.0",method:"notifications/cancelled",params:{requestId:h,reason:String(b)}},{relatedRequestId:a,resumptionToken:i,onresumptiontoken:s}).catch(q=>this._onerror(new Error(`Failed to send cancellation: ${q}`)));let R=b instanceof A?b:new A(U.RequestTimeout,String(b));l(R)},"cancel");this._responseHandlers.set(h,b=>{if(!n?.signal?.aborted){if(b instanceof Error)return l(b);try{let R=Ge(r,b.result);R.success?p(R.data):l(R.error)}catch(R){l(R)}}}),n?.signal?.addEventListener("abort",()=>{_(n?.signal?.reason)});let S=n?.timeout??Gb,w=o(()=>_(A.fromError(U.RequestTimeout,"Request timed out",{timeout:S})),"timeoutHandler");this._setupTimeout(h,S,n?.maxTotalTimeout,w,n?.resetTimeoutOnProgress??!1);let v=d?.taskId;if(v){let b=o(R=>{let q=this._responseHandlers.get(h);q?q(R):this._onerror(new Error(`Response handler missing for side-channeled request ${h}`))},"responseResolver");this._requestResolvers.set(h,b),this._enqueueTaskMessage(v,{type:"request",message:y,timestamp:Date.now()}).catch(R=>{this._cleanupTimeout(h),l(R)})}else this._transport.send(y,{relatedRequestId:a,resumptionToken:i,onresumptiontoken:s}).catch(b=>{this._cleanupTimeout(h),l(b)})})}async getTask(t,r){return this.request({method:"tasks/get",params:t},Za,r)}async getTaskResult(t,r,n){return this.request({method:"tasks/result",params:t},r,n)}async listTasks(t,r){return this.request({method:"tasks/list",params:t},Ja,r)}async cancelTask(t,r){return this.request({method:"tasks/cancel",params:t},rm,r)}async notification(t,r){if(!this._transport)throw new Error("Not connected");this.assertNotificationCapability(t.method);let n=r?.relatedTask?.taskId;if(n){let c={...t,jsonrpc:"2.0",params:{...t.params,_meta:{...t.params?._meta||{},[lr]:r.relatedTask}}};await this._enqueueTaskMessage(n,{type:"notification",message:c,timestamp:Date.now()});return}if((this._options?.debouncedNotificationMethods??[]).includes(t.method)&&!t.params&&!r?.relatedRequestId&&!r?.relatedTask){if(this._pendingDebouncedNotifications.has(t.method))return;this._pendingDebouncedNotifications.add(t.method),Promise.resolve().then(()=>{if(this._pendingDebouncedNotifications.delete(t.method),!this._transport)return;let c={...t,jsonrpc:"2.0"};r?.relatedTask&&(c={...c,params:{...c.params,_meta:{...c.params?._meta||{},[lr]:r.relatedTask}}}),this._transport?.send(c,r).catch(d=>this._onerror(d))});return}let s={...t,jsonrpc:"2.0"};r?.relatedTask&&(s={...s,params:{...s.params,_meta:{...s.params?._meta||{},[lr]:r.relatedTask}}}),await this._transport.send(s,r)}setRequestHandler(t,r){let n=Mc(t);this.assertRequestHandlerCapability(n),this._requestHandlers.set(n,(a,i)=>{let s=qc(t,a);return Promise.resolve(r(s,i))})}removeRequestHandler(t){this._requestHandlers.delete(t)}assertCanSetRequestHandler(t){if(this._requestHandlers.has(t))throw new Error(`A request handler for ${t} already exists, which would be overridden`)}setNotificationHandler(t,r){let n=Mc(t);this._notificationHandlers.set(n,a=>{let i=qc(t,a);return Promise.resolve(r(i))})}removeNotificationHandler(t){this._notificationHandlers.delete(t)}_cleanupTaskProgressHandler(t){let r=this._taskProgressTokens.get(t);r!==void 0&&(this._progressHandlers.delete(r),this._taskProgressTokens.delete(t))}async _enqueueTaskMessage(t,r,n){if(!this._taskStore||!this._taskMessageQueue)throw new Error("Cannot enqueue task message: taskStore and taskMessageQueue are not configured");let a=this._options?.maxTaskQueueSize;await this._taskMessageQueue.enqueue(t,r,n,a)}async _clearTaskQueue(t,r){if(this._taskMessageQueue){let n=await this._taskMessageQueue.dequeueAll(t,r);for(let a of n)if(a.type==="request"&&It(a.message)){let i=a.message.id,s=this._requestResolvers.get(i);s?(s(new A(U.InternalError,"Task cancelled or completed")),this._requestResolvers.delete(i)):this._onerror(new Error(`Resolver missing for request ${i} during task ${t} cleanup`))}}}async _waitForTaskUpdate(t,r){let n=this._options?.defaultTaskPollInterval??1e3;try{let a=await this._taskStore?.getTask(t);a?.pollInterval&&(n=a.pollInterval)}catch{}return new Promise((a,i)=>{if(r.aborted){i(new A(U.InvalidRequest,"Request cancelled"));return}let s=setTimeout(a,n);r.addEventListener("abort",()=>{clearTimeout(s),i(new A(U.InvalidRequest,"Request cancelled"))},{once:!0})})}requestTaskStore(t,r){let n=this._taskStore;if(!n)throw new Error("No task store configured");return{createTask:o(async a=>{if(!t)throw new Error("No request provided");return await n.createTask(a,t.id,{method:t.method,params:t.params},r)},"createTask"),getTask:o(async a=>{let i=await n.getTask(a,r);if(!i)throw new A(U.InvalidParams,"Failed to retrieve task: Task not found");return i},"getTask"),storeTaskResult:o(async(a,i,s)=>{await n.storeTaskResult(a,i,s,r);let c=await n.getTask(a,r);if(c){let d=So.parse({method:"notifications/tasks/status",params:c});await this.notification(d),fr(c.status)&&this._cleanupTaskProgressHandler(a)}},"storeTaskResult"),getTaskResult:o(a=>n.getTaskResult(a,r),"getTaskResult"),updateTaskStatus:o(async(a,i,s)=>{let c=await n.getTask(a,r);if(!c)throw new A(U.InvalidParams,`Task "${a}" not found - it may have been cleaned up`);if(fr(c.status))throw new A(U.InvalidParams,`Cannot update task "${a}" from terminal status "${c.status}" to "${i}". Terminal states (completed, failed, cancelled) cannot transition to other states.`);await n.updateTaskStatus(a,i,s,r);let d=await n.getTask(a,r);if(d){let p=So.parse({method:"notifications/tasks/status",params:d});await this.notification(p),fr(d.status)&&this._cleanupTaskProgressHandler(a)}},"updateTaskStatus"),listTasks:o(a=>n.listTasks(a,r),"listTasks")}}};function um(e){return e!==null&&typeof e=="object"&&!Array.isArray(e)}o(um,"isPlainObject");function Qa(e,t){let r={...e};for(let n in t){let a=n,i=t[a];if(i===void 0)continue;let s=r[a];um(s)&&um(i)?r[a]={...s,...i}:r[a]=i}return r}o(Qa,"mergeCapabilities");var Jh=Mp(bd(),1),Yh=Mp(Wh(),1);function $A(){let e=new Jh.default({strict:!1,validateFormats:!0,validateSchema:!1,allErrors:!0});return(0,Yh.default)(e),e}o($A,"createDefaultAjvInstance");var $n=class{static{o(this,"AjvJsonSchemaValidator")}constructor(t){this._ajv=t??$A()}getValidator(t){let r="$id"in t&&typeof t.$id=="string"?this._ajv.getSchema(t.$id)??this._ajv.compile(t):this._ajv.compile(t);return n=>r(n)?{valid:!0,data:n,errorMessage:void 0}:{valid:!1,data:void 0,errorMessage:this._ajv.errorsText(r.errors)}}};var zi=class{static{o(this,"ExperimentalServerTasks")}constructor(t){this._server=t}requestStream(t,r,n){return this._server.requestStream(t,r,n)}createMessageStream(t,r){let n=this._server.getClientCapabilities();if((t.tools||t.toolChoice)&&!n?.sampling?.tools)throw new Error("Client does not support sampling tools capability.");if(t.messages.length>0){let a=t.messages[t.messages.length-1],i=Array.isArray(a.content)?a.content:[a.content],s=i.some(l=>l.type==="tool_result"),c=t.messages.length>1?t.messages[t.messages.length-2]:void 0,d=c?Array.isArray(c.content)?c.content:[c.content]:[],p=d.some(l=>l.type==="tool_use");if(s){if(i.some(l=>l.type!=="tool_result"))throw new Error("The last message must contain only tool_result content if any is present");if(!p)throw new Error("tool_result blocks are not matching any tool_use from the previous message")}if(p){let l=new Set(d.filter(h=>h.type==="tool_use").map(h=>h.id)),m=new Set(i.filter(h=>h.type==="tool_result").map(h=>h.toolUseId));if(l.size!==m.size||![...l].every(h=>m.has(h)))throw new Error("ids of tool_result blocks and tool_use blocks from previous message do not match")}}return this.requestStream({method:"sampling/createMessage",params:t},zr,r)}elicitInputStream(t,r){let n=this._server.getClientCapabilities(),a=t.mode??"form";switch(a){case"url":{if(!n?.elicitation?.url)throw new Error("Client does not support url elicitation.");break}case"form":{if(!n?.elicitation?.form)throw new Error("Client does not support form elicitation.");break}}let i=a==="form"&&t.mode===void 0?{...t,mode:"form"}:t;return this.requestStream({method:"elicitation/create",params:i},mr,r)}async getTask(t,r){return this._server.getTask({taskId:t},r)}async getTaskResult(t,r,n){return this._server.getTaskResult({taskId:t},r,n)}async listTasks(t,r){return this._server.listTasks(t?{cursor:t}:void 0,r)}async cancelTask(t,r){return this._server.cancelTask({taskId:t},r)}};function Mi(e,t,r){if(!e)throw new Error(`${r} does not support task creation (required for ${t})`);switch(t){case"tools/call":if(!e.tools?.call)throw new Error(`${r} does not support task creation for tools/call (required for ${t})`);break;default:break}}o(Mi,"assertToolsCallTaskCapability");function qi(e,t,r){if(!e)throw new Error(`${r} does not support task creation (required for ${t})`);switch(t){case"sampling/createMessage":if(!e.sampling?.createMessage)throw new Error(`${r} does not support task creation for sampling/createMessage (required for ${t})`);break;case"elicitation/create":if(!e.elicitation?.create)throw new Error(`${r} does not support task creation for elicitation/create (required for ${t})`);break;default:break}}o(qi,"assertClientRequestTaskCapability");var Ni=class extends yn{static{o(this,"Server")}constructor(t,r){super(r),this._serverInfo=t,this._loggingLevels=new Map,this.LOG_LEVEL_SEVERITY=new Map(vo.options.map((n,a)=>[n,a])),this.isMessageIgnored=(n,a)=>{let i=this._loggingLevels.get(a);return i?this.LOG_LEVEL_SEVERITY.get(n)<this.LOG_LEVEL_SEVERITY.get(i):!1},this._capabilities=r?.capabilities??{},this._instructions=r?.instructions,this._jsonSchemaValidator=r?.jsonSchemaValidator??new $n,this.setRequestHandler(La,n=>this._oninitialize(n)),this.setNotificationHandler(Ba,()=>this.oninitialized?.()),this._capabilities.logging&&this.setRequestHandler(Ec,async(n,a)=>{let i=a.sessionId||a.requestInfo?.headers["mcp-session-id"]||void 0,{level:s}=n.params,c=vo.safeParse(s);return c.success&&this._loggingLevels.set(i,c.data),{}})}get experimental(){return this._experimental||(this._experimental={tasks:new zi(this)}),this._experimental}registerCapabilities(t){if(this.transport)throw new Error("Cannot register capabilities after connecting to transport");this._capabilities=Qa(this._capabilities,t)}setRequestHandler(t,r){let a=pn(t)?.method;if(!a)throw new Error("Schema is missing a method literal");let i;if(sr(a)){let c=a;i=c._zod?.def?.value??c.value}else{let c=a;i=c._def?.value??c.value}if(typeof i!="string")throw new Error("Schema method literal must be a string");if(i==="tools/call"){let c=o(async(d,p)=>{let l=Ge(wo,d);if(!l.success){let _=l.error instanceof Error?l.error.message:String(l.error);throw new A(U.InvalidParams,`Invalid tools/call request: ${_}`)}let{params:m}=l.data,h=await Promise.resolve(r(d,p));if(m.task){let _=Ge(Ht,h);if(!_.success){let S=_.error instanceof Error?_.error.message:String(_.error);throw new A(U.InvalidParams,`Invalid task creation result: ${S}`)}return _.data}let y=Ge(pr,h);if(!y.success){let _=y.error instanceof Error?y.error.message:String(y.error);throw new A(U.InvalidParams,`Invalid tools/call result: ${_}`)}return y.data},"wrappedHandler");return super.setRequestHandler(t,c)}return super.setRequestHandler(t,r)}assertCapabilityForMethod(t){switch(t){case"sampling/createMessage":if(!this._clientCapabilities?.sampling)throw new Error(`Client does not support sampling (required for ${t})`);break;case"elicitation/create":if(!this._clientCapabilities?.elicitation)throw new Error(`Client does not support elicitation (required for ${t})`);break;case"roots/list":if(!this._clientCapabilities?.roots)throw new Error(`Client does not support listing roots (required for ${t})`);break;case"ping":break}}assertNotificationCapability(t){switch(t){case"notifications/message":if(!this._capabilities.logging)throw new Error(`Server does not support logging (required for ${t})`);break;case"notifications/resources/updated":case"notifications/resources/list_changed":if(!this._capabilities.resources)throw new Error(`Server does not support notifying about resources (required for ${t})`);break;case"notifications/tools/list_changed":if(!this._capabilities.tools)throw new Error(`Server does not support notifying of tool list changes (required for ${t})`);break;case"notifications/prompts/list_changed":if(!this._capabilities.prompts)throw new Error(`Server does not support notifying of prompt list changes (required for ${t})`);break;case"notifications/elicitation/complete":if(!this._clientCapabilities?.elicitation?.url)throw new Error(`Client does not support URL elicitation (required for ${t})`);break;case"notifications/cancelled":break;case"notifications/progress":break}}assertRequestHandlerCapability(t){if(this._capabilities)switch(t){case"completion/complete":if(!this._capabilities.completions)throw new Error(`Server does not support completions (required for ${t})`);break;case"logging/setLevel":if(!this._capabilities.logging)throw new Error(`Server does not support logging (required for ${t})`);break;case"prompts/get":case"prompts/list":if(!this._capabilities.prompts)throw new Error(`Server does not support prompts (required for ${t})`);break;case"resources/list":case"resources/templates/list":case"resources/read":if(!this._capabilities.resources)throw new Error(`Server does not support resources (required for ${t})`);break;case"tools/call":case"tools/list":if(!this._capabilities.tools)throw new Error(`Server does not support tools (required for ${t})`);break;case"tasks/get":case"tasks/list":case"tasks/result":case"tasks/cancel":if(!this._capabilities.tasks)throw new Error(`Server does not support tasks capability (required for ${t})`);break;case"ping":case"initialize":break}}assertTaskCapability(t){qi(this._clientCapabilities?.tasks?.requests,t,"Client")}assertTaskHandlerCapability(t){this._capabilities&&Mi(this._capabilities.tasks?.requests,t,"Server")}async _oninitialize(t){let r=t.params.protocolVersion;return this._clientCapabilities=t.params.capabilities,this._clientVersion=t.params.clientInfo,{protocolVersion:dr.includes(r)?r:ur,capabilities:this.getCapabilities(),serverInfo:this._serverInfo,...this._instructions&&{instructions:this._instructions}}}getClientCapabilities(){return this._clientCapabilities}getClientVersion(){return this._clientVersion}getCapabilities(){return this._capabilities}async ping(){return this.request({method:"ping"},jt)}async createMessage(t,r){if((t.tools||t.toolChoice)&&!this._clientCapabilities?.sampling?.tools)throw new Error("Client does not support sampling tools capability.");if(t.messages.length>0){let n=t.messages[t.messages.length-1],a=Array.isArray(n.content)?n.content:[n.content],i=a.some(p=>p.type==="tool_result"),s=t.messages.length>1?t.messages[t.messages.length-2]:void 0,c=s?Array.isArray(s.content)?s.content:[s.content]:[],d=c.some(p=>p.type==="tool_use");if(i){if(a.some(p=>p.type!=="tool_result"))throw new Error("The last message must contain only tool_result content if any is present");if(!d)throw new Error("tool_result blocks are not matching any tool_use from the previous message")}if(d){let p=new Set(c.filter(m=>m.type==="tool_use").map(m=>m.id)),l=new Set(a.filter(m=>m.type==="tool_result").map(m=>m.toolUseId));if(p.size!==l.size||![...p].every(m=>l.has(m)))throw new Error("ids of tool_result blocks and tool_use blocks from previous message do not match")}}return t.tools?this.request({method:"sampling/createMessage",params:t},bo,r):this.request({method:"sampling/createMessage",params:t},zr,r)}async elicitInput(t,r){switch(t.mode??"form"){case"url":{if(!this._clientCapabilities?.elicitation?.url)throw new Error("Client does not support url elicitation.");let a=t;return this.request({method:"elicitation/create",params:a},mr,r)}case"form":{if(!this._clientCapabilities?.elicitation?.form)throw new Error("Client does not support form elicitation.");let a=t.mode==="form"?t:{...t,mode:"form"},i=await this.request({method:"elicitation/create",params:a},mr,r);if(i.action==="accept"&&i.content&&a.requestedSchema)try{let c=this._jsonSchemaValidator.getValidator(a.requestedSchema)(i.content);if(!c.valid)throw new A(U.InvalidParams,`Elicitation response content does not match requested schema: ${c.errorMessage}`)}catch(s){throw s instanceof A?s:new A(U.InternalError,`Error validating elicitation response: ${s instanceof Error?s.message:String(s)}`)}return i}}}createElicitationCompletionNotifier(t,r){if(!this._clientCapabilities?.elicitation?.url)throw new Error("Client does not support URL elicitation (required for notifications/elicitation/complete)");return()=>this.notification({method:"notifications/elicitation/complete",params:{elicitationId:t}},r)}async listRoots(t,r){return this.request({method:"roots/list",params:t},zc,r)}async sendLoggingMessage(t,r){if(this._capabilities.logging&&!this.isMessageIgnored(t.level,r))return this.notification({method:"notifications/message",params:t})}async sendResourceUpdated(t){return this.notification({method:"notifications/resources/updated",params:t})}async sendResourceListChanged(){return this.notification({method:"notifications/resources/list_changed"})}async sendToolListChanged(){return this.notification({method:"notifications/tools/list_changed"})}async sendPromptListChanged(){return this.notification({method:"notifications/prompts/list_changed"})}};var Di=class{static{o(this,"WebStandardStreamableHTTPServerTransport")}constructor(t={}){this._started=!1,this._hasHandledRequest=!1,this._streamMapping=new Map,this._requestToStreamMapping=new Map,this._requestResponseMap=new Map,this._initialized=!1,this._enableJsonResponse=!1,this._standaloneSseStreamId="_GET_stream",this.sessionIdGenerator=t.sessionIdGenerator,this._enableJsonResponse=t.enableJsonResponse??!1,this._eventStore=t.eventStore,this._onsessioninitialized=t.onsessioninitialized,this._onsessionclosed=t.onsessionclosed,this._allowedHosts=t.allowedHosts,this._allowedOrigins=t.allowedOrigins,this._enableDnsRebindingProtection=t.enableDnsRebindingProtection??!1,this._retryInterval=t.retryInterval}async start(){if(this._started)throw new Error("Transport already started");this._started=!0}createJsonErrorResponse(t,r,n,a){let i={code:r,message:n};return a?.data!==void 0&&(i.data=a.data),new Response(JSON.stringify({jsonrpc:"2.0",error:i,id:null}),{status:t,headers:{"Content-Type":"application/json",...a?.headers}})}validateRequestHeaders(t){if(this._enableDnsRebindingProtection){if(this._allowedHosts&&this._allowedHosts.length>0){let r=t.headers.get("host");if(!r||!this._allowedHosts.includes(r)){let n=`Invalid Host header: ${r}`;return this.onerror?.(new Error(n)),this.createJsonErrorResponse(403,-32e3,n)}}if(this._allowedOrigins&&this._allowedOrigins.length>0){let r=t.headers.get("origin");if(r&&!this._allowedOrigins.includes(r)){let n=`Invalid Origin header: ${r}`;return this.onerror?.(new Error(n)),this.createJsonErrorResponse(403,-32e3,n)}}}}async handleRequest(t,r){if(!this.sessionIdGenerator&&this._hasHandledRequest)throw new Error("Stateless transport cannot be reused across requests. Create a new transport per request.");this._hasHandledRequest=!0;let n=this.validateRequestHeaders(t);if(n)return n;switch(t.method){case"POST":return this.handlePostRequest(t,r);case"GET":return this.handleGetRequest(t);case"DELETE":return this.handleDeleteRequest(t);default:return this.handleUnsupportedRequest()}}async writePrimingEvent(t,r,n,a){if(!this._eventStore||a<"2025-11-25")return;let i=await this._eventStore.storeEvent(n,{}),s=`id: ${i}
33
33
  data:
34
34
 
35
35
  `;this._retryInterval!==void 0&&(s=`id: ${i}
@@ -40,20 +40,19 @@ data:
40
40
  `;return a&&(i+=`id: ${a}
41
41
  `),i+=`data: ${JSON.stringify(n)}
42
42
 
43
- `,t.enqueue(r.encode(i)),!0}catch(i){return this.onerror?.(i),!1}}handleUnsupportedRequest(){return this.onerror?.(new Error("Method not allowed.")),new Response(JSON.stringify({jsonrpc:"2.0",error:{code:-32e3,message:"Method not allowed."},id:null}),{status:405,headers:{Allow:"GET, POST, DELETE","Content-Type":"application/json"}})}async handlePostRequest(t,r){try{let n=t.headers.get("accept");if(!n?.includes("application/json")||!n.includes("text/event-stream"))return this.onerror?.(new Error("Not Acceptable: Client must accept both application/json and text/event-stream")),this.createJsonErrorResponse(406,-32e3,"Not Acceptable: Client must accept both application/json and text/event-stream");let a=t.headers.get("content-type");if(!a||!a.includes("application/json"))return this.onerror?.(new Error("Unsupported Media Type: Content-Type must be application/json")),this.createJsonErrorResponse(415,-32e3,"Unsupported Media Type: Content-Type must be application/json");let i={headers:Object.fromEntries(t.headers.entries()),url:new URL(t.url)},s;if(r?.parsedBody!==void 0)s=r.parsedBody;else try{s=await t.json()}catch{return this.onerror?.(new Error("Parse error: Invalid JSON")),this.createJsonErrorResponse(400,-32700,"Parse error: Invalid JSON")}let c;try{Array.isArray(s)?c=s.map(v=>$r.parse(v)):c=[$r.parse(s)]}catch{return this.onerror?.(new Error("Parse error: Invalid JSON-RPC message")),this.createJsonErrorResponse(400,-32700,"Parse error: Invalid JSON-RPC message")}let d=c.some(cc);if(d){if(this._initialized&&this.sessionId!==void 0)return this.onerror?.(new Error("Invalid Request: Server already initialized")),this.createJsonErrorResponse(400,-32600,"Invalid Request: Server already initialized");if(c.length>1)return this.onerror?.(new Error("Invalid Request: Only one initialization request is allowed")),this.createJsonErrorResponse(400,-32600,"Invalid Request: Only one initialization request is allowed");this.sessionId=this.sessionIdGenerator?.(),this._initialized=!0,this.sessionId&&this._onsessioninitialized&&await Promise.resolve(this._onsessioninitialized(this.sessionId))}if(!d){let v=this.validateSession(t);if(v)return v;let b=this.validateProtocolVersion(t);if(b)return b}if(!c.some(It)){for(let v of c)this.onmessage?.(v,{authInfo:r?.authInfo,requestInfo:i});return new Response(null,{status:202})}let l=crypto.randomUUID(),m=c.find(v=>cc(v)),h=m?m.params.protocolVersion:t.headers.get("mcp-protocol-version")??Jp;if(this._enableJsonResponse)return new Promise(v=>{this._streamMapping.set(l,{resolveJson:v,cleanup:o(()=>{this._streamMapping.delete(l)},"cleanup")});for(let b of c)It(b)&&this._requestToStreamMapping.set(b.id,l);for(let b of c)this.onmessage?.(b,{authInfo:r?.authInfo,requestInfo:i})});let y=new TextEncoder,_,S=new ReadableStream({start:o(v=>{_=v},"start"),cancel:o(()=>{this._streamMapping.delete(l)},"cancel")}),w={"Content-Type":"text/event-stream","Cache-Control":"no-cache",Connection:"keep-alive"};this.sessionId!==void 0&&(w["mcp-session-id"]=this.sessionId);for(let v of c)It(v)&&(this._streamMapping.set(l,{controller:_,encoder:y,cleanup:o(()=>{this._streamMapping.delete(l);try{_.close()}catch{}},"cleanup")}),this._requestToStreamMapping.set(v.id,l));await this.writePrimingEvent(_,y,l,h);for(let v of c){let b,R;It(v)&&this._eventStore&&h>="2025-11-25"&&(b=o(()=>{this.closeSSEStream(v.id)},"closeSSEStream"),R=o(()=>{this.closeStandaloneSSEStream()},"closeStandaloneSSEStream")),this.onmessage?.(v,{authInfo:r?.authInfo,requestInfo:i,closeSSEStream:b,closeStandaloneSSEStream:R})}return new Response(S,{status:200,headers:w})}catch(n){return this.onerror?.(n),this.createJsonErrorResponse(400,-32700,"Parse error",{data:String(n)})}}async handleDeleteRequest(t){let r=this.validateSession(t);if(r)return r;let n=this.validateProtocolVersion(t);return n||(await Promise.resolve(this._onsessionclosed?.(this.sessionId)),await this.close(),new Response(null,{status:200}))}validateSession(t){if(this.sessionIdGenerator===void 0)return;if(!this._initialized)return this.onerror?.(new Error("Bad Request: Server not initialized")),this.createJsonErrorResponse(400,-32e3,"Bad Request: Server not initialized");let r=t.headers.get("mcp-session-id");if(!r)return this.onerror?.(new Error("Bad Request: Mcp-Session-Id header is required")),this.createJsonErrorResponse(400,-32e3,"Bad Request: Mcp-Session-Id header is required");if(r!==this.sessionId)return this.onerror?.(new Error("Session not found")),this.createJsonErrorResponse(404,-32001,"Session not found")}validateProtocolVersion(t){let r=t.headers.get("mcp-protocol-version");if(r!==null&&!lr.includes(r))return this.onerror?.(new Error(`Bad Request: Unsupported protocol version: ${r} (supported versions: ${lr.join(", ")})`)),this.createJsonErrorResponse(400,-32e3,`Bad Request: Unsupported protocol version: ${r} (supported versions: ${lr.join(", ")})`)}async close(){this._streamMapping.forEach(({cleanup:t})=>{t()}),this._streamMapping.clear(),this._requestResponseMap.clear(),this.onclose?.()}closeSSEStream(t){let r=this._requestToStreamMapping.get(t);if(!r)return;let n=this._streamMapping.get(r);n&&n.cleanup()}closeStandaloneSSEStream(){let t=this._streamMapping.get(this._standaloneSseStreamId);t&&t.cleanup()}async send(t,r){let n=r?.relatedRequestId;if((St(t)||mn(t))&&(n=t.id),n===void 0){if(St(t)||mn(t))throw new Error("Cannot send a response on a standalone SSE stream unless resuming a previous client request");let s;this._eventStore&&(s=await this._eventStore.storeEvent(this._standaloneSseStreamId,t));let c=this._streamMapping.get(this._standaloneSseStreamId);if(c===void 0)return;c.controller&&c.encoder&&this.writeSSEEvent(c.controller,c.encoder,t,s);return}let a=this._requestToStreamMapping.get(n);if(!a)throw new Error(`No connection established for request ID: ${String(n)}`);let i=this._streamMapping.get(a);if(!this._enableJsonResponse&&i?.controller&&i?.encoder){let s;this._eventStore&&(s=await this._eventStore.storeEvent(a,t)),this.writeSSEEvent(i.controller,i.encoder,t,s)}if(St(t)||mn(t)){this._requestResponseMap.set(n,t);let s=Array.from(this._requestToStreamMapping.entries()).filter(([d,p])=>p===a).map(([d])=>d);if(s.every(d=>this._requestResponseMap.has(d))){if(!i)throw new Error(`No connection established for request ID: ${String(n)}`);if(this._enableJsonResponse&&i.resolveJson){let d={"Content-Type":"application/json"};this.sessionId!==void 0&&(d["mcp-session-id"]=this.sessionId);let p=s.map(l=>this._requestResponseMap.get(l));p.length===1?i.resolveJson(new Response(JSON.stringify(p[0]),{status:200,headers:d})):i.resolveJson(new Response(JSON.stringify(p),{status:200,headers:d}))}else i.cleanup();for(let d of s)this._requestResponseMap.delete(d),this._requestToStreamMapping.delete(d)}}}};function $n(e,t){let r=typeof e;if(r!==typeof t)return!1;if(Array.isArray(e)){if(!Array.isArray(t))return!1;let n=e.length;if(n!==t.length)return!1;for(let a=0;a<n;a++)if(!$n(e[a],t[a]))return!1;return!0}if(r==="object"){if(!e||!t)return e===t;let n=Object.keys(e),a=Object.keys(t);if(n.length!==a.length)return!1;for(let s of n)if(!$n(e[s],t[s]))return!1;return!0}return e===t}o($n,"deepCompareStrict");function at(e){return encodeURI(NA(e))}o(at,"encodePointer");function NA(e){return e.replace(/~/g,"~0").replace(/\//g,"~1")}o(NA,"escapePointer");var jA={prefixItems:!0,items:!0,allOf:!0,anyOf:!0,oneOf:!0},DA={$defs:!0,definitions:!0,properties:!0,patternProperties:!0,dependentSchemas:!0},HA={id:!0,$id:!0,$ref:!0,$schema:!0,$anchor:!0,$vocabulary:!0,$comment:!0,default:!0,enum:!0,const:!0,required:!0,type:!0,maximum:!0,minimum:!0,exclusiveMaximum:!0,exclusiveMinimum:!0,multipleOf:!0,maxLength:!0,minLength:!0,pattern:!0,format:!0,maxItems:!0,minItems:!0,uniqueItems:!0,maxProperties:!0,minProperties:!0},LA=typeof self<"u"&&self.location&&self.location.origin!=="null"?new URL(self.location.origin+self.location.pathname+location.search):new URL("https://github.com/cfworker");function Wt(e,t=Object.create(null),r=LA,n=""){if(e&&typeof e=="object"&&!Array.isArray(e)){let i=e.$id||e.id;if(i){let s=new URL(i,r.href);s.hash.length>1?t[s.href]=e:(s.hash="",n===""?r=s:Wt(e,t,r))}}else if(e!==!0&&e!==!1)return t;let a=r.href+(n?"#"+n:"");if(t[a]!==void 0)throw new Error(`Duplicate schema URI "${a}".`);if(t[a]=e,e===!0||e===!1)return t;if(e.__absolute_uri__===void 0&&Object.defineProperty(e,"__absolute_uri__",{enumerable:!1,value:a}),e.$ref&&e.__absolute_ref__===void 0){let i=new URL(e.$ref,r.href);i.hash=i.hash,Object.defineProperty(e,"__absolute_ref__",{enumerable:!1,value:i.href})}if(e.$recursiveRef&&e.__absolute_recursive_ref__===void 0){let i=new URL(e.$recursiveRef,r.href);i.hash=i.hash,Object.defineProperty(e,"__absolute_recursive_ref__",{enumerable:!1,value:i.href})}if(e.$anchor){let i=new URL("#"+e.$anchor,r.href);t[i.href]=e}for(let i in e){if(HA[i])continue;let s=`${n}/${at(i)}`,c=e[i];if(Array.isArray(c)){if(jA[i]){let d=c.length;for(let p=0;p<d;p++)Wt(c[p],t,r,`${s}/${p}`)}}else if(DA[i])for(let d in c)Wt(c[d],t,r,`${s}/${at(d)}`);else Wt(c,t,r,s)}return t}o(Wt,"dereference");var BA=/^(\d\d\d\d)-(\d\d)-(\d\d)$/,GA=[0,31,28,31,30,31,30,31,31,30,31,30,31],VA=/^(\d\d):(\d\d):(\d\d)(\.\d+)?(z|[+-]\d\d(?::?\d\d)?)?$/i,FA=/^(?=.{1,253}\.?$)[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?(?:\.[a-z0-9](?:[-0-9a-z]{0,61}[0-9a-z])?)*\.?$/i,ZA=/^(?:[a-z][a-z0-9+\-.]*:)?(?:\/?\/(?:(?:[a-z0-9\-._~!$&'()*+,;=:]|%[0-9a-f]{2})*@)?(?:\[(?:(?:(?:(?:[0-9a-f]{1,4}:){6}|::(?:[0-9a-f]{1,4}:){5}|(?:[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){4}|(?:(?:[0-9a-f]{1,4}:){0,1}[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){3}|(?:(?:[0-9a-f]{1,4}:){0,2}[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){2}|(?:(?:[0-9a-f]{1,4}:){0,3}[0-9a-f]{1,4})?::[0-9a-f]{1,4}:|(?:(?:[0-9a-f]{1,4}:){0,4}[0-9a-f]{1,4})?::)(?:[0-9a-f]{1,4}:[0-9a-f]{1,4}|(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?))|(?:(?:[0-9a-f]{1,4}:){0,5}[0-9a-f]{1,4})?::[0-9a-f]{1,4}|(?:(?:[0-9a-f]{1,4}:){0,6}[0-9a-f]{1,4})?::)|[Vv][0-9a-f]+\.[a-z0-9\-._~!$&'()*+,;=:]+)\]|(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?)|(?:[a-z0-9\-._~!$&'"()*+,;=]|%[0-9a-f]{2})*)(?::\d*)?(?:\/(?:[a-z0-9\-._~!$&'"()*+,;=:@]|%[0-9a-f]{2})*)*|\/(?:(?:[a-z0-9\-._~!$&'"()*+,;=:@]|%[0-9a-f]{2})+(?:\/(?:[a-z0-9\-._~!$&'"()*+,;=:@]|%[0-9a-f]{2})*)*)?|(?:[a-z0-9\-._~!$&'"()*+,;=:@]|%[0-9a-f]{2})+(?:\/(?:[a-z0-9\-._~!$&'"()*+,;=:@]|%[0-9a-f]{2})*)*)?(?:\?(?:[a-z0-9\-._~!$&'"()*+,;=:@/?]|%[0-9a-f]{2})*)?(?:#(?:[a-z0-9\-._~!$&'"()*+,;=:@/?]|%[0-9a-f]{2})*)?$/i,KA=/^(?:(?:[^\x00-\x20"'<>%\\^`{|}]|%[0-9a-f]{2})|\{[+#./;?&=,!@|]?(?:[a-z0-9_]|%[0-9a-f]{2})+(?::[1-9][0-9]{0,3}|\*)?(?:,(?:[a-z0-9_]|%[0-9a-f]{2})+(?::[1-9][0-9]{0,3}|\*)?)*\})*$/i,WA=/^(?:(?:https?|ftp):\/\/)(?:\S+(?::\S*)?@)?(?:(?!10(?:\.\d{1,3}){3})(?!127(?:\.\d{1,3}){3})(?!169\.254(?:\.\d{1,3}){2})(?!192\.168(?:\.\d{1,3}){2})(?!172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})(?:[1-9]\d?|1\d\d|2[01]\d|22[0-3])(?:\.(?:1?\d{1,2}|2[0-4]\d|25[0-5])){2}(?:\.(?:[1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))|(?:(?:[a-z\u{00a1}-\u{ffff}0-9]+-?)*[a-z\u{00a1}-\u{ffff}0-9]+)(?:\.(?:[a-z\u{00a1}-\u{ffff}0-9]+-?)*[a-z\u{00a1}-\u{ffff}0-9]+)*(?:\.(?:[a-z\u{00a1}-\u{ffff}]{2,})))(?::\d{2,5})?(?:\/[^\s]*)?$/iu,JA=/^(?:urn:uuid:)?[0-9a-f]{8}-(?:[0-9a-f]{4}-){3}[0-9a-f]{12}$/i,YA=/^(?:\/(?:[^~/]|~0|~1)*)*$/,QA=/^#(?:\/(?:[a-z0-9_\-.!$&'()*+,;:=@]|%[0-9a-f]{2}|~0|~1)*)*$/i,XA=/^(?:0|[1-9][0-9]*)(?:#|(?:\/(?:[^~/]|~0|~1)*)*)$/,eT=o(e=>{if(e[0]==='"')return!1;let[t,r,...n]=e.split("@");return!t||!r||n.length!==0||t.length>64||r.length>253||t[0]==="."||t.endsWith(".")||t.includes("..")||!/^[a-z0-9.-]+$/i.test(r)||!/^[a-z0-9.!#$%&'*+/=?^_`{|}~-]+$/i.test(t)?!1:r.split(".").every(a=>/^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?$/i.test(a))},"EMAIL"),tT=/^(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?)$/,rT=/^((([0-9a-f]{1,4}:){7}([0-9a-f]{1,4}|:))|(([0-9a-f]{1,4}:){6}(:[0-9a-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9a-f]{1,4}:){5}(((:[0-9a-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9a-f]{1,4}:){4}(((:[0-9a-f]{1,4}){1,3})|((:[0-9a-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9a-f]{1,4}:){3}(((:[0-9a-f]{1,4}){1,4})|((:[0-9a-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9a-f]{1,4}:){2}(((:[0-9a-f]{1,4}){1,5})|((:[0-9a-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9a-f]{1,4}:){1}(((:[0-9a-f]{1,4}){1,6})|((:[0-9a-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9a-f]{1,4}){1,7})|((:[0-9a-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))$/i,nT=o(e=>e.length>1&&e.length<80&&(/^P\d+([.,]\d+)?W$/.test(e)||/^P[\dYMDTHS]*(\d[.,]\d+)?[YMDHS]$/.test(e)&&/^P([.,\d]+Y)?([.,\d]+M)?([.,\d]+D)?(T([.,\d]+H)?([.,\d]+M)?([.,\d]+S)?)?$/.test(e)),"DURATION");function Ut(e){return e.test.bind(e)}o(Ut,"bind");var Td={date:eg,time:tg.bind(void 0,!1),"date-time":iT,duration:nT,uri:uT,"uri-reference":Ut(ZA),"uri-template":Ut(KA),url:Ut(WA),email:eT,hostname:Ut(FA),ipv4:Ut(tT),ipv6:Ut(rT),regex:lT,uuid:Ut(JA),"json-pointer":Ut(YA),"json-pointer-uri-fragment":Ut(QA),"relative-json-pointer":Ut(XA)};function oT(e){return e%4===0&&(e%100!==0||e%400===0)}o(oT,"isLeapYear");function eg(e){let t=e.match(BA);if(!t)return!1;let r=+t[1],n=+t[2],a=+t[3];return n>=1&&n<=12&&a>=1&&a<=(n==2&&oT(r)?29:GA[n])}o(eg,"date");function tg(e,t){let r=t.match(VA);if(!r)return!1;let n=+r[1],a=+r[2],i=+r[3],s=!!r[5];return(n<=23&&a<=59&&i<=59||n==23&&a==59&&i==60)&&(!e||s)}o(tg,"time");var aT=/t|\s/i;function iT(e){let t=e.split(aT);return t.length==2&&eg(t[0])&&tg(!0,t[1])}o(iT,"date_time");var sT=/\/|:/,cT=/^(?:[a-z][a-z0-9+\-.]*:)(?:\/?\/(?:(?:[a-z0-9\-._~!$&'()*+,;=:]|%[0-9a-f]{2})*@)?(?:\[(?:(?:(?:(?:[0-9a-f]{1,4}:){6}|::(?:[0-9a-f]{1,4}:){5}|(?:[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){4}|(?:(?:[0-9a-f]{1,4}:){0,1}[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){3}|(?:(?:[0-9a-f]{1,4}:){0,2}[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){2}|(?:(?:[0-9a-f]{1,4}:){0,3}[0-9a-f]{1,4})?::[0-9a-f]{1,4}:|(?:(?:[0-9a-f]{1,4}:){0,4}[0-9a-f]{1,4})?::)(?:[0-9a-f]{1,4}:[0-9a-f]{1,4}|(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?))|(?:(?:[0-9a-f]{1,4}:){0,5}[0-9a-f]{1,4})?::[0-9a-f]{1,4}|(?:(?:[0-9a-f]{1,4}:){0,6}[0-9a-f]{1,4})?::)|[Vv][0-9a-f]+\.[a-z0-9\-._~!$&'()*+,;=:]+)\]|(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?)|(?:[a-z0-9\-._~!$&'()*+,;=]|%[0-9a-f]{2})*)(?::\d*)?(?:\/(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})*)*|\/(?:(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})+(?:\/(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})*)*)?|(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})+(?:\/(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})*)*)(?:\?(?:[a-z0-9\-._~!$&'()*+,;=:@/?]|%[0-9a-f]{2})*)?(?:#(?:[a-z0-9\-._~!$&'()*+,;=:@/?]|%[0-9a-f]{2})*)?$/i;function uT(e){return sT.test(e)&&cT.test(e)}o(uT,"uri");var dT=/[^\\]\\Z/;function lT(e){if(dT.test(e))return!1;try{return new RegExp(e,"u"),!0}catch{return!1}}o(lT,"regex");var rg;(function(e){e[e.Flag=1]="Flag",e[e.Basic=2]="Basic",e[e.Detailed=4]="Detailed"})(rg||(rg={}));function ng(e){let t=0,r=e.length,n=0,a;for(;n<r;)t++,a=e.charCodeAt(n++),a>=55296&&a<=56319&&n<r&&(a=e.charCodeAt(n),(a&64512)==56320&&n++);return t}o(ng,"ucs2length");function fe(e,t,r="2019-09",n=Wt(t),a=!0,i=null,s="#",c="#",d=Object.create(null)){if(t===!0)return{valid:!0,errors:[]};if(t===!1)return{valid:!1,errors:[{instanceLocation:s,keyword:"false",keywordLocation:s,error:"False boolean schema."}]};let p=typeof e,l;switch(p){case"boolean":case"number":case"string":l=p;break;case"object":e===null?l="null":Array.isArray(e)?l="array":l="object";break;default:throw new Error(`Instances of "${p}" type are not supported.`)}let{$ref:m,$recursiveRef:h,$recursiveAnchor:y,type:_,const:S,enum:w,required:v,not:b,anyOf:R,allOf:q,oneOf:N,if:qe,then:it,else:dn,format:ir,properties:qt,patternProperties:Er,additionalProperties:no,unevaluatedProperties:oo,minProperties:ao,maxProperties:Zs,propertyNames:kp,dependentRequired:Ks,dependentSchemas:Ws,dependencies:Js,prefixItems:Ys,items:io,additionalItems:Ep,unevaluatedItems:Up,contains:Op,minContains:Nt,maxContains:Ea,minItems:Qs,maxItems:Xs,uniqueItems:vv,minimum:Ur,maximum:Or,exclusiveMinimum:so,exclusiveMaximum:co,multipleOf:Ua,minLength:Oa,maxLength:$a,pattern:$p,__absolute_ref__:za,__absolute_recursive_ref__:bv}=t,T=[];if(y===!0&&i===null&&(i=t),h==="#"){let j=i===null?n[bv]:i,z=`${c}/$recursiveRef`,B=fe(e,i===null?t:i,r,n,a,j,s,z,d);B.valid||T.push({instanceLocation:s,keyword:"$recursiveRef",keywordLocation:z,error:"A subschema had errors."},...B.errors)}if(m!==void 0){let z=n[za||m];if(z===void 0){let P=`Unresolved $ref "${m}".`;throw za&&za!==m&&(P+=` Absolute URI "${za}".`),P+=`
43
+ `,t.enqueue(r.encode(i)),!0}catch(i){return this.onerror?.(i),!1}}handleUnsupportedRequest(){return this.onerror?.(new Error("Method not allowed.")),new Response(JSON.stringify({jsonrpc:"2.0",error:{code:-32e3,message:"Method not allowed."},id:null}),{status:405,headers:{Allow:"GET, POST, DELETE","Content-Type":"application/json"}})}async handlePostRequest(t,r){try{let n=t.headers.get("accept");if(!n?.includes("application/json")||!n.includes("text/event-stream"))return this.onerror?.(new Error("Not Acceptable: Client must accept both application/json and text/event-stream")),this.createJsonErrorResponse(406,-32e3,"Not Acceptable: Client must accept both application/json and text/event-stream");let a=t.headers.get("content-type");if(!a||!a.includes("application/json"))return this.onerror?.(new Error("Unsupported Media Type: Content-Type must be application/json")),this.createJsonErrorResponse(415,-32e3,"Unsupported Media Type: Content-Type must be application/json");let i={headers:Object.fromEntries(t.headers.entries()),url:new URL(t.url)},s;if(r?.parsedBody!==void 0)s=r.parsedBody;else try{s=await t.json()}catch{return this.onerror?.(new Error("Parse error: Invalid JSON")),this.createJsonErrorResponse(400,-32700,"Parse error: Invalid JSON")}let c;try{Array.isArray(s)?c=s.map(v=>$r.parse(v)):c=[$r.parse(s)]}catch{return this.onerror?.(new Error("Parse error: Invalid JSON-RPC message")),this.createJsonErrorResponse(400,-32700,"Parse error: Invalid JSON-RPC message")}let d=c.some(uc);if(d){if(this._initialized&&this.sessionId!==void 0)return this.onerror?.(new Error("Invalid Request: Server already initialized")),this.createJsonErrorResponse(400,-32600,"Invalid Request: Server already initialized");if(c.length>1)return this.onerror?.(new Error("Invalid Request: Only one initialization request is allowed")),this.createJsonErrorResponse(400,-32600,"Invalid Request: Only one initialization request is allowed");this.sessionId=this.sessionIdGenerator?.(),this._initialized=!0,this.sessionId&&this._onsessioninitialized&&await Promise.resolve(this._onsessioninitialized(this.sessionId))}if(!d){let v=this.validateSession(t);if(v)return v;let b=this.validateProtocolVersion(t);if(b)return b}if(!c.some(It)){for(let v of c)this.onmessage?.(v,{authInfo:r?.authInfo,requestInfo:i});return new Response(null,{status:202})}let l=crypto.randomUUID(),m=c.find(v=>uc(v)),h=m?m.params.protocolVersion:t.headers.get("mcp-protocol-version")??Kp;if(this._enableJsonResponse)return new Promise(v=>{this._streamMapping.set(l,{resolveJson:v,cleanup:o(()=>{this._streamMapping.delete(l)},"cleanup")});for(let b of c)It(b)&&this._requestToStreamMapping.set(b.id,l);for(let b of c)this.onmessage?.(b,{authInfo:r?.authInfo,requestInfo:i})});let y=new TextEncoder,_,S=new ReadableStream({start:o(v=>{_=v},"start"),cancel:o(()=>{this._streamMapping.delete(l)},"cancel")}),w={"Content-Type":"text/event-stream","Cache-Control":"no-cache",Connection:"keep-alive"};this.sessionId!==void 0&&(w["mcp-session-id"]=this.sessionId);for(let v of c)It(v)&&(this._streamMapping.set(l,{controller:_,encoder:y,cleanup:o(()=>{this._streamMapping.delete(l);try{_.close()}catch{}},"cleanup")}),this._requestToStreamMapping.set(v.id,l));await this.writePrimingEvent(_,y,l,h);for(let v of c){let b,R;It(v)&&this._eventStore&&h>="2025-11-25"&&(b=o(()=>{this.closeSSEStream(v.id)},"closeSSEStream"),R=o(()=>{this.closeStandaloneSSEStream()},"closeStandaloneSSEStream")),this.onmessage?.(v,{authInfo:r?.authInfo,requestInfo:i,closeSSEStream:b,closeStandaloneSSEStream:R})}return new Response(S,{status:200,headers:w})}catch(n){return this.onerror?.(n),this.createJsonErrorResponse(400,-32700,"Parse error",{data:String(n)})}}async handleDeleteRequest(t){let r=this.validateSession(t);if(r)return r;let n=this.validateProtocolVersion(t);return n||(await Promise.resolve(this._onsessionclosed?.(this.sessionId)),await this.close(),new Response(null,{status:200}))}validateSession(t){if(this.sessionIdGenerator===void 0)return;if(!this._initialized)return this.onerror?.(new Error("Bad Request: Server not initialized")),this.createJsonErrorResponse(400,-32e3,"Bad Request: Server not initialized");let r=t.headers.get("mcp-session-id");if(!r)return this.onerror?.(new Error("Bad Request: Mcp-Session-Id header is required")),this.createJsonErrorResponse(400,-32e3,"Bad Request: Mcp-Session-Id header is required");if(r!==this.sessionId)return this.onerror?.(new Error("Session not found")),this.createJsonErrorResponse(404,-32001,"Session not found")}validateProtocolVersion(t){let r=t.headers.get("mcp-protocol-version");if(r!==null&&!dr.includes(r))return this.onerror?.(new Error(`Bad Request: Unsupported protocol version: ${r} (supported versions: ${dr.join(", ")})`)),this.createJsonErrorResponse(400,-32e3,`Bad Request: Unsupported protocol version: ${r} (supported versions: ${dr.join(", ")})`)}async close(){this._streamMapping.forEach(({cleanup:t})=>{t()}),this._streamMapping.clear(),this._requestResponseMap.clear(),this.onclose?.()}closeSSEStream(t){let r=this._requestToStreamMapping.get(t);if(!r)return;let n=this._streamMapping.get(r);n&&n.cleanup()}closeStandaloneSSEStream(){let t=this._streamMapping.get(this._standaloneSseStreamId);t&&t.cleanup()}async send(t,r){let n=r?.relatedRequestId;if((St(t)||fn(t))&&(n=t.id),n===void 0){if(St(t)||fn(t))throw new Error("Cannot send a response on a standalone SSE stream unless resuming a previous client request");let s;this._eventStore&&(s=await this._eventStore.storeEvent(this._standaloneSseStreamId,t));let c=this._streamMapping.get(this._standaloneSseStreamId);if(c===void 0)return;c.controller&&c.encoder&&this.writeSSEEvent(c.controller,c.encoder,t,s);return}let a=this._requestToStreamMapping.get(n);if(!a)throw new Error(`No connection established for request ID: ${String(n)}`);let i=this._streamMapping.get(a);if(!this._enableJsonResponse&&i?.controller&&i?.encoder){let s;this._eventStore&&(s=await this._eventStore.storeEvent(a,t)),this.writeSSEEvent(i.controller,i.encoder,t,s)}if(St(t)||fn(t)){this._requestResponseMap.set(n,t);let s=Array.from(this._requestToStreamMapping.entries()).filter(([d,p])=>p===a).map(([d])=>d);if(s.every(d=>this._requestResponseMap.has(d))){if(!i)throw new Error(`No connection established for request ID: ${String(n)}`);if(this._enableJsonResponse&&i.resolveJson){let d={"Content-Type":"application/json"};this.sessionId!==void 0&&(d["mcp-session-id"]=this.sessionId);let p=s.map(l=>this._requestResponseMap.get(l));p.length===1?i.resolveJson(new Response(JSON.stringify(p[0]),{status:200,headers:d})):i.resolveJson(new Response(JSON.stringify(p),{status:200,headers:d}))}else i.cleanup();for(let d of s)this._requestResponseMap.delete(d),this._requestToStreamMapping.delete(d)}}}};function zn(e,t){let r=typeof e;if(r!==typeof t)return!1;if(Array.isArray(e)){if(!Array.isArray(t))return!1;let n=e.length;if(n!==t.length)return!1;for(let a=0;a<n;a++)if(!zn(e[a],t[a]))return!1;return!0}if(r==="object"){if(!e||!t)return e===t;let n=Object.keys(e),a=Object.keys(t);if(n.length!==a.length)return!1;for(let s of n)if(!zn(e[s],t[s]))return!1;return!0}return e===t}o(zn,"deepCompareStrict");function at(e){return encodeURI(zA(e))}o(at,"encodePointer");function zA(e){return e.replace(/~/g,"~0").replace(/\//g,"~1")}o(zA,"escapePointer");var MA={prefixItems:!0,items:!0,allOf:!0,anyOf:!0,oneOf:!0},qA={$defs:!0,definitions:!0,properties:!0,patternProperties:!0,dependentSchemas:!0},NA={id:!0,$id:!0,$ref:!0,$schema:!0,$anchor:!0,$vocabulary:!0,$comment:!0,default:!0,enum:!0,const:!0,required:!0,type:!0,maximum:!0,minimum:!0,exclusiveMaximum:!0,exclusiveMinimum:!0,multipleOf:!0,maxLength:!0,minLength:!0,pattern:!0,format:!0,maxItems:!0,minItems:!0,uniqueItems:!0,maxProperties:!0,minProperties:!0},DA=typeof self<"u"&&self.location&&self.location.origin!=="null"?new URL(self.location.origin+self.location.pathname+location.search):new URL("https://github.com/cfworker");function Kt(e,t=Object.create(null),r=DA,n=""){if(e&&typeof e=="object"&&!Array.isArray(e)){let i=e.$id||e.id;if(i){let s=new URL(i,r.href);s.hash.length>1?t[s.href]=e:(s.hash="",n===""?r=s:Kt(e,t,r))}}else if(e!==!0&&e!==!1)return t;let a=r.href+(n?"#"+n:"");if(t[a]!==void 0)throw new Error(`Duplicate schema URI "${a}".`);if(t[a]=e,e===!0||e===!1)return t;if(e.__absolute_uri__===void 0&&Object.defineProperty(e,"__absolute_uri__",{enumerable:!1,value:a}),e.$ref&&e.__absolute_ref__===void 0){let i=new URL(e.$ref,r.href);i.hash=i.hash,Object.defineProperty(e,"__absolute_ref__",{enumerable:!1,value:i.href})}if(e.$recursiveRef&&e.__absolute_recursive_ref__===void 0){let i=new URL(e.$recursiveRef,r.href);i.hash=i.hash,Object.defineProperty(e,"__absolute_recursive_ref__",{enumerable:!1,value:i.href})}if(e.$anchor){let i=new URL("#"+e.$anchor,r.href);t[i.href]=e}for(let i in e){if(NA[i])continue;let s=`${n}/${at(i)}`,c=e[i];if(Array.isArray(c)){if(MA[i]){let d=c.length;for(let p=0;p<d;p++)Kt(c[p],t,r,`${s}/${p}`)}}else if(qA[i])for(let d in c)Kt(c[d],t,r,`${s}/${at(d)}`);else Kt(c,t,r,s)}return t}o(Kt,"dereference");var jA=/^(\d\d\d\d)-(\d\d)-(\d\d)$/,HA=[0,31,28,31,30,31,30,31,31,30,31,30,31],LA=/^(\d\d):(\d\d):(\d\d)(\.\d+)?(z|[+-]\d\d(?::?\d\d)?)?$/i,BA=/^(?=.{1,253}\.?$)[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?(?:\.[a-z0-9](?:[-0-9a-z]{0,61}[0-9a-z])?)*\.?$/i,GA=/^(?:[a-z][a-z0-9+\-.]*:)?(?:\/?\/(?:(?:[a-z0-9\-._~!$&'()*+,;=:]|%[0-9a-f]{2})*@)?(?:\[(?:(?:(?:(?:[0-9a-f]{1,4}:){6}|::(?:[0-9a-f]{1,4}:){5}|(?:[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){4}|(?:(?:[0-9a-f]{1,4}:){0,1}[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){3}|(?:(?:[0-9a-f]{1,4}:){0,2}[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){2}|(?:(?:[0-9a-f]{1,4}:){0,3}[0-9a-f]{1,4})?::[0-9a-f]{1,4}:|(?:(?:[0-9a-f]{1,4}:){0,4}[0-9a-f]{1,4})?::)(?:[0-9a-f]{1,4}:[0-9a-f]{1,4}|(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?))|(?:(?:[0-9a-f]{1,4}:){0,5}[0-9a-f]{1,4})?::[0-9a-f]{1,4}|(?:(?:[0-9a-f]{1,4}:){0,6}[0-9a-f]{1,4})?::)|[Vv][0-9a-f]+\.[a-z0-9\-._~!$&'()*+,;=:]+)\]|(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?)|(?:[a-z0-9\-._~!$&'"()*+,;=]|%[0-9a-f]{2})*)(?::\d*)?(?:\/(?:[a-z0-9\-._~!$&'"()*+,;=:@]|%[0-9a-f]{2})*)*|\/(?:(?:[a-z0-9\-._~!$&'"()*+,;=:@]|%[0-9a-f]{2})+(?:\/(?:[a-z0-9\-._~!$&'"()*+,;=:@]|%[0-9a-f]{2})*)*)?|(?:[a-z0-9\-._~!$&'"()*+,;=:@]|%[0-9a-f]{2})+(?:\/(?:[a-z0-9\-._~!$&'"()*+,;=:@]|%[0-9a-f]{2})*)*)?(?:\?(?:[a-z0-9\-._~!$&'"()*+,;=:@/?]|%[0-9a-f]{2})*)?(?:#(?:[a-z0-9\-._~!$&'"()*+,;=:@/?]|%[0-9a-f]{2})*)?$/i,VA=/^(?:(?:[^\x00-\x20"'<>%\\^`{|}]|%[0-9a-f]{2})|\{[+#./;?&=,!@|]?(?:[a-z0-9_]|%[0-9a-f]{2})+(?::[1-9][0-9]{0,3}|\*)?(?:,(?:[a-z0-9_]|%[0-9a-f]{2})+(?::[1-9][0-9]{0,3}|\*)?)*\})*$/i,FA=/^(?:(?:https?|ftp):\/\/)(?:\S+(?::\S*)?@)?(?:(?!10(?:\.\d{1,3}){3})(?!127(?:\.\d{1,3}){3})(?!169\.254(?:\.\d{1,3}){2})(?!192\.168(?:\.\d{1,3}){2})(?!172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})(?:[1-9]\d?|1\d\d|2[01]\d|22[0-3])(?:\.(?:1?\d{1,2}|2[0-4]\d|25[0-5])){2}(?:\.(?:[1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))|(?:(?:[a-z\u{00a1}-\u{ffff}0-9]+-?)*[a-z\u{00a1}-\u{ffff}0-9]+)(?:\.(?:[a-z\u{00a1}-\u{ffff}0-9]+-?)*[a-z\u{00a1}-\u{ffff}0-9]+)*(?:\.(?:[a-z\u{00a1}-\u{ffff}]{2,})))(?::\d{2,5})?(?:\/[^\s]*)?$/iu,ZA=/^(?:urn:uuid:)?[0-9a-f]{8}-(?:[0-9a-f]{4}-){3}[0-9a-f]{12}$/i,KA=/^(?:\/(?:[^~/]|~0|~1)*)*$/,WA=/^#(?:\/(?:[a-z0-9_\-.!$&'()*+,;:=@]|%[0-9a-f]{2}|~0|~1)*)*$/i,JA=/^(?:0|[1-9][0-9]*)(?:#|(?:\/(?:[^~/]|~0|~1)*)*)$/,YA=o(e=>{if(e[0]==='"')return!1;let[t,r,...n]=e.split("@");return!t||!r||n.length!==0||t.length>64||r.length>253||t[0]==="."||t.endsWith(".")||t.includes("..")||!/^[a-z0-9.-]+$/i.test(r)||!/^[a-z0-9.!#$%&'*+/=?^_`{|}~-]+$/i.test(t)?!1:r.split(".").every(a=>/^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?$/i.test(a))},"EMAIL"),QA=/^(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?)$/,XA=/^((([0-9a-f]{1,4}:){7}([0-9a-f]{1,4}|:))|(([0-9a-f]{1,4}:){6}(:[0-9a-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9a-f]{1,4}:){5}(((:[0-9a-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9a-f]{1,4}:){4}(((:[0-9a-f]{1,4}){1,3})|((:[0-9a-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9a-f]{1,4}:){3}(((:[0-9a-f]{1,4}){1,4})|((:[0-9a-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9a-f]{1,4}:){2}(((:[0-9a-f]{1,4}){1,5})|((:[0-9a-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9a-f]{1,4}:){1}(((:[0-9a-f]{1,4}){1,6})|((:[0-9a-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9a-f]{1,4}){1,7})|((:[0-9a-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))$/i,ek=o(e=>e.length>1&&e.length<80&&(/^P\d+([.,]\d+)?W$/.test(e)||/^P[\dYMDTHS]*(\d[.,]\d+)?[YMDHS]$/.test(e)&&/^P([.,\d]+Y)?([.,\d]+M)?([.,\d]+D)?(T([.,\d]+H)?([.,\d]+M)?([.,\d]+S)?)?$/.test(e)),"DURATION");function Ut(e){return e.test.bind(e)}o(Ut,"bind");var Td={date:Qh,time:Xh.bind(void 0,!1),"date-time":nk,duration:ek,uri:ik,"uri-reference":Ut(GA),"uri-template":Ut(VA),url:Ut(FA),email:YA,hostname:Ut(BA),ipv4:Ut(QA),ipv6:Ut(XA),regex:ck,uuid:Ut(ZA),"json-pointer":Ut(KA),"json-pointer-uri-fragment":Ut(WA),"relative-json-pointer":Ut(JA)};function tk(e){return e%4===0&&(e%100!==0||e%400===0)}o(tk,"isLeapYear");function Qh(e){let t=e.match(jA);if(!t)return!1;let r=+t[1],n=+t[2],a=+t[3];return n>=1&&n<=12&&a>=1&&a<=(n==2&&tk(r)?29:HA[n])}o(Qh,"date");function Xh(e,t){let r=t.match(LA);if(!r)return!1;let n=+r[1],a=+r[2],i=+r[3],s=!!r[5];return(n<=23&&a<=59&&i<=59||n==23&&a==59&&i==60)&&(!e||s)}o(Xh,"time");var rk=/t|\s/i;function nk(e){let t=e.split(rk);return t.length==2&&Qh(t[0])&&Xh(!0,t[1])}o(nk,"date_time");var ok=/\/|:/,ak=/^(?:[a-z][a-z0-9+\-.]*:)(?:\/?\/(?:(?:[a-z0-9\-._~!$&'()*+,;=:]|%[0-9a-f]{2})*@)?(?:\[(?:(?:(?:(?:[0-9a-f]{1,4}:){6}|::(?:[0-9a-f]{1,4}:){5}|(?:[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){4}|(?:(?:[0-9a-f]{1,4}:){0,1}[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){3}|(?:(?:[0-9a-f]{1,4}:){0,2}[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){2}|(?:(?:[0-9a-f]{1,4}:){0,3}[0-9a-f]{1,4})?::[0-9a-f]{1,4}:|(?:(?:[0-9a-f]{1,4}:){0,4}[0-9a-f]{1,4})?::)(?:[0-9a-f]{1,4}:[0-9a-f]{1,4}|(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?))|(?:(?:[0-9a-f]{1,4}:){0,5}[0-9a-f]{1,4})?::[0-9a-f]{1,4}|(?:(?:[0-9a-f]{1,4}:){0,6}[0-9a-f]{1,4})?::)|[Vv][0-9a-f]+\.[a-z0-9\-._~!$&'()*+,;=:]+)\]|(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?)|(?:[a-z0-9\-._~!$&'()*+,;=]|%[0-9a-f]{2})*)(?::\d*)?(?:\/(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})*)*|\/(?:(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})+(?:\/(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})*)*)?|(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})+(?:\/(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})*)*)(?:\?(?:[a-z0-9\-._~!$&'()*+,;=:@/?]|%[0-9a-f]{2})*)?(?:#(?:[a-z0-9\-._~!$&'()*+,;=:@/?]|%[0-9a-f]{2})*)?$/i;function ik(e){return ok.test(e)&&ak.test(e)}o(ik,"uri");var sk=/[^\\]\\Z/;function ck(e){if(sk.test(e))return!1;try{return new RegExp(e,"u"),!0}catch{return!1}}o(ck,"regex");var eg;(function(e){e[e.Flag=1]="Flag",e[e.Basic=2]="Basic",e[e.Detailed=4]="Detailed"})(eg||(eg={}));function tg(e){let t=0,r=e.length,n=0,a;for(;n<r;)t++,a=e.charCodeAt(n++),a>=55296&&a<=56319&&n<r&&(a=e.charCodeAt(n),(a&64512)==56320&&n++);return t}o(tg,"ucs2length");function fe(e,t,r="2019-09",n=Kt(t),a=!0,i=null,s="#",c="#",d=Object.create(null)){if(t===!0)return{valid:!0,errors:[]};if(t===!1)return{valid:!1,errors:[{instanceLocation:s,keyword:"false",keywordLocation:s,error:"False boolean schema."}]};let p=typeof e,l;switch(p){case"boolean":case"number":case"string":l=p;break;case"object":e===null?l="null":Array.isArray(e)?l="array":l="object";break;default:throw new Error(`Instances of "${p}" type are not supported.`)}let{$ref:m,$recursiveRef:h,$recursiveAnchor:y,type:_,const:S,enum:w,required:v,not:b,anyOf:R,allOf:q,oneOf:N,if:qe,then:it,else:dn,format:ar,properties:qt,patternProperties:Tr,additionalProperties:oo,unevaluatedProperties:ao,minProperties:io,maxProperties:Zs,propertyNames:kp,dependentRequired:Ks,dependentSchemas:Ws,dependencies:Js,prefixItems:Ys,items:so,additionalItems:Tp,unevaluatedItems:Ep,contains:Up,minContains:Nt,maxContains:Ua,minItems:Qs,maxItems:Xs,uniqueItems:Sv,minimum:Er,maximum:Ur,exclusiveMinimum:co,exclusiveMaximum:uo,multipleOf:Oa,minLength:$a,maxLength:za,pattern:Op,__absolute_ref__:Ma,__absolute_recursive_ref__:_v}=t,k=[];if(y===!0&&i===null&&(i=t),h==="#"){let D=i===null?n[_v]:i,z=`${c}/$recursiveRef`,B=fe(e,i===null?t:i,r,n,a,D,s,z,d);B.valid||k.push({instanceLocation:s,keyword:"$recursiveRef",keywordLocation:z,error:"A subschema had errors."},...B.errors)}if(m!==void 0){let z=n[Ma||m];if(z===void 0){let P=`Unresolved $ref "${m}".`;throw Ma&&Ma!==m&&(P+=` Absolute URI "${Ma}".`),P+=`
44
44
  Known schemas:
45
45
  - ${Object.keys(n).join(`
46
- - `)}`,new Error(P)}let B=`${c}/$ref`,E=fe(e,z,r,n,a,i,s,B,d);if(E.valid||T.push({instanceLocation:s,keyword:"$ref",keywordLocation:B,error:"A subschema had errors."},...E.errors),r==="4"||r==="7")return{valid:T.length===0,errors:T}}if(Array.isArray(_)){let j=_.length,z=!1;for(let B=0;B<j;B++)if(l===_[B]||_[B]==="integer"&&l==="number"&&e%1===0&&e===e){z=!0;break}z||T.push({instanceLocation:s,keyword:"type",keywordLocation:`${c}/type`,error:`Instance type "${l}" is invalid. Expected "${_.join('", "')}".`})}else _==="integer"?(l!=="number"||e%1||e!==e)&&T.push({instanceLocation:s,keyword:"type",keywordLocation:`${c}/type`,error:`Instance type "${l}" is invalid. Expected "${_}".`}):_!==void 0&&l!==_&&T.push({instanceLocation:s,keyword:"type",keywordLocation:`${c}/type`,error:`Instance type "${l}" is invalid. Expected "${_}".`});if(S!==void 0&&(l==="object"||l==="array"?$n(e,S)||T.push({instanceLocation:s,keyword:"const",keywordLocation:`${c}/const`,error:`Instance does not match ${JSON.stringify(S)}.`}):e!==S&&T.push({instanceLocation:s,keyword:"const",keywordLocation:`${c}/const`,error:`Instance does not match ${JSON.stringify(S)}.`})),w!==void 0&&(l==="object"||l==="array"?w.some(j=>$n(e,j))||T.push({instanceLocation:s,keyword:"enum",keywordLocation:`${c}/enum`,error:`Instance does not match any of ${JSON.stringify(w)}.`}):w.some(j=>e===j)||T.push({instanceLocation:s,keyword:"enum",keywordLocation:`${c}/enum`,error:`Instance does not match any of ${JSON.stringify(w)}.`})),b!==void 0){let j=`${c}/not`;fe(e,b,r,n,a,i,s,j).valid&&T.push({instanceLocation:s,keyword:"not",keywordLocation:j,error:'Instance matched "not" schema.'})}let Ma=[];if(R!==void 0){let j=`${c}/anyOf`,z=T.length,B=!1;for(let E=0;E<R.length;E++){let P=R[E],H=Object.create(d),D=fe(e,P,r,n,a,y===!0?i:null,s,`${j}/${E}`,H);T.push(...D.errors),B=B||D.valid,D.valid&&Ma.push(H)}B?T.length=z:T.splice(z,0,{instanceLocation:s,keyword:"anyOf",keywordLocation:j,error:"Instance does not match any subschemas."})}if(q!==void 0){let j=`${c}/allOf`,z=T.length,B=!0;for(let E=0;E<q.length;E++){let P=q[E],H=Object.create(d),D=fe(e,P,r,n,a,y===!0?i:null,s,`${j}/${E}`,H);T.push(...D.errors),B=B&&D.valid,D.valid&&Ma.push(H)}B?T.length=z:T.splice(z,0,{instanceLocation:s,keyword:"allOf",keywordLocation:j,error:"Instance does not match every subschema."})}if(N!==void 0){let j=`${c}/oneOf`,z=T.length,B=N.filter((E,P)=>{let H=Object.create(d),D=fe(e,E,r,n,a,y===!0?i:null,s,`${j}/${P}`,H);return T.push(...D.errors),D.valid&&Ma.push(H),D.valid}).length;B===1?T.length=z:T.splice(z,0,{instanceLocation:s,keyword:"oneOf",keywordLocation:j,error:`Instance does not match exactly one subschema (${B} matches).`})}if((l==="object"||l==="array")&&Object.assign(d,...Ma),qe!==void 0){let j=`${c}/if`;if(fe(e,qe,r,n,a,i,s,j,d).valid){if(it!==void 0){let B=fe(e,it,r,n,a,i,s,`${c}/then`,d);B.valid||T.push({instanceLocation:s,keyword:"if",keywordLocation:j,error:'Instance does not match "then" schema.'},...B.errors)}}else if(dn!==void 0){let B=fe(e,dn,r,n,a,i,s,`${c}/else`,d);B.valid||T.push({instanceLocation:s,keyword:"if",keywordLocation:j,error:'Instance does not match "else" schema.'},...B.errors)}}if(l==="object"){if(v!==void 0)for(let E of v)E in e||T.push({instanceLocation:s,keyword:"required",keywordLocation:`${c}/required`,error:`Instance does not have required property "${E}".`});let j=Object.keys(e);if(ao!==void 0&&j.length<ao&&T.push({instanceLocation:s,keyword:"minProperties",keywordLocation:`${c}/minProperties`,error:`Instance does not have at least ${ao} properties.`}),Zs!==void 0&&j.length>Zs&&T.push({instanceLocation:s,keyword:"maxProperties",keywordLocation:`${c}/maxProperties`,error:`Instance does not have at least ${Zs} properties.`}),kp!==void 0){let E=`${c}/propertyNames`;for(let P in e){let H=`${s}/${at(P)}`,D=fe(P,kp,r,n,a,i,H,E);D.valid||T.push({instanceLocation:s,keyword:"propertyNames",keywordLocation:E,error:`Property name "${P}" does not match schema.`},...D.errors)}}if(Ks!==void 0){let E=`${c}/dependantRequired`;for(let P in Ks)if(P in e){let H=Ks[P];for(let D of H)D in e||T.push({instanceLocation:s,keyword:"dependentRequired",keywordLocation:E,error:`Instance has "${P}" but does not have "${D}".`})}}if(Ws!==void 0)for(let E in Ws){let P=`${c}/dependentSchemas`;if(E in e){let H=fe(e,Ws[E],r,n,a,i,s,`${P}/${at(E)}`,d);H.valid||T.push({instanceLocation:s,keyword:"dependentSchemas",keywordLocation:P,error:`Instance has "${E}" but does not match dependant schema.`},...H.errors)}}if(Js!==void 0){let E=`${c}/dependencies`;for(let P in Js)if(P in e){let H=Js[P];if(Array.isArray(H))for(let D of H)D in e||T.push({instanceLocation:s,keyword:"dependencies",keywordLocation:E,error:`Instance has "${P}" but does not have "${D}".`});else{let D=fe(e,H,r,n,a,i,s,`${E}/${at(P)}`);D.valid||T.push({instanceLocation:s,keyword:"dependencies",keywordLocation:E,error:`Instance has "${P}" but does not match dependant schema.`},...D.errors)}}}let z=Object.create(null),B=!1;if(qt!==void 0){let E=`${c}/properties`;for(let P in qt){if(!(P in e))continue;let H=`${s}/${at(P)}`,D=fe(e[P],qt[P],r,n,a,i,H,`${E}/${at(P)}`);if(D.valid)d[P]=z[P]=!0;else if(B=a,T.push({instanceLocation:s,keyword:"properties",keywordLocation:E,error:`Property "${P}" does not match schema.`},...D.errors),B)break}}if(!B&&Er!==void 0){let E=`${c}/patternProperties`;for(let P in Er){let H=new RegExp(P,"u"),D=Er[P];for(let Ze in e){if(!H.test(Ze))continue;let zp=`${s}/${at(Ze)}`,Mp=fe(e[Ze],D,r,n,a,i,zp,`${E}/${at(P)}`);Mp.valid?d[Ze]=z[Ze]=!0:(B=a,T.push({instanceLocation:s,keyword:"patternProperties",keywordLocation:E,error:`Property "${Ze}" matches pattern "${P}" but does not match associated schema.`},...Mp.errors))}}}if(!B&&no!==void 0){let E=`${c}/additionalProperties`;for(let P in e){if(z[P])continue;let H=`${s}/${at(P)}`,D=fe(e[P],no,r,n,a,i,H,E);D.valid?d[P]=!0:(B=a,T.push({instanceLocation:s,keyword:"additionalProperties",keywordLocation:E,error:`Property "${P}" does not match additional properties schema.`},...D.errors))}}else if(!B&&oo!==void 0){let E=`${c}/unevaluatedProperties`;for(let P in e)if(!d[P]){let H=`${s}/${at(P)}`,D=fe(e[P],oo,r,n,a,i,H,E);D.valid?d[P]=!0:T.push({instanceLocation:s,keyword:"unevaluatedProperties",keywordLocation:E,error:`Property "${P}" does not match unevaluated properties schema.`},...D.errors)}}}else if(l==="array"){Xs!==void 0&&e.length>Xs&&T.push({instanceLocation:s,keyword:"maxItems",keywordLocation:`${c}/maxItems`,error:`Array has too many items (${e.length} > ${Xs}).`}),Qs!==void 0&&e.length<Qs&&T.push({instanceLocation:s,keyword:"minItems",keywordLocation:`${c}/minItems`,error:`Array has too few items (${e.length} < ${Qs}).`});let j=e.length,z=0,B=!1;if(Ys!==void 0){let E=`${c}/prefixItems`,P=Math.min(Ys.length,j);for(;z<P;z++){let H=fe(e[z],Ys[z],r,n,a,i,`${s}/${z}`,`${E}/${z}`);if(d[z]=!0,!H.valid&&(B=a,T.push({instanceLocation:s,keyword:"prefixItems",keywordLocation:E,error:"Items did not match schema."},...H.errors),B))break}}if(io!==void 0){let E=`${c}/items`;if(Array.isArray(io)){let P=Math.min(io.length,j);for(;z<P;z++){let H=fe(e[z],io[z],r,n,a,i,`${s}/${z}`,`${E}/${z}`);if(d[z]=!0,!H.valid&&(B=a,T.push({instanceLocation:s,keyword:"items",keywordLocation:E,error:"Items did not match schema."},...H.errors),B))break}}else for(;z<j;z++){let P=fe(e[z],io,r,n,a,i,`${s}/${z}`,E);if(d[z]=!0,!P.valid&&(B=a,T.push({instanceLocation:s,keyword:"items",keywordLocation:E,error:"Items did not match schema."},...P.errors),B))break}if(!B&&Ep!==void 0){let P=`${c}/additionalItems`;for(;z<j;z++){let H=fe(e[z],Ep,r,n,a,i,`${s}/${z}`,P);d[z]=!0,H.valid||(B=a,T.push({instanceLocation:s,keyword:"additionalItems",keywordLocation:P,error:"Items did not match additional items schema."},...H.errors))}}}if(Op!==void 0)if(j===0&&Nt===void 0)T.push({instanceLocation:s,keyword:"contains",keywordLocation:`${c}/contains`,error:"Array is empty. It must contain at least one item matching the schema."});else if(Nt!==void 0&&j<Nt)T.push({instanceLocation:s,keyword:"minContains",keywordLocation:`${c}/minContains`,error:`Array has less items (${j}) than minContains (${Nt}).`});else{let E=`${c}/contains`,P=T.length,H=0;for(let D=0;D<j;D++){let Ze=fe(e[D],Op,r,n,a,i,`${s}/${D}`,E);Ze.valid?(d[D]=!0,H++):T.push(...Ze.errors)}H>=(Nt||0)&&(T.length=P),Nt===void 0&&Ea===void 0&&H===0?T.splice(P,0,{instanceLocation:s,keyword:"contains",keywordLocation:E,error:"Array does not contain item matching schema."}):Nt!==void 0&&H<Nt?T.push({instanceLocation:s,keyword:"minContains",keywordLocation:`${c}/minContains`,error:`Array must contain at least ${Nt} items matching schema. Only ${H} items were found.`}):Ea!==void 0&&H>Ea&&T.push({instanceLocation:s,keyword:"maxContains",keywordLocation:`${c}/maxContains`,error:`Array may contain at most ${Ea} items matching schema. ${H} items were found.`})}if(!B&&Up!==void 0){let E=`${c}/unevaluatedItems`;for(z;z<j;z++){if(d[z])continue;let P=fe(e[z],Up,r,n,a,i,`${s}/${z}`,E);d[z]=!0,P.valid||T.push({instanceLocation:s,keyword:"unevaluatedItems",keywordLocation:E,error:"Items did not match unevaluated items schema."},...P.errors)}}if(vv)for(let E=0;E<j;E++){let P=e[E],H=typeof P=="object"&&P!==null;for(let D=0;D<j;D++){if(E===D)continue;let Ze=e[D];(P===Ze||H&&(typeof Ze=="object"&&Ze!==null)&&$n(P,Ze))&&(T.push({instanceLocation:s,keyword:"uniqueItems",keywordLocation:`${c}/uniqueItems`,error:`Duplicate items at indexes ${E} and ${D}.`}),E=Number.MAX_SAFE_INTEGER,D=Number.MAX_SAFE_INTEGER)}}}else if(l==="number"){if(r==="4"?(Ur!==void 0&&(so===!0&&e<=Ur||e<Ur)&&T.push({instanceLocation:s,keyword:"minimum",keywordLocation:`${c}/minimum`,error:`${e} is less than ${so?"or equal to ":""} ${Ur}.`}),Or!==void 0&&(co===!0&&e>=Or||e>Or)&&T.push({instanceLocation:s,keyword:"maximum",keywordLocation:`${c}/maximum`,error:`${e} is greater than ${co?"or equal to ":""} ${Or}.`})):(Ur!==void 0&&e<Ur&&T.push({instanceLocation:s,keyword:"minimum",keywordLocation:`${c}/minimum`,error:`${e} is less than ${Ur}.`}),Or!==void 0&&e>Or&&T.push({instanceLocation:s,keyword:"maximum",keywordLocation:`${c}/maximum`,error:`${e} is greater than ${Or}.`}),so!==void 0&&e<=so&&T.push({instanceLocation:s,keyword:"exclusiveMinimum",keywordLocation:`${c}/exclusiveMinimum`,error:`${e} is less than ${so}.`}),co!==void 0&&e>=co&&T.push({instanceLocation:s,keyword:"exclusiveMaximum",keywordLocation:`${c}/exclusiveMaximum`,error:`${e} is greater than or equal to ${co}.`})),Ua!==void 0){let j=e%Ua;Math.abs(0-j)>=11920929e-14&&Math.abs(Ua-j)>=11920929e-14&&T.push({instanceLocation:s,keyword:"multipleOf",keywordLocation:`${c}/multipleOf`,error:`${e} is not a multiple of ${Ua}.`})}}else if(l==="string"){let j=Oa===void 0&&$a===void 0?0:ng(e);Oa!==void 0&&j<Oa&&T.push({instanceLocation:s,keyword:"minLength",keywordLocation:`${c}/minLength`,error:`String is too short (${j} < ${Oa}).`}),$a!==void 0&&j>$a&&T.push({instanceLocation:s,keyword:"maxLength",keywordLocation:`${c}/maxLength`,error:`String is too long (${j} > ${$a}).`}),$p!==void 0&&!new RegExp($p,"u").test(e)&&T.push({instanceLocation:s,keyword:"pattern",keywordLocation:`${c}/pattern`,error:"String does not match pattern."}),ir!==void 0&&Td[ir]&&!Td[ir](e)&&T.push({instanceLocation:s,keyword:"format",keywordLocation:`${c}/format`,error:`String does not match format "${ir}".`})}return{valid:T.length===0,errors:T}}o(fe,"validate");var Di=class{static{o(this,"Validator")}schema;draft;shortCircuit;lookup;constructor(t,r="2019-09",n=!0){this.schema=t,this.draft=r,this.shortCircuit=n,this.lookup=Wt(t)}validate(t){return fe(t,this.schema,this.draft,this.lookup,this.shortCircuit)}addSchema(t,r){r&&(t={...t,$id:r}),Wt(t,this.lookup)}};var zn=class{static{o(this,"CfWorkerJsonSchemaValidator")}constructor(t){this.shortcircuit=t?.shortcircuit??!0,this.draft=t?.draft??"2020-12"}getValidator(t){let r=new Di(t,this.draft,this.shortcircuit);return n=>{let a=r.validate(n);return a.valid?{valid:!0,data:n,errorMessage:void 0}:{valid:!1,data:void 0,errorMessage:a.errors.map(i=>`${i.instanceLocation}: ${i.error}`).join("; ")}}}};function kd(e){return e.length>512?`${e.slice(0,512)}\u2026`:e}o(kd,"truncate");function og(e){return"cause"in e?e.cause:void 0}o(og,"readCause");function Oe(e,t,r){if(!(r instanceof Error)){r!=null&&(e[`${t}Message`]=kd(String(r)));return}e[`${t}Name`]=r.name,e[`${t}Message`]=kd(r.message);let n=og(r);for(let a=1;a<=4&&n instanceof Error;a+=1){let i=a===1?"cause":`cause${a}`;e[`${i}Name`]=n.name,e[`${i}Message`]=kd(n.message),n=og(n)}}o(Oe,"addErrorLogFields");function mt(e){if(e!==void 0)try{return typeof e=="string"?new URL(e).host:e.host}catch{return}}o(mt,"safeHost");function ag(e,t){let r=Object.entries(t).filter(n=>n[1]!==void 0);r.length!==0&&e.log.setLogProperties?.(Object.fromEntries(r))}o(ag,"setLogProperties");function Ed(e,t){ag(e,{subjectId:t.subjectId})}o(Ed,"applyGatewayPrincipalLogProperties");function ig(e,t){ag(e,{upstreamServerId:t.upstreamServerId,virtualServerId:t.virtualServerId})}o(ig,"applyGatewayRouteLogProperties");var Mn={runtime:{invalid_request:{code:"invalid_request",seam:"runtime",status:400,title:"Bad Request",publicDetail:"The request did not match the route contract.",oauthError:"invalid_request"},forbidden:{code:"forbidden",seam:"runtime",status:403,title:"Forbidden",publicDetail:"The request is not allowed.",oauthError:"invalid_request"},not_found:{code:"not_found",seam:"runtime",status:404,title:"Not Found",publicDetail:"The requested resource was not found.",oauthError:"invalid_request"},internal_server_error:{code:"internal_server_error",seam:"runtime",status:500,title:"Internal Server Error",publicDetail:"The gateway failed to process the request.",oauthError:"server_error"}},config:{virtual_server_not_enabled:{code:"virtual_server_not_enabled",seam:"config",status:404,title:"Not Found",publicDetail:"The requested virtual server is not enabled."},unknown_upstream_server:{code:"unknown_upstream_server",seam:"config",status:400,title:"Bad Request",publicDetail:"The requested upstream server is not configured.",oauthError:"invalid_request"},unknown_virtual_server:{code:"unknown_virtual_server",seam:"config",status:400,title:"Bad Request",publicDetail:"The requested virtual server is not configured.",oauthError:"invalid_target"},unknown_auth_profile:{code:"unknown_auth_profile",seam:"config",status:400,title:"Bad Request",publicDetail:"The requested upstream auth profile is not configured.",oauthError:"invalid_request"},virtual_server_upstream_mismatch:{code:"virtual_server_upstream_mismatch",seam:"config",status:400,title:"Bad Request",publicDetail:"The requested virtual server does not belong to the selected upstream server.",oauthError:"invalid_request"}},downstream_auth:{authentication_required:{code:"authentication_required",seam:"downstream_auth",status:401,title:"Unauthorized",publicDetail:"Authentication is required to access this route.",oauthError:"invalid_client"},identity_context_missing:{code:"identity_context_missing",seam:"downstream_auth",status:403,title:"Forbidden",publicDetail:"Authenticated requests must include a gateway principal subject.",oauthError:"invalid_request"}},downstream_oauth:{browser_login_verification_failed:{code:"browser_login_verification_failed",seam:"downstream_oauth",status:400,title:"Connection failed",publicDetail:"The gateway could not verify the browser login response. Retry the login flow.",callbackFailure:!0,oauthError:"invalid_request"}},upstream_auth:{provider_access_denied:{code:"provider_access_denied",seam:"upstream_auth",status:400,title:"Connection failed",publicDetail:"The upstream authorization request was denied. Start the connection flow again.",callbackFailure:!0,oauthError:"invalid_request"},oauth_state_invalid:{code:"oauth_state_invalid",seam:"upstream_auth",status:400,title:"Connection failed",publicDetail:"The upstream connection request could not be verified. Start the connection flow again.",callbackFailure:!0,oauthError:"invalid_request"},oauth_state_expired:{code:"oauth_state_expired",seam:"upstream_auth",status:400,title:"Connection failed",publicDetail:"The upstream connection request expired. Start the connection flow again.",callbackFailure:!0,oauthError:"invalid_request"},oauth_state_reused:{code:"oauth_state_reused",seam:"upstream_auth",status:400,title:"Connection failed",publicDetail:"This upstream connection request was already used. Start the connection flow again.",callbackFailure:!0,oauthError:"invalid_request"},oauth_callback_mismatch:{code:"oauth_callback_mismatch",seam:"upstream_auth",status:400,title:"Connection failed",publicDetail:"The upstream callback did not match the initiating connection request.",callbackFailure:!0,oauthError:"invalid_request"},upstream_token_exchange_failed:{code:"upstream_token_exchange_failed",seam:"upstream_auth",status:400,title:"Connection failed",publicDetail:"The gateway could not complete the upstream token exchange. Retry the connection flow.",callbackFailure:!0,oauthError:"invalid_request"},upstream_client_registration_required:{code:"upstream_client_registration_required",seam:"upstream_auth",status:400,title:"Upstream OAuth client registration required",publicDetail:"The upstream authorization server supports neither gateway-hosted Client ID Metadata Documents nor Dynamic Client Registration. Register an upstream OAuth client manually before retrying.",oauthError:"invalid_request"},upstream_token_response_invalid:{code:"upstream_token_response_invalid",seam:"upstream_auth",status:400,title:"Connection failed",publicDetail:"The upstream token response was invalid. Retry the connection flow.",callbackFailure:!0,oauthError:"invalid_request"}},upstream_mcp:{upstream_capability_invocation_failed:{code:"upstream_capability_invocation_failed",seam:"upstream_mcp",status:502,title:"Bad Gateway",publicDetail:"The upstream capability invocation failed. Retry later or reconnect the upstream if the issue persists."},upstream_import_failed:{code:"upstream_import_failed",seam:"upstream_mcp",status:502,title:"Bad Gateway",publicDetail:"The upstream capability import failed. Retry later or reconnect the upstream if the issue persists."}}},sg={...Mn.runtime,...Mn.config,...Mn.downstream_auth,...Mn.downstream_oauth,...Mn.upstream_auth,...Mn.upstream_mcp};function Qo(e){return typeof e=="string"&&Object.hasOwn(sg,e)}o(Qo,"isGatewayProblemCode");function Hi(e){return Qo(e)&&Qe(e).callbackFailure===!0}o(Hi,"isGatewayCallbackFailureCode");function Qe(e){return sg[e]}o(Qe,"readGatewayProblemDefinition");function Ud(e){switch(e){case 400:return"invalid_request";case 401:return"authentication_required";case 403:return"forbidden";case 404:return"not_found";default:return"internal_server_error"}}o(Ud,"readDefaultGatewayProblemCodeForStatus");var cg="gatewayCode";function ug(e){let t=Qe(e);return{title:t.title,body:t.publicDetail}}o(ug,"readGatewayCallbackFailureContent");function he(e){if(!(e instanceof qa))return;let t=e.extensionMembers?.[cg];return Qo(t)?t:void 0}o(he,"readGatewayProblemCode");function g(e,t,r){let n=typeof e=="string"?{code:e,...t===void 0?{}:{publicDetail:t,privateDetail:t},...r===void 0?{}:{cause:r}}:e,a=Qe(n.code),i=n.privateDetail??(Li(n.code)?n.publicDetail??a.publicDetail:a.publicDetail),s=mT(n);return new qa({message:i,extensionMembers:{[cg]:n.code}},s===void 0?void 0:{cause:s})}o(g,"createGatewayRuntimeError");async function ft(e,t,r){let n=Qe(r.code),a=fT(r.code,r.detail),i=Li(r.code)?r.title??n.title:n.title,c={problem:{...uo.getProblemFromStatus(n.status,{detail:a,instance:r.instance,type:r.type}),...r.extensions??{},status:n.status,title:i,detail:a,code:r.code}};return r.headers!==void 0&&(c.additionalHeaders=r.headers),uo.format(c,e,t)}o(ft,"gatewayProblemResponse");function Li(e){return Qe(e).status<500}o(Li,"canExposeGatewayProblemDetail");function mT(e){return!e.privateDetail||Li(e.code)?e.cause:e.cause===void 0?new Error(e.privateDetail):new Error(e.privateDetail,{cause:e.cause})}o(mT,"readRuntimeErrorCause");function fT(e,t){let r=Qe(e);return Li(e)&&t||r.publicDetail}o(fT,"readSafeGatewayProblemDetail");ie();var hT=["shared-oauth","user_oauth","static_secret","user-secret","shared-secret"],gT=["none","client_secret_basic","client_secret_post"],Xe=u.string().min(1).brand(),Pe=u.string().min(1).brand(),et=u.string().min(1).brand(),Ot=u.string().min(1).brand(),Bi=u.enum(hT),Od=u.enum(gT),Gi=u.string().trim().min(1).regex(/^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/,"must be a valid HTTP header name"),$d=u.object({name:Gi,value:u.string().min(1).optional(),required:u.boolean().default(!0)}).strict();var zd=new Map;function Vi(e){zd.set(e.policyType,e)}o(Vi,"registerMcpAuthorizationPolicy");function Md(e){if(e!==void 0)return zd.get(e)}o(Md,"getMcpAuthorizationPolicy");function Fi(e){return Md(e)!==void 0}o(Fi,"isRegisteredMcpAuthorizationPolicyType");function qd(){return[...zd.keys()]}o(qd,"listMcpAuthorizationPolicyTypes");ie();var pg=Xe,yT=u.object({mode:u.literal("auto")}).strict(),ST=u.object({mode:u.literal("manual"),clientId:u.string().trim().min(1),clientSecret:u.string().min(1).optional(),tokenEndpointAuthMethod:Od.default("client_secret_basic")}).strict().superRefine((e,t)=>{e.tokenEndpointAuthMethod!=="none"&&!e.clientSecret&&t.addIssue({code:u.ZodIssueCode.custom,message:`${e.tokenEndpointAuthMethod} requires clientSecret`,path:["clientSecret"]})}),mg=u.discriminatedUnion("mode",[yT,ST]),_T=mg.default({mode:"auto"}),Nd=u.object({scopes:u.array(u.string().min(1)).default([]),scopeDelimiter:u.string().min(1).default(" "),clientRegistration:_T}).strict(),dg=Nd.extend({redirectPath:u.string().startsWith("/auth/connections/")}).strict(),fg=new Set(["connection","content-length","cookie","host","proxy-authenticate","proxy-authorization","sec-websocket-key","set-cookie","te","trailer","transfer-encoding","upgrade"]),wT=new Set([...fg,"accept","authorization","content-type","mcp-protocol-version","mcp-session-id","proxy-connection"]),vT=u.object({kind:u.literal("bearer_token"),token:u.string().min(1)}).strict(),bT=u.object({kind:u.literal("headers"),headers:u.array(u.object({name:Gi,value:u.string().min(1)}).strict()).min(1)}).strict().superRefine((e,t)=>{let r=new Set;for(let[n,a]of e.headers.entries()){let i=a.name.toLowerCase();fg.has(i)&&t.addIssue({code:u.ZodIssueCode.custom,message:`Header ${a.name} is not allowed for static secret injection`,path:["headers",n,"name"]}),r.has(i)&&t.addIssue({code:u.ZodIssueCode.custom,message:`Duplicate static secret header ${a.name}`,path:["headers",n,"name"]}),r.add(i)}}),jd=u.discriminatedUnion("kind",[vT,bT]),RT=u.object({kind:u.literal("basic_auth_app_password"),usernameLabel:u.string().min(1).default("Username"),passwordLabel:u.string().min(1).default("App password")}).strict(),CT=u.object({kind:u.literal("bearer_token"),label:u.string().min(1).default("API key"),capture:u.enum(["browser_login"]).optional()}).strict(),Dd=u.discriminatedUnion("kind",[RT,CT]),Hd=u.object({kind:u.literal("bearer_token"),label:u.string().min(1).default("API key")}).strict(),IT=u.discriminatedUnion("mode",[u.object({mode:u.literal("shared-oauth"),oauth:dg}).strict(),u.object({mode:u.literal("user_oauth"),oauth:dg}).strict(),u.object({mode:u.literal("static_secret"),secret:jd}).strict(),u.object({mode:u.literal("user-secret"),secret:Dd}).strict(),u.object({mode:u.literal("shared-secret"),secret:Hd}).strict()]),PT=u.object({baseUrl:u.url(),resourceMetadataUrl:u.url(),requestHeaders:u.array($d).default([])}).strict().superRefine((e,t)=>{let r=new Set;for(let[n,a]of e.requestHeaders.entries()){let i=a.name.toLowerCase();wT.has(i)&&t.addIssue({code:u.ZodIssueCode.custom,message:`Header ${a.name} is not allowed for native MCP transport request headers`,path:["requestHeaders",n,"name"]}),r.has(i)&&t.addIssue({code:u.ZodIssueCode.custom,message:`Duplicate native MCP transport request header ${a.name}`,path:["requestHeaders",n,"name"]}),r.add(i)}}),YG=u.object({displayName:u.string().min(1),description:u.string().min(1).optional(),serverInfo:fn.optional(),authProfiles:u.record(et,IT),transport:PT}).strict().superRefine((e,t)=>{Object.keys(e.authProfiles).length===0&&t.addIssue({code:u.ZodIssueCode.custom,message:"authProfiles must contain at least one profile",path:["authProfiles"]})}),xT=u.object({"shared-oauth":Nd.optional(),user_oauth:Nd.optional(),static_secret:u.object({secret:jd}).strict().optional(),"user-secret":u.object({secret:Dd}).strict().optional(),"shared-secret":u.object({secret:Hd}).strict().optional()}).strict().superRefine((e,t)=>{Object.values(e).every(r=>r===void 0)&&t.addIssue({code:u.ZodIssueCode.custom,message:"authProfiles must contain at least one upstream auth profile"})}),lg=u.object({id:pg,displayName:u.string().min(1),description:u.string().min(1).optional(),serverInfo:fn.optional(),mcpUrl:u.url(),protectedResourceMetadataUrl:u.url(),requestHeaders:u.array($d).default([]),authProfiles:xT}).strict(),AT=u.object({name:Gi,value:u.string().min(1).optional(),required:u.boolean().default(!0)}).strict(),Zi={id:pg.optional(),displayName:u.string().min(1),summary:u.string().min(1).optional(),serverInfo:fn.optional(),mcpUrl:u.url(),protectedResourceMetadataUrl:u.url().optional(),requestHeaders:u.array(AT).default([])},TT=u.discriminatedUnion("authMode",[u.object({...Zi,authMode:u.enum(["shared-oauth","user_oauth"]),scopes:u.array(u.string().min(1)).default([]),scopeDelimiter:u.string().min(1).default(" "),clientRegistration:mg.optional(),clientId:u.string().trim().min(1).optional(),clientSecret:u.string().min(1).optional(),tokenEndpointAuthMethod:Od.optional()}).strict(),u.object({...Zi,authMode:u.literal("static_secret"),secret:jd}).strict(),u.object({...Zi,authMode:u.literal("user-secret"),secret:Dd}).strict(),u.object({...Zi,authMode:u.literal("shared-secret"),secret:Hd}).strict()]);function hg(e){throw g("internal_server_error",e)}o(hg,"throwGatewayConfigError");function kT(e){let t="mcp-upstream-";return e.startsWith(t)||hg(`Upstream policy ${e} must use the ${t}{upstream-id} naming convention when id is omitted.`),Xe.parse(e.slice(t.length))}o(kT,"inferUpstreamConnectionIdFromPolicyName");function ET(e){let t=new URL(e),r=t.pathname==="/"?"":t.pathname;return`${t.origin}/.well-known/oauth-protected-resource${r}`}o(ET,"buildDefaultProtectedResourceMetadataUrl");function qn(e,t){return et.parse(`${e}:${t}`)}o(qn,"buildUpstreamAuthProfileId");function Ki(e,t){let r=lg.safeParse(e);if(r.success)return r.data;let n=TT.parse(e),a=n.id??(t===void 0?void 0:kT(t));a===void 0&&hg("Upstream policy options must include id when policy name is unavailable.");let i=n.requestHeaders.map(c=>({name:c.name,value:c.value,required:c.required})),s=(()=>{switch(n.authMode){case"shared-oauth":case"user_oauth":{let c=n.clientRegistration??(n.clientId===void 0?{mode:"auto"}:{mode:"manual",clientId:n.clientId,...n.clientSecret===void 0?{}:{clientSecret:n.clientSecret},...n.tokenEndpointAuthMethod===void 0?{}:{tokenEndpointAuthMethod:n.tokenEndpointAuthMethod}});return{[n.authMode]:{scopes:n.scopes,scopeDelimiter:n.scopeDelimiter,clientRegistration:c}}}case"static_secret":case"user-secret":case"shared-secret":return{[n.authMode]:{secret:n.secret}}}})();return lg.parse({id:a,displayName:n.displayName,...n.summary===void 0?{}:{description:n.summary},...n.serverInfo===void 0?{}:{serverInfo:n.serverInfo},mcpUrl:n.mcpUrl,protectedResourceMetadataUrl:n.protectedResourceMetadataUrl??ET(n.mcpUrl),requestHeaders:i,authProfiles:s})}o(Ki,"parseUpstreamConnectionPolicyOptions");function gg(e){return e.mode==="shared-oauth"||e.mode==="user_oauth"}o(gg,"isUpstreamOAuthAuthConfig");ie();var UT=u.looseObject({name:u.string().min(1),version:u.string().min(1).optional()}),OT=u.looseObject({}),$T=u.looseObject({name:Ot,namespace:Ot.optional(),upstreamPolicy:u.string().min(1).optional(),enabled:u.boolean().optional(),inputSchema:OT}),zT=u.looseObject({name:Ot,namespace:Ot.optional(),upstreamPolicy:u.string().min(1).optional(),enabled:u.boolean().optional()}),MT=u.looseObject({name:Ot,uri:u.string().min(1),upstreamPolicy:u.string().min(1).optional(),upstreamUri:u.string().min(1).optional(),enabled:u.boolean().optional()}),qT=u.enum(["openapi","upstream_mcp"]),NT=u.object({catalogSource:qT.default("openapi"),serverInfo:UT.optional(),tools:u.array($T).default([]),prompts:u.array(zT).default([]),resources:u.array(MT).default([])}).strict();function yg(e){return NT.parse(e??{})}o(yg,"parseVirtualServerRouteOptions");function Wi(e){let{enabled:t,upstreamName:r,upstreamPolicyName:n,...a}=e;return a}o(Wi,"toMcpTool");function Ji(e){let{enabled:t,upstreamName:r,upstreamPolicyName:n,...a}=e;return a}o(Ji,"toMcpPrompt");function Yi(e){let{enabled:t,upstreamPolicyName:r,upstreamUri:n,...a}=e;return a}o(Yi,"toMcpResource");var jT="mcp-upstream-connection-inbound",Sg="/mcp/";function He(e){throw new jt(e)}o(He,"throwRegistryError");function _g(e){return e.policyType===jT}o(_g,"isUpstreamConnectionPolicy");function DT(e){return Fi(e.policyType)}o(DT,"isMcpOAuthInboundPolicy");function HT(e){e.startsWith(Sg)||He(`MCP virtual server route ${e} must use a /mcp/{virtualServerId} path.`);let t=e.slice(Sg.length);return(!t||t.includes("/"))&&He(`MCP virtual server route ${e} must use exactly one /mcp/{virtualServerId} path segment.`),Pe.parse(t)}o(HT,"readVirtualServerIdFromPath");function LT(e){let t=Object.keys(e.connection.authProfiles);t.length!==1&&He(`Upstream policy ${e.policyName} must declare exactly one auth mode; found ${t.length}.`);let r=t[0];return r===void 0&&He(`Upstream policy ${e.policyName} does not declare an auth mode.`),Bi.parse(r)}o(LT,"readSingleAuthMode");function BT(e){let t=e.connection.authProfiles[e.authMode];t||He(`Upstream connection ${e.connection.id} does not declare auth mode ${e.authMode}.`);let r=`/auth/connections/${encodeURIComponent(e.connection.id)}/callback`;switch(e.authMode){case"shared-oauth":case"user_oauth":{let n=t;return{mode:e.authMode,oauth:{scopes:n.scopes,scopeDelimiter:n.scopeDelimiter,redirectPath:r,clientRegistration:n.clientRegistration}}}case"static_secret":return{mode:"static_secret",secret:t.secret};case"user-secret":return{mode:"user-secret",secret:t.secret};case"shared-secret":return{mode:"shared-secret",secret:t.secret}}}o(BT,"buildResolvedAuthConfig");function GT(e){let t=LT({policyName:e.policyName,connection:e.connection}),r=qn(e.connection.id,t),n=BT({connection:e.connection,authMode:t,authProfileId:r}),a={displayName:e.connection.displayName,...e.connection.description===void 0?{}:{description:e.connection.description},...e.connection.serverInfo===void 0?{}:{serverInfo:e.connection.serverInfo},authProfiles:{[r]:n},transport:{baseUrl:e.connection.mcpUrl,resourceMetadataUrl:e.connection.protectedResourceMetadataUrl,requestHeaders:e.connection.requestHeaders}};return{policyName:e.policyName,upstreamServerId:e.connection.id,config:a,authMode:t,authProfileId:r,authConfig:n}}o(GT,"buildRegisteredConnection");function VT(e){let t=new Map;for(let r of e)t.has(r.name)&&He(`Duplicate policy name ${r.name} in policies.json.`),t.set(r.name,{name:r.name,policyType:r.policyType,handler:{options:r.handler.options}});return t}o(VT,"buildPolicyMap");function FT(e){let t=new Map,r=new Set;for(let n of e.values()){if(!_g(n))continue;let a=Ki(n.handler.options,n.name);r.has(a.id)&&He(`Duplicate upstream MCP connection id ${a.id} in policies.json.`),r.add(a.id);let i=GT({policyName:n.name,connection:a});t.set(n.name,i)}return t}o(FT,"buildConnectionsByPolicyName");function ZT(e){if(typeof e.raw!="function")return;let t=e.raw();if(!(!t||typeof t.operationId!="string"||t.operationId===""))return t.operationId}o(ZT,"readOperationId");function wg(e){let t=e.namespace===void 0?e.name:`${e.namespace}.${e.name}`;try{return Ot.parse(t)}catch{He(`MCP virtual server route ${e.routePath} declares invalid published capability name ${t}.`)}}o(wg,"buildPublishedCapabilityName");function Bd(e){if(e.authoredPolicyName!==void 0)return e.connections.find(r=>r.policyName===e.authoredPolicyName)||He(`MCP virtual server route ${e.routePath} declares capability ${e.capabilityName} for upstream policy ${e.authoredPolicyName}, but that policy is not bound to the route.`),e.authoredPolicyName;if(e.connections.length===1)return e.connections[0]?.policyName;He(`MCP virtual server route ${e.routePath} declares aggregate capability ${e.capabilityName} without upstreamPolicy.`)}o(Bd,"readCapabilityUpstreamPolicy");function Ld(e){e.seen.has(e.key)&&He(`MCP virtual server route ${e.routePath} declares duplicate ${e.kind} ${e.key}.`),e.seen.add(e.key)}o(Ld,"assertUniqueCatalogKey");function KT(e){let{namespace:t,upstreamPolicy:r,...n}=e.tool,a=wg({name:e.tool.name,namespace:e.tool.namespace,routePath:e.routePath});return{...n,name:a,upstreamName:e.tool.name,upstreamPolicyName:Bd({authoredPolicyName:r,capabilityName:a,connections:e.connections,routePath:e.routePath})}}o(KT,"normalizeCatalogTool");function WT(e){let{namespace:t,upstreamPolicy:r,...n}=e.prompt,a=wg({name:e.prompt.name,namespace:e.prompt.namespace,routePath:e.routePath});return{...n,name:a,upstreamName:e.prompt.name,upstreamPolicyName:Bd({authoredPolicyName:r,capabilityName:a,connections:e.connections,routePath:e.routePath})}}o(WT,"normalizeCatalogPrompt");function JT(e){let{upstreamPolicy:t,...r}=e.resource;return{...r,upstreamUri:e.resource.upstreamUri??e.resource.uri,upstreamPolicyName:Bd({authoredPolicyName:t,capabilityName:e.resource.uri,connections:e.connections,routePath:e.routePath})}}o(JT,"normalizeCatalogResource");function YT(e){let t=e.catalog.catalogSource,r=e.catalog.tools.map(d=>KT({tool:d,connections:e.connections,routePath:e.routePath})),n=e.catalog.prompts.map(d=>WT({prompt:d,connections:e.connections,routePath:e.routePath})),a=e.catalog.resources.map(d=>JT({resource:d,connections:e.connections,routePath:e.routePath})),i=new Set;for(let d of r)Ld({kind:"tool",key:d.name,routePath:e.routePath,seen:i});let s=new Set;for(let d of n)Ld({kind:"prompt",key:d.name,routePath:e.routePath,seen:s});let c=new Set;for(let d of a)Ld({kind:"resource",key:String(d.uri),routePath:e.routePath,seen:c});return{catalogSource:t,...e.catalog.serverInfo===void 0?{}:{serverInfo:e.catalog.serverInfo},tools:r,prompts:n,resources:a}}o(YT,"normalizeVirtualServerCatalog");function QT(e){let t=new Map,r=new Set;for(let n of e.routes){let a=n.policies?.inbound??[];if(a.length===0)continue;let i=a[0],s=i===void 0?void 0:e.policyByName.get(i);if(!s||!DT(s))continue;let c=ZT(n);c||He(`MCP virtual server route ${n.path} must declare an operationId in routes.oas.json.`),r.has(c)&&He(`Duplicate MCP virtual server operationId ${c} across routes.`),r.add(c);let d=HT(n.path);t.has(d)&&He(`Duplicate MCP virtual server id ${d} across routes.`);let p=[];for(let h of a.slice(1)){let y=e.policyByName.get(h);if(!y||!_g(y))continue;let _=e.connectionsByPolicyName.get(h);_||He(`Upstream connection policy ${h} referenced by route ${n.path} could not be resolved.`),p.push(_)}let l=yg(n.handler.options),m=YT({catalog:l,connections:p,routePath:n.path});m.catalogSource==="upstream_mcp"&&p.length!==1&&He(`MCP virtual server route ${n.path} uses upstream MCP catalog mode but declares ${p.length} upstream bindings; upstream MCP catalog mode requires exactly one upstream binding.`),t.set(d,{virtualServerId:d,operationId:c,routePath:n.path,handlerExport:n.handler.export,serverInfo:m.serverInfo,catalog:m,connections:p})}return t}o(QT,"buildVirtualServers");function vg(e){let t=VT(e.policies),r=FT(t),n=QT({routes:e.routes,policyByName:t,connectionsByPolicyName:r}),a=new Map;for(let i of r.values())a.set(i.upstreamServerId,i);return{byVirtualServerId:n,connectionsById:a}}o(vg,"buildGatewayConnectionRegistry");var Qi;function bg(e){Qi=e}o(bg,"setGatewayConnectionRegistry");function ht(){if(!Qi)throw g("internal_server_error","MCP gateway connection registry has not been initialized. Ensure routes.oas.json declares at least one MCP virtual server route and policies.json registers an `mcp-oauth-inbound` (or wrapper) policy.");return Qi}o(ht,"getGatewayConnectionRegistry");function Rg(e){let t=ht().byVirtualServerId.get(e);if(!t)throw g("unknown_virtual_server",`Unknown MCP virtual server: ${e}`);return t}o(Rg,"getRegisteredVirtualServer");function Xo(e){let t=ht().byVirtualServerId.get(e);if(!t)throw g("unknown_virtual_server",`Unknown virtual server: ${e}`);return t}o(Xo,"requireRegisteredVirtualServer");function Cg(){return Qi}o(Cg,"tryGetGatewayConnectionRegistry");var Ig=new Dt("gateway-route");function Pg(e,t){Ig.set(e,t)}o(Pg,"setGatewayRouteContext");function ea(e){return Ig.get(e)}o(ea,"readGatewayRouteContext");function Nn(e){let t=ea(e);if(!t)throw g("internal_server_error","Gateway route context has not been set");return t}o(Nn,"requireGatewayRouteContext");var Fr="2025-06-18";var XT=new Set(["localhost","::1"]);function gt(e){return e.replace(/^\[(.*)\]$/,"$1").replace(/\.+$/,"").toLowerCase()}o(gt,"normalizeHostname");function Le(e){let t=gt(e.hostname);return e.protocol==="http:"&&(XT.has(t)||/^127(?:\.\d{1,3}){3}$/.test(t))}o(Le,"isLoopbackHttpUrl");function ce(e){return new URL(e).origin}o(ce,"readGatewayRequestOrigin");import{metrics as ek,context as Xi,propagation as Ag,SpanKind as Tg,SpanStatusCode as Gd,trace as ta}from"@opentelemetry/api";var tk="mcp-gateway",rk="mcp-gateway",nk=Fr,ok="2.0",kg=ta.getTracer(tk),Vd=ek.getMeter(rk),ak=Vd.createHistogram("mcp.client.operation.duration",{description:"The duration of the MCP request or notification as observed on the sender.",unit:"s"}),ik=Vd.createHistogram("mcp.server.operation.duration",{description:"MCP request or notification duration as observed on the receiver.",unit:"s"}),sk=Vd.createHistogram("mcp.client.session.duration",{description:"The duration of the MCP session as observed on the MCP client.",unit:"s"}),ck=["traceparent","tracestate","baggage"];function Fd(){return performance.now()/1e3}o(Fd,"nowSeconds");function Eg(e,t){t(Math.max(Fd()-e,0))}o(Eg,"recordDurationSeconds");function xg(e){return e===void 0?void 0:String(e)}o(xg,"stringifyAttribute");function $e(e,t,r){r!==void 0&&(e[t]=r)}o($e,"assignAttribute");function uk(e){if(e.capabilityType==="tool"||e.capabilityType==="prompt")return e.capabilityName}o(uk,"readTargetName");function Ug(e){let t=uk({kind:"client",...e});return t?`${e.methodName} ${t}`:e.methodName}o(Ug,"buildMcpOperationSpanName");function Zd(e){let t={"mcp.method.name":e.methodName};return $e(t,"jsonrpc.protocol.version",e.jsonRpcProtocolVersion??ok),$e(t,"jsonrpc.request.id",xg(e.jsonRpcRequestId)),$e(t,"mcp.protocol.version",e.mcpProtocolVersion??nk),$e(t,"mcp.session.id",e.mcpSessionId),$e(t,"mcp.resource.uri",e.resourceUri),$e(t,"rpc.response.status_code",xg(e.rpcResponseStatusCode)),$e(t,"error.type",e.errorType),e.capabilityType==="tool"&&($e(t,"gen_ai.operation.name","execute_tool"),$e(t,"gen_ai.tool.name",e.capabilityName)),e.capabilityType==="prompt"&&$e(t,"gen_ai.prompt.name",e.capabilityName),$e(t,"network.protocol.name",e.networkProtocolName?.toLowerCase()),$e(t,"network.protocol.version",e.networkProtocolVersion),$e(t,"network.transport",e.networkTransport),$e(t,"server.address",e.serverAddress),$e(t,"server.port",e.serverPort),$e(t,"client.address",e.clientAddress),$e(t,"client.port",e.clientPort),t}o(Zd,"buildMcpOperationAttributes");function dk(e){let t=Zd({methodName:"initialize",...e});return delete t["mcp.method.name"],t}o(dk,"buildMcpSessionAttributes");function Og(e,t,r){e.setAttribute("error.type",r),e.setStatus({code:Gd.ERROR}),t instanceof Error&&e.recordException(t)}o(Og,"setSpanError");function $g(e){let t=e?.code;return typeof t=="string"||typeof t=="number"?String(t):e instanceof Error?e.name:"_OTHER"}o($g,"readErrorType");function lk(e){let t=e&&typeof e=="object"?e._meta:void 0;return!t||typeof t!="object"?Xi.active():Ag.extract(Xi.active(),t,{get(r,n){let a=r[n];return typeof a=="string"?a:void 0},keys(r){return Object.keys(r)}})}o(lk,"readServerParentContext");function pk(e){let t=ta.getSpanContext(Xi.active()),r=ta.getSpanContext(e);if(!(!t||!ta.isSpanContextValid(t))&&!(r&&ta.isSpanContextValid(r)&&t.traceId===r.traceId&&t.spanId===r.spanId))return[{context:t}]}o(pk,"readAmbientSpanLink");function zg(e){return e&&typeof e=="object"&&e.isError===!0?"tool_error":void 0}o(zg,"readResultErrorType");async function Zr(e,t){let r=Fd(),n=Zd({kind:"client",networkProtocolName:"http",networkTransport:"tcp",...e});return kg.startActiveSpan(Ug(e),{kind:Tg.CLIENT,attributes:n},async a=>{try{let i=await t(),s=zg(i);return s&&(a.setAttribute("error.type",s),a.setStatus({code:Gd.ERROR}),n["error.type"]=s),i}catch(i){let s=e.errorType??$g(i);throw n["error.type"]=s,Og(a,i,s),i}finally{Eg(r,i=>{ak.record(i,n)}),a.end()}})}o(Zr,"runMcpClientOperation");async function Kr(e,t){let r=Fd(),n=lk(e.params),a=Zd({kind:"server",networkProtocolName:"http",networkTransport:"tcp",...e}),i=pk(n);return kg.startActiveSpan(Ug(e),{kind:Tg.SERVER,attributes:a,...i?{links:i}:{}},n,async s=>{try{let c=await t(),d=zg(c);return d&&(s.setAttribute("error.type",d),s.setStatus({code:Gd.ERROR}),a["error.type"]=d),c}catch(c){let d=e.errorType??$g(c);throw a["error.type"]=d,Og(s,c,d),c}finally{Eg(r,c=>{ik.record(c,a)}),s.end()}})}o(Kr,"runMcpServerOperation");function Mg(e){let t={...e??{},_meta:{...e?._meta&&typeof e._meta=="object"?e._meta:{}}};return Ag.inject(Xi.active(),t._meta,{set(r,n,a){ck.includes(n)&&(r[n]=a)}}),t}o(Mg,"injectMcpTraceContextIntoParams");function qg(e,t){let r=dk({kind:"client",networkProtocolName:"http",networkTransport:"tcp",...e});sk.record(Math.max(t,0),r)}o(qg,"recordMcpClientSessionDuration");var Kd=new Dt("route-upstream-bindings");function mk(e){let t=Kd.get(e);if(t)return t;let r={bindings:[]};return Kd.set(e,r),r}o(mk,"readOrCreateRouteUpstreamBindingRegistry");function Ng(e){return`${e.upstreamServerId}:${e.authProfileId}`}o(Ng,"buildRouteBindingDuplicateKey");function Wd(e,t){let r=mk(e),n=Ng(t);if(r.bindings.find(i=>Ng(i)===n)!==void 0)throw g("internal_server_error",`Route declares duplicate upstream binding ${t.upstreamServerId} + ${t.authProfileId}.`);r.bindings.push(t)}o(Wd,"appendResolvedUpstreamBindingContext");function jg(e){return Kd.get(e)?.bindings??[]}o(jg,"readResolvedUpstreamBindingContexts");ie();var Q=u.string().datetime({offset:!0}).brand();function ne(e){return Q.parse(e.toISOString())}o(ne,"toIsoTimestamp");function Jt(e,t){return new Date(e.getTime()+t*1e3)}o(Jt,"addSeconds");ie();var ra=u.string().trim().min(1),na={accessTokenTtlSeconds:900,refreshTokenTtlSeconds:2592e3,cimdEnabled:!0},fk=u.object({issuer:u.url(),jwksUrl:u.url(),audience:ra}),hk=u.object({url:u.url(),tokenUrl:u.url().optional(),clientId:ra.optional(),clientSecret:ra.optional(),scope:ra.default("openid profile email"),audience:ra.optional(),remoteTimeoutMs:u.coerce.number().int().positive().default(1e4),stateTtlSeconds:u.coerce.number().int().positive().default(900),sessionTtlSeconds:u.coerce.number().int().positive().default(28800)}).strict(),gk=u.object({accessTokenTtlSeconds:u.coerce.number().int().positive().default(na.accessTokenTtlSeconds),refreshTokenTtlSeconds:u.coerce.number().int().positive().default(na.refreshTokenTtlSeconds),cimdEnabled:u.boolean().default(na.cimdEnabled)}).strict().default(na),yk=u.object({oidc:fk,browserLogin:hk,gateway:gk.optional().default(na)}).strict();function Dg(e){return Sk(e.browserLogin.url)?"local_dev":"federated_oidc"}o(Dg,"readBrowserLoginKind");function Sk(e){let t;try{t=new URL(e)}catch{return!1}return Le(t)&&t.pathname==="/oauth/dev-login"}o(Sk,"isLoopbackDevLoginUrl");function es(e){return yk.parse(e)}o(es,"parseMcpOAuthRuntimeConfig");var Jd;function Hg(e){Jd=e}o(Hg,"setGatewayOAuthConfig");function xe(){if(!Jd)throw g("internal_server_error","MCP gateway OAuth config has not been initialized. An `mcp-oauth-inbound` policy (or a provider-specific wrapper such as `mcp-auth0-oauth-inbound`) must be registered in policies.json so the gateway can derive its OAuth runtime configuration from policy options.");return Jd}o(xe,"getGatewayOAuthConfig");function Ct(e){return ce(e)}o(Ct,"readGatewayOAuthIssuer");ie();var _k=43,wk=128,vk=/^[A-Za-z0-9._~-]+$/,Yd="S256",ts=u.literal(Yd),rs=u.string().min(_k).max(wk).regex(vk);ie();var ns=["none","client_secret_post","client_secret_basic"],bk=[...ns,"private_key_jwt"],Rk=["awaiting_login","awaiting_setup"],Ck=u.string().min(1).brand(),Be=u.string().min(1).brand(),oa=u.uuid().brand(),yt=u.uuid().brand(),os=u.uuid().brand(),Qd=u.enum(ns),Ik=u.enum(bk),Z2=u.enum(Rk),Lg=u.object({client_id:Be,client_name:u.string().min(1),redirect_uris:u.array(u.string().min(1)).min(1),token_endpoint_auth_method:Ik.default("none")}),Xd=u.object({clientId:Be,clientName:u.string().min(1),redirectUris:u.array(u.string().min(1)),tokenEndpointAuthMethod:Qd,hashedClientSecret:u.string().optional(),clientSecretExpiresAt:Q.optional(),clientExpiresAt:Q,revokedAt:Q.optional(),createdAt:Q}),el=u.object({clientId:Be,resource:u.string(),virtualServerId:Pe,subjectId:Ck,scope:u.string(),roles:u.array(u.string()),createdAt:Q,expiresAt:Q}),K2=el.extend({id:yt,redirectUri:u.string(),clientState:u.string().optional(),codeChallenge:u.string(),codeChallengeMethod:ts}),tl=el.extend({id:oa,currentRefreshTokenHash:u.string().optional(),previousRefreshTokenHash:u.string().optional(),revokedAt:Q.optional(),revokedReason:u.string().optional()}),as=el.extend({tokenHash:u.string(),grantId:oa,revokedAt:Q.optional()});function rl(){return yt.parse(crypto.randomUUID())}o(rl,"createDownstreamAuthorizationTransactionId");function nl(){return os.parse(crypto.randomUUID())}o(nl,"createDownstreamBrowserLoginStateId");function Bg(){return oa.parse(crypto.randomUUID())}o(Bg,"createDownstreamGrantId");var ye="mcp:tools";function Gg(e,t){if(e===t)return!0;let r=new URL(e),n=new URL(t);return Le(r)&&Le(n)&&gt(r.hostname)===gt(n.hostname)&&r.pathname===n.pathname&&r.search===n.search}o(Gg,"redirectUriMatchesRegistration");function Vg(e){return Le(e)&&e.pathname==="/oauth/dev-login"}o(Vg,"isLoopbackDevLoginUrl");function is(e,t){return new URL(e,Ct(t)).toString()}o(is,"buildGatewayOAuthUrl");function ol(e){return new URL(`/mcp/${encodeURIComponent(e.virtualServerId)}`,ce(e.requestUrl)).toString()}o(ol,"buildScopedAuthorizationServerIssuer");function Pk(e){return new URL(`/oauth/authorize/mcp/${encodeURIComponent(e.virtualServerId)}`,ce(e.requestUrl)).toString()}o(Pk,"buildScopedAuthorizationEndpoint");function al(e){let t=xe();return{issuer:Ct(e),authorization_endpoint:is("/oauth/authorize",e),token_endpoint:is("/oauth/token",e),registration_endpoint:is("/oauth/register",e),revocation_endpoint:is("/oauth/revoke",e),response_types_supported:["code"],response_modes_supported:["query"],grant_types_supported:["authorization_code","refresh_token"],scopes_supported:[ye],code_challenge_methods_supported:[Yd],token_endpoint_auth_methods_supported:ns,revocation_endpoint_auth_methods_supported:["client_secret_basic","client_secret_post","none"],client_id_metadata_document_supported:t.gateway.cimdEnabled,"x-zuplo-browser-login-kind":Dg(t)}}o(al,"buildAuthorizationServerMetadata");function Fg(e){let t=ol(e);return{...al(e.requestUrl),issuer:t,authorization_endpoint:Pk(e)}}o(Fg,"buildScopedAuthorizationServerMetadata");async function Zg(e,t){try{let r=Pe.parse(e.params.virtualServerId),n=Xo(r);return Response.json(xk(n.virtualServerId,e.url))}catch(r){let n=he(r);return ft(e,t,{code:n==="unknown_virtual_server"?n:"not_found",detail:(r instanceof Error?r.message:void 0)??"The requested protected resource metadata document was not found."})}}o(Zg,"protectedResourceMetadataHandler");function xk(e,t){return{resource:Wr(e,t),resource_name:e,authorization_servers:[ol({virtualServerId:e,requestUrl:t})],bearer_methods_supported:["header"],scopes_supported:[ye],mcp_protocol_version:Fr}}o(xk,"buildProtectedResourceMetadataResponseBody");function Wr(e,t){return new URL(`/mcp/${encodeURIComponent(e)}`,ce(t)).toString()}o(Wr,"buildCanonicalMcpResourceForVirtualServer");function Kg(e,t){return new URL(`/.well-known/oauth-protected-resource/mcp/${encodeURIComponent(e)}`,ce(t)).toString()}o(Kg,"buildProtectedResourceMetadataUrlForVirtualServer");import{base64url as il}from"jose";var Ak="sha256:",Tk=32;function Wg(e){let t=new ArrayBuffer(e.byteLength);return new Uint8Array(t).set(e),t}o(Wg,"copyToArrayBuffer");function Yt(){let e=crypto.getRandomValues(new Uint8Array(Tk));return il.encode(e)}o(Yt,"createOpaqueToken");async function pe(e){let t=await crypto.subtle.digest("SHA-256",Wg(new TextEncoder().encode(e)));return`${Ak}${il.encode(new Uint8Array(t))}`}o(pe,"hashOpaqueValue");async function Jg(e){let t=await crypto.subtle.digest("SHA-256",Wg(new TextEncoder().encode(e)));return il.encode(new Uint8Array(t))}o(Jg,"calculatePkceS256Challenge");ie();var kk=u.record(u.string(),u.unknown()),Yg=u.string().min(1),Ek=u.union([Yg.transform(e=>[e]),u.array(Yg)]),Se=u.string().min(1).brand(),Uk=["zuploSubjectId","zuplo_subject_id","gatewaySubjectId","gateway_subject_id","subjectId","subject_id","https://zuplo.com/subject_id"],Ok=["https://zuplo.com/roles","roles","role","permissions","groups"],Qg=new Dt("gateway-principal");function $k(e){let t=kk.safeParse(e);return t.success?t.data:{}}o($k,"toClaimRecord");function zk(e){return e.issues[0]?.message??"Gateway principal is invalid"}o(zk,"readValidationFailureDetail");function Mk(e,t,r){for(let i of Uk){let s=Se.safeParse(t[i]);if(s.success)return s.data}let n=Se.safeParse(e?.sub);if(!n.success)throw g("identity_context_missing",zk(n.error));let a=typeof t.iss=="string"?t.iss:void 0;return!a||a===Ct(r)?n.data:Se.parse(`${a}|${n.data}`)}o(Mk,"readNormalizedSubjectId");function qk(e){let t=new Set;for(let r of Ok){let n=Ek.safeParse(e[r]);if(n.success)for(let a of n.data)t.add(a)}return t.size>0?[...t]:void 0}o(qk,"readRoles");function jn(e,t){let r=$k(e?.data),n={subjectId:Mk(e,r,t)},a=qk(r);return a&&(n.roles=a),n}o(jn,"parseGatewayPrincipal");function Xg(e){let t=cl(e);if(!t)throw g("identity_context_missing","Gateway principal has not been hydrated");return t}o(Xg,"requireGatewayPrincipal");function ey(e,t){Qg.set(e,t)}o(ey,"setGatewayPrincipal");function cl(e){return Qg.get(e)}o(cl,"readGatewayPrincipal");function ss(e){let r=['realm="OAuth"',`resource_metadata="${sl(Kg(e.virtualServerId,e.requestUrl))}"`];return e.error!==void 0&&r.push(`error="${e.error}"`),e.errorDescription!==void 0&&r.push(`error_description="${sl(e.errorDescription)}"`),e.scope!==void 0&&r.push(`scope="${sl(e.scope)}"`),`Bearer ${r.join(", ")}`}o(ss,"buildGatewayBearerChallenge");function sl(e){let t="";for(let r=0;r<e.length;r+=1){let n=e.charCodeAt(r);n<=31||n===127||(t+=e[r])}return t.replaceAll("\\","\\\\").replaceAll('"','\\"')}o(sl,"sanitizeQuotedHeaderParameter");ie();ie();function cs(e){if(e===void 0||e.length===0)return;if(!e.startsWith("/")||e.startsWith("//"))throw g("invalid_request","returnTo must be a same-origin relative path.");let t=new URL(e,"https://gateway.local");if(t.origin!=="https://gateway.local"||t.username||t.password||t.hash||t.pathname.startsWith("//"))throw g("invalid_request","returnTo must be a same-origin relative path without credentials or fragments.");return`${t.pathname}${t.search}`}o(cs,"parseSafeRelativeReturnTo");ie();var Nk=["user","shared"],Dn=u.enum(Nk);function Cr(e){return{mode:"user",subjectId:e}}o(Cr,"buildUserUpstreamConnectionOwner");function us(){return{mode:"shared"}}o(us,"buildSharedUpstreamConnectionOwner");var ty=u.object({ownerMode:Dn,initiatedBySubjectId:Se,ownerSubjectId:Se.optional(),upstreamServerId:Xe,authProfileId:et,virtualServerId:Pe,returnTo:u.string().min(1).transform(e=>cs(e)).optional()});function ry(e,t){e.ownerMode==="user"&&!e.ownerSubjectId&&t.addIssue({code:u.ZodIssueCode.custom,message:"User-owned state requires ownerSubjectId",path:["ownerSubjectId"]}),e.ownerMode==="shared"&&e.ownerSubjectId&&t.addIssue({code:u.ZodIssueCode.custom,message:"Shared state must not include ownerSubjectId",path:["ownerSubjectId"]})}o(ry,"validateUpstreamOwnerState");var Hn=ty.superRefine(ry),ny=ty.omit({returnTo:!0}).superRefine(ry);function aa(e){return Hn.parse({ownerMode:e.owner.mode,initiatedBySubjectId:e.initiatedBySubjectId,ownerSubjectId:e.owner.mode==="user"?e.owner.subjectId:void 0,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,virtualServerId:e.virtualServerId,returnTo:e.returnTo})}o(aa,"buildUpstreamOwnerState");function Ln(e){if(e.ownerMode==="shared")return us();if(!e.ownerSubjectId)throw g("oauth_state_invalid","User-owned upstream state is missing the owner subject.");return Cr(e.ownerSubjectId)}o(Ln,"resolveUpstreamConnectionOwnerFromState");var jk=["active","not_connected","reconsent_required"],Dk=["basic_auth_app_password","bearer_token"],oy=u.string().trim().min(1).brand(),Bn=u.uuid().brand(),ia=u.uuid().brand(),ul=u.enum(jk),Hk=u.enum(Dk),ay=u.object({encryptedClientInformation:u.string().optional(),encryptedDiscoveryState:u.string().optional(),connectedBySubjectId:Se.optional()}),Lk=ay.extend({encryptedStaticSecret:u.string().optional(),staticSecretKind:Hk.optional(),staticSecretLabel:u.string().min(1).optional(),staticSecretUsername:u.string().min(1).optional()}).strict(),Bk=u.object({id:oy,subjectId:Se.optional(),ownerMode:Dn,upstreamServerId:Xe,authProfileId:et,status:ul,encryptedAccessToken:u.string().min(1).optional(),encryptedRefreshToken:u.string().min(1).optional(),scopes:u.array(u.string()),expiresAt:Q.optional(),metadata:Lk.optional(),createdAt:Q,updatedAt:Q});function dl(e,t){e.ownerMode==="user"&&(e.subjectId||t.addIssue({code:u.ZodIssueCode.custom,message:"User-owned upstream connections require subjectId",path:["subjectId"]})),e.ownerMode==="shared"&&e.subjectId!==void 0&&t.addIssue({code:u.ZodIssueCode.custom,message:"Shared upstream connections must not include subjectId",path:["subjectId"]})}o(dl,"validateUpstreamConnectionOwnerShape");var Gn=Bk.superRefine(dl);function Jr(e){return JSON.stringify([e.owner.mode,e.owner.mode==="user"?e.owner.subjectId:"",e.upstreamServerId,e.authProfileId])}o(Jr,"readUpstreamConnectionLookupKey");var ll=Hn.extend({id:Bn,callbackPath:u.string().min(1),expiresAt:Q,codeVerifier:u.string().optional(),redirectUri:u.url(),returnOrigin:u.url().optional()}).extend(ay.shape);function iy(e){let t=e?.status??"not_connected",r={connected:t==="active",status:t};return e?.updatedAt!==void 0&&(r.updatedAt=e.updatedAt),r}o(iy,"readUpstreamConnectionStatus");function ds(){return oy.parse(`mcpgw2uc_${crypto.randomUUID()}`)}o(ds,"createUpstreamConnectionId");function sy(){return Bn.parse(crypto.randomUUID())}o(sy,"createOAuthStateId");function cy(){return ia.parse(crypto.randomUUID())}o(cy,"createBrowserConnectTicketId");ie();var ml=u.discriminatedUnion("mode",[u.object({mode:u.literal("user"),subjectId:Se}).strict(),u.object({mode:u.literal("shared")}).strict()]),dy=u.object({owner:ml,upstreamServerId:Xe,authProfileId:et}).strict(),ly=u.object({items:u.array(dy).min(1).max(100)}).strict(),fl=u.object({items:u.array(u.object({key:u.object({ownerMode:Dn,subjectId:Se.optional(),upstreamServerId:Xe,authProfileId:et}).strict(),connection:Gn.strict().optional()}).strict())}).strict(),py=Gn.omit({createdAt:!0,updatedAt:!0}).strict().superRefine(dl),my=Gn.strict(),fy=u.object({owner:ml,upstreamServerId:Xe,authProfileId:et}).strict(),hy=u.object({owner:ml,upstreamServerId:Xe,authProfileId:et,connection:Gn.strict().optional(),connectionStatus:u.object({connected:u.boolean(),status:ul,updatedAt:Gn.shape.updatedAt.optional()}).strict()}).strict(),Gk=u.enum(["none","client_secret_basic","client_secret_post"]),Yr=u.object({clientId:Be,clientName:u.string().min(1),tokenEndpointAuthMethod:Gk}).strict(),hl=u.discriminatedUnion("method",[u.object({method:u.literal("none"),clientId:Be}).strict(),u.object({method:u.enum(["client_secret_basic","client_secret_post"]),clientId:Be,clientSecretHashInput:u.string().min(1)}).strict()]),gl=u.object({id:yt,currentStateHash:u.string().min(1),clientId:Be,redirectUri:u.string().min(1),resource:u.string().min(1),virtualServerId:Pe,clientState:u.string().optional(),scope:u.string(),codeChallenge:u.string().min(1),codeChallengeMethod:u.literal("S256"),createdAt:Q,expiresAt:Q,consumedAt:Q.optional()}).strict(),uy=gl.omit({id:!0,consumedAt:!0}).extend({transactionId:yt,client:Yr.optional()}).strict(),yl=u.object({subjectId:Se,roles:u.array(u.string()).optional()}).strict(),Vk=gl.extend({phase:u.literal("awaiting_login")}).strict(),pl=gl.extend({phase:u.literal("awaiting_setup"),principal:yl}).strict(),Fk=u.discriminatedUnion("phase",[Vk,pl]),Sl=u.object({transaction:Fk,client:Yr}).strict(),gy=Xd.omit({revokedAt:!0}).strict(),yy=u.discriminatedUnion("kind",[u.object({kind:u.literal("registered"),client:Yr}).strict(),u.object({kind:u.literal("already_exists")}).strict()]),Sy=u.object({clientId:Be}).strict(),_y=u.discriminatedUnion("kind",[u.object({kind:u.literal("found"),client:Xd.strict()}).strict(),u.object({kind:u.literal("missing")}).strict()]),wy=u.discriminatedUnion("phase",[uy.extend({phase:u.literal("awaiting_login")}).strict(),uy.extend({phase:u.literal("awaiting_setup"),principal:yl}).strict()]),vy=u.discriminatedUnion("kind",[Sl.extend({kind:u.literal("started")}).strict(),u.object({kind:u.literal("invalid_client")}).strict(),u.object({kind:u.literal("redirect_uri_mismatch")}).strict(),u.object({kind:u.literal("already_exists")}).strict()]),by=u.object({transactionId:yt,currentStateHash:u.string().min(1),now:Q}).strict(),Ry=u.discriminatedUnion("kind",[Sl.extend({kind:u.literal("available")}).strict(),u.object({kind:u.literal("stale_hash")}).strict(),u.object({kind:u.literal("consumed")}).strict(),u.object({kind:u.literal("expired")}).strict(),u.object({kind:u.literal("missing")}).strict()]),Cy=u.object({transactionId:yt,expectedPhase:u.literal("awaiting_login"),currentStateHash:u.string().min(1),nextStateHash:u.string().min(1),nextPhase:u.literal("awaiting_setup"),principal:yl,now:Q}).strict(),Iy=u.discriminatedUnion("kind",[Sl.extend({kind:u.literal("advanced")}).strict(),u.object({kind:u.literal("wrong_phase"),current:u.enum(["awaiting_login","awaiting_setup"])}).strict(),u.object({kind:u.literal("stale_hash")}).strict(),u.object({kind:u.literal("consumed")}).strict(),u.object({kind:u.literal("expired")}).strict(),u.object({kind:u.literal("missing")}).strict()]),Py=u.discriminatedUnion("decision",[u.object({decision:u.literal("approve"),transactionId:yt,currentStateHash:u.string().min(1),currentPrincipal:u.object({subjectId:Se}).strict(),authorizationCodeHash:u.string().min(1),authorizationCodeExpiresAt:Q,grantId:oa,now:Q}).strict(),u.object({decision:u.literal("cancel"),transactionId:yt,currentStateHash:u.string().min(1),currentPrincipal:u.object({subjectId:Se}).strict(),now:Q}).strict()]),xy=u.discriminatedUnion("kind",[u.object({kind:u.literal("approved"),transaction:pl,client:Yr}).strict(),u.object({kind:u.literal("cancelled"),transaction:pl,client:Yr}).strict(),u.object({kind:u.literal("principal_mismatch")}).strict(),u.object({kind:u.literal("stale_hash")}).strict(),u.object({kind:u.literal("consumed_already")}).strict(),u.object({kind:u.literal("expired")}).strict(),u.object({kind:u.literal("missing")}).strict()]),Ay=u.object({clientAuth:hl,codeHash:u.string().min(1),redirectUri:u.string().min(1),resource:u.string().min(1).optional(),codeChallenge:u.string().min(1),currentRefreshTokenHash:u.string().min(1),accessTokenHash:u.string().min(1),grantExpiresAt:Q,accessTokenExpiresAt:Q,now:Q}).strict(),Ty=u.discriminatedUnion("kind",[u.object({kind:u.literal("exchanged"),client:Yr,grant:tl.strict()}).strict(),u.object({kind:u.literal("invalid_client")}).strict(),u.object({kind:u.literal("consumed")}).strict(),u.object({kind:u.literal("missing")}).strict(),u.object({kind:u.literal("expired")}).strict(),u.object({kind:u.literal("resource_mismatch")}).strict(),u.object({kind:u.literal("binding_mismatch")}).strict()]),ky=u.object({clientAuth:hl,currentRefreshTokenHash:u.string().min(1),nextRefreshTokenHash:u.string().min(1),accessTokenHash:u.string().min(1),resource:u.string().min(1).optional(),accessTokenExpiresAt:Q,now:Q}).strict(),Ey=u.discriminatedUnion("kind",[u.object({kind:u.literal("rotated"),client:Yr,grant:tl.strict(),accessToken:as.strict(),matched:u.literal("current")}).strict(),u.object({kind:u.literal("invalid_client")}).strict(),u.object({kind:u.literal("missing")}).strict(),u.object({kind:u.literal("expired")}).strict(),u.object({kind:u.literal("resource_mismatch")}).strict(),u.object({kind:u.literal("revoked")}).strict()]),Uy=u.object({clientAuth:hl,tokenHash:u.string().min(1),now:Q}).strict(),Oy=u.discriminatedUnion("kind",[u.object({kind:u.literal("revoked_access_token")}).strict(),u.object({kind:u.literal("revoked_grant")}).strict(),u.object({kind:u.literal("client_mismatch")}).strict(),u.object({kind:u.literal("missing")}).strict(),u.object({kind:u.literal("invalid_client")}).strict()]),$y=u.object({tokenHash:u.string().min(1),now:Q}).strict(),zy=u.discriminatedUnion("kind",[u.object({kind:u.literal("valid"),record:as.strict()}).strict(),u.object({kind:u.literal("missing")}).strict(),u.object({kind:u.literal("expired")}).strict(),u.object({kind:u.literal("revoked")}).strict()]),My=u.object({accessTokenHash:u.string().min(1),resource:u.string().min(1),virtualServerId:Pe,upstreamConnectionKeys:u.array(dy).max(100),now:Q}).strict(),qy=u.discriminatedUnion("kind",[u.object({kind:u.literal("authorized"),principal:u.object({subjectId:Se,roles:u.array(u.string())}).strict(),accessToken:as.strict(),upstreamConnections:fl.shape.items}).strict(),u.object({kind:u.literal("missing")}).strict(),u.object({kind:u.literal("expired")}).strict(),u.object({kind:u.literal("revoked")}).strict(),u.object({kind:u.literal("resource_mismatch")}).strict(),u.object({kind:u.literal("principal_mismatch")}).strict()]),Ny=u.object({record:ll}).strict(),jy=u.object({kind:u.literal("saved")}).strict(),Dy=u.object({id:Bn,now:Q}).strict(),Hy=u.discriminatedUnion("kind",[u.object({kind:u.literal("available"),record:ll}).strict(),u.object({kind:u.literal("consumed")}).strict(),u.object({kind:u.literal("missing")}).strict()]),Ly=u.object({id:ia,expiresAt:Q,now:Q}).strict(),By=u.discriminatedUnion("kind",[u.object({kind:u.literal("available")}).strict(),u.object({kind:u.literal("consumed")}).strict()]);var Gy=100;function Vy(e){return e!==null&&typeof e=="object"}o(Vy,"isProblemDetailsShape");var Zk="/zups/v2/mcp/storage";function ze(e){return`${Zk}/${e}`}o(ze,"buildStoragePath");function Kk(){return ze("upstream-connections/batch-get")}o(Kk,"buildBatchGetUpstreamConnectionsPath");function Wk(){return ze("upstream-connections/upsert")}o(Wk,"buildUpsertUpstreamConnectionPath");function Jk(){return ze("authorization/read-setup")}o(Jk,"buildReadAuthorizationSetupPath");function Yk(){return ze("oauth/register-client")}o(Yk,"buildRegisterClientPath");function Qk(){return ze("oauth/read-client")}o(Qk,"buildReadClientPath");function Xk(){return ze("authorization/start")}o(Xk,"buildStartAuthorizationPath");function e0(){return ze("authorization/read-pending")}o(e0,"buildReadPendingAuthorizationPath");function t0(){return ze("authorization/advance-pending")}o(t0,"buildAdvancePendingAuthorizationPath");function r0(){return ze("authorization/decide-setup")}o(r0,"buildDecideAuthorizationSetupPath");function n0(){return ze("token/exchange-authorization-code")}o(n0,"buildExchangeAuthorizationCodePath");function o0(){return ze("token/refresh")}o(o0,"buildRefreshTokenPath");function a0(){return ze("token/revoke")}o(a0,"buildRevokeOAuthTokenPath");function i0(){return ze("token/validate-access-token")}o(i0,"buildValidateAccessTokenPath");function s0(){return ze("mcp/authorize-and-load-connections")}o(s0,"buildAuthorizeAndLoadConnectionsPath");function c0(){return ze("upstream-oauth-state/save")}o(c0,"buildSaveUpstreamOAuthStatePath");function u0(){return ze("upstream-oauth-state/consume")}o(u0,"buildConsumeUpstreamOAuthStatePath");function d0(){return ze("browser-connect-ticket/consume")}o(d0,"buildConsumeBrowserConnectTicketPath");function l0(e,t){return e.ownerMode===t.owner.mode&&(e.subjectId??"")===(t.owner.mode==="user"?t.owner.subjectId:"")&&e.upstreamServerId===t.upstreamServerId&&e.authProfileId===t.authProfileId}o(l0,"responseKeyMatchesLookup");function p0(e,t){return e.owner.mode===t.owner.mode&&(e.owner.mode==="user"?e.owner.subjectId:"")===(t.owner.mode==="user"?t.owner.subjectId:"")&&e.upstreamServerId===t.upstreamServerId&&e.authProfileId===t.authProfileId}o(p0,"authorizationSetupMatchesLookup");function Ky(e,t){return e.ownerMode===t.owner.mode&&(e.subjectId??"")===(t.owner.mode==="user"?t.owner.subjectId:"")&&e.upstreamServerId===t.upstreamServerId&&e.authProfileId===t.authProfileId}o(Ky,"connectionMatchesLookup");function m0(e,t){return e.ownerMode===t.ownerMode&&(e.subjectId??"")===(t.subjectId??"")&&e.upstreamServerId===t.upstreamServerId&&e.authProfileId===t.authProfileId&&e.status===t.status&&(e.encryptedAccessToken??"")===(t.encryptedAccessToken??"")&&(e.encryptedRefreshToken??"")===(t.encryptedRefreshToken??"")&&wl(e.scopes,t.scopes)&&_l(e.expiresAt,t.expiresAt)&&h0(e.metadata,t.metadata)}o(m0,"connectionMatchesUpsertRecord");function _l(e,t){return e===void 0||t===void 0?e===t:Date.parse(e)===Date.parse(t)}o(_l,"optionalTimestampInstantsMatch");function f0(e,t){return Date.parse(e)<=Date.parse(t)}o(f0,"timestampInstantIsAtOrBefore");function wl(e,t){return e.length===t.length&&e.every((r,n)=>r===t[n])}o(wl,"stringArraysMatch");function h0(e,t){let r=Fy(e),n=Fy(t),a=Object.fromEntries(n);return r.length===n.length&&r.every(([i,s])=>a[i]===s)}o(h0,"metadataMatches");function Fy(e){return Object.entries(e??{}).filter(t=>t[1]!==void 0)}o(Fy,"definedMetadataEntries");function be(e,t){throw g({code:"internal_server_error",privateDetail:e,cause:t})}o(be,"throwInvalidStorageResponse");async function g0(e,t){try{let r=await e.json();return r&&typeof r=="object"&&!Array.isArray(r)&&delete r.$schema,t.parse(r)}catch(r){be("Gateway Service storage response did not match the runtime storage contract.",r)}}o(g0,"parseRuntimeHttpStorageResponse");function Wy(e,t){e.length!==t.length&&be("Gateway Service storage response item count did not match the request.");for(let[r,n]of e.entries()){let a=t[r];l0(n.key,a)||be("Gateway Service storage response key did not match the request."),n.connection!==void 0&&!Ky(n.connection,a)&&be("Gateway Service storage response connection did not match the response key.")}}o(Wy,"validateUpstreamConnectionItemsMatchLookups");function y0(e,t){p0(e,t)||be("Gateway Service storage response authorization setup did not match the request."),e.connection!==void 0&&!Ky(e.connection,t)&&be("Gateway Service storage response authorization setup connection did not match the request.");let r=e.connection?.status==="active",n=e.connection?.status??"not_connected",a=e.connection?.updatedAt;(e.connectionStatus.connected!==r||e.connectionStatus.status!==n||!_l(e.connectionStatus.updatedAt,a))&&be("Gateway Service storage response authorization setup status did not match the connection.")}o(y0,"validateAuthorizationSetupResponseMatchesLookup");function S0(e,t){e.kind==="registered"&&(e.client.clientId!==t.clientId||e.client.clientName!==t.clientName||e.client.tokenEndpointAuthMethod!==t.tokenEndpointAuthMethod)&&be("Gateway Service storage response registered client did not match the request.")}o(S0,"validateRegisterClientResponseMatchesRequest");function _0(e,t){e.kind==="found"&&e.client.clientId!==t.clientId&&be("Gateway Service storage response client did not match the request.")}o(_0,"validateReadClientResponseMatchesRequest");function w0(e,t){e.kind==="started"&&((e.transaction.id!==t.transactionId||e.transaction.currentStateHash!==t.currentStateHash||e.transaction.phase!==t.phase||e.transaction.clientId!==t.clientId||e.transaction.redirectUri!==t.redirectUri||e.transaction.resource!==t.resource||e.transaction.virtualServerId!==t.virtualServerId||(e.transaction.clientState??"")!==(t.clientState??"")||e.transaction.scope!==t.scope||e.transaction.codeChallenge!==t.codeChallenge||e.transaction.codeChallengeMethod!==t.codeChallengeMethod)&&be("Gateway Service storage response started authorization did not match the request."),t.phase==="awaiting_setup"&&(e.transaction.phase!=="awaiting_setup"||e.transaction.principal.subjectId!==t.principal.subjectId)&&be("Gateway Service storage response started authorization principal did not match the request."))}o(w0,"validateStartAuthorizationResponseMatchesRequest");function Zy(e,t){e.kind!=="available"&&e.kind!=="advanced"||((e.transaction.id!==t.transactionId||e.transaction.currentStateHash!==("nextStateHash"in t?t.nextStateHash:t.currentStateHash))&&be("Gateway Service storage response pending authorization did not match the request."),"nextPhase"in t&&(e.transaction.phase!==t.nextPhase||e.transaction.phase!=="awaiting_setup"||e.transaction.principal.subjectId!==t.principal.subjectId)&&be("Gateway Service storage response advanced authorization did not match the request."))}o(Zy,"validatePendingAuthorizationResponseMatchesRequest");function v0(e,t){e.kind!=="approved"&&e.kind!=="cancelled"||(e.transaction.id!==t.transactionId||e.transaction.currentStateHash!==t.currentStateHash||e.transaction.principal.subjectId!==t.currentPrincipal.subjectId)&&be("Gateway Service storage response authorization setup transaction did not match the request.")}o(v0,"validateAuthorizationSetupDecisionResponseMatchesRequest");function b0(e,t){e.kind==="exchanged"&&(e.client.clientId!==t.clientAuth.clientId||e.client.tokenEndpointAuthMethod!==t.clientAuth.method||e.grant.clientId!==t.clientAuth.clientId||e.grant.currentRefreshTokenHash!==t.currentRefreshTokenHash||!_l(e.grant.expiresAt,t.grantExpiresAt)||t.resource!==void 0&&e.grant.resource!==t.resource)&&be("Gateway Service storage response authorization-code exchange did not match the request.")}o(b0,"validateExchangeAuthorizationCodeResponseMatchesRequest");function R0(e,t){e.kind==="rotated"&&((e.client.clientId!==t.clientAuth.clientId||e.client.tokenEndpointAuthMethod!==t.clientAuth.method||e.grant.clientId!==t.clientAuth.clientId||e.grant.currentRefreshTokenHash!==t.nextRefreshTokenHash||e.grant.previousRefreshTokenHash!==t.currentRefreshTokenHash||t.resource!==void 0&&e.grant.resource!==t.resource)&&be("Gateway Service storage response token refresh grant did not match the request."),(e.accessToken.tokenHash!==t.accessTokenHash||e.accessToken.grantId!==e.grant.id||!f0(e.accessToken.expiresAt,t.accessTokenExpiresAt)||!P0(e.accessToken,e.grant))&&be("Gateway Service storage response token refresh access token did not match the request."))}o(R0,"validateRefreshTokenResponseMatchesRequest");function C0(e,t){e.kind==="valid"&&e.record.tokenHash!==t.tokenHash&&be("Gateway Service storage response access token did not match the request.")}o(C0,"validateAccessTokenValidationResponseMatchesRequest");function I0(e,t){e.kind==="authorized"&&((e.accessToken.tokenHash!==t.accessTokenHash||e.accessToken.resource!==t.resource||e.accessToken.virtualServerId!==t.virtualServerId||e.principal.subjectId!==e.accessToken.subjectId||!wl(e.principal.roles,e.accessToken.roles))&&be("Gateway Service storage response MCP authorization did not match the request."),Wy(e.upstreamConnections,t.upstreamConnectionKeys))}o(I0,"validateAuthorizeAndLoadConnectionsResponseMatchesRequest");function P0(e,t){return e.clientId===t.clientId&&e.resource===t.resource&&e.virtualServerId===t.virtualServerId&&e.subjectId===t.subjectId&&e.scope===t.scope&&wl(e.roles,t.roles)}o(P0,"accessTokenMatchesGrant");async function x0(e){try{return await e.clone().json()}catch{return}}o(x0,"readProblemDetails");async function A0(e){let t=await x0(e),r=Vy(t)&&typeof t.status=="number"?t.status:e.status,n=Vy(t)&&Qo(t.code)?t.code:Ud(r);throw g({code:n,privateDetail:`Gateway Service storage request failed with HTTP ${r}.`})}o(A0,"throwRuntimeHttpStorageError");var ls=class{static{o(this,"RuntimeHttpStorageClient")}#t;#r;constructor(t){this.#t=t.baseUrl??Np.instance.zuploEdgeApiUrl,this.#r=t.fetch??fetch}async#e(t){let r=t.requestSchema.parse(t.input),n=new URL(t.path,this.#t),a=new Headers({"Content-Type":"application/json"});jp(a);let i=await this.#r(n,{method:"POST",headers:a,body:JSON.stringify(r)});return i.ok||await A0(i),{request:r,response:await g0(i,t.responseSchema)}}async batchGetUpstreamConnections(t){if(t.length===0)return[];let r=[],n=new Map,a=t.map(s=>{let c=Jr(s),d=n.get(c);if(d!==void 0)return d;let p=r.length;return r.push(s),n.set(c,p),p}),i=[];for(let s=0;s<r.length;s+=Gy){let c=r.slice(s,s+Gy);i.push(...await this.#n(c))}return a.map(s=>i[s])}async upsertUpstreamConnection(t){let{request:r,response:n}=await this.#e({input:t,path:Wk(),requestSchema:py,responseSchema:my});return m0(n,r)||be("Gateway Service storage response connection did not match the request."),n}async readAuthorizationSetup(t){let{request:r,response:n}=await this.#e({input:t,path:Jk(),requestSchema:fy,responseSchema:hy});return y0(n,r),n}async registerClient(t){let{request:r,response:n}=await this.#e({input:t,path:Yk(),requestSchema:gy,responseSchema:yy});return S0(n,r),n}async readClient(t){let{request:r,response:n}=await this.#e({input:t,path:Qk(),requestSchema:Sy,responseSchema:_y});return _0(n,r),n}async startAuthorization(t){let{request:r,response:n}=await this.#e({input:t,path:Xk(),requestSchema:wy,responseSchema:vy});return w0(n,r),n}async readPendingAuthorization(t){let{request:r,response:n}=await this.#e({input:t,path:e0(),requestSchema:by,responseSchema:Ry});return Zy(n,r),n}async advancePendingAuthorization(t){let{request:r,response:n}=await this.#e({input:t,path:t0(),requestSchema:Cy,responseSchema:Iy});return Zy(n,r),n}async decideAuthorizationSetup(t){let{request:r,response:n}=await this.#e({input:t,path:r0(),requestSchema:Py,responseSchema:xy});return v0(n,r),n}async saveUpstreamOAuthState(t){let{response:r}=await this.#e({input:t,path:c0(),requestSchema:Ny,responseSchema:jy});return r}async consumeUpstreamOAuthState(t){let{request:r,response:n}=await this.#e({input:t,path:u0(),requestSchema:Dy,responseSchema:Hy});return n.kind==="available"&&n.record.id!==r.id&&be("Gateway Service storage response upstream OAuth state did not match the request."),n}async consumeBrowserConnectTicket(t){let{response:r}=await this.#e({input:t,path:d0(),requestSchema:Ly,responseSchema:By});return r}async exchangeAuthorizationCode(t){let{request:r,response:n}=await this.#e({input:t,path:n0(),requestSchema:Ay,responseSchema:Ty});return b0(n,r),n}async refreshToken(t){let{request:r,response:n}=await this.#e({input:t,path:o0(),requestSchema:ky,responseSchema:Ey});return R0(n,r),n}async revokeOAuthToken(t){let{response:r}=await this.#e({input:t,path:a0(),requestSchema:Uy,responseSchema:Oy});return r}async validateAccessToken(t){let{request:r,response:n}=await this.#e({input:t,path:i0(),requestSchema:$y,responseSchema:zy});return C0(n,r),n}async authorizeAndLoadConnections(t){let{request:r,response:n}=await this.#e({input:t,path:s0(),requestSchema:My,responseSchema:qy});return I0(n,r),n}async#n(t){let r={items:[...t]},{response:n}=await this.#e({input:r,path:Kk(),requestSchema:ly,responseSchema:fl});return Wy(n.items,t),n.items.map(a=>a.connection)}};var T0="__zuploMcpGatewayStorageBackend",vl;function k0(){return new ls({})}o(k0,"buildProductionStorageBackend");function J(){let e=globalThis[T0];return e||(vl||(vl=k0()),vl)}o(J,"getStorage");function bl(e){let t=e.headers.get("authorization"),[r,n]=t?.split(/\s+/,2)??[];if(!(r?.toLowerCase()!=="bearer"||!n))return n}o(bl,"readBearerToken");function E0(e,t,r){return ft(e,t,{code:"authentication_required",detail:"Gateway access token is required.",headers:{"WWW-Authenticate":r}})}o(E0,"gatewayAuthenticationRequiredResponse");async function U0(e,t,r){let n=await J().validateAccessToken({tokenHash:await pe(e),now:ne(new Date)});if(n.kind!=="valid")throw t.log.warn({event:"gateway_access_token_validate_failed",code:"authentication_required",validationKind:n.kind,virtualServerId:r},"Gateway access token validation failed"),g("authentication_required","Gateway access token is expired, revoked, or invalid.");return n.record}o(U0,"validateGatewayAccessToken");function O0(e,t){if(e.accessToken.resource!==e.resource||e.accessToken.virtualServerId!==e.virtualServerId)throw t.log.warn({event:"gateway_access_token_resource_mismatch",code:"authentication_required",expectedResource:e.resource,tokenResource:e.accessToken.resource,expectedVirtualServerId:e.virtualServerId,tokenVirtualServerId:e.accessToken.virtualServerId,clientId:e.accessToken.clientId},"Gateway access token resource does not match the requested MCP resource"),g("authentication_required","Gateway access token was not issued for this MCP resource.")}o(O0,"assertAccessTokenResource");function $0(e,t,r){return ft(e,t,{code:"forbidden",detail:"Gateway access token is missing the required MCP scope.",headers:{"WWW-Authenticate":ss({virtualServerId:r,requestUrl:e.url,error:"insufficient_scope",errorDescription:`The access token is missing the ${ye} scope required by this MCP resource.`,scope:ye})}})}o($0,"insufficientScopeResponse");function z0(e){return{subjectId:e.subjectId,roles:e.roles}}o(z0,"principalFromAccessToken");function M0(e){let t=he(e.error),r={event:"gateway_access_token_rejected",code:t??"authentication_required",virtualServerId:e.virtualServerId};return e.error instanceof Error?(r.errorName=e.error.name,r.errorMessage=e.error.message):e.error!==void 0&&e.error!==null&&(r.errorMessage=String(e.error)),e.context.log.warn(r,"Gateway access token rejected; MCP request denied"),ft(e.request,e.context,{code:t??"authentication_required",detail:e.error instanceof Error?e.error.message:"Gateway access token could not be verified.",headers:{"WWW-Authenticate":ss({virtualServerId:e.virtualServerId,requestUrl:e.request.url,error:"invalid_token",errorDescription:"The access token is expired, malformed, or invalid."})}})}o(M0,"gatewayTokenRejectedResponse");async function Rl(e,t){let r=Nn(t),n=Wr(r.virtualServerId,e.url),a=bl(e),i=ss({virtualServerId:r.virtualServerId,requestUrl:e.url});if(!a)return t.log.debug({event:"gateway_access_token_missing",code:"authentication_required",virtualServerId:r.virtualServerId,hasAuthorizationHeader:e.headers.get("authorization")!==null},"MCP request did not include a gateway access token"),E0(e,t,i);try{let s=await U0(a,t,r.virtualServerId);if(O0({accessToken:s,resource:n,virtualServerId:r.virtualServerId},t),s.scope!==ye)return t.log.warn({event:"gateway_access_token_insufficient_scope",code:"forbidden",tokenScope:s.scope,requiredScope:ye,virtualServerId:r.virtualServerId,clientId:s.clientId},"Gateway access token does not have the required MCP scope"),$0(e,t,r.virtualServerId);let c=z0(s);return ey(t,c),Ed(t,c),e}catch(s){return M0({request:e,context:t,error:s,virtualServerId:r.virtualServerId})}}o(Rl,"gatewayTokenInbound");var q0=2,Jy=4,N0=24,j0=16,Yy=512,D0=/(token|secret|authorization|password|cookie|credential|client[_-]?secret|code[_-]?verifier|(^|[_-])(code|state|verifier)($|[_-]))/i,H0=/("(?:access_token|refresh_token|id_token|client_secret|authorization|password|cookie|code|state|code_verifier)"\s*:\s*")([^"]*)(")/gi,L0=/\b(access[_-]?token|refresh[_-]?token|id[_-]?token|client[_-]?secret|password|cookie|code|state|code[_-]?verifier)(\s*[:=]\s*)(?:"[^"]*"|'[^']*'|[^\s,;&]+)/gi,B0=/\b(authorization)(\s*[:=]\s*)(?:"[^"]*"|'[^']*'|(?:Bearer|Basic)\s+[^\s,;]+|[^\s,;]+)/gi,G0=/\bBearer\s+[A-Za-z0-9._~+/=-]+/gi,V0=/\bBasic\s+[A-Za-z0-9+/=-]+/gi;function Qy(e){let t=e.route;return t&&typeof t=="object"?t:void 0}o(Qy,"readRoute");function F0(e){let t=Qy(e)?.path;return typeof t=="string"&&t.length>0?t:void 0}o(F0,"readRoutePath");function Z0(e){let t=Qy(e)?.raw;if(typeof t!="function")return;let r=t();if(!r||typeof r!="object")return;let n=r.operationId;return typeof n=="string"&&n.length>0?n:void 0}o(Z0,"readRouteOperationId");function K0(e){if(!(e===void 0||!Number.isFinite(e)||e<100))return`${Math.trunc(e/100)}xx`}o(K0,"deriveStatusClass");function W0(e,t){if(!(!e&&!t))return e==="user"?t==="user_oauth"?"upstream_user_attributed":"gateway_user_attributed_only":e==="shared"?"shared_upstream_identity":e==="none"?"machine_identity":"unknown"}o(W0,"deriveOriginAttributionMode");function J0(e){if(!e)return;let t=e.toLowerCase();return t.includes("desktop")||t.includes("claude")||t.includes("chatgpt")?"desktop":t.includes("vscode")||t.includes("cursor")||t.includes("zed")||t.includes("jetbrains")||t.includes("ide")?"ide":t.includes("extension")?"extension":t.includes("agent")||t.includes("bot")||t.includes("worker")||t.includes("service")?"service":"unknown"}o(J0,"deriveClientKind");function Y0(e,t){return t==="success"?"none":e===K.MCP_GATEWAY_REQUEST_RECEIVED||e===K.MCP_GATEWAY_REQUEST_REJECTED||e===K.MCP_GATEWAY_CLIENT_UNSUPPORTED_BEHAVIOR?"ingress":e.startsWith("mcp_gateway_auth_")||e.startsWith("mcp_gateway_oauth_")?"auth":e===K.MCP_GATEWAY_INITIALIZE_NEGOTIATED?"routing":e===K.MCP_GATEWAY_POLICY_DECISION?"policy":e===K.MCP_GATEWAY_GUARDRAIL_DECISION?"guardrail":e===K.MCP_GATEWAY_RATE_LIMIT_DECISION?"policy":e.startsWith("mcp_gateway_upstream_")||e.startsWith("mcp_gateway_capability_")||e.startsWith("mcp_gateway_catalog_")?"upstream":e===K.MCP_GATEWAY_REQUEST_COMPLETED?"egress":"none"}o(Y0,"deriveFailureStage");function Q0(e,t){return t==="success"?"none":t==="application_error"?"mcp_application":e.startsWith("mcp_gateway_auth_")||e.startsWith("mcp_gateway_oauth_")?"auth":e===K.MCP_GATEWAY_POLICY_DECISION||e===K.MCP_GATEWAY_GUARDRAIL_DECISION||e===K.MCP_GATEWAY_RATE_LIMIT_DECISION?"policy":e.startsWith("mcp_gateway_upstream_")||e===K.MCP_GATEWAY_CAPABILITY_FAILED||e===K.MCP_GATEWAY_CAPABILITY_CONNECT_REQUIRED?"upstream":e===K.MCP_GATEWAY_REQUEST_REJECTED||e===K.MCP_GATEWAY_CLIENT_UNSUPPORTED_BEHAVIOR?"client":"gateway"}o(Q0,"deriveFailureOrigin");function X0(e,t){return t==="success"?"none":e.startsWith("mcp_gateway_auth_")||e.startsWith("mcp_gateway_oauth_")?"auth":e===K.MCP_GATEWAY_POLICY_DECISION?"policy":e===K.MCP_GATEWAY_GUARDRAIL_DECISION?"guardrail":e===K.MCP_GATEWAY_RATE_LIMIT_DECISION?"rate_limit":e.startsWith("mcp_gateway_upstream_")?"upstream":e===K.MCP_GATEWAY_CLIENT_UNSUPPORTED_BEHAVIOR||e===K.MCP_GATEWAY_REQUEST_REJECTED?"protocol":"none"}o(X0,"deriveReasonClass");function eE(e){return e.length<=Yy?e:`${e.slice(0,Yy)}...`}o(eE,"truncateAnalyticsString");function tE(e){return eE(e.replace(H0,"$1[REDACTED]$3").replace(B0,"$1$2[REDACTED]").replace(L0,"$1$2[REDACTED]").replace(G0,"Bearer [REDACTED]").replace(V0,"Basic [REDACTED]"))}o(tE,"redactAnalyticsString");function Xy(e,t){if(e!==void 0){if(e===null||typeof e=="boolean")return e;if(typeof e=="string")return tE(e);if(typeof e=="number")return Number.isFinite(e)?e:void 0;if(Array.isArray(e))return t>=Jy?"[DEPTH_LIMIT]":e.slice(0,j0).map(r=>Xy(r,t+1)).filter(r=>r!==void 0);if(typeof e=="object")return e instanceof Date?e.toISOString():t>=Jy?"[DEPTH_LIMIT]":eS(e,t+1)}}o(Xy,"sanitizeAnalyticsValue");function eS(e,t=0){if(!e)return;let r={};for(let[n,a]of Object.entries(e).slice(0,N0)){if(D0.test(n)){r[n]="[REDACTED]";continue}let i=Xy(a,t);i!==void 0&&(r[n]=i)}return Object.keys(r).length===0?void 0:r}o(eS,"sanitizeMcpGatewayAnalyticsAttributes");function M(e){return e===void 0?null:e}o(M,"nullable");function rE(e){let t=e.environment;return t&&typeof t=="object"&&typeof t.name=="string"?t.name:null}o(rE,"readEnvironment");function nE(e){let t=e.requestId;return typeof t=="string"&&t.length>0?t:null}o(nE,"readRequestId");function oE(e){if(e===void 0)return null;try{return JSON.stringify(e)}catch{return null}}o(oE,"attributesToJsonString");function aE(e,t){let r=cl(e),n=ea(e),a=eS(t.attributes),i=nE(e),s=t.ownerMode??t.routeBinding?.ownerMode??null,c=t.upstreamAuthMode??t.routeBinding?.authMode??null,d=t.virtualServerName??t.routeBinding?.virtualServerId??n?.virtualServerId??null,p=t.upstreamServerName??t.routeBinding?.upstreamServerId??n?.upstreamServerId??null,l=t.upstreamServerTitle??t.routeBinding?.upstreamDisplayName??null,m=t.authProfileId??t.routeBinding?.authProfileId??n?.authProfileId??null,h=t.clientKind??J0(t.clientName)??null,y=W0(s??void 0,c??void 0)??null,_=K0(t.httpStatusCode)??null,S=t.reasonClass??X0(t.eventType,t.outcome),w=t.failureOrigin??Q0(t.eventType,t.outcome),v=t.failureStage??Y0(t.eventType,t.outcome);return{schemaVersion:q0,outcome:t.outcome,subjectId:M(r?.subjectId),environment:rE(e),traceId:t.traceId??i,spanId:M(t.spanId),parentEventId:M(t.parentEventId),mcpSessionId:M(t.mcpSessionId),routeSurface:M(t.routeSurface),routePath:F0(e)??null,operationId:Z0(e)??null,virtualServerName:d,virtualServerTitle:M(t.virtualServerTitle),upstreamServerName:p,upstreamServerTitle:l,upstreamBindingId:M(t.upstreamBindingId),clientName:M(t.clientName),clientTitle:M(t.clientTitle),clientVersion:M(t.clientVersion),clientKind:h,authProfileId:m,upstreamAuthMode:c,ownerMode:s,authMethod:M(t.authMethod),originAttributionMode:y,httpMethod:M(t.httpMethod),httpStatusCode:M(t.httpStatusCode),statusClass:_,mcpMethod:M(t.mcpMethod),mcpProtocolVersion:M(t.mcpProtocolVersion),mcpStatus:M(t.mcpStatus),mcpErrorType:M(t.mcpErrorType),applicationError:M(t.applicationError),applicationErrorCode:M(t.applicationErrorCode),toolResultIsError:M(t.toolResultIsError),capabilityType:M(t.capabilityType),capabilityName:M(t.capabilityName),capabilityTitle:M(t.capabilityTitle),upstreamCapabilityName:M(t.upstreamCapabilityName),upstreamCapabilityTitle:M(t.upstreamCapabilityTitle),capabilitySchemaHash:M(t.capabilitySchemaHash),policyId:M(t.policyId),policyAction:M(t.policyAction),guardrailType:M(t.guardrailType),guardrailDirection:M(t.guardrailDirection),guardrailFindingCount:M(t.guardrailFindingCount),redactionCount:M(t.redactionCount),requestMutated:M(t.requestMutated),responseMutated:M(t.responseMutated),latencyMs:M(t.latencyMs),gatewayLatencyMs:M(t.gatewayLatencyMs),upstreamLatencyMs:M(t.upstreamLatencyMs),authLatencyMs:M(t.authLatencyMs),policyLatencyMs:M(t.policyLatencyMs),requestBytes:M(t.requestBytes),responseBytes:M(t.responseBytes),estimatedInputTokens:M(t.estimatedInputTokens),estimatedOutputTokens:M(t.estimatedOutputTokens),estimatedContextTokens:M(t.estimatedContextTokens),contextPressureBucket:M(t.contextPressureBucket),responseMimeTypes:M(t.responseMimeTypes),base64Suspected:M(t.base64Suspected),truncated:M(t.truncated),isLargePayloadRequest:M(t.isLargePayloadRequest),isLargePayloadResponse:M(t.isLargePayloadResponse),payloadCaptureMode:M(t.payloadCaptureMode),reasonCode:M(t.reasonCode),reasonClass:S,errorType:t.errorType??t.reasonCode??null,failureOrigin:w,failureStage:v,customMetadataJson:M(t.customMetadataJson),attributesJson:oE(a)}}o(aE,"buildMcpGatewayAnalyticsMetadata");function tt(e,t){try{e.analyticsContext.addAnalyticsEvent(t.value??1,t.eventType,aE(e,t),t.unit)}catch(r){e.log?.warn?.({event:"mcp_gateway_analytics_emit_failed",errorName:r instanceof Error?r.name:"unknown"})}}o(tt,"emitMcpGatewayAnalyticsEvent");function rt(e){let t=ht().connectionsById.get(e);if(!t)throw g("unknown_upstream_server",`Unknown upstream server: ${e}`);return t.config}o(rt,"getUpstreamServerConfig");function iE(e){let t=ht().connectionsById.get(e.upstreamServerId);if(!t||t.authProfileId!==e.authProfileId)throw g("unknown_auth_profile",`Unknown auth profile ${String(e.authProfileId)} for upstream server ${e.upstreamServerId}.`);return t.authProfileId}o(iE,"resolveUpstreamAuthProfileId");function Ir(e){iE(e);let t=ht().connectionsById.get(e.upstreamServerId);if(!t)throw g("unknown_auth_profile",`Auth profile could not be resolved for upstream server ${e.upstreamServerId}.`);return t.authConfig}o(Ir,"getUpstreamAuthConfig");function Qr(e,t){let r=Ir({upstreamServerId:e,authProfileId:t});if(!gg(r))throw g("invalid_request",`Upstream server ${e} does not use upstream OAuth.`);return r.oauth}o(Qr,"requireUpstreamOAuthConfig");var sE={"shared-oauth":{authMode:"shared-oauth",ownerMode:"shared",connectSupport:"oauth_authorization",connectUnsupportedDetail:void 0,callbackSupport:"authorization_code",credentialAcquisition:"oauth_connection"},user_oauth:{authMode:"user_oauth",ownerMode:"user",connectSupport:"oauth_authorization",connectUnsupportedDetail:void 0,callbackSupport:"authorization_code",credentialAcquisition:"oauth_connection"},static_secret:{authMode:"static_secret",ownerMode:"none",connectSupport:"none",connectUnsupportedDetail:"Static-secret upstreams do not support browser connection flows.",callbackSupport:"none",credentialAcquisition:"configured_static_secret"},"shared-secret":{authMode:"shared-secret",ownerMode:"shared",connectSupport:"none",connectUnsupportedDetail:"Shared static-secret upstreams do not support browser connection flows.",callbackSupport:"none",credentialAcquisition:"shared_secret_connection"},"user-secret":{authMode:"user-secret",ownerMode:"user",connectSupport:"user_secret_capture",connectUnsupportedDetail:void 0,callbackSupport:"none",credentialAcquisition:"user_secret_connection"}};function $t(e){return sE[e]}o($t,"describeUpstreamAuthMode");function ps(e){return $t(e).ownerMode}o(ps,"resolveOwnerModeForUpstreamAuthMode");ie();import{errors as uS,jwtVerify as dS,SignJWT as lS}from"jose";ie();var tS=u.string().trim().min(1),cE=u.object({TOKEN_ENCRYPTION_KEY:tS,OAUTH_STATE_SIGNING_KEY:tS}),uE=["TOKEN_ENCRYPTION_KEY","OAUTH_STATE_SIGNING_KEY"];function dE(e){let t=lo[e];return typeof t=="string"?t:void 0}o(dE,"readEnvValue");function lE(){let e={};for(let t of uE){let r=dE(t);r!==void 0&&(e[t]=r)}return e}o(lE,"readRawEnv");var Cl;function pE(e){return e.issues.map(t=>`- ${t.path.length>0?t.path.map(String).join("."):"environment"}: ${t.message}`)}o(pE,"formatZodIssues");function mE(e){return new jt(["Invalid MCP gateway environment configuration.","Validation failed for these environment variables:",...pE(e)].join(`
47
- `),{cause:e})}o(mE,"createEnvValidationError");function fE(e){let t=cE.safeParse(e);if(!t.success)throw mE(t.error);return t.data}o(fE,"parseGatewayEnv");function hE(){return Cl||(Cl=fE(lE())),Cl}o(hE,"readEnv");function rS(){return hE()}o(rS,"getEnv");import{base64url as gE}from"jose";var yE=new TextEncoder,Il=32;function nS(e,t={}){let r=[SE(e),yE.encode(e)],n;for(let a of r)if(a){if(a.byteLength>=Il){n=a;break}(n===void 0||a.byteLength>n.byteLength)&&(n=a)}if(n===void 0||n.byteLength<Il){let a=t.name??"secret key material",i=n?.byteLength??0;throw new Error(`${a} must decode to at least ${Il} bytes (got ${i}). Generate a high-entropy value with for example: openssl rand -base64 32 | tr '+/' '-_' | tr -d '='.`)}return n}o(nS,"decodeConfiguredSecretKeyMaterial");function SE(e){try{return gE.decode(e)}catch{return}}o(SE,"tryDecodeBase64Url");var oS=new Map,aS=new Map;function _E(e){let t=oS.get(e);return t||(t=nS(rS()[e],{name:e}),oS.set(e,t)),t}o(_E,"getMasterKeyMaterial");async function zt(e){let t=aS.get(e.purpose);if(t!==void 0)return t;let r=await e.derive(_E(e.envVar));return aS.set(e.purpose,r),r}o(zt,"readCachedDerivedKey");var wE="SHA-256";var vE="zuplo-mcp-gateway:",bE=new TextEncoder,iS=new WeakMap;async function Pr(e,t){let r=iS.get(e);r||(r=new Map,iS.set(e,r));let n=r.get(t);if(n)return n;let a=await RE(e,t);return r.set(t,a),a}o(Pr,"deriveGatewaySigningKey");async function RE(e,t){let r=sS(e),n=await crypto.subtle.importKey("raw",r,{name:"HKDF"},!1,["deriveBits"]),a=bE.encode(`${vE}${t}`),i=await crypto.subtle.deriveBits({name:"HKDF",hash:wE,salt:new Uint8Array,info:sS(a)},n,32*8);return new Uint8Array(i)}o(RE,"hkdfExpand");function sS(e){let t=new ArrayBuffer(e.byteLength);return new Uint8Array(t).set(e),t}o(sS,"copyToArrayBuffer");var ms="HS256",pS=15*60,CE=15*60,fs="zuplo-mcp-gateway",hs="zuplo-mcp-gateway",IE=ny.extend({id:Bn}),PE=IE.extend({exp:u.number().int().positive(),iat:u.number().int().positive().optional()}),mS=Hn.extend({id:ia,purpose:u.literal("browser_connect")}),xE=Hn.extend({purpose:u.literal("browser_connect")}),AE=mS.extend({exp:u.number().int().positive(),iat:u.number().int().positive().optional()}),fS=pS*1e3;async function hS(){return zt({purpose:"oauth-state",envVar:"OAUTH_STATE_SIGNING_KEY",derive:o(e=>Pr(e,"oauth-state"),"derive")})}o(hS,"getOAuthStateKey");async function gS(){return zt({purpose:"browser-connect",envVar:"OAUTH_STATE_SIGNING_KEY",derive:o(e=>Pr(e,"browser-connect"),"derive")})}o(gS,"getBrowserConnectKey");async function yS(e){let t=Math.floor(Date.now()/1e3)+pS;return new lS(e).setProtectedHeader({alg:ms,typ:"JWT"}).setIssuer(fs).setAudience(hs).setIssuedAt().setExpirationTime(t).sign(await hS())}o(yS,"signOAuthState");async function gs(e){try{let{payload:t}=await dS(e,await hS(),{algorithms:[ms],issuer:fs,audience:hs});return PE.parse(t)}catch(t){throw t instanceof uS.JWTExpired?g("oauth_state_expired","OAuth state has expired",t):g("oauth_state_invalid","OAuth state could not be verified",t)}}o(gs,"verifyOAuthState");async function SS(e){let t=Math.floor(Date.now()/1e3)+CE,r=xE.parse(e),n=mS.parse({...r,id:cy()});return new lS(n).setProtectedHeader({alg:ms,typ:"JWT"}).setIssuer(fs).setAudience(hs).setIssuedAt().setExpirationTime(t).sign(await gS())}o(SS,"signBrowserConnectTicket");async function ys(e){try{let{payload:t}=await dS(e,await gS(),{algorithms:[ms],issuer:fs,audience:hs});return AE.parse(t)}catch(t){throw t instanceof uS.JWTExpired?g("oauth_state_expired","Browser connect ticket has expired",t):g("oauth_state_invalid","Browser connect ticket could not be verified",t)}}o(ys,"verifyBrowserConnectTicket");async function Ss(e){if((await J().consumeBrowserConnectTicket({id:e.id,expiresAt:ne(new Date(e.exp*1e3)),now:ne(new Date)})).kind==="consumed")throw g("oauth_state_reused","Browser connect ticket has already been used")}o(Ss,"consumeBrowserConnectTicket");function TE(e,t,r=!1){return r?`${e} authorization must be renewed before this ${t} can be used.`:`${e} authorization is required before this ${t} can be used.`}o(TE,"buildConnectRequiredMessage");async function _S(e){let t=ce(e.requestUrl),r=new URL(e.path,t);return e.redirect&&r.searchParams.set("redirect","true"),r.searchParams.set("virtualServerId",e.virtualServerId),r.searchParams.set("browserTicket",await SS({...aa(e),purpose:"browser_connect"})),r.toString()}o(_S,"buildGatewayBrowserTicketUrl");function kE(e){return`/auth/connections/${encodeURIComponent(e)}/connect`}o(kE,"buildGatewayConnectPath");async function Pl(e){return _S({...e,path:kE(e.upstreamServerId),redirect:!0})}o(Pl,"buildGatewayConnectUrl");async function wS(e){return _S({...e,path:`/auth/connections/${encodeURIComponent(e.upstreamServerId)}/app-password`})}o(wS,"buildGatewayAppPasswordCaptureUrl");async function Vn(e){let t={requestUrl:e.requestUrl,owner:e.owner,initiatedBySubjectId:e.initiatedBySubjectId,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,virtualServerId:e.virtualServerId,...e.returnTo===void 0?{}:{returnTo:e.returnTo}};return{state:e.requiresReconsent?"reconsent_required":"authenticating",upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,virtualServerId:e.virtualServerId,...e.connectionId?{connectionId:e.connectionId}:{},authUrl:await Pl(t),message:TE(e.upstreamDisplayName,e.subject,e.requiresReconsent),nextAction:"redirect"}}o(Vn,"buildRedirectConnectRequiredResponse");function vS(e){return bS({...e,message:e.requiresReconsent?`An administrator must reconnect ${e.upstreamDisplayName} before this tool can be used.`:`An administrator must connect ${e.upstreamDisplayName} before this tool can be used.`})}o(vS,"buildAdminConnectRequiredResponse");function bS(e){return{state:"admin_connect_required",upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,virtualServerId:e.virtualServerId,...e.connectionId?{connectionId:e.connectionId}:{},message:e.message,nextAction:"admin_setup_required"}}o(bS,"buildAdminSetupRequiredResponse");function RS(e){return bS({...e,message:e.requiresReconsent?`An administrator must replace the ${e.upstreamDisplayName} static credential before this tool can be used.`:`An administrator must configure the ${e.upstreamDisplayName} static credential before this tool can be used.`})}o(RS,"buildAdminStaticSecretRequiredResponse");ie();import{base64url as xr}from"jose";var EE="SHA-256",Zn="AES-GCM",UE=12,Al="zuplo-secret",Tl=1,CS="env:TOKEN_ENCRYPTION_KEY",OE=u.object({version:u.literal(Tl),keyId:u.literal(CS),algorithm:u.literal(Zn),iv:u.string().min(1),ciphertext:u.string().min(1)}).strict();function Fn(e){let t=new ArrayBuffer(e.byteLength);return new Uint8Array(t).set(e),t}o(Fn,"copyToArrayBuffer");async function xl(){return zt({purpose:"token-encryption",envVar:"TOKEN_ENCRYPTION_KEY",derive:o(async e=>{let t=await crypto.subtle.digest(EE,Fn(e));return crypto.subtle.importKey("raw",t,{name:Zn},!1,["encrypt","decrypt"])},"derive")})}o(xl,"getEncryptionKey");function IS(e){return Fn(new TextEncoder().encode(`${Al}:v${e.version}:${e.keyId}`))}o(IS,"getAssociatedData");function $E(e){return`${Al}:v${e.version}:${xr.encode(new TextEncoder().encode(JSON.stringify(e)))}`}o($E,"encodeEnvelope");function zE(e){let t=`${Al}:v${Tl}:`;if(!e.startsWith(t))return;let r=e.slice(t.length),n=new TextDecoder().decode(xr.decode(r));return OE.parse(JSON.parse(n))}o(zE,"decodeEnvelope");async function Xr(e){let t=await xl(),r=crypto.getRandomValues(new Uint8Array(UE)),n={version:Tl,keyId:CS},a=await crypto.subtle.encrypt({name:Zn,iv:r,additionalData:IS(n)},t,new TextEncoder().encode(e));return $E({...n,algorithm:Zn,iv:xr.encode(r),ciphertext:xr.encode(new Uint8Array(a))})}o(Xr,"encryptSecret");async function Qt(e){let t=zE(e);if(t){let s=await xl(),c=await crypto.subtle.decrypt({name:Zn,iv:Fn(xr.decode(t.iv)),additionalData:IS(t)},s,Fn(xr.decode(t.ciphertext)));return new TextDecoder().decode(c)}let[r,n]=e.split(".");if(!r||!n)throw g("internal_server_error","Encrypted payload is malformed");let a=await xl(),i=await crypto.subtle.decrypt({name:Zn,iv:Fn(xr.decode(r))},a,Fn(xr.decode(n)));return new TextDecoder().decode(i)}o(Qt,"decryptSecret");function ME(e,t){let r=Ir({upstreamServerId:e,authProfileId:t});if(r.mode!=="shared-secret")throw g("invalid_request",`Upstream server ${e} does not use tenant static credentials.`);return r.secret}o(ME,"requireTenantStaticSecretConfig");function PS(e){return e?.status==="active"&&e.metadata?.staticSecretKind==="bearer_token"&&!!e.metadata.encryptedStaticSecret}o(PS,"hasUsableTenantStaticSecret");async function qE(e){if(!PS(e.connection))throw g("internal_server_error","Stored tenant static credential is incomplete.");return{type:"bearer_token",token:await Qt(e.connection.metadata.encryptedStaticSecret)}}o(qE,"resolveTenantStaticSecretCredential");async function xS(e){let t=rt(e.upstreamServerId);ME(e.upstreamServerId,e.authProfileId);let r="preloadedConnection"in e?e.preloadedConnection:(await J().batchGetUpstreamConnections([{owner:e.owner,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId}]))[0];if(PS(r))return{kind:"authorized",credential:await qE({connection:r})};let n={upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,upstreamDisplayName:t.displayName,virtualServerId:e.virtualServerId,requiresReconsent:!!r};return r!==void 0&&(n.connectionId=r.id),{kind:"connect_required",payload:RS(n)}}o(xS,"resolveTenantStaticSecretCredentialForRequest");ie();async function kl(e){return J().upsertUpstreamConnection({id:ds(),ownerMode:e.owner.mode,subjectId:e.owner.mode==="user"?e.owner.subjectId:void 0,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,status:"active",encryptedAccessToken:void 0,encryptedRefreshToken:void 0,scopes:[],expiresAt:void 0,metadata:e.metadata})}o(kl,"upsertStaticSecretConnection");var NE=u.string().trim().min(1).max(320),jE=u.string().min(1).max(4096),DE=u.string().trim().min(1).max(4096);function El(e,t){let r=Ir({upstreamServerId:e,authProfileId:t});if(r.mode!=="user-secret")throw g("invalid_request",`Upstream server ${e} does not use user static credentials.`);return r.secret}o(El,"requireUserStaticSecretConfig");function HE(e){let t=new TextEncoder().encode(e),r="";for(let n of t)r+=String.fromCharCode(n);return btoa(r)}o(HE,"encodeBase64Utf8");function LE(e){return`Basic ${HE(`${e.username}:${e.appPassword}`)}`}o(LE,"buildBasicAuthHeader");function AS(e){return e?.status==="active"&&!!e.metadata?.encryptedStaticSecret}o(AS,"hasEncryptedUserStaticSecret");async function BE(e){if(!AS(e.connection))throw g("internal_server_error","Stored user static credential is incomplete.");if(e.connection.metadata.staticSecretKind==="bearer_token")return{type:"bearer_token",token:await Qt(e.connection.metadata.encryptedStaticSecret)};if(e.connection.metadata.staticSecretKind==="basic_auth_app_password"&&e.connection.metadata.staticSecretUsername)return{type:"headers",headers:{Authorization:LE({username:e.connection.metadata.staticSecretUsername,appPassword:await Qt(e.connection.metadata.encryptedStaticSecret)})}};throw g("internal_server_error","Stored user static credential kind is unsupported.")}o(BE,"resolveUserStaticSecretCredential");async function TS(e){if(El(e.upstreamServerId,e.authProfileId).kind!=="basic_auth_app_password")throw g("invalid_request","This upstream does not use username and app-password credentials.");if(e.owner.mode!=="user")throw g("invalid_request","User static credentials must be stored under a user-owned connection.");let r=NE.parse(e.username),n=jE.parse(e.appPassword);return kl({owner:e.owner,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,metadata:{connectedBySubjectId:e.initiatedBySubjectId,encryptedStaticSecret:await Xr(n),staticSecretKind:"basic_auth_app_password",staticSecretUsername:r}})}o(TS,"saveUserStaticSecretCredential");async function _s(e){let t=El(e.upstreamServerId,e.authProfileId);if(t.kind!=="bearer_token")throw g("invalid_request","This upstream does not use bearer token credentials.");if(e.owner.mode!=="user")throw g("invalid_request","User static credentials must be stored under a user-owned connection.");let r=DE.parse(e.token);return kl({owner:e.owner,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,metadata:{connectedBySubjectId:e.initiatedBySubjectId,encryptedStaticSecret:await Xr(r),staticSecretKind:t.kind,staticSecretLabel:t.label}})}o(_s,"saveUserStaticBearerTokenCredential");function Ul(e,t){return El(e,t)}o(Ul,"readUserStaticSecretCaptureConfig");async function kS(e){let t=rt(e.upstreamServerId);if(e.owner.mode!=="user")throw g("internal_server_error","User static credential flow resolved a non-user owner.");let r="preloadedConnection"in e?e.preloadedConnection:(await J().batchGetUpstreamConnections([{owner:e.owner,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId}]))[0];if(AS(r))return{kind:"authorized",credential:await BE({connection:r})};let n={requestUrl:e.request.url,owner:e.owner,initiatedBySubjectId:e.initiatedBySubjectId,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,upstreamDisplayName:t.displayName,virtualServerId:e.virtualServerId,subject:"tool",requiresReconsent:!!r};return r!==void 0&&(n.connectionId=r.id),{kind:"connect_required",payload:await Vn(n)}}o(kS,"resolveUserStaticSecretCredentialForRequest");function ES(e){if(e.owner.mode!=="user")throw g("invalid_request","User static credential capture requires a user-owned connection.");return wS({requestUrl:e.request.url,owner:e.owner,initiatedBySubjectId:e.initiatedBySubjectId,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,virtualServerId:e.virtualServerId,...e.returnTo===void 0?{}:{returnTo:e.returnTo}})}o(ES,"buildUserStaticSecretConnectUrl");var Ol;Ol=globalThis.crypto;async function GE(e){return(await Ol).getRandomValues(new Uint8Array(e))}o(GE,"getRandomValues");async function VE(e){let t="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~",r=Math.pow(2,8)-Math.pow(2,8)%t.length,n="";for(;n.length<e;){let a=await GE(e-n.length);for(let i of a)i<r&&(n+=t[i%t.length])}return n}o(VE,"random");async function FE(e){return await VE(e)}o(FE,"generateVerifier");async function ZE(e){let t=await(await Ol).subtle.digest("SHA-256",new TextEncoder().encode(e));return btoa(String.fromCharCode(...new Uint8Array(t))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}o(ZE,"generateChallenge");async function $l(e){if(e||(e=43),e<43||e>128)throw`Expected a length between 43 and 128. Received ${e}.`;let t=await FE(e),r=await ZE(t);return{code_verifier:t,code_challenge:r}}o($l,"pkceChallenge");ie();var Me=Bp().superRefine((e,t)=>{if(!URL.canParse(e))return t.addIssue({code:Zp.custom,message:"URL must be parseable",fatal:!0}),Hp}).refine(e=>{let t=new URL(e);return t.protocol!=="javascript:"&&t.protocol!=="data:"&&t.protocol!=="vbscript:"},{message:"URL cannot use javascript:, data:, or vbscript: scheme"}),ws=Ce({resource:f().url(),authorization_servers:C(Me).optional(),jwks_uri:f().url().optional(),scopes_supported:C(f()).optional(),bearer_methods_supported:C(f()).optional(),resource_signing_alg_values_supported:C(f()).optional(),resource_name:f().optional(),resource_documentation:f().optional(),resource_policy_uri:f().url().optional(),resource_tos_uri:f().url().optional(),tls_client_certificate_bound_access_tokens:ae().optional(),authorization_details_types_supported:C(f()).optional(),dpop_signing_alg_values_supported:C(f()).optional(),dpop_bound_access_tokens_required:ae().optional()}),sa=Ce({issuer:f(),authorization_endpoint:Me,token_endpoint:Me,registration_endpoint:Me.optional(),scopes_supported:C(f()).optional(),response_types_supported:C(f()),response_modes_supported:C(f()).optional(),grant_types_supported:C(f()).optional(),token_endpoint_auth_methods_supported:C(f()).optional(),token_endpoint_auth_signing_alg_values_supported:C(f()).optional(),service_documentation:Me.optional(),revocation_endpoint:Me.optional(),revocation_endpoint_auth_methods_supported:C(f()).optional(),revocation_endpoint_auth_signing_alg_values_supported:C(f()).optional(),introspection_endpoint:f().optional(),introspection_endpoint_auth_methods_supported:C(f()).optional(),introspection_endpoint_auth_signing_alg_values_supported:C(f()).optional(),code_challenge_methods_supported:C(f()).optional(),client_id_metadata_document_supported:ae().optional()}),KE=Ce({issuer:f(),authorization_endpoint:Me,token_endpoint:Me,userinfo_endpoint:Me.optional(),jwks_uri:Me,registration_endpoint:Me.optional(),scopes_supported:C(f()).optional(),response_types_supported:C(f()),response_modes_supported:C(f()).optional(),grant_types_supported:C(f()).optional(),acr_values_supported:C(f()).optional(),subject_types_supported:C(f()),id_token_signing_alg_values_supported:C(f()),id_token_encryption_alg_values_supported:C(f()).optional(),id_token_encryption_enc_values_supported:C(f()).optional(),userinfo_signing_alg_values_supported:C(f()).optional(),userinfo_encryption_alg_values_supported:C(f()).optional(),userinfo_encryption_enc_values_supported:C(f()).optional(),request_object_signing_alg_values_supported:C(f()).optional(),request_object_encryption_alg_values_supported:C(f()).optional(),request_object_encryption_enc_values_supported:C(f()).optional(),token_endpoint_auth_methods_supported:C(f()).optional(),token_endpoint_auth_signing_alg_values_supported:C(f()).optional(),display_values_supported:C(f()).optional(),claim_types_supported:C(f()).optional(),claims_supported:C(f()).optional(),service_documentation:f().optional(),claims_locales_supported:C(f()).optional(),ui_locales_supported:C(f()).optional(),claims_parameter_supported:ae().optional(),request_parameter_supported:ae().optional(),request_uri_parameter_supported:ae().optional(),require_request_uri_registration:ae().optional(),op_policy_uri:Me.optional(),op_tos_uri:Me.optional(),client_id_metadata_document_supported:ae().optional()}),vs=I({...KE.shape,...sa.pick({code_challenge_methods_supported:!0}).shape}),ca=I({access_token:f(),id_token:f().optional(),token_type:f(),expires_in:Kp.number().optional(),scope:f().optional(),refresh_token:f().optional()}).strip(),OS=I({error:f(),error_description:f().optional(),error_uri:f().optional()}),US=Me.optional().or(O("").transform(()=>{})),WE=I({redirect_uris:C(Me),token_endpoint_auth_method:f().optional(),grant_types:C(f()).optional(),response_types:C(f()).optional(),client_name:f().optional(),client_uri:Me.optional(),logo_uri:US,scope:f().optional(),contacts:C(f()).optional(),tos_uri:US,policy_uri:f().optional(),jwks_uri:Me.optional(),jwks:Vp().optional(),software_id:f().optional(),software_version:f().optional(),software_statement:f().optional()}).strip(),zl=I({client_id:f(),client_secret:f().optional(),client_id_issued_at:ee().optional(),client_secret_expires_at:ee().optional()}).strip(),ua=WE.merge(zl),q9=I({error:f(),error_description:f().optional()}).strip(),N9=I({token:f(),token_type_hint:f().optional()}).strip();function $S(e){let t=typeof e=="string"?new URL(e):new URL(e.href);return t.hash="",t}o($S,"resourceUrlFromServerUrl");function zS({requestedResource:e,configuredResource:t}){let r=typeof e=="string"?new URL(e):new URL(e.href),n=typeof t=="string"?new URL(t):new URL(t.href);if(r.origin!==n.origin||r.pathname.length<n.pathname.length)return!1;let a=r.pathname.endsWith("/")?r.pathname:r.pathname+"/",i=n.pathname.endsWith("/")?n.pathname:n.pathname+"/";return a.startsWith(i)}o(zS,"checkResourceAllowed");var Re=class extends Error{static{o(this,"OAuthError")}constructor(t,r){super(t),this.errorUri=r,this.name=this.constructor.name}toResponseObject(){let t={error:this.errorCode,error_description:this.message};return this.errorUri&&(t.error_uri=this.errorUri),t}get errorCode(){return this.constructor.errorCode}},da=class extends Re{static{o(this,"InvalidRequestError")}};da.errorCode="invalid_request";var en=class extends Re{static{o(this,"InvalidClientError")}};en.errorCode="invalid_client";var tn=class extends Re{static{o(this,"InvalidGrantError")}};tn.errorCode="invalid_grant";var rn=class extends Re{static{o(this,"UnauthorizedClientError")}};rn.errorCode="unauthorized_client";var la=class extends Re{static{o(this,"UnsupportedGrantTypeError")}};la.errorCode="unsupported_grant_type";var pa=class extends Re{static{o(this,"InvalidScopeError")}};pa.errorCode="invalid_scope";var ma=class extends Re{static{o(this,"AccessDeniedError")}};ma.errorCode="access_denied";var Xt=class extends Re{static{o(this,"ServerError")}};Xt.errorCode="server_error";var fa=class extends Re{static{o(this,"TemporarilyUnavailableError")}};fa.errorCode="temporarily_unavailable";var ha=class extends Re{static{o(this,"UnsupportedResponseTypeError")}};ha.errorCode="unsupported_response_type";var ga=class extends Re{static{o(this,"UnsupportedTokenTypeError")}};ga.errorCode="unsupported_token_type";var ya=class extends Re{static{o(this,"InvalidTokenError")}};ya.errorCode="invalid_token";var Sa=class extends Re{static{o(this,"MethodNotAllowedError")}};Sa.errorCode="method_not_allowed";var _a=class extends Re{static{o(this,"TooManyRequestsError")}};_a.errorCode="too_many_requests";var nn=class extends Re{static{o(this,"InvalidClientMetadataError")}};nn.errorCode="invalid_client_metadata";var wa=class extends Re{static{o(this,"InsufficientScopeError")}};wa.errorCode="insufficient_scope";var va=class extends Re{static{o(this,"InvalidTargetError")}};va.errorCode="invalid_target";var MS={[da.errorCode]:da,[en.errorCode]:en,[tn.errorCode]:tn,[rn.errorCode]:rn,[la.errorCode]:la,[pa.errorCode]:pa,[ma.errorCode]:ma,[Xt.errorCode]:Xt,[fa.errorCode]:fa,[ha.errorCode]:ha,[ga.errorCode]:ga,[ya.errorCode]:ya,[Sa.errorCode]:Sa,[_a.errorCode]:_a,[nn.errorCode]:nn,[wa.errorCode]:wa,[va.errorCode]:va};var er=class extends Error{static{o(this,"UnauthorizedError")}constructor(t){super(t??"Unauthorized")}};function JE(e){return["client_secret_basic","client_secret_post","none"].includes(e)}o(JE,"isClientAuthMethod");var Ml="code",ql="S256";function YE(e,t){let r=e.client_secret!==void 0;return"token_endpoint_auth_method"in e&&e.token_endpoint_auth_method&&JE(e.token_endpoint_auth_method)&&(t.length===0||t.includes(e.token_endpoint_auth_method))?e.token_endpoint_auth_method:t.length===0?r?"client_secret_basic":"none":r&&t.includes("client_secret_basic")?"client_secret_basic":r&&t.includes("client_secret_post")?"client_secret_post":t.includes("none")?"none":r?"client_secret_post":"none"}o(YE,"selectClientAuthMethod");function QE(e,t,r,n){let{client_id:a,client_secret:i}=t;switch(e){case"client_secret_basic":XE(a,i,r);return;case"client_secret_post":eU(a,i,n);return;case"none":tU(a,n);return;default:throw new Error(`Unsupported client authentication method: ${e}`)}}o(QE,"applyClientAuthentication");function XE(e,t,r){if(!t)throw new Error("client_secret_basic authentication requires a client_secret");let n=btoa(`${e}:${t}`);r.set("Authorization",`Basic ${n}`)}o(XE,"applyBasicAuth");function eU(e,t,r){r.set("client_id",e),t&&r.set("client_secret",t)}o(eU,"applyPostAuth");function tU(e,t){t.set("client_id",e)}o(tU,"applyPublicAuth");async function NS(e){let t=e instanceof Response?e.status:void 0,r=e instanceof Response?await e.text():e;try{let n=OS.parse(JSON.parse(r)),{error:a,error_description:i,error_uri:s}=n,c=MS[a]||Xt;return new c(i||"",s)}catch(n){let a=`${t?`HTTP ${t}: `:""}Invalid OAuth error response: ${n}. Raw body: ${r}`;return new Xt(a)}}o(NS,"parseErrorResponse");async function Ar(e,t){try{return await Nl(e,t)}catch(r){if(r instanceof en||r instanceof rn)return await e.invalidateCredentials?.("all"),await Nl(e,t);if(r instanceof tn)return await e.invalidateCredentials?.("tokens"),await Nl(e,t);throw r}}o(Ar,"auth");async function Nl(e,{serverUrl:t,authorizationCode:r,scope:n,resourceMetadataUrl:a,fetchFn:i}){let s=await e.discoveryState?.(),c,d,p,l=a;if(!l&&s?.resourceMetadataUrl&&(l=new URL(s.resourceMetadataUrl)),s?.authorizationServerUrl){if(d=s.authorizationServerUrl,c=s.resourceMetadata,p=s.authorizationServerMetadata??await DS(d,{fetchFn:i}),!c)try{c=await jS(t,{resourceMetadataUrl:l},i)}catch{}(p!==s.authorizationServerMetadata||c!==s.resourceMetadata)&&await e.saveDiscoveryState?.({authorizationServerUrl:String(d),resourceMetadataUrl:l?.toString(),resourceMetadata:c,authorizationServerMetadata:p})}else{let R=await sU(t,{resourceMetadataUrl:l,fetchFn:i});d=R.authorizationServerUrl,p=R.authorizationServerMetadata,c=R.resourceMetadata,await e.saveDiscoveryState?.({authorizationServerUrl:String(d),resourceMetadataUrl:l?.toString(),resourceMetadata:c,authorizationServerMetadata:p})}let m=await rU(t,e,c),h=n||c?.scopes_supported?.join(" ")||e.clientMetadata.scope,y=await Promise.resolve(e.clientInformation());if(!y){if(r!==void 0)throw new Error("Existing OAuth client information is required when exchanging an authorization code");let R=p?.client_id_metadata_document_supported===!0,q=e.clientMetadataUrl;if(q&&!Dl(q))throw new nn(`clientMetadataUrl must be a valid HTTPS URL with a non-root pathname, got: ${q}`);if(R&&q)y={client_id:q},await e.saveClientInformation?.(y);else{if(!e.saveClientInformation)throw new Error("OAuth client information must be saveable for dynamic registration");let qe=await pU(d,{metadata:p,clientMetadata:e.clientMetadata,scope:h,fetchFn:i});await e.saveClientInformation(qe),y=qe}}let _=!e.redirectUrl;if(r!==void 0||_){let R=await lU(e,d,{metadata:p,resource:m,authorizationCode:r,fetchFn:i});return await e.saveTokens(R),"AUTHORIZED"}let S=await e.tokens();if(S?.refresh_token)try{let R=await dU(d,{metadata:p,clientInformation:y,refreshToken:S.refresh_token,resource:m,addClientAuthentication:e.addClientAuthentication,fetchFn:i});return await e.saveTokens(R),"AUTHORIZED"}catch(R){if(!(!(R instanceof Re)||R instanceof Xt))throw R}let w=e.state?await e.state():void 0,{authorizationUrl:v,codeVerifier:b}=await cU(d,{metadata:p,clientInformation:y,state:w,redirectUrl:e.redirectUrl,scope:h,resource:m});return await e.saveCodeVerifier(b),await e.redirectToAuthorization(v),"REDIRECT"}o(Nl,"authInternal");function Dl(e){if(!e)return!1;try{let t=new URL(e);return t.protocol==="https:"&&t.pathname!=="/"}catch{return!1}}o(Dl,"isHttpsUrl");async function rU(e,t,r){let n=$S(e);if(t.validateResourceURL)return await t.validateResourceURL(n,r?.resource);if(r){if(!zS({requestedResource:n,configuredResource:r.resource}))throw new Error(`Protected resource ${r.resource} does not match expected ${n} (or origin)`);return new URL(r.resource)}}o(rU,"selectResourceURL");function Hl(e){let t=e.headers.get("WWW-Authenticate");if(!t)return{};let[r,n]=t.split(" ");if(r.toLowerCase()!=="bearer"||!n)return{};let a=jl(e,"resource_metadata")||void 0,i;if(a)try{i=new URL(a)}catch{}let s=jl(e,"scope")||void 0,c=jl(e,"error")||void 0;return{resourceMetadataUrl:i,scope:s,error:c}}o(Hl,"extractWWWAuthenticateParams");function jl(e,t){let r=e.headers.get("WWW-Authenticate");if(!r)return null;let n=new RegExp(`${t}=(?:"([^"]+)"|([^\\s,]+))`),a=r.match(n);return a?a[1]||a[2]:null}o(jl,"extractFieldFromWwwAuth");async function jS(e,t,r=fetch){let n=await aU(e,"oauth-protected-resource",r,{protocolVersion:t?.protocolVersion,metadataUrl:t?.resourceMetadataUrl});if(!n||n.status===404)throw await n?.body?.cancel(),new Error("Resource server does not implement OAuth 2.0 Protected Resource Metadata.");if(!n.ok)throw await n.body?.cancel(),new Error(`HTTP ${n.status} trying to load well-known OAuth protected resource metadata.`);return ws.parse(await n.json())}o(jS,"discoverOAuthProtectedResourceMetadata");async function Ll(e,t,r=fetch){try{return await r(e,{headers:t})}catch(n){if(n instanceof TypeError)return t?Ll(e,void 0,r):void 0;throw n}}o(Ll,"fetchWithCorsRetry");function nU(e,t="",r={}){return t.endsWith("/")&&(t=t.slice(0,-1)),r.prependPathname?`${t}/.well-known/${e}`:`/.well-known/${e}${t}`}o(nU,"buildWellKnownPath");async function qS(e,t,r=fetch){return await Ll(e,{"MCP-Protocol-Version":t},r)}o(qS,"tryMetadataDiscovery");function oU(e,t){return!e||e.status>=400&&e.status<500&&t!=="/"}o(oU,"shouldAttemptFallback");async function aU(e,t,r,n){let a=new URL(e),i=n?.protocolVersion??dr,s;if(n?.metadataUrl)s=new URL(n.metadataUrl);else{let d=nU(t,a.pathname);s=new URL(d,n?.metadataServerUrl??a),s.search=a.search}let c=await qS(s,i,r);if(!n?.metadataUrl&&oU(c,a.pathname)){let d=new URL(`/.well-known/${t}`,a);c=await qS(d,i,r)}return c}o(aU,"discoverMetadataWithFallback");function iU(e){let t=typeof e=="string"?new URL(e):e,r=t.pathname!=="/",n=[];if(!r)return n.push({url:new URL("/.well-known/oauth-authorization-server",t.origin),type:"oauth"}),n.push({url:new URL("/.well-known/openid-configuration",t.origin),type:"oidc"}),n;let a=t.pathname;return a.endsWith("/")&&(a=a.slice(0,-1)),n.push({url:new URL(`/.well-known/oauth-authorization-server${a}`,t.origin),type:"oauth"}),n.push({url:new URL(`/.well-known/openid-configuration${a}`,t.origin),type:"oidc"}),n.push({url:new URL(`${a}/.well-known/openid-configuration`,t.origin),type:"oidc"}),n}o(iU,"buildDiscoveryUrls");async function DS(e,{fetchFn:t=fetch,protocolVersion:r=dr}={}){let n={"MCP-Protocol-Version":r,Accept:"application/json"},a=iU(e);for(let{url:i,type:s}of a){let c=await Ll(i,n,t);if(c){if(!c.ok){if(await c.body?.cancel(),c.status>=400&&c.status<500)continue;throw new Error(`HTTP ${c.status} trying to load ${s==="oauth"?"OAuth":"OpenID provider"} metadata from ${i}`)}return s==="oauth"?sa.parse(await c.json()):vs.parse(await c.json())}}}o(DS,"discoverAuthorizationServerMetadata");async function sU(e,t){let r,n;try{r=await jS(e,{resourceMetadataUrl:t?.resourceMetadataUrl},t?.fetchFn),r.authorization_servers&&r.authorization_servers.length>0&&(n=r.authorization_servers[0])}catch{}n||(n=String(new URL("/",e)));let a=await DS(n,{fetchFn:t?.fetchFn});return{authorizationServerUrl:n,authorizationServerMetadata:a,resourceMetadata:r}}o(sU,"discoverOAuthServerInfo");async function cU(e,{metadata:t,clientInformation:r,redirectUrl:n,scope:a,state:i,resource:s}){let c;if(t){if(c=new URL(t.authorization_endpoint),!t.response_types_supported.includes(Ml))throw new Error(`Incompatible auth server: does not support response type ${Ml}`);if(t.code_challenge_methods_supported&&!t.code_challenge_methods_supported.includes(ql))throw new Error(`Incompatible auth server: does not support code challenge method ${ql}`)}else c=new URL("/authorize",e);let d=await $l(),p=d.code_verifier,l=d.code_challenge;return c.searchParams.set("response_type",Ml),c.searchParams.set("client_id",r.client_id),c.searchParams.set("code_challenge",l),c.searchParams.set("code_challenge_method",ql),c.searchParams.set("redirect_uri",String(n)),i&&c.searchParams.set("state",i),a&&c.searchParams.set("scope",a),a?.includes("offline_access")&&c.searchParams.append("prompt","consent"),s&&c.searchParams.set("resource",s.href),{authorizationUrl:c,codeVerifier:p}}o(cU,"startAuthorization");function uU(e,t,r){return new URLSearchParams({grant_type:"authorization_code",code:e,code_verifier:t,redirect_uri:String(r)})}o(uU,"prepareAuthorizationCodeRequest");async function HS(e,{metadata:t,tokenRequestParams:r,clientInformation:n,addClientAuthentication:a,resource:i,fetchFn:s}){let c=t?.token_endpoint?new URL(t.token_endpoint):new URL("/token",e),d=new Headers({"Content-Type":"application/x-www-form-urlencoded",Accept:"application/json"});if(i&&r.set("resource",i.href),a)await a(d,r,c,t);else if(n){let l=t?.token_endpoint_auth_methods_supported??[],m=YE(n,l);QE(m,n,d,r)}let p=await(s??fetch)(c,{method:"POST",headers:d,body:r});if(!p.ok)throw await NS(p);return ca.parse(await p.json())}o(HS,"executeTokenRequest");async function dU(e,{metadata:t,clientInformation:r,refreshToken:n,resource:a,addClientAuthentication:i,fetchFn:s}){let c=new URLSearchParams({grant_type:"refresh_token",refresh_token:n}),d=await HS(e,{metadata:t,tokenRequestParams:c,clientInformation:r,addClientAuthentication:i,resource:a,fetchFn:s});return{refresh_token:n,...d}}o(dU,"refreshAuthorization");async function lU(e,t,{metadata:r,resource:n,authorizationCode:a,fetchFn:i}={}){let s=e.clientMetadata.scope,c;if(e.prepareTokenRequest&&(c=await e.prepareTokenRequest(s)),!c){if(!a)throw new Error("Either provider.prepareTokenRequest() or authorizationCode is required");if(!e.redirectUrl)throw new Error("redirectUrl is required for authorization_code flow");let p=await e.codeVerifier();c=uU(a,p,e.redirectUrl)}let d=await e.clientInformation();return HS(t,{metadata:r,tokenRequestParams:c,clientInformation:d??void 0,addClientAuthentication:e.addClientAuthentication,resource:n,fetchFn:i})}o(lU,"fetchToken");async function pU(e,{metadata:t,clientMetadata:r,scope:n,fetchFn:a}){let i;if(t){if(!t.registration_endpoint)throw new Error("Incompatible auth server: does not support dynamic client registration");i=new URL(t.registration_endpoint)}else i=new URL("/register",e);let s=await(a??fetch)(i,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({...r,...n!==void 0?{scope:n}:{}})});if(!s.ok)throw await NS(s);return ua.parse(await s.json())}o(pU,"registerClient");function mU(){let e=lo.__TEST_ONLY_MCP_GATEWAY_ALLOW_HTTP_LOOPBACK_IDP??globalThis.process?.env?.__TEST_ONLY_MCP_GATEWAY_ALLOW_HTTP_LOOPBACK_IDP;return typeof e=="string"&&e==="1"}o(mU,"isTestOnlyAllowHttpLoopbackIdpEnabled");var fU=new Set(["localhost","169.254.169.254","metadata.google.internal","metadata"]),hU=[{first:0},{first:10},{first:127},{first:169,secondMin:254,secondMax:254},{first:172,secondMin:16,secondMax:31},{first:192,secondMin:168,secondMax:168},{first:100,secondMin:64,secondMax:127},{first:224,firstMax:239},{first:240,firstMax:255}];function LS(e){if(!/^\d+\.\d+\.\d+\.\d+$/.test(e))return;let t=e.split(".").map(r=>Number(r));if(!(t.length!==4||t.some(r=>Number.isNaN(r)||r<0||r>255)))return t}o(LS,"parseIpv4Octets");function gU([e,t],r){let n=r.firstMax??r.first;return e<r.first||e>n?!1:r.secondMin===void 0||r.secondMax===void 0?!0:t>=r.secondMin&&t<=r.secondMax}o(gU,"ipv4RangeMatches");function BS(e){let t=LS(e);return t!==void 0&&hU.some(r=>gU(t,r))}o(BS,"isPrivateIpv4");function Bl(e){if(!e||e.length>4)return;let t=Number.parseInt(e,16);return Number.isNaN(t)||t<0||t>65535?void 0:t}o(Bl,"parseIpv6Word");function yU(e,t){return[e>>8&255,e&255,t>>8&255,t&255].join(".")}o(yU,"formatIpv4FromWords");function SU(e){let t=e.slice(7),r=LS(t);if(r!==void 0)return r.join(".");let[n,a,i]=t.split(":"),s=Bl(n),c=Bl(a);return i===void 0&&s!==void 0&&c!==void 0?yU(s,c):void 0}o(SU,"parseIpv6MappedIpv4");function _U(e){return Bl(e.split(":").find(Boolean))}o(_U,"readFirstIpv6Hextet");function wU(e){let t=gt(e);if(!t.includes(":"))return!1;if(t==="::"||t==="::1")return!0;if(t.startsWith("::ffff:")){let n=SU(t);return n===void 0||BS(n)}let r=_U(t);return r===void 0?!1:(r&65024)===64512||(r&65472)===65152}o(wU,"isPrivateIpv6");function Gl(e){let t=gt(e);return fU.has(t)||t.endsWith(".internal")||BS(t)||wU(t)}o(Gl,"isBlockedOutboundHostname");function GS(e){let t=new URL(e);if(t.protocol!=="https:"&&t.protocol!=="http:")throw g("invalid_request",`Unsupported outbound protocol: ${t.protocol}`);let r=Le(t);if(t.protocol==="http:"&&!r)throw g("invalid_request","Configured outbound HTTP URLs must target loopback hosts.");let n=gt(t.hostname);if(!r&&Gl(n))throw g("invalid_request",`Blocked outbound host: ${n}`);return t}o(GS,"validateConfiguredOutboundUrl");function VS(e){let t=new URL(e),r=Le(t),n=r&&mU();if(t.protocol!=="https:"&&!n)throw g("invalid_request","Identity provider URLs must use https.");if(t.username||t.password||t.search||t.hash)throw g("invalid_request","Identity provider URLs must not include credentials, query params, or fragments.");let a=gt(t.hostname);if(!r&&Gl(a))throw g("invalid_request",`Blocked identity provider host: ${a}`);return t}o(VS,"validateIdentityProviderUrl");function bs(e){let t=new URL(e);if(t.protocol!=="https:"||t.pathname==="/"||t.username||t.password||t.search||t.hash)throw g("invalid_request","CIMD client_id must be an HTTPS URL with a path and no credentials, query, or fragment.");if(Gl(t.hostname))throw g("invalid_request","CIMD client_id points at a blocked host.");return t}o(bs,"validateCimdClientMetadataUrl");function FS(e,t){if(!t)return;if(t.aborted){e.abort(t.reason);return}let r=o(()=>e.abort(t.reason),"abort");return t.addEventListener("abort",r,{once:!0}),()=>t.removeEventListener("abort",r)}o(FS,"mergeAbortSignals");async function vU(e){try{await e.cancel()}catch{}}o(vU,"cancelReader");async function Rs(e,t){if(!e)return new Uint8Array;let r=e.getReader(),n=[],a=0,i=await r.read();for(;!i.done;){let d=i.value;if(a+=d.byteLength,a>t.maxBytes)throw await vU(r),t.createLimitError();n.push(d),i=await r.read()}let s=new Uint8Array(a),c=0;for(let d of n)s.set(d,c),c+=d.byteLength;return s}o(Rs,"readBoundedByteStream");var bU=2,RU=1024*1024,CU=1e4,IU=new Set([301,302,303,307,308]),PU=["authorization","proxy-authorization","cookie","cookie2"];function Vl(e){return typeof e=="string"?e:e instanceof URL?e.toString():e.url}o(Vl,"readRequestUrl");function Kn(e,t){return t?.method!==void 0?t.method.toUpperCase():e instanceof Request?e.method.toUpperCase():"GET"}o(Kn,"readRequestMethod");function xU(e,t,r){let n=e.headers.get("content-length");if(!n)return;let a=Number.parseInt(n,10);if(Number.isFinite(a)&&a>t)throw g(r,"Outbound response exceeded the maximum allowed size.")}o(xU,"assertContentLengthWithinLimit");async function AU(e,t,r){return xU(e,t,r),Rs(e.body,{maxBytes:t,createLimitError:o(()=>g(r,"Outbound response exceeded the maximum allowed size."),"createLimitError")})}o(AU,"readBoundedResponseBody");function TU(e,t){let r=new ArrayBuffer(t.byteLength);return new Uint8Array(r).set(t),new Response(r,{status:e.status,statusText:e.statusText,headers:e.headers})}o(TU,"responseFromBufferedBody");function kU(e,t){if(!IU.has(e.status))return;let r=e.headers.get("location");if(r)return new URL(r,t).toString()}o(kU,"resolveRedirectUrl");function ZS(e,t){try{return t.validateUrl(e)}catch(r){throw g(t.problemCode,"Outbound URL was not allowed.",r)}}o(ZS,"validateOutboundUrl");function EU(e,t){throw he(e)!==void 0?e:g(t,"Outbound fetch failed.",e)}o(EU,"normalizeFetchError");function ba(e,t){if(e===void 0)return;let r={event:t.event,code:t.problemCode,method:t.method};if(t.host!==void 0&&(r.host=t.host),t.extra!==void 0)for(let[n,a]of Object.entries(t.extra))a!==void 0&&(r[n]=a);t.error!==void 0&&Oe(r,"error",t.error),e.log.warn(r,"Outbound HTTP exchange rejected")}o(ba,"logOutboundFailure");async function UU(e,t,r,n,a,i,s){let c=Kn(r,n);try{return await t(r,n)}catch(d){let p=d instanceof DOMException&&d.name==="AbortError";ba(e,{event:p?"outbound_fetch_aborted":"outbound_fetch_failed",problemCode:a,method:c,host:mt(i),error:d,extra:{abortReason:s()}}),EU(d,a)}}o(UU,"fetchWithNormalizedError");function OU(e){if(e.redirects>=e.maxRedirects)throw g(e.problemCode,"Outbound redirects exceeded the maximum allowed depth.");if(e.method!=="GET"&&e.method!=="HEAD")throw g(e.problemCode,"Outbound redirect after a non-idempotent request was blocked.")}o(OU,"assertRedirectAllowed");function $U(e,t){let r=new Headers(e);for(let n of PU)r.delete(n);for(let n of t)r.delete(n);return r}o($U,"stripCrossOriginHeaders");function zU(e,t,r,n,a){let i={...e,method:t,redirect:"manual",signal:r};return n&&(i.headers=$U(e.headers,a)),i}o(zU,"buildRedirectInit");function MU(e,t,r){let n={...t,redirect:"manual",signal:r};return n.headers===void 0&&e instanceof Request&&(n.headers=e.headers),n}o(MU,"buildInitialRequestInit");function qU(e){let t=Kn(e.currentInput,e.currentInit);OU({redirects:e.redirects,maxRedirects:e.maxRedirects,method:t,problemCode:e.problemCode});let r=ZS(e.redirectUrl,{problemCode:e.problemCode,validateUrl:e.validateUrl}),n=new URL(e.currentUrl),a=r.origin!==n.origin,i=r.toString();return{currentInput:i,currentUrl:i,currentInit:zU(e.currentInit,t,e.signal,a,e.additionalCrossOriginStrippedHeaders),redirects:e.redirects+1}}o(qU,"followRedirect");async function Fl(e,t,r){let n=r.problemCode??"invalid_request",a=r.maxRedirects??bU,i=r.maxResponseBytes??RU,s=r.timeoutMs??CU,c=r.fetchImpl??fetch,d=r.additionalCrossOriginStrippedHeaders??[],p=r.context,l=new AbortController,m=FS(l,t.signal),h=!1,y=setTimeout(()=>{h=!0,l.abort()},s),_=e,S=MU(e,t,l.signal),w;try{w=ZS(Vl(e),{problemCode:n,validateUrl:r.validateUrl}).toString()}catch(b){throw ba(p,{event:"outbound_url_blocked",problemCode:n,method:Kn(e,t),host:mt(Vl(e)),error:b}),clearTimeout(y),m?.(),b}let v=0;try{for(;;){let b=await UU(p,c,_,S,n,w,()=>h?`timeout_after_${s}ms`:void 0),R=kU(b,w);if(R!==void 0)try{let q=qU({currentInput:_,currentInit:S,currentUrl:w,redirectUrl:R,redirects:v,maxRedirects:a,problemCode:n,validateUrl:r.validateUrl,signal:l.signal,additionalCrossOriginStrippedHeaders:d});_=q.currentInput,S=q.currentInit,w=q.currentUrl,v=q.redirects;continue}catch(q){throw ba(p,{event:"outbound_redirect_blocked",problemCode:n,method:Kn(_,S),host:mt(w),error:q,extra:{redirects:v,maxRedirects:a,redirectTargetHost:mt(R)}}),q}try{return TU(b,await AU(b,i,n))}catch(q){throw ba(p,{event:"outbound_response_size_exceeded",problemCode:n,method:Kn(_,S),host:mt(w),error:q,extra:{maxResponseBytes:i,status:b.status}}),q}}}finally{clearTimeout(y),m?.()}}o(Fl,"runSafeOutboundExchange");async function Zl(e,t,r){let n=await Fl(e,t,r);try{return{response:n,json:await n.clone().json()}}catch(a){throw ba(r.context,{event:"outbound_json_parse_failed",problemCode:r.problemCode??"invalid_request",method:Kn(e,t),host:mt(Vl(e)),error:a,extra:{status:n.status,contentType:n.headers.get("content-type")??void 0}}),g(r.problemCode??"invalid_request","Outbound JSON response could not be parsed.",a)}}o(Zl,"runSafeOutboundJsonExchange");function Cs(e,t={},r={}){return Fl(e,t,{...r,validateUrl:GS})}o(Cs,"fetchConfiguredOutbound");function KS(e,t={},r={}){return Zl(e,t,{...r,validateUrl:VS})}o(KS,"fetchIdentityProviderJson");function WS(e,t={},r={}){return Zl(e,t,{...r,validateUrl:bs})}o(WS,"fetchCimdClientMetadataJson");ie();function Kl(e){return`Zuplo MCP Gateway - ${e}`}o(Kl,"buildGatewayOAuthClientName");function JS(e,t){let r=new URL(e,ce(t));return Le(r)&&gt(r.hostname)!=="localhost"&&(r.hostname="localhost"),r.toString()}o(JS,"buildGatewayOAuthRedirectUri");function Wl(e){let t=new URL(`/.well-known/oauth-client/${encodeURIComponent(e.upstreamServerId)}`,e.origin);return t.searchParams.set("authProfileId",e.authProfileId),t.toString()}o(Wl,"buildOAuthClientMetadataDocumentUrl");function YS(e){return ce(e)}o(YS,"requireOAuthClientMetadataOrigin");function QS(e,t,r){let n=rt(t),a=Qr(t,r);return{client_id:Wl({origin:e,upstreamServerId:t,authProfileId:r}),client_name:Kl(n.displayName),client_uri:new URL("/",e).toString(),redirect_uris:[new URL(a.redirectPath,e).toString()],grant_types:["authorization_code","refresh_token"],response_types:["code"],application_type:"web",token_endpoint_auth_method:"none"}}o(QS,"buildOAuthClientMetadataDocument");var NU=u.union([ua,zl]),jU=u.object({authorizationServerUrl:u.url(),resourceMetadataUrl:u.url().optional(),resourceMetadata:ws.optional(),authorizationServerMetadata:u.union([sa,vs]).optional()}).passthrough(),DU="Bearer";function HU(e){return e?e.split(/[,\s]+/).filter(Boolean):[]}o(HU,"splitScopes");function LU(e){return rs.parse(e)}o(LU,"parsePkceCodeVerifier");function BU(e){if(typeof e.expires_in=="number")return ne(new Date(Date.now()+e.expires_in*1e3))}o(BU,"readTokenExpiry");async function XS(e){if(e!==void 0)return Xr(JSON.stringify(e))}o(XS,"encryptJson");async function e_(e,t){if(!e)return;let r=await Qt(e);try{return t.parse(JSON.parse(r))}catch(n){throw g("oauth_state_invalid","Stored upstream OAuth JSON state is invalid.",n)}}o(e_,"decryptJson");function GU(e){if(e===void 0)return;let t={authorizationServerUrl:e.authorizationServerUrl};return e.resourceMetadataUrl!==void 0&&(t.resourceMetadataUrl=e.resourceMetadataUrl),e.resourceMetadata!==void 0&&(t.resourceMetadata=e.resourceMetadata),e.authorizationServerMetadata!==void 0&&(t.authorizationServerMetadata=e.authorizationServerMetadata),t}o(GU,"toOAuthDiscoveryState");function VU(e,t){return"redirect_uris"in e?e.redirect_uris.includes(t):!0}o(VU,"clientInformationAllowsRedirectUri");function FU(e,t,r){let n=rt(e),a=Qr(e,t),i;return a.scopes.length>0&&(i=a.scopes.join(a.scopeDelimiter)),{client_name:Kl(n.displayName),client_uri:new URL("/",new URL(r).origin).toString(),redirect_uris:[r],grant_types:["authorization_code","refresh_token"],response_types:["code"],application_type:"web",scope:i,token_endpoint_auth_method:"none"}}o(FU,"buildOAuthClientMetadata");function ZU(e){let t;if(e.registration.tokenEndpointAuthMethod!=="none"&&(t=e.registration.clientSecret,!t))throw g("internal_server_error",`Manual OAuth registration for ${e.upstreamServerId} requires clientSecret.`);return ua.parse({...e.clientMetadata,client_id:e.registration.clientId,token_endpoint_auth_method:e.registration.tokenEndpointAuthMethod,...t===void 0?{}:{client_secret:t}})}o(ZU,"buildManualOAuthClientInformation");function KU(e,t,r){let n=Wl({origin:new URL(r).origin,upstreamServerId:e,authProfileId:t});return Dl(n)?n:void 0}o(KU,"buildClientMetadataUrl");function t_(e){for(let t of e)if(t!==void 0)return t}o(t_,"firstDefined");function WU(e){let t=Qr(e.target.upstreamServerId,e.target.authProfileId),r=FU(e.target.upstreamServerId,e.target.authProfileId,e.redirectUri);if(t.clientRegistration.mode==="manual")return{clientMetadata:r,configuredClientInformation:ZU({clientMetadata:r,registration:t.clientRegistration,upstreamServerId:e.target.upstreamServerId})};let n=KU(e.target.upstreamServerId,e.target.authProfileId,e.redirectUri);return n===void 0?{clientMetadata:r}:{clientMetadata:r,clientMetadataUrl:n}}o(WU,"buildInitialOAuthClientSetup");function JU(e,t){if(t===void 0)return t_([e.pendingState?.encryptedClientInformation,e.connectionMetadata?.encryptedClientInformation,e.connection?.metadata?.encryptedClientInformation])}o(JU,"readEncryptedClientInformation");function YU(e){return t_([e.pendingState?.encryptedDiscoveryState,e.connectionMetadata?.encryptedDiscoveryState,e.connection?.metadata?.encryptedDiscoveryState])}o(YU,"readEncryptedDiscoveryState");var on=class{static{o(this,"UpstreamOAuthProvider")}clientMetadataUrl;target;redirectUriValue;returnOrigin;clientMetadataValue;configuredClientInformation;authorizationUrlValue;connection;pendingState;encryptedClientInformation;encryptedDiscoveryState;cachedClientInformation;clientInformationLoaded=!1;cachedDiscoveryState;discoveryStateLoaded=!1;cachedTokens;tokensLoaded=!1;constructor(t){let r=WU({target:t.target,redirectUri:t.redirectUri});this.target=t.target,this.redirectUriValue=t.redirectUri,this.returnOrigin=t.returnOrigin,this.clientMetadataValue=r.clientMetadata,this.configuredClientInformation=r.configuredClientInformation,r.clientMetadataUrl!==void 0&&(this.clientMetadataUrl=r.clientMetadataUrl),this.connection=t.connection,this.pendingState=t.pendingState?{...t.pendingState}:void 0,this.encryptedClientInformation=JU(t,this.configuredClientInformation),this.encryptedDiscoveryState=YU(t)}get authorizationUrl(){return this.authorizationUrlValue}get redirectUrl(){return this.redirectUriValue}get clientMetadata(){return this.clientMetadataValue}async state(){let t=await this.createPendingState();return yS({id:t.id,...aa({owner:this.target.owner,initiatedBySubjectId:t.initiatedBySubjectId,upstreamServerId:t.upstreamServerId,authProfileId:t.authProfileId,virtualServerId:t.virtualServerId})})}async clientInformation(){return this.configuredClientInformation?this.configuredClientInformation:this.loadPersistedClientInformation()}async saveClientInformation(t){this.configuredClientInformation||(this.cachedClientInformation=t,this.clientInformationLoaded=!0,this.encryptedClientInformation=await XS(t),await this.syncPendingState(!1))}async discoveryState(){return this.loadPersistedDiscoveryState()}async saveDiscoveryState(t){this.cachedDiscoveryState=t,this.discoveryStateLoaded=!0,this.encryptedDiscoveryState=await XS(t),await this.syncPendingState(!1)}async tokens(){return this.loadStoredTokens()}async saveTokens(t){let r=ca.parse(t),n=this.target.owner.mode==="user"?this.target.owner.subjectId:void 0;this.cachedTokens=r,this.tokensLoaded=!0;let a={id:this.connection?.id??ds(),ownerMode:this.target.owner.mode,subjectId:n,upstreamServerId:this.target.upstreamServerId,authProfileId:this.target.authProfileId,status:"active",encryptedAccessToken:await Xr(r.access_token),encryptedRefreshToken:r.refresh_token?await Xr(r.refresh_token):void 0,scopes:HU(r.scope??this.clientMetadataValue.scope),expiresAt:BU(r),metadata:this.readStoredOAuthPersistence(this.target.owner.mode==="shared"?this.target.initiatedBySubjectId:void 0)};this.connection=await J().upsertUpstreamConnection(a)}async redirectToAuthorization(t){this.authorizationUrlValue=t.toString()}async saveCodeVerifier(t){let r=await this.createPendingState();await this.persistPendingState({...r,codeVerifier:LU(t)})}async codeVerifier(){if(!this.pendingState?.codeVerifier)throw g("oauth_state_invalid","OAuth code verifier is missing");return this.pendingState.codeVerifier}async invalidateCredentials(t){let r=t==="all"||t==="client"||t==="tokens",n=t==="all"||t==="client",a=t==="all"||t==="discovery",i=t==="all"||t==="verifier";n&&(this.cachedClientInformation=void 0,this.clientInformationLoaded=!0,this.encryptedClientInformation=void 0),a&&(this.cachedDiscoveryState=void 0,this.discoveryStateLoaded=!0,this.encryptedDiscoveryState=void 0),r&&(this.cachedTokens=void 0,this.tokensLoaded=!0),await this.syncPendingState(i),await this.persistCredentialInvalidation(r)}async createPendingState(){if(this.pendingState)return this.pendingState;let t={id:sy(),...aa({owner:this.target.owner,initiatedBySubjectId:this.target.initiatedBySubjectId,upstreamServerId:this.target.upstreamServerId,authProfileId:this.target.authProfileId,virtualServerId:this.target.virtualServerId,...this.target.returnTo===void 0?{}:{returnTo:this.target.returnTo}}),callbackPath:new URL(this.redirectUriValue).pathname,expiresAt:ne(new Date(Date.now()+fS)),redirectUri:this.redirectUriValue,...this.returnOrigin===void 0?{}:{returnOrigin:this.returnOrigin},encryptedClientInformation:this.encryptedClientInformation,encryptedDiscoveryState:this.encryptedDiscoveryState,connectedBySubjectId:this.target.owner.mode==="shared"?this.target.initiatedBySubjectId:void 0};return await this.persistPendingState(t),t}async persistPendingState(t){await J().saveUpstreamOAuthState({record:t}),this.pendingState=t}async syncPendingState(t){this.pendingState&&await this.persistPendingState({...this.pendingState,codeVerifier:t?void 0:this.pendingState.codeVerifier,encryptedClientInformation:this.encryptedClientInformation,encryptedDiscoveryState:this.encryptedDiscoveryState})}async loadPersistedClientInformation(){if(this.clientInformationLoaded)return this.cachedClientInformation;let t;try{t=await e_(this.encryptedClientInformation,NU)}catch{this.encryptedClientInformation=void 0,this.cachedClientInformation=void 0,this.clientInformationLoaded=!0,await this.syncPendingState(!1),await this.persistCredentialInvalidation(!1);return}if(t&&!VU(t,this.redirectUriValue)){this.encryptedClientInformation=void 0,this.cachedClientInformation=void 0,this.clientInformationLoaded=!0,await this.syncPendingState(!1);return}return this.cachedClientInformation=t,this.clientInformationLoaded=!0,this.cachedClientInformation}async loadPersistedDiscoveryState(){if(this.discoveryStateLoaded)return this.cachedDiscoveryState;try{this.cachedDiscoveryState=GU(await e_(this.encryptedDiscoveryState,jU))}catch{this.encryptedDiscoveryState=void 0,this.cachedDiscoveryState=void 0,await this.syncPendingState(!1),await this.persistCredentialInvalidation(!1)}return this.discoveryStateLoaded=!0,this.cachedDiscoveryState}async loadStoredTokens(){if(this.tokensLoaded)return this.cachedTokens;if(this.tokensLoaded=!0,!this.connection?.encryptedAccessToken||this.connection.status!=="active")return;let t=ca.parse({access_token:await Qt(this.connection.encryptedAccessToken),token_type:DU,refresh_token:this.connection.encryptedRefreshToken?await Qt(this.connection.encryptedRefreshToken):void 0,scope:this.connection.scopes.length>0?this.connection.scopes.join(" "):void 0});return this.cachedTokens=t,t}async persistCredentialInvalidation(t){if(!this.connection)return;let r={id:this.connection.id,ownerMode:this.connection.ownerMode,subjectId:this.connection.subjectId,upstreamServerId:this.connection.upstreamServerId,authProfileId:this.connection.authProfileId,status:this.connection.status,encryptedAccessToken:this.connection.encryptedAccessToken,encryptedRefreshToken:this.connection.encryptedRefreshToken,scopes:[...this.connection.scopes],expiresAt:this.connection.expiresAt,metadata:this.connection.metadata?{...this.connection.metadata}:void 0};t&&(r.status="reconsent_required",r.encryptedAccessToken=void 0,r.encryptedRefreshToken=void 0,r.scopes=[],r.expiresAt=void 0),r.metadata=this.readStoredOAuthPersistence(this.connection.metadata?.connectedBySubjectId),this.connection=await J().upsertUpstreamConnection(r)}readStoredOAuthPersistence(t){if(!(!this.encryptedClientInformation&&!this.encryptedDiscoveryState&&!t))return{encryptedClientInformation:this.encryptedClientInformation,encryptedDiscoveryState:this.encryptedDiscoveryState,connectedBySubjectId:t}}};var QU=1e4,XU=256*1024,eO=2;function tO(e){return!e||e.status!=="active"||!e.encryptedAccessToken?!1:e.expiresAt?new Date(e.expiresAt).getTime()>Date.now():!0}o(tO,"hasUsableAccessToken");var rO="does not support dynamic client registration";function nO(e){return e instanceof Error&&e.message.includes(rO)}o(nO,"isDynamicClientRegistrationUnsupported");function oO(e){return typeof e=="string"||e instanceof URL?{url:new URL(e.toString())}:{method:e.method,url:new URL(e.url)}}o(oO,"readOAuthFetchRequest");function aO(e,t){return(e.headers.get("content-type")??"").includes("json")||t.trimStart().startsWith("{")||t.trimStart().startsWith("[")}o(aO,"responseLooksJson");function r_(e){return async(t,r)=>{let n=oO(t),a=await Cs(t,r,{maxRedirects:eO,maxResponseBytes:XU,problemCode:"upstream_token_exchange_failed",timeoutMs:QU}),i=await a.clone().text();if(!aO(a,i))return a;try{JSON.parse(i)}catch(s){throw g("upstream_token_exchange_failed",`Upstream OAuth fetch ${n.url.origin}${n.url.pathname} for ${e} returned invalid JSON.`,s)}return a}}o(r_,"createUpstreamOAuthFetch");async function n_(e,t){try{return await Ar(e,{serverUrl:t.serverUrl,resourceMetadataUrl:new URL(t.resourceMetadataUrl),fetchFn:r_(t.upstreamServerId)})}catch(r){throw nO(r)?g("upstream_client_registration_required",`The authorization server for ${t.upstreamServerId} does not advertise Client ID Metadata Document support and does not support Dynamic Client Registration. Register a client for the gateway manually before retrying.`,r):r}}o(n_,"runUpstreamOAuth");async function iO(e,t){return Ar(e,{serverUrl:t.serverUrl,authorizationCode:t.authorizationCode,resourceMetadataUrl:new URL(t.resourceMetadataUrl),fetchFn:r_(t.upstreamServerId)})}o(iO,"exchangeUpstreamAuthorizationCode");async function o_(e,t){let r=await n_(e,t);if(r==="REDIRECT"&&e.authorizationUrl)return e.authorizationUrl;throw r==="AUTHORIZED"?g("upstream_token_exchange_failed",`OAuth connect flow reused existing credentials instead of producing a redirect for ${t.upstreamServerId}`):g("upstream_token_exchange_failed",`Unexpected OAuth result for ${t.upstreamServerId}: ${r}`)}o(o_,"requireUpstreamAuthorizationRedirect");async function a_(e){if(tO(e.connection))return{kind:"authorized",credential:{type:"mcp_oauth_provider",provider:e.provider}};let t=await n_(e.provider,{upstreamServerId:e.target.upstreamServerId,serverUrl:e.serverUrl,resourceMetadataUrl:e.resourceMetadataUrl});if(t==="AUTHORIZED")return{kind:"authorized",credential:{type:"mcp_oauth_provider",provider:e.provider}};if(t!=="REDIRECT")throw g("upstream_token_exchange_failed",`Unexpected OAuth result for ${e.target.upstreamServerId}: ${t}`);if(!e.provider.authorizationUrl)throw g("upstream_token_exchange_failed",`OAuth connect-required flow did not produce a redirect for ${e.target.upstreamServerId}`);return{kind:"connect_required",payload:await lO({requestUrl:e.target.request.url,connection:e.connection,owner:e.target.owner,initiatedBySubjectId:e.target.initiatedBySubjectId,upstreamServerId:e.target.upstreamServerId,authProfileId:e.target.authProfileId,upstreamDisplayName:e.upstreamDisplayName,virtualServerId:e.target.virtualServerId,...e.target.returnTo===void 0?{}:{returnTo:e.target.returnTo}})}}o(a_,"authorizeUpstreamOAuthSession");async function sO(e){let t=await gs(e.stateToken),r=await J().consumeUpstreamOAuthState({id:t.id,now:ne(new Date)}),n=cO(r);return uO({storedState:n,signedState:t,upstreamServerId:e.upstreamServerId,callbackPath:new URL(e.request.url).pathname}),dO(n),n}o(sO,"consumeStoredCallbackState");function cO(e){switch(e.kind){case"consumed":throw g("oauth_state_reused","OAuth state has already been used");case"missing":throw g("oauth_state_expired","OAuth state is missing or expired");case"available":return e.record}}o(cO,"readConsumedCallbackState");function uO(e){if(![e.storedState.ownerMode===e.signedState.ownerMode,e.storedState.initiatedBySubjectId===e.signedState.initiatedBySubjectId,e.storedState.ownerSubjectId===e.signedState.ownerSubjectId,e.storedState.upstreamServerId===e.signedState.upstreamServerId,e.storedState.authProfileId===e.signedState.authProfileId,e.storedState.virtualServerId===e.signedState.virtualServerId,e.storedState.upstreamServerId===e.upstreamServerId,e.storedState.callbackPath===e.callbackPath].every(Boolean))throw g("oauth_callback_mismatch","OAuth callback did not match the initiating request")}o(uO,"assertStoredCallbackStateMatches");function dO(e){if(new Date(e.expiresAt).getTime()<=Date.now())throw g("oauth_state_expired","OAuth state has expired")}o(dO,"assertStoredCallbackStateFresh");async function lO(e){if(e.owner.mode==="shared"){let r={upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,upstreamDisplayName:e.upstreamDisplayName,virtualServerId:e.virtualServerId,requiresReconsent:!!e.connection};return e.connection!==void 0&&(r.connectionId=e.connection.id),vS(r)}let t={requestUrl:e.requestUrl,owner:e.owner,initiatedBySubjectId:e.initiatedBySubjectId,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,upstreamDisplayName:e.upstreamDisplayName,virtualServerId:e.virtualServerId,subject:"tool",requiresReconsent:!!e.connection,...e.returnTo===void 0?{}:{returnTo:e.returnTo}};return e.connection!==void 0&&(t.connectionId=e.connection.id),Vn(t)}o(lO,"buildOAuthConnectRequiredResponse");async function i_(e){let t=await sO({request:e.request,upstreamServerId:e.upstreamServerId,stateToken:e.stateToken}),r=Ln(t),[n]=await J().batchGetUpstreamConnections([{owner:r,upstreamServerId:t.upstreamServerId,authProfileId:t.authProfileId}]),a={target:{owner:r,initiatedBySubjectId:t.initiatedBySubjectId,upstreamServerId:t.upstreamServerId,authProfileId:t.authProfileId,virtualServerId:t.virtualServerId,...t.returnTo===void 0?{}:{returnTo:t.returnTo}},redirectUri:t.redirectUri,pendingState:t};n!==void 0&&(a.connection=n);let i=new on(a),s=await iO(i,{upstreamServerId:e.upstreamServerId,serverUrl:e.upstreamServerConfig.transport.baseUrl,authorizationCode:e.authorizationCode,resourceMetadataUrl:e.upstreamServerConfig.transport.resourceMetadataUrl});if(s==="AUTHORIZED")return t;throw s!=="REDIRECT"?g("upstream_token_exchange_failed",`Unexpected OAuth result for ${e.upstreamServerId}: ${s}`):g("upstream_token_exchange_failed",`OAuth callback flow did not finish authorization for ${e.upstreamServerId}`)}o(i_,"finishUpstreamOAuthCallback");async function s_(e){let t=rt(e.upstreamServerId),r=Qr(e.upstreamServerId,e.authProfileId),n=JS(r.redirectPath,e.request.url),a="preloadedConnection"in e?e.preloadedConnection:(await J().batchGetUpstreamConnections([{owner:e.owner,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId}]))[0];return{upstreamServerConfig:t,connection:a,providerInput:{target:{owner:e.owner,initiatedBySubjectId:e.initiatedBySubjectId,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,virtualServerId:e.virtualServerId,...e.returnTo===void 0?{}:{returnTo:e.returnTo}},redirectUri:n,returnOrigin:ce(e.request.url)}}}o(s_,"prepareUpstreamOAuthRequest");async function c_(e){let t=await s_(e),r=new on({...t.providerInput,...t.connection?.metadata===void 0?{}:{connectionMetadata:t.connection.metadata}});return o_(r,{upstreamServerId:e.upstreamServerId,serverUrl:t.upstreamServerConfig.transport.baseUrl,resourceMetadataUrl:t.upstreamServerConfig.transport.resourceMetadataUrl})}o(c_,"startUpstreamConnect");async function u_(e){let t=await s_(e),r=new on({...t.providerInput,...t.connection===void 0?{}:{connection:t.connection}});return a_({target:e,provider:r,connection:t.connection,upstreamDisplayName:t.upstreamServerConfig.displayName,serverUrl:t.upstreamServerConfig.transport.baseUrl,resourceMetadataUrl:t.upstreamServerConfig.transport.resourceMetadataUrl})}o(u_,"authorizeUpstreamRequest");function pO(e,t){switch(e.kind){case"bearer_token":{if(!e.token)throw g("internal_server_error",`Static bearer token is not configured for upstream ${t}.`);return{type:"bearer_token",token:e.token}}case"headers":{let r={};for(let n of e.headers){if(!n.value)throw g("internal_server_error",`Static header ${n.name} is not configured for upstream ${t}.`);r[n.name]=n.value}return{type:"headers",headers:r}}}}o(pO,"resolveStaticSecretCredential");async function d_(e){let{routeAuth:t}=e;switch(t.authMode){case"shared-oauth":case"user_oauth":return u_({request:e.request,owner:t.owner,initiatedBySubjectId:t.initiatedBySubjectId,upstreamServerId:t.upstreamServerId,authProfileId:t.authProfileId,virtualServerId:t.virtualServerId,..."preloadedConnection"in e?{preloadedConnection:e.preloadedConnection}:{}});case"shared-secret":return xS({owner:t.owner,initiatedBySubjectId:t.initiatedBySubjectId,authProfileId:t.authProfileId,upstreamServerId:t.upstreamServerId,virtualServerId:t.virtualServerId,..."preloadedConnection"in e?{preloadedConnection:e.preloadedConnection}:{}});case"static_secret":{let n=Ir({upstreamServerId:t.upstreamServerId,authProfileId:t.authProfileId});if(n.mode!=="static_secret")throw g("internal_server_error",`Resolved static-secret credential context loaded ${n.mode} config.`);return{kind:"authorized",credential:pO(n.secret,t.upstreamServerId)}}case"user-secret":return kS({request:e.request,owner:t.owner,initiatedBySubjectId:t.initiatedBySubjectId,authProfileId:t.authProfileId,upstreamServerId:t.upstreamServerId,virtualServerId:t.virtualServerId,..."preloadedConnection"in e?{preloadedConnection:e.preloadedConnection}:{}})}throw g("internal_server_error",`Unsupported upstream auth route context ${JSON.stringify(t)}.`)}o(d_,"resolveUpstreamCredentialForRoute");async function l_(e){let t=Cr(e.principal.subjectId),r=ht().byVirtualServerId.get(e.virtualServerId);if(r)for(let n of r.connections)n.authConfig.mode!=="user-secret"||n.authConfig.secret.kind!=="bearer_token"||n.authConfig.secret.capture!=="browser_login"||await _s({owner:t,initiatedBySubjectId:e.principal.subjectId,upstreamServerId:n.upstreamServerId,authProfileId:n.authProfileId,token:e.apiKey})}o(l_,"saveBrowserLoginApiKeyCredentialsForVirtualServer");async function p_(e){let t,r={request:e.request,owner:e.connectRequest.owner,initiatedBySubjectId:e.connectRequest.initiatedBySubjectId,upstreamServerId:e.connectRequest.upstreamServerId,authProfileId:e.connectRequest.authProfileId,virtualServerId:e.connectRequest.virtualServerId,...e.connectRequest.returnTo===void 0?{}:{returnTo:e.connectRequest.returnTo}},n=$t(e.connectRequest.authMode);switch(n.connectSupport){case"oauth_authorization":t=await c_(r);break;case"user_secret_capture":t=await ES(r);break;case"none":throw g("invalid_request",n.connectUnsupportedDetail??`Upstream server ${e.connectRequest.upstreamServerId} does not support browser connection flows.`)}return{authProfileId:e.connectRequest.authProfileId,authUrl:t,initiatedBySubjectId:e.connectRequest.initiatedBySubjectId,owner:e.connectRequest.owner,upstreamDisplayName:e.connectRequest.upstreamDisplayName,virtualServerId:e.connectRequest.virtualServerId}}o(p_,"startUpstreamConnectForRequest");async function m_(e){let r=(await gs(e.callbackRequest.state)).authProfileId,n=Ir({upstreamServerId:e.callbackRequest.upstreamServerId,authProfileId:r});if($t(n.mode).callbackSupport!=="authorization_code")throw g("invalid_request",`Upstream server ${e.callbackRequest.upstreamServerId} does not support OAuth callbacks.`);return i_({request:e.request,upstreamServerId:e.callbackRequest.upstreamServerId,authorizationCode:e.callbackRequest.code,stateToken:e.callbackRequest.state,upstreamServerConfig:rt(e.callbackRequest.upstreamServerId)})}o(m_,"finishUpstreamCallbackForRequest");var Is=class{static{o(this,"ExperimentalClientTasks")}constructor(t){this._client=t}async*callToolStream(t,r=mr,n){let a=this._client,i={...n,task:n?.task??(a.isToolTask(t.name)?{}:void 0)},s=a.requestStream({method:"tools/call",params:t},r,i),c=a.getToolOutputValidator(t.name);for await(let d of s){if(d.type==="result"&&c){let p=d.result;if(!p.structuredContent&&!p.isError){yield{type:"error",error:new A(U.InvalidRequest,`Tool ${t.name} has an output schema but did not return structured content`)};return}if(p.structuredContent)try{let l=c(p.structuredContent);if(!l.valid){yield{type:"error",error:new A(U.InvalidParams,`Structured content does not match the tool's output schema: ${l.errorMessage}`)};return}}catch(l){if(l instanceof A){yield{type:"error",error:l};return}yield{type:"error",error:new A(U.InvalidParams,`Failed to validate structured content: ${l instanceof Error?l.message:String(l)}`)};return}}yield d}}async getTask(t,r){return this._client.getTask({taskId:t},r)}async getTaskResult(t,r,n){return this._client.getTaskResult({taskId:t},r,n)}async listTasks(t,r){return this._client.listTasks(t?{cursor:t}:void 0,r)}async cancelTask(t,r){return this._client.cancelTask({taskId:t},r)}requestStream(t,r,n){return this._client.requestStream(t,r,n)}};function Ps(e,t){if(!(!e||t===null||typeof t!="object")){if(e.type==="object"&&e.properties&&typeof e.properties=="object"){let r=t,n=e.properties;for(let a of Object.keys(n)){let i=n[a];r[a]===void 0&&Object.prototype.hasOwnProperty.call(i,"default")&&(r[a]=i.default),r[a]!==void 0&&Ps(i,r[a])}}if(Array.isArray(e.anyOf))for(let r of e.anyOf)typeof r!="boolean"&&Ps(r,t);if(Array.isArray(e.oneOf))for(let r of e.oneOf)typeof r!="boolean"&&Ps(r,t)}}o(Ps,"applyElicitationDefaults");function mO(e){if(!e)return{supportsFormMode:!1,supportsUrlMode:!1};let t=e.form!==void 0,r=e.url!==void 0;return{supportsFormMode:t||!t&&!r,supportsUrlMode:r}}o(mO,"getSupportedElicitationModes");var xs=class extends gn{static{o(this,"Client")}constructor(t,r){super(r),this._clientInfo=t,this._cachedToolOutputValidators=new Map,this._cachedKnownTaskTools=new Set,this._cachedRequiredTaskTools=new Set,this._listChangedDebounceTimers=new Map,this._capabilities=r?.capabilities??{},this._jsonSchemaValidator=r?.jsonSchemaValidator??new On,r?.listChanged&&(this._pendingListChangedConfig=r.listChanged)}_setupListChangedHandlers(t){t.tools&&this._serverCapabilities?.tools?.listChanged&&this._setupListChangedHandler("tools",Tc,t.tools,async()=>(await this.listTools()).tools),t.prompts&&this._serverCapabilities?.prompts?.listChanged&&this._setupListChangedHandler("prompts",Pc,t.prompts,async()=>(await this.listPrompts()).prompts),t.resources&&this._serverCapabilities?.resources?.listChanged&&this._setupListChangedHandler("resources",yc,t.resources,async()=>(await this.listResources()).resources)}get experimental(){return this._experimental||(this._experimental={tasks:new Is(this)}),this._experimental}registerCapabilities(t){if(this.transport)throw new Error("Cannot register capabilities after connecting to transport");this._capabilities=Qa(this._capabilities,t)}setRequestHandler(t,r){let a=ln(t)?.method;if(!a)throw new Error("Schema is missing a method literal");let i;if(cr(a)){let c=a;i=c._zod?.def?.value??c.value}else{let c=a;i=c._def?.value??c.value}if(typeof i!="string")throw new Error("Schema method literal must be a string");let s=i;if(s==="elicitation/create"){let c=o(async(d,p)=>{let l=Ge(Uc,d);if(!l.success){let b=l.error instanceof Error?l.error.message:String(l.error);throw new A(U.InvalidParams,`Invalid elicitation request: ${b}`)}let{params:m}=l.data;m.mode=m.mode??"form";let{supportsFormMode:h,supportsUrlMode:y}=mO(this._capabilities.elicitation);if(m.mode==="form"&&!h)throw new A(U.InvalidParams,"Client does not support form-mode elicitation requests");if(m.mode==="url"&&!y)throw new A(U.InvalidParams,"Client does not support URL-mode elicitation requests");let _=await Promise.resolve(r(d,p));if(m.task){let b=Ge(Lt,_);if(!b.success){let R=b.error instanceof Error?b.error.message:String(b.error);throw new A(U.InvalidParams,`Invalid task creation result: ${R}`)}return b.data}let S=Ge(fr,_);if(!S.success){let b=S.error instanceof Error?S.error.message:String(S.error);throw new A(U.InvalidParams,`Invalid elicitation result: ${b}`)}let w=S.data,v=m.mode==="form"?m.requestedSchema:void 0;if(m.mode==="form"&&w.action==="accept"&&w.content&&v&&this._capabilities.elicitation?.form?.applyDefaults)try{Ps(v,w.content)}catch{}return w},"wrappedHandler");return super.setRequestHandler(t,c)}if(s==="sampling/createMessage"){let c=o(async(d,p)=>{let l=Ge(Ec,d);if(!l.success){let w=l.error instanceof Error?l.error.message:String(l.error);throw new A(U.InvalidParams,`Invalid sampling request: ${w}`)}let{params:m}=l.data,h=await Promise.resolve(r(d,p));if(m.task){let w=Ge(Lt,h);if(!w.success){let v=w.error instanceof Error?w.error.message:String(w.error);throw new A(U.InvalidParams,`Invalid task creation result: ${v}`)}return w.data}let _=m.tools||m.toolChoice?vo:zr,S=Ge(_,h);if(!S.success){let w=S.error instanceof Error?S.error.message:String(S.error);throw new A(U.InvalidParams,`Invalid sampling result: ${w}`)}return S.data},"wrappedHandler");return super.setRequestHandler(t,c)}return super.setRequestHandler(t,r)}assertCapability(t,r){if(!this._serverCapabilities?.[t])throw new Error(`Server does not support ${t} (required for ${r})`)}async connect(t,r){if(await super.connect(t),t.sessionId===void 0)try{let n=await this.request({method:"initialize",params:{protocolVersion:dr,capabilities:this._capabilities,clientInfo:this._clientInfo}},uc,r);if(n===void 0)throw new Error(`Server sent invalid initialize result: ${n}`);if(!lr.includes(n.protocolVersion))throw new Error(`Server's protocol version is not supported: ${n.protocolVersion}`);this._serverCapabilities=n.capabilities,this._serverVersion=n.serverInfo,t.setProtocolVersion&&t.setProtocolVersion(n.protocolVersion),this._instructions=n.instructions,await this.notification({method:"notifications/initialized"}),this._pendingListChangedConfig&&(this._setupListChangedHandlers(this._pendingListChangedConfig),this._pendingListChangedConfig=void 0)}catch(n){throw this.close(),n}}getServerCapabilities(){return this._serverCapabilities}getServerVersion(){return this._serverVersion}getInstructions(){return this._instructions}assertCapabilityForMethod(t){switch(t){case"logging/setLevel":if(!this._serverCapabilities?.logging)throw new Error(`Server does not support logging (required for ${t})`);break;case"prompts/get":case"prompts/list":if(!this._serverCapabilities?.prompts)throw new Error(`Server does not support prompts (required for ${t})`);break;case"resources/list":case"resources/templates/list":case"resources/read":case"resources/subscribe":case"resources/unsubscribe":if(!this._serverCapabilities?.resources)throw new Error(`Server does not support resources (required for ${t})`);if(t==="resources/subscribe"&&!this._serverCapabilities.resources.subscribe)throw new Error(`Server does not support resource subscriptions (required for ${t})`);break;case"tools/call":case"tools/list":if(!this._serverCapabilities?.tools)throw new Error(`Server does not support tools (required for ${t})`);break;case"completion/complete":if(!this._serverCapabilities?.completions)throw new Error(`Server does not support completions (required for ${t})`);break;case"initialize":break;case"ping":break}}assertNotificationCapability(t){switch(t){case"notifications/roots/list_changed":if(!this._capabilities.roots?.listChanged)throw new Error(`Client does not support roots list changed notifications (required for ${t})`);break;case"notifications/initialized":break;case"notifications/cancelled":break;case"notifications/progress":break}}assertRequestHandlerCapability(t){if(this._capabilities)switch(t){case"sampling/createMessage":if(!this._capabilities.sampling)throw new Error(`Client does not support sampling capability (required for ${t})`);break;case"elicitation/create":if(!this._capabilities.elicitation)throw new Error(`Client does not support elicitation capability (required for ${t})`);break;case"roots/list":if(!this._capabilities.roots)throw new Error(`Client does not support roots capability (required for ${t})`);break;case"tasks/get":case"tasks/list":case"tasks/result":case"tasks/cancel":if(!this._capabilities.tasks)throw new Error(`Client does not support tasks capability (required for ${t})`);break;case"ping":break}}assertTaskCapability(t){Mi(this._serverCapabilities?.tasks?.requests,t,"Server")}assertTaskHandlerCapability(t){this._capabilities&&qi(this._capabilities.tasks?.requests,t,"Client")}async ping(t){return this.request({method:"ping"},Ht,t)}async complete(t,r){return this.request({method:"completion/complete",params:t},Oc,r)}async setLoggingLevel(t,r){return this.request({method:"logging/setLevel",params:{level:t}},Ht,r)}async getPrompt(t,r){return this.request({method:"prompts/get",params:t},Ic,r)}async listPrompts(t,r){return this.request({method:"prompts/list",params:t},_c,r)}async listResources(t,r){return this.request({method:"resources/list",params:t},pc,r)}async listResourceTemplates(t,r){return this.request({method:"resources/templates/list",params:t},mc,r)}async readResource(t,r){return this.request({method:"resources/read",params:t},gc,r)}async subscribeResource(t,r){return this.request({method:"resources/subscribe",params:t},Ht,r)}async unsubscribeResource(t,r){return this.request({method:"resources/unsubscribe",params:t},Ht,r)}async callTool(t,r=mr,n){if(this.isToolTaskRequired(t.name))throw new A(U.InvalidRequest,`Tool "${t.name}" requires task-based execution. Use client.experimental.tasks.callToolStream() instead.`);let a=await this.request({method:"tools/call",params:t},r,n),i=this.getToolOutputValidator(t.name);if(i){if(!a.structuredContent&&!a.isError)throw new A(U.InvalidRequest,`Tool ${t.name} has an output schema but did not return structured content`);if(a.structuredContent)try{let s=i(a.structuredContent);if(!s.valid)throw new A(U.InvalidParams,`Structured content does not match the tool's output schema: ${s.errorMessage}`)}catch(s){throw s instanceof A?s:new A(U.InvalidParams,`Failed to validate structured content: ${s instanceof Error?s.message:String(s)}`)}}return a}isToolTask(t){return this._serverCapabilities?.tasks?.requests?.tools?.call?this._cachedKnownTaskTools.has(t):!1}isToolTaskRequired(t){return this._cachedRequiredTaskTools.has(t)}cacheToolMetadata(t){this._cachedToolOutputValidators.clear(),this._cachedKnownTaskTools.clear(),this._cachedRequiredTaskTools.clear();for(let r of t){if(r.outputSchema){let a=this._jsonSchemaValidator.getValidator(r.outputSchema);this._cachedToolOutputValidators.set(r.name,a)}let n=r.execution?.taskSupport;(n==="required"||n==="optional")&&this._cachedKnownTaskTools.add(r.name),n==="required"&&this._cachedRequiredTaskTools.add(r.name)}}getToolOutputValidator(t){return this._cachedToolOutputValidators.get(t)}async listTools(t,r){let n=await this.request({method:"tools/list",params:t},Ac,r);return this.cacheToolMetadata(n.tools),n}_setupListChangedHandler(t,r,n,a){let i=dm.safeParse(n);if(!i.success)throw new Error(`Invalid ${t} listChanged options: ${i.error.message}`);if(typeof n.onChanged!="function")throw new Error(`Invalid ${t} listChanged options: onChanged must be a function`);let{autoRefresh:s,debounceMs:c}=i.data,{onChanged:d}=n,p=o(async()=>{if(!s){d(null,null);return}try{let m=await a();d(null,m)}catch(m){let h=m instanceof Error?m:new Error(String(m));d(h,null)}},"refresh"),l=o(()=>{if(c){let m=this._listChangedDebounceTimers.get(t);m&&clearTimeout(m);let h=setTimeout(p,c);this._listChangedDebounceTimers.set(t,h)}else p()},"handler");this.setNotificationHandler(r,l)}async sendRootsListChanged(){return this.notification({method:"notifications/roots/list_changed"})}};function As(e){return e?e instanceof Headers?Object.fromEntries(e.entries()):Array.isArray(e)?Object.fromEntries(e):{...e}:{}}o(As,"normalizeHeaders");function f_(e=fetch,t){return t?async(r,n)=>{let a={...t,...n,headers:n?.headers?{...As(t.headers),...As(n.headers)}:t.headers};return e(r,a)}:e}o(f_,"createFetchWithInit");var Ts=class extends Error{static{o(this,"ParseError")}constructor(t,r){super(t),this.name="ParseError",this.type=r.type,this.field=r.field,this.value=r.value,this.line=r.line}};function Jl(e){}o(Jl,"noop");function h_(e){if(typeof e=="function")throw new TypeError("`callbacks` must be an object, got a function instead. Did you mean `{onEvent: fn}`?");let{onEvent:t=Jl,onError:r=Jl,onRetry:n=Jl,onComment:a}=e,i="",s=!0,c,d="",p="";function l(S){let w=s?S.replace(/^\xEF\xBB\xBF/,""):S,[v,b]=fO(`${i}${w}`);for(let R of v)m(R);i=b,s=!1}o(l,"feed");function m(S){if(S===""){y();return}if(S.startsWith(":")){a&&a(S.slice(S.startsWith(": ")?2:1));return}let w=S.indexOf(":");if(w!==-1){let v=S.slice(0,w),b=S[w+1]===" "?2:1,R=S.slice(w+b);h(v,R,S);return}h(S,"",S)}o(m,"parseLine");function h(S,w,v){switch(S){case"event":p=w;break;case"data":d=`${d}${w}
48
- `;break;case"id":c=w.includes("\0")?void 0:w;break;case"retry":/^\d+$/.test(w)?n(parseInt(w,10)):r(new Ts(`Invalid \`retry\` value: "${w}"`,{type:"invalid-retry",value:w,line:v}));break;default:r(new Ts(`Unknown field "${S.length>20?`${S.slice(0,20)}\u2026`:S}"`,{type:"unknown-field",field:S,value:w,line:v}));break}}o(h,"processField");function y(){d.length>0&&t({id:c,event:p||void 0,data:d.endsWith(`
49
- `)?d.slice(0,-1):d}),c=void 0,d="",p=""}o(y,"dispatchEvent");function _(S={}){i&&S.consume&&m(i),s=!0,c=void 0,d="",p="",i=""}return o(_,"reset"),{feed:l,reset:_}}o(h_,"createParser");function fO(e){let t=[],r="",n=0;for(;n<e.length;){let a=e.indexOf("\r",n),i=e.indexOf(`
46
+ - `)}`,new Error(P)}let B=`${c}/$ref`,E=fe(e,z,r,n,a,i,s,B,d);if(E.valid||k.push({instanceLocation:s,keyword:"$ref",keywordLocation:B,error:"A subschema had errors."},...E.errors),r==="4"||r==="7")return{valid:k.length===0,errors:k}}if(Array.isArray(_)){let D=_.length,z=!1;for(let B=0;B<D;B++)if(l===_[B]||_[B]==="integer"&&l==="number"&&e%1===0&&e===e){z=!0;break}z||k.push({instanceLocation:s,keyword:"type",keywordLocation:`${c}/type`,error:`Instance type "${l}" is invalid. Expected "${_.join('", "')}".`})}else _==="integer"?(l!=="number"||e%1||e!==e)&&k.push({instanceLocation:s,keyword:"type",keywordLocation:`${c}/type`,error:`Instance type "${l}" is invalid. Expected "${_}".`}):_!==void 0&&l!==_&&k.push({instanceLocation:s,keyword:"type",keywordLocation:`${c}/type`,error:`Instance type "${l}" is invalid. Expected "${_}".`});if(S!==void 0&&(l==="object"||l==="array"?zn(e,S)||k.push({instanceLocation:s,keyword:"const",keywordLocation:`${c}/const`,error:`Instance does not match ${JSON.stringify(S)}.`}):e!==S&&k.push({instanceLocation:s,keyword:"const",keywordLocation:`${c}/const`,error:`Instance does not match ${JSON.stringify(S)}.`})),w!==void 0&&(l==="object"||l==="array"?w.some(D=>zn(e,D))||k.push({instanceLocation:s,keyword:"enum",keywordLocation:`${c}/enum`,error:`Instance does not match any of ${JSON.stringify(w)}.`}):w.some(D=>e===D)||k.push({instanceLocation:s,keyword:"enum",keywordLocation:`${c}/enum`,error:`Instance does not match any of ${JSON.stringify(w)}.`})),b!==void 0){let D=`${c}/not`;fe(e,b,r,n,a,i,s,D).valid&&k.push({instanceLocation:s,keyword:"not",keywordLocation:D,error:'Instance matched "not" schema.'})}let qa=[];if(R!==void 0){let D=`${c}/anyOf`,z=k.length,B=!1;for(let E=0;E<R.length;E++){let P=R[E],H=Object.create(d),j=fe(e,P,r,n,a,y===!0?i:null,s,`${D}/${E}`,H);k.push(...j.errors),B=B||j.valid,j.valid&&qa.push(H)}B?k.length=z:k.splice(z,0,{instanceLocation:s,keyword:"anyOf",keywordLocation:D,error:"Instance does not match any subschemas."})}if(q!==void 0){let D=`${c}/allOf`,z=k.length,B=!0;for(let E=0;E<q.length;E++){let P=q[E],H=Object.create(d),j=fe(e,P,r,n,a,y===!0?i:null,s,`${D}/${E}`,H);k.push(...j.errors),B=B&&j.valid,j.valid&&qa.push(H)}B?k.length=z:k.splice(z,0,{instanceLocation:s,keyword:"allOf",keywordLocation:D,error:"Instance does not match every subschema."})}if(N!==void 0){let D=`${c}/oneOf`,z=k.length,B=N.filter((E,P)=>{let H=Object.create(d),j=fe(e,E,r,n,a,y===!0?i:null,s,`${D}/${P}`,H);return k.push(...j.errors),j.valid&&qa.push(H),j.valid}).length;B===1?k.length=z:k.splice(z,0,{instanceLocation:s,keyword:"oneOf",keywordLocation:D,error:`Instance does not match exactly one subschema (${B} matches).`})}if((l==="object"||l==="array")&&Object.assign(d,...qa),qe!==void 0){let D=`${c}/if`;if(fe(e,qe,r,n,a,i,s,D,d).valid){if(it!==void 0){let B=fe(e,it,r,n,a,i,s,`${c}/then`,d);B.valid||k.push({instanceLocation:s,keyword:"if",keywordLocation:D,error:'Instance does not match "then" schema.'},...B.errors)}}else if(dn!==void 0){let B=fe(e,dn,r,n,a,i,s,`${c}/else`,d);B.valid||k.push({instanceLocation:s,keyword:"if",keywordLocation:D,error:'Instance does not match "else" schema.'},...B.errors)}}if(l==="object"){if(v!==void 0)for(let E of v)E in e||k.push({instanceLocation:s,keyword:"required",keywordLocation:`${c}/required`,error:`Instance does not have required property "${E}".`});let D=Object.keys(e);if(io!==void 0&&D.length<io&&k.push({instanceLocation:s,keyword:"minProperties",keywordLocation:`${c}/minProperties`,error:`Instance does not have at least ${io} properties.`}),Zs!==void 0&&D.length>Zs&&k.push({instanceLocation:s,keyword:"maxProperties",keywordLocation:`${c}/maxProperties`,error:`Instance does not have at least ${Zs} properties.`}),kp!==void 0){let E=`${c}/propertyNames`;for(let P in e){let H=`${s}/${at(P)}`,j=fe(P,kp,r,n,a,i,H,E);j.valid||k.push({instanceLocation:s,keyword:"propertyNames",keywordLocation:E,error:`Property name "${P}" does not match schema.`},...j.errors)}}if(Ks!==void 0){let E=`${c}/dependantRequired`;for(let P in Ks)if(P in e){let H=Ks[P];for(let j of H)j in e||k.push({instanceLocation:s,keyword:"dependentRequired",keywordLocation:E,error:`Instance has "${P}" but does not have "${j}".`})}}if(Ws!==void 0)for(let E in Ws){let P=`${c}/dependentSchemas`;if(E in e){let H=fe(e,Ws[E],r,n,a,i,s,`${P}/${at(E)}`,d);H.valid||k.push({instanceLocation:s,keyword:"dependentSchemas",keywordLocation:P,error:`Instance has "${E}" but does not match dependant schema.`},...H.errors)}}if(Js!==void 0){let E=`${c}/dependencies`;for(let P in Js)if(P in e){let H=Js[P];if(Array.isArray(H))for(let j of H)j in e||k.push({instanceLocation:s,keyword:"dependencies",keywordLocation:E,error:`Instance has "${P}" but does not have "${j}".`});else{let j=fe(e,H,r,n,a,i,s,`${E}/${at(P)}`);j.valid||k.push({instanceLocation:s,keyword:"dependencies",keywordLocation:E,error:`Instance has "${P}" but does not match dependant schema.`},...j.errors)}}}let z=Object.create(null),B=!1;if(qt!==void 0){let E=`${c}/properties`;for(let P in qt){if(!(P in e))continue;let H=`${s}/${at(P)}`,j=fe(e[P],qt[P],r,n,a,i,H,`${E}/${at(P)}`);if(j.valid)d[P]=z[P]=!0;else if(B=a,k.push({instanceLocation:s,keyword:"properties",keywordLocation:E,error:`Property "${P}" does not match schema.`},...j.errors),B)break}}if(!B&&Tr!==void 0){let E=`${c}/patternProperties`;for(let P in Tr){let H=new RegExp(P,"u"),j=Tr[P];for(let Ze in e){if(!H.test(Ze))continue;let $p=`${s}/${at(Ze)}`,zp=fe(e[Ze],j,r,n,a,i,$p,`${E}/${at(P)}`);zp.valid?d[Ze]=z[Ze]=!0:(B=a,k.push({instanceLocation:s,keyword:"patternProperties",keywordLocation:E,error:`Property "${Ze}" matches pattern "${P}" but does not match associated schema.`},...zp.errors))}}}if(!B&&oo!==void 0){let E=`${c}/additionalProperties`;for(let P in e){if(z[P])continue;let H=`${s}/${at(P)}`,j=fe(e[P],oo,r,n,a,i,H,E);j.valid?d[P]=!0:(B=a,k.push({instanceLocation:s,keyword:"additionalProperties",keywordLocation:E,error:`Property "${P}" does not match additional properties schema.`},...j.errors))}}else if(!B&&ao!==void 0){let E=`${c}/unevaluatedProperties`;for(let P in e)if(!d[P]){let H=`${s}/${at(P)}`,j=fe(e[P],ao,r,n,a,i,H,E);j.valid?d[P]=!0:k.push({instanceLocation:s,keyword:"unevaluatedProperties",keywordLocation:E,error:`Property "${P}" does not match unevaluated properties schema.`},...j.errors)}}}else if(l==="array"){Xs!==void 0&&e.length>Xs&&k.push({instanceLocation:s,keyword:"maxItems",keywordLocation:`${c}/maxItems`,error:`Array has too many items (${e.length} > ${Xs}).`}),Qs!==void 0&&e.length<Qs&&k.push({instanceLocation:s,keyword:"minItems",keywordLocation:`${c}/minItems`,error:`Array has too few items (${e.length} < ${Qs}).`});let D=e.length,z=0,B=!1;if(Ys!==void 0){let E=`${c}/prefixItems`,P=Math.min(Ys.length,D);for(;z<P;z++){let H=fe(e[z],Ys[z],r,n,a,i,`${s}/${z}`,`${E}/${z}`);if(d[z]=!0,!H.valid&&(B=a,k.push({instanceLocation:s,keyword:"prefixItems",keywordLocation:E,error:"Items did not match schema."},...H.errors),B))break}}if(so!==void 0){let E=`${c}/items`;if(Array.isArray(so)){let P=Math.min(so.length,D);for(;z<P;z++){let H=fe(e[z],so[z],r,n,a,i,`${s}/${z}`,`${E}/${z}`);if(d[z]=!0,!H.valid&&(B=a,k.push({instanceLocation:s,keyword:"items",keywordLocation:E,error:"Items did not match schema."},...H.errors),B))break}}else for(;z<D;z++){let P=fe(e[z],so,r,n,a,i,`${s}/${z}`,E);if(d[z]=!0,!P.valid&&(B=a,k.push({instanceLocation:s,keyword:"items",keywordLocation:E,error:"Items did not match schema."},...P.errors),B))break}if(!B&&Tp!==void 0){let P=`${c}/additionalItems`;for(;z<D;z++){let H=fe(e[z],Tp,r,n,a,i,`${s}/${z}`,P);d[z]=!0,H.valid||(B=a,k.push({instanceLocation:s,keyword:"additionalItems",keywordLocation:P,error:"Items did not match additional items schema."},...H.errors))}}}if(Up!==void 0)if(D===0&&Nt===void 0)k.push({instanceLocation:s,keyword:"contains",keywordLocation:`${c}/contains`,error:"Array is empty. It must contain at least one item matching the schema."});else if(Nt!==void 0&&D<Nt)k.push({instanceLocation:s,keyword:"minContains",keywordLocation:`${c}/minContains`,error:`Array has less items (${D}) than minContains (${Nt}).`});else{let E=`${c}/contains`,P=k.length,H=0;for(let j=0;j<D;j++){let Ze=fe(e[j],Up,r,n,a,i,`${s}/${j}`,E);Ze.valid?(d[j]=!0,H++):k.push(...Ze.errors)}H>=(Nt||0)&&(k.length=P),Nt===void 0&&Ua===void 0&&H===0?k.splice(P,0,{instanceLocation:s,keyword:"contains",keywordLocation:E,error:"Array does not contain item matching schema."}):Nt!==void 0&&H<Nt?k.push({instanceLocation:s,keyword:"minContains",keywordLocation:`${c}/minContains`,error:`Array must contain at least ${Nt} items matching schema. Only ${H} items were found.`}):Ua!==void 0&&H>Ua&&k.push({instanceLocation:s,keyword:"maxContains",keywordLocation:`${c}/maxContains`,error:`Array may contain at most ${Ua} items matching schema. ${H} items were found.`})}if(!B&&Ep!==void 0){let E=`${c}/unevaluatedItems`;for(z;z<D;z++){if(d[z])continue;let P=fe(e[z],Ep,r,n,a,i,`${s}/${z}`,E);d[z]=!0,P.valid||k.push({instanceLocation:s,keyword:"unevaluatedItems",keywordLocation:E,error:"Items did not match unevaluated items schema."},...P.errors)}}if(Sv)for(let E=0;E<D;E++){let P=e[E],H=typeof P=="object"&&P!==null;for(let j=0;j<D;j++){if(E===j)continue;let Ze=e[j];(P===Ze||H&&(typeof Ze=="object"&&Ze!==null)&&zn(P,Ze))&&(k.push({instanceLocation:s,keyword:"uniqueItems",keywordLocation:`${c}/uniqueItems`,error:`Duplicate items at indexes ${E} and ${j}.`}),E=Number.MAX_SAFE_INTEGER,j=Number.MAX_SAFE_INTEGER)}}}else if(l==="number"){if(r==="4"?(Er!==void 0&&(co===!0&&e<=Er||e<Er)&&k.push({instanceLocation:s,keyword:"minimum",keywordLocation:`${c}/minimum`,error:`${e} is less than ${co?"or equal to ":""} ${Er}.`}),Ur!==void 0&&(uo===!0&&e>=Ur||e>Ur)&&k.push({instanceLocation:s,keyword:"maximum",keywordLocation:`${c}/maximum`,error:`${e} is greater than ${uo?"or equal to ":""} ${Ur}.`})):(Er!==void 0&&e<Er&&k.push({instanceLocation:s,keyword:"minimum",keywordLocation:`${c}/minimum`,error:`${e} is less than ${Er}.`}),Ur!==void 0&&e>Ur&&k.push({instanceLocation:s,keyword:"maximum",keywordLocation:`${c}/maximum`,error:`${e} is greater than ${Ur}.`}),co!==void 0&&e<=co&&k.push({instanceLocation:s,keyword:"exclusiveMinimum",keywordLocation:`${c}/exclusiveMinimum`,error:`${e} is less than ${co}.`}),uo!==void 0&&e>=uo&&k.push({instanceLocation:s,keyword:"exclusiveMaximum",keywordLocation:`${c}/exclusiveMaximum`,error:`${e} is greater than or equal to ${uo}.`})),Oa!==void 0){let D=e%Oa;Math.abs(0-D)>=11920929e-14&&Math.abs(Oa-D)>=11920929e-14&&k.push({instanceLocation:s,keyword:"multipleOf",keywordLocation:`${c}/multipleOf`,error:`${e} is not a multiple of ${Oa}.`})}}else if(l==="string"){let D=$a===void 0&&za===void 0?0:tg(e);$a!==void 0&&D<$a&&k.push({instanceLocation:s,keyword:"minLength",keywordLocation:`${c}/minLength`,error:`String is too short (${D} < ${$a}).`}),za!==void 0&&D>za&&k.push({instanceLocation:s,keyword:"maxLength",keywordLocation:`${c}/maxLength`,error:`String is too long (${D} > ${za}).`}),Op!==void 0&&!new RegExp(Op,"u").test(e)&&k.push({instanceLocation:s,keyword:"pattern",keywordLocation:`${c}/pattern`,error:"String does not match pattern."}),ar!==void 0&&Td[ar]&&!Td[ar](e)&&k.push({instanceLocation:s,keyword:"format",keywordLocation:`${c}/format`,error:`String does not match format "${ar}".`})}return{valid:k.length===0,errors:k}}o(fe,"validate");var ji=class{static{o(this,"Validator")}schema;draft;shortCircuit;lookup;constructor(t,r="2019-09",n=!0){this.schema=t,this.draft=r,this.shortCircuit=n,this.lookup=Kt(t)}validate(t){return fe(t,this.schema,this.draft,this.lookup,this.shortCircuit)}addSchema(t,r){r&&(t={...t,$id:r}),Kt(t,this.lookup)}};var Mn=class{static{o(this,"CfWorkerJsonSchemaValidator")}constructor(t){this.shortcircuit=t?.shortcircuit??!0,this.draft=t?.draft??"2020-12"}getValidator(t){let r=new ji(t,this.draft,this.shortcircuit);return n=>{let a=r.validate(n);return a.valid?{valid:!0,data:n,errorMessage:void 0}:{valid:!1,data:void 0,errorMessage:a.errors.map(i=>`${i.instanceLocation}: ${i.error}`).join("; ")}}}};function Ed(e){return e.length>512?`${e.slice(0,512)}\u2026`:e}o(Ed,"truncate");function rg(e){return"cause"in e?e.cause:void 0}o(rg,"readCause");function Oe(e,t,r){if(!(r instanceof Error)){r!=null&&(e[`${t}Message`]=Ed(String(r)));return}e[`${t}Name`]=r.name,e[`${t}Message`]=Ed(r.message);let n=rg(r);for(let a=1;a<=4&&n instanceof Error;a+=1){let i=a===1?"cause":`cause${a}`;e[`${i}Name`]=n.name,e[`${i}Message`]=Ed(n.message),n=rg(n)}}o(Oe,"addErrorLogFields");function mt(e){if(e!==void 0)try{return typeof e=="string"?new URL(e).host:e.host}catch{return}}o(mt,"safeHost");function ng(e,t){let r=Object.entries(t).filter(n=>n[1]!==void 0);r.length!==0&&e.log.setLogProperties?.(Object.fromEntries(r))}o(ng,"setLogProperties");function Ud(e,t){ng(e,{subjectId:t.subjectId})}o(Ud,"applyGatewayPrincipalLogProperties");function og(e,t){ng(e,{upstreamServerId:t.upstreamServerId,virtualServerId:t.virtualServerId})}o(og,"applyGatewayRouteLogProperties");var qn={runtime:{invalid_request:{code:"invalid_request",seam:"runtime",status:400,title:"Bad Request",publicDetail:"The request did not match the route contract.",oauthError:"invalid_request"},forbidden:{code:"forbidden",seam:"runtime",status:403,title:"Forbidden",publicDetail:"The request is not allowed.",oauthError:"invalid_request"},not_found:{code:"not_found",seam:"runtime",status:404,title:"Not Found",publicDetail:"The requested resource was not found.",oauthError:"invalid_request"},internal_server_error:{code:"internal_server_error",seam:"runtime",status:500,title:"Internal Server Error",publicDetail:"The gateway failed to process the request.",oauthError:"server_error"}},config:{virtual_server_not_enabled:{code:"virtual_server_not_enabled",seam:"config",status:404,title:"Not Found",publicDetail:"The requested virtual server is not enabled."},unknown_upstream_server:{code:"unknown_upstream_server",seam:"config",status:400,title:"Bad Request",publicDetail:"The requested upstream server is not configured.",oauthError:"invalid_request"},unknown_virtual_server:{code:"unknown_virtual_server",seam:"config",status:400,title:"Bad Request",publicDetail:"The requested virtual server is not configured.",oauthError:"invalid_target"},unknown_auth_profile:{code:"unknown_auth_profile",seam:"config",status:400,title:"Bad Request",publicDetail:"The requested upstream auth profile is not configured.",oauthError:"invalid_request"},virtual_server_upstream_mismatch:{code:"virtual_server_upstream_mismatch",seam:"config",status:400,title:"Bad Request",publicDetail:"The requested virtual server does not belong to the selected upstream server.",oauthError:"invalid_request"}},downstream_auth:{authentication_required:{code:"authentication_required",seam:"downstream_auth",status:401,title:"Unauthorized",publicDetail:"Authentication is required to access this route.",oauthError:"invalid_client"},identity_context_missing:{code:"identity_context_missing",seam:"downstream_auth",status:403,title:"Forbidden",publicDetail:"Authenticated requests must include a gateway principal subject.",oauthError:"invalid_request"}},downstream_oauth:{browser_login_verification_failed:{code:"browser_login_verification_failed",seam:"downstream_oauth",status:400,title:"Connection failed",publicDetail:"The gateway could not verify the browser login response. Retry the login flow.",callbackFailure:!0,oauthError:"invalid_request"}},upstream_auth:{provider_access_denied:{code:"provider_access_denied",seam:"upstream_auth",status:400,title:"Connection failed",publicDetail:"The upstream authorization request was denied. Start the connection flow again.",callbackFailure:!0,oauthError:"invalid_request"},oauth_state_invalid:{code:"oauth_state_invalid",seam:"upstream_auth",status:400,title:"Connection failed",publicDetail:"The upstream connection request could not be verified. Start the connection flow again.",callbackFailure:!0,oauthError:"invalid_request"},oauth_state_expired:{code:"oauth_state_expired",seam:"upstream_auth",status:400,title:"Connection failed",publicDetail:"The upstream connection request expired. Start the connection flow again.",callbackFailure:!0,oauthError:"invalid_request"},oauth_state_reused:{code:"oauth_state_reused",seam:"upstream_auth",status:400,title:"Connection failed",publicDetail:"This upstream connection request was already used. Start the connection flow again.",callbackFailure:!0,oauthError:"invalid_request"},oauth_callback_mismatch:{code:"oauth_callback_mismatch",seam:"upstream_auth",status:400,title:"Connection failed",publicDetail:"The upstream callback did not match the initiating connection request.",callbackFailure:!0,oauthError:"invalid_request"},upstream_token_exchange_failed:{code:"upstream_token_exchange_failed",seam:"upstream_auth",status:400,title:"Connection failed",publicDetail:"The gateway could not complete the upstream token exchange. Retry the connection flow.",callbackFailure:!0,oauthError:"invalid_request"},upstream_client_registration_required:{code:"upstream_client_registration_required",seam:"upstream_auth",status:400,title:"Upstream OAuth client registration required",publicDetail:"The upstream authorization server supports neither gateway-hosted Client ID Metadata Documents nor Dynamic Client Registration. Register an upstream OAuth client manually before retrying.",oauthError:"invalid_request"},upstream_token_response_invalid:{code:"upstream_token_response_invalid",seam:"upstream_auth",status:400,title:"Connection failed",publicDetail:"The upstream token response was invalid. Retry the connection flow.",callbackFailure:!0,oauthError:"invalid_request"}},upstream_mcp:{upstream_capability_invocation_failed:{code:"upstream_capability_invocation_failed",seam:"upstream_mcp",status:502,title:"Bad Gateway",publicDetail:"The upstream capability invocation failed. Retry later or reconnect the upstream if the issue persists."},upstream_import_failed:{code:"upstream_import_failed",seam:"upstream_mcp",status:502,title:"Bad Gateway",publicDetail:"The upstream capability import failed. Retry later or reconnect the upstream if the issue persists."}}},ag={...qn.runtime,...qn.config,...qn.downstream_auth,...qn.downstream_oauth,...qn.upstream_auth,...qn.upstream_mcp};function Xo(e){return typeof e=="string"&&Object.hasOwn(ag,e)}o(Xo,"isGatewayProblemCode");function Hi(e){return Xo(e)&&Qe(e).callbackFailure===!0}o(Hi,"isGatewayCallbackFailureCode");function Qe(e){return ag[e]}o(Qe,"readGatewayProblemDefinition");function Od(e){switch(e){case 400:return"invalid_request";case 401:return"authentication_required";case 403:return"forbidden";case 404:return"not_found";default:return"internal_server_error"}}o(Od,"readDefaultGatewayProblemCodeForStatus");var ig="gatewayCode";function sg(e){let t=Qe(e);return{title:t.title,body:t.publicDetail}}o(sg,"readGatewayCallbackFailureContent");function he(e){if(!(e instanceof ln))return;let t=e.extensionMembers?.[ig];return Xo(t)?t:void 0}o(he,"readGatewayProblemCode");function g(e,t,r){let n=typeof e=="string"?{code:e,...t===void 0?{}:{publicDetail:t,privateDetail:t},...r===void 0?{}:{cause:r}}:e,a=Qe(n.code),i=n.privateDetail??(Li(n.code)?n.publicDetail??a.publicDetail:a.publicDetail),s=dk(n);return new ln({message:i,extensionMembers:{[ig]:n.code}},s===void 0?void 0:{cause:s})}o(g,"createGatewayRuntimeError");async function ft(e,t,r){let n=Qe(r.code),a=lk(r.code,r.detail),i=Li(r.code)?r.title??n.title:n.title,c={problem:{...po.getProblemFromStatus(n.status,{detail:a,instance:r.instance,type:r.type}),...r.extensions??{},status:n.status,title:i,detail:a,code:r.code}};return r.headers!==void 0&&(c.additionalHeaders=r.headers),po.format(c,e,t)}o(ft,"gatewayProblemResponse");function Li(e){return Qe(e).status<500}o(Li,"canExposeGatewayProblemDetail");function dk(e){return!e.privateDetail||Li(e.code)?e.cause:e.cause===void 0?new Error(e.privateDetail):new Error(e.privateDetail,{cause:e.cause})}o(dk,"readRuntimeErrorCause");function lk(e,t){let r=Qe(e);return Li(e)&&t||r.publicDetail}o(lk,"readSafeGatewayProblemDetail");ue();var pk=["shared-oauth","user_oauth","static_secret","user-secret","shared-secret"],mk=["none","client_secret_basic","client_secret_post"],Xe=u.string().min(1).brand(),Pe=u.string().min(1).brand(),et=u.string().min(1).brand(),Ot=u.string().min(1).brand(),Bi=u.enum(pk),$d=u.enum(mk),Gi=u.string().trim().min(1).regex(/^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/,"must be a valid HTTP header name"),zd=u.object({name:Gi,value:u.string().min(1).optional(),required:u.boolean().default(!0)}).strict();var Md=new Map;function Vi(e){Md.set(e.policyType,e)}o(Vi,"registerMcpAuthorizationPolicy");function qd(e){if(e!==void 0)return Md.get(e)}o(qd,"getMcpAuthorizationPolicy");function Fi(e){return qd(e)!==void 0}o(Fi,"isRegisteredMcpAuthorizationPolicyType");function Nd(){return[...Md.keys()]}o(Nd,"listMcpAuthorizationPolicyTypes");ue();var dg=Xe,fk=u.object({mode:u.literal("auto")}).strict(),hk=u.object({mode:u.literal("manual"),clientId:u.string().trim().min(1),clientSecret:u.string().min(1).optional(),tokenEndpointAuthMethod:$d.default("client_secret_basic")}).strict().superRefine((e,t)=>{e.tokenEndpointAuthMethod!=="none"&&!e.clientSecret&&t.addIssue({code:u.ZodIssueCode.custom,message:`${e.tokenEndpointAuthMethod} requires clientSecret`,path:["clientSecret"]})}),lg=u.discriminatedUnion("mode",[fk,hk]),gk=lg.default({mode:"auto"}),Dd=u.object({scopes:u.array(u.string().min(1)).default([]),scopeDelimiter:u.string().min(1).default(" "),clientRegistration:gk}).strict(),cg=Dd.extend({redirectPath:u.string().startsWith("/auth/connections/")}).strict(),pg=new Set(["connection","content-length","cookie","host","proxy-authenticate","proxy-authorization","sec-websocket-key","set-cookie","te","trailer","transfer-encoding","upgrade"]),yk=new Set([...pg,"accept","authorization","content-type","mcp-protocol-version","mcp-session-id","proxy-connection"]),Sk=u.object({kind:u.literal("bearer_token"),token:u.string().min(1)}).strict(),_k=u.object({kind:u.literal("headers"),headers:u.array(u.object({name:Gi,value:u.string().min(1)}).strict()).min(1)}).strict().superRefine((e,t)=>{let r=new Set;for(let[n,a]of e.headers.entries()){let i=a.name.toLowerCase();pg.has(i)&&t.addIssue({code:u.ZodIssueCode.custom,message:`Header ${a.name} is not allowed for static secret injection`,path:["headers",n,"name"]}),r.has(i)&&t.addIssue({code:u.ZodIssueCode.custom,message:`Duplicate static secret header ${a.name}`,path:["headers",n,"name"]}),r.add(i)}}),jd=u.discriminatedUnion("kind",[Sk,_k]),wk=u.object({kind:u.literal("basic_auth_app_password"),usernameLabel:u.string().min(1).default("Username"),passwordLabel:u.string().min(1).default("App password")}).strict(),vk=u.object({kind:u.literal("bearer_token"),label:u.string().min(1).default("API key"),capture:u.enum(["browser_login"]).optional()}).strict(),Hd=u.discriminatedUnion("kind",[wk,vk]),Ld=u.object({kind:u.literal("bearer_token"),label:u.string().min(1).default("API key")}).strict(),bk=u.discriminatedUnion("mode",[u.object({mode:u.literal("shared-oauth"),oauth:cg}).strict(),u.object({mode:u.literal("user_oauth"),oauth:cg}).strict(),u.object({mode:u.literal("static_secret"),secret:jd}).strict(),u.object({mode:u.literal("user-secret"),secret:Hd}).strict(),u.object({mode:u.literal("shared-secret"),secret:Ld}).strict()]),Rk=u.object({baseUrl:u.url(),resourceMetadataUrl:u.url(),requestHeaders:u.array(zd).default([])}).strict().superRefine((e,t)=>{let r=new Set;for(let[n,a]of e.requestHeaders.entries()){let i=a.name.toLowerCase();yk.has(i)&&t.addIssue({code:u.ZodIssueCode.custom,message:`Header ${a.name} is not allowed for native MCP transport request headers`,path:["requestHeaders",n,"name"]}),r.has(i)&&t.addIssue({code:u.ZodIssueCode.custom,message:`Duplicate native MCP transport request header ${a.name}`,path:["requestHeaders",n,"name"]}),r.add(i)}}),VG=u.object({displayName:u.string().min(1),description:u.string().min(1).optional(),serverInfo:hn.optional(),authProfiles:u.record(et,bk),transport:Rk}).strict().superRefine((e,t)=>{Object.keys(e.authProfiles).length===0&&t.addIssue({code:u.ZodIssueCode.custom,message:"authProfiles must contain at least one profile",path:["authProfiles"]})}),Ck=u.object({"shared-oauth":Dd.optional(),user_oauth:Dd.optional(),static_secret:u.object({secret:jd}).strict().optional(),"user-secret":u.object({secret:Hd}).strict().optional(),"shared-secret":u.object({secret:Ld}).strict().optional()}).strict().superRefine((e,t)=>{Object.values(e).every(r=>r===void 0)&&t.addIssue({code:u.ZodIssueCode.custom,message:"authProfiles must contain at least one upstream auth profile"})}),ug=u.object({id:dg,displayName:u.string().min(1),description:u.string().min(1).optional(),serverInfo:hn.optional(),mcpUrl:u.url(),protectedResourceMetadataUrl:u.url(),requestHeaders:u.array(zd).default([]),authProfiles:Ck}).strict(),Ik=u.object({name:Gi,value:u.string().min(1).optional(),required:u.boolean().default(!0)}).strict(),Zi={id:dg.optional(),displayName:u.string().min(1),summary:u.string().min(1).optional(),serverInfo:hn.optional(),mcpUrl:u.url(),protectedResourceMetadataUrl:u.url().optional(),requestHeaders:u.array(Ik).default([])},Pk=u.discriminatedUnion("authMode",[u.object({...Zi,authMode:u.enum(["shared-oauth","user_oauth"]),scopes:u.array(u.string().min(1)).default([]),scopeDelimiter:u.string().min(1).default(" "),clientRegistration:lg.optional(),clientId:u.string().trim().min(1).optional(),clientSecret:u.string().min(1).optional(),tokenEndpointAuthMethod:$d.optional()}).strict(),u.object({...Zi,authMode:u.literal("static_secret"),secret:jd}).strict(),u.object({...Zi,authMode:u.literal("user-secret"),secret:Hd}).strict(),u.object({...Zi,authMode:u.literal("shared-secret"),secret:Ld}).strict()]);function mg(e){throw g("internal_server_error",e)}o(mg,"throwGatewayConfigError");function xk(e){let t="mcp-upstream-";return e.startsWith(t)||mg(`Upstream policy ${e} must use the ${t}{upstream-id} naming convention when id is omitted.`),Xe.parse(e.slice(t.length))}o(xk,"inferUpstreamConnectionIdFromPolicyName");function Ak(e){let t=new URL(e),r=t.pathname==="/"?"":t.pathname;return`${t.origin}/.well-known/oauth-protected-resource${r}`}o(Ak,"buildDefaultProtectedResourceMetadataUrl");function Nn(e,t){return et.parse(`${e}:${t}`)}o(Nn,"buildUpstreamAuthProfileId");function Ki(e,t){let r=ug.safeParse(e);if(r.success)return r.data;let n=Pk.parse(e),a=n.id??(t===void 0?void 0:xk(t));a===void 0&&mg("Upstream policy options must include id when policy name is unavailable.");let i=n.requestHeaders.map(c=>({name:c.name,value:c.value,required:c.required})),s=(()=>{switch(n.authMode){case"shared-oauth":case"user_oauth":{let c=n.clientRegistration??(n.clientId===void 0?{mode:"auto"}:{mode:"manual",clientId:n.clientId,...n.clientSecret===void 0?{}:{clientSecret:n.clientSecret},...n.tokenEndpointAuthMethod===void 0?{}:{tokenEndpointAuthMethod:n.tokenEndpointAuthMethod}});return{[n.authMode]:{scopes:n.scopes,scopeDelimiter:n.scopeDelimiter,clientRegistration:c}}}case"static_secret":case"user-secret":case"shared-secret":return{[n.authMode]:{secret:n.secret}}}})();return ug.parse({id:a,displayName:n.displayName,...n.summary===void 0?{}:{description:n.summary},...n.serverInfo===void 0?{}:{serverInfo:n.serverInfo},mcpUrl:n.mcpUrl,protectedResourceMetadataUrl:n.protectedResourceMetadataUrl??Ak(n.mcpUrl),requestHeaders:i,authProfiles:s})}o(Ki,"parseUpstreamConnectionPolicyOptions");function fg(e){return e.mode==="shared-oauth"||e.mode==="user_oauth"}o(fg,"isUpstreamOAuthAuthConfig");ue();var kk=u.looseObject({name:u.string().min(1),version:u.string().min(1).optional()}),Tk=u.looseObject({}),Ek=u.looseObject({name:Ot,namespace:Ot.optional(),upstreamPolicy:u.string().min(1).optional(),enabled:u.boolean().optional(),inputSchema:Tk}),Uk=u.looseObject({name:Ot,namespace:Ot.optional(),upstreamPolicy:u.string().min(1).optional(),enabled:u.boolean().optional()}),Ok=u.looseObject({name:Ot,uri:u.string().min(1),upstreamPolicy:u.string().min(1).optional(),upstreamUri:u.string().min(1).optional(),enabled:u.boolean().optional()}),$k=u.enum(["openapi","upstream_mcp"]),zk=u.object({catalogSource:$k.default("openapi"),serverInfo:kk.optional(),tools:u.array(Ek).default([]),prompts:u.array(Uk).default([]),resources:u.array(Ok).default([])}).strict();function hg(e){return zk.parse(e??{})}o(hg,"parseVirtualServerRouteOptions");function Wi(e){let{enabled:t,upstreamName:r,upstreamPolicyName:n,...a}=e;return a}o(Wi,"toMcpTool");function Ji(e){let{enabled:t,upstreamName:r,upstreamPolicyName:n,...a}=e;return a}o(Ji,"toMcpPrompt");function Yi(e){let{enabled:t,upstreamPolicyName:r,upstreamUri:n,...a}=e;return a}o(Yi,"toMcpResource");var Mk="mcp-upstream-connection-inbound",gg="/mcp/";function He(e){throw new Or(e)}o(He,"throwRegistryError");function yg(e){return e.policyType===Mk}o(yg,"isUpstreamConnectionPolicy");function qk(e){return Fi(e.policyType)}o(qk,"isMcpOAuthInboundPolicy");function Nk(e){e.startsWith(gg)||He(`MCP virtual server route ${e} must use a /mcp/{virtualServerId} path.`);let t=e.slice(gg.length);return(!t||t.includes("/"))&&He(`MCP virtual server route ${e} must use exactly one /mcp/{virtualServerId} path segment.`),Pe.parse(t)}o(Nk,"readVirtualServerIdFromPath");function Dk(e){let t=Object.keys(e.connection.authProfiles);t.length!==1&&He(`Upstream policy ${e.policyName} must declare exactly one auth mode; found ${t.length}.`);let r=t[0];return r===void 0&&He(`Upstream policy ${e.policyName} does not declare an auth mode.`),Bi.parse(r)}o(Dk,"readSingleAuthMode");function jk(e){let t=e.connection.authProfiles[e.authMode];t||He(`Upstream connection ${e.connection.id} does not declare auth mode ${e.authMode}.`);let r=`/auth/connections/${encodeURIComponent(e.connection.id)}/callback`;switch(e.authMode){case"shared-oauth":case"user_oauth":{let n=t;return{mode:e.authMode,oauth:{scopes:n.scopes,scopeDelimiter:n.scopeDelimiter,redirectPath:r,clientRegistration:n.clientRegistration}}}case"static_secret":return{mode:"static_secret",secret:t.secret};case"user-secret":return{mode:"user-secret",secret:t.secret};case"shared-secret":return{mode:"shared-secret",secret:t.secret}}}o(jk,"buildResolvedAuthConfig");function Hk(e){let t=Dk({policyName:e.policyName,connection:e.connection}),r=Nn(e.connection.id,t),n=jk({connection:e.connection,authMode:t,authProfileId:r}),a={displayName:e.connection.displayName,...e.connection.description===void 0?{}:{description:e.connection.description},...e.connection.serverInfo===void 0?{}:{serverInfo:e.connection.serverInfo},authProfiles:{[r]:n},transport:{baseUrl:e.connection.mcpUrl,resourceMetadataUrl:e.connection.protectedResourceMetadataUrl,requestHeaders:e.connection.requestHeaders}};return{policyName:e.policyName,upstreamServerId:e.connection.id,config:a,authMode:t,authProfileId:r,authConfig:n}}o(Hk,"buildRegisteredConnection");function Lk(e){let t=new Map;for(let r of e)t.has(r.name)&&He(`Duplicate policy name ${r.name} in policies.json.`),t.set(r.name,{name:r.name,policyType:r.policyType,handler:{options:r.handler.options}});return t}o(Lk,"buildPolicyMap");function Bk(e){let t=new Map,r=new Set;for(let n of e.values()){if(!yg(n))continue;let a=Ki(n.handler.options,n.name);r.has(a.id)&&He(`Duplicate upstream MCP connection id ${a.id} in policies.json.`),r.add(a.id);let i=Hk({policyName:n.name,connection:a});t.set(n.name,i)}return t}o(Bk,"buildConnectionsByPolicyName");function Gk(e){if(typeof e.raw!="function")return;let t=e.raw();if(!(!t||typeof t.operationId!="string"||t.operationId===""))return t.operationId}o(Gk,"readOperationId");function Sg(e){let t=e.namespace===void 0?e.name:`${e.namespace}.${e.name}`;try{return Ot.parse(t)}catch{He(`MCP virtual server route ${e.routePath} declares invalid published capability name ${t}.`)}}o(Sg,"buildPublishedCapabilityName");function Gd(e){if(e.authoredPolicyName!==void 0)return e.connections.find(r=>r.policyName===e.authoredPolicyName)||He(`MCP virtual server route ${e.routePath} declares capability ${e.capabilityName} for upstream policy ${e.authoredPolicyName}, but that policy is not bound to the route.`),e.authoredPolicyName;if(e.connections.length===1)return e.connections[0]?.policyName;He(`MCP virtual server route ${e.routePath} declares aggregate capability ${e.capabilityName} without upstreamPolicy.`)}o(Gd,"readCapabilityUpstreamPolicy");function Bd(e){e.seen.has(e.key)&&He(`MCP virtual server route ${e.routePath} declares duplicate ${e.kind} ${e.key}.`),e.seen.add(e.key)}o(Bd,"assertUniqueCatalogKey");function Vk(e){let{namespace:t,upstreamPolicy:r,...n}=e.tool,a=Sg({name:e.tool.name,namespace:e.tool.namespace,routePath:e.routePath});return{...n,name:a,upstreamName:e.tool.name,upstreamPolicyName:Gd({authoredPolicyName:r,capabilityName:a,connections:e.connections,routePath:e.routePath})}}o(Vk,"normalizeCatalogTool");function Fk(e){let{namespace:t,upstreamPolicy:r,...n}=e.prompt,a=Sg({name:e.prompt.name,namespace:e.prompt.namespace,routePath:e.routePath});return{...n,name:a,upstreamName:e.prompt.name,upstreamPolicyName:Gd({authoredPolicyName:r,capabilityName:a,connections:e.connections,routePath:e.routePath})}}o(Fk,"normalizeCatalogPrompt");function Zk(e){let{upstreamPolicy:t,...r}=e.resource;return{...r,upstreamUri:e.resource.upstreamUri??e.resource.uri,upstreamPolicyName:Gd({authoredPolicyName:t,capabilityName:e.resource.uri,connections:e.connections,routePath:e.routePath})}}o(Zk,"normalizeCatalogResource");function Kk(e){let t=e.catalog.catalogSource,r=e.catalog.tools.map(d=>Vk({tool:d,connections:e.connections,routePath:e.routePath})),n=e.catalog.prompts.map(d=>Fk({prompt:d,connections:e.connections,routePath:e.routePath})),a=e.catalog.resources.map(d=>Zk({resource:d,connections:e.connections,routePath:e.routePath})),i=new Set;for(let d of r)Bd({kind:"tool",key:d.name,routePath:e.routePath,seen:i});let s=new Set;for(let d of n)Bd({kind:"prompt",key:d.name,routePath:e.routePath,seen:s});let c=new Set;for(let d of a)Bd({kind:"resource",key:String(d.uri),routePath:e.routePath,seen:c});return{catalogSource:t,...e.catalog.serverInfo===void 0?{}:{serverInfo:e.catalog.serverInfo},tools:r,prompts:n,resources:a}}o(Kk,"normalizeVirtualServerCatalog");function Wk(e){let t=new Map,r=new Set;for(let n of e.routes){let a=n.policies?.inbound??[];if(a.length===0)continue;let i=a[0],s=i===void 0?void 0:e.policyByName.get(i);if(!s||!qk(s))continue;let c=Gk(n);c||He(`MCP virtual server route ${n.path} must declare an operationId in routes.oas.json.`),r.has(c)&&He(`Duplicate MCP virtual server operationId ${c} across routes.`),r.add(c);let d=Nk(n.path);t.has(d)&&He(`Duplicate MCP virtual server id ${d} across routes.`);let p=[];for(let h of a.slice(1)){let y=e.policyByName.get(h);if(!y||!yg(y))continue;let _=e.connectionsByPolicyName.get(h);_||He(`Upstream connection policy ${h} referenced by route ${n.path} could not be resolved.`),p.push(_)}let l=hg(n.handler.options),m=Kk({catalog:l,connections:p,routePath:n.path});m.catalogSource==="upstream_mcp"&&p.length!==1&&He(`MCP virtual server route ${n.path} uses upstream MCP catalog mode but declares ${p.length} upstream bindings; upstream MCP catalog mode requires exactly one upstream binding.`),t.set(d,{virtualServerId:d,operationId:c,routePath:n.path,handlerExport:n.handler.export,serverInfo:m.serverInfo,catalog:m,connections:p})}return t}o(Wk,"buildVirtualServers");function _g(e){let t=Lk(e.policies),r=Bk(t),n=Wk({routes:e.routes,policyByName:t,connectionsByPolicyName:r}),a=new Map;for(let i of r.values())a.set(i.upstreamServerId,i);return{byVirtualServerId:n,connectionsById:a}}o(_g,"buildGatewayConnectionRegistry");var Qi;function wg(e){Qi=e}o(wg,"setGatewayConnectionRegistry");function ht(){if(!Qi)throw g("internal_server_error","MCP gateway connection registry has not been initialized. Ensure routes.oas.json declares at least one MCP virtual server route and policies.json registers an `mcp-oauth-inbound` (or wrapper) policy.");return Qi}o(ht,"getGatewayConnectionRegistry");function vg(e){let t=ht().byVirtualServerId.get(e);if(!t)throw g("unknown_virtual_server",`Unknown MCP virtual server: ${e}`);return t}o(vg,"getRegisteredVirtualServer");function ea(e){let t=ht().byVirtualServerId.get(e);if(!t)throw g("unknown_virtual_server",`Unknown virtual server: ${e}`);return t}o(ea,"requireRegisteredVirtualServer");function bg(){return Qi}o(bg,"tryGetGatewayConnectionRegistry");var Rg=new Dt("gateway-route");function Cg(e,t){Rg.set(e,t)}o(Cg,"setGatewayRouteContext");function ta(e){return Rg.get(e)}o(ta,"readGatewayRouteContext");function Dn(e){let t=ta(e);if(!t)throw g("internal_server_error","Gateway route context has not been set");return t}o(Dn,"requireGatewayRouteContext");var Fr="2025-06-18";var Jk=new Set(["localhost","::1"]);function gt(e){return e.replace(/^\[(.*)\]$/,"$1").replace(/\.+$/,"").toLowerCase()}o(gt,"normalizeHostname");function Le(e){let t=gt(e.hostname);return e.protocol==="http:"&&(Jk.has(t)||/^127(?:\.\d{1,3}){3}$/.test(t))}o(Le,"isLoopbackHttpUrl");function se(e){return new URL(e).origin}o(se,"readGatewayRequestOrigin");import{metrics as Yk,context as Xi,propagation as Pg,SpanKind as xg,SpanStatusCode as Vd,trace as ra}from"@opentelemetry/api";var Qk="mcp-gateway",Xk="mcp-gateway",eT=Fr,tT="2.0",Ag=ra.getTracer(Qk),Fd=Yk.getMeter(Xk),rT=Fd.createHistogram("mcp.client.operation.duration",{description:"The duration of the MCP request or notification as observed on the sender.",unit:"s"}),nT=Fd.createHistogram("mcp.server.operation.duration",{description:"MCP request or notification duration as observed on the receiver.",unit:"s"}),oT=Fd.createHistogram("mcp.client.session.duration",{description:"The duration of the MCP session as observed on the MCP client.",unit:"s"}),aT=["traceparent","tracestate","baggage"];function Zd(){return performance.now()/1e3}o(Zd,"nowSeconds");function kg(e,t){t(Math.max(Zd()-e,0))}o(kg,"recordDurationSeconds");function Ig(e){return e===void 0?void 0:String(e)}o(Ig,"stringifyAttribute");function $e(e,t,r){r!==void 0&&(e[t]=r)}o($e,"assignAttribute");function iT(e){if(e.capabilityType==="tool"||e.capabilityType==="prompt")return e.capabilityName}o(iT,"readTargetName");function Tg(e){let t=iT({kind:"client",...e});return t?`${e.methodName} ${t}`:e.methodName}o(Tg,"buildMcpOperationSpanName");function Kd(e){let t={"mcp.method.name":e.methodName};return $e(t,"jsonrpc.protocol.version",e.jsonRpcProtocolVersion??tT),$e(t,"jsonrpc.request.id",Ig(e.jsonRpcRequestId)),$e(t,"mcp.protocol.version",e.mcpProtocolVersion??eT),$e(t,"mcp.session.id",e.mcpSessionId),$e(t,"mcp.resource.uri",e.resourceUri),$e(t,"rpc.response.status_code",Ig(e.rpcResponseStatusCode)),$e(t,"error.type",e.errorType),e.capabilityType==="tool"&&($e(t,"gen_ai.operation.name","execute_tool"),$e(t,"gen_ai.tool.name",e.capabilityName)),e.capabilityType==="prompt"&&$e(t,"gen_ai.prompt.name",e.capabilityName),$e(t,"network.protocol.name",e.networkProtocolName?.toLowerCase()),$e(t,"network.protocol.version",e.networkProtocolVersion),$e(t,"network.transport",e.networkTransport),$e(t,"server.address",e.serverAddress),$e(t,"server.port",e.serverPort),$e(t,"client.address",e.clientAddress),$e(t,"client.port",e.clientPort),t}o(Kd,"buildMcpOperationAttributes");function sT(e){let t=Kd({methodName:"initialize",...e});return delete t["mcp.method.name"],t}o(sT,"buildMcpSessionAttributes");function Eg(e,t,r){e.setAttribute("error.type",r),e.setStatus({code:Vd.ERROR}),t instanceof Error&&e.recordException(t)}o(Eg,"setSpanError");function Ug(e){let t=e?.code;return typeof t=="string"||typeof t=="number"?String(t):e instanceof Error?e.name:"_OTHER"}o(Ug,"readErrorType");function cT(e){let t=e&&typeof e=="object"?e._meta:void 0;return!t||typeof t!="object"?Xi.active():Pg.extract(Xi.active(),t,{get(r,n){let a=r[n];return typeof a=="string"?a:void 0},keys(r){return Object.keys(r)}})}o(cT,"readServerParentContext");function uT(e){let t=ra.getSpanContext(Xi.active()),r=ra.getSpanContext(e);if(!(!t||!ra.isSpanContextValid(t))&&!(r&&ra.isSpanContextValid(r)&&t.traceId===r.traceId&&t.spanId===r.spanId))return[{context:t}]}o(uT,"readAmbientSpanLink");function Og(e){return e&&typeof e=="object"&&e.isError===!0?"tool_error":void 0}o(Og,"readResultErrorType");async function Zr(e,t){let r=Zd(),n=Kd({kind:"client",networkProtocolName:"http",networkTransport:"tcp",...e});return Ag.startActiveSpan(Tg(e),{kind:xg.CLIENT,attributes:n},async a=>{try{let i=await t(),s=Og(i);return s&&(a.setAttribute("error.type",s),a.setStatus({code:Vd.ERROR}),n["error.type"]=s),i}catch(i){let s=e.errorType??Ug(i);throw n["error.type"]=s,Eg(a,i,s),i}finally{kg(r,i=>{rT.record(i,n)}),a.end()}})}o(Zr,"runMcpClientOperation");async function Kr(e,t){let r=Zd(),n=cT(e.params),a=Kd({kind:"server",networkProtocolName:"http",networkTransport:"tcp",...e}),i=uT(n);return Ag.startActiveSpan(Tg(e),{kind:xg.SERVER,attributes:a,...i?{links:i}:{}},n,async s=>{try{let c=await t(),d=Og(c);return d&&(s.setAttribute("error.type",d),s.setStatus({code:Vd.ERROR}),a["error.type"]=d),c}catch(c){let d=e.errorType??Ug(c);throw a["error.type"]=d,Eg(s,c,d),c}finally{kg(r,c=>{nT.record(c,a)}),s.end()}})}o(Kr,"runMcpServerOperation");function $g(e){let t={...e??{},_meta:{...e?._meta&&typeof e._meta=="object"?e._meta:{}}};return Pg.inject(Xi.active(),t._meta,{set(r,n,a){aT.includes(n)&&(r[n]=a)}}),t}o($g,"injectMcpTraceContextIntoParams");function zg(e,t){let r=sT({kind:"client",networkProtocolName:"http",networkTransport:"tcp",...e});oT.record(Math.max(t,0),r)}o(zg,"recordMcpClientSessionDuration");var Wd=new Dt("route-upstream-bindings");function dT(e){let t=Wd.get(e);if(t)return t;let r={bindings:[]};return Wd.set(e,r),r}o(dT,"readOrCreateRouteUpstreamBindingRegistry");function Mg(e){return`${e.upstreamServerId}:${e.authProfileId}`}o(Mg,"buildRouteBindingDuplicateKey");function Jd(e,t){let r=dT(e),n=Mg(t);if(r.bindings.find(i=>Mg(i)===n)!==void 0)throw g("internal_server_error",`Route declares duplicate upstream binding ${t.upstreamServerId} + ${t.authProfileId}.`);r.bindings.push(t)}o(Jd,"appendResolvedUpstreamBindingContext");function qg(e){return Wd.get(e)?.bindings??[]}o(qg,"readResolvedUpstreamBindingContexts");ue();var Q=u.string().datetime({offset:!0}).brand();function ne(e){return Q.parse(e.toISOString())}o(ne,"toIsoTimestamp");function Wt(e,t){return new Date(e.getTime()+t*1e3)}o(Wt,"addSeconds");ue();var na=u.string().trim().min(1),oa={accessTokenTtlSeconds:900,refreshTokenTtlSeconds:2592e3,cimdEnabled:!0},lT=u.object({issuer:u.url(),jwksUrl:u.url(),audience:na}),pT=u.object({url:u.url(),tokenUrl:u.url().optional(),clientId:na.optional(),clientSecret:na.optional(),scope:na.default("openid profile email"),audience:na.optional(),remoteTimeoutMs:u.coerce.number().int().positive().default(1e4),stateTtlSeconds:u.coerce.number().int().positive().default(900),sessionTtlSeconds:u.coerce.number().int().positive().default(28800)}).strict(),mT=u.object({accessTokenTtlSeconds:u.coerce.number().int().positive().default(oa.accessTokenTtlSeconds),refreshTokenTtlSeconds:u.coerce.number().int().positive().default(oa.refreshTokenTtlSeconds),cimdEnabled:u.boolean().default(oa.cimdEnabled)}).strict().default(oa),fT=u.object({oidc:lT,browserLogin:pT,gateway:mT.optional().default(oa)}).strict();function Ng(e){return hT(e.browserLogin.url)?"local_dev":"federated_oidc"}o(Ng,"readBrowserLoginKind");function hT(e){let t;try{t=new URL(e)}catch{return!1}return Le(t)&&t.pathname==="/oauth/dev-login"}o(hT,"isLoopbackDevLoginUrl");function es(e){return fT.parse(e)}o(es,"parseMcpOAuthRuntimeConfig");var Yd;function Dg(e){Yd=e}o(Dg,"setGatewayOAuthConfig");function xe(){if(!Yd)throw g("internal_server_error","MCP gateway OAuth config has not been initialized. An `mcp-oauth-inbound` policy (or a provider-specific wrapper such as `mcp-auth0-oauth-inbound`) must be registered in policies.json so the gateway can derive its OAuth runtime configuration from policy options.");return Yd}o(xe,"getGatewayOAuthConfig");function Ct(e){return se(e)}o(Ct,"readGatewayOAuthIssuer");ue();var gT=43,yT=128,ST=/^[A-Za-z0-9._~-]+$/,Qd="S256",ts=u.literal(Qd),rs=u.string().min(gT).max(yT).regex(ST);ue();var ns=["none","client_secret_post","client_secret_basic"],_T=[...ns,"private_key_jwt"],wT=["awaiting_login","awaiting_setup"],vT=u.string().min(1).brand(),Be=u.string().min(1).brand(),aa=u.uuid().brand(),yt=u.uuid().brand(),os=u.uuid().brand(),Xd=u.enum(ns),bT=u.enum(_T),H2=u.enum(wT),jg=u.object({client_id:Be,client_name:u.string().min(1),redirect_uris:u.array(u.string().min(1)).min(1),token_endpoint_auth_method:bT.default("none")}),el=u.object({clientId:Be,clientName:u.string().min(1),redirectUris:u.array(u.string().min(1)),tokenEndpointAuthMethod:Xd,hashedClientSecret:u.string().optional(),clientSecretExpiresAt:Q.optional(),clientExpiresAt:Q,revokedAt:Q.optional(),createdAt:Q}),tl=u.object({clientId:Be,resource:u.string(),virtualServerId:Pe,subjectId:vT,scope:u.string(),roles:u.array(u.string()),createdAt:Q,expiresAt:Q}),L2=tl.extend({id:yt,redirectUri:u.string(),clientState:u.string().optional(),codeChallenge:u.string(),codeChallengeMethod:ts}),rl=tl.extend({id:aa,currentRefreshTokenHash:u.string().optional(),previousRefreshTokenHash:u.string().optional(),revokedAt:Q.optional(),revokedReason:u.string().optional()}),as=tl.extend({tokenHash:u.string(),grantId:aa,revokedAt:Q.optional()});function nl(){return yt.parse(crypto.randomUUID())}o(nl,"createDownstreamAuthorizationTransactionId");function ol(){return os.parse(crypto.randomUUID())}o(ol,"createDownstreamBrowserLoginStateId");function Hg(){return aa.parse(crypto.randomUUID())}o(Hg,"createDownstreamGrantId");var ye="mcp:tools";function Lg(e,t){if(e===t)return!0;let r=new URL(e),n=new URL(t);return Le(r)&&Le(n)&&gt(r.hostname)===gt(n.hostname)&&r.pathname===n.pathname&&r.search===n.search}o(Lg,"redirectUriMatchesRegistration");function Bg(e){return Le(e)&&e.pathname==="/oauth/dev-login"}o(Bg,"isLoopbackDevLoginUrl");function is(e,t){return new URL(e,Ct(t)).toString()}o(is,"buildGatewayOAuthUrl");function al(e){return new URL(`/mcp/${encodeURIComponent(e.virtualServerId)}`,se(e.requestUrl)).toString()}o(al,"buildScopedAuthorizationServerIssuer");function RT(e){return new URL(`/oauth/authorize/mcp/${encodeURIComponent(e.virtualServerId)}`,se(e.requestUrl)).toString()}o(RT,"buildScopedAuthorizationEndpoint");function il(e){let t=xe();return{issuer:Ct(e),authorization_endpoint:is("/oauth/authorize",e),token_endpoint:is("/oauth/token",e),registration_endpoint:is("/oauth/register",e),revocation_endpoint:is("/oauth/revoke",e),response_types_supported:["code"],response_modes_supported:["query"],grant_types_supported:["authorization_code","refresh_token"],scopes_supported:[ye],code_challenge_methods_supported:[Qd],token_endpoint_auth_methods_supported:ns,revocation_endpoint_auth_methods_supported:["client_secret_basic","client_secret_post","none"],client_id_metadata_document_supported:t.gateway.cimdEnabled,"x-zuplo-browser-login-kind":Ng(t)}}o(il,"buildAuthorizationServerMetadata");function Gg(e){let t=al(e);return{...il(e.requestUrl),issuer:t,authorization_endpoint:RT(e)}}o(Gg,"buildScopedAuthorizationServerMetadata");async function Vg(e,t){try{let r=Pe.parse(e.params.virtualServerId),n=ea(r);return Response.json(CT(n.virtualServerId,e.url))}catch(r){let n=he(r);return ft(e,t,{code:n==="unknown_virtual_server"?n:"not_found",detail:(r instanceof Error?r.message:void 0)??"The requested protected resource metadata document was not found."})}}o(Vg,"protectedResourceMetadataHandler");function CT(e,t){return{resource:Wr(e,t),resource_name:e,authorization_servers:[al({virtualServerId:e,requestUrl:t})],bearer_methods_supported:["header"],scopes_supported:[ye],mcp_protocol_version:Fr}}o(CT,"buildProtectedResourceMetadataResponseBody");function Wr(e,t){return new URL(`/mcp/${encodeURIComponent(e)}`,se(t)).toString()}o(Wr,"buildCanonicalMcpResourceForVirtualServer");function Fg(e,t){return new URL(`/.well-known/oauth-protected-resource/mcp/${encodeURIComponent(e)}`,se(t)).toString()}o(Fg,"buildProtectedResourceMetadataUrlForVirtualServer");import{base64url as sl}from"jose";var IT="sha256:",PT=32;function Zg(e){let t=new ArrayBuffer(e.byteLength);return new Uint8Array(t).set(e),t}o(Zg,"copyToArrayBuffer");function Jt(){let e=crypto.getRandomValues(new Uint8Array(PT));return sl.encode(e)}o(Jt,"createOpaqueToken");async function pe(e){let t=await crypto.subtle.digest("SHA-256",Zg(new TextEncoder().encode(e)));return`${IT}${sl.encode(new Uint8Array(t))}`}o(pe,"hashOpaqueValue");async function Kg(e){let t=await crypto.subtle.digest("SHA-256",Zg(new TextEncoder().encode(e)));return sl.encode(new Uint8Array(t))}o(Kg,"calculatePkceS256Challenge");ue();var xT=u.record(u.string(),u.unknown()),Wg=u.string().min(1),AT=u.union([Wg.transform(e=>[e]),u.array(Wg)]),Se=u.string().min(1).brand(),kT=["zuploSubjectId","zuplo_subject_id","gatewaySubjectId","gateway_subject_id","subjectId","subject_id","https://zuplo.com/subject_id"],TT=["https://zuplo.com/roles","roles","role","permissions","groups"],Jg=new Dt("gateway-principal");function ET(e){let t=xT.safeParse(e);return t.success?t.data:{}}o(ET,"toClaimRecord");function UT(e){return e.issues[0]?.message??"Gateway principal is invalid"}o(UT,"readValidationFailureDetail");function OT(e,t,r){for(let i of kT){let s=Se.safeParse(t[i]);if(s.success)return s.data}let n=Se.safeParse(e?.sub);if(!n.success)throw g("identity_context_missing",UT(n.error));let a=typeof t.iss=="string"?t.iss:void 0;return!a||a===Ct(r)?n.data:Se.parse(`${a}|${n.data}`)}o(OT,"readNormalizedSubjectId");function $T(e){let t=new Set;for(let r of TT){let n=AT.safeParse(e[r]);if(n.success)for(let a of n.data)t.add(a)}return t.size>0?[...t]:void 0}o($T,"readRoles");function jn(e,t){let r=ET(e?.data),n={subjectId:OT(e,r,t)},a=$T(r);return a&&(n.roles=a),n}o(jn,"parseGatewayPrincipal");function Yg(e){let t=ul(e);if(!t)throw g("identity_context_missing","Gateway principal has not been hydrated");return t}o(Yg,"requireGatewayPrincipal");function Qg(e,t){Jg.set(e,t)}o(Qg,"setGatewayPrincipal");function ul(e){return Jg.get(e)}o(ul,"readGatewayPrincipal");function ss(e){let r=['realm="OAuth"',`resource_metadata="${cl(Fg(e.virtualServerId,e.requestUrl))}"`];return e.error!==void 0&&r.push(`error="${e.error}"`),e.errorDescription!==void 0&&r.push(`error_description="${cl(e.errorDescription)}"`),e.scope!==void 0&&r.push(`scope="${cl(e.scope)}"`),`Bearer ${r.join(", ")}`}o(ss,"buildGatewayBearerChallenge");function cl(e){let t="";for(let r=0;r<e.length;r+=1){let n=e.charCodeAt(r);n<=31||n===127||(t+=e[r])}return t.replaceAll("\\","\\\\").replaceAll('"','\\"')}o(cl,"sanitizeQuotedHeaderParameter");ue();ue();function cs(e){if(e===void 0||e.length===0)return;if(!e.startsWith("/")||e.startsWith("//"))throw g("invalid_request","returnTo must be a same-origin relative path.");let t=new URL(e,"https://gateway.local");if(t.origin!=="https://gateway.local"||t.username||t.password||t.hash||t.pathname.startsWith("//"))throw g("invalid_request","returnTo must be a same-origin relative path without credentials or fragments.");return`${t.pathname}${t.search}`}o(cs,"parseSafeRelativeReturnTo");ue();var zT=["user","shared"],Hn=u.enum(zT);function Rr(e){return{mode:"user",subjectId:e}}o(Rr,"buildUserUpstreamConnectionOwner");function us(){return{mode:"shared"}}o(us,"buildSharedUpstreamConnectionOwner");var Xg=u.object({ownerMode:Hn,initiatedBySubjectId:Se,ownerSubjectId:Se.optional(),upstreamServerId:Xe,authProfileId:et,virtualServerId:Pe,returnTo:u.string().min(1).transform(e=>cs(e)).optional()});function ey(e,t){e.ownerMode==="user"&&!e.ownerSubjectId&&t.addIssue({code:u.ZodIssueCode.custom,message:"User-owned state requires ownerSubjectId",path:["ownerSubjectId"]}),e.ownerMode==="shared"&&e.ownerSubjectId&&t.addIssue({code:u.ZodIssueCode.custom,message:"Shared state must not include ownerSubjectId",path:["ownerSubjectId"]})}o(ey,"validateUpstreamOwnerState");var Ln=Xg.superRefine(ey),ty=Xg.omit({returnTo:!0}).superRefine(ey);function ia(e){return Ln.parse({ownerMode:e.owner.mode,initiatedBySubjectId:e.initiatedBySubjectId,ownerSubjectId:e.owner.mode==="user"?e.owner.subjectId:void 0,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,virtualServerId:e.virtualServerId,returnTo:e.returnTo})}o(ia,"buildUpstreamOwnerState");function Bn(e){if(e.ownerMode==="shared")return us();if(!e.ownerSubjectId)throw g("oauth_state_invalid","User-owned upstream state is missing the owner subject.");return Rr(e.ownerSubjectId)}o(Bn,"resolveUpstreamConnectionOwnerFromState");var MT=["active","not_connected","reconsent_required"],qT=["basic_auth_app_password","bearer_token"],ry=u.string().trim().min(1).brand(),Gn=u.uuid().brand(),sa=u.uuid().brand(),dl=u.enum(MT),NT=u.enum(qT),ny=u.object({encryptedClientInformation:u.string().optional(),encryptedDiscoveryState:u.string().optional(),connectedBySubjectId:Se.optional()}),DT=ny.extend({encryptedStaticSecret:u.string().optional(),staticSecretKind:NT.optional(),staticSecretLabel:u.string().min(1).optional(),staticSecretUsername:u.string().min(1).optional()}).strict(),jT=u.object({id:ry,subjectId:Se.optional(),ownerMode:Hn,upstreamServerId:Xe,authProfileId:et,status:dl,encryptedAccessToken:u.string().min(1).optional(),encryptedRefreshToken:u.string().min(1).optional(),scopes:u.array(u.string()),expiresAt:Q.optional(),metadata:DT.optional(),createdAt:Q,updatedAt:Q});function ll(e,t){e.ownerMode==="user"&&(e.subjectId||t.addIssue({code:u.ZodIssueCode.custom,message:"User-owned upstream connections require subjectId",path:["subjectId"]})),e.ownerMode==="shared"&&e.subjectId!==void 0&&t.addIssue({code:u.ZodIssueCode.custom,message:"Shared upstream connections must not include subjectId",path:["subjectId"]})}o(ll,"validateUpstreamConnectionOwnerShape");var Vn=jT.superRefine(ll);function Jr(e){return JSON.stringify([e.owner.mode,e.owner.mode==="user"?e.owner.subjectId:"",e.upstreamServerId,e.authProfileId])}o(Jr,"readUpstreamConnectionLookupKey");var pl=Ln.extend({id:Gn,callbackPath:u.string().min(1),expiresAt:Q,codeVerifier:u.string().optional(),redirectUri:u.url(),returnOrigin:u.url().optional()}).extend(ny.shape);function oy(e){let t=e?.status??"not_connected",r={connected:t==="active",status:t};return e?.updatedAt!==void 0&&(r.updatedAt=e.updatedAt),r}o(oy,"readUpstreamConnectionStatus");function ds(){return ry.parse(`mcpgw2uc_${crypto.randomUUID()}`)}o(ds,"createUpstreamConnectionId");function ay(){return Gn.parse(crypto.randomUUID())}o(ay,"createOAuthStateId");function iy(){return sa.parse(crypto.randomUUID())}o(iy,"createBrowserConnectTicketId");ue();var fl=u.discriminatedUnion("mode",[u.object({mode:u.literal("user"),subjectId:Se}).strict(),u.object({mode:u.literal("shared")}).strict()]),cy=u.object({owner:fl,upstreamServerId:Xe,authProfileId:et}).strict(),uy=u.object({items:u.array(cy).min(1).max(100)}).strict(),hl=u.object({items:u.array(u.object({key:u.object({ownerMode:Hn,subjectId:Se.optional(),upstreamServerId:Xe,authProfileId:et}).strict(),connection:Vn.strict().optional()}).strict())}).strict(),dy=Vn.omit({createdAt:!0,updatedAt:!0}).strict().superRefine(ll),ly=Vn.strict(),py=u.object({owner:fl,upstreamServerId:Xe,authProfileId:et}).strict(),my=u.object({owner:fl,upstreamServerId:Xe,authProfileId:et,connection:Vn.strict().optional(),connectionStatus:u.object({connected:u.boolean(),status:dl,updatedAt:Vn.shape.updatedAt.optional()}).strict()}).strict(),HT=u.enum(["none","client_secret_basic","client_secret_post"]),Yr=u.object({clientId:Be,clientName:u.string().min(1),tokenEndpointAuthMethod:HT}).strict(),gl=u.discriminatedUnion("method",[u.object({method:u.literal("none"),clientId:Be}).strict(),u.object({method:u.enum(["client_secret_basic","client_secret_post"]),clientId:Be,clientSecretHashInput:u.string().min(1)}).strict()]),yl=u.object({id:yt,currentStateHash:u.string().min(1),clientId:Be,redirectUri:u.string().min(1),resource:u.string().min(1),virtualServerId:Pe,clientState:u.string().optional(),scope:u.string(),codeChallenge:u.string().min(1),codeChallengeMethod:u.literal("S256"),createdAt:Q,expiresAt:Q,consumedAt:Q.optional()}).strict(),sy=yl.omit({id:!0,consumedAt:!0}).extend({transactionId:yt,client:Yr.optional()}).strict(),Sl=u.object({subjectId:Se,roles:u.array(u.string()).optional()}).strict(),LT=yl.extend({phase:u.literal("awaiting_login")}).strict(),ml=yl.extend({phase:u.literal("awaiting_setup"),principal:Sl}).strict(),BT=u.discriminatedUnion("phase",[LT,ml]),_l=u.object({transaction:BT,client:Yr}).strict(),fy=el.omit({revokedAt:!0}).strict(),hy=u.discriminatedUnion("kind",[u.object({kind:u.literal("registered"),client:Yr}).strict(),u.object({kind:u.literal("already_exists")}).strict()]),gy=u.object({clientId:Be}).strict(),yy=u.discriminatedUnion("kind",[u.object({kind:u.literal("found"),client:el.strict()}).strict(),u.object({kind:u.literal("missing")}).strict()]),Sy=u.discriminatedUnion("phase",[sy.extend({phase:u.literal("awaiting_login")}).strict(),sy.extend({phase:u.literal("awaiting_setup"),principal:Sl}).strict()]),_y=u.discriminatedUnion("kind",[_l.extend({kind:u.literal("started")}).strict(),u.object({kind:u.literal("invalid_client")}).strict(),u.object({kind:u.literal("redirect_uri_mismatch")}).strict(),u.object({kind:u.literal("already_exists")}).strict()]),wy=u.object({transactionId:yt,currentStateHash:u.string().min(1),now:Q}).strict(),vy=u.discriminatedUnion("kind",[_l.extend({kind:u.literal("available")}).strict(),u.object({kind:u.literal("stale_hash")}).strict(),u.object({kind:u.literal("consumed")}).strict(),u.object({kind:u.literal("expired")}).strict(),u.object({kind:u.literal("missing")}).strict()]),by=u.object({transactionId:yt,expectedPhase:u.literal("awaiting_login"),currentStateHash:u.string().min(1),nextStateHash:u.string().min(1),nextPhase:u.literal("awaiting_setup"),principal:Sl,now:Q}).strict(),Ry=u.discriminatedUnion("kind",[_l.extend({kind:u.literal("advanced")}).strict(),u.object({kind:u.literal("wrong_phase"),current:u.enum(["awaiting_login","awaiting_setup"])}).strict(),u.object({kind:u.literal("stale_hash")}).strict(),u.object({kind:u.literal("consumed")}).strict(),u.object({kind:u.literal("expired")}).strict(),u.object({kind:u.literal("missing")}).strict()]),Cy=u.discriminatedUnion("decision",[u.object({decision:u.literal("approve"),transactionId:yt,currentStateHash:u.string().min(1),currentPrincipal:u.object({subjectId:Se}).strict(),authorizationCodeHash:u.string().min(1),authorizationCodeExpiresAt:Q,grantId:aa,now:Q}).strict(),u.object({decision:u.literal("cancel"),transactionId:yt,currentStateHash:u.string().min(1),currentPrincipal:u.object({subjectId:Se}).strict(),now:Q}).strict()]),Iy=u.discriminatedUnion("kind",[u.object({kind:u.literal("approved"),transaction:ml,client:Yr}).strict(),u.object({kind:u.literal("cancelled"),transaction:ml,client:Yr}).strict(),u.object({kind:u.literal("principal_mismatch")}).strict(),u.object({kind:u.literal("stale_hash")}).strict(),u.object({kind:u.literal("consumed_already")}).strict(),u.object({kind:u.literal("expired")}).strict(),u.object({kind:u.literal("missing")}).strict()]),Py=u.object({clientAuth:gl,codeHash:u.string().min(1),redirectUri:u.string().min(1),resource:u.string().min(1).optional(),codeChallenge:u.string().min(1),currentRefreshTokenHash:u.string().min(1),accessTokenHash:u.string().min(1),grantExpiresAt:Q,accessTokenExpiresAt:Q,now:Q}).strict(),xy=u.discriminatedUnion("kind",[u.object({kind:u.literal("exchanged"),client:Yr,grant:rl.strict()}).strict(),u.object({kind:u.literal("invalid_client")}).strict(),u.object({kind:u.literal("consumed")}).strict(),u.object({kind:u.literal("missing")}).strict(),u.object({kind:u.literal("expired")}).strict(),u.object({kind:u.literal("resource_mismatch")}).strict(),u.object({kind:u.literal("binding_mismatch")}).strict()]),Ay=u.object({clientAuth:gl,currentRefreshTokenHash:u.string().min(1),nextRefreshTokenHash:u.string().min(1),accessTokenHash:u.string().min(1),resource:u.string().min(1).optional(),accessTokenExpiresAt:Q,now:Q}).strict(),ky=u.discriminatedUnion("kind",[u.object({kind:u.literal("rotated"),client:Yr,grant:rl.strict(),accessToken:as.strict(),matched:u.literal("current")}).strict(),u.object({kind:u.literal("invalid_client")}).strict(),u.object({kind:u.literal("missing")}).strict(),u.object({kind:u.literal("expired")}).strict(),u.object({kind:u.literal("resource_mismatch")}).strict(),u.object({kind:u.literal("revoked")}).strict()]),Ty=u.object({clientAuth:gl,tokenHash:u.string().min(1),now:Q}).strict(),Ey=u.discriminatedUnion("kind",[u.object({kind:u.literal("revoked_access_token")}).strict(),u.object({kind:u.literal("revoked_grant")}).strict(),u.object({kind:u.literal("client_mismatch")}).strict(),u.object({kind:u.literal("missing")}).strict(),u.object({kind:u.literal("invalid_client")}).strict()]),Uy=u.object({tokenHash:u.string().min(1),now:Q}).strict(),Oy=u.discriminatedUnion("kind",[u.object({kind:u.literal("valid"),record:as.strict()}).strict(),u.object({kind:u.literal("missing")}).strict(),u.object({kind:u.literal("expired")}).strict(),u.object({kind:u.literal("revoked")}).strict()]),$y=u.object({accessTokenHash:u.string().min(1),resource:u.string().min(1),virtualServerId:Pe,upstreamConnectionKeys:u.array(cy).max(100),now:Q}).strict(),zy=u.discriminatedUnion("kind",[u.object({kind:u.literal("authorized"),principal:u.object({subjectId:Se,roles:u.array(u.string())}).strict(),accessToken:as.strict(),upstreamConnections:hl.shape.items}).strict(),u.object({kind:u.literal("missing")}).strict(),u.object({kind:u.literal("expired")}).strict(),u.object({kind:u.literal("revoked")}).strict(),u.object({kind:u.literal("resource_mismatch")}).strict(),u.object({kind:u.literal("principal_mismatch")}).strict()]),My=u.object({record:pl}).strict(),qy=u.object({kind:u.literal("saved")}).strict(),Ny=u.object({id:Gn,now:Q}).strict(),Dy=u.discriminatedUnion("kind",[u.object({kind:u.literal("available"),record:pl}).strict(),u.object({kind:u.literal("consumed")}).strict(),u.object({kind:u.literal("missing")}).strict()]),jy=u.object({id:sa,expiresAt:Q,now:Q}).strict(),Hy=u.discriminatedUnion("kind",[u.object({kind:u.literal("available")}).strict(),u.object({kind:u.literal("consumed")}).strict()]);var Ly=100;function By(e){return e!==null&&typeof e=="object"}o(By,"isProblemDetailsShape");var GT="/zups/v2/mcp/storage";function ze(e){return`${GT}/${e}`}o(ze,"buildStoragePath");function VT(){return ze("upstream-connections/batch-get")}o(VT,"buildBatchGetUpstreamConnectionsPath");function FT(){return ze("upstream-connections/upsert")}o(FT,"buildUpsertUpstreamConnectionPath");function ZT(){return ze("authorization/read-setup")}o(ZT,"buildReadAuthorizationSetupPath");function KT(){return ze("oauth/register-client")}o(KT,"buildRegisterClientPath");function WT(){return ze("oauth/read-client")}o(WT,"buildReadClientPath");function JT(){return ze("authorization/start")}o(JT,"buildStartAuthorizationPath");function YT(){return ze("authorization/read-pending")}o(YT,"buildReadPendingAuthorizationPath");function QT(){return ze("authorization/advance-pending")}o(QT,"buildAdvancePendingAuthorizationPath");function XT(){return ze("authorization/decide-setup")}o(XT,"buildDecideAuthorizationSetupPath");function e0(){return ze("token/exchange-authorization-code")}o(e0,"buildExchangeAuthorizationCodePath");function t0(){return ze("token/refresh")}o(t0,"buildRefreshTokenPath");function r0(){return ze("token/revoke")}o(r0,"buildRevokeOAuthTokenPath");function n0(){return ze("token/validate-access-token")}o(n0,"buildValidateAccessTokenPath");function o0(){return ze("mcp/authorize-and-load-connections")}o(o0,"buildAuthorizeAndLoadConnectionsPath");function a0(){return ze("upstream-oauth-state/save")}o(a0,"buildSaveUpstreamOAuthStatePath");function i0(){return ze("upstream-oauth-state/consume")}o(i0,"buildConsumeUpstreamOAuthStatePath");function s0(){return ze("browser-connect-ticket/consume")}o(s0,"buildConsumeBrowserConnectTicketPath");function c0(e,t){return e.ownerMode===t.owner.mode&&(e.subjectId??"")===(t.owner.mode==="user"?t.owner.subjectId:"")&&e.upstreamServerId===t.upstreamServerId&&e.authProfileId===t.authProfileId}o(c0,"responseKeyMatchesLookup");function u0(e,t){return e.owner.mode===t.owner.mode&&(e.owner.mode==="user"?e.owner.subjectId:"")===(t.owner.mode==="user"?t.owner.subjectId:"")&&e.upstreamServerId===t.upstreamServerId&&e.authProfileId===t.authProfileId}o(u0,"authorizationSetupMatchesLookup");function Fy(e,t){return e.ownerMode===t.owner.mode&&(e.subjectId??"")===(t.owner.mode==="user"?t.owner.subjectId:"")&&e.upstreamServerId===t.upstreamServerId&&e.authProfileId===t.authProfileId}o(Fy,"connectionMatchesLookup");function d0(e,t){return e.ownerMode===t.ownerMode&&(e.subjectId??"")===(t.subjectId??"")&&e.upstreamServerId===t.upstreamServerId&&e.authProfileId===t.authProfileId&&e.status===t.status&&(e.encryptedAccessToken??"")===(t.encryptedAccessToken??"")&&(e.encryptedRefreshToken??"")===(t.encryptedRefreshToken??"")&&vl(e.scopes,t.scopes)&&wl(e.expiresAt,t.expiresAt)&&p0(e.metadata,t.metadata)}o(d0,"connectionMatchesUpsertRecord");function wl(e,t){return e===void 0||t===void 0?e===t:Date.parse(e)===Date.parse(t)}o(wl,"optionalTimestampInstantsMatch");function l0(e,t){return Date.parse(e)<=Date.parse(t)}o(l0,"timestampInstantIsAtOrBefore");function vl(e,t){return e.length===t.length&&e.every((r,n)=>r===t[n])}o(vl,"stringArraysMatch");function p0(e,t){let r=Gy(e),n=Gy(t),a=Object.fromEntries(n);return r.length===n.length&&r.every(([i,s])=>a[i]===s)}o(p0,"metadataMatches");function Gy(e){return Object.entries(e??{}).filter(t=>t[1]!==void 0)}o(Gy,"definedMetadataEntries");function be(e,t){throw g({code:"internal_server_error",privateDetail:e,cause:t})}o(be,"throwInvalidStorageResponse");async function m0(e,t){try{let r=await e.json();return r&&typeof r=="object"&&!Array.isArray(r)&&delete r.$schema,t.parse(r)}catch(r){be("Gateway Service storage response did not match the runtime storage contract.",r)}}o(m0,"parseRuntimeHttpStorageResponse");function Zy(e,t){e.length!==t.length&&be("Gateway Service storage response item count did not match the request.");for(let[r,n]of e.entries()){let a=t[r];c0(n.key,a)||be("Gateway Service storage response key did not match the request."),n.connection!==void 0&&!Fy(n.connection,a)&&be("Gateway Service storage response connection did not match the response key.")}}o(Zy,"validateUpstreamConnectionItemsMatchLookups");function f0(e,t){u0(e,t)||be("Gateway Service storage response authorization setup did not match the request."),e.connection!==void 0&&!Fy(e.connection,t)&&be("Gateway Service storage response authorization setup connection did not match the request.");let r=e.connection?.status==="active",n=e.connection?.status??"not_connected",a=e.connection?.updatedAt;(e.connectionStatus.connected!==r||e.connectionStatus.status!==n||!wl(e.connectionStatus.updatedAt,a))&&be("Gateway Service storage response authorization setup status did not match the connection.")}o(f0,"validateAuthorizationSetupResponseMatchesLookup");function h0(e,t){e.kind==="registered"&&(e.client.clientId!==t.clientId||e.client.clientName!==t.clientName||e.client.tokenEndpointAuthMethod!==t.tokenEndpointAuthMethod)&&be("Gateway Service storage response registered client did not match the request.")}o(h0,"validateRegisterClientResponseMatchesRequest");function g0(e,t){e.kind==="found"&&e.client.clientId!==t.clientId&&be("Gateway Service storage response client did not match the request.")}o(g0,"validateReadClientResponseMatchesRequest");function y0(e,t){e.kind==="started"&&((e.transaction.id!==t.transactionId||e.transaction.currentStateHash!==t.currentStateHash||e.transaction.phase!==t.phase||e.transaction.clientId!==t.clientId||e.transaction.redirectUri!==t.redirectUri||e.transaction.resource!==t.resource||e.transaction.virtualServerId!==t.virtualServerId||(e.transaction.clientState??"")!==(t.clientState??"")||e.transaction.scope!==t.scope||e.transaction.codeChallenge!==t.codeChallenge||e.transaction.codeChallengeMethod!==t.codeChallengeMethod)&&be("Gateway Service storage response started authorization did not match the request."),t.phase==="awaiting_setup"&&(e.transaction.phase!=="awaiting_setup"||e.transaction.principal.subjectId!==t.principal.subjectId)&&be("Gateway Service storage response started authorization principal did not match the request."))}o(y0,"validateStartAuthorizationResponseMatchesRequest");function Vy(e,t){e.kind!=="available"&&e.kind!=="advanced"||((e.transaction.id!==t.transactionId||e.transaction.currentStateHash!==("nextStateHash"in t?t.nextStateHash:t.currentStateHash))&&be("Gateway Service storage response pending authorization did not match the request."),"nextPhase"in t&&(e.transaction.phase!==t.nextPhase||e.transaction.phase!=="awaiting_setup"||e.transaction.principal.subjectId!==t.principal.subjectId)&&be("Gateway Service storage response advanced authorization did not match the request."))}o(Vy,"validatePendingAuthorizationResponseMatchesRequest");function S0(e,t){e.kind!=="approved"&&e.kind!=="cancelled"||(e.transaction.id!==t.transactionId||e.transaction.currentStateHash!==t.currentStateHash||e.transaction.principal.subjectId!==t.currentPrincipal.subjectId)&&be("Gateway Service storage response authorization setup transaction did not match the request.")}o(S0,"validateAuthorizationSetupDecisionResponseMatchesRequest");function _0(e,t){e.kind==="exchanged"&&(e.client.clientId!==t.clientAuth.clientId||e.client.tokenEndpointAuthMethod!==t.clientAuth.method||e.grant.clientId!==t.clientAuth.clientId||e.grant.currentRefreshTokenHash!==t.currentRefreshTokenHash||!wl(e.grant.expiresAt,t.grantExpiresAt)||t.resource!==void 0&&e.grant.resource!==t.resource)&&be("Gateway Service storage response authorization-code exchange did not match the request.")}o(_0,"validateExchangeAuthorizationCodeResponseMatchesRequest");function w0(e,t){e.kind==="rotated"&&((e.client.clientId!==t.clientAuth.clientId||e.client.tokenEndpointAuthMethod!==t.clientAuth.method||e.grant.clientId!==t.clientAuth.clientId||e.grant.currentRefreshTokenHash!==t.nextRefreshTokenHash||e.grant.previousRefreshTokenHash!==t.currentRefreshTokenHash||t.resource!==void 0&&e.grant.resource!==t.resource)&&be("Gateway Service storage response token refresh grant did not match the request."),(e.accessToken.tokenHash!==t.accessTokenHash||e.accessToken.grantId!==e.grant.id||!l0(e.accessToken.expiresAt,t.accessTokenExpiresAt)||!R0(e.accessToken,e.grant))&&be("Gateway Service storage response token refresh access token did not match the request."))}o(w0,"validateRefreshTokenResponseMatchesRequest");function v0(e,t){e.kind==="valid"&&e.record.tokenHash!==t.tokenHash&&be("Gateway Service storage response access token did not match the request.")}o(v0,"validateAccessTokenValidationResponseMatchesRequest");function b0(e,t){e.kind==="authorized"&&((e.accessToken.tokenHash!==t.accessTokenHash||e.accessToken.resource!==t.resource||e.accessToken.virtualServerId!==t.virtualServerId||e.principal.subjectId!==e.accessToken.subjectId||!vl(e.principal.roles,e.accessToken.roles))&&be("Gateway Service storage response MCP authorization did not match the request."),Zy(e.upstreamConnections,t.upstreamConnectionKeys))}o(b0,"validateAuthorizeAndLoadConnectionsResponseMatchesRequest");function R0(e,t){return e.clientId===t.clientId&&e.resource===t.resource&&e.virtualServerId===t.virtualServerId&&e.subjectId===t.subjectId&&e.scope===t.scope&&vl(e.roles,t.roles)}o(R0,"accessTokenMatchesGrant");async function C0(e){try{return await e.clone().json()}catch{return}}o(C0,"readProblemDetails");async function I0(e){let t=await C0(e),r=By(t)&&typeof t.status=="number"?t.status:e.status,n=By(t)&&Xo(t.code)?t.code:Od(r);throw g({code:n,privateDetail:`Gateway Service storage request failed with HTTP ${r}.`})}o(I0,"throwRuntimeHttpStorageError");var ls=class{static{o(this,"RuntimeHttpStorageClient")}#t;#r;constructor(t){this.#t=t.baseUrl??lo.instance.zuploEdgeApiUrl,this.#r=t.fetch??fetch}async#e(t){let r=t.requestSchema.parse(t.input),n=new URL(t.path,this.#t),a=new Headers({"Content-Type":"application/json"});qp(a);let i=await this.#r(n,{method:"POST",headers:a,body:JSON.stringify(r)});return i.ok||await I0(i),{request:r,response:await m0(i,t.responseSchema)}}async batchGetUpstreamConnections(t){if(t.length===0)return[];let r=[],n=new Map,a=t.map(s=>{let c=Jr(s),d=n.get(c);if(d!==void 0)return d;let p=r.length;return r.push(s),n.set(c,p),p}),i=[];for(let s=0;s<r.length;s+=Ly){let c=r.slice(s,s+Ly);i.push(...await this.#n(c))}return a.map(s=>i[s])}async upsertUpstreamConnection(t){let{request:r,response:n}=await this.#e({input:t,path:FT(),requestSchema:dy,responseSchema:ly});return d0(n,r)||be("Gateway Service storage response connection did not match the request."),n}async readAuthorizationSetup(t){let{request:r,response:n}=await this.#e({input:t,path:ZT(),requestSchema:py,responseSchema:my});return f0(n,r),n}async registerClient(t){let{request:r,response:n}=await this.#e({input:t,path:KT(),requestSchema:fy,responseSchema:hy});return h0(n,r),n}async readClient(t){let{request:r,response:n}=await this.#e({input:t,path:WT(),requestSchema:gy,responseSchema:yy});return g0(n,r),n}async startAuthorization(t){let{request:r,response:n}=await this.#e({input:t,path:JT(),requestSchema:Sy,responseSchema:_y});return y0(n,r),n}async readPendingAuthorization(t){let{request:r,response:n}=await this.#e({input:t,path:YT(),requestSchema:wy,responseSchema:vy});return Vy(n,r),n}async advancePendingAuthorization(t){let{request:r,response:n}=await this.#e({input:t,path:QT(),requestSchema:by,responseSchema:Ry});return Vy(n,r),n}async decideAuthorizationSetup(t){let{request:r,response:n}=await this.#e({input:t,path:XT(),requestSchema:Cy,responseSchema:Iy});return S0(n,r),n}async saveUpstreamOAuthState(t){let{response:r}=await this.#e({input:t,path:a0(),requestSchema:My,responseSchema:qy});return r}async consumeUpstreamOAuthState(t){let{request:r,response:n}=await this.#e({input:t,path:i0(),requestSchema:Ny,responseSchema:Dy});return n.kind==="available"&&n.record.id!==r.id&&be("Gateway Service storage response upstream OAuth state did not match the request."),n}async consumeBrowserConnectTicket(t){let{response:r}=await this.#e({input:t,path:s0(),requestSchema:jy,responseSchema:Hy});return r}async exchangeAuthorizationCode(t){let{request:r,response:n}=await this.#e({input:t,path:e0(),requestSchema:Py,responseSchema:xy});return _0(n,r),n}async refreshToken(t){let{request:r,response:n}=await this.#e({input:t,path:t0(),requestSchema:Ay,responseSchema:ky});return w0(n,r),n}async revokeOAuthToken(t){let{response:r}=await this.#e({input:t,path:r0(),requestSchema:Ty,responseSchema:Ey});return r}async validateAccessToken(t){let{request:r,response:n}=await this.#e({input:t,path:n0(),requestSchema:Uy,responseSchema:Oy});return v0(n,r),n}async authorizeAndLoadConnections(t){let{request:r,response:n}=await this.#e({input:t,path:o0(),requestSchema:$y,responseSchema:zy});return b0(n,r),n}async#n(t){let r={items:[...t]},{response:n}=await this.#e({input:r,path:VT(),requestSchema:uy,responseSchema:hl});return Zy(n.items,t),n.items.map(a=>a.connection)}};var P0="__zuploMcpGatewayStorageBackend",bl;function x0(){return new ls({})}o(x0,"buildProductionStorageBackend");function J(){let e=globalThis[P0];return e||(bl||(bl=x0()),bl)}o(J,"getStorage");function Rl(e){let t=e.headers.get("authorization"),[r,n]=t?.split(/\s+/,2)??[];if(!(r?.toLowerCase()!=="bearer"||!n))return n}o(Rl,"readBearerToken");function A0(e,t,r){return ft(e,t,{code:"authentication_required",detail:"Gateway access token is required.",headers:{"WWW-Authenticate":r}})}o(A0,"gatewayAuthenticationRequiredResponse");async function k0(e,t,r){let n=await J().validateAccessToken({tokenHash:await pe(e),now:ne(new Date)});if(n.kind!=="valid")throw t.log.warn({event:"gateway_access_token_validate_failed",code:"authentication_required",validationKind:n.kind,virtualServerId:r},"Gateway access token validation failed"),g("authentication_required","Gateway access token is expired, revoked, or invalid.");return n.record}o(k0,"validateGatewayAccessToken");function T0(e,t){if(e.accessToken.resource!==e.resource||e.accessToken.virtualServerId!==e.virtualServerId)throw t.log.warn({event:"gateway_access_token_resource_mismatch",code:"authentication_required",expectedResource:e.resource,tokenResource:e.accessToken.resource,expectedVirtualServerId:e.virtualServerId,tokenVirtualServerId:e.accessToken.virtualServerId,clientId:e.accessToken.clientId},"Gateway access token resource does not match the requested MCP resource"),g("authentication_required","Gateway access token was not issued for this MCP resource.")}o(T0,"assertAccessTokenResource");function E0(e,t,r){return ft(e,t,{code:"forbidden",detail:"Gateway access token is missing the required MCP scope.",headers:{"WWW-Authenticate":ss({virtualServerId:r,requestUrl:e.url,error:"insufficient_scope",errorDescription:`The access token is missing the ${ye} scope required by this MCP resource.`,scope:ye})}})}o(E0,"insufficientScopeResponse");function U0(e){return{subjectId:e.subjectId,roles:e.roles}}o(U0,"principalFromAccessToken");function O0(e){let t=he(e.error),r={event:"gateway_access_token_rejected",code:t??"authentication_required",virtualServerId:e.virtualServerId};return e.error instanceof Error?(r.errorName=e.error.name,r.errorMessage=e.error.message):e.error!==void 0&&e.error!==null&&(r.errorMessage=String(e.error)),e.context.log.warn(r,"Gateway access token rejected; MCP request denied"),ft(e.request,e.context,{code:t??"authentication_required",detail:e.error instanceof Error?e.error.message:"Gateway access token could not be verified.",headers:{"WWW-Authenticate":ss({virtualServerId:e.virtualServerId,requestUrl:e.request.url,error:"invalid_token",errorDescription:"The access token is expired, malformed, or invalid."})}})}o(O0,"gatewayTokenRejectedResponse");async function Cl(e,t){let r=Dn(t),n=Wr(r.virtualServerId,e.url),a=Rl(e),i=ss({virtualServerId:r.virtualServerId,requestUrl:e.url});if(!a)return t.log.debug({event:"gateway_access_token_missing",code:"authentication_required",virtualServerId:r.virtualServerId,hasAuthorizationHeader:e.headers.get("authorization")!==null},"MCP request did not include a gateway access token"),A0(e,t,i);try{let s=await k0(a,t,r.virtualServerId);if(T0({accessToken:s,resource:n,virtualServerId:r.virtualServerId},t),s.scope!==ye)return t.log.warn({event:"gateway_access_token_insufficient_scope",code:"forbidden",tokenScope:s.scope,requiredScope:ye,virtualServerId:r.virtualServerId,clientId:s.clientId},"Gateway access token does not have the required MCP scope"),E0(e,t,r.virtualServerId);let c=U0(s);return Qg(t,c),Ud(t,c),e}catch(s){return O0({request:e,context:t,error:s,virtualServerId:r.virtualServerId})}}o(Cl,"gatewayTokenInbound");var $0=2,Ky=4,z0=24,M0=16,Wy=512,q0=/(token|secret|authorization|password|cookie|credential|client[_-]?secret|code[_-]?verifier|(^|[_-])(code|state|verifier)($|[_-]))/i,N0=/("(?:access_token|refresh_token|id_token|client_secret|authorization|password|cookie|code|state|code_verifier)"\s*:\s*")([^"]*)(")/gi,D0=/\b(access[_-]?token|refresh[_-]?token|id[_-]?token|client[_-]?secret|password|cookie|code|state|code[_-]?verifier)(\s*[:=]\s*)(?:"[^"]*"|'[^']*'|[^\s,;&]+)/gi,j0=/\b(authorization)(\s*[:=]\s*)(?:"[^"]*"|'[^']*'|(?:Bearer|Basic)\s+[^\s,;]+|[^\s,;]+)/gi,H0=/\bBearer\s+[A-Za-z0-9._~+/=-]+/gi,L0=/\bBasic\s+[A-Za-z0-9+/=-]+/gi;function Jy(e){let t=e.route;return t&&typeof t=="object"?t:void 0}o(Jy,"readRoute");function B0(e){let t=Jy(e)?.path;return typeof t=="string"&&t.length>0?t:void 0}o(B0,"readRoutePath");function G0(e){let t=Jy(e)?.raw;if(typeof t!="function")return;let r=t();if(!r||typeof r!="object")return;let n=r.operationId;return typeof n=="string"&&n.length>0?n:void 0}o(G0,"readRouteOperationId");function V0(e){if(!(e===void 0||!Number.isFinite(e)||e<100))return`${Math.trunc(e/100)}xx`}o(V0,"deriveStatusClass");function F0(e,t){if(!(!e&&!t))return e==="user"?t==="user_oauth"?"upstream_user_attributed":"gateway_user_attributed_only":e==="shared"?"shared_upstream_identity":e==="none"?"machine_identity":"unknown"}o(F0,"deriveOriginAttributionMode");function Z0(e){if(!e)return;let t=e.toLowerCase();return t.includes("desktop")||t.includes("claude")||t.includes("chatgpt")?"desktop":t.includes("vscode")||t.includes("cursor")||t.includes("zed")||t.includes("jetbrains")||t.includes("ide")?"ide":t.includes("extension")?"extension":t.includes("agent")||t.includes("bot")||t.includes("worker")||t.includes("service")?"service":"unknown"}o(Z0,"deriveClientKind");function K0(e,t){return t==="success"?"none":e===K.MCP_GATEWAY_REQUEST_RECEIVED||e===K.MCP_GATEWAY_REQUEST_REJECTED||e===K.MCP_GATEWAY_CLIENT_UNSUPPORTED_BEHAVIOR?"ingress":e.startsWith("mcp_gateway_auth_")||e.startsWith("mcp_gateway_oauth_")?"auth":e===K.MCP_GATEWAY_INITIALIZE_NEGOTIATED?"routing":e===K.MCP_GATEWAY_POLICY_DECISION?"policy":e===K.MCP_GATEWAY_GUARDRAIL_DECISION?"guardrail":e===K.MCP_GATEWAY_RATE_LIMIT_DECISION?"policy":e.startsWith("mcp_gateway_upstream_")||e.startsWith("mcp_gateway_capability_")||e.startsWith("mcp_gateway_catalog_")?"upstream":e===K.MCP_GATEWAY_REQUEST_COMPLETED?"egress":"none"}o(K0,"deriveFailureStage");function W0(e,t){return t==="success"?"none":t==="application_error"?"mcp_application":e.startsWith("mcp_gateway_auth_")||e.startsWith("mcp_gateway_oauth_")?"auth":e===K.MCP_GATEWAY_POLICY_DECISION||e===K.MCP_GATEWAY_GUARDRAIL_DECISION||e===K.MCP_GATEWAY_RATE_LIMIT_DECISION?"policy":e.startsWith("mcp_gateway_upstream_")||e===K.MCP_GATEWAY_CAPABILITY_FAILED||e===K.MCP_GATEWAY_CAPABILITY_CONNECT_REQUIRED?"upstream":e===K.MCP_GATEWAY_REQUEST_REJECTED||e===K.MCP_GATEWAY_CLIENT_UNSUPPORTED_BEHAVIOR?"client":"gateway"}o(W0,"deriveFailureOrigin");function J0(e,t){return t==="success"?"none":e.startsWith("mcp_gateway_auth_")||e.startsWith("mcp_gateway_oauth_")?"auth":e===K.MCP_GATEWAY_POLICY_DECISION?"policy":e===K.MCP_GATEWAY_GUARDRAIL_DECISION?"guardrail":e===K.MCP_GATEWAY_RATE_LIMIT_DECISION?"rate_limit":e.startsWith("mcp_gateway_upstream_")?"upstream":e===K.MCP_GATEWAY_CLIENT_UNSUPPORTED_BEHAVIOR||e===K.MCP_GATEWAY_REQUEST_REJECTED?"protocol":"none"}o(J0,"deriveReasonClass");function Y0(e){return e.length<=Wy?e:`${e.slice(0,Wy)}...`}o(Y0,"truncateAnalyticsString");function Q0(e){return Y0(e.replace(N0,"$1[REDACTED]$3").replace(j0,"$1$2[REDACTED]").replace(D0,"$1$2[REDACTED]").replace(H0,"Bearer [REDACTED]").replace(L0,"Basic [REDACTED]"))}o(Q0,"redactAnalyticsString");function Yy(e,t){if(e!==void 0){if(e===null||typeof e=="boolean")return e;if(typeof e=="string")return Q0(e);if(typeof e=="number")return Number.isFinite(e)?e:void 0;if(Array.isArray(e))return t>=Ky?"[DEPTH_LIMIT]":e.slice(0,M0).map(r=>Yy(r,t+1)).filter(r=>r!==void 0);if(typeof e=="object")return e instanceof Date?e.toISOString():t>=Ky?"[DEPTH_LIMIT]":Qy(e,t+1)}}o(Yy,"sanitizeAnalyticsValue");function Qy(e,t=0){if(!e)return;let r={};for(let[n,a]of Object.entries(e).slice(0,z0)){if(q0.test(n)){r[n]="[REDACTED]";continue}let i=Yy(a,t);i!==void 0&&(r[n]=i)}return Object.keys(r).length===0?void 0:r}o(Qy,"sanitizeMcpGatewayAnalyticsAttributes");function M(e){return e===void 0?null:e}o(M,"nullable");function X0(e){let t=e.environment;return t&&typeof t=="object"&&typeof t.name=="string"?t.name:null}o(X0,"readEnvironment");function eE(e){let t=e.requestId;return typeof t=="string"&&t.length>0?t:null}o(eE,"readRequestId");function tE(e){if(e===void 0)return null;try{return JSON.stringify(e)}catch{return null}}o(tE,"attributesToJsonString");function rE(e,t){let r=ul(e),n=ta(e),a=Qy(t.attributes),i=eE(e),s=t.ownerMode??t.routeBinding?.ownerMode??null,c=t.upstreamAuthMode??t.routeBinding?.authMode??null,d=t.virtualServerName??t.routeBinding?.virtualServerId??n?.virtualServerId??null,p=t.upstreamServerName??t.routeBinding?.upstreamServerId??n?.upstreamServerId??null,l=t.upstreamServerTitle??t.routeBinding?.upstreamDisplayName??null,m=t.authProfileId??t.routeBinding?.authProfileId??n?.authProfileId??null,h=t.clientKind??Z0(t.clientName)??null,y=F0(s??void 0,c??void 0)??null,_=V0(t.httpStatusCode)??null,S=t.reasonClass??J0(t.eventType,t.outcome),w=t.failureOrigin??W0(t.eventType,t.outcome),v=t.failureStage??K0(t.eventType,t.outcome);return{schemaVersion:$0,outcome:t.outcome,subjectId:M(r?.subjectId),environment:X0(e),traceId:t.traceId??i,spanId:M(t.spanId),parentEventId:M(t.parentEventId),mcpSessionId:M(t.mcpSessionId),routeSurface:M(t.routeSurface),routePath:B0(e)??null,operationId:G0(e)??null,virtualServerName:d,virtualServerTitle:M(t.virtualServerTitle),upstreamServerName:p,upstreamServerTitle:l,upstreamBindingId:M(t.upstreamBindingId),clientName:M(t.clientName),clientTitle:M(t.clientTitle),clientVersion:M(t.clientVersion),clientKind:h,authProfileId:m,upstreamAuthMode:c,ownerMode:s,authMethod:M(t.authMethod),originAttributionMode:y,httpMethod:M(t.httpMethod),httpStatusCode:M(t.httpStatusCode),statusClass:_,mcpMethod:M(t.mcpMethod),mcpProtocolVersion:M(t.mcpProtocolVersion),mcpStatus:M(t.mcpStatus),mcpErrorType:M(t.mcpErrorType),applicationError:M(t.applicationError),applicationErrorCode:M(t.applicationErrorCode),toolResultIsError:M(t.toolResultIsError),capabilityType:M(t.capabilityType),capabilityName:M(t.capabilityName),capabilityTitle:M(t.capabilityTitle),upstreamCapabilityName:M(t.upstreamCapabilityName),upstreamCapabilityTitle:M(t.upstreamCapabilityTitle),capabilitySchemaHash:M(t.capabilitySchemaHash),policyId:M(t.policyId),policyAction:M(t.policyAction),guardrailType:M(t.guardrailType),guardrailDirection:M(t.guardrailDirection),guardrailFindingCount:M(t.guardrailFindingCount),redactionCount:M(t.redactionCount),requestMutated:M(t.requestMutated),responseMutated:M(t.responseMutated),latencyMs:M(t.latencyMs),gatewayLatencyMs:M(t.gatewayLatencyMs),upstreamLatencyMs:M(t.upstreamLatencyMs),authLatencyMs:M(t.authLatencyMs),policyLatencyMs:M(t.policyLatencyMs),requestBytes:M(t.requestBytes),responseBytes:M(t.responseBytes),estimatedInputTokens:M(t.estimatedInputTokens),estimatedOutputTokens:M(t.estimatedOutputTokens),estimatedContextTokens:M(t.estimatedContextTokens),contextPressureBucket:M(t.contextPressureBucket),responseMimeTypes:M(t.responseMimeTypes),base64Suspected:M(t.base64Suspected),truncated:M(t.truncated),isLargePayloadRequest:M(t.isLargePayloadRequest),isLargePayloadResponse:M(t.isLargePayloadResponse),payloadCaptureMode:M(t.payloadCaptureMode),reasonCode:M(t.reasonCode),reasonClass:S,errorType:t.errorType??t.reasonCode??null,failureOrigin:w,failureStage:v,customMetadataJson:M(t.customMetadataJson),attributesJson:tE(a)}}o(rE,"buildMcpGatewayAnalyticsMetadata");function tt(e,t){try{e.analyticsContext.addAnalyticsEvent(t.value??1,t.eventType,rE(e,t),t.unit)}catch(r){e.log?.warn?.({event:"mcp_gateway_analytics_emit_failed",errorName:r instanceof Error?r.name:"unknown"})}}o(tt,"emitMcpGatewayAnalyticsEvent");function rt(e){let t=ht().connectionsById.get(e);if(!t)throw g("unknown_upstream_server",`Unknown upstream server: ${e}`);return t.config}o(rt,"getUpstreamServerConfig");function nE(e){let t=ht().connectionsById.get(e.upstreamServerId);if(!t||t.authProfileId!==e.authProfileId)throw g("unknown_auth_profile",`Unknown auth profile ${String(e.authProfileId)} for upstream server ${e.upstreamServerId}.`);return t.authProfileId}o(nE,"resolveUpstreamAuthProfileId");function Cr(e){nE(e);let t=ht().connectionsById.get(e.upstreamServerId);if(!t)throw g("unknown_auth_profile",`Auth profile could not be resolved for upstream server ${e.upstreamServerId}.`);return t.authConfig}o(Cr,"getUpstreamAuthConfig");function Qr(e,t){let r=Cr({upstreamServerId:e,authProfileId:t});if(!fg(r))throw g("invalid_request",`Upstream server ${e} does not use upstream OAuth.`);return r.oauth}o(Qr,"requireUpstreamOAuthConfig");var oE={"shared-oauth":{authMode:"shared-oauth",ownerMode:"shared",connectSupport:"oauth_authorization",connectUnsupportedDetail:void 0,callbackSupport:"authorization_code",credentialAcquisition:"oauth_connection"},user_oauth:{authMode:"user_oauth",ownerMode:"user",connectSupport:"oauth_authorization",connectUnsupportedDetail:void 0,callbackSupport:"authorization_code",credentialAcquisition:"oauth_connection"},static_secret:{authMode:"static_secret",ownerMode:"none",connectSupport:"none",connectUnsupportedDetail:"Static-secret upstreams do not support browser connection flows.",callbackSupport:"none",credentialAcquisition:"configured_static_secret"},"shared-secret":{authMode:"shared-secret",ownerMode:"shared",connectSupport:"none",connectUnsupportedDetail:"Shared static-secret upstreams do not support browser connection flows.",callbackSupport:"none",credentialAcquisition:"shared_secret_connection"},"user-secret":{authMode:"user-secret",ownerMode:"user",connectSupport:"user_secret_capture",connectUnsupportedDetail:void 0,callbackSupport:"none",credentialAcquisition:"user_secret_connection"}};function $t(e){return oE[e]}o($t,"describeUpstreamAuthMode");function ps(e){return $t(e).ownerMode}o(ps,"resolveOwnerModeForUpstreamAuthMode");ue();import{errors as iS,jwtVerify as sS,SignJWT as cS}from"jose";import{base64url as aE}from"jose";var iE=new TextEncoder,sE="MCP gateway could not initialize secure key material.",cE=32,Xy=new Map,eS=new Map,uE;function dE(){return uE??lo.instance.authPrivateKey}o(dE,"readAuthPrivateKey");function tS(e){return new ln(sE,e===void 0?void 0:{cause:e})}o(tS,"createGeneratedKeyMaterialError");function rS(e,t){let r=aE.decode(t);if(r.byteLength!==cE)throw new Error(`Generated deployment auth key ${e} is invalid.`);return r}o(rS,"decodeJwkKeyField");function lE(e){let t=dE();if(!t)throw tS();try{let r=JSON.parse(t);if(r.kty!=="OKP"||r.crv!=="Ed25519"||typeof r.d!="string"||typeof r.x!="string")throw new Error("Generated deployment auth key is not an Ed25519 JWK.");let n=rS("d",r.d);rS("x",r.x);let a=iE.encode(`zuplo-mcp-gateway:${e}:Ed25519:`),i=new Uint8Array(a.byteLength+n.byteLength);return i.set(a),i.set(n,a.byteLength),i}catch(r){throw tS(r)}}o(lE,"decodeGeneratedKeyMaterial");function pE(e){let t=Xy.get(e);return t||(t=lE(e),Xy.set(e,t)),t}o(pE,"getMasterKeyMaterial");async function zt(e){let t=eS.get(e.purpose);if(t!==void 0)return t;let r=await e.derive(pE(e.keyMaterialPurpose));return eS.set(e.purpose,r),r}o(zt,"readCachedDerivedKey");var mE="SHA-256";var fE="zuplo-mcp-gateway:",hE=new TextEncoder,nS=new WeakMap;async function Ir(e,t){let r=nS.get(e);r||(r=new Map,nS.set(e,r));let n=r.get(t);if(n)return n;let a=await gE(e,t);return r.set(t,a),a}o(Ir,"deriveGatewaySigningKey");async function gE(e,t){let r=oS(e),n=await crypto.subtle.importKey("raw",r,{name:"HKDF"},!1,["deriveBits"]),a=hE.encode(`${fE}${t}`),i=await crypto.subtle.deriveBits({name:"HKDF",hash:mE,salt:new Uint8Array,info:oS(a)},n,32*8);return new Uint8Array(i)}o(gE,"hkdfExpand");function oS(e){let t=new ArrayBuffer(e.byteLength);return new Uint8Array(t).set(e),t}o(oS,"copyToArrayBuffer");var ms="HS256",uS=15*60,yE=15*60,fs="zuplo-mcp-gateway",hs="zuplo-mcp-gateway",SE=ty.extend({id:Gn}),_E=SE.extend({exp:u.number().int().positive(),iat:u.number().int().positive().optional()}),dS=Ln.extend({id:sa,purpose:u.literal("browser_connect")}),wE=Ln.extend({purpose:u.literal("browser_connect")}),vE=dS.extend({exp:u.number().int().positive(),iat:u.number().int().positive().optional()}),lS=uS*1e3;async function pS(){return zt({purpose:"oauth-state",keyMaterialPurpose:"oauth-state-signing",derive:o(e=>Ir(e,"oauth-state"),"derive")})}o(pS,"getOAuthStateKey");async function mS(){return zt({purpose:"browser-connect",keyMaterialPurpose:"oauth-state-signing",derive:o(e=>Ir(e,"browser-connect"),"derive")})}o(mS,"getBrowserConnectKey");async function fS(e){let t=Math.floor(Date.now()/1e3)+uS;return new cS(e).setProtectedHeader({alg:ms,typ:"JWT"}).setIssuer(fs).setAudience(hs).setIssuedAt().setExpirationTime(t).sign(await pS())}o(fS,"signOAuthState");async function gs(e){try{let{payload:t}=await sS(e,await pS(),{algorithms:[ms],issuer:fs,audience:hs});return _E.parse(t)}catch(t){throw t instanceof iS.JWTExpired?g("oauth_state_expired","OAuth state has expired",t):g("oauth_state_invalid","OAuth state could not be verified",t)}}o(gs,"verifyOAuthState");async function hS(e){let t=Math.floor(Date.now()/1e3)+yE,r=wE.parse(e),n=dS.parse({...r,id:iy()});return new cS(n).setProtectedHeader({alg:ms,typ:"JWT"}).setIssuer(fs).setAudience(hs).setIssuedAt().setExpirationTime(t).sign(await mS())}o(hS,"signBrowserConnectTicket");async function ys(e){try{let{payload:t}=await sS(e,await mS(),{algorithms:[ms],issuer:fs,audience:hs});return vE.parse(t)}catch(t){throw t instanceof iS.JWTExpired?g("oauth_state_expired","Browser connect ticket has expired",t):g("oauth_state_invalid","Browser connect ticket could not be verified",t)}}o(ys,"verifyBrowserConnectTicket");async function Ss(e){if((await J().consumeBrowserConnectTicket({id:e.id,expiresAt:ne(new Date(e.exp*1e3)),now:ne(new Date)})).kind==="consumed")throw g("oauth_state_reused","Browser connect ticket has already been used")}o(Ss,"consumeBrowserConnectTicket");function bE(e,t,r=!1){return r?`${e} authorization must be renewed before this ${t} can be used.`:`${e} authorization is required before this ${t} can be used.`}o(bE,"buildConnectRequiredMessage");async function gS(e){let t=se(e.requestUrl),r=new URL(e.path,t);return e.redirect&&r.searchParams.set("redirect","true"),r.searchParams.set("virtualServerId",e.virtualServerId),r.searchParams.set("browserTicket",await hS({...ia(e),purpose:"browser_connect"})),r.toString()}o(gS,"buildGatewayBrowserTicketUrl");function RE(e){return`/auth/connections/${encodeURIComponent(e)}/connect`}o(RE,"buildGatewayConnectPath");async function Il(e){return gS({...e,path:RE(e.upstreamServerId),redirect:!0})}o(Il,"buildGatewayConnectUrl");async function yS(e){return gS({...e,path:`/auth/connections/${encodeURIComponent(e.upstreamServerId)}/app-password`})}o(yS,"buildGatewayAppPasswordCaptureUrl");async function Fn(e){let t={requestUrl:e.requestUrl,owner:e.owner,initiatedBySubjectId:e.initiatedBySubjectId,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,virtualServerId:e.virtualServerId,...e.returnTo===void 0?{}:{returnTo:e.returnTo}};return{state:e.requiresReconsent?"reconsent_required":"authenticating",upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,virtualServerId:e.virtualServerId,...e.connectionId?{connectionId:e.connectionId}:{},authUrl:await Il(t),message:bE(e.upstreamDisplayName,e.subject,e.requiresReconsent),nextAction:"redirect"}}o(Fn,"buildRedirectConnectRequiredResponse");function SS(e){return _S({...e,message:e.requiresReconsent?`An administrator must reconnect ${e.upstreamDisplayName} before this tool can be used.`:`An administrator must connect ${e.upstreamDisplayName} before this tool can be used.`})}o(SS,"buildAdminConnectRequiredResponse");function _S(e){return{state:"admin_connect_required",upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,virtualServerId:e.virtualServerId,...e.connectionId?{connectionId:e.connectionId}:{},message:e.message,nextAction:"admin_setup_required"}}o(_S,"buildAdminSetupRequiredResponse");function wS(e){return _S({...e,message:e.requiresReconsent?`An administrator must replace the ${e.upstreamDisplayName} static credential before this tool can be used.`:`An administrator must configure the ${e.upstreamDisplayName} static credential before this tool can be used.`})}o(wS,"buildAdminStaticSecretRequiredResponse");ue();import{base64url as Pr}from"jose";var CE="SHA-256",Kn="AES-GCM",IE=12,xl="zuplo-secret",Al=1,vS="generated:auth_private_key:token-encryption",PE=u.object({version:u.literal(Al),keyId:u.literal(vS),algorithm:u.literal(Kn),iv:u.string().min(1),ciphertext:u.string().min(1)}).strict();function Zn(e){let t=new ArrayBuffer(e.byteLength);return new Uint8Array(t).set(e),t}o(Zn,"copyToArrayBuffer");async function Pl(){return zt({purpose:"token-encryption",keyMaterialPurpose:"token-encryption",derive:o(async e=>{let t=await crypto.subtle.digest(CE,Zn(e));return crypto.subtle.importKey("raw",t,{name:Kn},!1,["encrypt","decrypt"])},"derive")})}o(Pl,"getEncryptionKey");function bS(e){return Zn(new TextEncoder().encode(`${xl}:v${e.version}:${e.keyId}`))}o(bS,"getAssociatedData");function xE(e){return`${xl}:v${e.version}:${Pr.encode(new TextEncoder().encode(JSON.stringify(e)))}`}o(xE,"encodeEnvelope");function AE(e){let t=`${xl}:v${Al}:`;if(!e.startsWith(t))return;let r=e.slice(t.length),n=new TextDecoder().decode(Pr.decode(r));return PE.parse(JSON.parse(n))}o(AE,"decodeEnvelope");async function Xr(e){let t=await Pl(),r=crypto.getRandomValues(new Uint8Array(IE)),n={version:Al,keyId:vS},a=await crypto.subtle.encrypt({name:Kn,iv:r,additionalData:bS(n)},t,new TextEncoder().encode(e));return xE({...n,algorithm:Kn,iv:Pr.encode(r),ciphertext:Pr.encode(new Uint8Array(a))})}o(Xr,"encryptSecret");async function Yt(e){let t=AE(e);if(t){let s=await Pl(),c=await crypto.subtle.decrypt({name:Kn,iv:Zn(Pr.decode(t.iv)),additionalData:bS(t)},s,Zn(Pr.decode(t.ciphertext)));return new TextDecoder().decode(c)}let[r,n]=e.split(".");if(!r||!n)throw g("internal_server_error","Encrypted payload is malformed");let a=await Pl(),i=await crypto.subtle.decrypt({name:Kn,iv:Zn(Pr.decode(r))},a,Zn(Pr.decode(n)));return new TextDecoder().decode(i)}o(Yt,"decryptSecret");function kE(e,t){let r=Cr({upstreamServerId:e,authProfileId:t});if(r.mode!=="shared-secret")throw g("invalid_request",`Upstream server ${e} does not use tenant static credentials.`);return r.secret}o(kE,"requireTenantStaticSecretConfig");function RS(e){return e?.status==="active"&&e.metadata?.staticSecretKind==="bearer_token"&&!!e.metadata.encryptedStaticSecret}o(RS,"hasUsableTenantStaticSecret");async function TE(e){if(!RS(e.connection))throw g("internal_server_error","Stored tenant static credential is incomplete.");return{type:"bearer_token",token:await Yt(e.connection.metadata.encryptedStaticSecret)}}o(TE,"resolveTenantStaticSecretCredential");async function CS(e){let t=rt(e.upstreamServerId);kE(e.upstreamServerId,e.authProfileId);let r="preloadedConnection"in e?e.preloadedConnection:(await J().batchGetUpstreamConnections([{owner:e.owner,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId}]))[0];if(RS(r))return{kind:"authorized",credential:await TE({connection:r})};let n={upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,upstreamDisplayName:t.displayName,virtualServerId:e.virtualServerId,requiresReconsent:!!r};return r!==void 0&&(n.connectionId=r.id),{kind:"connect_required",payload:wS(n)}}o(CS,"resolveTenantStaticSecretCredentialForRequest");ue();async function kl(e){return J().upsertUpstreamConnection({id:ds(),ownerMode:e.owner.mode,subjectId:e.owner.mode==="user"?e.owner.subjectId:void 0,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,status:"active",encryptedAccessToken:void 0,encryptedRefreshToken:void 0,scopes:[],expiresAt:void 0,metadata:e.metadata})}o(kl,"upsertStaticSecretConnection");var EE=u.string().trim().min(1).max(320),UE=u.string().min(1).max(4096),OE=u.string().trim().min(1).max(4096);function Tl(e,t){let r=Cr({upstreamServerId:e,authProfileId:t});if(r.mode!=="user-secret")throw g("invalid_request",`Upstream server ${e} does not use user static credentials.`);return r.secret}o(Tl,"requireUserStaticSecretConfig");function $E(e){let t=new TextEncoder().encode(e),r="";for(let n of t)r+=String.fromCharCode(n);return btoa(r)}o($E,"encodeBase64Utf8");function zE(e){return`Basic ${$E(`${e.username}:${e.appPassword}`)}`}o(zE,"buildBasicAuthHeader");function IS(e){return e?.status==="active"&&!!e.metadata?.encryptedStaticSecret}o(IS,"hasEncryptedUserStaticSecret");async function ME(e){if(!IS(e.connection))throw g("internal_server_error","Stored user static credential is incomplete.");if(e.connection.metadata.staticSecretKind==="bearer_token")return{type:"bearer_token",token:await Yt(e.connection.metadata.encryptedStaticSecret)};if(e.connection.metadata.staticSecretKind==="basic_auth_app_password"&&e.connection.metadata.staticSecretUsername)return{type:"headers",headers:{Authorization:zE({username:e.connection.metadata.staticSecretUsername,appPassword:await Yt(e.connection.metadata.encryptedStaticSecret)})}};throw g("internal_server_error","Stored user static credential kind is unsupported.")}o(ME,"resolveUserStaticSecretCredential");async function PS(e){if(Tl(e.upstreamServerId,e.authProfileId).kind!=="basic_auth_app_password")throw g("invalid_request","This upstream does not use username and app-password credentials.");if(e.owner.mode!=="user")throw g("invalid_request","User static credentials must be stored under a user-owned connection.");let r=EE.parse(e.username),n=UE.parse(e.appPassword);return kl({owner:e.owner,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,metadata:{connectedBySubjectId:e.initiatedBySubjectId,encryptedStaticSecret:await Xr(n),staticSecretKind:"basic_auth_app_password",staticSecretUsername:r}})}o(PS,"saveUserStaticSecretCredential");async function _s(e){let t=Tl(e.upstreamServerId,e.authProfileId);if(t.kind!=="bearer_token")throw g("invalid_request","This upstream does not use bearer token credentials.");if(e.owner.mode!=="user")throw g("invalid_request","User static credentials must be stored under a user-owned connection.");let r=OE.parse(e.token);return kl({owner:e.owner,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,metadata:{connectedBySubjectId:e.initiatedBySubjectId,encryptedStaticSecret:await Xr(r),staticSecretKind:t.kind,staticSecretLabel:t.label}})}o(_s,"saveUserStaticBearerTokenCredential");function El(e,t){return Tl(e,t)}o(El,"readUserStaticSecretCaptureConfig");async function xS(e){let t=rt(e.upstreamServerId);if(e.owner.mode!=="user")throw g("internal_server_error","User static credential flow resolved a non-user owner.");let r="preloadedConnection"in e?e.preloadedConnection:(await J().batchGetUpstreamConnections([{owner:e.owner,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId}]))[0];if(IS(r))return{kind:"authorized",credential:await ME({connection:r})};let n={requestUrl:e.request.url,owner:e.owner,initiatedBySubjectId:e.initiatedBySubjectId,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,upstreamDisplayName:t.displayName,virtualServerId:e.virtualServerId,subject:"tool",requiresReconsent:!!r};return r!==void 0&&(n.connectionId=r.id),{kind:"connect_required",payload:await Fn(n)}}o(xS,"resolveUserStaticSecretCredentialForRequest");function AS(e){if(e.owner.mode!=="user")throw g("invalid_request","User static credential capture requires a user-owned connection.");return yS({requestUrl:e.request.url,owner:e.owner,initiatedBySubjectId:e.initiatedBySubjectId,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,virtualServerId:e.virtualServerId,...e.returnTo===void 0?{}:{returnTo:e.returnTo}})}o(AS,"buildUserStaticSecretConnectUrl");var Ul;Ul=globalThis.crypto;async function qE(e){return(await Ul).getRandomValues(new Uint8Array(e))}o(qE,"getRandomValues");async function NE(e){let t="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~",r=Math.pow(2,8)-Math.pow(2,8)%t.length,n="";for(;n.length<e;){let a=await qE(e-n.length);for(let i of a)i<r&&(n+=t[i%t.length])}return n}o(NE,"random");async function DE(e){return await NE(e)}o(DE,"generateVerifier");async function jE(e){let t=await(await Ul).subtle.digest("SHA-256",new TextEncoder().encode(e));return btoa(String.fromCharCode(...new Uint8Array(t))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}o(jE,"generateChallenge");async function Ol(e){if(e||(e=43),e<43||e>128)throw`Expected a length between 43 and 128. Received ${e}.`;let t=await DE(e),r=await jE(t);return{code_verifier:t,code_challenge:r}}o(Ol,"pkceChallenge");ue();var Me=Hp().superRefine((e,t)=>{if(!URL.canParse(e))return t.addIssue({code:Vp.custom,message:"URL must be parseable",fatal:!0}),Dp}).refine(e=>{let t=new URL(e);return t.protocol!=="javascript:"&&t.protocol!=="data:"&&t.protocol!=="vbscript:"},{message:"URL cannot use javascript:, data:, or vbscript: scheme"}),ws=Ce({resource:f().url(),authorization_servers:C(Me).optional(),jwks_uri:f().url().optional(),scopes_supported:C(f()).optional(),bearer_methods_supported:C(f()).optional(),resource_signing_alg_values_supported:C(f()).optional(),resource_name:f().optional(),resource_documentation:f().optional(),resource_policy_uri:f().url().optional(),resource_tos_uri:f().url().optional(),tls_client_certificate_bound_access_tokens:ae().optional(),authorization_details_types_supported:C(f()).optional(),dpop_signing_alg_values_supported:C(f()).optional(),dpop_bound_access_tokens_required:ae().optional()}),ca=Ce({issuer:f(),authorization_endpoint:Me,token_endpoint:Me,registration_endpoint:Me.optional(),scopes_supported:C(f()).optional(),response_types_supported:C(f()),response_modes_supported:C(f()).optional(),grant_types_supported:C(f()).optional(),token_endpoint_auth_methods_supported:C(f()).optional(),token_endpoint_auth_signing_alg_values_supported:C(f()).optional(),service_documentation:Me.optional(),revocation_endpoint:Me.optional(),revocation_endpoint_auth_methods_supported:C(f()).optional(),revocation_endpoint_auth_signing_alg_values_supported:C(f()).optional(),introspection_endpoint:f().optional(),introspection_endpoint_auth_methods_supported:C(f()).optional(),introspection_endpoint_auth_signing_alg_values_supported:C(f()).optional(),code_challenge_methods_supported:C(f()).optional(),client_id_metadata_document_supported:ae().optional()}),HE=Ce({issuer:f(),authorization_endpoint:Me,token_endpoint:Me,userinfo_endpoint:Me.optional(),jwks_uri:Me,registration_endpoint:Me.optional(),scopes_supported:C(f()).optional(),response_types_supported:C(f()),response_modes_supported:C(f()).optional(),grant_types_supported:C(f()).optional(),acr_values_supported:C(f()).optional(),subject_types_supported:C(f()),id_token_signing_alg_values_supported:C(f()),id_token_encryption_alg_values_supported:C(f()).optional(),id_token_encryption_enc_values_supported:C(f()).optional(),userinfo_signing_alg_values_supported:C(f()).optional(),userinfo_encryption_alg_values_supported:C(f()).optional(),userinfo_encryption_enc_values_supported:C(f()).optional(),request_object_signing_alg_values_supported:C(f()).optional(),request_object_encryption_alg_values_supported:C(f()).optional(),request_object_encryption_enc_values_supported:C(f()).optional(),token_endpoint_auth_methods_supported:C(f()).optional(),token_endpoint_auth_signing_alg_values_supported:C(f()).optional(),display_values_supported:C(f()).optional(),claim_types_supported:C(f()).optional(),claims_supported:C(f()).optional(),service_documentation:f().optional(),claims_locales_supported:C(f()).optional(),ui_locales_supported:C(f()).optional(),claims_parameter_supported:ae().optional(),request_parameter_supported:ae().optional(),request_uri_parameter_supported:ae().optional(),require_request_uri_registration:ae().optional(),op_policy_uri:Me.optional(),op_tos_uri:Me.optional(),client_id_metadata_document_supported:ae().optional()}),vs=I({...HE.shape,...ca.pick({code_challenge_methods_supported:!0}).shape}),ua=I({access_token:f(),id_token:f().optional(),token_type:f(),expires_in:Fp.number().optional(),scope:f().optional(),refresh_token:f().optional()}).strip(),TS=I({error:f(),error_description:f().optional(),error_uri:f().optional()}),kS=Me.optional().or(O("").transform(()=>{})),LE=I({redirect_uris:C(Me),token_endpoint_auth_method:f().optional(),grant_types:C(f()).optional(),response_types:C(f()).optional(),client_name:f().optional(),client_uri:Me.optional(),logo_uri:kS,scope:f().optional(),contacts:C(f()).optional(),tos_uri:kS,policy_uri:f().optional(),jwks_uri:Me.optional(),jwks:Bp().optional(),software_id:f().optional(),software_version:f().optional(),software_statement:f().optional()}).strip(),$l=I({client_id:f(),client_secret:f().optional(),client_id_issued_at:ee().optional(),client_secret_expires_at:ee().optional()}).strip(),da=LE.merge($l),C9=I({error:f(),error_description:f().optional()}).strip(),I9=I({token:f(),token_type_hint:f().optional()}).strip();function ES(e){let t=typeof e=="string"?new URL(e):new URL(e.href);return t.hash="",t}o(ES,"resourceUrlFromServerUrl");function US({requestedResource:e,configuredResource:t}){let r=typeof e=="string"?new URL(e):new URL(e.href),n=typeof t=="string"?new URL(t):new URL(t.href);if(r.origin!==n.origin||r.pathname.length<n.pathname.length)return!1;let a=r.pathname.endsWith("/")?r.pathname:r.pathname+"/",i=n.pathname.endsWith("/")?n.pathname:n.pathname+"/";return a.startsWith(i)}o(US,"checkResourceAllowed");var Re=class extends Error{static{o(this,"OAuthError")}constructor(t,r){super(t),this.errorUri=r,this.name=this.constructor.name}toResponseObject(){let t={error:this.errorCode,error_description:this.message};return this.errorUri&&(t.error_uri=this.errorUri),t}get errorCode(){return this.constructor.errorCode}},la=class extends Re{static{o(this,"InvalidRequestError")}};la.errorCode="invalid_request";var en=class extends Re{static{o(this,"InvalidClientError")}};en.errorCode="invalid_client";var tn=class extends Re{static{o(this,"InvalidGrantError")}};tn.errorCode="invalid_grant";var rn=class extends Re{static{o(this,"UnauthorizedClientError")}};rn.errorCode="unauthorized_client";var pa=class extends Re{static{o(this,"UnsupportedGrantTypeError")}};pa.errorCode="unsupported_grant_type";var ma=class extends Re{static{o(this,"InvalidScopeError")}};ma.errorCode="invalid_scope";var fa=class extends Re{static{o(this,"AccessDeniedError")}};fa.errorCode="access_denied";var Qt=class extends Re{static{o(this,"ServerError")}};Qt.errorCode="server_error";var ha=class extends Re{static{o(this,"TemporarilyUnavailableError")}};ha.errorCode="temporarily_unavailable";var ga=class extends Re{static{o(this,"UnsupportedResponseTypeError")}};ga.errorCode="unsupported_response_type";var ya=class extends Re{static{o(this,"UnsupportedTokenTypeError")}};ya.errorCode="unsupported_token_type";var Sa=class extends Re{static{o(this,"InvalidTokenError")}};Sa.errorCode="invalid_token";var _a=class extends Re{static{o(this,"MethodNotAllowedError")}};_a.errorCode="method_not_allowed";var wa=class extends Re{static{o(this,"TooManyRequestsError")}};wa.errorCode="too_many_requests";var nn=class extends Re{static{o(this,"InvalidClientMetadataError")}};nn.errorCode="invalid_client_metadata";var va=class extends Re{static{o(this,"InsufficientScopeError")}};va.errorCode="insufficient_scope";var ba=class extends Re{static{o(this,"InvalidTargetError")}};ba.errorCode="invalid_target";var OS={[la.errorCode]:la,[en.errorCode]:en,[tn.errorCode]:tn,[rn.errorCode]:rn,[pa.errorCode]:pa,[ma.errorCode]:ma,[fa.errorCode]:fa,[Qt.errorCode]:Qt,[ha.errorCode]:ha,[ga.errorCode]:ga,[ya.errorCode]:ya,[Sa.errorCode]:Sa,[_a.errorCode]:_a,[wa.errorCode]:wa,[nn.errorCode]:nn,[va.errorCode]:va,[ba.errorCode]:ba};var Xt=class extends Error{static{o(this,"UnauthorizedError")}constructor(t){super(t??"Unauthorized")}};function BE(e){return["client_secret_basic","client_secret_post","none"].includes(e)}o(BE,"isClientAuthMethod");var zl="code",Ml="S256";function GE(e,t){let r=e.client_secret!==void 0;return"token_endpoint_auth_method"in e&&e.token_endpoint_auth_method&&BE(e.token_endpoint_auth_method)&&(t.length===0||t.includes(e.token_endpoint_auth_method))?e.token_endpoint_auth_method:t.length===0?r?"client_secret_basic":"none":r&&t.includes("client_secret_basic")?"client_secret_basic":r&&t.includes("client_secret_post")?"client_secret_post":t.includes("none")?"none":r?"client_secret_post":"none"}o(GE,"selectClientAuthMethod");function VE(e,t,r,n){let{client_id:a,client_secret:i}=t;switch(e){case"client_secret_basic":FE(a,i,r);return;case"client_secret_post":ZE(a,i,n);return;case"none":KE(a,n);return;default:throw new Error(`Unsupported client authentication method: ${e}`)}}o(VE,"applyClientAuthentication");function FE(e,t,r){if(!t)throw new Error("client_secret_basic authentication requires a client_secret");let n=btoa(`${e}:${t}`);r.set("Authorization",`Basic ${n}`)}o(FE,"applyBasicAuth");function ZE(e,t,r){r.set("client_id",e),t&&r.set("client_secret",t)}o(ZE,"applyPostAuth");function KE(e,t){t.set("client_id",e)}o(KE,"applyPublicAuth");async function zS(e){let t=e instanceof Response?e.status:void 0,r=e instanceof Response?await e.text():e;try{let n=TS.parse(JSON.parse(r)),{error:a,error_description:i,error_uri:s}=n,c=OS[a]||Qt;return new c(i||"",s)}catch(n){let a=`${t?`HTTP ${t}: `:""}Invalid OAuth error response: ${n}. Raw body: ${r}`;return new Qt(a)}}o(zS,"parseErrorResponse");async function xr(e,t){try{return await ql(e,t)}catch(r){if(r instanceof en||r instanceof rn)return await e.invalidateCredentials?.("all"),await ql(e,t);if(r instanceof tn)return await e.invalidateCredentials?.("tokens"),await ql(e,t);throw r}}o(xr,"auth");async function ql(e,{serverUrl:t,authorizationCode:r,scope:n,resourceMetadataUrl:a,fetchFn:i}){let s=await e.discoveryState?.(),c,d,p,l=a;if(!l&&s?.resourceMetadataUrl&&(l=new URL(s.resourceMetadataUrl)),s?.authorizationServerUrl){if(d=s.authorizationServerUrl,c=s.resourceMetadata,p=s.authorizationServerMetadata??await qS(d,{fetchFn:i}),!c)try{c=await MS(t,{resourceMetadataUrl:l},i)}catch{}(p!==s.authorizationServerMetadata||c!==s.resourceMetadata)&&await e.saveDiscoveryState?.({authorizationServerUrl:String(d),resourceMetadataUrl:l?.toString(),resourceMetadata:c,authorizationServerMetadata:p})}else{let R=await eU(t,{resourceMetadataUrl:l,fetchFn:i});d=R.authorizationServerUrl,p=R.authorizationServerMetadata,c=R.resourceMetadata,await e.saveDiscoveryState?.({authorizationServerUrl:String(d),resourceMetadataUrl:l?.toString(),resourceMetadata:c,authorizationServerMetadata:p})}let m=await WE(t,e,c),h=n||c?.scopes_supported?.join(" ")||e.clientMetadata.scope,y=await Promise.resolve(e.clientInformation());if(!y){if(r!==void 0)throw new Error("Existing OAuth client information is required when exchanging an authorization code");let R=p?.client_id_metadata_document_supported===!0,q=e.clientMetadataUrl;if(q&&!Dl(q))throw new nn(`clientMetadataUrl must be a valid HTTPS URL with a non-root pathname, got: ${q}`);if(R&&q)y={client_id:q},await e.saveClientInformation?.(y);else{if(!e.saveClientInformation)throw new Error("OAuth client information must be saveable for dynamic registration");let qe=await aU(d,{metadata:p,clientMetadata:e.clientMetadata,scope:h,fetchFn:i});await e.saveClientInformation(qe),y=qe}}let _=!e.redirectUrl;if(r!==void 0||_){let R=await oU(e,d,{metadata:p,resource:m,authorizationCode:r,fetchFn:i});return await e.saveTokens(R),"AUTHORIZED"}let S=await e.tokens();if(S?.refresh_token)try{let R=await nU(d,{metadata:p,clientInformation:y,refreshToken:S.refresh_token,resource:m,addClientAuthentication:e.addClientAuthentication,fetchFn:i});return await e.saveTokens(R),"AUTHORIZED"}catch(R){if(!(!(R instanceof Re)||R instanceof Qt))throw R}let w=e.state?await e.state():void 0,{authorizationUrl:v,codeVerifier:b}=await tU(d,{metadata:p,clientInformation:y,state:w,redirectUrl:e.redirectUrl,scope:h,resource:m});return await e.saveCodeVerifier(b),await e.redirectToAuthorization(v),"REDIRECT"}o(ql,"authInternal");function Dl(e){if(!e)return!1;try{let t=new URL(e);return t.protocol==="https:"&&t.pathname!=="/"}catch{return!1}}o(Dl,"isHttpsUrl");async function WE(e,t,r){let n=ES(e);if(t.validateResourceURL)return await t.validateResourceURL(n,r?.resource);if(r){if(!US({requestedResource:n,configuredResource:r.resource}))throw new Error(`Protected resource ${r.resource} does not match expected ${n} (or origin)`);return new URL(r.resource)}}o(WE,"selectResourceURL");function jl(e){let t=e.headers.get("WWW-Authenticate");if(!t)return{};let[r,n]=t.split(" ");if(r.toLowerCase()!=="bearer"||!n)return{};let a=Nl(e,"resource_metadata")||void 0,i;if(a)try{i=new URL(a)}catch{}let s=Nl(e,"scope")||void 0,c=Nl(e,"error")||void 0;return{resourceMetadataUrl:i,scope:s,error:c}}o(jl,"extractWWWAuthenticateParams");function Nl(e,t){let r=e.headers.get("WWW-Authenticate");if(!r)return null;let n=new RegExp(`${t}=(?:"([^"]+)"|([^\\s,]+))`),a=r.match(n);return a?a[1]||a[2]:null}o(Nl,"extractFieldFromWwwAuth");async function MS(e,t,r=fetch){let n=await QE(e,"oauth-protected-resource",r,{protocolVersion:t?.protocolVersion,metadataUrl:t?.resourceMetadataUrl});if(!n||n.status===404)throw await n?.body?.cancel(),new Error("Resource server does not implement OAuth 2.0 Protected Resource Metadata.");if(!n.ok)throw await n.body?.cancel(),new Error(`HTTP ${n.status} trying to load well-known OAuth protected resource metadata.`);return ws.parse(await n.json())}o(MS,"discoverOAuthProtectedResourceMetadata");async function Hl(e,t,r=fetch){try{return await r(e,{headers:t})}catch(n){if(n instanceof TypeError)return t?Hl(e,void 0,r):void 0;throw n}}o(Hl,"fetchWithCorsRetry");function JE(e,t="",r={}){return t.endsWith("/")&&(t=t.slice(0,-1)),r.prependPathname?`${t}/.well-known/${e}`:`/.well-known/${e}${t}`}o(JE,"buildWellKnownPath");async function $S(e,t,r=fetch){return await Hl(e,{"MCP-Protocol-Version":t},r)}o($S,"tryMetadataDiscovery");function YE(e,t){return!e||e.status>=400&&e.status<500&&t!=="/"}o(YE,"shouldAttemptFallback");async function QE(e,t,r,n){let a=new URL(e),i=n?.protocolVersion??ur,s;if(n?.metadataUrl)s=new URL(n.metadataUrl);else{let d=JE(t,a.pathname);s=new URL(d,n?.metadataServerUrl??a),s.search=a.search}let c=await $S(s,i,r);if(!n?.metadataUrl&&YE(c,a.pathname)){let d=new URL(`/.well-known/${t}`,a);c=await $S(d,i,r)}return c}o(QE,"discoverMetadataWithFallback");function XE(e){let t=typeof e=="string"?new URL(e):e,r=t.pathname!=="/",n=[];if(!r)return n.push({url:new URL("/.well-known/oauth-authorization-server",t.origin),type:"oauth"}),n.push({url:new URL("/.well-known/openid-configuration",t.origin),type:"oidc"}),n;let a=t.pathname;return a.endsWith("/")&&(a=a.slice(0,-1)),n.push({url:new URL(`/.well-known/oauth-authorization-server${a}`,t.origin),type:"oauth"}),n.push({url:new URL(`/.well-known/openid-configuration${a}`,t.origin),type:"oidc"}),n.push({url:new URL(`${a}/.well-known/openid-configuration`,t.origin),type:"oidc"}),n}o(XE,"buildDiscoveryUrls");async function qS(e,{fetchFn:t=fetch,protocolVersion:r=ur}={}){let n={"MCP-Protocol-Version":r,Accept:"application/json"},a=XE(e);for(let{url:i,type:s}of a){let c=await Hl(i,n,t);if(c){if(!c.ok){if(await c.body?.cancel(),c.status>=400&&c.status<500)continue;throw new Error(`HTTP ${c.status} trying to load ${s==="oauth"?"OAuth":"OpenID provider"} metadata from ${i}`)}return s==="oauth"?ca.parse(await c.json()):vs.parse(await c.json())}}}o(qS,"discoverAuthorizationServerMetadata");async function eU(e,t){let r,n;try{r=await MS(e,{resourceMetadataUrl:t?.resourceMetadataUrl},t?.fetchFn),r.authorization_servers&&r.authorization_servers.length>0&&(n=r.authorization_servers[0])}catch{}n||(n=String(new URL("/",e)));let a=await qS(n,{fetchFn:t?.fetchFn});return{authorizationServerUrl:n,authorizationServerMetadata:a,resourceMetadata:r}}o(eU,"discoverOAuthServerInfo");async function tU(e,{metadata:t,clientInformation:r,redirectUrl:n,scope:a,state:i,resource:s}){let c;if(t){if(c=new URL(t.authorization_endpoint),!t.response_types_supported.includes(zl))throw new Error(`Incompatible auth server: does not support response type ${zl}`);if(t.code_challenge_methods_supported&&!t.code_challenge_methods_supported.includes(Ml))throw new Error(`Incompatible auth server: does not support code challenge method ${Ml}`)}else c=new URL("/authorize",e);let d=await Ol(),p=d.code_verifier,l=d.code_challenge;return c.searchParams.set("response_type",zl),c.searchParams.set("client_id",r.client_id),c.searchParams.set("code_challenge",l),c.searchParams.set("code_challenge_method",Ml),c.searchParams.set("redirect_uri",String(n)),i&&c.searchParams.set("state",i),a&&c.searchParams.set("scope",a),a?.includes("offline_access")&&c.searchParams.append("prompt","consent"),s&&c.searchParams.set("resource",s.href),{authorizationUrl:c,codeVerifier:p}}o(tU,"startAuthorization");function rU(e,t,r){return new URLSearchParams({grant_type:"authorization_code",code:e,code_verifier:t,redirect_uri:String(r)})}o(rU,"prepareAuthorizationCodeRequest");async function NS(e,{metadata:t,tokenRequestParams:r,clientInformation:n,addClientAuthentication:a,resource:i,fetchFn:s}){let c=t?.token_endpoint?new URL(t.token_endpoint):new URL("/token",e),d=new Headers({"Content-Type":"application/x-www-form-urlencoded",Accept:"application/json"});if(i&&r.set("resource",i.href),a)await a(d,r,c,t);else if(n){let l=t?.token_endpoint_auth_methods_supported??[],m=GE(n,l);VE(m,n,d,r)}let p=await(s??fetch)(c,{method:"POST",headers:d,body:r});if(!p.ok)throw await zS(p);return ua.parse(await p.json())}o(NS,"executeTokenRequest");async function nU(e,{metadata:t,clientInformation:r,refreshToken:n,resource:a,addClientAuthentication:i,fetchFn:s}){let c=new URLSearchParams({grant_type:"refresh_token",refresh_token:n}),d=await NS(e,{metadata:t,tokenRequestParams:c,clientInformation:r,addClientAuthentication:i,resource:a,fetchFn:s});return{refresh_token:n,...d}}o(nU,"refreshAuthorization");async function oU(e,t,{metadata:r,resource:n,authorizationCode:a,fetchFn:i}={}){let s=e.clientMetadata.scope,c;if(e.prepareTokenRequest&&(c=await e.prepareTokenRequest(s)),!c){if(!a)throw new Error("Either provider.prepareTokenRequest() or authorizationCode is required");if(!e.redirectUrl)throw new Error("redirectUrl is required for authorization_code flow");let p=await e.codeVerifier();c=rU(a,p,e.redirectUrl)}let d=await e.clientInformation();return NS(t,{metadata:r,tokenRequestParams:c,clientInformation:d??void 0,addClientAuthentication:e.addClientAuthentication,resource:n,fetchFn:i})}o(oU,"fetchToken");async function aU(e,{metadata:t,clientMetadata:r,scope:n,fetchFn:a}){let i;if(t){if(!t.registration_endpoint)throw new Error("Incompatible auth server: does not support dynamic client registration");i=new URL(t.registration_endpoint)}else i=new URL("/register",e);let s=await(a??fetch)(i,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({...r,...n!==void 0?{scope:n}:{}})});if(!s.ok)throw await zS(s);return da.parse(await s.json())}o(aU,"registerClient");function iU(){let e=tc.__TEST_ONLY_MCP_GATEWAY_ALLOW_HTTP_LOOPBACK_IDP??globalThis.process?.env?.__TEST_ONLY_MCP_GATEWAY_ALLOW_HTTP_LOOPBACK_IDP;return typeof e=="string"&&e==="1"}o(iU,"isTestOnlyAllowHttpLoopbackIdpEnabled");var sU=new Set(["localhost","169.254.169.254","metadata.google.internal","metadata"]),cU=[{first:0},{first:10},{first:127},{first:169,secondMin:254,secondMax:254},{first:172,secondMin:16,secondMax:31},{first:192,secondMin:168,secondMax:168},{first:100,secondMin:64,secondMax:127},{first:224,firstMax:239},{first:240,firstMax:255}];function DS(e){if(!/^\d+\.\d+\.\d+\.\d+$/.test(e))return;let t=e.split(".").map(r=>Number(r));if(!(t.length!==4||t.some(r=>Number.isNaN(r)||r<0||r>255)))return t}o(DS,"parseIpv4Octets");function uU([e,t],r){let n=r.firstMax??r.first;return e<r.first||e>n?!1:r.secondMin===void 0||r.secondMax===void 0?!0:t>=r.secondMin&&t<=r.secondMax}o(uU,"ipv4RangeMatches");function jS(e){let t=DS(e);return t!==void 0&&cU.some(r=>uU(t,r))}o(jS,"isPrivateIpv4");function Ll(e){if(!e||e.length>4)return;let t=Number.parseInt(e,16);return Number.isNaN(t)||t<0||t>65535?void 0:t}o(Ll,"parseIpv6Word");function dU(e,t){return[e>>8&255,e&255,t>>8&255,t&255].join(".")}o(dU,"formatIpv4FromWords");function lU(e){let t=e.slice(7),r=DS(t);if(r!==void 0)return r.join(".");let[n,a,i]=t.split(":"),s=Ll(n),c=Ll(a);return i===void 0&&s!==void 0&&c!==void 0?dU(s,c):void 0}o(lU,"parseIpv6MappedIpv4");function pU(e){return Ll(e.split(":").find(Boolean))}o(pU,"readFirstIpv6Hextet");function mU(e){let t=gt(e);if(!t.includes(":"))return!1;if(t==="::"||t==="::1")return!0;if(t.startsWith("::ffff:")){let n=lU(t);return n===void 0||jS(n)}let r=pU(t);return r===void 0?!1:(r&65024)===64512||(r&65472)===65152}o(mU,"isPrivateIpv6");function Bl(e){let t=gt(e);return sU.has(t)||t.endsWith(".internal")||jS(t)||mU(t)}o(Bl,"isBlockedOutboundHostname");function HS(e){let t=new URL(e);if(t.protocol!=="https:"&&t.protocol!=="http:")throw g("invalid_request",`Unsupported outbound protocol: ${t.protocol}`);let r=Le(t);if(t.protocol==="http:"&&!r)throw g("invalid_request","Configured outbound HTTP URLs must target loopback hosts.");let n=gt(t.hostname);if(!r&&Bl(n))throw g("invalid_request",`Blocked outbound host: ${n}`);return t}o(HS,"validateConfiguredOutboundUrl");function LS(e){let t=new URL(e),r=Le(t),n=r&&iU();if(t.protocol!=="https:"&&!n)throw g("invalid_request","Identity provider URLs must use https.");if(t.username||t.password||t.search||t.hash)throw g("invalid_request","Identity provider URLs must not include credentials, query params, or fragments.");let a=gt(t.hostname);if(!r&&Bl(a))throw g("invalid_request",`Blocked identity provider host: ${a}`);return t}o(LS,"validateIdentityProviderUrl");function bs(e){let t=new URL(e);if(t.protocol!=="https:"||t.pathname==="/"||t.username||t.password||t.search||t.hash)throw g("invalid_request","CIMD client_id must be an HTTPS URL with a path and no credentials, query, or fragment.");if(Bl(t.hostname))throw g("invalid_request","CIMD client_id points at a blocked host.");return t}o(bs,"validateCimdClientMetadataUrl");function BS(e,t){if(!t)return;if(t.aborted){e.abort(t.reason);return}let r=o(()=>e.abort(t.reason),"abort");return t.addEventListener("abort",r,{once:!0}),()=>t.removeEventListener("abort",r)}o(BS,"mergeAbortSignals");async function fU(e){try{await e.cancel()}catch{}}o(fU,"cancelReader");async function Rs(e,t){if(!e)return new Uint8Array;let r=e.getReader(),n=[],a=0,i=await r.read();for(;!i.done;){let d=i.value;if(a+=d.byteLength,a>t.maxBytes)throw await fU(r),t.createLimitError();n.push(d),i=await r.read()}let s=new Uint8Array(a),c=0;for(let d of n)s.set(d,c),c+=d.byteLength;return s}o(Rs,"readBoundedByteStream");var hU=2,gU=1024*1024,yU=1e4,SU=new Set([301,302,303,307,308]),_U=["authorization","proxy-authorization","cookie","cookie2"];function Gl(e){return typeof e=="string"?e:e instanceof URL?e.toString():e.url}o(Gl,"readRequestUrl");function Wn(e,t){return t?.method!==void 0?t.method.toUpperCase():e instanceof Request?e.method.toUpperCase():"GET"}o(Wn,"readRequestMethod");function wU(e,t,r){let n=e.headers.get("content-length");if(!n)return;let a=Number.parseInt(n,10);if(Number.isFinite(a)&&a>t)throw g(r,"Outbound response exceeded the maximum allowed size.")}o(wU,"assertContentLengthWithinLimit");async function vU(e,t,r){return wU(e,t,r),Rs(e.body,{maxBytes:t,createLimitError:o(()=>g(r,"Outbound response exceeded the maximum allowed size."),"createLimitError")})}o(vU,"readBoundedResponseBody");function bU(e,t){let r=new ArrayBuffer(t.byteLength);return new Uint8Array(r).set(t),new Response(r,{status:e.status,statusText:e.statusText,headers:e.headers})}o(bU,"responseFromBufferedBody");function RU(e,t){if(!SU.has(e.status))return;let r=e.headers.get("location");if(r)return new URL(r,t).toString()}o(RU,"resolveRedirectUrl");function GS(e,t){try{return t.validateUrl(e)}catch(r){throw g(t.problemCode,"Outbound URL was not allowed.",r)}}o(GS,"validateOutboundUrl");function CU(e,t){throw he(e)!==void 0?e:g(t,"Outbound fetch failed.",e)}o(CU,"normalizeFetchError");function Ra(e,t){if(e===void 0)return;let r={event:t.event,code:t.problemCode,method:t.method};if(t.host!==void 0&&(r.host=t.host),t.extra!==void 0)for(let[n,a]of Object.entries(t.extra))a!==void 0&&(r[n]=a);t.error!==void 0&&Oe(r,"error",t.error),e.log.warn(r,"Outbound HTTP exchange rejected")}o(Ra,"logOutboundFailure");async function IU(e,t,r,n,a,i,s){let c=Wn(r,n);try{return await t(r,n)}catch(d){let p=d instanceof DOMException&&d.name==="AbortError";Ra(e,{event:p?"outbound_fetch_aborted":"outbound_fetch_failed",problemCode:a,method:c,host:mt(i),error:d,extra:{abortReason:s()}}),CU(d,a)}}o(IU,"fetchWithNormalizedError");function PU(e){if(e.redirects>=e.maxRedirects)throw g(e.problemCode,"Outbound redirects exceeded the maximum allowed depth.");if(e.method!=="GET"&&e.method!=="HEAD")throw g(e.problemCode,"Outbound redirect after a non-idempotent request was blocked.")}o(PU,"assertRedirectAllowed");function xU(e,t){let r=new Headers(e);for(let n of _U)r.delete(n);for(let n of t)r.delete(n);return r}o(xU,"stripCrossOriginHeaders");function AU(e,t,r,n,a){let i={...e,method:t,redirect:"manual",signal:r};return n&&(i.headers=xU(e.headers,a)),i}o(AU,"buildRedirectInit");function kU(e,t,r){let n={...t,redirect:"manual",signal:r};return n.headers===void 0&&e instanceof Request&&(n.headers=e.headers),n}o(kU,"buildInitialRequestInit");function TU(e){let t=Wn(e.currentInput,e.currentInit);PU({redirects:e.redirects,maxRedirects:e.maxRedirects,method:t,problemCode:e.problemCode});let r=GS(e.redirectUrl,{problemCode:e.problemCode,validateUrl:e.validateUrl}),n=new URL(e.currentUrl),a=r.origin!==n.origin,i=r.toString();return{currentInput:i,currentUrl:i,currentInit:AU(e.currentInit,t,e.signal,a,e.additionalCrossOriginStrippedHeaders),redirects:e.redirects+1}}o(TU,"followRedirect");async function Vl(e,t,r){let n=r.problemCode??"invalid_request",a=r.maxRedirects??hU,i=r.maxResponseBytes??gU,s=r.timeoutMs??yU,c=r.fetchImpl??fetch,d=r.additionalCrossOriginStrippedHeaders??[],p=r.context,l=new AbortController,m=BS(l,t.signal),h=!1,y=setTimeout(()=>{h=!0,l.abort()},s),_=e,S=kU(e,t,l.signal),w;try{w=GS(Gl(e),{problemCode:n,validateUrl:r.validateUrl}).toString()}catch(b){throw Ra(p,{event:"outbound_url_blocked",problemCode:n,method:Wn(e,t),host:mt(Gl(e)),error:b}),clearTimeout(y),m?.(),b}let v=0;try{for(;;){let b=await IU(p,c,_,S,n,w,()=>h?`timeout_after_${s}ms`:void 0),R=RU(b,w);if(R!==void 0)try{let q=TU({currentInput:_,currentInit:S,currentUrl:w,redirectUrl:R,redirects:v,maxRedirects:a,problemCode:n,validateUrl:r.validateUrl,signal:l.signal,additionalCrossOriginStrippedHeaders:d});_=q.currentInput,S=q.currentInit,w=q.currentUrl,v=q.redirects;continue}catch(q){throw Ra(p,{event:"outbound_redirect_blocked",problemCode:n,method:Wn(_,S),host:mt(w),error:q,extra:{redirects:v,maxRedirects:a,redirectTargetHost:mt(R)}}),q}try{return bU(b,await vU(b,i,n))}catch(q){throw Ra(p,{event:"outbound_response_size_exceeded",problemCode:n,method:Wn(_,S),host:mt(w),error:q,extra:{maxResponseBytes:i,status:b.status}}),q}}}finally{clearTimeout(y),m?.()}}o(Vl,"runSafeOutboundExchange");async function Fl(e,t,r){let n=await Vl(e,t,r);try{return{response:n,json:await n.clone().json()}}catch(a){throw Ra(r.context,{event:"outbound_json_parse_failed",problemCode:r.problemCode??"invalid_request",method:Wn(e,t),host:mt(Gl(e)),error:a,extra:{status:n.status,contentType:n.headers.get("content-type")??void 0}}),g(r.problemCode??"invalid_request","Outbound JSON response could not be parsed.",a)}}o(Fl,"runSafeOutboundJsonExchange");function Cs(e,t={},r={}){return Vl(e,t,{...r,validateUrl:HS})}o(Cs,"fetchConfiguredOutbound");function VS(e,t={},r={}){return Fl(e,t,{...r,validateUrl:LS})}o(VS,"fetchIdentityProviderJson");function FS(e,t={},r={}){return Fl(e,t,{...r,validateUrl:bs})}o(FS,"fetchCimdClientMetadataJson");ue();function Zl(e){return`Zuplo MCP Gateway - ${e}`}o(Zl,"buildGatewayOAuthClientName");function ZS(e,t){let r=new URL(e,se(t));return Le(r)&&gt(r.hostname)!=="localhost"&&(r.hostname="localhost"),r.toString()}o(ZS,"buildGatewayOAuthRedirectUri");function Kl(e){let t=new URL(`/.well-known/oauth-client/${encodeURIComponent(e.upstreamServerId)}`,e.origin);return t.searchParams.set("authProfileId",e.authProfileId),t.toString()}o(Kl,"buildOAuthClientMetadataDocumentUrl");function KS(e){return se(e)}o(KS,"requireOAuthClientMetadataOrigin");function WS(e,t,r){let n=rt(t),a=Qr(t,r);return{client_id:Kl({origin:e,upstreamServerId:t,authProfileId:r}),client_name:Zl(n.displayName),client_uri:new URL("/",e).toString(),redirect_uris:[new URL(a.redirectPath,e).toString()],grant_types:["authorization_code","refresh_token"],response_types:["code"],application_type:"web",token_endpoint_auth_method:"none"}}o(WS,"buildOAuthClientMetadataDocument");var EU=u.union([da,$l]),UU=u.object({authorizationServerUrl:u.url(),resourceMetadataUrl:u.url().optional(),resourceMetadata:ws.optional(),authorizationServerMetadata:u.union([ca,vs]).optional()}).passthrough(),OU="Bearer";function $U(e){return e?e.split(/[,\s]+/).filter(Boolean):[]}o($U,"splitScopes");function zU(e){return rs.parse(e)}o(zU,"parsePkceCodeVerifier");function MU(e){if(typeof e.expires_in=="number")return ne(new Date(Date.now()+e.expires_in*1e3))}o(MU,"readTokenExpiry");async function JS(e){if(e!==void 0)return Xr(JSON.stringify(e))}o(JS,"encryptJson");async function YS(e,t){if(!e)return;let r=await Yt(e);try{return t.parse(JSON.parse(r))}catch(n){throw g("oauth_state_invalid","Stored upstream OAuth JSON state is invalid.",n)}}o(YS,"decryptJson");function qU(e){if(e===void 0)return;let t={authorizationServerUrl:e.authorizationServerUrl};return e.resourceMetadataUrl!==void 0&&(t.resourceMetadataUrl=e.resourceMetadataUrl),e.resourceMetadata!==void 0&&(t.resourceMetadata=e.resourceMetadata),e.authorizationServerMetadata!==void 0&&(t.authorizationServerMetadata=e.authorizationServerMetadata),t}o(qU,"toOAuthDiscoveryState");function NU(e,t){return"redirect_uris"in e?e.redirect_uris.includes(t):!0}o(NU,"clientInformationAllowsRedirectUri");function DU(e,t,r){let n=rt(e),a=Qr(e,t),i;return a.scopes.length>0&&(i=a.scopes.join(a.scopeDelimiter)),{client_name:Zl(n.displayName),client_uri:new URL("/",new URL(r).origin).toString(),redirect_uris:[r],grant_types:["authorization_code","refresh_token"],response_types:["code"],application_type:"web",scope:i,token_endpoint_auth_method:"none"}}o(DU,"buildOAuthClientMetadata");function jU(e){let t;if(e.registration.tokenEndpointAuthMethod!=="none"&&(t=e.registration.clientSecret,!t))throw g("internal_server_error",`Manual OAuth registration for ${e.upstreamServerId} requires clientSecret.`);return da.parse({...e.clientMetadata,client_id:e.registration.clientId,token_endpoint_auth_method:e.registration.tokenEndpointAuthMethod,...t===void 0?{}:{client_secret:t}})}o(jU,"buildManualOAuthClientInformation");function HU(e,t,r){let n=Kl({origin:new URL(r).origin,upstreamServerId:e,authProfileId:t});return Dl(n)?n:void 0}o(HU,"buildClientMetadataUrl");function QS(e){for(let t of e)if(t!==void 0)return t}o(QS,"firstDefined");function LU(e){let t=Qr(e.target.upstreamServerId,e.target.authProfileId),r=DU(e.target.upstreamServerId,e.target.authProfileId,e.redirectUri);if(t.clientRegistration.mode==="manual")return{clientMetadata:r,configuredClientInformation:jU({clientMetadata:r,registration:t.clientRegistration,upstreamServerId:e.target.upstreamServerId})};let n=HU(e.target.upstreamServerId,e.target.authProfileId,e.redirectUri);return n===void 0?{clientMetadata:r}:{clientMetadata:r,clientMetadataUrl:n}}o(LU,"buildInitialOAuthClientSetup");function BU(e,t){if(t===void 0)return QS([e.pendingState?.encryptedClientInformation,e.connectionMetadata?.encryptedClientInformation,e.connection?.metadata?.encryptedClientInformation])}o(BU,"readEncryptedClientInformation");function GU(e){return QS([e.pendingState?.encryptedDiscoveryState,e.connectionMetadata?.encryptedDiscoveryState,e.connection?.metadata?.encryptedDiscoveryState])}o(GU,"readEncryptedDiscoveryState");var on=class{static{o(this,"UpstreamOAuthProvider")}clientMetadataUrl;target;redirectUriValue;returnOrigin;clientMetadataValue;configuredClientInformation;authorizationUrlValue;connection;pendingState;encryptedClientInformation;encryptedDiscoveryState;cachedClientInformation;clientInformationLoaded=!1;cachedDiscoveryState;discoveryStateLoaded=!1;cachedTokens;tokensLoaded=!1;constructor(t){let r=LU({target:t.target,redirectUri:t.redirectUri});this.target=t.target,this.redirectUriValue=t.redirectUri,this.returnOrigin=t.returnOrigin,this.clientMetadataValue=r.clientMetadata,this.configuredClientInformation=r.configuredClientInformation,r.clientMetadataUrl!==void 0&&(this.clientMetadataUrl=r.clientMetadataUrl),this.connection=t.connection,this.pendingState=t.pendingState?{...t.pendingState}:void 0,this.encryptedClientInformation=BU(t,this.configuredClientInformation),this.encryptedDiscoveryState=GU(t)}get authorizationUrl(){return this.authorizationUrlValue}get redirectUrl(){return this.redirectUriValue}get clientMetadata(){return this.clientMetadataValue}async state(){let t=await this.createPendingState();return fS({id:t.id,...ia({owner:this.target.owner,initiatedBySubjectId:t.initiatedBySubjectId,upstreamServerId:t.upstreamServerId,authProfileId:t.authProfileId,virtualServerId:t.virtualServerId})})}async clientInformation(){return this.configuredClientInformation?this.configuredClientInformation:this.loadPersistedClientInformation()}async saveClientInformation(t){this.configuredClientInformation||(this.cachedClientInformation=t,this.clientInformationLoaded=!0,this.encryptedClientInformation=await JS(t),await this.syncPendingState(!1))}async discoveryState(){return this.loadPersistedDiscoveryState()}async saveDiscoveryState(t){this.cachedDiscoveryState=t,this.discoveryStateLoaded=!0,this.encryptedDiscoveryState=await JS(t),await this.syncPendingState(!1)}async tokens(){return this.loadStoredTokens()}async saveTokens(t){let r=ua.parse(t),n=this.target.owner.mode==="user"?this.target.owner.subjectId:void 0;this.cachedTokens=r,this.tokensLoaded=!0;let a={id:this.connection?.id??ds(),ownerMode:this.target.owner.mode,subjectId:n,upstreamServerId:this.target.upstreamServerId,authProfileId:this.target.authProfileId,status:"active",encryptedAccessToken:await Xr(r.access_token),encryptedRefreshToken:r.refresh_token?await Xr(r.refresh_token):void 0,scopes:$U(r.scope??this.clientMetadataValue.scope),expiresAt:MU(r),metadata:this.readStoredOAuthPersistence(this.target.owner.mode==="shared"?this.target.initiatedBySubjectId:void 0)};this.connection=await J().upsertUpstreamConnection(a)}async redirectToAuthorization(t){this.authorizationUrlValue=t.toString()}async saveCodeVerifier(t){let r=await this.createPendingState();await this.persistPendingState({...r,codeVerifier:zU(t)})}async codeVerifier(){if(!this.pendingState?.codeVerifier)throw g("oauth_state_invalid","OAuth code verifier is missing");return this.pendingState.codeVerifier}async invalidateCredentials(t){let r=t==="all"||t==="client"||t==="tokens",n=t==="all"||t==="client",a=t==="all"||t==="discovery",i=t==="all"||t==="verifier";n&&(this.cachedClientInformation=void 0,this.clientInformationLoaded=!0,this.encryptedClientInformation=void 0),a&&(this.cachedDiscoveryState=void 0,this.discoveryStateLoaded=!0,this.encryptedDiscoveryState=void 0),r&&(this.cachedTokens=void 0,this.tokensLoaded=!0),await this.syncPendingState(i),await this.persistCredentialInvalidation(r)}async createPendingState(){if(this.pendingState)return this.pendingState;let t={id:ay(),...ia({owner:this.target.owner,initiatedBySubjectId:this.target.initiatedBySubjectId,upstreamServerId:this.target.upstreamServerId,authProfileId:this.target.authProfileId,virtualServerId:this.target.virtualServerId,...this.target.returnTo===void 0?{}:{returnTo:this.target.returnTo}}),callbackPath:new URL(this.redirectUriValue).pathname,expiresAt:ne(new Date(Date.now()+lS)),redirectUri:this.redirectUriValue,...this.returnOrigin===void 0?{}:{returnOrigin:this.returnOrigin},encryptedClientInformation:this.encryptedClientInformation,encryptedDiscoveryState:this.encryptedDiscoveryState,connectedBySubjectId:this.target.owner.mode==="shared"?this.target.initiatedBySubjectId:void 0};return await this.persistPendingState(t),t}async persistPendingState(t){await J().saveUpstreamOAuthState({record:t}),this.pendingState=t}async syncPendingState(t){this.pendingState&&await this.persistPendingState({...this.pendingState,codeVerifier:t?void 0:this.pendingState.codeVerifier,encryptedClientInformation:this.encryptedClientInformation,encryptedDiscoveryState:this.encryptedDiscoveryState})}async loadPersistedClientInformation(){if(this.clientInformationLoaded)return this.cachedClientInformation;let t;try{t=await YS(this.encryptedClientInformation,EU)}catch{this.encryptedClientInformation=void 0,this.cachedClientInformation=void 0,this.clientInformationLoaded=!0,await this.syncPendingState(!1),await this.persistCredentialInvalidation(!1);return}if(t&&!NU(t,this.redirectUriValue)){this.encryptedClientInformation=void 0,this.cachedClientInformation=void 0,this.clientInformationLoaded=!0,await this.syncPendingState(!1);return}return this.cachedClientInformation=t,this.clientInformationLoaded=!0,this.cachedClientInformation}async loadPersistedDiscoveryState(){if(this.discoveryStateLoaded)return this.cachedDiscoveryState;try{this.cachedDiscoveryState=qU(await YS(this.encryptedDiscoveryState,UU))}catch{this.encryptedDiscoveryState=void 0,this.cachedDiscoveryState=void 0,await this.syncPendingState(!1),await this.persistCredentialInvalidation(!1)}return this.discoveryStateLoaded=!0,this.cachedDiscoveryState}async loadStoredTokens(){if(this.tokensLoaded)return this.cachedTokens;if(this.tokensLoaded=!0,!this.connection?.encryptedAccessToken||this.connection.status!=="active")return;let t=ua.parse({access_token:await Yt(this.connection.encryptedAccessToken),token_type:OU,refresh_token:this.connection.encryptedRefreshToken?await Yt(this.connection.encryptedRefreshToken):void 0,scope:this.connection.scopes.length>0?this.connection.scopes.join(" "):void 0});return this.cachedTokens=t,t}async persistCredentialInvalidation(t){if(!this.connection)return;let r={id:this.connection.id,ownerMode:this.connection.ownerMode,subjectId:this.connection.subjectId,upstreamServerId:this.connection.upstreamServerId,authProfileId:this.connection.authProfileId,status:this.connection.status,encryptedAccessToken:this.connection.encryptedAccessToken,encryptedRefreshToken:this.connection.encryptedRefreshToken,scopes:[...this.connection.scopes],expiresAt:this.connection.expiresAt,metadata:this.connection.metadata?{...this.connection.metadata}:void 0};t&&(r.status="reconsent_required",r.encryptedAccessToken=void 0,r.encryptedRefreshToken=void 0,r.scopes=[],r.expiresAt=void 0),r.metadata=this.readStoredOAuthPersistence(this.connection.metadata?.connectedBySubjectId),this.connection=await J().upsertUpstreamConnection(r)}readStoredOAuthPersistence(t){if(!(!this.encryptedClientInformation&&!this.encryptedDiscoveryState&&!t))return{encryptedClientInformation:this.encryptedClientInformation,encryptedDiscoveryState:this.encryptedDiscoveryState,connectedBySubjectId:t}}};var VU=1e4,FU=256*1024,ZU=2;function KU(e){return!e||e.status!=="active"||!e.encryptedAccessToken?!1:e.expiresAt?new Date(e.expiresAt).getTime()>Date.now():!0}o(KU,"hasUsableAccessToken");var WU="does not support dynamic client registration";function JU(e){return e instanceof Error&&e.message.includes(WU)}o(JU,"isDynamicClientRegistrationUnsupported");function YU(e){return typeof e=="string"||e instanceof URL?{url:new URL(e.toString())}:{method:e.method,url:new URL(e.url)}}o(YU,"readOAuthFetchRequest");function QU(e,t){return(e.headers.get("content-type")??"").includes("json")||t.trimStart().startsWith("{")||t.trimStart().startsWith("[")}o(QU,"responseLooksJson");function XS(e){return async(t,r)=>{let n=YU(t),a=await Cs(t,r,{maxRedirects:ZU,maxResponseBytes:FU,problemCode:"upstream_token_exchange_failed",timeoutMs:VU}),i=await a.clone().text();if(!QU(a,i))return a;try{JSON.parse(i)}catch(s){throw g("upstream_token_exchange_failed",`Upstream OAuth fetch ${n.url.origin}${n.url.pathname} for ${e} returned invalid JSON.`,s)}return a}}o(XS,"createUpstreamOAuthFetch");async function e_(e,t){try{return await xr(e,{serverUrl:t.serverUrl,resourceMetadataUrl:new URL(t.resourceMetadataUrl),fetchFn:XS(t.upstreamServerId)})}catch(r){throw JU(r)?g("upstream_client_registration_required",`The authorization server for ${t.upstreamServerId} does not advertise Client ID Metadata Document support and does not support Dynamic Client Registration. Register a client for the gateway manually before retrying.`,r):r}}o(e_,"runUpstreamOAuth");async function XU(e,t){return xr(e,{serverUrl:t.serverUrl,authorizationCode:t.authorizationCode,resourceMetadataUrl:new URL(t.resourceMetadataUrl),fetchFn:XS(t.upstreamServerId)})}o(XU,"exchangeUpstreamAuthorizationCode");async function t_(e,t){let r=await e_(e,t);if(r==="REDIRECT"&&e.authorizationUrl)return e.authorizationUrl;throw r==="AUTHORIZED"?g("upstream_token_exchange_failed",`OAuth connect flow reused existing credentials instead of producing a redirect for ${t.upstreamServerId}`):g("upstream_token_exchange_failed",`Unexpected OAuth result for ${t.upstreamServerId}: ${r}`)}o(t_,"requireUpstreamAuthorizationRedirect");async function r_(e){if(KU(e.connection))return{kind:"authorized",credential:{type:"mcp_oauth_provider",provider:e.provider}};let t=await e_(e.provider,{upstreamServerId:e.target.upstreamServerId,serverUrl:e.serverUrl,resourceMetadataUrl:e.resourceMetadataUrl});if(t==="AUTHORIZED")return{kind:"authorized",credential:{type:"mcp_oauth_provider",provider:e.provider}};if(t!=="REDIRECT")throw g("upstream_token_exchange_failed",`Unexpected OAuth result for ${e.target.upstreamServerId}: ${t}`);if(!e.provider.authorizationUrl)throw g("upstream_token_exchange_failed",`OAuth connect-required flow did not produce a redirect for ${e.target.upstreamServerId}`);return{kind:"connect_required",payload:await oO({requestUrl:e.target.request.url,connection:e.connection,owner:e.target.owner,initiatedBySubjectId:e.target.initiatedBySubjectId,upstreamServerId:e.target.upstreamServerId,authProfileId:e.target.authProfileId,upstreamDisplayName:e.upstreamDisplayName,virtualServerId:e.target.virtualServerId,...e.target.returnTo===void 0?{}:{returnTo:e.target.returnTo}})}}o(r_,"authorizeUpstreamOAuthSession");async function eO(e){let t=await gs(e.stateToken),r=await J().consumeUpstreamOAuthState({id:t.id,now:ne(new Date)}),n=tO(r);return rO({storedState:n,signedState:t,upstreamServerId:e.upstreamServerId,callbackPath:new URL(e.request.url).pathname}),nO(n),n}o(eO,"consumeStoredCallbackState");function tO(e){switch(e.kind){case"consumed":throw g("oauth_state_reused","OAuth state has already been used");case"missing":throw g("oauth_state_expired","OAuth state is missing or expired");case"available":return e.record}}o(tO,"readConsumedCallbackState");function rO(e){if(![e.storedState.ownerMode===e.signedState.ownerMode,e.storedState.initiatedBySubjectId===e.signedState.initiatedBySubjectId,e.storedState.ownerSubjectId===e.signedState.ownerSubjectId,e.storedState.upstreamServerId===e.signedState.upstreamServerId,e.storedState.authProfileId===e.signedState.authProfileId,e.storedState.virtualServerId===e.signedState.virtualServerId,e.storedState.upstreamServerId===e.upstreamServerId,e.storedState.callbackPath===e.callbackPath].every(Boolean))throw g("oauth_callback_mismatch","OAuth callback did not match the initiating request")}o(rO,"assertStoredCallbackStateMatches");function nO(e){if(new Date(e.expiresAt).getTime()<=Date.now())throw g("oauth_state_expired","OAuth state has expired")}o(nO,"assertStoredCallbackStateFresh");async function oO(e){if(e.owner.mode==="shared"){let r={upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,upstreamDisplayName:e.upstreamDisplayName,virtualServerId:e.virtualServerId,requiresReconsent:!!e.connection};return e.connection!==void 0&&(r.connectionId=e.connection.id),SS(r)}let t={requestUrl:e.requestUrl,owner:e.owner,initiatedBySubjectId:e.initiatedBySubjectId,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,upstreamDisplayName:e.upstreamDisplayName,virtualServerId:e.virtualServerId,subject:"tool",requiresReconsent:!!e.connection,...e.returnTo===void 0?{}:{returnTo:e.returnTo}};return e.connection!==void 0&&(t.connectionId=e.connection.id),Fn(t)}o(oO,"buildOAuthConnectRequiredResponse");async function n_(e){let t=await eO({request:e.request,upstreamServerId:e.upstreamServerId,stateToken:e.stateToken}),r=Bn(t),[n]=await J().batchGetUpstreamConnections([{owner:r,upstreamServerId:t.upstreamServerId,authProfileId:t.authProfileId}]),a={target:{owner:r,initiatedBySubjectId:t.initiatedBySubjectId,upstreamServerId:t.upstreamServerId,authProfileId:t.authProfileId,virtualServerId:t.virtualServerId,...t.returnTo===void 0?{}:{returnTo:t.returnTo}},redirectUri:t.redirectUri,pendingState:t};n!==void 0&&(a.connection=n);let i=new on(a),s=await XU(i,{upstreamServerId:e.upstreamServerId,serverUrl:e.upstreamServerConfig.transport.baseUrl,authorizationCode:e.authorizationCode,resourceMetadataUrl:e.upstreamServerConfig.transport.resourceMetadataUrl});if(s==="AUTHORIZED")return t;throw s!=="REDIRECT"?g("upstream_token_exchange_failed",`Unexpected OAuth result for ${e.upstreamServerId}: ${s}`):g("upstream_token_exchange_failed",`OAuth callback flow did not finish authorization for ${e.upstreamServerId}`)}o(n_,"finishUpstreamOAuthCallback");async function o_(e){let t=rt(e.upstreamServerId),r=Qr(e.upstreamServerId,e.authProfileId),n=ZS(r.redirectPath,e.request.url),a="preloadedConnection"in e?e.preloadedConnection:(await J().batchGetUpstreamConnections([{owner:e.owner,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId}]))[0];return{upstreamServerConfig:t,connection:a,providerInput:{target:{owner:e.owner,initiatedBySubjectId:e.initiatedBySubjectId,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId,virtualServerId:e.virtualServerId,...e.returnTo===void 0?{}:{returnTo:e.returnTo}},redirectUri:n,returnOrigin:se(e.request.url)}}}o(o_,"prepareUpstreamOAuthRequest");async function a_(e){let t=await o_(e),r=new on({...t.providerInput,...t.connection?.metadata===void 0?{}:{connectionMetadata:t.connection.metadata}});return t_(r,{upstreamServerId:e.upstreamServerId,serverUrl:t.upstreamServerConfig.transport.baseUrl,resourceMetadataUrl:t.upstreamServerConfig.transport.resourceMetadataUrl})}o(a_,"startUpstreamConnect");async function i_(e){let t=await o_(e),r=new on({...t.providerInput,...t.connection===void 0?{}:{connection:t.connection}});return r_({target:e,provider:r,connection:t.connection,upstreamDisplayName:t.upstreamServerConfig.displayName,serverUrl:t.upstreamServerConfig.transport.baseUrl,resourceMetadataUrl:t.upstreamServerConfig.transport.resourceMetadataUrl})}o(i_,"authorizeUpstreamRequest");function aO(e,t){switch(e.kind){case"bearer_token":{if(!e.token)throw g("internal_server_error",`Static bearer token is not configured for upstream ${t}.`);return{type:"bearer_token",token:e.token}}case"headers":{let r={};for(let n of e.headers){if(!n.value)throw g("internal_server_error",`Static header ${n.name} is not configured for upstream ${t}.`);r[n.name]=n.value}return{type:"headers",headers:r}}}}o(aO,"resolveStaticSecretCredential");async function s_(e){let{routeAuth:t}=e;switch(t.authMode){case"shared-oauth":case"user_oauth":return i_({request:e.request,owner:t.owner,initiatedBySubjectId:t.initiatedBySubjectId,upstreamServerId:t.upstreamServerId,authProfileId:t.authProfileId,virtualServerId:t.virtualServerId,..."preloadedConnection"in e?{preloadedConnection:e.preloadedConnection}:{}});case"shared-secret":return CS({owner:t.owner,initiatedBySubjectId:t.initiatedBySubjectId,authProfileId:t.authProfileId,upstreamServerId:t.upstreamServerId,virtualServerId:t.virtualServerId,..."preloadedConnection"in e?{preloadedConnection:e.preloadedConnection}:{}});case"static_secret":{let n=Cr({upstreamServerId:t.upstreamServerId,authProfileId:t.authProfileId});if(n.mode!=="static_secret")throw g("internal_server_error",`Resolved static-secret credential context loaded ${n.mode} config.`);return{kind:"authorized",credential:aO(n.secret,t.upstreamServerId)}}case"user-secret":return xS({request:e.request,owner:t.owner,initiatedBySubjectId:t.initiatedBySubjectId,authProfileId:t.authProfileId,upstreamServerId:t.upstreamServerId,virtualServerId:t.virtualServerId,..."preloadedConnection"in e?{preloadedConnection:e.preloadedConnection}:{}})}throw g("internal_server_error",`Unsupported upstream auth route context ${JSON.stringify(t)}.`)}o(s_,"resolveUpstreamCredentialForRoute");async function c_(e){let t=Rr(e.principal.subjectId),r=ht().byVirtualServerId.get(e.virtualServerId);if(r)for(let n of r.connections)n.authConfig.mode!=="user-secret"||n.authConfig.secret.kind!=="bearer_token"||n.authConfig.secret.capture!=="browser_login"||await _s({owner:t,initiatedBySubjectId:e.principal.subjectId,upstreamServerId:n.upstreamServerId,authProfileId:n.authProfileId,token:e.apiKey})}o(c_,"saveBrowserLoginApiKeyCredentialsForVirtualServer");async function u_(e){let t,r={request:e.request,owner:e.connectRequest.owner,initiatedBySubjectId:e.connectRequest.initiatedBySubjectId,upstreamServerId:e.connectRequest.upstreamServerId,authProfileId:e.connectRequest.authProfileId,virtualServerId:e.connectRequest.virtualServerId,...e.connectRequest.returnTo===void 0?{}:{returnTo:e.connectRequest.returnTo}},n=$t(e.connectRequest.authMode);switch(n.connectSupport){case"oauth_authorization":t=await a_(r);break;case"user_secret_capture":t=await AS(r);break;case"none":throw g("invalid_request",n.connectUnsupportedDetail??`Upstream server ${e.connectRequest.upstreamServerId} does not support browser connection flows.`)}return{authProfileId:e.connectRequest.authProfileId,authUrl:t,initiatedBySubjectId:e.connectRequest.initiatedBySubjectId,owner:e.connectRequest.owner,upstreamDisplayName:e.connectRequest.upstreamDisplayName,virtualServerId:e.connectRequest.virtualServerId}}o(u_,"startUpstreamConnectForRequest");async function d_(e){let r=(await gs(e.callbackRequest.state)).authProfileId,n=Cr({upstreamServerId:e.callbackRequest.upstreamServerId,authProfileId:r});if($t(n.mode).callbackSupport!=="authorization_code")throw g("invalid_request",`Upstream server ${e.callbackRequest.upstreamServerId} does not support OAuth callbacks.`);return n_({request:e.request,upstreamServerId:e.callbackRequest.upstreamServerId,authorizationCode:e.callbackRequest.code,stateToken:e.callbackRequest.state,upstreamServerConfig:rt(e.callbackRequest.upstreamServerId)})}o(d_,"finishUpstreamCallbackForRequest");var Is=class{static{o(this,"ExperimentalClientTasks")}constructor(t){this._client=t}async*callToolStream(t,r=pr,n){let a=this._client,i={...n,task:n?.task??(a.isToolTask(t.name)?{}:void 0)},s=a.requestStream({method:"tools/call",params:t},r,i),c=a.getToolOutputValidator(t.name);for await(let d of s){if(d.type==="result"&&c){let p=d.result;if(!p.structuredContent&&!p.isError){yield{type:"error",error:new A(U.InvalidRequest,`Tool ${t.name} has an output schema but did not return structured content`)};return}if(p.structuredContent)try{let l=c(p.structuredContent);if(!l.valid){yield{type:"error",error:new A(U.InvalidParams,`Structured content does not match the tool's output schema: ${l.errorMessage}`)};return}}catch(l){if(l instanceof A){yield{type:"error",error:l};return}yield{type:"error",error:new A(U.InvalidParams,`Failed to validate structured content: ${l instanceof Error?l.message:String(l)}`)};return}}yield d}}async getTask(t,r){return this._client.getTask({taskId:t},r)}async getTaskResult(t,r,n){return this._client.getTaskResult({taskId:t},r,n)}async listTasks(t,r){return this._client.listTasks(t?{cursor:t}:void 0,r)}async cancelTask(t,r){return this._client.cancelTask({taskId:t},r)}requestStream(t,r,n){return this._client.requestStream(t,r,n)}};function Ps(e,t){if(!(!e||t===null||typeof t!="object")){if(e.type==="object"&&e.properties&&typeof e.properties=="object"){let r=t,n=e.properties;for(let a of Object.keys(n)){let i=n[a];r[a]===void 0&&Object.prototype.hasOwnProperty.call(i,"default")&&(r[a]=i.default),r[a]!==void 0&&Ps(i,r[a])}}if(Array.isArray(e.anyOf))for(let r of e.anyOf)typeof r!="boolean"&&Ps(r,t);if(Array.isArray(e.oneOf))for(let r of e.oneOf)typeof r!="boolean"&&Ps(r,t)}}o(Ps,"applyElicitationDefaults");function iO(e){if(!e)return{supportsFormMode:!1,supportsUrlMode:!1};let t=e.form!==void 0,r=e.url!==void 0;return{supportsFormMode:t||!t&&!r,supportsUrlMode:r}}o(iO,"getSupportedElicitationModes");var xs=class extends yn{static{o(this,"Client")}constructor(t,r){super(r),this._clientInfo=t,this._cachedToolOutputValidators=new Map,this._cachedKnownTaskTools=new Set,this._cachedRequiredTaskTools=new Set,this._listChangedDebounceTimers=new Map,this._capabilities=r?.capabilities??{},this._jsonSchemaValidator=r?.jsonSchemaValidator??new $n,r?.listChanged&&(this._pendingListChangedConfig=r.listChanged)}_setupListChangedHandlers(t){t.tools&&this._serverCapabilities?.tools?.listChanged&&this._setupListChangedHandler("tools",Tc,t.tools,async()=>(await this.listTools()).tools),t.prompts&&this._serverCapabilities?.prompts?.listChanged&&this._setupListChangedHandler("prompts",xc,t.prompts,async()=>(await this.listPrompts()).prompts),t.resources&&this._serverCapabilities?.resources?.listChanged&&this._setupListChangedHandler("resources",Sc,t.resources,async()=>(await this.listResources()).resources)}get experimental(){return this._experimental||(this._experimental={tasks:new Is(this)}),this._experimental}registerCapabilities(t){if(this.transport)throw new Error("Cannot register capabilities after connecting to transport");this._capabilities=Qa(this._capabilities,t)}setRequestHandler(t,r){let a=pn(t)?.method;if(!a)throw new Error("Schema is missing a method literal");let i;if(sr(a)){let c=a;i=c._zod?.def?.value??c.value}else{let c=a;i=c._def?.value??c.value}if(typeof i!="string")throw new Error("Schema method literal must be a string");let s=i;if(s==="elicitation/create"){let c=o(async(d,p)=>{let l=Ge(Oc,d);if(!l.success){let b=l.error instanceof Error?l.error.message:String(l.error);throw new A(U.InvalidParams,`Invalid elicitation request: ${b}`)}let{params:m}=l.data;m.mode=m.mode??"form";let{supportsFormMode:h,supportsUrlMode:y}=iO(this._capabilities.elicitation);if(m.mode==="form"&&!h)throw new A(U.InvalidParams,"Client does not support form-mode elicitation requests");if(m.mode==="url"&&!y)throw new A(U.InvalidParams,"Client does not support URL-mode elicitation requests");let _=await Promise.resolve(r(d,p));if(m.task){let b=Ge(Ht,_);if(!b.success){let R=b.error instanceof Error?b.error.message:String(b.error);throw new A(U.InvalidParams,`Invalid task creation result: ${R}`)}return b.data}let S=Ge(mr,_);if(!S.success){let b=S.error instanceof Error?S.error.message:String(S.error);throw new A(U.InvalidParams,`Invalid elicitation result: ${b}`)}let w=S.data,v=m.mode==="form"?m.requestedSchema:void 0;if(m.mode==="form"&&w.action==="accept"&&w.content&&v&&this._capabilities.elicitation?.form?.applyDefaults)try{Ps(v,w.content)}catch{}return w},"wrappedHandler");return super.setRequestHandler(t,c)}if(s==="sampling/createMessage"){let c=o(async(d,p)=>{let l=Ge(Uc,d);if(!l.success){let w=l.error instanceof Error?l.error.message:String(l.error);throw new A(U.InvalidParams,`Invalid sampling request: ${w}`)}let{params:m}=l.data,h=await Promise.resolve(r(d,p));if(m.task){let w=Ge(Ht,h);if(!w.success){let v=w.error instanceof Error?w.error.message:String(w.error);throw new A(U.InvalidParams,`Invalid task creation result: ${v}`)}return w.data}let _=m.tools||m.toolChoice?bo:zr,S=Ge(_,h);if(!S.success){let w=S.error instanceof Error?S.error.message:String(S.error);throw new A(U.InvalidParams,`Invalid sampling result: ${w}`)}return S.data},"wrappedHandler");return super.setRequestHandler(t,c)}return super.setRequestHandler(t,r)}assertCapability(t,r){if(!this._serverCapabilities?.[t])throw new Error(`Server does not support ${t} (required for ${r})`)}async connect(t,r){if(await super.connect(t),t.sessionId===void 0)try{let n=await this.request({method:"initialize",params:{protocolVersion:ur,capabilities:this._capabilities,clientInfo:this._clientInfo}},dc,r);if(n===void 0)throw new Error(`Server sent invalid initialize result: ${n}`);if(!dr.includes(n.protocolVersion))throw new Error(`Server's protocol version is not supported: ${n.protocolVersion}`);this._serverCapabilities=n.capabilities,this._serverVersion=n.serverInfo,t.setProtocolVersion&&t.setProtocolVersion(n.protocolVersion),this._instructions=n.instructions,await this.notification({method:"notifications/initialized"}),this._pendingListChangedConfig&&(this._setupListChangedHandlers(this._pendingListChangedConfig),this._pendingListChangedConfig=void 0)}catch(n){throw this.close(),n}}getServerCapabilities(){return this._serverCapabilities}getServerVersion(){return this._serverVersion}getInstructions(){return this._instructions}assertCapabilityForMethod(t){switch(t){case"logging/setLevel":if(!this._serverCapabilities?.logging)throw new Error(`Server does not support logging (required for ${t})`);break;case"prompts/get":case"prompts/list":if(!this._serverCapabilities?.prompts)throw new Error(`Server does not support prompts (required for ${t})`);break;case"resources/list":case"resources/templates/list":case"resources/read":case"resources/subscribe":case"resources/unsubscribe":if(!this._serverCapabilities?.resources)throw new Error(`Server does not support resources (required for ${t})`);if(t==="resources/subscribe"&&!this._serverCapabilities.resources.subscribe)throw new Error(`Server does not support resource subscriptions (required for ${t})`);break;case"tools/call":case"tools/list":if(!this._serverCapabilities?.tools)throw new Error(`Server does not support tools (required for ${t})`);break;case"completion/complete":if(!this._serverCapabilities?.completions)throw new Error(`Server does not support completions (required for ${t})`);break;case"initialize":break;case"ping":break}}assertNotificationCapability(t){switch(t){case"notifications/roots/list_changed":if(!this._capabilities.roots?.listChanged)throw new Error(`Client does not support roots list changed notifications (required for ${t})`);break;case"notifications/initialized":break;case"notifications/cancelled":break;case"notifications/progress":break}}assertRequestHandlerCapability(t){if(this._capabilities)switch(t){case"sampling/createMessage":if(!this._capabilities.sampling)throw new Error(`Client does not support sampling capability (required for ${t})`);break;case"elicitation/create":if(!this._capabilities.elicitation)throw new Error(`Client does not support elicitation capability (required for ${t})`);break;case"roots/list":if(!this._capabilities.roots)throw new Error(`Client does not support roots capability (required for ${t})`);break;case"tasks/get":case"tasks/list":case"tasks/result":case"tasks/cancel":if(!this._capabilities.tasks)throw new Error(`Client does not support tasks capability (required for ${t})`);break;case"ping":break}}assertTaskCapability(t){Mi(this._serverCapabilities?.tasks?.requests,t,"Server")}assertTaskHandlerCapability(t){this._capabilities&&qi(this._capabilities.tasks?.requests,t,"Client")}async ping(t){return this.request({method:"ping"},jt,t)}async complete(t,r){return this.request({method:"completion/complete",params:t},$c,r)}async setLoggingLevel(t,r){return this.request({method:"logging/setLevel",params:{level:t}},jt,r)}async getPrompt(t,r){return this.request({method:"prompts/get",params:t},Pc,r)}async listPrompts(t,r){return this.request({method:"prompts/list",params:t},wc,r)}async listResources(t,r){return this.request({method:"resources/list",params:t},mc,r)}async listResourceTemplates(t,r){return this.request({method:"resources/templates/list",params:t},fc,r)}async readResource(t,r){return this.request({method:"resources/read",params:t},yc,r)}async subscribeResource(t,r){return this.request({method:"resources/subscribe",params:t},jt,r)}async unsubscribeResource(t,r){return this.request({method:"resources/unsubscribe",params:t},jt,r)}async callTool(t,r=pr,n){if(this.isToolTaskRequired(t.name))throw new A(U.InvalidRequest,`Tool "${t.name}" requires task-based execution. Use client.experimental.tasks.callToolStream() instead.`);let a=await this.request({method:"tools/call",params:t},r,n),i=this.getToolOutputValidator(t.name);if(i){if(!a.structuredContent&&!a.isError)throw new A(U.InvalidRequest,`Tool ${t.name} has an output schema but did not return structured content`);if(a.structuredContent)try{let s=i(a.structuredContent);if(!s.valid)throw new A(U.InvalidParams,`Structured content does not match the tool's output schema: ${s.errorMessage}`)}catch(s){throw s instanceof A?s:new A(U.InvalidParams,`Failed to validate structured content: ${s instanceof Error?s.message:String(s)}`)}}return a}isToolTask(t){return this._serverCapabilities?.tasks?.requests?.tools?.call?this._cachedKnownTaskTools.has(t):!1}isToolTaskRequired(t){return this._cachedRequiredTaskTools.has(t)}cacheToolMetadata(t){this._cachedToolOutputValidators.clear(),this._cachedKnownTaskTools.clear(),this._cachedRequiredTaskTools.clear();for(let r of t){if(r.outputSchema){let a=this._jsonSchemaValidator.getValidator(r.outputSchema);this._cachedToolOutputValidators.set(r.name,a)}let n=r.execution?.taskSupport;(n==="required"||n==="optional")&&this._cachedKnownTaskTools.add(r.name),n==="required"&&this._cachedRequiredTaskTools.add(r.name)}}getToolOutputValidator(t){return this._cachedToolOutputValidators.get(t)}async listTools(t,r){let n=await this.request({method:"tools/list",params:t},kc,r);return this.cacheToolMetadata(n.tools),n}_setupListChangedHandler(t,r,n,a){let i=cm.safeParse(n);if(!i.success)throw new Error(`Invalid ${t} listChanged options: ${i.error.message}`);if(typeof n.onChanged!="function")throw new Error(`Invalid ${t} listChanged options: onChanged must be a function`);let{autoRefresh:s,debounceMs:c}=i.data,{onChanged:d}=n,p=o(async()=>{if(!s){d(null,null);return}try{let m=await a();d(null,m)}catch(m){let h=m instanceof Error?m:new Error(String(m));d(h,null)}},"refresh"),l=o(()=>{if(c){let m=this._listChangedDebounceTimers.get(t);m&&clearTimeout(m);let h=setTimeout(p,c);this._listChangedDebounceTimers.set(t,h)}else p()},"handler");this.setNotificationHandler(r,l)}async sendRootsListChanged(){return this.notification({method:"notifications/roots/list_changed"})}};function As(e){return e?e instanceof Headers?Object.fromEntries(e.entries()):Array.isArray(e)?Object.fromEntries(e):{...e}:{}}o(As,"normalizeHeaders");function l_(e=fetch,t){return t?async(r,n)=>{let a={...t,...n,headers:n?.headers?{...As(t.headers),...As(n.headers)}:t.headers};return e(r,a)}:e}o(l_,"createFetchWithInit");var ks=class extends Error{static{o(this,"ParseError")}constructor(t,r){super(t),this.name="ParseError",this.type=r.type,this.field=r.field,this.value=r.value,this.line=r.line}};function Wl(e){}o(Wl,"noop");function p_(e){if(typeof e=="function")throw new TypeError("`callbacks` must be an object, got a function instead. Did you mean `{onEvent: fn}`?");let{onEvent:t=Wl,onError:r=Wl,onRetry:n=Wl,onComment:a}=e,i="",s=!0,c,d="",p="";function l(S){let w=s?S.replace(/^\xEF\xBB\xBF/,""):S,[v,b]=sO(`${i}${w}`);for(let R of v)m(R);i=b,s=!1}o(l,"feed");function m(S){if(S===""){y();return}if(S.startsWith(":")){a&&a(S.slice(S.startsWith(": ")?2:1));return}let w=S.indexOf(":");if(w!==-1){let v=S.slice(0,w),b=S[w+1]===" "?2:1,R=S.slice(w+b);h(v,R,S);return}h(S,"",S)}o(m,"parseLine");function h(S,w,v){switch(S){case"event":p=w;break;case"data":d=`${d}${w}
47
+ `;break;case"id":c=w.includes("\0")?void 0:w;break;case"retry":/^\d+$/.test(w)?n(parseInt(w,10)):r(new ks(`Invalid \`retry\` value: "${w}"`,{type:"invalid-retry",value:w,line:v}));break;default:r(new ks(`Unknown field "${S.length>20?`${S.slice(0,20)}\u2026`:S}"`,{type:"unknown-field",field:S,value:w,line:v}));break}}o(h,"processField");function y(){d.length>0&&t({id:c,event:p||void 0,data:d.endsWith(`
48
+ `)?d.slice(0,-1):d}),c=void 0,d="",p=""}o(y,"dispatchEvent");function _(S={}){i&&S.consume&&m(i),s=!0,c=void 0,d="",p="",i=""}return o(_,"reset"),{feed:l,reset:_}}o(p_,"createParser");function sO(e){let t=[],r="",n=0;for(;n<e.length;){let a=e.indexOf("\r",n),i=e.indexOf(`
50
49
  `,n),s=-1;if(a!==-1&&i!==-1?s=Math.min(a,i):a!==-1?a===e.length-1?s=-1:s=a:i!==-1&&(s=i),s===-1){r=e.slice(n);break}else{let c=e.slice(n,s);t.push(c),n=s+1,e[n-1]==="\r"&&e[n]===`
51
- `&&n++}}return[t,r]}o(fO,"splitLines");var ks=class extends TransformStream{static{o(this,"EventSourceParserStream")}constructor({onError:t,onRetry:r,onComment:n}={}){let a;super({start(i){a=h_({onEvent:o(s=>{i.enqueue(s)},"onEvent"),onError(s){t==="terminate"?i.error(s):typeof t=="function"&&t(s)},onRetry:r,onComment:n})},transform(i){a.feed(i)}})}};var hO={initialReconnectionDelay:1e3,maxReconnectionDelay:3e4,reconnectionDelayGrowFactor:1.5,maxRetries:2},Tr=class extends Error{static{o(this,"StreamableHTTPError")}constructor(t,r){super(`Streamable HTTP error: ${r}`),this.code=t}},Es=class{static{o(this,"StreamableHTTPClientTransport")}constructor(t,r){this._hasCompletedAuthFlow=!1,this._url=t,this._resourceMetadataUrl=void 0,this._scope=void 0,this._requestInit=r?.requestInit,this._authProvider=r?.authProvider,this._fetch=r?.fetch,this._fetchWithInit=f_(r?.fetch,r?.requestInit),this._sessionId=r?.sessionId,this._reconnectionOptions=r?.reconnectionOptions??hO}async _authThenStart(){if(!this._authProvider)throw new er("No auth provider");let t;try{t=await Ar(this._authProvider,{serverUrl:this._url,resourceMetadataUrl:this._resourceMetadataUrl,scope:this._scope,fetchFn:this._fetchWithInit})}catch(r){throw this.onerror?.(r),r}if(t!=="AUTHORIZED")throw new er;return await this._startOrAuthSse({resumptionToken:void 0})}async _commonHeaders(){let t={};if(this._authProvider){let n=await this._authProvider.tokens();n&&(t.Authorization=`Bearer ${n.access_token}`)}this._sessionId&&(t["mcp-session-id"]=this._sessionId),this._protocolVersion&&(t["mcp-protocol-version"]=this._protocolVersion);let r=As(this._requestInit?.headers);return new Headers({...t,...r})}async _startOrAuthSse(t){let{resumptionToken:r}=t;try{let n=await this._commonHeaders();n.set("Accept","text/event-stream"),r&&n.set("last-event-id",r);let a=await(this._fetch??fetch)(this._url,{method:"GET",headers:n,signal:this._abortController?.signal});if(!a.ok){if(await a.body?.cancel(),a.status===401&&this._authProvider)return await this._authThenStart();if(a.status===405)return;throw new Tr(a.status,`Failed to open SSE stream: ${a.statusText}`)}this._handleSseStream(a.body,t,!0)}catch(n){throw this.onerror?.(n),n}}_getNextReconnectionDelay(t){if(this._serverRetryMs!==void 0)return this._serverRetryMs;let r=this._reconnectionOptions.initialReconnectionDelay,n=this._reconnectionOptions.reconnectionDelayGrowFactor,a=this._reconnectionOptions.maxReconnectionDelay;return Math.min(r*Math.pow(n,t),a)}_scheduleReconnection(t,r=0){let n=this._reconnectionOptions.maxRetries;if(r>=n){this.onerror?.(new Error(`Maximum reconnection attempts (${n}) exceeded.`));return}let a=this._getNextReconnectionDelay(r);this._reconnectionTimeout=setTimeout(()=>{this._startOrAuthSse(t).catch(i=>{this.onerror?.(new Error(`Failed to reconnect SSE stream: ${i instanceof Error?i.message:String(i)}`)),this._scheduleReconnection(t,r+1)})},a)}_handleSseStream(t,r,n){if(!t)return;let{onresumptiontoken:a,replayMessageId:i}=r,s,c=!1,d=!1;o(async()=>{try{let l=t.pipeThrough(new TextDecoderStream).pipeThrough(new ks({onRetry:o(y=>{this._serverRetryMs=y},"onRetry")})).getReader();for(;;){let{value:y,done:_}=await l.read();if(_)break;if(y.id&&(s=y.id,c=!0,a?.(y.id)),!!y.data&&(!y.event||y.event==="message"))try{let S=$r.parse(JSON.parse(y.data));St(S)&&(d=!0,i!==void 0&&(S.id=i)),this.onmessage?.(S)}catch(S){this.onerror?.(S)}}(n||c)&&!d&&this._abortController&&!this._abortController.signal.aborted&&this._scheduleReconnection({resumptionToken:s,onresumptiontoken:a,replayMessageId:i},0)}catch(l){if(this.onerror?.(new Error(`SSE stream disconnected: ${l}`)),(n||c)&&!d&&this._abortController&&!this._abortController.signal.aborted)try{this._scheduleReconnection({resumptionToken:s,onresumptiontoken:a,replayMessageId:i},0)}catch(y){this.onerror?.(new Error(`Failed to reconnect: ${y instanceof Error?y.message:String(y)}`))}}},"processStream")()}async start(){if(this._abortController)throw new Error("StreamableHTTPClientTransport already started! If using Client class, note that connect() calls start() automatically.");this._abortController=new AbortController}async finishAuth(t){if(!this._authProvider)throw new er("No auth provider");if(await Ar(this._authProvider,{serverUrl:this._url,authorizationCode:t,resourceMetadataUrl:this._resourceMetadataUrl,scope:this._scope,fetchFn:this._fetchWithInit})!=="AUTHORIZED")throw new er("Failed to authorize")}async close(){this._reconnectionTimeout&&(clearTimeout(this._reconnectionTimeout),this._reconnectionTimeout=void 0),this._abortController?.abort(),this.onclose?.()}async send(t,r){try{let{resumptionToken:n,onresumptiontoken:a}=r||{};if(n){this._startOrAuthSse({resumptionToken:n,replayMessageId:It(t)?t.id:void 0}).catch(h=>this.onerror?.(h));return}let i=await this._commonHeaders();i.set("content-type","application/json"),i.set("accept","application/json, text/event-stream");let s={...this._requestInit,method:"POST",headers:i,body:JSON.stringify(t),signal:this._abortController?.signal},c=await(this._fetch??fetch)(this._url,s),d=c.headers.get("mcp-session-id");if(d&&(this._sessionId=d),!c.ok){let h=await c.text().catch(()=>null);if(c.status===401&&this._authProvider){if(this._hasCompletedAuthFlow)throw new Tr(401,"Server returned 401 after successful authentication");let{resourceMetadataUrl:y,scope:_}=Hl(c);if(this._resourceMetadataUrl=y,this._scope=_,await Ar(this._authProvider,{serverUrl:this._url,resourceMetadataUrl:this._resourceMetadataUrl,scope:this._scope,fetchFn:this._fetchWithInit})!=="AUTHORIZED")throw new er;return this._hasCompletedAuthFlow=!0,this.send(t)}if(c.status===403&&this._authProvider){let{resourceMetadataUrl:y,scope:_,error:S}=Hl(c);if(S==="insufficient_scope"){let w=c.headers.get("WWW-Authenticate");if(this._lastUpscopingHeader===w)throw new Tr(403,"Server returned 403 after trying upscoping");if(_&&(this._scope=_),y&&(this._resourceMetadataUrl=y),this._lastUpscopingHeader=w??void 0,await Ar(this._authProvider,{serverUrl:this._url,resourceMetadataUrl:this._resourceMetadataUrl,scope:this._scope,fetchFn:this._fetch})!=="AUTHORIZED")throw new er;return this.send(t)}}throw new Tr(c.status,`Error POSTing to endpoint: ${h}`)}if(this._hasCompletedAuthFlow=!1,this._lastUpscopingHeader=void 0,c.status===202){await c.body?.cancel(),nm(t)&&this._startOrAuthSse({resumptionToken:void 0}).catch(h=>this.onerror?.(h));return}let l=(Array.isArray(t)?t:[t]).filter(h=>"method"in h&&"id"in h&&h.id!==void 0).length>0,m=c.headers.get("content-type");if(l)if(m?.includes("text/event-stream"))this._handleSseStream(c.body,{onresumptiontoken:a},!1);else if(m?.includes("application/json")){let h=await c.json(),y=Array.isArray(h)?h.map(_=>$r.parse(_)):[$r.parse(h)];for(let _ of y)this.onmessage?.(_)}else throw await c.body?.cancel(),new Tr(-1,`Unexpected content type: ${m}`);else await c.body?.cancel()}catch(n){throw this.onerror?.(n),n}}get sessionId(){return this._sessionId}async terminateSession(){if(this._sessionId)try{let t=await this._commonHeaders(),r={...this._requestInit,method:"DELETE",headers:t,signal:this._abortController?.signal},n=await(this._fetch??fetch)(this._url,r);if(await n.body?.cancel(),!n.ok&&n.status!==405)throw new Tr(n.status,`Failed to terminate session: ${n.statusText}`);this._sessionId=void 0}catch(t){throw this.onerror?.(t),t}}setProtocolVersion(t){this._protocolVersion=t}get protocolVersion(){return this._protocolVersion}async resumeStream(t,r){await this._startOrAuthSse({resumptionToken:t,onresumptiontoken:r?.onresumptiontoken})}};function g_(e=[]){let t={};for(let r of e){if(!r.value){if(r.required)throw g("internal_server_error",`Native MCP transport header ${r.name} is required but has no value configured.`);continue}t[r.name]=r.value}return t}o(g_,"resolveNativeMcpRequestHeaders");var gO={name:"zuplo-mcp-gateway",version:"0.1.0"},yO=new zn({draft:"7",shortcircuit:!1}),SO=5,_O=500,__=3e4,wO=2*1024*1024,vO=2;function y_(){return performance.now()/1e3}o(y_,"nowSeconds");function bO(e){if(e.port)return Number(e.port);if(e.protocol==="https:")return 443;if(e.protocol==="http:")return 80}o(bO,"readServerPort");function RO(e,t){return{mcpSessionId:t,serverAddress:e.hostname,serverPort:bO(e)}}o(RO,"buildNativeMcpOperationContext");function Wn(e){return Mg(e)}o(Wn,"withTraceMeta");function Yl(e){if(e>_O)throw g("upstream_import_failed","Upstream import exceeded the maximum allowed capability count.")}o(Yl,"assertImportedCapabilityBudget");function S_(e){return Object.keys(e).length===0?{}:{requestInit:{headers:e}}}o(S_,"buildRequestInit");function CO(e){return(t,r)=>Cs(t,r,{additionalCrossOriginStrippedHeaders:e,maxRedirects:vO,maxResponseBytes:wO,problemCode:"upstream_capability_invocation_failed",timeoutMs:__})}o(CO,"createNativeMcpFetch");function IO(e){return new Promise((t,r)=>{let n=setTimeout(()=>{r(g("upstream_capability_invocation_failed","Upstream MCP request exceeded the maximum allowed time."))},__);e.then(a=>{clearTimeout(n),t(a)},a=>{clearTimeout(n),r(a)})})}o(IO,"withNativeMcpRequestTimeout");function PO(e,t=[]){let r=g_(t),n=e?.type==="headers"?Object.keys(e.headers):[],a=[...Object.keys(r),...n],i={fetch:CO(a)};if(!e)return{...i,...S_(r)};switch(e.type){case"mcp_oauth_provider":return{authProvider:e.provider,...i,...S_(r)};case"bearer_token":return{...i,requestInit:{headers:{...r,Authorization:`Bearer ${e.token}`}}};case"headers":return{...i,requestInit:{headers:{...r,...e.headers}}}}}o(PO,"buildNativeMcpTransportOptions");async function Jn(e,t,r){let{transport:n}=rt(e),a=new URL(n.baseUrl),i=new Es(a,PO(r,n.requestHeaders)),s=new xs(gO,{capabilities:{},jsonSchemaValidator:yO});return IO((async()=>{let c=y_();await s.connect(i);let d=i.sessionId,p=RO(a,d);try{return await t(s,p)}finally{if(i.sessionId)try{await i.terminateSession()}catch{}await s.close(),d&&qg(p,y_()-c)}})())}o(Jn,"withNativeMcpClient");async function xO(e,t,r){let n=[],a,i=0;do{if(i>=SO)throw g("upstream_capability_invocation_failed",`${e} pagination exceeded the maximum allowed page count.`);let s=await t(a);i+=1,n.push(...r(s)),a=s.nextCursor}while(a);return n}o(xO,"collectPaginatedSdkItems");async function Ql(e){return e.enabled?xO(e.label,e.fetchPage,e.readItems):[]}o(Ql,"listNativeMcpCapabilityItems");async function w_(e){return Jn(e.upstreamServerId,async(t,r)=>{let n=t.getServerCapabilities(),a=await Zr({methodName:"tools/list",...r},()=>Ql({enabled:!!n?.tools,label:"Tool list",fetchPage:o(i=>t.listTools(Wn(i?{cursor:i}:void 0)),"fetchPage"),readItems:o(i=>i.tools,"readItems")}));return Yl(a.length),{tools:a}},e.credential)}o(w_,"listNativeMcpTools");async function v_(e){return Jn(e.upstreamServerId,async(t,r)=>{let n=t.getServerCapabilities(),a=await Zr({methodName:"prompts/list",...r},()=>Ql({enabled:!!n?.prompts,label:"Prompt list",fetchPage:o(i=>t.listPrompts(Wn(i?{cursor:i}:void 0)),"fetchPage"),readItems:o(i=>i.prompts,"readItems")}));return Yl(a.length),{prompts:a}},e.credential)}o(v_,"listNativeMcpPrompts");async function b_(e){return Jn(e.upstreamServerId,async(t,r)=>{let n=t.getServerCapabilities(),a=await Zr({methodName:"resources/list",...r},()=>Ql({enabled:!!n?.resources,label:"Resource list",fetchPage:o(i=>t.listResources(Wn(i?{cursor:i}:void 0)),"fetchPage"),readItems:o(i=>i.resources,"readItems")}));return Yl(a.length),{resources:a}},e.credential)}o(b_,"listNativeMcpResources");async function R_(e){return Jn(e.upstreamServerId,(t,r)=>Zr({methodName:"tools/call",capabilityType:"tool",capabilityName:e.params.name,...r},async()=>await t.callTool(Wn(e.params))),e.credential)}o(R_,"callNativeMcpTool");async function C_(e){return Jn(e.upstreamServerId,(t,r)=>Zr({methodName:"prompts/get",capabilityType:"prompt",capabilityName:e.params.name,...r},()=>t.getPrompt(Wn(e.params))),e.credential)}o(C_,"getNativeMcpPrompt");async function I_(e){return Jn(e.upstreamServerId,(t,r)=>Zr({methodName:"resources/read",capabilityType:"resource",resourceUri:e.params.uri,...r},()=>t.readResource(Wn(e.params))),e.credential)}o(I_,"readNativeMcpResource");var Ra=class extends A{static{o(this,"ConnectRequiredMcpError")}constructor(t){super(U.InvalidRequest,t.message),this.name="ConnectRequiredMcpError"}};function AO(e){return{content:[{type:"text",text:e}],isError:!0}}o(AO,"buildToolErrorResult");function TO(e){return e.authUrl?new ur([{mode:"url",elicitationId:crypto.randomUUID(),message:e.message,url:e.authUrl}],e.message):new Ra(e)}o(TO,"toConnectRequiredError");function kO(e){return{credentialType:e.type,...e.type==="headers"?{headerNames:Object.keys(e.headers).sort()}:{}}}o(kO,"buildCredentialResolvedAttributes");function EO(e){tt(e.context,{eventType:K.MCP_GATEWAY_AUTH_UPSTREAM_CREDENTIAL_RESOLVED,outcome:"success",routeBinding:e.routeBinding,attributes:kO(e.credential)})}o(EO,"emitCredentialResolvedAnalyticsEvent");function UO(e){tt(e.context,{eventType:K.MCP_GATEWAY_AUTH_UPSTREAM_CREDENTIAL_MISSING,outcome:"connect_required",routeBinding:e.routeBinding,reasonCode:"connect_required",reasonClass:"auth",attributes:{nextAction:e.payload.nextAction,state:e.payload.state}})}o(UO,"emitCredentialMissingAnalyticsEvent");function OO(e){return e.ownerMode==="none"?JSON.stringify(["none",e.upstreamServerId,e.authProfileId]):Jr({owner:e.owner,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId})}o(OO,"readRouteBindingCredentialCacheKey");function x_(e){if(e.ownerMode!=="none")return{owner:e.owner,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId}}o(x_,"readOwnedRouteBindingLookup");async function $O(e){let t=bl(e.request);if(!t)return new Map;let r=new Map;for(let s of e.routeBindings){let c=x_(s);c!==void 0&&r.set(Jr(c),c)}if(r.size===0)return new Map;let n=[...r.values()],a=await J().authorizeAndLoadConnections({accessTokenHash:await pe(t),resource:Wr(e.virtualServerId,e.request.url),virtualServerId:e.virtualServerId,upstreamConnectionKeys:n,now:ne(new Date)});if(a.kind!=="authorized")return new Map;let i=new Map;return a.upstreamConnections.forEach((s,c)=>{let d=n[c];d!==void 0&&i.set(Jr(d),s.connection)}),i}o($O,"preloadCompositeAuthorizedConnections");function zO(e){let t=new Map;return r=>{let n=OO(r),a=t.get(n);if(a)return a;let i=(async()=>{let s=await e.preloadedConnections,c=x_(r),d=c===void 0?void 0:Jr(c),p=await d_({request:e.request,routeAuth:r,...d!==void 0&&s.has(d)?{preloadedConnection:s.get(d)}:{}});if(p.kind==="connect_required")throw UO({context:e.context,payload:p.payload,routeBinding:r}),TO(p.payload);return EO({context:e.context,credential:p.credential,routeBinding:r}),p.credential})();return t.set(n,i),i}}o(zO,"createCredentialResolver");var P_=500;function MO(e){return e.length<=P_?e:`${e.slice(0,P_)}...`}o(MO,"truncateAnalyticsDetail");function qO(e){tt(e.context,{eventType:K.MCP_GATEWAY_CAPABILITY_COMPLETED,outcome:e.result.isError===!0?"application_error":"success",routeBinding:e.routeBinding,mcpMethod:"tools/call",capabilityName:e.toolName,capabilityType:"tool",toolResultIsError:e.result.isError===!0,applicationError:e.result.isError===!0})}o(qO,"emitToolInvocationCompletedAnalyticsEvent");function NO(e){return e instanceof ur||e instanceof Ra?{eventType:K.MCP_GATEWAY_CAPABILITY_CONNECT_REQUIRED,outcome:"connect_required",reasonCode:"connect_required",reasonClass:"auth",errorType:"connect_required"}:e instanceof A&&e.code===U.InvalidParams?{eventType:K.MCP_GATEWAY_CAPABILITY_FAILED,outcome:"failure",reasonCode:"invalid_tool_arguments",reasonClass:"client",errorType:"tool_error",mcpErrorType:"InvalidParams"}:{eventType:K.MCP_GATEWAY_CAPABILITY_FAILED,outcome:"failure",reasonCode:"upstream_capability_invocation_failed",reasonClass:"upstream",errorType:"tool_error"}}o(NO,"classifyToolInvocationFailure");function jO(e){let t=e.error instanceof Error?e.error.message:String(e.error),r=NO(e.error);tt(e.context,{eventType:r.eventType,outcome:r.outcome,routeBinding:e.routeBinding,mcpMethod:"tools/call",capabilityName:e.toolName,capabilityType:"tool",reasonCode:r.reasonCode,reasonClass:r.reasonClass,errorType:r.errorType,mcpErrorType:r.mcpErrorType,attributes:{detail:MO(t)}})}o(jO,"emitToolInvocationFailedAnalyticsEvent");var DO=256*1024;function HO(e){if(e.arguments===void 0)return;let t;try{t=new TextEncoder().encode(JSON.stringify(e.arguments)).length}catch{throw new A(U.InvalidParams,"Tool arguments must be JSON-serializable.")}if(t>DO)throw new A(U.InvalidParams,"Tool arguments exceed the maximum allowed size.")}o(HO,"assertToolArgumentsWithinLimit");function Xl(e){if(e.routeBindings.length===1)return e.routeBindings[0];let t=e.routeBindings.filter(r=>r.connectionPolicyName===e.upstreamPolicyName);if(t.length!==1)throw new A(U.InvalidRequest,`Published item ${e.capabilityName} on virtual server ${e.virtualServerId} is claimed by ${t.length} upstream bindings.`);return t[0]}o(Xl,"findBindingForPublishedCapability");function Yn(e){let t=e.routeBindings[0];if(e.routeBindings.length!==1||t===void 0)throw new A(U.InternalError,`Upstream MCP catalog mode for virtual server ${e.publishedVirtualServer.virtualServerId} requires exactly one upstream binding.`);return t}o(Yn,"requireSingleTransparentBinding");function LO(e){if(e.publishedVirtualServer.catalog.catalogSource==="upstream_mcp")return{binding:Yn(e),upstreamName:e.toolName};let t=e.publishedVirtualServer.catalog.tools.find(r=>r.name===e.toolName&&r.enabled!==!1);if(!t)throw new A(U.MethodNotFound,`Tool ${e.toolName} is not available on virtual server ${e.publishedVirtualServer.virtualServerId}.`);return{binding:Xl({capabilityName:String(t.name),routeBindings:e.routeBindings,upstreamPolicyName:t.upstreamPolicyName,virtualServerId:e.publishedVirtualServer.virtualServerId}),upstreamName:t.upstreamName}}o(LO,"resolvePublishedToolRoute");function BO(e){if(e.publishedVirtualServer.catalog.catalogSource==="upstream_mcp")return{binding:Yn(e),upstreamName:e.promptName};let t=e.publishedVirtualServer.catalog.prompts.find(r=>r.name===e.promptName&&r.enabled!==!1);if(!t)throw new A(U.MethodNotFound,`Prompt ${e.promptName} is not available on virtual server ${e.publishedVirtualServer.virtualServerId}.`);return{binding:Xl({capabilityName:String(t.name),routeBindings:e.routeBindings,upstreamPolicyName:t.upstreamPolicyName,virtualServerId:e.publishedVirtualServer.virtualServerId}),upstreamName:t.upstreamName}}o(BO,"resolvePublishedPromptRoute");function GO(e){if(e.publishedVirtualServer.catalog.catalogSource==="upstream_mcp")return{binding:Yn(e),upstreamUri:e.resourceUri};let t=e.publishedVirtualServer.catalog.resources.find(r=>r.uri===e.resourceUri&&r.enabled!==!1);if(!t)throw new A(U.MethodNotFound,`Resource ${e.resourceUri} is not available on virtual server ${e.publishedVirtualServer.virtualServerId}.`);return{binding:Xl({capabilityName:String(t.name),routeBindings:e.routeBindings,upstreamPolicyName:t.upstreamPolicyName,virtualServerId:e.publishedVirtualServer.virtualServerId}),upstreamUri:t.upstreamUri}}o(GO,"resolvePublishedResourceRoute");function A_(e){let t=$O({request:e.request,routeBindings:e.routeBindings,virtualServerId:e.publishedVirtualServer.virtualServerId}),r=zO({context:e.context,preloadedConnections:t,request:e.request});return{async listTools(){if(e.publishedVirtualServer.catalog.catalogSource==="openapi")return{tools:e.publishedVirtualServer.catalog.tools.filter(a=>a.enabled!==!1).map(Wi)};let n=Yn(e);return w_({upstreamServerId:n.upstreamServerId,credential:await r(n)})},async callTool(n){let a=LO({publishedVirtualServer:e.publishedVirtualServer,routeBindings:e.routeBindings,toolName:n.name});try{HO(n);let i=await r(a.binding),s=await R_({upstreamServerId:a.binding.upstreamServerId,params:{...n,name:a.upstreamName},credential:i});return qO({context:e.context,routeBinding:a.binding,toolName:n.name,result:s}),e.context.log.debug({event:"upstream_tool_invocation_succeeded",toolName:n.name,upstreamName:a.upstreamName,upstreamServerId:a.binding.upstreamServerId,authProfileId:a.binding.authProfileId,isError:s.isError===!0},"Upstream tool invocation completed"),s}catch(i){if(jO({context:e.context,routeBinding:a.binding,toolName:n.name,error:i}),i instanceof ur||i instanceof Ra)throw e.context.log.info({event:"upstream_tool_invocation_connect_required",toolName:n.name,upstreamServerId:a.binding.upstreamServerId,authProfileId:a.binding.authProfileId,ownerMode:a.binding.ownerMode,hasAuthUrl:i instanceof ur},"Upstream tool invocation requires user to complete a connect flow"),i;let s={event:"upstream_tool_invocation_failed",code:"upstream_capability_invocation_failed",toolName:n.name,upstreamName:a.upstreamName,upstreamServerId:a.binding.upstreamServerId,authProfileId:a.binding.authProfileId};return i instanceof A&&(s.mcpErrorCode=i.code),i instanceof Error?(s.errorName=i.name,s.errorMessage=i.message,i.cause instanceof Error&&(s.causeName=i.cause.name,s.causeMessage=i.cause.message)):s.errorMessage=String(i),e.context.log.warn(s,"Upstream tool invocation failed; returning generic gateway error to MCP client"),AO(Qe("upstream_capability_invocation_failed").publicDetail)}},async listPrompts(){if(e.publishedVirtualServer.catalog.catalogSource==="openapi")return{prompts:e.publishedVirtualServer.catalog.prompts.filter(a=>a.enabled!==!1).map(Ji)};let n=Yn(e);return v_({upstreamServerId:n.upstreamServerId,credential:await r(n)})},async getPrompt(n){let a=BO({publishedVirtualServer:e.publishedVirtualServer,routeBindings:e.routeBindings,promptName:n.name});return C_({upstreamServerId:a.binding.upstreamServerId,params:{...n,name:a.upstreamName},credential:await r(a.binding)})},async listResources(){if(e.publishedVirtualServer.catalog.catalogSource==="openapi")return{resources:e.publishedVirtualServer.catalog.resources.filter(a=>a.enabled!==!1).map(Yi)};let n=Yn(e);return b_({upstreamServerId:n.upstreamServerId,credential:await r(n)})},async readResource(n){let a=GO({publishedVirtualServer:e.publishedVirtualServer,routeBindings:e.routeBindings,resourceUri:n.uri});return I_({upstreamServerId:a.binding.upstreamServerId,params:{...n,uri:a.upstreamUri},credential:await r(a.binding)})}}}o(A_,"createCapabilityDispatcher");var VO="0.1.0",k_="POST",FO="POST, OPTIONS",ZO=new zn({draft:"7",shortcircuit:!1});function ep(e){return Response.json({jsonrpc:"2.0",id:null,error:{code:-32e3,message:e}},{status:405,headers:{Allow:k_}})}o(ep,"jsonRpcMethodNotAllowedResponse");function KO(e){let t={Allow:k_},r=e.headers.get("origin"),n=e.headers.get("access-control-request-method");if(r&&n){t["Access-Control-Allow-Methods"]=FO;let a=e.headers.get("access-control-request-headers");a&&(t["Access-Control-Allow-Headers"]=a)}return new Response(null,{status:204,headers:t})}o(KO,"buildOptionsResponse");function Qn(e){let t=e&&typeof e=="object"?e.id:void 0;return typeof t=="string"||typeof t=="number"?t:void 0}o(Qn,"readJsonRpcRequestId");function tp(e){return e&&typeof e=="object"?e.params:void 0}o(tp,"readMcpRequestParams");function T_(e,t){return e.headers.get(t)??void 0}o(T_,"readMcpHeader");function WO(e){return{mcpProtocolVersion:T_(e,"mcp-protocol-version")??Fr,mcpSessionId:T_(e,"mcp-session-id")}}o(WO,"buildServerTelemetryBase");function JO(e){if(e.headers.has("mcp-protocol-version"))return e;let t=new Headers(e.headers);return t.set("mcp-protocol-version",Fr),new Response(e.body,{status:e.status,statusText:e.statusText,headers:t})}o(JO,"ensureProtocolVersionHeader");async function rp(e,t){if(e.method==="OPTIONS")return KO(e);if(e.method==="GET")return ep("Standalone SSE GET is not supported by this stateless virtual MCP server. Use POST streamable HTTP for MCP requests.");if(e.method==="DELETE")return ep("Session termination via DELETE is not supported because this virtual MCP server is stateless.");if(e.method!=="POST")return ep("Only POST is supported by this virtual MCP server.");let r=Nn(t),n=Rg(r.virtualServerId),a=jg(t);if(n.catalog.catalogSource==="upstream_mcp"&&a.length!==1)throw t.log.error({event:"virtual_server_binding_count_invalid",code:"internal_server_error",virtualServerId:r.virtualServerId,bindingCount:a.length,catalogSource:n.catalog.catalogSource},"MCP virtual server route requires exactly one upstream binding"),g("internal_server_error",`MCP virtual server route requires exactly one upstream binding; found ${a.length}.`);let i=WO(e),s=A_({context:t,publishedVirtualServer:n,request:e,routeBindings:a}),c=ce(e.url),d=new ji({enableDnsRebindingProtection:!0,allowedOrigins:[c]}),p=new Ni(n.catalog.serverInfo??{name:r.virtualServerId,version:VO},{capabilities:{prompts:{},resources:{},tools:{}},jsonSchemaValidator:ZO});p.setRequestHandler(xc,async m=>Kr({methodName:"tools/list",params:tp(m),jsonRpcRequestId:Qn(m),...i},()=>s.listTools())),p.setRequestHandler(_o,async m=>Kr({methodName:"tools/call",capabilityType:"tool",capabilityName:m.params.name,params:m.params,jsonRpcRequestId:Qn(m),...i},()=>s.callTool(m.params))),p.setRequestHandler(Sc,async m=>Kr({methodName:"prompts/list",params:tp(m),jsonRpcRequestId:Qn(m),...i},()=>s.listPrompts())),p.setRequestHandler(wc,async m=>Kr({methodName:"prompts/get",capabilityType:"prompt",capabilityName:m.params.name,params:m.params,jsonRpcRequestId:Qn(m),...i},()=>s.getPrompt(m.params))),p.setRequestHandler(lc,async m=>Kr({methodName:"resources/list",params:tp(m),jsonRpcRequestId:Qn(m),...i},()=>s.listResources())),p.setRequestHandler(hc,async m=>Kr({methodName:"resources/read",capabilityType:"resource",resourceUri:m.params.uri,params:m.params,jsonRpcRequestId:Qn(m),...i},()=>s.readResource(m.params))),await p.connect(d);let l=await d.handleRequest(e);return JO(l)}o(rp,"virtualServerHandler");async function YO(e,t){return sr("handler.mcp-virtual-server"),rp(e,t)}o(YO,"McpVirtualServerHandler");var Xn={OAUTH_PROTECTED_RESOURCE_METADATA:"oauth_metadata",VIRTUAL_MCP_SERVER:"gateway",OTHER:"other"},QO="oauth-protected-resource-metadata",XO="/.well-known/oauth-protected-resource/";function e$(e){let r=(typeof e.route.raw=="function"?e.route.raw():void 0)?.operationId;return typeof r=="string"?r:void 0}o(e$,"readRouteOperationId");function t$(e){return e.hasGatewayRouteContext?Xn.VIRTUAL_MCP_SERVER:e.routeOperationId===QO||e.routeOperationId===void 0&&e.routePath.startsWith(XO)?Xn.OAUTH_PROTECTED_RESOURCE_METADATA:Xn.OTHER}o(t$,"classifyAnalyticsRouteSurface");function r$(e){let t=e.route.path;return{routePath:t,routeSurface:t$({routePath:t,routeOperationId:e$(e),hasGatewayRouteContext:ea(e)!==void 0})}}o(r$,"readAnalyticsRequestContext");function n$(e){return e.response.status===405&&e.response.headers.has("allow")&&e.routeSurface===Xn.VIRTUAL_MCP_SERVER}o(n$,"isIntentionalMethodRejection");function o$(e){return n$(e)||e.response.status===401&&e.routeSurface===Xn.OAUTH_PROTECTED_RESOURCE_METADATA?"success":e.response.status>=400?"failure":"success"}o(o$,"classifyRequestCompletedOutcome");async function np(e,t){let r=Date.now(),n=r$(t);return t.addResponseSendingFinalHook(a=>{let i=o$({response:a,routeSurface:n.routeSurface});tt(t,{eventType:K.MCP_GATEWAY_REQUEST_COMPLETED,outcome:i,routeSurface:n.routeSurface,httpStatusCode:a.status,httpMethod:e.method,latencyMs:Date.now()-r})}),e}o(np,"analyticsContextInbound");function a$(e){return e instanceof Response}o(a$,"isResponse");var E_="/mcp/";function i$(e){let t=e.route.path;if(!t.startsWith(E_))throw g("internal_server_error",`Route ${t} is bound to mcp-oauth-inbound but does not match the /mcp/{virtualServerId} convention.`);let r=t.slice(E_.length);if(!r||r.includes("/"))throw g("internal_server_error",`Route ${t} is bound to mcp-oauth-inbound but must use exactly one /mcp/{virtualServerId} segment.`);return r}o(i$,"readVirtualServerIdFromRoute");async function Ca(e,t){let n={virtualServerId:Pe.parse(i$(t))};Pg(t,n),ig(t,n);let a=await np(e,t);return a$(a)?a:Rl(a,t)}o(Ca,"mcpOAuthInboundPolicy");var s$=o(async(e,t,r,n)=>(sr("policy.inbound.mcp-auth0-oauth"),Ca(e,t)),"McpAuth0OAuthInboundPolicy");function c$(e){let t=`https://${e.auth0Domain}/`,r=`https://${e.auth0Domain}/.well-known/jwks.json`,n=`https://${e.auth0Domain}/authorize`,a=`https://${e.auth0Domain}/oauth/token`;return es({oidc:{issuer:t,jwksUrl:r,audience:e.audience},browserLogin:{url:n,tokenUrl:a,clientId:e.clientId,clientSecret:e.clientSecret,scope:e.scope??"openid profile email",audience:e.audience,...e.browserLoginOverrides??{}},gateway:e.gateway})}o(c$,"buildAuth0McpOAuthRuntimeConfig");var u$={policyType:"mcp-auth0-oauth-inbound",displayName:"MCP OAuth (Auth0)",getConfig(e){return c$(e)}};Vi(u$);var d$=o(async(e,t,r,n)=>(sr("policy.inbound.mcp-oauth"),Ca(e,t)),"McpOAuthInboundPolicy"),l$={policyType:"mcp-oauth-inbound",displayName:"MCP OAuth",getConfig(e){return es(e)}};Vi(l$);function p$(e){let t=$t(e.connection.authMode);return{upstreamServerId:e.connection.upstreamServerId,virtualServerId:e.virtualServerId,authProfileId:e.connection.authProfileId,upstreamDisplayName:e.connection.config.displayName,authMode:e.connection.authMode,ownerMode:t.ownerMode}}o(p$,"buildRouteAuthBaseFromConnection");function O_(e){if(!e.connection.authProfiles[e.authMode])throw g("internal_server_error",`Upstream connection ${e.connection.id} does not declare auth mode ${e.authMode}.`);let r=$t(e.authMode);return{upstreamServerId:e.connection.id,virtualServerId:e.virtualServerId,authProfileId:qn(e.connection.id,e.authMode),upstreamDisplayName:e.connection.displayName,authMode:e.authMode,ownerMode:r.ownerMode}}o(O_,"buildRouteAuthBaseFromPolicyOptions");function $_(e,t){let n=ht().byVirtualServerId.get(t);if(!n)throw g("unknown_virtual_server",`Unknown virtual server: ${t}`);let a=n.connections.find(i=>i.upstreamServerId===e);if(!a)throw g("virtual_server_upstream_mismatch",`Virtual server ${t} does not bind upstream ${e}.`);return p$({connection:a,virtualServerId:t})}o($_,"resolveRouteAuthBase");function U_(e,t){switch(e){case"user":return Cr(t.subjectId);case"shared":return us()}}o(U_,"buildOwnerForPrincipal");function Us(e,t){switch(e.ownerMode){case"shared":return{...e,owner:U_(e.ownerMode,t),initiatedBySubjectId:t.subjectId};case"user":return{...e,owner:U_(e.ownerMode,t),initiatedBySubjectId:t.subjectId};case"none":return e}}o(Us,"resolveRouteAuthForPrincipal");function m$(e){let t=Object.keys(e.connection.authProfiles);if(t.length!==1)throw g("internal_server_error",`Upstream policy ${e.policyName} must declare exactly one auth mode; found ${t.length}.`);let r=t[0];if(r===void 0)throw g("internal_server_error",`Upstream policy ${e.policyName} does not declare an auth mode.`);return Bi.parse(r)}o(m$,"readSingleAuthMode");function z_(e){return Ot.parse(e)}o(z_,"buildToolNamePrefixFromConnectionId");async function op(e,t,r,n){let a=Ki(r,n),i=m$({policyName:n,connection:a}),s=Nn(t),c=O_({connection:a,virtualServerId:s.virtualServerId,authMode:i});if(c.ownerMode==="none")return Wd(t,{...c,connectionPolicyName:n,toolNamePrefix:z_(a.id)}),e;let d=Xg(t);return Wd(t,{...Us(c,d),connectionPolicyName:n,toolNamePrefix:z_(a.id)}),e}o(op,"mcpUpstreamConnectionPolicy");var f$=o(async(e,t,r,n)=>(sr("policy.inbound.mcp-upstream-connection"),op(e,t,r,n)),"McpUpstreamConnectionInboundPolicy");ie();ie();var M_="application/json",h$="application/x-www-form-urlencoded";function g$(e){return(e??"").split(";")[0]?.trim().toLowerCase()??""}o(g$,"normalizeContentType");function y$(e,t){return e===t?!0:t===M_&&e.endsWith("+json")}o(y$,"contentTypeMatches");function S$(e,t){if(!t||t.length===0)return;let r=g$(e.headers.get("content-type"));if(!t.some(n=>y$(r,n)))throw g("invalid_request",`Request body must be ${t.join(" or ")}.`)}o(S$,"assertExpectedContentType");function _$(e,t,r){let n=e.headers.get("content-length");if(!n)return;let a=Number.parseInt(n,10);if(Number.isFinite(a)&&a>t)throw g("invalid_request",`${r} exceeded the maximum allowed size.`)}o(_$,"assertContentLengthWithinLimit");async function q_(e,t){let r=t.label??"Request body";S$(e,t.expectedContentTypes),_$(e,t.maxBytes,r);let n=await Rs(e.body,{maxBytes:t.maxBytes,createLimitError:o(()=>g("invalid_request",`${r} exceeded the maximum allowed size.`),"createLimitError")});return new TextDecoder().decode(n)}o(q_,"readBoundedTextBody");async function N_(e,t){let r=await q_(e,{...t,expectedContentTypes:[M_]});try{return JSON.parse(r)}catch(n){throw g("invalid_request","Request body must be valid JSON.",n)}}o(N_,"readBoundedJsonBody");async function Os(e,t){let r=await q_(e,{...t,expectedContentTypes:[h$]});return new URLSearchParams(r)}o(Os,"readBoundedFormUrlEncodedBody");var j_=Symbol("Html");function w$(e){return e.replaceAll("&","&amp;").replaceAll("<","&lt;").replaceAll(">","&gt;").replaceAll('"',"&quot;").replaceAll("'","&#39;")}o(w$,"escapeHtml");function v$(e){return e===null||typeof e!="object"?!1:e[j_]===!0}o(v$,"isHtml");function D_(e){return e==null||e===!1?"":Array.isArray(e)?e.map(D_).join(""):v$(e)?e.value:w$(String(e))}o(D_,"renderValue");function tr(e){return{[j_]:!0,value:e}}o(tr,"trustedHtml");var _e=tr("");function k(e,...t){let r=e[0]??"";for(let n=0;n<t.length;n+=1)r+=D_(t[n]),r+=e[n+1]??"";return tr(r)}o(k,"html");function rr(e){return e.value}o(rr,"renderHtml");var nr=tr('*,:before,:after{box-sizing:border-box}:root{--bg:#f5f6f8;--surface:#fff;--surface-2:#f8fafc;--border:#e5e7eb;--border-strong:#d1d5db;--text:#0f172a;--text-2:#475569;--text-3:#64748b;--text-muted:#94a3b8;--accent:#0f172a;--accent-hover:#1e293b;--accent-text:#fff;--focus-ring:#0f172a29;--danger:#b91c1c;--danger-bg:#b91c1c0f;--danger-border:#b91c1c38;--warning:#92400e;--warning-bg:#fffbeb;--warning-border:#fde68a;--success:#15803d;--success-bg:#f0fdf4;--success-border:#bbf7d0;--radius-sm:4px;--radius:8px;--radius-lg:12px;--radius-pill:9999px;--shadow-sm:0 1px 2px #0f172a0d;--shadow:0 1px 2px #0f172a0a,0 6px 16px #0f172a0f;--font-sans:-apple-system,BlinkMacSystemFont,"Segoe UI",Inter,system-ui,sans-serif;--font-mono:ui-monospace,SFMono-Regular,"SF Mono",Menlo,Monaco,Consolas,monospace}@media (prefers-color-scheme:dark){:root{--bg:#0a0c10;--surface:#15171c;--surface-2:#1e2128;--border:#262932;--border-strong:#3a3e48;--text:#fafafa;--text-2:#cbd5e1;--text-3:#94a3b8;--text-muted:#71717a;--accent:#fafafa;--accent-hover:#e4e4e7;--accent-text:#0a0c10;--focus-ring:#fafafa2e;--danger:#f87171;--danger-bg:#f8717114;--danger-border:#f871714d;--warning:#fbbf24;--warning-bg:#fbbf2414;--warning-border:#fbbf2447;--success:#34d399;--success-bg:#34d39914;--success-border:#34d3994d;--shadow-sm:0 1px 2px #0006;--shadow:0 1px 2px #0006,0 8px 24px #0006}}html,body{margin:0;padding:0}body{font-family:var(--font-sans);background:var(--bg);color:var(--text);-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;flex-direction:column;align-items:center;min-height:100dvh;padding:48px 20px;font-size:14px;line-height:1.5;display:flex}.card{background:var(--surface);border:1px solid var(--border);border-radius:var(--radius-lg);width:100%;max-width:480px;box-shadow:var(--shadow);overflow:hidden}.card__head{text-align:center;padding:32px 32px 24px}.card__icon{border-radius:var(--radius);background:var(--surface-2);object-fit:contain;border:1px solid var(--border);width:48px;height:48px;margin:0 auto 16px;display:block}.card__title{letter-spacing:-.01em;color:var(--text);margin:0;font-size:20px;font-weight:600;line-height:1.3}.card__subtitle{color:var(--text-2);margin:8px 0 0;font-size:14px;line-height:1.55}.card__subtitle strong{color:var(--text);font-weight:600}.card__description{color:var(--text-3);margin:12px 0 0;font-size:13px;line-height:1.55}.card__principal{color:var(--text-3);background:var(--surface-2);border-radius:var(--radius-pill);text-overflow:ellipsis;white-space:nowrap;align-items:center;gap:6px;max-width:100%;margin:16px 0 0;padding:4px 12px;font-size:12.5px;display:inline-flex;overflow:hidden}.card__body{flex-direction:column;gap:20px;padding:8px 32px 24px;display:flex}.card__head+.card__body{border-top:1px solid var(--border);padding-top:24px}.card__footer{border-top:1px solid var(--border);background:var(--surface-2);flex-wrap:wrap;justify-content:flex-end;align-items:center;gap:8px;padding:16px 24px;display:flex}.card__fineprint{color:var(--text-3);text-align:center;margin:0;font-size:12.5px;line-height:1.5}.card__fineprint strong{color:var(--text-2);font-weight:600}.section-label{text-transform:uppercase;letter-spacing:.07em;color:var(--text-3);align-items:baseline;gap:6px;margin:0;font-size:11px;font-weight:600;display:flex}.section-label__count{color:var(--text-3);letter-spacing:0;font-weight:500}.banner{border-radius:var(--radius);border:1px solid;align-items:flex-start;gap:10px;padding:12px 14px;font-size:13px;display:flex}.banner__icon{flex-shrink:0;justify-content:center;align-items:center;width:16px;height:16px;margin-top:1px;display:inline-flex}.banner__body{flex-direction:column;flex:1;gap:2px;min-width:0;display:flex}.banner__title{color:var(--text);margin:0;font-size:13px;font-weight:600}.banner__message{color:var(--text-2);margin:0;font-size:13px;line-height:1.5}.banner--warning{background:var(--warning-bg);border-color:var(--warning-border)}.banner--warning .banner__icon{color:var(--warning)}.banner--alert{background:var(--danger-bg);border-color:var(--danger-border)}.banner--alert .banner__icon,.banner--alert .banner__title{color:var(--danger)}.upstream-list{flex-direction:column;gap:8px;margin:0;padding:0;list-style:none;display:flex}.upstream-card{background:var(--surface);border:1px solid var(--border);border-radius:var(--radius);flex-direction:column;gap:10px;padding:14px;display:flex}.upstream-card--needs-action{border-color:var(--warning-border);background:var(--warning-bg)}.upstream-card__head{align-items:flex-start;gap:10px;display:flex}.icon-frame{border-radius:var(--radius-sm);border:1px solid var(--border);background:var(--surface-2);width:32px;height:32px;color:var(--text-3);flex-shrink:0;justify-content:center;align-items:center;display:inline-flex;overflow:hidden}.icon-frame img{object-fit:contain;max-width:100%;max-height:100%}.icon-frame--fallback svg{width:18px;height:18px}.inline-icon{object-fit:contain;vertical-align:-2px;border-radius:2px;width:14px;height:14px;margin-right:4px}.upstream-card__main{flex-direction:column;flex:1;gap:3px;min-width:0;display:flex}.upstream-card__title-row{justify-content:space-between;align-items:center;gap:10px;min-width:0;display:flex}.upstream-card__title{color:var(--text);letter-spacing:-.005em;text-overflow:ellipsis;white-space:nowrap;flex:1;min-width:0;margin:0;font-size:14px;font-weight:600;line-height:1.3;overflow:hidden}.upstream-card__meta{color:var(--text-3);flex-wrap:wrap;align-items:center;gap:6px;font-size:12px;display:flex}.upstream-card__host{font-family:var(--font-mono);background:var(--surface-2);color:var(--text-2);border-radius:var(--radius-sm);padding:1px 6px;font-size:11.5px}.upstream-card__sep{color:var(--border-strong)}.upstream-card__description{color:var(--text-2);margin:4px 0 0;font-size:12.5px;line-height:1.5}.status-badge{border-radius:var(--radius-pill);white-space:nowrap;border:1px solid #0000;flex-shrink:0;align-items:center;gap:6px;padding:2px 8px;font-size:11.5px;font-weight:600;display:inline-flex}.status-badge:before{content:"";background:currentColor;border-radius:50%;flex-shrink:0;width:5px;height:5px}.status-badge--success{background:var(--success-bg);color:var(--success);border-color:var(--success-border)}.status-badge--warning{background:var(--warning-bg);color:var(--warning);border-color:var(--warning-border)}.status-badge--neutral{background:var(--surface-2);color:var(--text-2);border-color:var(--border)}.upstream-card__capabilities,.upstream-card__scopes{border-top:1px solid var(--border);margin-top:2px;padding-top:10px}.upstream-card__capabilities--empty{color:var(--text-3);font-size:12px;font-style:italic}.capabilities-summary,.scopes-summary{cursor:pointer;user-select:none;color:var(--text-2);justify-content:space-between;align-items:center;gap:12px;padding:2px 0;font-size:12.5px;list-style:none;display:flex}.capabilities-summary::-webkit-details-marker,.scopes-summary::-webkit-details-marker{display:none}.capabilities-summary:hover,.scopes-summary:hover{color:var(--text)}.capabilities-summary:focus-visible,.scopes-summary:focus-visible{outline:2px solid var(--accent);outline-offset:2px;border-radius:var(--radius-sm)}.capabilities-summary__counts{flex-wrap:wrap;align-items:center;gap:12px;display:flex}.count-pill{color:var(--text-2);align-items:baseline;gap:4px;font-size:12.5px;display:inline-flex}.count-pill__num{font-variant-numeric:tabular-nums;color:var(--text);font-size:13px;font-weight:600}.count-pill--destructive .count-pill__num,.count-pill--destructive .count-pill__label{color:var(--danger)}.capabilities-summary__chevron{color:var(--text-3);flex-shrink:0;transition:transform .15s;display:inline-flex}details[open]>.capabilities-summary .capabilities-summary__chevron,details[open]>.scopes-summary .capabilities-summary__chevron{transform:rotate(180deg)}.capabilities-detail{margin-top:10px}.capability-section{margin-top:14px}.capability-section:first-child{margin-top:6px}.capability-section__title{text-transform:uppercase;letter-spacing:.07em;color:var(--text-3);margin:0 0 6px;font-size:11px;font-weight:600}.capability-list{flex-direction:column;gap:5px;margin:0;padding:0;font-size:12.5px;list-style:none;display:flex}.capability-row{flex-wrap:wrap;align-items:baseline;gap:6px;padding:2px 0;display:flex}.capability-row__name{font-weight:500;font-family:var(--font-mono);color:var(--text);font-size:12.5px}.capability-row__description{color:var(--text-3);flex-basis:100%;font-size:12px;line-height:1.45}.capability-row__description code{font-family:var(--font-mono);background:var(--surface-2);border-radius:var(--radius-sm);color:var(--text-2);padding:1px 4px}.capability-row--more{color:var(--text-3);font-size:12px;font-style:italic}.scopes-list{flex-wrap:wrap;gap:4px;margin-top:8px;display:flex}.scope-chip{font-family:var(--font-mono);background:var(--surface-2);color:var(--text-2);border-radius:var(--radius-sm);border:1px solid var(--border);padding:2px 7px;font-size:11.5px}.badge{border-radius:var(--radius-sm);letter-spacing:.04em;text-transform:uppercase;align-items:center;padding:1px 5px;font-size:10px;font-weight:600;display:inline-flex}.badge--destructive{background:var(--danger-bg);color:var(--danger)}.badge--muted{background:var(--surface-2);color:var(--text-3)}.badge-row{flex-wrap:wrap;gap:4px;display:inline-flex}.muted{color:var(--text-3)}.button{font:inherit;border-radius:var(--radius);cursor:pointer;white-space:nowrap;border:1px solid #0000;justify-content:center;align-items:center;gap:6px;padding:9px 16px;font-size:14px;font-weight:500;text-decoration:none;transition:background .12s,border-color .12s,color .12s,box-shadow .12s,transform 40ms;display:inline-flex}.button:active{transform:translateY(1px)}.button:focus-visible{box-shadow:0 0 0 3px var(--focus-ring);outline:0}.button--small{padding:5px 10px;font-size:12.5px}.button--primary{background:var(--accent);color:var(--accent-text);border-color:var(--accent)}.button--primary:hover:not(:disabled):not([aria-disabled=true]){background:var(--accent-hover);border-color:var(--accent-hover)}.button:disabled,.button[aria-disabled=true]{cursor:not-allowed;opacity:.55}.button:disabled:hover,.button[aria-disabled=true]:hover{background:var(--accent);border-color:var(--accent)}.button--secondary{background:var(--surface);color:var(--text);border-color:var(--border-strong)}.button--secondary:hover{background:var(--surface-2);border-color:var(--border-strong)}.button--block{width:100%}.form{flex-direction:column;gap:6px;display:flex}.form__label{color:var(--text);margin:8px 0 0;font-size:13px;font-weight:600;display:block}.form__label:first-child{margin-top:0}.form__input{box-sizing:border-box;border:1px solid var(--border-strong);border-radius:var(--radius);width:100%;font:inherit;background:var(--surface);color:var(--text);padding:9px 12px;font-size:14px;transition:border-color .12s,box-shadow .12s}.form__input:focus{border-color:var(--accent);box-shadow:0 0 0 3px var(--focus-ring);outline:0}.form__note{color:var(--text-3);margin:4px 0 0;font-size:12.5px;line-height:1.5}.form__submit{margin-top:8px}.empty{text-align:center;color:var(--text-3);border:1px dashed var(--border);border-radius:var(--radius);background:var(--surface);padding:24px 16px;font-size:13px}.actions{gap:8px;margin:0;display:flex}@media (width<=480px){body{padding:0}.card{box-shadow:none;border-left:0;border-right:0;border-radius:0;min-height:100dvh}.card__head{padding:24px 20px 16px}.card__body{padding:16px 20px}.card__footer{flex-direction:column-reverse;align-items:stretch;padding:14px 20px}.card__footer .button{width:100%}}@media (prefers-reduced-motion:reduce){*{transition:none!important}}');function or(e){return k`<!doctype html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><meta name="referrer" content="no-referrer" /><meta name="robots" content="noindex" /><title>${e.title}</title><link rel="icon" type="image/png" href="https://www.google.com/s2/favicons?domain=${e.host}&sz=64" /><style>
50
+ `&&n++}}return[t,r]}o(sO,"splitLines");var Ts=class extends TransformStream{static{o(this,"EventSourceParserStream")}constructor({onError:t,onRetry:r,onComment:n}={}){let a;super({start(i){a=p_({onEvent:o(s=>{i.enqueue(s)},"onEvent"),onError(s){t==="terminate"?i.error(s):typeof t=="function"&&t(s)},onRetry:r,onComment:n})},transform(i){a.feed(i)}})}};var cO={initialReconnectionDelay:1e3,maxReconnectionDelay:3e4,reconnectionDelayGrowFactor:1.5,maxRetries:2},Ar=class extends Error{static{o(this,"StreamableHTTPError")}constructor(t,r){super(`Streamable HTTP error: ${r}`),this.code=t}},Es=class{static{o(this,"StreamableHTTPClientTransport")}constructor(t,r){this._hasCompletedAuthFlow=!1,this._url=t,this._resourceMetadataUrl=void 0,this._scope=void 0,this._requestInit=r?.requestInit,this._authProvider=r?.authProvider,this._fetch=r?.fetch,this._fetchWithInit=l_(r?.fetch,r?.requestInit),this._sessionId=r?.sessionId,this._reconnectionOptions=r?.reconnectionOptions??cO}async _authThenStart(){if(!this._authProvider)throw new Xt("No auth provider");let t;try{t=await xr(this._authProvider,{serverUrl:this._url,resourceMetadataUrl:this._resourceMetadataUrl,scope:this._scope,fetchFn:this._fetchWithInit})}catch(r){throw this.onerror?.(r),r}if(t!=="AUTHORIZED")throw new Xt;return await this._startOrAuthSse({resumptionToken:void 0})}async _commonHeaders(){let t={};if(this._authProvider){let n=await this._authProvider.tokens();n&&(t.Authorization=`Bearer ${n.access_token}`)}this._sessionId&&(t["mcp-session-id"]=this._sessionId),this._protocolVersion&&(t["mcp-protocol-version"]=this._protocolVersion);let r=As(this._requestInit?.headers);return new Headers({...t,...r})}async _startOrAuthSse(t){let{resumptionToken:r}=t;try{let n=await this._commonHeaders();n.set("Accept","text/event-stream"),r&&n.set("last-event-id",r);let a=await(this._fetch??fetch)(this._url,{method:"GET",headers:n,signal:this._abortController?.signal});if(!a.ok){if(await a.body?.cancel(),a.status===401&&this._authProvider)return await this._authThenStart();if(a.status===405)return;throw new Ar(a.status,`Failed to open SSE stream: ${a.statusText}`)}this._handleSseStream(a.body,t,!0)}catch(n){throw this.onerror?.(n),n}}_getNextReconnectionDelay(t){if(this._serverRetryMs!==void 0)return this._serverRetryMs;let r=this._reconnectionOptions.initialReconnectionDelay,n=this._reconnectionOptions.reconnectionDelayGrowFactor,a=this._reconnectionOptions.maxReconnectionDelay;return Math.min(r*Math.pow(n,t),a)}_scheduleReconnection(t,r=0){let n=this._reconnectionOptions.maxRetries;if(r>=n){this.onerror?.(new Error(`Maximum reconnection attempts (${n}) exceeded.`));return}let a=this._getNextReconnectionDelay(r);this._reconnectionTimeout=setTimeout(()=>{this._startOrAuthSse(t).catch(i=>{this.onerror?.(new Error(`Failed to reconnect SSE stream: ${i instanceof Error?i.message:String(i)}`)),this._scheduleReconnection(t,r+1)})},a)}_handleSseStream(t,r,n){if(!t)return;let{onresumptiontoken:a,replayMessageId:i}=r,s,c=!1,d=!1;o(async()=>{try{let l=t.pipeThrough(new TextDecoderStream).pipeThrough(new Ts({onRetry:o(y=>{this._serverRetryMs=y},"onRetry")})).getReader();for(;;){let{value:y,done:_}=await l.read();if(_)break;if(y.id&&(s=y.id,c=!0,a?.(y.id)),!!y.data&&(!y.event||y.event==="message"))try{let S=$r.parse(JSON.parse(y.data));St(S)&&(d=!0,i!==void 0&&(S.id=i)),this.onmessage?.(S)}catch(S){this.onerror?.(S)}}(n||c)&&!d&&this._abortController&&!this._abortController.signal.aborted&&this._scheduleReconnection({resumptionToken:s,onresumptiontoken:a,replayMessageId:i},0)}catch(l){if(this.onerror?.(new Error(`SSE stream disconnected: ${l}`)),(n||c)&&!d&&this._abortController&&!this._abortController.signal.aborted)try{this._scheduleReconnection({resumptionToken:s,onresumptiontoken:a,replayMessageId:i},0)}catch(y){this.onerror?.(new Error(`Failed to reconnect: ${y instanceof Error?y.message:String(y)}`))}}},"processStream")()}async start(){if(this._abortController)throw new Error("StreamableHTTPClientTransport already started! If using Client class, note that connect() calls start() automatically.");this._abortController=new AbortController}async finishAuth(t){if(!this._authProvider)throw new Xt("No auth provider");if(await xr(this._authProvider,{serverUrl:this._url,authorizationCode:t,resourceMetadataUrl:this._resourceMetadataUrl,scope:this._scope,fetchFn:this._fetchWithInit})!=="AUTHORIZED")throw new Xt("Failed to authorize")}async close(){this._reconnectionTimeout&&(clearTimeout(this._reconnectionTimeout),this._reconnectionTimeout=void 0),this._abortController?.abort(),this.onclose?.()}async send(t,r){try{let{resumptionToken:n,onresumptiontoken:a}=r||{};if(n){this._startOrAuthSse({resumptionToken:n,replayMessageId:It(t)?t.id:void 0}).catch(h=>this.onerror?.(h));return}let i=await this._commonHeaders();i.set("content-type","application/json"),i.set("accept","application/json, text/event-stream");let s={...this._requestInit,method:"POST",headers:i,body:JSON.stringify(t),signal:this._abortController?.signal},c=await(this._fetch??fetch)(this._url,s),d=c.headers.get("mcp-session-id");if(d&&(this._sessionId=d),!c.ok){let h=await c.text().catch(()=>null);if(c.status===401&&this._authProvider){if(this._hasCompletedAuthFlow)throw new Ar(401,"Server returned 401 after successful authentication");let{resourceMetadataUrl:y,scope:_}=jl(c);if(this._resourceMetadataUrl=y,this._scope=_,await xr(this._authProvider,{serverUrl:this._url,resourceMetadataUrl:this._resourceMetadataUrl,scope:this._scope,fetchFn:this._fetchWithInit})!=="AUTHORIZED")throw new Xt;return this._hasCompletedAuthFlow=!0,this.send(t)}if(c.status===403&&this._authProvider){let{resourceMetadataUrl:y,scope:_,error:S}=jl(c);if(S==="insufficient_scope"){let w=c.headers.get("WWW-Authenticate");if(this._lastUpscopingHeader===w)throw new Ar(403,"Server returned 403 after trying upscoping");if(_&&(this._scope=_),y&&(this._resourceMetadataUrl=y),this._lastUpscopingHeader=w??void 0,await xr(this._authProvider,{serverUrl:this._url,resourceMetadataUrl:this._resourceMetadataUrl,scope:this._scope,fetchFn:this._fetch})!=="AUTHORIZED")throw new Xt;return this.send(t)}}throw new Ar(c.status,`Error POSTing to endpoint: ${h}`)}if(this._hasCompletedAuthFlow=!1,this._lastUpscopingHeader=void 0,c.status===202){await c.body?.cancel(),tm(t)&&this._startOrAuthSse({resumptionToken:void 0}).catch(h=>this.onerror?.(h));return}let l=(Array.isArray(t)?t:[t]).filter(h=>"method"in h&&"id"in h&&h.id!==void 0).length>0,m=c.headers.get("content-type");if(l)if(m?.includes("text/event-stream"))this._handleSseStream(c.body,{onresumptiontoken:a},!1);else if(m?.includes("application/json")){let h=await c.json(),y=Array.isArray(h)?h.map(_=>$r.parse(_)):[$r.parse(h)];for(let _ of y)this.onmessage?.(_)}else throw await c.body?.cancel(),new Ar(-1,`Unexpected content type: ${m}`);else await c.body?.cancel()}catch(n){throw this.onerror?.(n),n}}get sessionId(){return this._sessionId}async terminateSession(){if(this._sessionId)try{let t=await this._commonHeaders(),r={...this._requestInit,method:"DELETE",headers:t,signal:this._abortController?.signal},n=await(this._fetch??fetch)(this._url,r);if(await n.body?.cancel(),!n.ok&&n.status!==405)throw new Ar(n.status,`Failed to terminate session: ${n.statusText}`);this._sessionId=void 0}catch(t){throw this.onerror?.(t),t}}setProtocolVersion(t){this._protocolVersion=t}get protocolVersion(){return this._protocolVersion}async resumeStream(t,r){await this._startOrAuthSse({resumptionToken:t,onresumptiontoken:r?.onresumptiontoken})}};function m_(e=[]){let t={};for(let r of e){if(!r.value){if(r.required)throw g("internal_server_error",`Native MCP transport header ${r.name} is required but has no value configured.`);continue}t[r.name]=r.value}return t}o(m_,"resolveNativeMcpRequestHeaders");var uO={name:"zuplo-mcp-gateway",version:"0.1.0"},dO=new Mn({draft:"7",shortcircuit:!1}),lO=5,pO=500,g_=3e4,mO=2*1024*1024,fO=2;function f_(){return performance.now()/1e3}o(f_,"nowSeconds");function hO(e){if(e.port)return Number(e.port);if(e.protocol==="https:")return 443;if(e.protocol==="http:")return 80}o(hO,"readServerPort");function gO(e,t){return{mcpSessionId:t,serverAddress:e.hostname,serverPort:hO(e)}}o(gO,"buildNativeMcpOperationContext");function Jn(e){return $g(e)}o(Jn,"withTraceMeta");function Jl(e){if(e>pO)throw g("upstream_import_failed","Upstream import exceeded the maximum allowed capability count.")}o(Jl,"assertImportedCapabilityBudget");function h_(e){return Object.keys(e).length===0?{}:{requestInit:{headers:e}}}o(h_,"buildRequestInit");function yO(e){return(t,r)=>Cs(t,r,{additionalCrossOriginStrippedHeaders:e,maxRedirects:fO,maxResponseBytes:mO,problemCode:"upstream_capability_invocation_failed",timeoutMs:g_})}o(yO,"createNativeMcpFetch");function SO(e){return new Promise((t,r)=>{let n=setTimeout(()=>{r(g("upstream_capability_invocation_failed","Upstream MCP request exceeded the maximum allowed time."))},g_);e.then(a=>{clearTimeout(n),t(a)},a=>{clearTimeout(n),r(a)})})}o(SO,"withNativeMcpRequestTimeout");function _O(e,t=[]){let r=m_(t),n=e?.type==="headers"?Object.keys(e.headers):[],a=[...Object.keys(r),...n],i={fetch:yO(a)};if(!e)return{...i,...h_(r)};switch(e.type){case"mcp_oauth_provider":return{authProvider:e.provider,...i,...h_(r)};case"bearer_token":return{...i,requestInit:{headers:{...r,Authorization:`Bearer ${e.token}`}}};case"headers":return{...i,requestInit:{headers:{...r,...e.headers}}}}}o(_O,"buildNativeMcpTransportOptions");async function Yn(e,t,r){let{transport:n}=rt(e),a=new URL(n.baseUrl),i=new Es(a,_O(r,n.requestHeaders)),s=new xs(uO,{capabilities:{},jsonSchemaValidator:dO});return SO((async()=>{let c=f_();await s.connect(i);let d=i.sessionId,p=gO(a,d);try{return await t(s,p)}finally{if(i.sessionId)try{await i.terminateSession()}catch{}await s.close(),d&&zg(p,f_()-c)}})())}o(Yn,"withNativeMcpClient");async function wO(e,t,r){let n=[],a,i=0;do{if(i>=lO)throw g("upstream_capability_invocation_failed",`${e} pagination exceeded the maximum allowed page count.`);let s=await t(a);i+=1,n.push(...r(s)),a=s.nextCursor}while(a);return n}o(wO,"collectPaginatedSdkItems");async function Yl(e){return e.enabled?wO(e.label,e.fetchPage,e.readItems):[]}o(Yl,"listNativeMcpCapabilityItems");async function y_(e){return Yn(e.upstreamServerId,async(t,r)=>{let n=t.getServerCapabilities(),a=await Zr({methodName:"tools/list",...r},()=>Yl({enabled:!!n?.tools,label:"Tool list",fetchPage:o(i=>t.listTools(Jn(i?{cursor:i}:void 0)),"fetchPage"),readItems:o(i=>i.tools,"readItems")}));return Jl(a.length),{tools:a}},e.credential)}o(y_,"listNativeMcpTools");async function S_(e){return Yn(e.upstreamServerId,async(t,r)=>{let n=t.getServerCapabilities(),a=await Zr({methodName:"prompts/list",...r},()=>Yl({enabled:!!n?.prompts,label:"Prompt list",fetchPage:o(i=>t.listPrompts(Jn(i?{cursor:i}:void 0)),"fetchPage"),readItems:o(i=>i.prompts,"readItems")}));return Jl(a.length),{prompts:a}},e.credential)}o(S_,"listNativeMcpPrompts");async function __(e){return Yn(e.upstreamServerId,async(t,r)=>{let n=t.getServerCapabilities(),a=await Zr({methodName:"resources/list",...r},()=>Yl({enabled:!!n?.resources,label:"Resource list",fetchPage:o(i=>t.listResources(Jn(i?{cursor:i}:void 0)),"fetchPage"),readItems:o(i=>i.resources,"readItems")}));return Jl(a.length),{resources:a}},e.credential)}o(__,"listNativeMcpResources");async function w_(e){return Yn(e.upstreamServerId,(t,r)=>Zr({methodName:"tools/call",capabilityType:"tool",capabilityName:e.params.name,...r},async()=>await t.callTool(Jn(e.params))),e.credential)}o(w_,"callNativeMcpTool");async function v_(e){return Yn(e.upstreamServerId,(t,r)=>Zr({methodName:"prompts/get",capabilityType:"prompt",capabilityName:e.params.name,...r},()=>t.getPrompt(Jn(e.params))),e.credential)}o(v_,"getNativeMcpPrompt");async function b_(e){return Yn(e.upstreamServerId,(t,r)=>Zr({methodName:"resources/read",capabilityType:"resource",resourceUri:e.params.uri,...r},()=>t.readResource(Jn(e.params))),e.credential)}o(b_,"readNativeMcpResource");var Ca=class extends A{static{o(this,"ConnectRequiredMcpError")}constructor(t){super(U.InvalidRequest,t.message),this.name="ConnectRequiredMcpError"}};function vO(e){return{content:[{type:"text",text:e}],isError:!0}}o(vO,"buildToolErrorResult");function bO(e){return e.authUrl?new cr([{mode:"url",elicitationId:crypto.randomUUID(),message:e.message,url:e.authUrl}],e.message):new Ca(e)}o(bO,"toConnectRequiredError");function RO(e){return{credentialType:e.type,...e.type==="headers"?{headerNames:Object.keys(e.headers).sort()}:{}}}o(RO,"buildCredentialResolvedAttributes");function CO(e){tt(e.context,{eventType:K.MCP_GATEWAY_AUTH_UPSTREAM_CREDENTIAL_RESOLVED,outcome:"success",routeBinding:e.routeBinding,attributes:RO(e.credential)})}o(CO,"emitCredentialResolvedAnalyticsEvent");function IO(e){tt(e.context,{eventType:K.MCP_GATEWAY_AUTH_UPSTREAM_CREDENTIAL_MISSING,outcome:"connect_required",routeBinding:e.routeBinding,reasonCode:"connect_required",reasonClass:"auth",attributes:{nextAction:e.payload.nextAction,state:e.payload.state}})}o(IO,"emitCredentialMissingAnalyticsEvent");function PO(e){return e.ownerMode==="none"?JSON.stringify(["none",e.upstreamServerId,e.authProfileId]):Jr({owner:e.owner,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId})}o(PO,"readRouteBindingCredentialCacheKey");function C_(e){if(e.ownerMode!=="none")return{owner:e.owner,upstreamServerId:e.upstreamServerId,authProfileId:e.authProfileId}}o(C_,"readOwnedRouteBindingLookup");async function xO(e){let t=Rl(e.request);if(!t)return new Map;let r=new Map;for(let s of e.routeBindings){let c=C_(s);c!==void 0&&r.set(Jr(c),c)}if(r.size===0)return new Map;let n=[...r.values()],a=await J().authorizeAndLoadConnections({accessTokenHash:await pe(t),resource:Wr(e.virtualServerId,e.request.url),virtualServerId:e.virtualServerId,upstreamConnectionKeys:n,now:ne(new Date)});if(a.kind!=="authorized")return new Map;let i=new Map;return a.upstreamConnections.forEach((s,c)=>{let d=n[c];d!==void 0&&i.set(Jr(d),s.connection)}),i}o(xO,"preloadCompositeAuthorizedConnections");function AO(e){let t=new Map;return r=>{let n=PO(r),a=t.get(n);if(a)return a;let i=(async()=>{let s=await e.preloadedConnections,c=C_(r),d=c===void 0?void 0:Jr(c),p=await s_({request:e.request,routeAuth:r,...d!==void 0&&s.has(d)?{preloadedConnection:s.get(d)}:{}});if(p.kind==="connect_required")throw IO({context:e.context,payload:p.payload,routeBinding:r}),bO(p.payload);return CO({context:e.context,credential:p.credential,routeBinding:r}),p.credential})();return t.set(n,i),i}}o(AO,"createCredentialResolver");var R_=500;function kO(e){return e.length<=R_?e:`${e.slice(0,R_)}...`}o(kO,"truncateAnalyticsDetail");function TO(e){tt(e.context,{eventType:K.MCP_GATEWAY_CAPABILITY_COMPLETED,outcome:e.result.isError===!0?"application_error":"success",routeBinding:e.routeBinding,mcpMethod:"tools/call",capabilityName:e.toolName,capabilityType:"tool",toolResultIsError:e.result.isError===!0,applicationError:e.result.isError===!0})}o(TO,"emitToolInvocationCompletedAnalyticsEvent");function EO(e){return e instanceof cr||e instanceof Ca?{eventType:K.MCP_GATEWAY_CAPABILITY_CONNECT_REQUIRED,outcome:"connect_required",reasonCode:"connect_required",reasonClass:"auth",errorType:"connect_required"}:e instanceof A&&e.code===U.InvalidParams?{eventType:K.MCP_GATEWAY_CAPABILITY_FAILED,outcome:"failure",reasonCode:"invalid_tool_arguments",reasonClass:"client",errorType:"tool_error",mcpErrorType:"InvalidParams"}:{eventType:K.MCP_GATEWAY_CAPABILITY_FAILED,outcome:"failure",reasonCode:"upstream_capability_invocation_failed",reasonClass:"upstream",errorType:"tool_error"}}o(EO,"classifyToolInvocationFailure");function UO(e){let t=e.error instanceof Error?e.error.message:String(e.error),r=EO(e.error);tt(e.context,{eventType:r.eventType,outcome:r.outcome,routeBinding:e.routeBinding,mcpMethod:"tools/call",capabilityName:e.toolName,capabilityType:"tool",reasonCode:r.reasonCode,reasonClass:r.reasonClass,errorType:r.errorType,mcpErrorType:r.mcpErrorType,attributes:{detail:kO(t)}})}o(UO,"emitToolInvocationFailedAnalyticsEvent");var OO=256*1024;function $O(e){if(e.arguments===void 0)return;let t;try{t=new TextEncoder().encode(JSON.stringify(e.arguments)).length}catch{throw new A(U.InvalidParams,"Tool arguments must be JSON-serializable.")}if(t>OO)throw new A(U.InvalidParams,"Tool arguments exceed the maximum allowed size.")}o($O,"assertToolArgumentsWithinLimit");function Ql(e){if(e.routeBindings.length===1)return e.routeBindings[0];let t=e.routeBindings.filter(r=>r.connectionPolicyName===e.upstreamPolicyName);if(t.length!==1)throw new A(U.InvalidRequest,`Published item ${e.capabilityName} on virtual server ${e.virtualServerId} is claimed by ${t.length} upstream bindings.`);return t[0]}o(Ql,"findBindingForPublishedCapability");function Qn(e){let t=e.routeBindings[0];if(e.routeBindings.length!==1||t===void 0)throw new A(U.InternalError,`Upstream MCP catalog mode for virtual server ${e.publishedVirtualServer.virtualServerId} requires exactly one upstream binding.`);return t}o(Qn,"requireSingleTransparentBinding");function zO(e){if(e.publishedVirtualServer.catalog.catalogSource==="upstream_mcp")return{binding:Qn(e),upstreamName:e.toolName};let t=e.publishedVirtualServer.catalog.tools.find(r=>r.name===e.toolName&&r.enabled!==!1);if(!t)throw new A(U.MethodNotFound,`Tool ${e.toolName} is not available on virtual server ${e.publishedVirtualServer.virtualServerId}.`);return{binding:Ql({capabilityName:String(t.name),routeBindings:e.routeBindings,upstreamPolicyName:t.upstreamPolicyName,virtualServerId:e.publishedVirtualServer.virtualServerId}),upstreamName:t.upstreamName}}o(zO,"resolvePublishedToolRoute");function MO(e){if(e.publishedVirtualServer.catalog.catalogSource==="upstream_mcp")return{binding:Qn(e),upstreamName:e.promptName};let t=e.publishedVirtualServer.catalog.prompts.find(r=>r.name===e.promptName&&r.enabled!==!1);if(!t)throw new A(U.MethodNotFound,`Prompt ${e.promptName} is not available on virtual server ${e.publishedVirtualServer.virtualServerId}.`);return{binding:Ql({capabilityName:String(t.name),routeBindings:e.routeBindings,upstreamPolicyName:t.upstreamPolicyName,virtualServerId:e.publishedVirtualServer.virtualServerId}),upstreamName:t.upstreamName}}o(MO,"resolvePublishedPromptRoute");function qO(e){if(e.publishedVirtualServer.catalog.catalogSource==="upstream_mcp")return{binding:Qn(e),upstreamUri:e.resourceUri};let t=e.publishedVirtualServer.catalog.resources.find(r=>r.uri===e.resourceUri&&r.enabled!==!1);if(!t)throw new A(U.MethodNotFound,`Resource ${e.resourceUri} is not available on virtual server ${e.publishedVirtualServer.virtualServerId}.`);return{binding:Ql({capabilityName:String(t.name),routeBindings:e.routeBindings,upstreamPolicyName:t.upstreamPolicyName,virtualServerId:e.publishedVirtualServer.virtualServerId}),upstreamUri:t.upstreamUri}}o(qO,"resolvePublishedResourceRoute");function I_(e){let t=xO({request:e.request,routeBindings:e.routeBindings,virtualServerId:e.publishedVirtualServer.virtualServerId}),r=AO({context:e.context,preloadedConnections:t,request:e.request});return{async listTools(){if(e.publishedVirtualServer.catalog.catalogSource==="openapi")return{tools:e.publishedVirtualServer.catalog.tools.filter(a=>a.enabled!==!1).map(Wi)};let n=Qn(e);return y_({upstreamServerId:n.upstreamServerId,credential:await r(n)})},async callTool(n){let a=zO({publishedVirtualServer:e.publishedVirtualServer,routeBindings:e.routeBindings,toolName:n.name});try{$O(n);let i=await r(a.binding),s=await w_({upstreamServerId:a.binding.upstreamServerId,params:{...n,name:a.upstreamName},credential:i});return TO({context:e.context,routeBinding:a.binding,toolName:n.name,result:s}),e.context.log.debug({event:"upstream_tool_invocation_succeeded",toolName:n.name,upstreamName:a.upstreamName,upstreamServerId:a.binding.upstreamServerId,authProfileId:a.binding.authProfileId,isError:s.isError===!0},"Upstream tool invocation completed"),s}catch(i){if(UO({context:e.context,routeBinding:a.binding,toolName:n.name,error:i}),i instanceof cr||i instanceof Ca)throw e.context.log.info({event:"upstream_tool_invocation_connect_required",toolName:n.name,upstreamServerId:a.binding.upstreamServerId,authProfileId:a.binding.authProfileId,ownerMode:a.binding.ownerMode,hasAuthUrl:i instanceof cr},"Upstream tool invocation requires user to complete a connect flow"),i;let s={event:"upstream_tool_invocation_failed",code:"upstream_capability_invocation_failed",toolName:n.name,upstreamName:a.upstreamName,upstreamServerId:a.binding.upstreamServerId,authProfileId:a.binding.authProfileId};return i instanceof A&&(s.mcpErrorCode=i.code),i instanceof Error?(s.errorName=i.name,s.errorMessage=i.message,i.cause instanceof Error&&(s.causeName=i.cause.name,s.causeMessage=i.cause.message)):s.errorMessage=String(i),e.context.log.warn(s,"Upstream tool invocation failed; returning generic gateway error to MCP client"),vO(Qe("upstream_capability_invocation_failed").publicDetail)}},async listPrompts(){if(e.publishedVirtualServer.catalog.catalogSource==="openapi")return{prompts:e.publishedVirtualServer.catalog.prompts.filter(a=>a.enabled!==!1).map(Ji)};let n=Qn(e);return S_({upstreamServerId:n.upstreamServerId,credential:await r(n)})},async getPrompt(n){let a=MO({publishedVirtualServer:e.publishedVirtualServer,routeBindings:e.routeBindings,promptName:n.name});return v_({upstreamServerId:a.binding.upstreamServerId,params:{...n,name:a.upstreamName},credential:await r(a.binding)})},async listResources(){if(e.publishedVirtualServer.catalog.catalogSource==="openapi")return{resources:e.publishedVirtualServer.catalog.resources.filter(a=>a.enabled!==!1).map(Yi)};let n=Qn(e);return __({upstreamServerId:n.upstreamServerId,credential:await r(n)})},async readResource(n){let a=qO({publishedVirtualServer:e.publishedVirtualServer,routeBindings:e.routeBindings,resourceUri:n.uri});return b_({upstreamServerId:a.binding.upstreamServerId,params:{...n,uri:a.upstreamUri},credential:await r(a.binding)})}}}o(I_,"createCapabilityDispatcher");var NO="0.1.0",x_="POST",DO="POST, OPTIONS",jO=new Mn({draft:"7",shortcircuit:!1});function Xl(e){return Response.json({jsonrpc:"2.0",id:null,error:{code:-32e3,message:e}},{status:405,headers:{Allow:x_}})}o(Xl,"jsonRpcMethodNotAllowedResponse");function HO(e){let t={Allow:x_},r=e.headers.get("origin"),n=e.headers.get("access-control-request-method");if(r&&n){t["Access-Control-Allow-Methods"]=DO;let a=e.headers.get("access-control-request-headers");a&&(t["Access-Control-Allow-Headers"]=a)}return new Response(null,{status:204,headers:t})}o(HO,"buildOptionsResponse");function Xn(e){let t=e&&typeof e=="object"?e.id:void 0;return typeof t=="string"||typeof t=="number"?t:void 0}o(Xn,"readJsonRpcRequestId");function ep(e){return e&&typeof e=="object"?e.params:void 0}o(ep,"readMcpRequestParams");function P_(e,t){return e.headers.get(t)??void 0}o(P_,"readMcpHeader");function LO(e){return{mcpProtocolVersion:P_(e,"mcp-protocol-version")??Fr,mcpSessionId:P_(e,"mcp-session-id")}}o(LO,"buildServerTelemetryBase");function BO(e){if(e.headers.has("mcp-protocol-version"))return e;let t=new Headers(e.headers);return t.set("mcp-protocol-version",Fr),new Response(e.body,{status:e.status,statusText:e.statusText,headers:t})}o(BO,"ensureProtocolVersionHeader");async function tp(e,t){if(e.method==="OPTIONS")return HO(e);if(e.method==="GET")return Xl("Standalone SSE GET is not supported by this stateless virtual MCP server. Use POST streamable HTTP for MCP requests.");if(e.method==="DELETE")return Xl("Session termination via DELETE is not supported because this virtual MCP server is stateless.");if(e.method!=="POST")return Xl("Only POST is supported by this virtual MCP server.");let r=Dn(t),n=vg(r.virtualServerId),a=qg(t);if(n.catalog.catalogSource==="upstream_mcp"&&a.length!==1)throw t.log.error({event:"virtual_server_binding_count_invalid",code:"internal_server_error",virtualServerId:r.virtualServerId,bindingCount:a.length,catalogSource:n.catalog.catalogSource},"MCP virtual server route requires exactly one upstream binding"),g("internal_server_error",`MCP virtual server route requires exactly one upstream binding; found ${a.length}.`);let i=LO(e),s=I_({context:t,publishedVirtualServer:n,request:e,routeBindings:a}),c=se(e.url),d=new Di({enableDnsRebindingProtection:!0,allowedOrigins:[c]}),p=new Ni(n.catalog.serverInfo??{name:r.virtualServerId,version:NO},{capabilities:{prompts:{},resources:{},tools:{}},jsonSchemaValidator:jO});p.setRequestHandler(Ac,async m=>Kr({methodName:"tools/list",params:ep(m),jsonRpcRequestId:Xn(m),...i},()=>s.listTools())),p.setRequestHandler(wo,async m=>Kr({methodName:"tools/call",capabilityType:"tool",capabilityName:m.params.name,params:m.params,jsonRpcRequestId:Xn(m),...i},()=>s.callTool(m.params))),p.setRequestHandler(_c,async m=>Kr({methodName:"prompts/list",params:ep(m),jsonRpcRequestId:Xn(m),...i},()=>s.listPrompts())),p.setRequestHandler(vc,async m=>Kr({methodName:"prompts/get",capabilityType:"prompt",capabilityName:m.params.name,params:m.params,jsonRpcRequestId:Xn(m),...i},()=>s.getPrompt(m.params))),p.setRequestHandler(pc,async m=>Kr({methodName:"resources/list",params:ep(m),jsonRpcRequestId:Xn(m),...i},()=>s.listResources())),p.setRequestHandler(gc,async m=>Kr({methodName:"resources/read",capabilityType:"resource",resourceUri:m.params.uri,params:m.params,jsonRpcRequestId:Xn(m),...i},()=>s.readResource(m.params))),await p.connect(d);let l=await d.handleRequest(e);return BO(l)}o(tp,"virtualServerHandler");async function GO(e,t){return ir("handler.mcp-virtual-server"),tp(e,t)}o(GO,"McpVirtualServerHandler");var eo={OAUTH_PROTECTED_RESOURCE_METADATA:"oauth_metadata",VIRTUAL_MCP_SERVER:"gateway",OTHER:"other"},VO="oauth-protected-resource-metadata",FO="/.well-known/oauth-protected-resource/";function ZO(e){let r=(typeof e.route.raw=="function"?e.route.raw():void 0)?.operationId;return typeof r=="string"?r:void 0}o(ZO,"readRouteOperationId");function KO(e){return e.hasGatewayRouteContext?eo.VIRTUAL_MCP_SERVER:e.routeOperationId===VO||e.routeOperationId===void 0&&e.routePath.startsWith(FO)?eo.OAUTH_PROTECTED_RESOURCE_METADATA:eo.OTHER}o(KO,"classifyAnalyticsRouteSurface");function WO(e){let t=e.route.path;return{routePath:t,routeSurface:KO({routePath:t,routeOperationId:ZO(e),hasGatewayRouteContext:ta(e)!==void 0})}}o(WO,"readAnalyticsRequestContext");function JO(e){return e.response.status===405&&e.response.headers.has("allow")&&e.routeSurface===eo.VIRTUAL_MCP_SERVER}o(JO,"isIntentionalMethodRejection");function YO(e){return JO(e)||e.response.status===401&&e.routeSurface===eo.OAUTH_PROTECTED_RESOURCE_METADATA?"success":e.response.status>=400?"failure":"success"}o(YO,"classifyRequestCompletedOutcome");async function rp(e,t){let r=Date.now(),n=WO(t);return t.addResponseSendingFinalHook(a=>{let i=YO({response:a,routeSurface:n.routeSurface});tt(t,{eventType:K.MCP_GATEWAY_REQUEST_COMPLETED,outcome:i,routeSurface:n.routeSurface,httpStatusCode:a.status,httpMethod:e.method,latencyMs:Date.now()-r})}),e}o(rp,"analyticsContextInbound");function QO(e){return e instanceof Response}o(QO,"isResponse");var A_="/mcp/";function XO(e){let t=e.route.path;if(!t.startsWith(A_))throw g("internal_server_error",`Route ${t} is bound to mcp-oauth-inbound but does not match the /mcp/{virtualServerId} convention.`);let r=t.slice(A_.length);if(!r||r.includes("/"))throw g("internal_server_error",`Route ${t} is bound to mcp-oauth-inbound but must use exactly one /mcp/{virtualServerId} segment.`);return r}o(XO,"readVirtualServerIdFromRoute");async function Ia(e,t){let n={virtualServerId:Pe.parse(XO(t))};Cg(t,n),og(t,n);let a=await rp(e,t);return QO(a)?a:Cl(a,t)}o(Ia,"mcpOAuthInboundPolicy");var e$=o(async(e,t,r,n)=>(ir("policy.inbound.mcp-auth0-oauth"),Ia(e,t)),"McpAuth0OAuthInboundPolicy");function t$(e){let t=`https://${e.auth0Domain}/`,r=`https://${e.auth0Domain}/.well-known/jwks.json`,n=`https://${e.auth0Domain}/authorize`,a=`https://${e.auth0Domain}/oauth/token`;return es({oidc:{issuer:t,jwksUrl:r,audience:e.audience},browserLogin:{url:n,tokenUrl:a,clientId:e.clientId,clientSecret:e.clientSecret,scope:e.scope??"openid profile email",audience:e.audience,...e.browserLoginOverrides??{}},gateway:e.gateway})}o(t$,"buildAuth0McpOAuthRuntimeConfig");var r$={policyType:"mcp-auth0-oauth-inbound",displayName:"MCP OAuth (Auth0)",getConfig(e){return t$(e)}};Vi(r$);var n$=o(async(e,t,r,n)=>(ir("policy.inbound.mcp-oauth"),Ia(e,t)),"McpOAuthInboundPolicy"),o$={policyType:"mcp-oauth-inbound",displayName:"MCP OAuth",getConfig(e){return es(e)}};Vi(o$);function a$(e){let t=$t(e.connection.authMode);return{upstreamServerId:e.connection.upstreamServerId,virtualServerId:e.virtualServerId,authProfileId:e.connection.authProfileId,upstreamDisplayName:e.connection.config.displayName,authMode:e.connection.authMode,ownerMode:t.ownerMode}}o(a$,"buildRouteAuthBaseFromConnection");function T_(e){if(!e.connection.authProfiles[e.authMode])throw g("internal_server_error",`Upstream connection ${e.connection.id} does not declare auth mode ${e.authMode}.`);let r=$t(e.authMode);return{upstreamServerId:e.connection.id,virtualServerId:e.virtualServerId,authProfileId:Nn(e.connection.id,e.authMode),upstreamDisplayName:e.connection.displayName,authMode:e.authMode,ownerMode:r.ownerMode}}o(T_,"buildRouteAuthBaseFromPolicyOptions");function E_(e,t){let n=ht().byVirtualServerId.get(t);if(!n)throw g("unknown_virtual_server",`Unknown virtual server: ${t}`);let a=n.connections.find(i=>i.upstreamServerId===e);if(!a)throw g("virtual_server_upstream_mismatch",`Virtual server ${t} does not bind upstream ${e}.`);return a$({connection:a,virtualServerId:t})}o(E_,"resolveRouteAuthBase");function k_(e,t){switch(e){case"user":return Rr(t.subjectId);case"shared":return us()}}o(k_,"buildOwnerForPrincipal");function Us(e,t){switch(e.ownerMode){case"shared":return{...e,owner:k_(e.ownerMode,t),initiatedBySubjectId:t.subjectId};case"user":return{...e,owner:k_(e.ownerMode,t),initiatedBySubjectId:t.subjectId};case"none":return e}}o(Us,"resolveRouteAuthForPrincipal");function i$(e){let t=Object.keys(e.connection.authProfiles);if(t.length!==1)throw g("internal_server_error",`Upstream policy ${e.policyName} must declare exactly one auth mode; found ${t.length}.`);let r=t[0];if(r===void 0)throw g("internal_server_error",`Upstream policy ${e.policyName} does not declare an auth mode.`);return Bi.parse(r)}o(i$,"readSingleAuthMode");function U_(e){return Ot.parse(e)}o(U_,"buildToolNamePrefixFromConnectionId");async function np(e,t,r,n){let a=Ki(r,n),i=i$({policyName:n,connection:a}),s=Dn(t),c=T_({connection:a,virtualServerId:s.virtualServerId,authMode:i});if(c.ownerMode==="none")return Jd(t,{...c,connectionPolicyName:n,toolNamePrefix:U_(a.id)}),e;let d=Yg(t);return Jd(t,{...Us(c,d),connectionPolicyName:n,toolNamePrefix:U_(a.id)}),e}o(np,"mcpUpstreamConnectionPolicy");var s$=o(async(e,t,r,n)=>(ir("policy.inbound.mcp-upstream-connection"),np(e,t,r,n)),"McpUpstreamConnectionInboundPolicy");ue();ue();var O_="application/json",c$="application/x-www-form-urlencoded";function u$(e){return(e??"").split(";")[0]?.trim().toLowerCase()??""}o(u$,"normalizeContentType");function d$(e,t){return e===t?!0:t===O_&&e.endsWith("+json")}o(d$,"contentTypeMatches");function l$(e,t){if(!t||t.length===0)return;let r=u$(e.headers.get("content-type"));if(!t.some(n=>d$(r,n)))throw g("invalid_request",`Request body must be ${t.join(" or ")}.`)}o(l$,"assertExpectedContentType");function p$(e,t,r){let n=e.headers.get("content-length");if(!n)return;let a=Number.parseInt(n,10);if(Number.isFinite(a)&&a>t)throw g("invalid_request",`${r} exceeded the maximum allowed size.`)}o(p$,"assertContentLengthWithinLimit");async function $_(e,t){let r=t.label??"Request body";l$(e,t.expectedContentTypes),p$(e,t.maxBytes,r);let n=await Rs(e.body,{maxBytes:t.maxBytes,createLimitError:o(()=>g("invalid_request",`${r} exceeded the maximum allowed size.`),"createLimitError")});return new TextDecoder().decode(n)}o($_,"readBoundedTextBody");async function z_(e,t){let r=await $_(e,{...t,expectedContentTypes:[O_]});try{return JSON.parse(r)}catch(n){throw g("invalid_request","Request body must be valid JSON.",n)}}o(z_,"readBoundedJsonBody");async function Os(e,t){let r=await $_(e,{...t,expectedContentTypes:[c$]});return new URLSearchParams(r)}o(Os,"readBoundedFormUrlEncodedBody");var M_=Symbol("Html");function m$(e){return e.replaceAll("&","&amp;").replaceAll("<","&lt;").replaceAll(">","&gt;").replaceAll('"',"&quot;").replaceAll("'","&#39;")}o(m$,"escapeHtml");function f$(e){return e===null||typeof e!="object"?!1:e[M_]===!0}o(f$,"isHtml");function q_(e){return e==null||e===!1?"":Array.isArray(e)?e.map(q_).join(""):f$(e)?e.value:m$(String(e))}o(q_,"renderValue");function er(e){return{[M_]:!0,value:e}}o(er,"trustedHtml");var _e=er("");function T(e,...t){let r=e[0]??"";for(let n=0;n<t.length;n+=1)r+=q_(t[n]),r+=e[n+1]??"";return er(r)}o(T,"html");function tr(e){return e.value}o(tr,"renderHtml");var rr=er('*,:before,:after{box-sizing:border-box}:root{--bg:#f5f6f8;--surface:#fff;--surface-2:#f8fafc;--border:#e5e7eb;--border-strong:#d1d5db;--text:#0f172a;--text-2:#475569;--text-3:#64748b;--text-muted:#94a3b8;--accent:#0f172a;--accent-hover:#1e293b;--accent-text:#fff;--focus-ring:#0f172a29;--danger:#b91c1c;--danger-bg:#b91c1c0f;--danger-border:#b91c1c38;--warning:#92400e;--warning-bg:#fffbeb;--warning-border:#fde68a;--success:#15803d;--success-bg:#f0fdf4;--success-border:#bbf7d0;--radius-sm:4px;--radius:8px;--radius-lg:12px;--radius-pill:9999px;--shadow-sm:0 1px 2px #0f172a0d;--shadow:0 1px 2px #0f172a0a,0 6px 16px #0f172a0f;--font-sans:-apple-system,BlinkMacSystemFont,"Segoe UI",Inter,system-ui,sans-serif;--font-mono:ui-monospace,SFMono-Regular,"SF Mono",Menlo,Monaco,Consolas,monospace}@media (prefers-color-scheme:dark){:root{--bg:#0a0c10;--surface:#15171c;--surface-2:#1e2128;--border:#262932;--border-strong:#3a3e48;--text:#fafafa;--text-2:#cbd5e1;--text-3:#94a3b8;--text-muted:#71717a;--accent:#fafafa;--accent-hover:#e4e4e7;--accent-text:#0a0c10;--focus-ring:#fafafa2e;--danger:#f87171;--danger-bg:#f8717114;--danger-border:#f871714d;--warning:#fbbf24;--warning-bg:#fbbf2414;--warning-border:#fbbf2447;--success:#34d399;--success-bg:#34d39914;--success-border:#34d3994d;--shadow-sm:0 1px 2px #0006;--shadow:0 1px 2px #0006,0 8px 24px #0006}}html,body{margin:0;padding:0}body{font-family:var(--font-sans);background:var(--bg);color:var(--text);-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;flex-direction:column;align-items:center;min-height:100dvh;padding:48px 20px;font-size:14px;line-height:1.5;display:flex}.card{background:var(--surface);border:1px solid var(--border);border-radius:var(--radius-lg);width:100%;max-width:480px;box-shadow:var(--shadow);overflow:hidden}.card__head{text-align:center;padding:32px 32px 24px}.card__icon{border-radius:var(--radius);background:var(--surface-2);object-fit:contain;border:1px solid var(--border);width:48px;height:48px;margin:0 auto 16px;display:block}.card__title{letter-spacing:-.01em;color:var(--text);margin:0;font-size:20px;font-weight:600;line-height:1.3}.card__subtitle{color:var(--text-2);margin:8px 0 0;font-size:14px;line-height:1.55}.card__subtitle strong{color:var(--text);font-weight:600}.card__description{color:var(--text-3);margin:12px 0 0;font-size:13px;line-height:1.55}.card__principal{color:var(--text-3);background:var(--surface-2);border-radius:var(--radius-pill);text-overflow:ellipsis;white-space:nowrap;align-items:center;gap:6px;max-width:100%;margin:16px 0 0;padding:4px 12px;font-size:12.5px;display:inline-flex;overflow:hidden}.card__body{flex-direction:column;gap:20px;padding:8px 32px 24px;display:flex}.card__head+.card__body{border-top:1px solid var(--border);padding-top:24px}.card__footer{border-top:1px solid var(--border);background:var(--surface-2);flex-wrap:wrap;justify-content:flex-end;align-items:center;gap:8px;padding:16px 24px;display:flex}.card__fineprint{color:var(--text-3);text-align:center;margin:0;font-size:12.5px;line-height:1.5}.card__fineprint strong{color:var(--text-2);font-weight:600}.section-label{text-transform:uppercase;letter-spacing:.07em;color:var(--text-3);align-items:baseline;gap:6px;margin:0;font-size:11px;font-weight:600;display:flex}.section-label__count{color:var(--text-3);letter-spacing:0;font-weight:500}.banner{border-radius:var(--radius);border:1px solid;align-items:flex-start;gap:10px;padding:12px 14px;font-size:13px;display:flex}.banner__icon{flex-shrink:0;justify-content:center;align-items:center;width:16px;height:16px;margin-top:1px;display:inline-flex}.banner__body{flex-direction:column;flex:1;gap:2px;min-width:0;display:flex}.banner__title{color:var(--text);margin:0;font-size:13px;font-weight:600}.banner__message{color:var(--text-2);margin:0;font-size:13px;line-height:1.5}.banner--warning{background:var(--warning-bg);border-color:var(--warning-border)}.banner--warning .banner__icon{color:var(--warning)}.banner--alert{background:var(--danger-bg);border-color:var(--danger-border)}.banner--alert .banner__icon,.banner--alert .banner__title{color:var(--danger)}.upstream-list{flex-direction:column;gap:8px;margin:0;padding:0;list-style:none;display:flex}.upstream-card{background:var(--surface);border:1px solid var(--border);border-radius:var(--radius);flex-direction:column;gap:10px;padding:14px;display:flex}.upstream-card--needs-action{border-color:var(--warning-border);background:var(--warning-bg)}.upstream-card__head{align-items:flex-start;gap:10px;display:flex}.icon-frame{border-radius:var(--radius-sm);border:1px solid var(--border);background:var(--surface-2);width:32px;height:32px;color:var(--text-3);flex-shrink:0;justify-content:center;align-items:center;display:inline-flex;overflow:hidden}.icon-frame img{object-fit:contain;max-width:100%;max-height:100%}.icon-frame--fallback svg{width:18px;height:18px}.inline-icon{object-fit:contain;vertical-align:-2px;border-radius:2px;width:14px;height:14px;margin-right:4px}.upstream-card__main{flex-direction:column;flex:1;gap:3px;min-width:0;display:flex}.upstream-card__title-row{justify-content:space-between;align-items:center;gap:10px;min-width:0;display:flex}.upstream-card__title{color:var(--text);letter-spacing:-.005em;text-overflow:ellipsis;white-space:nowrap;flex:1;min-width:0;margin:0;font-size:14px;font-weight:600;line-height:1.3;overflow:hidden}.upstream-card__meta{color:var(--text-3);flex-wrap:wrap;align-items:center;gap:6px;font-size:12px;display:flex}.upstream-card__host{font-family:var(--font-mono);background:var(--surface-2);color:var(--text-2);border-radius:var(--radius-sm);padding:1px 6px;font-size:11.5px}.upstream-card__sep{color:var(--border-strong)}.upstream-card__description{color:var(--text-2);margin:4px 0 0;font-size:12.5px;line-height:1.5}.status-badge{border-radius:var(--radius-pill);white-space:nowrap;border:1px solid #0000;flex-shrink:0;align-items:center;gap:6px;padding:2px 8px;font-size:11.5px;font-weight:600;display:inline-flex}.status-badge:before{content:"";background:currentColor;border-radius:50%;flex-shrink:0;width:5px;height:5px}.status-badge--success{background:var(--success-bg);color:var(--success);border-color:var(--success-border)}.status-badge--warning{background:var(--warning-bg);color:var(--warning);border-color:var(--warning-border)}.status-badge--neutral{background:var(--surface-2);color:var(--text-2);border-color:var(--border)}.upstream-card__capabilities,.upstream-card__scopes{border-top:1px solid var(--border);margin-top:2px;padding-top:10px}.upstream-card__capabilities--empty{color:var(--text-3);font-size:12px;font-style:italic}.capabilities-summary,.scopes-summary{cursor:pointer;user-select:none;color:var(--text-2);justify-content:space-between;align-items:center;gap:12px;padding:2px 0;font-size:12.5px;list-style:none;display:flex}.capabilities-summary::-webkit-details-marker,.scopes-summary::-webkit-details-marker{display:none}.capabilities-summary:hover,.scopes-summary:hover{color:var(--text)}.capabilities-summary:focus-visible,.scopes-summary:focus-visible{outline:2px solid var(--accent);outline-offset:2px;border-radius:var(--radius-sm)}.capabilities-summary__counts{flex-wrap:wrap;align-items:center;gap:12px;display:flex}.count-pill{color:var(--text-2);align-items:baseline;gap:4px;font-size:12.5px;display:inline-flex}.count-pill__num{font-variant-numeric:tabular-nums;color:var(--text);font-size:13px;font-weight:600}.count-pill--destructive .count-pill__num,.count-pill--destructive .count-pill__label{color:var(--danger)}.capabilities-summary__chevron{color:var(--text-3);flex-shrink:0;transition:transform .15s;display:inline-flex}details[open]>.capabilities-summary .capabilities-summary__chevron,details[open]>.scopes-summary .capabilities-summary__chevron{transform:rotate(180deg)}.capabilities-detail{margin-top:10px}.capability-section{margin-top:14px}.capability-section:first-child{margin-top:6px}.capability-section__title{text-transform:uppercase;letter-spacing:.07em;color:var(--text-3);margin:0 0 6px;font-size:11px;font-weight:600}.capability-list{flex-direction:column;gap:5px;margin:0;padding:0;font-size:12.5px;list-style:none;display:flex}.capability-row{flex-wrap:wrap;align-items:baseline;gap:6px;padding:2px 0;display:flex}.capability-row__name{font-weight:500;font-family:var(--font-mono);color:var(--text);font-size:12.5px}.capability-row__description{color:var(--text-3);flex-basis:100%;font-size:12px;line-height:1.45}.capability-row__description code{font-family:var(--font-mono);background:var(--surface-2);border-radius:var(--radius-sm);color:var(--text-2);padding:1px 4px}.capability-row--more{color:var(--text-3);font-size:12px;font-style:italic}.scopes-list{flex-wrap:wrap;gap:4px;margin-top:8px;display:flex}.scope-chip{font-family:var(--font-mono);background:var(--surface-2);color:var(--text-2);border-radius:var(--radius-sm);border:1px solid var(--border);padding:2px 7px;font-size:11.5px}.badge{border-radius:var(--radius-sm);letter-spacing:.04em;text-transform:uppercase;align-items:center;padding:1px 5px;font-size:10px;font-weight:600;display:inline-flex}.badge--destructive{background:var(--danger-bg);color:var(--danger)}.badge--muted{background:var(--surface-2);color:var(--text-3)}.badge-row{flex-wrap:wrap;gap:4px;display:inline-flex}.muted{color:var(--text-3)}.button{font:inherit;border-radius:var(--radius);cursor:pointer;white-space:nowrap;border:1px solid #0000;justify-content:center;align-items:center;gap:6px;padding:9px 16px;font-size:14px;font-weight:500;text-decoration:none;transition:background .12s,border-color .12s,color .12s,box-shadow .12s,transform 40ms;display:inline-flex}.button:active{transform:translateY(1px)}.button:focus-visible{box-shadow:0 0 0 3px var(--focus-ring);outline:0}.button--small{padding:5px 10px;font-size:12.5px}.button--primary{background:var(--accent);color:var(--accent-text);border-color:var(--accent)}.button--primary:hover:not(:disabled):not([aria-disabled=true]){background:var(--accent-hover);border-color:var(--accent-hover)}.button:disabled,.button[aria-disabled=true]{cursor:not-allowed;opacity:.55}.button:disabled:hover,.button[aria-disabled=true]:hover{background:var(--accent);border-color:var(--accent)}.button--secondary{background:var(--surface);color:var(--text);border-color:var(--border-strong)}.button--secondary:hover{background:var(--surface-2);border-color:var(--border-strong)}.button--block{width:100%}.form{flex-direction:column;gap:6px;display:flex}.form__label{color:var(--text);margin:8px 0 0;font-size:13px;font-weight:600;display:block}.form__label:first-child{margin-top:0}.form__input{box-sizing:border-box;border:1px solid var(--border-strong);border-radius:var(--radius);width:100%;font:inherit;background:var(--surface);color:var(--text);padding:9px 12px;font-size:14px;transition:border-color .12s,box-shadow .12s}.form__input:focus{border-color:var(--accent);box-shadow:0 0 0 3px var(--focus-ring);outline:0}.form__note{color:var(--text-3);margin:4px 0 0;font-size:12.5px;line-height:1.5}.form__submit{margin-top:8px}.empty{text-align:center;color:var(--text-3);border:1px dashed var(--border);border-radius:var(--radius);background:var(--surface);padding:24px 16px;font-size:13px}.actions{gap:8px;margin:0;display:flex}@media (width<=480px){body{padding:0}.card{box-shadow:none;border-left:0;border-right:0;border-radius:0;min-height:100dvh}.card__head{padding:24px 20px 16px}.card__body{padding:16px 20px}.card__footer{flex-direction:column-reverse;align-items:stretch;padding:14px 20px}.card__footer .button{width:100%}}@media (prefers-reduced-motion:reduce){*{transition:none!important}}');function nr(e){return T`<!doctype html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><meta name="referrer" content="no-referrer" /><meta name="robots" content="noindex" /><title>${e.title}</title><link rel="icon" type="image/png" href="https://www.google.com/s2/favicons?domain=${e.host}&sz=64" /><style>
52
51
  ${e.styles}
53
- </style></head><body><main class="card"><header class="card__head"><img class="card__icon" src="https://www.google.com/s2/favicons?domain=${e.host}&sz=64" alt="" width="48" height="48" referrerpolicy="no-referrer" /><h1 class="card__title">${e.heading}</h1>${e.subhead}</header><div class="card__body">${e.body}</div>${e.footer}</main></body></html>`}o(or,"renderShell");function H_(e){return k`<form class="actions" method="post" action="/oauth/setup"><input type="hidden" name="state" value="${e.state}" /><button class="button button--secondary" type="submit" name="decision" value="cancel" formnovalidate >Cancel</button><button class="button button--primary" type="submit" name="decision" value="approve" ${e.authorizeAttrs} >Authorize</button></form>`}o(H_,"renderActions");var L_=tr('<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><circle cx="8" cy="8" r="6.5"/><line x1="8" y1="4.6" x2="8" y2="8.4"/><circle cx="8" cy="11" r=".7" fill="currentColor" stroke="none"/></svg>');function B_(){return k`<p>The API key could not be verified. Start the authorization flow again to try
54
- once more.</p>`}o(B_,"renderApiKeyLoginFailure");function G_(e){return k`<form class="form" method="post" action="/oauth/api-key-login" autocomplete="off" ><input type="hidden" name="state" value="${e.state}" /><label class="form__label" for="apiKey">API key</label><input class="form__input" id="apiKey" name="apiKey" type="password" required autocomplete="off" /><button class="button button--primary button--block form__submit" type="submit" >Continue</button></form>`}o(G_,"renderApiKeyLoginForm");function V_(e){return k`<div class="banner banner--alert" role="alert"><span class="banner__icon" aria-hidden="true">${e.icon}</span><div class="banner__body"><p class="banner__title">${e.title}</p><p class="banner__message">${e.message}</p></div></div>`}o(V_,"renderBannerAlert");function F_(e){return k`<div class="banner banner--warning" role="status"><span class="banner__icon" aria-hidden="true">${e.icon}</span><div class="banner__body"><p class="banner__title">Setup required</p><p class="banner__message">${e.message}</p></div></div>`}o(F_,"renderBannerWarning");function Z_(e){return k`<section class="capability-section"><h4 class="capability-section__title">${e.label} <span class="muted">(${e.total})</span></h4><ul class="capability-list">${e.rows}${e.moreLine}</ul></section>`}o(Z_,"renderCapabilitySection");var ap=tr('<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="14" height="14" fill="none" stroke="currentColor" stroke-width="1.8" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M4 6.5l4 4 4-4"/></svg>'),ip=tr('<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.6" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><rect x="3" y="4" width="18" height="7" rx="1.5"/><rect x="3" y="13" width="18" height="7" rx="1.5"/><circle cx="7" cy="7.5" r=".75" fill="currentColor" stroke="none"/><circle cx="7" cy="16.5" r=".75" fill="currentColor" stroke="none"/></svg>');function K_(e){return k`${e.banner}<section class="upstreams"><header class="section-label">Upstream services <span class="section-label__count">${e.sectionCount}</span></header><ul class="upstream-list">${e.cards}</ul></section>${e.fineprint}`}o(K_,"renderSetupPage");function W_(e){return k`<article class="${e.cardClass}"><div class="upstream-card__head">${e.iconFrame}<div class="upstream-card__main"><div class="upstream-card__title-row"><h3 class="upstream-card__title">${e.upstreamDisplayName}</h3>${e.control}</div><div class="upstream-card__meta">${e.host}<span>${e.authModeLabel}</span><span class="upstream-card__sep" aria-hidden="true">·</span><span>${e.ownerModeLabel}</span></div>${e.description}</div></div>${e.capabilities} ${e.scopes}</article>`}o(W_,"renderUpstreamCard");var J_=tr('<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M7.13 2.46 1.39 12.5a1 1 0 0 0 .87 1.5h11.48a1 1 0 0 0 .87-1.5L8.87 2.46a1 1 0 0 0-1.74 0Z"/><line x1="8" y1="6" x2="8" y2="9.4"/><circle cx="8" cy="11.4" r=".7" fill="currentColor" stroke="none"/></svg>');var b$="text/html; charset=utf-8";function Y_(e,t=200){return new Response(rr(e),{status:t,headers:{"content-type":b$,"cache-control":"no-store","referrer-policy":"no-referrer","x-frame-options":"DENY"}})}o(Y_,"apiKeyLoginHtmlResponse");function sp(e,t=401){return Y_(or({title:"Sign-in failed",host:e,styles:nr,heading:"Sign-in failed",subhead:"",body:B_(),footer:""}),t)}o(sp,"apiKeyLoginFailureResponse");function Q_(e,t){return Y_(or({title:"Sign in",host:e,styles:nr,heading:"Sign in",subhead:k`<p class="card__subtitle">Enter your API key to continue.</p>`,body:G_({state:t}),footer:""}))}o(Q_,"renderApiKeyLoginForm");ie();ie();import{errors as uw,jwtVerify as dw,SignJWT as lw}from"jose";ie();import{errors as $$,jwtVerify as z$,SignJWT as M$}from"jose";function kr(e){let t=xe().browserLogin[e];if(typeof t=="string"&&t.length>0)return t;throw g("internal_server_error",`browserLogin.${e} is required for federated browser login. Set it on the mcp-oauth-inbound policy options.`)}o(kr,"requireBrowserLoginField");ie();import{createRemoteJWKSet as C$,errors as Ia,jwtVerify as I$}from"jose";var P$=u.object({id_token:u.string().min(1),token_type:u.string().min(1).optional(),expires_in:u.number().optional(),access_token:u.string().min(1).optional(),refresh_token:u.string().min(1).optional(),scope:u.string().min(1).optional()}),x$=u.object({error:u.string().min(1).optional(),error_description:u.string().min(1).optional(),error_uri:u.string().min(1).optional()});function A$(e){let t=x$.safeParse(e);if(!t.success)return{};let r={};return t.data.error!==void 0&&(r.idpError=t.data.error),t.data.error_description!==void 0&&(r.idpErrorDescription=t.data.error_description.slice(0,256)),t.data.error_uri!==void 0&&(r.idpErrorUri=t.data.error_uri.slice(0,256)),r}o(A$,"readIdpErrorFields");function T$(e){return e instanceof Ia.JWTExpired?"expired":e instanceof Ia.JWTClaimValidationFailed?"claim":e instanceof Ia.JWSSignatureVerificationFailed?"signature":e instanceof Ia.JWKSNoMatchingKey?"jwks_no_match":e instanceof Ia.JWTInvalid?"invalid":e instanceof u.ZodError?"schema":"other"}o(T$,"readJwtFailureKind");var k$=u.object({sub:Se,nonce:u.string().min(1)}).catchall(u.unknown()),cp;function E$(e){return e instanceof Error&&"cause"in e?e.cause:e}o(E$,"readErrorCause");function U$(e){if(e!==null&&typeof e=="object"&&"extensionMembers"in e)return e.extensionMembers?.gatewayCode}o(U$,"readRuntimeGatewayCode");function O$(){if(!cp){let e=xe();cp=C$(new URL(e.oidc.jwksUrl),{timeoutDuration:e.browserLogin.remoteTimeoutMs})}return cp}o(O$,"readFederatedJwks");async function X_(e){let t=xe(),r=kr("tokenUrl"),n=kr("clientId"),a=kr("clientSecret"),i=new URL("/oauth/callback",Ct(e.requestUrl)).toString(),s=new URLSearchParams({grant_type:"authorization_code",code:e.code,redirect_uri:i,client_id:n,client_secret:a});try{let{response:c,json:d}=await KS(r,{method:"POST",headers:{accept:"application/json","content-type":"application/x-www-form-urlencoded"},body:s},{maxResponseBytes:32768,problemCode:"browser_login_verification_failed",timeoutMs:t.browserLogin.remoteTimeoutMs,...e.context===void 0?{}:{context:e.context}});if(!c.ok){let h=A$(d);throw e.context?.log.warn({event:"federated_token_exchange_failed",code:"provider_access_denied",idpHost:mt(r),idpStatus:c.status,...h},"Federated browser login token exchange returned non-2xx from the identity provider"),g({code:"provider_access_denied",privateDetail:"Federated browser login token exchange failed.",cause:new Error(`IdP token exchange failed (status=${c.status}${h.idpError?` idp_error=${h.idpError}`:""}${h.idpErrorDescription?` idp_error_description=${h.idpErrorDescription}`:""})`)})}let p=P$.parse(d),l;try{({payload:l}=await I$(p.id_token,O$(),{issuer:t.oidc.issuer,audience:n}))}catch(h){let y={};throw Oe(y,"error",h),e.context?.log.warn({event:"federated_id_token_verification_failed",code:"browser_login_verification_failed",failureKind:T$(h),idpHost:mt(r),expectedIssuer:t.oidc.issuer,...y},"Federated id_token failed jose verification"),h}if(l.nonce!==e.nonce)throw e.context?.log.warn({event:"federated_nonce_mismatch",code:"oauth_callback_mismatch",idpHost:mt(r),nonceMissingFromIdToken:l.nonce===void 0},"Federated id_token nonce did not match the signed gateway state"),g("oauth_callback_mismatch","Federated browser login nonce did not match the signed gateway state.");let m=k$.parse(l);return jn({sub:m.sub,data:m},e.requestUrl)}catch(c){let d=he(c)??U$(c);throw d!==void 0&&d!=="browser_login_verification_failed"?c:g("browser_login_verification_failed","Federated browser login callback could not be verified.",E$(c))}}o(X_,"exchangeFederatedAuthorizationCode");var dp="zuplo_mcp_session",ew="HS256",tw="zuplo-mcp-gateway",rw="zuplo-mcp-gateway",q$=u.object({purpose:u.literal("gateway_browser_session"),sub:Se,browserLoginOrigin:u.string().min(1),roles:u.array(u.string().min(1)).optional(),exp:u.number().int().positive(),iat:u.number().int().positive().optional()});function N$(e){let t=new Map;if(!e)return t;for(let r of e.split(";")){let n=r.indexOf("=");if(n<0)continue;let a=r.slice(0,n).trim(),i=r.slice(n+1).trim();if(a)try{t.set(a,decodeURIComponent(i))}catch{t.set(a,i)}}return t}o(N$,"parseCookieHeader");async function nw(){return zt({purpose:"browser-session",envVar:"OAUTH_STATE_SIGNING_KEY",derive:o(e=>Pr(e,"browser-session"),"derive")})}o(nw,"getBrowserSessionKey");function up(e){let t=new URL(ce(e)),r=[`${dp}=`,"Path=/","HttpOnly","SameSite=Lax","Max-Age=0"];return t.protocol==="https:"&&r.push("Secure"),r.join("; ")}o(up,"buildBrowserSessionEvictionCookie");function j$(e){let t=new URL(ce(e.requestUrl)),r=[`${dp}=${encodeURIComponent(e.value)}`,"Path=/","HttpOnly","SameSite=Lax",`Max-Age=${e.ttlSeconds}`];return t.protocol==="https:"&&r.push("Secure"),r.join("; ")}o(j$,"serializeSessionCookie");function ow(e={}){return new URL(kr("url")).origin}o(ow,"readBrowserLoginOrigin");function lp(){return xe().browserLogin.stateTtlSeconds}o(lp,"readBrowserLoginStateTtlSeconds");function aw(e){if(!e.user)throw g("authentication_required","The browser login callback did not include an authenticated Zuplo principal.");return jn(e.user,e.url)}o(aw,"resolveCurrentRequestPrincipal");async function $s(e,t={}){let r=N$(e.headers.get("cookie")).get(dp);if(!r)return{};try{let{payload:n}=await z$(r,await nw(),{algorithms:[ew],issuer:tw,audience:rw}),a=q$.parse(n);if(a.browserLoginOrigin!==ow(t))return{evictCookie:up(e.url)};let i={subjectId:a.sub};return a.roles&&a.roles.length>0&&(i.roles=a.roles),{principal:i}}catch(n){return n instanceof $$.JWTExpired?{evictCookie:up(e.url)}:(t.context?.log.warn({event:"browser_session_verification_failed",errorName:n instanceof Error?n.name:"unknown",errorMessage:n instanceof Error?n.message:"verification failed"},"Browser session JWT verification failed"),{evictCookie:up(e.url)})}}o($s,"readBrowserSession");async function Pa(e){let t=xe().browserLogin.sessionTtlSeconds,r={purpose:"gateway_browser_session",sub:e.principal.subjectId,browserLoginOrigin:ow({virtualServerId:e.virtualServerId})};e.principal.roles&&(r.roles=e.principal.roles);let n=await new M$(r).setProtectedHeader({alg:ew,typ:"JWT"}).setIssuer(tw).setAudience(rw).setIssuedAt().setExpirationTime(Math.floor(Date.now()/1e3)+t).sign(await nw());return j$({value:n,requestUrl:e.requestUrl,ttlSeconds:t})}o(Pa,"createBrowserSessionCookie");async function iw(e){throw g("forbidden","API-key browser login is not supported in this gateway.")}o(iw,"resolveApiKeyBrowserLoginPrincipal");async function sw(e){let t={};e.context!==void 0&&(t.context=e.context);let r=await $s(e.request,t);if(r.principal)return r.principal;let n=typeof e.request.query.code=="string"?e.request.query.code:void 0;if(!n)throw g("oauth_callback_mismatch","Federated browser login callback is missing an authorization code.");return X_({code:n,nonce:e.stateId,requestUrl:e.request.url,...e.context===void 0?{}:{context:e.context}})}o(sw,"resolveBrowserLoginCallbackPrincipal");function cw(e){let t=xe().browserLogin,r=new URL(kr("url")),n=new URL("/oauth/callback",Ct(e.requestUrl));return Vg(r)?(r.searchParams.set("redirect_uri",n.toString()),r.searchParams.set("state",e.state),r):(r.searchParams.set("response_type","code"),r.searchParams.set("client_id",kr("clientId")),r.searchParams.set("redirect_uri",n.toString()),r.searchParams.set("scope",t.scope),r.searchParams.set("state",e.state),r.searchParams.set("nonce",e.nonce),t.audience&&r.searchParams.set("audience",t.audience),r)}o(cw,"buildBrowserLoginUrl");var D$={invalid_request:400,invalid_client:401,invalid_grant:400,invalid_target:400,unsupported_grant_type:400,server_error:500,invalid_redirect_uri:400,invalid_client_metadata:400},G=class extends Error{static{o(this,"OAuthProtocolError")}errorCode;status;constructor(t,r,n=D$[t],a){super(r,a),this.name="OAuthProtocolError",this.errorCode=t,this.status=n}};var H$=5*60,zs="HS256",Ms="zuplo-mcp-gateway",qs="zuplo-mcp-gateway",L$=u.object({purpose:u.literal("gateway_browser_login"),transactionId:yt,stateId:os,exp:u.number().int().positive(),iat:u.number().int().positive().optional()}),B$=u.object({purpose:u.literal("gateway_authorization_setup"),transactionId:yt,stateId:os,exp:u.number().int().positive(),iat:u.number().int().positive().optional()});async function pw(){return zt({purpose:"browser-login",envVar:"OAUTH_STATE_SIGNING_KEY",derive:o(e=>Pr(e,"browser-login"),"derive")})}o(pw,"getBrowserLoginKey");async function mw(){return zt({purpose:"authorization-csrf",envVar:"OAUTH_STATE_SIGNING_KEY",derive:o(e=>Pr(e,"authorization-csrf"),"derive")})}o(mw,"getCsrfKey");function fw(e){return{now:e.now??new Date,ttlSeconds:lp()}}o(fw,"readPendingTransactionDependencies");function G$(e,t){return e.subjectId===t.subjectId}o(G$,"principalsMatch");function hw(e){return{subjectId:e.subjectId,...e.roles===void 0?{}:{roles:e.roles}}}o(hw,"toPendingPrincipal");function gw(e){let t={id:e.id,currentStateHash:e.currentStateHash,clientId:e.transaction.clientId,redirectUri:e.transaction.redirectUri,resource:e.transaction.resource,virtualServerId:e.transaction.virtualServerId,scope:e.transaction.scope,codeChallenge:e.transaction.codeChallenge,codeChallengeMethod:e.transaction.codeChallengeMethod,createdAt:ne(e.now),expiresAt:ne(Jt(e.now,e.ttlSeconds)),...e.transaction.clientState===void 0?{}:{clientState:e.transaction.clientState}};if(e.phase==="awaiting_login")return{...t,phase:"awaiting_login"};if(!e.principal)throw g("identity_context_missing","Authorization setup requires a principal.");return{...t,phase:"awaiting_setup",principal:hw(e.principal)}}o(gw,"createTransactionRecord");async function yw(e){let{id:t,...r}=e.record,n=await J().startAuthorization({...r,transactionId:t,...e.client===void 0?{}:{client:e.client}});switch(n.kind){case"started":return n.transaction;case"already_exists":throw g("oauth_state_reused","Authorization transaction state already exists.");case"invalid_client":throw new G("invalid_client","OAuth client is not registered.");case"redirect_uri_mismatch":throw new G("invalid_request","redirect_uri is not registered for the client.")}}o(yw,"startPendingTransaction");async function V$(e){return new lw({purpose:"gateway_browser_login",transactionId:e.transactionId,stateId:e.stateId}).setProtectedHeader({alg:zs,typ:"JWT"}).setIssuer(Ms).setAudience(qs).setIssuedAt().setExpirationTime(Math.floor(Date.now()/1e3)+e.ttlSeconds).sign(await pw())}o(V$,"signBrowserLoginState");async function Sw(e){return new lw({purpose:"gateway_authorization_setup",transactionId:e.transactionId,stateId:nl()}).setProtectedHeader({alg:zs,typ:"JWT"}).setIssuer(Ms).setAudience(qs).setIssuedAt().setExpirationTime(Math.floor(Date.now()/1e3)+e.ttlSeconds).sign(await mw())}o(Sw,"signCsrfToken");async function Ns(e){try{let{payload:t}=await dw(e,await pw(),{algorithms:[zs],issuer:Ms,audience:qs}),r=L$.parse(t);return{transactionId:r.transactionId,stateId:r.stateId}}catch(t){throw t instanceof uw.JWTExpired?g("oauth_state_expired","Browser login state has expired.",t):g("oauth_state_invalid","Browser login state could not be verified.",t)}}o(Ns,"verifyBrowserLoginStateToken");async function pp(e){try{let{payload:t}=await dw(e,await mw(),{algorithms:[zs],issuer:Ms,audience:qs});return{transactionId:B$.parse(t).transactionId}}catch(t){throw t instanceof uw.JWTExpired?g("oauth_state_expired","Authorization setup state has expired.",t):g("oauth_state_invalid","Authorization setup state could not be verified.",t)}}o(pp,"verifyCsrfToken");function js(e){return e==="consumed"||e==="consumed_already"||e==="stale_hash"?"oauth_state_reused":e==="expired"?"oauth_state_expired":"oauth_state_invalid"}o(js,"pendingStateErrorCode");function _w(e){return e.kind==="available"?{kind:"available",record:e.transaction}:e}o(_w,"toPendingAuthorizationGetResult");function F$(e){return e.kind==="advanced"?{kind:"advanced",record:e.transaction}:e}o(F$,"toPendingAuthorizationAdvanceResult");function ww(e){return e==="principal_mismatch"?"oauth_callback_mismatch":js(e==="consumed_already"?"consumed_already":e)}o(ww,"setupDecisionErrorCode");function Z$(e){if(e.kind!=="available")throw g(js(e.kind),"Authorization setup state is invalid, expired, or already used.");if(e.record.phase!=="awaiting_setup")throw g("oauth_state_invalid","Authorization setup state is not in the setup phase.");return e.record}o(Z$,"requireAwaitingSetup");function K$(e){if(e.kind!=="available")throw g(js(e.kind),"Browser login state is invalid, expired, or already used.");if(e.record.phase!=="awaiting_login")throw g("oauth_state_invalid","Browser login state is not in the login phase.");return e.record}o(K$,"requireAwaitingLogin");function W$(e){if(!G$(e.currentBrowserPrincipal,e.transaction.principal))throw g("oauth_callback_mismatch","Authorization setup state does not match the current browser session.")}o(W$,"requireCurrentPrincipalMatches");async function vw(e){let t=e.now??new Date,r=lp(),n=rl(),a=nl(),i=await V$({transactionId:n,stateId:a,ttlSeconds:r}),s=gw({id:n,transaction:e.transaction,currentStateHash:await pe(i),phase:"awaiting_login",now:t,ttlSeconds:r});if(s.phase!=="awaiting_login")throw g("oauth_state_invalid","Authorization transaction did not start in login phase.");let c=await yw({record:s,client:e.transaction.client});if(c.phase!=="awaiting_login")throw g("oauth_state_invalid","Authorization transaction did not start in login phase.");return{transaction:c,browserLoginStateToken:i,browserLoginUrl:cw({state:i,nonce:a,virtualServerId:s.virtualServerId,requestUrl:e.requestUrl})}}o(vw,"startAwaitingLogin");async function bw(e){let{now:t,ttlSeconds:r}=fw(e),n=rl(),a=await Sw({transactionId:n,ttlSeconds:r}),i=gw({id:n,transaction:e.transaction,currentStateHash:await pe(a),phase:"awaiting_setup",principal:e.principal,now:t,ttlSeconds:r});if(i.phase!=="awaiting_setup")throw g("oauth_state_invalid","Authorization transaction did not start in setup phase.");let s=await yw({record:i,client:e.transaction.client});if(s.phase!=="awaiting_setup")throw g("oauth_state_invalid","Authorization transaction did not start in setup phase.");return{transaction:s,csrfToken:a}}o(bw,"startAwaitingSetup");async function mp(e){let{now:t,ttlSeconds:r}=fw(e),n=await Ns(e.browserLoginStateToken),a=await Sw({transactionId:n.transactionId,ttlSeconds:r}),i=F$(await J().advancePendingAuthorization({transactionId:n.transactionId,expectedPhase:"awaiting_login",currentStateHash:await pe(e.browserLoginStateToken),nextStateHash:await pe(a),nextPhase:"awaiting_setup",principal:hw(e.principal),now:ne(t)}));if(i.kind!=="advanced")throw g(js(i.kind),"Browser login state is invalid, expired, or already used.");if(i.record.phase!=="awaiting_setup")throw g("oauth_state_invalid","Browser login did not advance to setup.");return{transaction:i.record,csrfToken:a}}o(mp,"completeLogin");async function Rw(e){let t=e.now??new Date,r=await Ns(e.browserLoginStateToken);return K$(_w(await J().readPendingAuthorization({transactionId:r.transactionId,currentStateHash:await pe(e.browserLoginStateToken),now:ne(t)})))}o(Rw,"getAwaitingLogin");async function Cw(e){let t=await fp(e);return W$({transaction:t,currentBrowserPrincipal:e.currentBrowserPrincipal}),t}o(Cw,"getSetup");async function fp(e){let t=e.now??new Date,r=await pp(e.csrfToken);return Z$(_w(await J().readPendingAuthorization({transactionId:r.transactionId,currentStateHash:await pe(e.csrfToken),now:ne(t)})))}o(fp,"getSetupTransaction");async function J$(e){let t=await pp(e.csrfToken),r=Yt(),n=ne(Jt(e.now,H$)),a=await J().decideAuthorizationSetup({decision:"approve",transactionId:t.transactionId,currentStateHash:await pe(e.csrfToken),currentPrincipal:{subjectId:e.currentBrowserPrincipal.subjectId},authorizationCodeHash:await pe(r),authorizationCodeExpiresAt:n,grantId:Bg(),now:ne(e.now)});if(a.kind!=="approved")throw g(a.kind==="cancelled"?"oauth_state_invalid":ww(a.kind),"Authorization setup state is invalid, expired, or already used.");let i=new URL(a.transaction.redirectUri);return i.searchParams.set("code",r),a.transaction.clientState&&i.searchParams.set("state",a.transaction.clientState),i}o(J$,"createAuthorizationCodeRedirectWithDecision");async function Y$(e){let t=await pp(e.csrfToken),r=await J().decideAuthorizationSetup({decision:"cancel",transactionId:t.transactionId,currentStateHash:await pe(e.csrfToken),currentPrincipal:{subjectId:e.currentBrowserPrincipal.subjectId},now:ne(e.now)});if(r.kind!=="cancelled")throw g(r.kind==="approved"?"oauth_state_invalid":ww(r.kind),"Authorization setup state is invalid, expired, or already used.");return Q$({redirectUri:r.transaction.redirectUri,clientState:r.transaction.clientState})}o(Y$,"createCancelRedirectWithDecision");function Q$(e){let t=new URL(e.redirectUri);return t.searchParams.set("error","access_denied"),t.searchParams.set("error_description","The user cancelled the MCP authorization request."),e.clientState!==void 0&&t.searchParams.set("state",e.clientState),t}o(Q$,"buildClientCancelRedirect");async function Iw(e){let t=e.now??new Date;return J$({csrfToken:e.csrfToken,currentBrowserPrincipal:e.currentBrowserPrincipal,now:t})}o(Iw,"approve");async function Pw(e){let t=e.now??new Date;return Y$({csrfToken:e.csrfToken,currentBrowserPrincipal:e.currentBrowserPrincipal,now:t})}o(Pw,"cancel");ie();var X$=1e4,ez=5*1024,tz=2,rz=90*24*60*60,hp=["authorization_code","refresh_token"],gp=["code"],nz=u.object({client_name:u.string().min(1).optional(),redirect_uris:u.array(u.string().min(1)).min(1),grant_types:u.array(u.enum(hp)).min(1).max(2).optional(),response_types:u.array(u.enum(gp)).min(1).max(1).optional(),scope:u.literal(ye).optional(),token_endpoint_auth_method:Qd.default("client_secret_basic")});function oz(e){try{let t=new URL(e);return t.protocol==="https:"&&t.pathname!=="/"}catch{return!1}}o(oz,"isCimdClientIdCandidate");function xa(e,t="invalid_request"){if(az(e))throw new G(t,"redirect_uris must not include raw whitespace or control characters.");let r;try{r=new URL(e)}catch{throw new G(t,"redirect_uris must be absolute URIs.")}if(r.hash||r.username||r.password)throw new G(t,"redirect_uris must not include credentials or fragments.");if(!(r.protocol==="https:"||Le(r)))throw new G(t,"redirect_uris must use HTTPS except loopback HTTP redirects for local clients.")}o(xa,"assertValidRedirectUri");function az(e){for(let t=0;t<e.length;t+=1){let r=e.charCodeAt(t);if(r<=32||r>=127&&r<=159)return!0}return!1}o(az,"hasForbiddenRawRedirectUriCharacter");async function iz(e){let{response:t,json:r}=await WS(e.initialUrl,{headers:{accept:"application/json"}},{maxRedirects:tz,maxResponseBytes:ez,timeoutMs:X$});if(!t.ok)throw g("invalid_request","CIMD metadata could not be fetched.");let n=Lg.parse(r);if(n.client_id!==e.clientId)throw g("invalid_request","Fetched CIMD client_id must exactly match the requested client_id.");if(n.token_endpoint_auth_method!=="none")throw g("invalid_request","CIMD clients must use token_endpoint_auth_method none until private_key_jwt is implemented.");return n}o(iz,"fetchCimdMetadata");async function sz(e){let t=bs(e),r=await iz({clientId:e,initialUrl:t});return{kind:"cimd",clientId:e,metadata:r}}o(sz,"resolveCimdClient");async function xw(e,t){let r=Be.parse(e);if(oz(r)){if(!xe().gateway.cimdEnabled)throw new G("invalid_client","OAuth client is not registered.");try{return await sz(r)}catch{throw new G("invalid_client","OAuth client is not registered.")}}let n=await J().readClient({clientId:r});if(n.kind==="found"){let a=n.client,i={kind:"dcr",clientId:r,metadata:{client_id:a.clientId,client_name:a.clientName,redirect_uris:a.redirectUris,token_endpoint_auth_method:a.tokenEndpointAuthMethod}};return a.hashedClientSecret&&(i.hashedClientSecret=a.hashedClientSecret),i}throw new G("invalid_client",r.startsWith("dcr:")?"Dynamic client is not registered. Re-run client registration before authorization.":"OAuth client is not registered.")}o(xw,"resolveClient");function Aw(e,t){if(!e.metadata.redirect_uris.some(r=>Gg(r,t)))throw g("invalid_request","redirect_uri is not registered for the client.")}o(Aw,"assertRedirectRegistered");function cz(e){let t=Tw(e.grant_types),r=e.response_types??[...gp];if(!uz(t))throw new G("invalid_client_metadata","grant_types must be a subset of authorization_code and refresh_token.");if(!dz(r))throw new G("invalid_client_metadata","response_types must be code.");if(!lz(e.scope))throw new G("invalid_client_metadata",`Only the ${ye} scope is supported.`)}o(cz,"assertSupportedDcrRequest");function Tw(e){return e===void 0?[...hp]:Array.from(new Set(e))}o(Tw,"normalizeGrantTypes");function uz(e){return e.length===0?!1:e.every(t=>hp.includes(t))}o(uz,"isSupportedGrantTypes");function dz(e){return e.length===gp.length&&e[0]==="code"}o(dz,"isSupportedResponseTypes");function lz(e){return e===void 0||e===ye}o(lz,"isSupportedDcrScope");function Aa(e){if(e===void 0||e===ye)return ye;throw new G("invalid_request",`Only the ${ye} scope is supported.`)}o(Aa,"assertSupportedOAuthScope");function eo(e,t){let r;try{r=new URL(t)}catch{throw new G("invalid_target","resource must be an absolute URI.")}if(r.hash)throw new G("invalid_target","resource must not include a fragment.");if(r.protocol!=="https:"&&!Le(r))throw new G("invalid_target","resource must use HTTPS except loopback HTTP resources in local development.");let n=ce(e),a=Cg(),i=a?[...a.byVirtualServerId.values()].find(s=>new URL(s.routePath,n).toString()===t):void 0;if(!i)throw new G("invalid_target","resource must match a published virtual MCP server.");return i}o(eo,"resolveResource");async function kw(e){let t;try{t=nz.parse(e)}catch(l){if(l instanceof u.ZodError){let m=l.issues.some(h=>h.path[0]==="redirect_uris");throw new G(m?"invalid_redirect_uri":"invalid_client_metadata",l.issues[0]?.message??"Client metadata is invalid.",void 0,{cause:l})}throw l}cz(t);for(let l of t.redirect_uris)xa(l,"invalid_redirect_uri");let r=new Date,n=Be.parse(`dcr:${crypto.randomUUID()}`),a=Jt(r,rz),i=Math.floor(r.getTime()/1e3),s=Math.floor(a.getTime()/1e3),c={client_id:n,client_name:t.client_name??"Dynamically registered MCP client",redirect_uris:t.redirect_uris,grant_types:Tw(t.grant_types),response_types:["code"],scope:ye,token_endpoint_auth_method:t.token_endpoint_auth_method,client_id_issued_at:i},d={clientId:n,clientName:String(c.client_name),redirectUris:t.redirect_uris,tokenEndpointAuthMethod:t.token_endpoint_auth_method,createdAt:ne(r),clientExpiresAt:ne(a)};if(t.token_endpoint_auth_method!=="none"){let l=Yt();d.hashedClientSecret=await pe(l),d.clientSecretExpiresAt=ne(a),c.client_secret=l,c.client_secret_expires_at=s,c.client_secret_issued_at=i}if((await J().registerClient(d)).kind==="already_exists")throw g("invalid_request","OAuth client is already registered.");return c}o(kw,"registerDownstreamClient");function pz(e){try{return new URL(e).host}catch{return""}}o(pz,"safeHostFromOrigin");var mz=8;function Sp(e){let t=e.trim();try{let r=new URL(t);if(r.protocol==="https:")return r.toString()}catch{}if(/^data:image\/(?:png|jpe?g|webp);/i.test(t))return t}o(Sp,"safeIconSrc");function fz(e,t){if(e)try{let r=new URL(t).origin,n=new URL(e,r);return n.origin!==r||!n.pathname.startsWith("/auth/connections/")?void 0:n.toString()}catch{return}}o(fz,"safeGatewayConnectHref");function hz(e){if(e==="any")return Number.POSITIVE_INFINITY;let t=/^(\d+)x(\d+)$/.exec(e);return t?Math.max(Number(t[1]),Number(t[2])):0}o(hz,"parseIconSize");function gz(e,t){let r=e.filter(a=>a.theme===t);if(r.length>0)return r;let n=e.filter(a=>a.theme===void 0);return n.length>0?n:e}o(gz,"selectIconCandidates");function yz(e){return Sp(e.src)?e.sizes&&e.sizes.length>0?Math.max(...e.sizes.map(hz)):0:-1}o(yz,"readIconScore");function Ew(e,t){if(!e||e.length===0)return;let r=gz(e,t),n,a=-1;for(let i of r){let s=yz(i);s>a&&(n=i,a=s)}return n}o(Ew,"pickIcon");function Sz(e,t){let r=Ew(e,"light");if(!r)return k`<span class="icon-frame icon-frame--fallback" aria-hidden="true">${ip}</span>`;let n=Sp(r.src);return n?k`<span class="icon-frame"><img src="${n}" alt="${t}" loading="lazy" decoding="async"></span>`:k`<span class="icon-frame icon-frame--fallback" aria-hidden="true">${ip}</span>`}o(Sz,"renderIconFrame");function Hs(e,t){let r=Ew(e,"light");if(!r)return _e;let n=Sp(r.src);return n?k`<img class="inline-icon" src="${n}" alt="${t}" loading="lazy" decoding="async">`:_e}o(Hs,"renderInlineIcon");function _z(e){switch(e){case"user":return"your account";case"shared":return"shared by your team";case"none":return"gateway-managed"}}o(_z,"ownerModeLabel");function wz(e){return e.endsWith("_oauth")||e==="oauth"?"OAuth":e.includes("static_secret")?"static credential":e.replaceAll("_"," ")}o(wz,"authModeLabel");function vz(e){switch(e){case"active":return k`<span class="status-badge status-badge--success">Connected</span>`;case"not_connected":return k`<span class="status-badge status-badge--neutral">Not connected</span>`;case"reconsent_required":return k`<span class="status-badge status-badge--warning">Reconnect required</span>`}}o(vz,"statusBadge");function bz(e){if(!e)return _e;let t=[];return e.destructiveHint&&t.push(k`<span class="badge badge--destructive" title="This tool may modify or delete data on your behalf.">destructive</span>`),e.readOnlyHint&&t.push(k`<span class="badge badge--muted" title="This tool only reads data and does not modify state.">read-only</span>`),e.openWorldHint&&t.push(k`<span class="badge badge--muted" title="This tool can access arbitrary URIs supplied at call time.">open-world</span>`),t.length>0?k`<span class="badge-row">${t}</span>`:_e}o(bz,"annotationBadges");function Uw(e){let t=0,r=0;for(let n of e.tools)n.annotations?.destructiveHint===!0&&(t+=1),n.annotations?.readOnlyHint===!0&&(r+=1);return{tools:e.tools.length,prompts:e.prompts.length,resources:e.resources.length,destructiveTools:t,readOnlyTools:r}}o(Uw,"summarizeCapabilities");function Rz(e){let t=e.annotations?.title??e.title??e.name,r=e.description?k`<span class="capability-row__description">${e.description}</span>`:_e;return k`<li class="capability-row">${Hs(e.icons,t)}<span class="capability-row__name">${t}</span>${bz(e.annotations)}${r}</li>`}o(Rz,"renderToolRow");function Cz(e){let t=e.title??e.name,r=e.description?k`<span class="capability-row__description">${e.description}</span>`:_e;return k`<li class="capability-row">${Hs(e.icons,t)}<span class="capability-row__name">${t}</span>${r}</li>`}o(Cz,"renderPromptRow");function Iz(e){let t=e.title??e.name,r=e.mimeType===void 0?_e:k` · ${e.mimeType}`,n=e.description===void 0?_e:k` — ${e.description}`,a=k`<span class="capability-row__description"><code>${e.uri}</code>${r}${n}</span>`;return k`<li class="capability-row">${Hs(e.icons,t)}<span class="capability-row__name">${t}</span>${a}</li>`}o(Iz,"renderResourceRow");function yp(e,t,r,n){if(t===0)return _e;let a=r.slice(0,mz),i=t-a.length,s=i>0?k`<li class="capability-row capability-row--more">+ ${i} more</li>`:_e;return Z_({label:e,total:t,rows:k`${a.map(n)}`,moreLine:s})}o(yp,"renderCapabilitySection");function Ds(e,t,r=!1){return r?k`<span class="count-pill count-pill--destructive"><span class="count-pill__num">${t}</span><span class="count-pill__label">${e}</span></span>`:k`<span class="count-pill"><span class="count-pill__num">${t}</span><span class="count-pill__label">${e}</span></span>`}o(Ds,"countPill");function Pz(e){let t=Uw(e);if(t.tools+t.prompts+t.resources===0)return k`<div class="upstream-card__capabilities upstream-card__capabilities--empty">No tools, prompts, or resources advertised.</div>`;let n=[];t.tools>0&&n.push(Ds(t.tools===1?"tool":"tools",t.tools)),t.prompts>0&&n.push(Ds(t.prompts===1?"prompt":"prompts",t.prompts)),t.resources>0&&n.push(Ds(t.resources===1?"resource":"resources",t.resources)),t.destructiveTools>0&&n.push(Ds("destructive",t.destructiveTools,!0));let a=[yp("Tools",t.tools,e.tools,Rz),yp("Prompts",t.prompts,e.prompts,Cz),yp("Resources",t.resources,e.resources,Iz)];return k`<details class="upstream-card__capabilities"><summary class="capabilities-summary"><span class="capabilities-summary__counts">${n}</span><span class="capabilities-summary__chevron" aria-hidden="true">${ap}</span></summary><div class="capabilities-detail">${a}</div></details>`}o(Pz,"renderUpstreamCapabilities");function xz(e){if(!e||e.length===0)return _e;let t=e.map(n=>k`<code class="scope-chip">${n}</code>`),r=e.length===1?"scope":"scopes";return k`<details class="upstream-card__scopes"><summary class="scopes-summary"><span>Requested ${r} <span class="muted">(${e.length})</span></span><span class="capabilities-summary__chevron" aria-hidden="true">${ap}</span></summary><div class="scopes-list">${t}</div></details>`}o(xz,"renderUpstreamScopes");function Az(e,t){if(e.ownerMode!=="user")return _e;let r=fz(e.connectUrl,t);if(!r)return _e;let n=e.status==="active"?"Redo auth":e.status==="reconsent_required"?"Reconnect":"Connect",a=e.status==="active"?"Reconnect this upstream account or approve updated scopes.":void 0;return k`<a class="button button--secondary button--small" href="${r}"${a===void 0?_e:k` title="${a}"`}>${n}</a>`}o(Az,"renderActionButton");function Tz(e,t){let r=Az(e,t);return rr(r)!==""?r:vz(e.status)}o(Tz,"renderUpstreamControl");function kz(e,t){let n=e.ownerMode==="user"&&e.status!=="active"?"upstream-card upstream-card--needs-action":"upstream-card",a=e.description?k`<p class="upstream-card__description">${e.description}</p>`:_e,i=e.transportHost?k`<code class="upstream-card__host">${e.transportHost}</code><span class="upstream-card__sep" aria-hidden="true">·</span>`:_e;return W_({cardClass:n,iconFrame:Sz(e.serverIcons,e.upstreamDisplayName),upstreamDisplayName:e.upstreamDisplayName,control:Tz(e,t),host:i,authModeLabel:wz(e.authMode),ownerModeLabel:_z(e.ownerMode),description:a,capabilities:Pz(e.capabilities),scopes:xz(e.scopesRequested)})}o(kz,"renderUpstreamCard");function Ez(e){return e.reduce((t,r)=>{let n=Uw(r.capabilities);return t.tools+=n.tools,t.prompts+=n.prompts,t.resources+=n.resources,t.destructiveTools+=n.destructiveTools,t.readOnlyTools+=n.readOnlyTools,t},{tools:0,prompts:0,resources:0,destructiveTools:0,readOnlyTools:0})}o(Ez,"aggregateCapabilities");function Uz(e){return e.some(r=>r.ownerMode==="user"&&r.status!=="active")?"setup":"grant"}o(Uz,"deriveMode");function Oz(e){if(e.mode==="setup"){let n=e.upstreams.filter(c=>c.ownerMode==="user"&&c.status!=="active"),a=n.length>0&&n.every(c=>c.status==="reconsent_required"),i=n.length===1?"the service":`the ${n.length} services`,s=a?k`Re-authorize ${i} below to refresh access. Authorization will continue automatically once each is ready.`:k`Connect ${i} below before continuing. Authorization will continue automatically once each is ready.`;return F_({icon:J_,message:s})}let t=Ez(e.upstreams);if(t.destructiveTools===0)return _e;let r=t.destructiveTools===1?"tool can":"tools can";return V_({icon:L_,title:k`${t.destructiveTools} ${r} modify or delete data`,message:k`Review the destructive tools below before authorizing <strong>${e.clientDisplayName}</strong>.`})}o(Oz,"renderBanner");function $z(e){let t=e.mode==="setup"?k`disabled aria-disabled="true" title="Connect the required upstream services first"`:_e;return H_({state:e.state,authorizeAttrs:t})}o($z,"renderActions");function _p(e){let t=Uz(e.upstreams),r=[...e.upstreams].sort((h,y)=>{let _=o(w=>w.ownerMode!=="user"?2:w.status==="active"?1:0,"blockedRank"),S=_(h)-_(y);return S!==0?S:h.upstreamDisplayName.localeCompare(y.upstreamDisplayName)}),n=Hs(e.virtualServerIcons,e.virtualServerDisplayName),a=Oz({mode:t,upstreams:r,clientDisplayName:e.clientDisplayName}),i=r.length===0?k`<li class="empty">This virtual server does not declare any upstream services.</li>`:k`${r.map(h=>k`<li>${kz(h,e.gatewayOrigin)}</li>`)}`,s=$z({mode:t,state:e.state}),c=t==="grant"?k`<p class="card__fineprint"><strong>${e.clientDisplayName}</strong> will receive a token scoped to <strong>${e.virtualServerDisplayName}</strong>. You can revoke access at any time.</p>`:k`<p class="card__fineprint">Authorization continues automatically once every required service is connected.</p>`,d=r.length>0?k`(${r.length})`:_e,p=k`<p class="card__subtitle"><strong>${e.clientDisplayName}</strong> wants to access <strong>${n}${e.virtualServerDisplayName}</strong></p>${e.virtualServerDescription?k`<p class="card__description">${e.virtualServerDescription}</p>`:_e}${e.principalLabel?k`<span class="card__principal" title="Signed in as ${e.principalLabel}">${e.principalLabel}</span>`:_e}`,l=K_({banner:a,sectionCount:d,cards:i,fineprint:c}),m=k`<footer class="card__footer">${s}</footer>`;return rr(or({title:`Authorize access \xB7 ${e.virtualServerDisplayName}`,host:pz(e.gatewayOrigin),styles:nr,heading:"Authorize access",subhead:p,body:l,footer:m}))}o(_p,"renderConsentPage");function zz(e){try{return new URL(e).host}catch{return}}o(zz,"safeUrlHost");function Mz(e){if(e.mode==="user_oauth"||e.mode==="shared-oauth")return e.oauth.scopes}o(Mz,"readOAuthScopes");function wp(e){return e!==void 0&&e.length>0}o(wp,"hasItems");function qz(e){let t=e.registeredConnection.config.serverInfo?.icons;if(wp(t))return t;let r=e.virtualServer.serverInfo?.icons;return e.virtualServer.connections.length===1&&wp(r)?r:void 0}o(qz,"readServerIcons");async function Nz(e){if(!(e.returnTo===void 0||!e.isUserOwned))return Pl({requestUrl:e.requestUrl,owner:e.userOwner,initiatedBySubjectId:e.transaction.principal.subjectId,upstreamServerId:e.registeredConnection.upstreamServerId,authProfileId:e.registeredConnection.authProfileId,virtualServerId:e.virtualServer.virtualServerId,returnTo:e.returnTo})}o(Nz,"readConnectUrl");function an(e,t){return t===void 0?{}:{[e]:t}}o(an,"optionalRequirementField");function jz(e){return e.isUserOwned?iy(e.connection):{connected:!0,status:"active"}}o(jz,"readSetupConnectionStatus");function Dz(e){let t=Mz(e);return wp(t)?t:void 0}o(Dz,"readScopesRequested");function Hz(e){return e.isUserOwned&&"updatedAt"in e.connectionStatus&&e.connectionStatus.updatedAt!==void 0?e.connectionStatus.updatedAt:void 0}o(Hz,"readUpdatedAt");function Lz(e){if(e.virtualServer.catalog.catalogSource!=="openapi")return{tools:[],prompts:[],resources:[]};let t=o(r=>r.upstreamPolicyName===e.registeredConnection.policyName,"ownsCapability");return{tools:e.virtualServer.catalog.tools.filter(r=>r.enabled!==!1&&t(r)).map(Wi),prompts:e.virtualServer.catalog.prompts.filter(r=>r.enabled!==!1&&t(r)).map(Ji),resources:e.virtualServer.catalog.resources.filter(r=>r.enabled!==!1&&t(r)).map(Yi)}}o(Lz,"readVirtualServerCapabilities");async function Bz(e){let{authConfig:t,authMode:r,config:n,upstreamServerId:a,authProfileId:i}=e.registeredConnection,s=ps(r),c=s==="user",d=jz({connection:e.connection,isUserOwned:c}),p=await Nz({...e,connected:d.connected,isUserOwned:c});return{upstreamServerId:a,authProfileId:i,authMode:r,ownerMode:s,upstreamDisplayName:n.displayName,status:d.status,connected:d.connected,capabilities:Lz({registeredConnection:e.registeredConnection,virtualServer:e.virtualServer}),...an("description",n.description),...an("transportHost",zz(n.transport.baseUrl)),...an("scopesRequested",Dz(t)),...an("serverIcons",qz({registeredConnection:e.registeredConnection,virtualServer:e.virtualServer})),...an("connectUrl",p),...an("updatedAt",Hz({connectionStatus:d,isUserOwned:c})),...an("expiresAt",e.connection?.expiresAt)}}o(Bz,"buildSetupRequirement");function Ow(e){let t=ht().byVirtualServerId.get(e);if(!t)throw g("unknown_virtual_server",`Unknown virtual server: ${e}`);return t}o(Ow,"requireVirtualServer");async function vp(e){let t=Ow(e.transaction.virtualServerId),r=Cr(e.transaction.principal.subjectId),n=[],a=new Map;for(let c of t.connections)ps(c.authMode)==="user"&&(a.set(c,n.length),n.push({owner:r,upstreamServerId:c.upstreamServerId,authProfileId:c.authProfileId}));let i=await J().batchGetUpstreamConnections(n),s=[];for(let c of t.connections){let d=ps(c.authMode)==="user",p=a.get(c);s.push(await Bz({connection:d&&p!==void 0?i[p]:void 0,registeredConnection:c,virtualServer:t,requestUrl:e.requestUrl,returnTo:e.returnTo,transaction:e.transaction,userOwner:r}))}return s}o(vp,"requirementsForSetup");function Gz(e){return e.virtualServer.serverInfo?.title??e.virtualServer.serverInfo?.name??e.virtualServer.virtualServerId}o(Gz,"readVirtualServerDisplayName");async function bp(e){let t=Ow(e.transaction.virtualServerId),r=Gz({virtualServer:t}),n=await J().readClient({clientId:e.transaction.clientId}),a=n.kind==="found"?n.client:void 0,i={gatewayOrigin:ce(e.requestUrl),virtualServerDisplayName:r,clientDisplayName:a?.clientName??String(e.transaction.clientId),principalLabel:e.transaction.principal.subjectId},s=t.serverInfo?.title;return s!==void 0&&s!==r&&(i.virtualServerDescription=s),i}o(bp,"consentContext");function $w(e){return e.some(t=>t.ownerMode==="user"&&t.status!=="active")}o($w,"hasUnresolvedUserUpstream");var Vz=["mcp_user"],Fz="dev-browser-user",Zz=["resource is required for /oauth/authorize.","MCP clients should start at the MCP server URL and follow its WWW-Authenticate resource_metadata link.","If your client reached this endpoint directly, use /oauth/authorize/mcp/{virtualServerId} or add resource={protected resource URI from protected-resource metadata}."].join(" "),Kz=u.object({response_type:u.literal("code"),client_id:u.string().min(1),redirect_uri:u.string().min(1),resource:u.url(),code_challenge:u.string().min(43),code_challenge_method:ts,state:u.string().min(1).optional(),scope:u.literal(ye).default(ye)}),Wz=u.enum(["continue","approve","cancel"]).default("continue"),Jz=u.object({state:u.string().min(1),decision:Wz}),Yz=u.object({state:u.string().min(1),apiKey:u.string().min(1)}),sn=class extends Error{static{o(this,"DownstreamAuthorizeRedirectError")}redirectUri;clientState;errorCode;errorDescription;constructor(t){super(t.errorDescription?`${t.errorCode}: ${t.errorDescription}`:t.errorCode,t.cause===void 0?void 0:{cause:t.cause}),this.name="DownstreamAuthorizeRedirectError",this.redirectUri=t.redirectUri,this.clientState=t.clientState,this.errorCode=t.errorCode,this.errorDescription=t.errorDescription}};function zw(e){return typeof e=="string"&&e.length>0?e:void 0}o(zw,"readQueryString");function Qz(e,t){let r=zw(e.query.resource);if(t===void 0){if(r!==void 0)return r;throw new G("invalid_target",Zz)}let n=Wr(t,e.url);if(r===void 0||r===n)return n;throw new G("invalid_target","resource must match the scoped OAuth authorization endpoint resource.")}o(Qz,"requireAuthorizeResource");async function Xz(e,t,r){let n={virtualServerId:t};r!==void 0&&(n.context=r);let a=await $s(e,n);if(a.principal)return{principal:a.principal};if(!e.user)return a.evictCookie===void 0?{}:{setCookie:a.evictCookie};let i=aw(e);return{principal:i,setCookie:await Pa({principal:i,requestUrl:e.url,virtualServerId:t})}}o(Xz,"resolveBrowserPrincipal");async function eM(e,t,r){let n={virtualServerId:t};r!==void 0&&(n.context=r);let a=await $s(e,n);if(!a.principal)throw g("authentication_required","Authorization setup requires a current browser session.");return a.principal}o(eM,"requireSetupPrincipal");async function Mw(e){let t=await vp({transaction:e.transaction,requestUrl:e.requestUrl,returnTo:`/oauth/setup?state=${encodeURIComponent(e.csrfToken)}`}),r=await bp({transaction:e.transaction,requestUrl:e.requestUrl}),n={kind:"setup_page",html:_p({state:e.csrfToken,virtualServerId:e.transaction.virtualServerId,upstreams:t,...r})};return e.setCookie!==void 0&&(n.setCookie=e.setCookie),n}o(Mw,"renderSetup");function tM(e){if(e===void 0)return;let t=e.metadata.token_endpoint_auth_method;if(t==="private_key_jwt")throw new G("invalid_client","OAuth client authentication method is not supported.");return{clientId:e.clientId,clientName:e.metadata.client_name,tokenEndpointAuthMethod:t}}o(tM,"toAuthorizationTransactionClient");async function Rp(e,t={}){let r=Kz.parse({...e.query,resource:Qz(e,t.virtualServerId),state:zw(e.query.state)}),n=Aa(r.scope);xa(r.redirect_uri);let a=new Date,i=Be.parse(r.client_id),s=await xw(r.client_id,a);Aw(s,r.redirect_uri);try{let c=eo(e.url,r.resource),d=tM(s);t.context?.log.info({event:"oauth_authorize_request_parsed",clientId:i,virtualServerId:c.virtualServerId,scope:n,hasClientState:r.state!==void 0},"Downstream OAuth authorize: request parsed and client resolved");let p={clientId:s?.clientId??i,...d===void 0?{}:{client:d},redirectUri:r.redirect_uri,resource:r.resource,virtualServerId:c.virtualServerId,scope:n,codeChallenge:r.code_challenge,codeChallengeMethod:r.code_challenge_method,...r.state===void 0?{}:{clientState:r.state}},{principal:l,setCookie:m}=await Xz(e,c.virtualServerId,t.context);if(!l){let y=await vw({transaction:p,requestUrl:e.url,now:a});t.context?.log.info({event:"oauth_authorize_awaiting_login",clientId:i,virtualServerId:c.virtualServerId},"Downstream OAuth authorize: redirecting to browser login (no session)");let _={kind:"redirect",location:y.browserLoginUrl};return m!==void 0&&(_.setCookie=m),_}let h=await bw({transaction:p,principal:l,now:a});return t.context?.log.info({event:"oauth_authorize_awaiting_setup",clientId:i,virtualServerId:c.virtualServerId,subjectId:l.subjectId},"Downstream OAuth authorize: rendering consent/setup page"),Mw({transaction:h.transaction,csrfToken:h.csrfToken,requestUrl:e.url,setCookie:m})}catch(c){throw rM({redirectUri:r.redirect_uri,clientState:r.state,cause:c})}}o(Rp,"authorizeDownstreamClient");function rM(e){if(e.cause instanceof sn)return e.cause;let t=nM(e.cause);return t?new sn({redirectUri:e.redirectUri,clientState:e.clientState,errorCode:t.errorCode,errorDescription:t.errorDescription,cause:e.cause}):e.cause}o(rM,"toDownstreamAuthorizeRedirectError");function nM(e){if(e instanceof G)return{errorCode:e.errorCode,errorDescription:e.message};if(e instanceof u.ZodError){let t=e.issues[0];return{errorCode:t?.path.includes("resource")?"invalid_target":"invalid_request",errorDescription:t?.message}}}o(nM,"mapToOAuthRedirectError");async function qw(e,t={}){let r=typeof e.query.error=="string"?e.query.error:void 0;if(r){let p=typeof e.query.error_description=="string"?e.query.error_description.slice(0,256):void 0,l=typeof e.query.error_uri=="string"?e.query.error_uri.slice(0,256):void 0;throw t.context?.log.warn({event:"browser_login_callback_idp_error",code:"provider_access_denied",idpError:r,...p===void 0?{}:{idpErrorDescription:p},...l===void 0?{}:{idpErrorUri:l}},"Identity provider redirected browser-login callback with an error"),g("provider_access_denied",p??"The delegated browser login was not completed.")}let n=typeof e.query.state=="string"?e.query.state:void 0;if(!n)throw t.context?.log.warn({event:"browser_login_callback_state_missing",code:"oauth_state_invalid"},"Browser login callback was invoked without a state parameter"),g("oauth_state_invalid","Browser login callback is missing state.");let a=await Ns(n),i={request:e,stateId:a.stateId};t.context!==void 0&&(i.context=t.context);let s=await sw(i),c=await mp({browserLoginStateToken:n,principal:s}),d=await Mw({transaction:c.transaction,csrfToken:c.csrfToken,requestUrl:e.url});return d.setCookie=await Pa({principal:s,requestUrl:e.url,virtualServerId:c.transaction.virtualServerId}),d}o(qw,"completeBrowserLoginCallback");async function Nw(e){let t=xe(),r=new URL(e.url);if(!Le(r))throw g("forbidden","Local browser login is only available on loopback HTTP origins.");let n=typeof e.query.state=="string"?e.query.state:void 0;if(!n)throw g("oauth_state_invalid","Local browser login is missing state.");let a=new URL(typeof e.query.redirect_uri=="string"?e.query.redirect_uri:"/oauth/callback",ce(e.url)),i=new URL(ce(e.url)).origin;if(a.origin!==i||a.pathname!=="/oauth/callback")throw g("oauth_callback_mismatch","Local browser login redirect_uri must target this gateway's /oauth/callback route.");a.searchParams.set("state",n);let s={subjectId:Se.parse(Fz),roles:Vz};return{kind:"redirect",location:a,setCookie:await Pa({principal:s,requestUrl:e.url})}}o(Nw,"completeLocalDevBrowserLogin");async function jw(e){let t=Yz.parse(e.body),r=await Rw({browserLoginStateToken:t.state}),n=await iw({apiKey:t.apiKey,virtualServerId:r.virtualServerId}),a=await mp({browserLoginStateToken:t.state,principal:n});await l_({apiKey:t.apiKey,principal:n,virtualServerId:a.transaction.virtualServerId});let i=new URL("/oauth/setup",Ct(e.request.url));return i.searchParams.set("state",a.csrfToken),{kind:"redirect",location:i,setCookie:await Pa({principal:n,requestUrl:e.request.url,virtualServerId:a.transaction.virtualServerId})}}o(jw,"completeApiKeyBrowserLogin");function oM(e){let t=e.method==="POST"?e.body:e.query;return Jz.parse(t)}o(oM,"readSetupContinueRequest");async function Dw(e){let{state:t,decision:r}=oM({method:e.request.method,query:e.request.query,body:e.body}),n=new Date,a=await fp({csrfToken:t,now:n}),i=await eM(e.request,a.virtualServerId,e.context);if(r==="cancel")return{kind:"redirect",location:await Pw({csrfToken:t,currentBrowserPrincipal:i,now:n})};let s=await Cw({csrfToken:t,currentBrowserPrincipal:i,now:n}),c=await vp({transaction:s,requestUrl:e.request.url,returnTo:`/oauth/setup?state=${encodeURIComponent(t)}`});if(r==="continue"||$w(c)){let d=await bp({transaction:s,requestUrl:e.request.url});return{kind:"setup_page",html:_p({state:t,virtualServerId:s.virtualServerId,upstreams:c,...d})}}return{kind:"redirect",location:await Iw({csrfToken:t,currentBrowserPrincipal:i,now:n})}}o(Dw,"continueDownstreamAuthorizeSetup");ie();var aM=new Set(["authorization_code","refresh_token"]),iM=u.discriminatedUnion("grant_type",[u.object({grant_type:u.literal("authorization_code"),code:u.string().min(1),redirect_uri:u.string().min(1),client_id:u.string().min(1).optional(),code_verifier:rs,resource:u.url(),scope:u.literal(ye).optional(),client_secret:u.string().min(1).optional()}),u.object({grant_type:u.literal("refresh_token"),refresh_token:u.string().min(1),client_id:u.string().min(1).optional(),resource:u.url(),scope:u.literal(ye).optional(),client_secret:u.string().min(1).optional()})]);function sM(e){if(typeof e!="object"||e===null)return;let t=e.grant_type;if(t!==void 0&&(typeof t!="string"||!aM.has(t)))throw new G("unsupported_grant_type",`Grant type "${typeof t=="string"?t:""}" is not supported.`)}o(sM,"assertSupportedGrantType");var cM=u.object({token:u.string().min(1),client_id:u.string().min(1).optional(),token_type_hint:u.string().optional(),client_secret:u.string().min(1).optional()});function Hw(){return xe().gateway.accessTokenTtlSeconds}o(Hw,"readAccessTokenTtlSeconds");function uM(){return xe().gateway.refreshTokenTtlSeconds}o(uM,"readRefreshTokenTtlSeconds");function dM(e,t){let r=Hw(),n=Math.max(1,Math.floor((new Date(t).getTime()-e.getTime())/1e3)),a=Math.min(r,n);return{expiresAt:ne(Jt(e,a)),expiresIn:a}}o(dM,"calculateAccessTokenExpiresAt");function Lw(e){if(!e?.startsWith("Basic "))return{};let t;try{t=atob(e.slice(6))}catch{throw new G("invalid_client","Malformed HTTP Basic client authentication.")}let r=t.indexOf(":");if(r<0)throw new G("invalid_client","Malformed HTTP Basic client authentication.");try{return{clientId:decodeURIComponent(t.slice(0,r)),clientSecret:decodeURIComponent(t.slice(r+1))}}catch{throw new G("invalid_client","Malformed HTTP Basic client authentication.")}}o(Lw,"readBasicClientSecret");function Bw(e){if(e.basicClientId!==void 0&&e.bodyClientId!==void 0&&e.basicClientId!==e.bodyClientId)throw new G("invalid_request","Authenticated client_id must match request client_id.");let t=e.basicClientId??e.bodyClientId;if(t===void 0)throw new G("invalid_client","Client authentication or client_id is required.");return t}o(Bw,"resolveAuthenticatedClientId");function Gw(e){if(e.basicClientSecret!==void 0&&e.bodyClientSecret!==void 0)throw new G("invalid_request","Use only one client authentication method per request.");return e.basicClientSecret!==void 0?{clientSecret:e.basicClientSecret,clientSecretSource:"basic"}:e.bodyClientSecret!==void 0?{clientSecret:e.bodyClientSecret,clientSecretSource:"post"}:{}}o(Gw,"resolveClientSecretInput");async function Vw(e){let t=Be.parse(e.clientId);return e.clientSecret===void 0?{method:"none",clientId:t}:{method:e.clientSecretSource==="post"?"client_secret_post":"client_secret_basic",clientId:t,clientSecretHashInput:await pe(e.clientSecret)}}o(Vw,"buildRuntimeHttpClientAuth");async function Fw(e){sM(e.body);let t=iM.parse(e.body),r=Lw(e.authorizationHeader),n=Bw({basicClientId:r.clientId,bodyClientId:t.client_id}),a=new Date,i=Gw({basicClientSecret:r.clientSecret,bodyClientSecret:t.client_secret});return lM({parsed:t,clientId:n,clientSecretInput:i,now:a,requestUrl:e.requestUrl})}o(Fw,"exchangeDownstreamToken");async function lM(e){let t=await Vw({clientId:e.clientId,...e.clientSecretInput});if(e.parsed.grant_type==="authorization_code"){xa(e.parsed.redirect_uri),Aa(e.parsed.scope),e.parsed.resource!==void 0&&eo(e.requestUrl??e.parsed.resource,e.parsed.resource);let c=Yt(),d=Yt(),p=ne(Jt(e.now,uM())),l=dM(e.now,p),m=await J().exchangeAuthorizationCode({clientAuth:t,codeHash:await pe(e.parsed.code),redirectUri:e.parsed.redirect_uri,...e.parsed.resource===void 0?{}:{resource:e.parsed.resource},codeChallenge:await Jg(e.parsed.code_verifier),currentRefreshTokenHash:await pe(c),accessTokenHash:await pe(d),grantExpiresAt:p,accessTokenExpiresAt:l.expiresAt,now:ne(e.now)});if(m.kind==="invalid_client")throw new G("invalid_client","Client authentication failed.");if(m.kind==="resource_mismatch")throw new G("invalid_target","Token request resource must match the authorization code resource.");if(m.kind!=="exchanged")throw new G("invalid_grant","Authorization code is invalid, expired, already used, or failed binding validation.");return{access_token:d,token_type:"Bearer",expires_in:l.expiresIn,refresh_token:c,scope:m.grant.scope,resource:m.grant.resource}}Aa(e.parsed.scope),e.parsed.resource!==void 0&&eo(e.requestUrl??e.parsed.resource,e.parsed.resource);let r=Yt(),n=Yt(),a=ne(Jt(e.now,Hw())),i=await J().refreshToken({clientAuth:t,currentRefreshTokenHash:await pe(e.parsed.refresh_token),nextRefreshTokenHash:await pe(r),accessTokenHash:await pe(n),...e.parsed.resource===void 0?{}:{resource:e.parsed.resource},accessTokenExpiresAt:a,now:ne(e.now)});if(i.kind==="invalid_client")throw new G("invalid_client","Client authentication failed.");if(i.kind==="resource_mismatch")throw new G("invalid_target","Token request resource must match the refresh token grant resource.");if(i.kind!=="rotated")throw new G("invalid_grant","Refresh token is invalid, expired, or revoked.");eo(e.requestUrl??i.grant.resource,i.grant.resource);let s=i.accessToken.expiresAt;return{access_token:n,token_type:"Bearer",expires_in:Math.max(1,Math.floor((new Date(s).getTime()-e.now.getTime())/1e3)),refresh_token:r,scope:i.grant.scope,resource:i.grant.resource}}o(lM,"exchangeDownstreamTokenWithRuntimeHttp");async function Zw(e){let t=cM.parse(e.body),r=Lw(e.authorizationHeader),n=Bw({basicClientId:r.clientId,bodyClientId:t.client_id}),a=Gw({basicClientSecret:r.clientSecret,bodyClientSecret:t.client_secret}),i=new Date;if((await J().revokeOAuthToken({clientAuth:await Vw({clientId:n,...a}),tokenHash:await pe(t.token),now:ne(i)})).kind==="invalid_client")throw new G("invalid_client","Client authentication failed.");e.context?.log.info({event:"oauth_token_revoked",clientId:n,...t.token_type_hint===void 0?{}:{tokenTypeHint:t.token_type_hint}},"OAuth token revocation request processed")}o(Zw,"revokeDownstreamToken");var pM=64*1024,mM=16*1024,fM="text/html; charset=utf-8";function hM(e){let t={};for(let[r,n]of e.entries())t[r]=n;return t}o(hM,"formDataToObject");async function gM(e){return N_(e,{maxBytes:pM,label:"Request body"})}o(gM,"readJsonBody");async function Ls(e){return hM(await Os(e,{maxBytes:mM,label:"Request body"}))}o(Ls,"readFormBody");async function Bs(e,t,r){let n=he(r),a=r instanceof u.ZodError?Kw(r):r instanceof Error?r.message:void 0,i={code:n??"invalid_request"};return a!==void 0&&(i.detail=a),ft(e,t,i)}o(Bs,"handleProblem");function Ta(e){let t=new Headers(e.headers);t.set("cache-control","no-store"),t.set("pragma","no-cache");let r={error:e.error};return e.errorDescription!==void 0&&(r.error_description=e.errorDescription),Response.json(r,{status:e.status??400,headers:t})}o(Ta,"oauthErrorResponse");function yM(e,t){return e.errorCode!=="invalid_client"?{}:t.includeInvalidClientChallenge===!1?{}:{"WWW-Authenticate":'Basic realm="OAuth"'}}o(yM,"readOAuthProtocolHeaders");function SM(e,t){let r=Qe("internal_server_error");return Ta({error:e.errorCode,errorDescription:e.errorCode==="server_error"?r.publicDetail:e.message,status:e.status,headers:yM(e,t)})}o(SM,"oauthProtocolErrorResponse");function _M(e){return e.issues[0]?.path.includes("resource")===!0?"invalid_target":"invalid_request"}o(_M,"readZodOAuthErrorCode");function wM(e){let t={error:_M(e)},r=Kw(e);return r!==void 0&&(t.errorDescription=r),Ta(t)}o(wM,"oauthZodErrorResponse");function vM(e){let t=he(e);if(t===void 0)return;let r=Qe(t);if(r.oauthError===void 0)return;let n={error:r.oauthError,status:RM(r.oauthError)};return r.oauthError==="server_error"?n.errorDescription=r.publicDetail:e instanceof Error?n.errorDescription=e.message:n.errorDescription=r.publicDetail,Ta(n)}o(vM,"oauthGatewayProblemResponse");function bM(){let t={error:"server_error",status:500,errorDescription:Qe("internal_server_error").publicDetail};return Ta(t)}o(bM,"oauthFallbackErrorResponse");function RM(e){switch(e){case"invalid_client":return 401;case"server_error":return 500;default:return 400}}o(RM,"readOAuthStatus");function to(e,t={}){return e instanceof sn?CM(e):e instanceof G?SM(e,t):e instanceof u.ZodError?wM(e):vM(e)??bM()}o(to,"oauthProblemResponse");function Mt(e,t,r){let n={event:t},a=!1;if(r instanceof G)n.oauthError=r.errorCode,n.status=r.status,Oe(n,"error",r);else if(r instanceof sn)n.oauthError=r.errorCode,Oe(n,"error",r);else if(r instanceof u.ZodError){n.code="invalid_request",Oe(n,"error",r);let i=r.issues[0];i&&(n.zodPath=i.path.join("."))}else{let i=he(r);if(i!==void 0){let s=Qe(i);n.code=i,n.status=s.status,s.oauthError!==void 0&&(n.oauthError=s.oauthError),a=s.status>=500||s.oauthError==="server_error",Oe(n,"error",r)}else a=!0,Oe(n,"error",r)}if(a){let i=r instanceof Error?r:new Error("Non-Error thrown from OAuth handler",{cause:r});e.log.error(n,i.message)}else e.log.warn(n,"OAuth handler rejected the request")}o(Mt,"logUnexpectedOAuthHandlerError");function CM(e){let t;try{t=new URL(e.redirectUri)}catch{return Ta({error:e.errorCode,...e.errorDescription===void 0?{}:{errorDescription:e.errorDescription}})}t.searchParams.set("error",e.errorCode),e.errorDescription!==void 0&&t.searchParams.set("error_description",e.errorDescription),e.clientState!==void 0&&t.searchParams.set("state",e.clientState);let r=new Headers({location:t.toString(),"cache-control":"no-store"});return new Response(null,{status:302,headers:r})}o(CM,"downstreamAuthorizeRedirectErrorResponse");function Kw(e){let t=e.issues[0];if(!t)return;let r=t.path.join(".");return r?`${r}: ${t.message}`:t.message}o(Kw,"formatZodErrorDetail");function IM(e,t){let r={event:"browser_login_callback_failed",code:he(t)??"invalid_request"};Oe(r,"error",t),e.log.warn(r,"Browser login callback failed; client received a connection-failure page")}o(IM,"logBrowserLoginCallbackFailure");function Cp(e){e.location.hash||(e.location.hash="#");let t=new Headers({location:e.location.toString(),"cache-control":"no-store"});return e.setCookie&&t.append("set-cookie",e.setCookie),new Response(null,{status:302,headers:t})}o(Cp,"redirectResultResponse");function Gs(e){if(e.kind==="setup_page"){let t=new Headers({"content-type":fM,"cache-control":"no-store","referrer-policy":"no-referrer","x-frame-options":"DENY"});return e.setCookie&&t.append("set-cookie",e.setCookie),new Response(e.html,{status:200,headers:t})}return Cp(e)}o(Gs,"authorizeResultResponse");async function Ww(e,t){try{return Response.json(al(e.url))}catch(r){return Mt(t,"oauth_authorization_server_metadata_failed",r),Bs(e,t,r)}}o(Ww,"authorizationServerMetadataHandler");async function Jw(e,t){try{let r=Pe.parse(e.params.virtualServerId),n=Xo(r);return Response.json(Fg({virtualServerId:n.virtualServerId,requestUrl:e.url}))}catch(r){return Mt(t,"oauth_authorization_server_metadata_failed",r),Bs(e,t,r)}}o(Jw,"scopedAuthorizationServerMetadataHandler");async function Yw(e,t){try{let r=await kw(await gM(e)),n=r;return t.log.info({event:"oauth_dcr_client_registered",clientId:typeof n.client_id=="string"?n.client_id:void 0,clientName:typeof n.client_name=="string"?n.client_name:void 0,redirectUriCount:Array.isArray(n.redirect_uris)?n.redirect_uris.length:void 0,tokenEndpointAuthMethod:typeof n.token_endpoint_auth_method=="string"?n.token_endpoint_auth_method:void 0},"OAuth Dynamic Client Registration completed"),Response.json(r,{status:201,headers:{"cache-control":"no-store"}})}catch(r){return Mt(t,"oauth_register_failed",r),to(r)}}o(Yw,"registerHandler");async function Qw(e,t){try{return Gs(await Rp(e,{context:t}))}catch(r){return Mt(t,"oauth_authorize_failed",r),to(r,{includeInvalidClientChallenge:!1})}}o(Qw,"authorizeHandler");async function Xw(e,t){try{let r=Pe.parse(e.params.virtualServerId),n=Xo(r);return Gs(await Rp(e,{virtualServerId:n.virtualServerId,context:t}))}catch(r){return Mt(t,"oauth_authorize_scoped_failed",r),to(r,{includeInvalidClientChallenge:!1})}}o(Xw,"scopedAuthorizeHandler");async function ev(e,t){try{let r=await qw(e,{context:t});return t.log.info({event:"browser_login_callback_completed",resultKind:r.kind},"Browser login callback completed; consent setup rendered"),Gs(r)}catch(r){return IM(t,r),Bs(e,t,r)}}o(ev,"callbackHandler");async function tv(e,t){try{return Cp(await Nw(e))}catch(r){return Mt(t,"oauth_dev_login_failed",r),to(r)}}o(tv,"devLoginHandler");async function rv(e,t){let r=(()=>{try{return new URL(e.url).host}catch{return""}})();try{if(e.method==="GET"){let n=typeof e.query.state=="string"?e.query.state:void 0;return n?Q_(r,n):sp(r,400)}return e.method!=="POST"?new Response(null,{status:405,headers:{allow:"GET, POST"}}):Cp(await jw({request:e,body:await Ls(e)}))}catch(n){return Mt(t,"oauth_api_key_login_failed",n),sp(r)}}o(rv,"apiKeyLoginHandler");async function nv(e,t){try{if(!["GET","POST"].includes(e.method))return new Response(null,{status:405,headers:{allow:"GET, POST"}});let r=await Dw({request:e,body:e.method==="POST"?await Ls(e):void 0,context:t});return Gs(r)}catch(r){return Mt(t,"oauth_setup_failed",r),Bs(e,t,r)}}o(nv,"setupHandler");async function ov(e,t){try{return Response.json(await Fw({body:await Ls(e),authorizationHeader:e.headers.get("authorization"),requestUrl:e.url,context:t}),{headers:{"cache-control":"no-store",pragma:"no-cache"}})}catch(r){return Mt(t,"oauth_token_failed",r),to(r)}}o(ov,"tokenHandler");async function av(e,t){try{return await Zw({body:await Ls(e),authorizationHeader:e.headers.get("authorization"),context:t}),new Response(null,{status:200,headers:{"cache-control":"no-store"}})}catch(r){return Mt(t,"oauth_revoke_failed",r),to(r)}}o(av,"revokeHandler");var PM={connect:"Connect",app_password:"App password",callback_authorization_code:"Callback",callback_provider_error:"Callback",callback_invalid:"Callback",client_metadata:"Client metadata"},iv=new Dt("upstream-request");function xM(e){let t=iv.get(e);if(!t)throw g("internal_server_error","Upstream request context has not been set");return t}o(xM,"readUpstreamRequestContext");function AM(e,t){return t.some(r=>r===e)}o(AM,"requestContextMatchesKind");function TM(e){return typeof e=="string"?[e]:e}o(TM,"toExpectedKinds");function cn(e,t){iv.set(e,t)}o(cn,"setUpstreamRequestContext");function un(e,t){let r=xM(e),n=TM(t);if(!AM(r.kind,n)){let a=PM[n[0]];throw g("internal_server_error",`${a} request context has not been set`)}return r}o(un,"requireUpstreamRequestContext");function sv(e){return k`<form class="form" method="post" action="${e.action}" autocomplete="off"><input type="hidden" name="browserTicket" value="${e.browserTicket}" />${e.fields}<p class="form__note">The gateway stores this encrypted and keeps it out of MCP client
55
- configuration.</p><button class="button button--primary button--block form__submit" type="submit" >Connect</button></form>`}o(sv,"renderAppPassword");function cv(e){return k`<p data-gateway-error-code="${e.code}">${e.body}</p>`}o(cv,"renderBrowserResult");var kM="text/html; charset=utf-8",EM="none";function uv(e){return or({title:e.title,host:e.host,styles:nr,heading:e.title,subhead:"",body:cv({body:e.body,code:e.code??EM}),footer:""})}o(uv,"browserResultHtml");function dv(e,t=200){return new Response(rr(e),{status:t,headers:{"content-type":kM,"cache-control":"no-store","referrer-policy":"no-referrer","x-frame-options":"DENY"}})}o(dv,"browserResultResponse");function Vs(e){return dv(uv(e))}o(Vs,"browserConnectionSuccessResponse");function ro(e,t){let r=ug(t);return dv(uv({host:e,title:r.title,body:r.body,code:t}),400)}o(ro,"browserConnectionFailureResponse");function Ip(e){try{return new URL(e).host}catch{return""}}o(Ip,"safeHostFromUrl");var UM="text/html; charset=utf-8",OM=16*1024;function $M(e,t=200){return new Response(rr(e),{status:t,headers:{"content-type":UM,"cache-control":"no-store","referrer-policy":"no-referrer","x-frame-options":"DENY"}})}o($M,"htmlResponse");function zM(e,t){return Response.redirect(new URL(t,e).toString(),302)}o(zM,"safeRedirect");function MM(e){if(!e)throw g("oauth_state_invalid","App password capture requires a signed browser ticket.");return e}o(MM,"requireBrowserTicket");function qM(e,t){return[e.ownerMode!=="user"||e.upstreamServerId!==t.upstreamServerId||t.virtualServerId!==void 0&&e.virtualServerId!==t.virtualServerId].every(n=>!n)}o(qM,"appPasswordTicketMatchesTarget");async function lv(e){let t=MM(e.browserTicket),r=await ys(t);if(!qM(r,e))throw g("oauth_callback_mismatch","App password capture ticket did not match the requested upstream flow.");return{upstreamServerId:e.upstreamServerId,authProfileId:r.authProfileId,virtualServerId:r.virtualServerId,browserTicket:t,ticket:r}}o(lv,"readAppPasswordTarget");function NM(e,t){let r=Ul(e.upstreamServerId,e.authProfileId),n=`/auth/connections/${encodeURIComponent(e.upstreamServerId)}/app-password`,a=r.kind==="basic_auth_app_password"?k`<label class="form__label" for="username">${r.usernameLabel}</label><input class="form__input" id="username" name="username" required autocomplete="username"><label class="form__label" for="appPassword">${r.passwordLabel}</label><input class="form__input" id="appPassword" name="appPassword" type="password" required autocomplete="current-password">`:k`<label class="form__label" for="token">${r.label}</label><input class="form__input" id="token" name="token" type="password" required autocomplete="off">`;return $M(or({title:"Connect upstream",host:t,styles:nr,heading:"Connect upstream",subhead:k`<p class="card__subtitle">Enter the per-user credential for this approved upstream.</p>`,body:sv({action:n,browserTicket:e.browserTicket,fields:a}),footer:""}))}o(NM,"renderCaptureForm");function Fs(e,t){let r=e.get(t);if(typeof r!="string"||r.length===0)throw g("invalid_request",`Missing form field: ${t}`);return r}o(Fs,"readRequiredFormValue");function jM(e){return{upstreamServerId:e.upstreamServerId,...e.virtualServerId===void 0?{}:{virtualServerId:e.virtualServerId},...e.browserTicket===void 0?{}:{browserTicket:e.browserTicket}}}o(jM,"readCaptureFormTargetInput");async function DM(e,t){return NM(await lv(jM(e)),t)}o(DM,"handleCaptureFormRequest");async function HM(e){let t=await Os(e.request,{maxBytes:OM,label:"App password request body"});return{form:t,target:await lv({upstreamServerId:e.upstreamServerId,browserTicket:Fs(t,"browserTicket")})}}o(HM,"readSubmittedAppPasswordTarget");async function LM(e){let t=Ln(e.target.ticket);if(await Ss(e.target.ticket),Ul(e.target.upstreamServerId,e.target.authProfileId).kind==="bearer_token"){await _s({owner:t,initiatedBySubjectId:e.target.ticket.initiatedBySubjectId,upstreamServerId:e.target.upstreamServerId,authProfileId:e.target.authProfileId,token:Fs(e.form,"token")});return}await TS({owner:t,initiatedBySubjectId:e.target.ticket.initiatedBySubjectId,upstreamServerId:e.target.upstreamServerId,authProfileId:e.target.authProfileId,username:Fs(e.form,"username"),appPassword:Fs(e.form,"appPassword")})}o(LM,"saveSubmittedAppPasswordCredential");function BM(e,t){return t.ticket.returnTo?zM(e,t.ticket.returnTo):Vs({host:Ip(e),title:"Connection complete",body:"The upstream credential was saved. Return to your MCP client and retry the request."})}o(BM,"appPasswordSuccessResponse");async function GM(e){let t=await HM({request:e.request,upstreamServerId:e.appPasswordRequest.upstreamServerId});return await LM(t),BM(e.request.url,t.target)}o(GM,"handleAppPasswordSubmission");function VM(){return new Response(null,{status:405,headers:{Allow:"GET, POST"}})}o(VM,"methodNotAllowedResponse");function FM(e,t){let r=he(t);return ro(e,Hi(r)?r:"oauth_state_invalid")}o(FM,"appPasswordFailureResponse");async function ZM(e){let t=Ip(e.request.url);switch(e.request.method){case"GET":return DM(e.appPasswordRequest,t);case"POST":return GM(e);default:return VM()}}o(ZM,"handleAppPasswordMethod");async function Pp(e,t){let r=un(t,"app_password");try{return await ZM({request:e,appPasswordRequest:r})}catch(n){return FM(Ip(e.url),n)}}o(Pp,"appPasswordHandler");var KM=["callback_authorization_code","callback_provider_error","callback_invalid"];function WM(e){return"cause"in e?e.cause:void 0}o(WM,"readErrorCause");function JM(e){return e.stack?.split(`
56
- `).slice(1,4).map(t=>t.trim()).join(" | ")}o(JM,"readFirstStackFrame");function pv(e,t,r){r instanceof Error&&(e[`${t}Name`]=r.name,e[`${t}Message`]=r.message,e[`${t}StackFrame`]=JM(r))}o(pv,"addErrorAttributes");function mv(e){try{return new URL(e).host}catch{return""}}o(mv,"safeHostFromUrl");function YM(e,t,r){switch(t.kind){case"callback_provider_error":return e.log.warn({event:"upstream_oauth_provider_error",code:"provider_access_denied",upstreamServerId:t.upstreamServerId,providerError:t.error,...t.errorDescription===void 0?{}:{providerErrorDescription:t.errorDescription.slice(0,256)}},"Upstream identity provider returned an error to the OAuth callback"),tt(e,{eventType:K.MCP_GATEWAY_AUTH_UPSTREAM_TOKEN_EXCHANGE_FAILED,outcome:"failure",upstreamServerName:t.upstreamServerId,reasonCode:"provider_access_denied",reasonClass:"auth",attributes:{error:t.error,errorDescription:t.errorDescription}}),ro(r,"provider_access_denied");case"callback_invalid":return e.log.warn({event:"upstream_oauth_callback_invalid",code:"oauth_state_invalid",upstreamServerId:t.upstreamServerId},"Upstream OAuth callback request missing required code/state parameters"),ro(r,"oauth_state_invalid");case"callback_authorization_code":return t}}o(YM,"requireAuthorizationCallbackRequest");function QM(e,t){tt(e,{eventType:K.MCP_GATEWAY_AUTH_UPSTREAM_CALLBACK_RECEIVED,outcome:"success",upstreamServerName:t.upstreamServerId})}o(QM,"emitCallbackReceivedAnalyticsEvent");function XM(e,t){tt(e,{eventType:K.MCP_GATEWAY_AUTH_UPSTREAM_TOKEN_EXCHANGE_SUCCEEDED,outcome:"success",upstreamServerName:t.upstreamServerId,virtualServerName:t.virtualServerId})}o(XM,"emitTokenExchangeSucceededAnalyticsEvent");function eq(e,t){if(t.returnTo){let r=t.returnOrigin??e.url;return Response.redirect(new URL(t.returnTo,r).toString(),302)}return Vs({host:mv(e.url),title:"Connection complete",body:"The upstream authorization flow completed successfully. You can return to your MCP client."})}o(eq,"buildSuccessfulCallbackResponse");function tq(e){let t={detail:e instanceof Error?e.message:void 0};return pv(t,"error",e),e instanceof Error&&pv(t,"cause",WM(e)),t}o(tq,"buildTokenExchangeFailureAttributes");function rq(e){tt(e.context,{eventType:K.MCP_GATEWAY_AUTH_UPSTREAM_TOKEN_EXCHANGE_FAILED,outcome:"failure",upstreamServerName:e.callbackRequest.upstreamServerId,reasonCode:he(e.error)??"token_exchange_failed",reasonClass:"auth",errorType:e.error instanceof Error?e.error.name:"unknown",attributes:tq(e.error)})}o(rq,"emitTokenExchangeFailedAnalyticsEvent");function nq(e,t){let r=he(t);return ro(e,Hi(r)?r:"upstream_token_exchange_failed")}o(nq,"tokenExchangeFailureResponse");async function xp(e,t){let r=un(t,KM),n=mv(e.url),a=YM(t,r,n);if(a instanceof Response)return a;QM(t,a);try{let i=await m_({request:e,callbackRequest:a});return XM(t,i),t.log.info({event:"upstream_oauth_token_exchange_succeeded",upstreamServerId:i.upstreamServerId,virtualServerId:i.virtualServerId,authProfileId:i.authProfileId,ownerMode:i.ownerMode},"Upstream OAuth token exchange completed; user connection established"),eq(e,i)}catch(i){let s={event:"upstream_oauth_token_exchange_failed",code:he(i)??"upstream_token_exchange_failed",upstreamServerId:a.upstreamServerId};return Oe(s,"error",i),t.log.warn(s,"Upstream OAuth token exchange failed; user shown connection-failure page"),rq({context:t,callbackRequest:a,error:i}),nq(n,i)}}o(xp,"callbackHandler");function oq(e){let t=he(e);return t==="unknown_upstream_server"?t:"not_found"}o(oq,"clientMetadataProblemCode");function aq(e){return(e instanceof Error?e.message:void 0)??"The requested upstream client metadata document was not found."}o(aq,"clientMetadataProblemDetail");async function fv(e,t){let r=un(t,"connect"),n=await p_({request:e,connectRequest:r});if(tt(t,{eventType:K.MCP_GATEWAY_AUTH_UPSTREAM_CONNECT_STARTED,outcome:"success",upstreamServerName:r.upstreamServerId,virtualServerName:n.virtualServerId,upstreamServerTitle:n.upstreamDisplayName}),t.log.info({event:"upstream_connect_started",upstreamServerId:r.upstreamServerId,authProfileId:n.authProfileId,virtualServerId:n.virtualServerId,ownerMode:r.ownerMode,redirect:r.redirect,hasReturnTo:r.returnTo!==void 0},"Upstream OAuth connect flow started"),r.redirect)return Response.redirect(n.authUrl,302);let a=await Vn({requestUrl:e.url,owner:n.owner,initiatedBySubjectId:n.initiatedBySubjectId,upstreamServerId:r.upstreamServerId,authProfileId:n.authProfileId,upstreamDisplayName:n.upstreamDisplayName,virtualServerId:n.virtualServerId,subject:"virtual server",...r.returnTo===void 0?{}:{returnTo:r.returnTo}});return Response.json(a,{status:428})}o(fv,"connectHandler");async function hv(e,t){let r=un(t,"client_metadata");try{let n=YS(e.url),a=QS(n,r.upstreamServerId,r.authProfileId);return Response.json(a)}catch(n){let a=oq(n),i=n instanceof Error?n.message:String(n);return t.log.warn({event:"oauth_client_metadata_request_failed",code:a,upstreamServerId:r.upstreamServerId,authProfileId:r.authProfileId,errorMessage:i},"Failed to serve OAuth client metadata document for upstream connection"),ft(e,t,{code:a,detail:aq(n)})}}o(hv,"oauthClientMetadataHandler");function ar(e){if(typeof e=="string"&&e.length!==0)return e}o(ar,"readOptionalQueryString");function iq(e,t){let r=e.params[t];if(typeof r!="string"||r.length===0)throw g("internal_server_error",`Validated path parameter ${t} is missing`);return r}o(iq,"requirePathString");function gv(e){let t=ar(e);return t?Pe.parse(t):void 0}o(gv,"readOptionalVirtualServerId");function sq(e,t){let r=ar(e);return r?et.parse(r):qn(t,"user_oauth")}o(sq,"readOptionalAuthProfileId");function cq(e){let t=gv(e);if(!t)throw g("invalid_request","virtualServerId query parameter is required.");return t}o(cq,"readRequiredVirtualServerId");function uq(e){let t=ar(e.query.browserTicket);return t===void 0?{}:{browserTicket:t}}o(uq,"readOptionalBrowserTicket");function dq(e){let t=cs(ar(e));return t===void 0?{}:{returnTo:t}}o(dq,"readOptionalReturnTo");function lq(e){let t=gv(e.query.virtualServerId);return t===void 0?{}:{virtualServerId:t}}o(lq,"readOptionalVirtualServerIdContext");function pq(e){let t=ar(e.query.error_description);return t===void 0?{}:{errorDescription:t}}o(pq,"readOptionalProviderErrorDescription");function mq(e){let t=$t(e.authMode);if(t.connectSupport!=="none")return e;throw g("invalid_request",t.connectUnsupportedDetail??"This upstream does not support browser connection flows.")}o(mq,"requireConnectableRouteAuth");function fq(e,t,r,n){let a=Us(e,t);if(a.ownerMode==="none"||a.authMode==="shared-secret")throw g("invalid_request","Static-secret upstreams do not support browser connection flows.");return{kind:"connect",...a,...n===void 0?{}:{returnTo:n},redirect:r}}o(fq,"buildConnectContextForPrincipal");function hq(e,t,r){let n=Ln(t),a=$t(e.authMode);if(n.mode!==a.ownerMode)throw g("oauth_callback_mismatch","Browser connect ticket did not match the requested upstream flow");return{kind:"connect",...e,...t.returnTo===void 0?{}:{returnTo:t.returnTo},owner:n,initiatedBySubjectId:t.initiatedBySubjectId,redirect:r}}o(hq,"buildConnectContextForTicket");async function gq(e,t){let r=mq($_(t,cq(e.query.virtualServerId))),n=e.query.redirect==="true",a=ar(e.query.browserTicket);if(e.user){if(a)throw g("invalid_request","Use either an authenticated gateway request or a browser connect ticket, not both.");let s=jn(e.user,e.url);return fq(r,s,n,dq(e.query.returnTo).returnTo)}if(!a)throw g("authentication_required","Authentication is required to start the upstream connection flow.");let i=await ys(a);if(i.ownerMode!==r.ownerMode||i.upstreamServerId!==r.upstreamServerId||i.authProfileId!==r.authProfileId||i.virtualServerId!==r.virtualServerId)throw g("oauth_callback_mismatch","Browser connect ticket did not match the requested upstream flow");return await Ss(i),hq(r,i,n)}o(gq,"resolveConnectContext");async function yq(e,t,r){let n=Xe.parse(iq(e,"connection"));switch(r){case"connect":cn(t,await gq(e,n));return;case"app_password":cn(t,{kind:"app_password",upstreamServerId:n,...lq(e),...uq(e)});return;case"callback":{let a=ar(e.query.error);if(a){cn(t,{kind:"callback_provider_error",upstreamServerId:n,error:a,...pq(e)});return}let i=ar(e.query.code),s=ar(e.query.state);if(i&&s){cn(t,{kind:"callback_authorization_code",upstreamServerId:n,code:i,state:s});return}cn(t,{kind:"callback_invalid",upstreamServerId:n});return}case"client_metadata":cn(t,{kind:"client_metadata",upstreamServerId:n,authProfileId:sq(e.query.authProfileId,n)});return}}o(yq,"resolveUpstreamRequestInbound");async function Sq(e,t,r){try{await yq(e,t,r);return}catch(n){let a=he(n);if(!a)throw n;let i=n instanceof Error?n.message:void 0;return ft(e,t,{code:a,...i===void 0?{}:{detail:i}})}}o(Sq,"applyUpstreamRequestContext");function ka(e,t){return o(async(n,a)=>{let i=await Sq(n,a,e);return i||t(n,a)},"wrapped")}o(ka,"withUpstreamRequestContext");var _q={"access-control-allow-origin":"*","access-control-allow-methods":"GET, OPTIONS","access-control-allow-headers":"content-type, authorization","access-control-max-age":"86400"};function wq(){return new Response(null,{status:204,headers:_q})}o(wq,"buildWellKnownPreflightResponse");function vq(e){let t=new Headers(e.headers);return t.set("access-control-allow-origin","*"),new Response(e.body,{status:e.status,statusText:e.statusText,headers:t})}o(vq,"withWellKnownCorsHeaders");function Ap(e){return async(t,r)=>t.method==="OPTIONS"?wq():vq(await e(t,r))}o(Ap,"wrapWellKnownHandler");var bq=[{routeName:"oauth_as_metadata",path:"/.well-known/oauth-authorization-server",methods:["GET","OPTIONS"],handler:Ap(Ww)},{routeName:"oauth_as_metadata_scoped",path:"/.well-known/oauth-authorization-server/mcp/:virtualServerId",methods:["GET","OPTIONS"],handler:Ap(Jw)},{routeName:"oauth_protected_resource_metadata",path:"/.well-known/oauth-protected-resource/mcp/:virtualServerId",methods:["GET","OPTIONS"],handler:Ap(Zg)},{routeName:"oauth_register",path:"/oauth/register",methods:["POST"],handler:Yw},{routeName:"oauth_authorize",path:"/oauth/authorize",methods:["GET"],handler:Qw},{routeName:"oauth_authorize_scoped",path:"/oauth/authorize/mcp/:virtualServerId",methods:["GET"],handler:Xw},{routeName:"oauth_callback",path:"/oauth/callback",methods:["GET"],handler:ev},{routeName:"oauth_dev_login",path:"/oauth/dev-login",methods:["GET"],handler:tv},{routeName:"oauth_api_key_login",path:"/oauth/api-key-login",methods:["GET","POST"],handler:rv},{routeName:"oauth_setup",path:"/oauth/setup",methods:["GET","POST"],handler:nv},{routeName:"oauth_token",path:"/oauth/token",methods:["POST"],handler:ov},{routeName:"oauth_revoke",path:"/oauth/revoke",methods:["POST"],handler:av},{routeName:"upstream_client_metadata",path:"/.well-known/oauth-client/:connection",methods:["GET"],handler:ka("client_metadata",hv)},{routeName:"upstream_connect",path:"/auth/connections/:connection/connect",methods:["GET"],handler:ka("connect",fv)},{routeName:"upstream_callback",path:"/auth/connections/:connection/callback",methods:["GET"],handler:ka("callback",xp)},{routeName:"upstream_app_password",path:"/auth/connections/:connection/app-password",methods:["GET","POST"],handler:ka("app_password",Pp)}];function yv(e){if(e)return e.find(t=>Fi(t.policyType))}o(yv,"findMcpOAuthPolicy");function Sv(e){return yv(e)!==void 0}o(Sv,"shouldRegisterMcpGatewayInternalRoutes");function Rq(e){let t=Md(e.policyType);if(!t){let r=qd();throw new jt(`MCP gateway: unknown MCP authorization policy type '${String(e.policyType)}'. Registered policy types: ${r.length>0?r.join(", "):"<none>"}.`)}try{return t.getConfig(e.handler.options)}catch(r){throw r instanceof u.ZodError?new jt(Cq(e.name??e.policyType,r),{cause:r}):r}}o(Rq,"resolveOAuthConfigFromPolicy");function Cq(e,t){let r=t.issues.map(n=>` - ${n.path.length>0?n.path.join("."):"<root>"}: ${n.message}`).join(`
52
+ </style></head><body><main class="card"><header class="card__head"><img class="card__icon" src="https://www.google.com/s2/favicons?domain=${e.host}&sz=64" alt="" width="48" height="48" referrerpolicy="no-referrer" /><h1 class="card__title">${e.heading}</h1>${e.subhead}</header><div class="card__body">${e.body}</div>${e.footer}</main></body></html>`}o(nr,"renderShell");function N_(e){return T`<form class="actions" method="post" action="/oauth/setup"><input type="hidden" name="state" value="${e.state}" /><button class="button button--secondary" type="submit" name="decision" value="cancel" formnovalidate >Cancel</button><button class="button button--primary" type="submit" name="decision" value="approve" ${e.authorizeAttrs} >Authorize</button></form>`}o(N_,"renderActions");var D_=er('<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><circle cx="8" cy="8" r="6.5"/><line x1="8" y1="4.6" x2="8" y2="8.4"/><circle cx="8" cy="11" r=".7" fill="currentColor" stroke="none"/></svg>');function j_(){return T`<p>The API key could not be verified. Start the authorization flow again to try
53
+ once more.</p>`}o(j_,"renderApiKeyLoginFailure");function H_(e){return T`<form class="form" method="post" action="/oauth/api-key-login" autocomplete="off" ><input type="hidden" name="state" value="${e.state}" /><label class="form__label" for="apiKey">API key</label><input class="form__input" id="apiKey" name="apiKey" type="password" required autocomplete="off" /><button class="button button--primary button--block form__submit" type="submit" >Continue</button></form>`}o(H_,"renderApiKeyLoginForm");function L_(e){return T`<div class="banner banner--alert" role="alert"><span class="banner__icon" aria-hidden="true">${e.icon}</span><div class="banner__body"><p class="banner__title">${e.title}</p><p class="banner__message">${e.message}</p></div></div>`}o(L_,"renderBannerAlert");function B_(e){return T`<div class="banner banner--warning" role="status"><span class="banner__icon" aria-hidden="true">${e.icon}</span><div class="banner__body"><p class="banner__title">Setup required</p><p class="banner__message">${e.message}</p></div></div>`}o(B_,"renderBannerWarning");function G_(e){return T`<section class="capability-section"><h4 class="capability-section__title">${e.label} <span class="muted">(${e.total})</span></h4><ul class="capability-list">${e.rows}${e.moreLine}</ul></section>`}o(G_,"renderCapabilitySection");var op=er('<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="14" height="14" fill="none" stroke="currentColor" stroke-width="1.8" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M4 6.5l4 4 4-4"/></svg>'),ap=er('<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.6" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><rect x="3" y="4" width="18" height="7" rx="1.5"/><rect x="3" y="13" width="18" height="7" rx="1.5"/><circle cx="7" cy="7.5" r=".75" fill="currentColor" stroke="none"/><circle cx="7" cy="16.5" r=".75" fill="currentColor" stroke="none"/></svg>');function V_(e){return T`${e.banner}<section class="upstreams"><header class="section-label">Upstream services <span class="section-label__count">${e.sectionCount}</span></header><ul class="upstream-list">${e.cards}</ul></section>${e.fineprint}`}o(V_,"renderSetupPage");function F_(e){return T`<article class="${e.cardClass}"><div class="upstream-card__head">${e.iconFrame}<div class="upstream-card__main"><div class="upstream-card__title-row"><h3 class="upstream-card__title">${e.upstreamDisplayName}</h3>${e.control}</div><div class="upstream-card__meta">${e.host}<span>${e.authModeLabel}</span><span class="upstream-card__sep" aria-hidden="true">·</span><span>${e.ownerModeLabel}</span></div>${e.description}</div></div>${e.capabilities} ${e.scopes}</article>`}o(F_,"renderUpstreamCard");var Z_=er('<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M7.13 2.46 1.39 12.5a1 1 0 0 0 .87 1.5h11.48a1 1 0 0 0 .87-1.5L8.87 2.46a1 1 0 0 0-1.74 0Z"/><line x1="8" y1="6" x2="8" y2="9.4"/><circle cx="8" cy="11.4" r=".7" fill="currentColor" stroke="none"/></svg>');var h$="text/html; charset=utf-8";function K_(e,t=200){return new Response(tr(e),{status:t,headers:{"content-type":h$,"cache-control":"no-store","referrer-policy":"no-referrer","x-frame-options":"DENY"}})}o(K_,"apiKeyLoginHtmlResponse");function ip(e,t=401){return K_(nr({title:"Sign-in failed",host:e,styles:rr,heading:"Sign-in failed",subhead:"",body:j_(),footer:""}),t)}o(ip,"apiKeyLoginFailureResponse");function W_(e,t){return K_(nr({title:"Sign in",host:e,styles:rr,heading:"Sign in",subhead:T`<p class="card__subtitle">Enter your API key to continue.</p>`,body:H_({state:t}),footer:""}))}o(W_,"renderApiKeyLoginForm");ue();ue();import{errors as iw,jwtVerify as sw,SignJWT as cw}from"jose";ue();import{errors as x$,jwtVerify as A$,SignJWT as k$}from"jose";function kr(e){let t=xe().browserLogin[e];if(typeof t=="string"&&t.length>0)return t;throw g("internal_server_error",`browserLogin.${e} is required for federated browser login. Set it on the mcp-oauth-inbound policy options.`)}o(kr,"requireBrowserLoginField");ue();import{createRemoteJWKSet as y$,errors as Pa,jwtVerify as S$}from"jose";var _$=u.object({id_token:u.string().min(1),token_type:u.string().min(1).optional(),expires_in:u.number().optional(),access_token:u.string().min(1).optional(),refresh_token:u.string().min(1).optional(),scope:u.string().min(1).optional()}),w$=u.object({error:u.string().min(1).optional(),error_description:u.string().min(1).optional(),error_uri:u.string().min(1).optional()});function v$(e){let t=w$.safeParse(e);if(!t.success)return{};let r={};return t.data.error!==void 0&&(r.idpError=t.data.error),t.data.error_description!==void 0&&(r.idpErrorDescription=t.data.error_description.slice(0,256)),t.data.error_uri!==void 0&&(r.idpErrorUri=t.data.error_uri.slice(0,256)),r}o(v$,"readIdpErrorFields");function b$(e){return e instanceof Pa.JWTExpired?"expired":e instanceof Pa.JWTClaimValidationFailed?"claim":e instanceof Pa.JWSSignatureVerificationFailed?"signature":e instanceof Pa.JWKSNoMatchingKey?"jwks_no_match":e instanceof Pa.JWTInvalid?"invalid":e instanceof u.ZodError?"schema":"other"}o(b$,"readJwtFailureKind");var R$=u.object({sub:Se,nonce:u.string().min(1)}).catchall(u.unknown()),sp;function C$(e){return e instanceof Error&&"cause"in e?e.cause:e}o(C$,"readErrorCause");function I$(e){if(e!==null&&typeof e=="object"&&"extensionMembers"in e)return e.extensionMembers?.gatewayCode}o(I$,"readRuntimeGatewayCode");function P$(){if(!sp){let e=xe();sp=y$(new URL(e.oidc.jwksUrl),{timeoutDuration:e.browserLogin.remoteTimeoutMs})}return sp}o(P$,"readFederatedJwks");async function J_(e){let t=xe(),r=kr("tokenUrl"),n=kr("clientId"),a=kr("clientSecret"),i=new URL("/oauth/callback",Ct(e.requestUrl)).toString(),s=new URLSearchParams({grant_type:"authorization_code",code:e.code,redirect_uri:i,client_id:n,client_secret:a});try{let{response:c,json:d}=await VS(r,{method:"POST",headers:{accept:"application/json","content-type":"application/x-www-form-urlencoded"},body:s},{maxResponseBytes:32768,problemCode:"browser_login_verification_failed",timeoutMs:t.browserLogin.remoteTimeoutMs,...e.context===void 0?{}:{context:e.context}});if(!c.ok){let h=v$(d);throw e.context?.log.warn({event:"federated_token_exchange_failed",code:"provider_access_denied",idpHost:mt(r),idpStatus:c.status,...h},"Federated browser login token exchange returned non-2xx from the identity provider"),g({code:"provider_access_denied",privateDetail:"Federated browser login token exchange failed.",cause:new Error(`IdP token exchange failed (status=${c.status}${h.idpError?` idp_error=${h.idpError}`:""}${h.idpErrorDescription?` idp_error_description=${h.idpErrorDescription}`:""})`)})}let p=_$.parse(d),l;try{({payload:l}=await S$(p.id_token,P$(),{issuer:t.oidc.issuer,audience:n}))}catch(h){let y={};throw Oe(y,"error",h),e.context?.log.warn({event:"federated_id_token_verification_failed",code:"browser_login_verification_failed",failureKind:b$(h),idpHost:mt(r),expectedIssuer:t.oidc.issuer,...y},"Federated id_token failed jose verification"),h}if(l.nonce!==e.nonce)throw e.context?.log.warn({event:"federated_nonce_mismatch",code:"oauth_callback_mismatch",idpHost:mt(r),nonceMissingFromIdToken:l.nonce===void 0},"Federated id_token nonce did not match the signed gateway state"),g("oauth_callback_mismatch","Federated browser login nonce did not match the signed gateway state.");let m=R$.parse(l);return jn({sub:m.sub,data:m},e.requestUrl)}catch(c){let d=he(c)??I$(c);throw d!==void 0&&d!=="browser_login_verification_failed"?c:g("browser_login_verification_failed","Federated browser login callback could not be verified.",C$(c))}}o(J_,"exchangeFederatedAuthorizationCode");var up="zuplo_mcp_session",Y_="HS256",Q_="zuplo-mcp-gateway",X_="zuplo-mcp-gateway",T$=u.object({purpose:u.literal("gateway_browser_session"),sub:Se,browserLoginOrigin:u.string().min(1),roles:u.array(u.string().min(1)).optional(),exp:u.number().int().positive(),iat:u.number().int().positive().optional()});function E$(e){let t=new Map;if(!e)return t;for(let r of e.split(";")){let n=r.indexOf("=");if(n<0)continue;let a=r.slice(0,n).trim(),i=r.slice(n+1).trim();if(a)try{t.set(a,decodeURIComponent(i))}catch{t.set(a,i)}}return t}o(E$,"parseCookieHeader");async function ew(){return zt({purpose:"browser-session",keyMaterialPurpose:"oauth-state-signing",derive:o(e=>Ir(e,"browser-session"),"derive")})}o(ew,"getBrowserSessionKey");function cp(e){let t=new URL(se(e)),r=[`${up}=`,"Path=/","HttpOnly","SameSite=Lax","Max-Age=0"];return t.protocol==="https:"&&r.push("Secure"),r.join("; ")}o(cp,"buildBrowserSessionEvictionCookie");function U$(e){let t=new URL(se(e.requestUrl)),r=[`${up}=${encodeURIComponent(e.value)}`,"Path=/","HttpOnly","SameSite=Lax",`Max-Age=${e.ttlSeconds}`];return t.protocol==="https:"&&r.push("Secure"),r.join("; ")}o(U$,"serializeSessionCookie");function tw(e={}){return new URL(kr("url")).origin}o(tw,"readBrowserLoginOrigin");function dp(){return xe().browserLogin.stateTtlSeconds}o(dp,"readBrowserLoginStateTtlSeconds");function rw(e){if(!e.user)throw g("authentication_required","The browser login callback did not include an authenticated Zuplo principal.");return jn(e.user,e.url)}o(rw,"resolveCurrentRequestPrincipal");async function $s(e,t={}){let r=E$(e.headers.get("cookie")).get(up);if(!r)return{};try{let{payload:n}=await A$(r,await ew(),{algorithms:[Y_],issuer:Q_,audience:X_}),a=T$.parse(n);if(a.browserLoginOrigin!==tw(t))return{evictCookie:cp(e.url)};let i={subjectId:a.sub};return a.roles&&a.roles.length>0&&(i.roles=a.roles),{principal:i}}catch(n){return n instanceof x$.JWTExpired?{evictCookie:cp(e.url)}:(t.context?.log.warn({event:"browser_session_verification_failed",errorName:n instanceof Error?n.name:"unknown",errorMessage:n instanceof Error?n.message:"verification failed"},"Browser session JWT verification failed"),{evictCookie:cp(e.url)})}}o($s,"readBrowserSession");async function xa(e){let t=xe().browserLogin.sessionTtlSeconds,r={purpose:"gateway_browser_session",sub:e.principal.subjectId,browserLoginOrigin:tw({virtualServerId:e.virtualServerId})};e.principal.roles&&(r.roles=e.principal.roles);let n=await new k$(r).setProtectedHeader({alg:Y_,typ:"JWT"}).setIssuer(Q_).setAudience(X_).setIssuedAt().setExpirationTime(Math.floor(Date.now()/1e3)+t).sign(await ew());return U$({value:n,requestUrl:e.requestUrl,ttlSeconds:t})}o(xa,"createBrowserSessionCookie");async function nw(e){throw g("forbidden","API-key browser login is not supported in this gateway.")}o(nw,"resolveApiKeyBrowserLoginPrincipal");async function ow(e){let t={};e.context!==void 0&&(t.context=e.context);let r=await $s(e.request,t);if(r.principal)return r.principal;let n=typeof e.request.query.code=="string"?e.request.query.code:void 0;if(!n)throw g("oauth_callback_mismatch","Federated browser login callback is missing an authorization code.");return J_({code:n,nonce:e.stateId,requestUrl:e.request.url,...e.context===void 0?{}:{context:e.context}})}o(ow,"resolveBrowserLoginCallbackPrincipal");function aw(e){let t=xe().browserLogin,r=new URL(kr("url")),n=new URL("/oauth/callback",Ct(e.requestUrl));return Bg(r)?(r.searchParams.set("redirect_uri",n.toString()),r.searchParams.set("state",e.state),r):(r.searchParams.set("response_type","code"),r.searchParams.set("client_id",kr("clientId")),r.searchParams.set("redirect_uri",n.toString()),r.searchParams.set("scope",t.scope),r.searchParams.set("state",e.state),r.searchParams.set("nonce",e.nonce),t.audience&&r.searchParams.set("audience",t.audience),r)}o(aw,"buildBrowserLoginUrl");var O$={invalid_request:400,invalid_client:401,invalid_grant:400,invalid_target:400,unsupported_grant_type:400,server_error:500,invalid_redirect_uri:400,invalid_client_metadata:400},G=class extends Error{static{o(this,"OAuthProtocolError")}errorCode;status;constructor(t,r,n=O$[t],a){super(r,a),this.name="OAuthProtocolError",this.errorCode=t,this.status=n}};var $$=5*60,zs="HS256",Ms="zuplo-mcp-gateway",qs="zuplo-mcp-gateway",z$=u.object({purpose:u.literal("gateway_browser_login"),transactionId:yt,stateId:os,exp:u.number().int().positive(),iat:u.number().int().positive().optional()}),M$=u.object({purpose:u.literal("gateway_authorization_setup"),transactionId:yt,stateId:os,exp:u.number().int().positive(),iat:u.number().int().positive().optional()});async function uw(){return zt({purpose:"browser-login",keyMaterialPurpose:"oauth-state-signing",derive:o(e=>Ir(e,"browser-login"),"derive")})}o(uw,"getBrowserLoginKey");async function dw(){return zt({purpose:"authorization-csrf",keyMaterialPurpose:"oauth-state-signing",derive:o(e=>Ir(e,"authorization-csrf"),"derive")})}o(dw,"getCsrfKey");function lw(e){return{now:e.now??new Date,ttlSeconds:dp()}}o(lw,"readPendingTransactionDependencies");function q$(e,t){return e.subjectId===t.subjectId}o(q$,"principalsMatch");function pw(e){return{subjectId:e.subjectId,...e.roles===void 0?{}:{roles:e.roles}}}o(pw,"toPendingPrincipal");function mw(e){let t={id:e.id,currentStateHash:e.currentStateHash,clientId:e.transaction.clientId,redirectUri:e.transaction.redirectUri,resource:e.transaction.resource,virtualServerId:e.transaction.virtualServerId,scope:e.transaction.scope,codeChallenge:e.transaction.codeChallenge,codeChallengeMethod:e.transaction.codeChallengeMethod,createdAt:ne(e.now),expiresAt:ne(Wt(e.now,e.ttlSeconds)),...e.transaction.clientState===void 0?{}:{clientState:e.transaction.clientState}};if(e.phase==="awaiting_login")return{...t,phase:"awaiting_login"};if(!e.principal)throw g("identity_context_missing","Authorization setup requires a principal.");return{...t,phase:"awaiting_setup",principal:pw(e.principal)}}o(mw,"createTransactionRecord");async function fw(e){let{id:t,...r}=e.record,n=await J().startAuthorization({...r,transactionId:t,...e.client===void 0?{}:{client:e.client}});switch(n.kind){case"started":return n.transaction;case"already_exists":throw g("oauth_state_reused","Authorization transaction state already exists.");case"invalid_client":throw new G("invalid_client","OAuth client is not registered.");case"redirect_uri_mismatch":throw new G("invalid_request","redirect_uri is not registered for the client.")}}o(fw,"startPendingTransaction");async function N$(e){return new cw({purpose:"gateway_browser_login",transactionId:e.transactionId,stateId:e.stateId}).setProtectedHeader({alg:zs,typ:"JWT"}).setIssuer(Ms).setAudience(qs).setIssuedAt().setExpirationTime(Math.floor(Date.now()/1e3)+e.ttlSeconds).sign(await uw())}o(N$,"signBrowserLoginState");async function hw(e){return new cw({purpose:"gateway_authorization_setup",transactionId:e.transactionId,stateId:ol()}).setProtectedHeader({alg:zs,typ:"JWT"}).setIssuer(Ms).setAudience(qs).setIssuedAt().setExpirationTime(Math.floor(Date.now()/1e3)+e.ttlSeconds).sign(await dw())}o(hw,"signCsrfToken");async function Ns(e){try{let{payload:t}=await sw(e,await uw(),{algorithms:[zs],issuer:Ms,audience:qs}),r=z$.parse(t);return{transactionId:r.transactionId,stateId:r.stateId}}catch(t){throw t instanceof iw.JWTExpired?g("oauth_state_expired","Browser login state has expired.",t):g("oauth_state_invalid","Browser login state could not be verified.",t)}}o(Ns,"verifyBrowserLoginStateToken");async function lp(e){try{let{payload:t}=await sw(e,await dw(),{algorithms:[zs],issuer:Ms,audience:qs});return{transactionId:M$.parse(t).transactionId}}catch(t){throw t instanceof iw.JWTExpired?g("oauth_state_expired","Authorization setup state has expired.",t):g("oauth_state_invalid","Authorization setup state could not be verified.",t)}}o(lp,"verifyCsrfToken");function Ds(e){return e==="consumed"||e==="consumed_already"||e==="stale_hash"?"oauth_state_reused":e==="expired"?"oauth_state_expired":"oauth_state_invalid"}o(Ds,"pendingStateErrorCode");function gw(e){return e.kind==="available"?{kind:"available",record:e.transaction}:e}o(gw,"toPendingAuthorizationGetResult");function D$(e){return e.kind==="advanced"?{kind:"advanced",record:e.transaction}:e}o(D$,"toPendingAuthorizationAdvanceResult");function yw(e){return e==="principal_mismatch"?"oauth_callback_mismatch":Ds(e==="consumed_already"?"consumed_already":e)}o(yw,"setupDecisionErrorCode");function j$(e){if(e.kind!=="available")throw g(Ds(e.kind),"Authorization setup state is invalid, expired, or already used.");if(e.record.phase!=="awaiting_setup")throw g("oauth_state_invalid","Authorization setup state is not in the setup phase.");return e.record}o(j$,"requireAwaitingSetup");function H$(e){if(e.kind!=="available")throw g(Ds(e.kind),"Browser login state is invalid, expired, or already used.");if(e.record.phase!=="awaiting_login")throw g("oauth_state_invalid","Browser login state is not in the login phase.");return e.record}o(H$,"requireAwaitingLogin");function L$(e){if(!q$(e.currentBrowserPrincipal,e.transaction.principal))throw g("oauth_callback_mismatch","Authorization setup state does not match the current browser session.")}o(L$,"requireCurrentPrincipalMatches");async function Sw(e){let t=e.now??new Date,r=dp(),n=nl(),a=ol(),i=await N$({transactionId:n,stateId:a,ttlSeconds:r}),s=mw({id:n,transaction:e.transaction,currentStateHash:await pe(i),phase:"awaiting_login",now:t,ttlSeconds:r});if(s.phase!=="awaiting_login")throw g("oauth_state_invalid","Authorization transaction did not start in login phase.");let c=await fw({record:s,client:e.transaction.client});if(c.phase!=="awaiting_login")throw g("oauth_state_invalid","Authorization transaction did not start in login phase.");return{transaction:c,browserLoginStateToken:i,browserLoginUrl:aw({state:i,nonce:a,virtualServerId:s.virtualServerId,requestUrl:e.requestUrl})}}o(Sw,"startAwaitingLogin");async function _w(e){let{now:t,ttlSeconds:r}=lw(e),n=nl(),a=await hw({transactionId:n,ttlSeconds:r}),i=mw({id:n,transaction:e.transaction,currentStateHash:await pe(a),phase:"awaiting_setup",principal:e.principal,now:t,ttlSeconds:r});if(i.phase!=="awaiting_setup")throw g("oauth_state_invalid","Authorization transaction did not start in setup phase.");let s=await fw({record:i,client:e.transaction.client});if(s.phase!=="awaiting_setup")throw g("oauth_state_invalid","Authorization transaction did not start in setup phase.");return{transaction:s,csrfToken:a}}o(_w,"startAwaitingSetup");async function pp(e){let{now:t,ttlSeconds:r}=lw(e),n=await Ns(e.browserLoginStateToken),a=await hw({transactionId:n.transactionId,ttlSeconds:r}),i=D$(await J().advancePendingAuthorization({transactionId:n.transactionId,expectedPhase:"awaiting_login",currentStateHash:await pe(e.browserLoginStateToken),nextStateHash:await pe(a),nextPhase:"awaiting_setup",principal:pw(e.principal),now:ne(t)}));if(i.kind!=="advanced")throw g(Ds(i.kind),"Browser login state is invalid, expired, or already used.");if(i.record.phase!=="awaiting_setup")throw g("oauth_state_invalid","Browser login did not advance to setup.");return{transaction:i.record,csrfToken:a}}o(pp,"completeLogin");async function ww(e){let t=e.now??new Date,r=await Ns(e.browserLoginStateToken);return H$(gw(await J().readPendingAuthorization({transactionId:r.transactionId,currentStateHash:await pe(e.browserLoginStateToken),now:ne(t)})))}o(ww,"getAwaitingLogin");async function vw(e){let t=await mp(e);return L$({transaction:t,currentBrowserPrincipal:e.currentBrowserPrincipal}),t}o(vw,"getSetup");async function mp(e){let t=e.now??new Date,r=await lp(e.csrfToken);return j$(gw(await J().readPendingAuthorization({transactionId:r.transactionId,currentStateHash:await pe(e.csrfToken),now:ne(t)})))}o(mp,"getSetupTransaction");async function B$(e){let t=await lp(e.csrfToken),r=Jt(),n=ne(Wt(e.now,$$)),a=await J().decideAuthorizationSetup({decision:"approve",transactionId:t.transactionId,currentStateHash:await pe(e.csrfToken),currentPrincipal:{subjectId:e.currentBrowserPrincipal.subjectId},authorizationCodeHash:await pe(r),authorizationCodeExpiresAt:n,grantId:Hg(),now:ne(e.now)});if(a.kind!=="approved")throw g(a.kind==="cancelled"?"oauth_state_invalid":yw(a.kind),"Authorization setup state is invalid, expired, or already used.");let i=new URL(a.transaction.redirectUri);return i.searchParams.set("code",r),a.transaction.clientState&&i.searchParams.set("state",a.transaction.clientState),i}o(B$,"createAuthorizationCodeRedirectWithDecision");async function G$(e){let t=await lp(e.csrfToken),r=await J().decideAuthorizationSetup({decision:"cancel",transactionId:t.transactionId,currentStateHash:await pe(e.csrfToken),currentPrincipal:{subjectId:e.currentBrowserPrincipal.subjectId},now:ne(e.now)});if(r.kind!=="cancelled")throw g(r.kind==="approved"?"oauth_state_invalid":yw(r.kind),"Authorization setup state is invalid, expired, or already used.");return V$({redirectUri:r.transaction.redirectUri,clientState:r.transaction.clientState})}o(G$,"createCancelRedirectWithDecision");function V$(e){let t=new URL(e.redirectUri);return t.searchParams.set("error","access_denied"),t.searchParams.set("error_description","The user cancelled the MCP authorization request."),e.clientState!==void 0&&t.searchParams.set("state",e.clientState),t}o(V$,"buildClientCancelRedirect");async function bw(e){let t=e.now??new Date;return B$({csrfToken:e.csrfToken,currentBrowserPrincipal:e.currentBrowserPrincipal,now:t})}o(bw,"approve");async function Rw(e){let t=e.now??new Date;return G$({csrfToken:e.csrfToken,currentBrowserPrincipal:e.currentBrowserPrincipal,now:t})}o(Rw,"cancel");ue();var F$=1e4,Z$=5*1024,K$=2,W$=90*24*60*60,fp=["authorization_code","refresh_token"],hp=["code"],J$=u.object({client_name:u.string().min(1).optional(),redirect_uris:u.array(u.string().min(1)).min(1),grant_types:u.array(u.enum(fp)).min(1).max(2).optional(),response_types:u.array(u.enum(hp)).min(1).max(1).optional(),scope:u.literal(ye).optional(),token_endpoint_auth_method:Xd.default("client_secret_basic")});function Y$(e){try{let t=new URL(e);return t.protocol==="https:"&&t.pathname!=="/"}catch{return!1}}o(Y$,"isCimdClientIdCandidate");function Aa(e,t="invalid_request"){if(Q$(e))throw new G(t,"redirect_uris must not include raw whitespace or control characters.");let r;try{r=new URL(e)}catch{throw new G(t,"redirect_uris must be absolute URIs.")}if(r.hash||r.username||r.password)throw new G(t,"redirect_uris must not include credentials or fragments.");if(!(r.protocol==="https:"||Le(r)))throw new G(t,"redirect_uris must use HTTPS except loopback HTTP redirects for local clients.")}o(Aa,"assertValidRedirectUri");function Q$(e){for(let t=0;t<e.length;t+=1){let r=e.charCodeAt(t);if(r<=32||r>=127&&r<=159)return!0}return!1}o(Q$,"hasForbiddenRawRedirectUriCharacter");async function X$(e){let{response:t,json:r}=await FS(e.initialUrl,{headers:{accept:"application/json"}},{maxRedirects:K$,maxResponseBytes:Z$,timeoutMs:F$});if(!t.ok)throw g("invalid_request","CIMD metadata could not be fetched.");let n=jg.parse(r);if(n.client_id!==e.clientId)throw g("invalid_request","Fetched CIMD client_id must exactly match the requested client_id.");if(n.token_endpoint_auth_method!=="none")throw g("invalid_request","CIMD clients must use token_endpoint_auth_method none until private_key_jwt is implemented.");return n}o(X$,"fetchCimdMetadata");async function ez(e){let t=bs(e),r=await X$({clientId:e,initialUrl:t});return{kind:"cimd",clientId:e,metadata:r}}o(ez,"resolveCimdClient");async function Cw(e,t){let r=Be.parse(e);if(Y$(r)){if(!xe().gateway.cimdEnabled)throw new G("invalid_client","OAuth client is not registered.");try{return await ez(r)}catch{throw new G("invalid_client","OAuth client is not registered.")}}let n=await J().readClient({clientId:r});if(n.kind==="found"){let a=n.client,i={kind:"dcr",clientId:r,metadata:{client_id:a.clientId,client_name:a.clientName,redirect_uris:a.redirectUris,token_endpoint_auth_method:a.tokenEndpointAuthMethod}};return a.hashedClientSecret&&(i.hashedClientSecret=a.hashedClientSecret),i}throw new G("invalid_client",r.startsWith("dcr:")?"Dynamic client is not registered. Re-run client registration before authorization.":"OAuth client is not registered.")}o(Cw,"resolveClient");function Iw(e,t){if(!e.metadata.redirect_uris.some(r=>Lg(r,t)))throw g("invalid_request","redirect_uri is not registered for the client.")}o(Iw,"assertRedirectRegistered");function tz(e){let t=Pw(e.grant_types),r=e.response_types??[...hp];if(!rz(t))throw new G("invalid_client_metadata","grant_types must be a subset of authorization_code and refresh_token.");if(!nz(r))throw new G("invalid_client_metadata","response_types must be code.");if(!oz(e.scope))throw new G("invalid_client_metadata",`Only the ${ye} scope is supported.`)}o(tz,"assertSupportedDcrRequest");function Pw(e){return e===void 0?[...fp]:Array.from(new Set(e))}o(Pw,"normalizeGrantTypes");function rz(e){return e.length===0?!1:e.every(t=>fp.includes(t))}o(rz,"isSupportedGrantTypes");function nz(e){return e.length===hp.length&&e[0]==="code"}o(nz,"isSupportedResponseTypes");function oz(e){return e===void 0||e===ye}o(oz,"isSupportedDcrScope");function ka(e){if(e===void 0||e===ye)return ye;throw new G("invalid_request",`Only the ${ye} scope is supported.`)}o(ka,"assertSupportedOAuthScope");function to(e,t){let r;try{r=new URL(t)}catch{throw new G("invalid_target","resource must be an absolute URI.")}if(r.hash)throw new G("invalid_target","resource must not include a fragment.");if(r.protocol!=="https:"&&!Le(r))throw new G("invalid_target","resource must use HTTPS except loopback HTTP resources in local development.");let n=se(e),a=bg(),i=a?[...a.byVirtualServerId.values()].find(s=>new URL(s.routePath,n).toString()===t):void 0;if(!i)throw new G("invalid_target","resource must match a published virtual MCP server.");return i}o(to,"resolveResource");async function xw(e){let t;try{t=J$.parse(e)}catch(l){if(l instanceof u.ZodError){let m=l.issues.some(h=>h.path[0]==="redirect_uris");throw new G(m?"invalid_redirect_uri":"invalid_client_metadata",l.issues[0]?.message??"Client metadata is invalid.",void 0,{cause:l})}throw l}tz(t);for(let l of t.redirect_uris)Aa(l,"invalid_redirect_uri");let r=new Date,n=Be.parse(`dcr:${crypto.randomUUID()}`),a=Wt(r,W$),i=Math.floor(r.getTime()/1e3),s=Math.floor(a.getTime()/1e3),c={client_id:n,client_name:t.client_name??"Dynamically registered MCP client",redirect_uris:t.redirect_uris,grant_types:Pw(t.grant_types),response_types:["code"],scope:ye,token_endpoint_auth_method:t.token_endpoint_auth_method,client_id_issued_at:i},d={clientId:n,clientName:String(c.client_name),redirectUris:t.redirect_uris,tokenEndpointAuthMethod:t.token_endpoint_auth_method,createdAt:ne(r),clientExpiresAt:ne(a)};if(t.token_endpoint_auth_method!=="none"){let l=Jt();d.hashedClientSecret=await pe(l),d.clientSecretExpiresAt=ne(a),c.client_secret=l,c.client_secret_expires_at=s,c.client_secret_issued_at=i}if((await J().registerClient(d)).kind==="already_exists")throw g("invalid_request","OAuth client is already registered.");return c}o(xw,"registerDownstreamClient");function az(e){try{return new URL(e).host}catch{return""}}o(az,"safeHostFromOrigin");var iz=8;function yp(e){let t=e.trim();try{let r=new URL(t);if(r.protocol==="https:")return r.toString()}catch{}if(/^data:image\/(?:png|jpe?g|webp);/i.test(t))return t}o(yp,"safeIconSrc");function sz(e,t){if(e)try{let r=new URL(t).origin,n=new URL(e,r);return n.origin!==r||!n.pathname.startsWith("/auth/connections/")?void 0:n.toString()}catch{return}}o(sz,"safeGatewayConnectHref");function cz(e){if(e==="any")return Number.POSITIVE_INFINITY;let t=/^(\d+)x(\d+)$/.exec(e);return t?Math.max(Number(t[1]),Number(t[2])):0}o(cz,"parseIconSize");function uz(e,t){let r=e.filter(a=>a.theme===t);if(r.length>0)return r;let n=e.filter(a=>a.theme===void 0);return n.length>0?n:e}o(uz,"selectIconCandidates");function dz(e){return yp(e.src)?e.sizes&&e.sizes.length>0?Math.max(...e.sizes.map(cz)):0:-1}o(dz,"readIconScore");function Aw(e,t){if(!e||e.length===0)return;let r=uz(e,t),n,a=-1;for(let i of r){let s=dz(i);s>a&&(n=i,a=s)}return n}o(Aw,"pickIcon");function lz(e,t){let r=Aw(e,"light");if(!r)return T`<span class="icon-frame icon-frame--fallback" aria-hidden="true">${ap}</span>`;let n=yp(r.src);return n?T`<span class="icon-frame"><img src="${n}" alt="${t}" loading="lazy" decoding="async"></span>`:T`<span class="icon-frame icon-frame--fallback" aria-hidden="true">${ap}</span>`}o(lz,"renderIconFrame");function Hs(e,t){let r=Aw(e,"light");if(!r)return _e;let n=yp(r.src);return n?T`<img class="inline-icon" src="${n}" alt="${t}" loading="lazy" decoding="async">`:_e}o(Hs,"renderInlineIcon");function pz(e){switch(e){case"user":return"your account";case"shared":return"shared by your team";case"none":return"gateway-managed"}}o(pz,"ownerModeLabel");function mz(e){return e.endsWith("_oauth")||e==="oauth"?"OAuth":e.includes("static_secret")?"static credential":e.replaceAll("_"," ")}o(mz,"authModeLabel");function fz(e){switch(e){case"active":return T`<span class="status-badge status-badge--success">Connected</span>`;case"not_connected":return T`<span class="status-badge status-badge--neutral">Not connected</span>`;case"reconsent_required":return T`<span class="status-badge status-badge--warning">Reconnect required</span>`}}o(fz,"statusBadge");function hz(e){if(!e)return _e;let t=[];return e.destructiveHint&&t.push(T`<span class="badge badge--destructive" title="This tool may modify or delete data on your behalf.">destructive</span>`),e.readOnlyHint&&t.push(T`<span class="badge badge--muted" title="This tool only reads data and does not modify state.">read-only</span>`),e.openWorldHint&&t.push(T`<span class="badge badge--muted" title="This tool can access arbitrary URIs supplied at call time.">open-world</span>`),t.length>0?T`<span class="badge-row">${t}</span>`:_e}o(hz,"annotationBadges");function kw(e){let t=0,r=0;for(let n of e.tools)n.annotations?.destructiveHint===!0&&(t+=1),n.annotations?.readOnlyHint===!0&&(r+=1);return{tools:e.tools.length,prompts:e.prompts.length,resources:e.resources.length,destructiveTools:t,readOnlyTools:r}}o(kw,"summarizeCapabilities");function gz(e){let t=e.annotations?.title??e.title??e.name,r=e.description?T`<span class="capability-row__description">${e.description}</span>`:_e;return T`<li class="capability-row">${Hs(e.icons,t)}<span class="capability-row__name">${t}</span>${hz(e.annotations)}${r}</li>`}o(gz,"renderToolRow");function yz(e){let t=e.title??e.name,r=e.description?T`<span class="capability-row__description">${e.description}</span>`:_e;return T`<li class="capability-row">${Hs(e.icons,t)}<span class="capability-row__name">${t}</span>${r}</li>`}o(yz,"renderPromptRow");function Sz(e){let t=e.title??e.name,r=e.mimeType===void 0?_e:T` · ${e.mimeType}`,n=e.description===void 0?_e:T` — ${e.description}`,a=T`<span class="capability-row__description"><code>${e.uri}</code>${r}${n}</span>`;return T`<li class="capability-row">${Hs(e.icons,t)}<span class="capability-row__name">${t}</span>${a}</li>`}o(Sz,"renderResourceRow");function gp(e,t,r,n){if(t===0)return _e;let a=r.slice(0,iz),i=t-a.length,s=i>0?T`<li class="capability-row capability-row--more">+ ${i} more</li>`:_e;return G_({label:e,total:t,rows:T`${a.map(n)}`,moreLine:s})}o(gp,"renderCapabilitySection");function js(e,t,r=!1){return r?T`<span class="count-pill count-pill--destructive"><span class="count-pill__num">${t}</span><span class="count-pill__label">${e}</span></span>`:T`<span class="count-pill"><span class="count-pill__num">${t}</span><span class="count-pill__label">${e}</span></span>`}o(js,"countPill");function _z(e){let t=kw(e);if(t.tools+t.prompts+t.resources===0)return T`<div class="upstream-card__capabilities upstream-card__capabilities--empty">No tools, prompts, or resources advertised.</div>`;let n=[];t.tools>0&&n.push(js(t.tools===1?"tool":"tools",t.tools)),t.prompts>0&&n.push(js(t.prompts===1?"prompt":"prompts",t.prompts)),t.resources>0&&n.push(js(t.resources===1?"resource":"resources",t.resources)),t.destructiveTools>0&&n.push(js("destructive",t.destructiveTools,!0));let a=[gp("Tools",t.tools,e.tools,gz),gp("Prompts",t.prompts,e.prompts,yz),gp("Resources",t.resources,e.resources,Sz)];return T`<details class="upstream-card__capabilities"><summary class="capabilities-summary"><span class="capabilities-summary__counts">${n}</span><span class="capabilities-summary__chevron" aria-hidden="true">${op}</span></summary><div class="capabilities-detail">${a}</div></details>`}o(_z,"renderUpstreamCapabilities");function wz(e){if(!e||e.length===0)return _e;let t=e.map(n=>T`<code class="scope-chip">${n}</code>`),r=e.length===1?"scope":"scopes";return T`<details class="upstream-card__scopes"><summary class="scopes-summary"><span>Requested ${r} <span class="muted">(${e.length})</span></span><span class="capabilities-summary__chevron" aria-hidden="true">${op}</span></summary><div class="scopes-list">${t}</div></details>`}o(wz,"renderUpstreamScopes");function vz(e,t){if(e.ownerMode!=="user")return _e;let r=sz(e.connectUrl,t);if(!r)return _e;let n=e.status==="active"?"Redo auth":e.status==="reconsent_required"?"Reconnect":"Connect",a=e.status==="active"?"Reconnect this upstream account or approve updated scopes.":void 0;return T`<a class="button button--secondary button--small" href="${r}"${a===void 0?_e:T` title="${a}"`}>${n}</a>`}o(vz,"renderActionButton");function bz(e,t){let r=vz(e,t);return tr(r)!==""?r:fz(e.status)}o(bz,"renderUpstreamControl");function Rz(e,t){let n=e.ownerMode==="user"&&e.status!=="active"?"upstream-card upstream-card--needs-action":"upstream-card",a=e.description?T`<p class="upstream-card__description">${e.description}</p>`:_e,i=e.transportHost?T`<code class="upstream-card__host">${e.transportHost}</code><span class="upstream-card__sep" aria-hidden="true">·</span>`:_e;return F_({cardClass:n,iconFrame:lz(e.serverIcons,e.upstreamDisplayName),upstreamDisplayName:e.upstreamDisplayName,control:bz(e,t),host:i,authModeLabel:mz(e.authMode),ownerModeLabel:pz(e.ownerMode),description:a,capabilities:_z(e.capabilities),scopes:wz(e.scopesRequested)})}o(Rz,"renderUpstreamCard");function Cz(e){return e.reduce((t,r)=>{let n=kw(r.capabilities);return t.tools+=n.tools,t.prompts+=n.prompts,t.resources+=n.resources,t.destructiveTools+=n.destructiveTools,t.readOnlyTools+=n.readOnlyTools,t},{tools:0,prompts:0,resources:0,destructiveTools:0,readOnlyTools:0})}o(Cz,"aggregateCapabilities");function Iz(e){return e.some(r=>r.ownerMode==="user"&&r.status!=="active")?"setup":"grant"}o(Iz,"deriveMode");function Pz(e){if(e.mode==="setup"){let n=e.upstreams.filter(c=>c.ownerMode==="user"&&c.status!=="active"),a=n.length>0&&n.every(c=>c.status==="reconsent_required"),i=n.length===1?"the service":`the ${n.length} services`,s=a?T`Re-authorize ${i} below to refresh access. Authorization will continue automatically once each is ready.`:T`Connect ${i} below before continuing. Authorization will continue automatically once each is ready.`;return B_({icon:Z_,message:s})}let t=Cz(e.upstreams);if(t.destructiveTools===0)return _e;let r=t.destructiveTools===1?"tool can":"tools can";return L_({icon:D_,title:T`${t.destructiveTools} ${r} modify or delete data`,message:T`Review the destructive tools below before authorizing <strong>${e.clientDisplayName}</strong>.`})}o(Pz,"renderBanner");function xz(e){let t=e.mode==="setup"?T`disabled aria-disabled="true" title="Connect the required upstream services first"`:_e;return N_({state:e.state,authorizeAttrs:t})}o(xz,"renderActions");function Sp(e){let t=Iz(e.upstreams),r=[...e.upstreams].sort((h,y)=>{let _=o(w=>w.ownerMode!=="user"?2:w.status==="active"?1:0,"blockedRank"),S=_(h)-_(y);return S!==0?S:h.upstreamDisplayName.localeCompare(y.upstreamDisplayName)}),n=Hs(e.virtualServerIcons,e.virtualServerDisplayName),a=Pz({mode:t,upstreams:r,clientDisplayName:e.clientDisplayName}),i=r.length===0?T`<li class="empty">This virtual server does not declare any upstream services.</li>`:T`${r.map(h=>T`<li>${Rz(h,e.gatewayOrigin)}</li>`)}`,s=xz({mode:t,state:e.state}),c=t==="grant"?T`<p class="card__fineprint"><strong>${e.clientDisplayName}</strong> will receive a token scoped to <strong>${e.virtualServerDisplayName}</strong>. You can revoke access at any time.</p>`:T`<p class="card__fineprint">Authorization continues automatically once every required service is connected.</p>`,d=r.length>0?T`(${r.length})`:_e,p=T`<p class="card__subtitle"><strong>${e.clientDisplayName}</strong> wants to access <strong>${n}${e.virtualServerDisplayName}</strong></p>${e.virtualServerDescription?T`<p class="card__description">${e.virtualServerDescription}</p>`:_e}${e.principalLabel?T`<span class="card__principal" title="Signed in as ${e.principalLabel}">${e.principalLabel}</span>`:_e}`,l=V_({banner:a,sectionCount:d,cards:i,fineprint:c}),m=T`<footer class="card__footer">${s}</footer>`;return tr(nr({title:`Authorize access \xB7 ${e.virtualServerDisplayName}`,host:az(e.gatewayOrigin),styles:rr,heading:"Authorize access",subhead:p,body:l,footer:m}))}o(Sp,"renderConsentPage");function Az(e){try{return new URL(e).host}catch{return}}o(Az,"safeUrlHost");function kz(e){if(e.mode==="user_oauth"||e.mode==="shared-oauth")return e.oauth.scopes}o(kz,"readOAuthScopes");function _p(e){return e!==void 0&&e.length>0}o(_p,"hasItems");function Tz(e){let t=e.registeredConnection.config.serverInfo?.icons;if(_p(t))return t;let r=e.virtualServer.serverInfo?.icons;return e.virtualServer.connections.length===1&&_p(r)?r:void 0}o(Tz,"readServerIcons");async function Ez(e){if(!(e.returnTo===void 0||!e.isUserOwned))return Il({requestUrl:e.requestUrl,owner:e.userOwner,initiatedBySubjectId:e.transaction.principal.subjectId,upstreamServerId:e.registeredConnection.upstreamServerId,authProfileId:e.registeredConnection.authProfileId,virtualServerId:e.virtualServer.virtualServerId,returnTo:e.returnTo})}o(Ez,"readConnectUrl");function an(e,t){return t===void 0?{}:{[e]:t}}o(an,"optionalRequirementField");function Uz(e){return e.isUserOwned?oy(e.connection):{connected:!0,status:"active"}}o(Uz,"readSetupConnectionStatus");function Oz(e){let t=kz(e);return _p(t)?t:void 0}o(Oz,"readScopesRequested");function $z(e){return e.isUserOwned&&"updatedAt"in e.connectionStatus&&e.connectionStatus.updatedAt!==void 0?e.connectionStatus.updatedAt:void 0}o($z,"readUpdatedAt");function zz(e){if(e.virtualServer.catalog.catalogSource!=="openapi")return{tools:[],prompts:[],resources:[]};let t=o(r=>r.upstreamPolicyName===e.registeredConnection.policyName,"ownsCapability");return{tools:e.virtualServer.catalog.tools.filter(r=>r.enabled!==!1&&t(r)).map(Wi),prompts:e.virtualServer.catalog.prompts.filter(r=>r.enabled!==!1&&t(r)).map(Ji),resources:e.virtualServer.catalog.resources.filter(r=>r.enabled!==!1&&t(r)).map(Yi)}}o(zz,"readVirtualServerCapabilities");async function Mz(e){let{authConfig:t,authMode:r,config:n,upstreamServerId:a,authProfileId:i}=e.registeredConnection,s=ps(r),c=s==="user",d=Uz({connection:e.connection,isUserOwned:c}),p=await Ez({...e,connected:d.connected,isUserOwned:c});return{upstreamServerId:a,authProfileId:i,authMode:r,ownerMode:s,upstreamDisplayName:n.displayName,status:d.status,connected:d.connected,capabilities:zz({registeredConnection:e.registeredConnection,virtualServer:e.virtualServer}),...an("description",n.description),...an("transportHost",Az(n.transport.baseUrl)),...an("scopesRequested",Oz(t)),...an("serverIcons",Tz({registeredConnection:e.registeredConnection,virtualServer:e.virtualServer})),...an("connectUrl",p),...an("updatedAt",$z({connectionStatus:d,isUserOwned:c})),...an("expiresAt",e.connection?.expiresAt)}}o(Mz,"buildSetupRequirement");function Tw(e){let t=ht().byVirtualServerId.get(e);if(!t)throw g("unknown_virtual_server",`Unknown virtual server: ${e}`);return t}o(Tw,"requireVirtualServer");async function wp(e){let t=Tw(e.transaction.virtualServerId),r=Rr(e.transaction.principal.subjectId),n=[],a=new Map;for(let c of t.connections)ps(c.authMode)==="user"&&(a.set(c,n.length),n.push({owner:r,upstreamServerId:c.upstreamServerId,authProfileId:c.authProfileId}));let i=await J().batchGetUpstreamConnections(n),s=[];for(let c of t.connections){let d=ps(c.authMode)==="user",p=a.get(c);s.push(await Mz({connection:d&&p!==void 0?i[p]:void 0,registeredConnection:c,virtualServer:t,requestUrl:e.requestUrl,returnTo:e.returnTo,transaction:e.transaction,userOwner:r}))}return s}o(wp,"requirementsForSetup");function qz(e){return e.virtualServer.serverInfo?.title??e.virtualServer.serverInfo?.name??e.virtualServer.virtualServerId}o(qz,"readVirtualServerDisplayName");async function vp(e){let t=Tw(e.transaction.virtualServerId),r=qz({virtualServer:t}),n=await J().readClient({clientId:e.transaction.clientId}),a=n.kind==="found"?n.client:void 0,i={gatewayOrigin:se(e.requestUrl),virtualServerDisplayName:r,clientDisplayName:a?.clientName??String(e.transaction.clientId),principalLabel:e.transaction.principal.subjectId},s=t.serverInfo?.title;return s!==void 0&&s!==r&&(i.virtualServerDescription=s),i}o(vp,"consentContext");function Ew(e){return e.some(t=>t.ownerMode==="user"&&t.status!=="active")}o(Ew,"hasUnresolvedUserUpstream");var Nz=["mcp_user"],Dz="dev-browser-user",jz=["resource is required for /oauth/authorize.","MCP clients should start at the MCP server URL and follow its WWW-Authenticate resource_metadata link.","If your client reached this endpoint directly, use /oauth/authorize/mcp/{virtualServerId} or add resource={protected resource URI from protected-resource metadata}."].join(" "),Hz=u.object({response_type:u.literal("code"),client_id:u.string().min(1),redirect_uri:u.string().min(1),resource:u.url(),code_challenge:u.string().min(43),code_challenge_method:ts,state:u.string().min(1).optional(),scope:u.literal(ye).default(ye)}),Lz=u.enum(["continue","approve","cancel"]).default("continue"),Bz=u.object({state:u.string().min(1),decision:Lz}),Gz=u.object({state:u.string().min(1),apiKey:u.string().min(1)}),sn=class extends Error{static{o(this,"DownstreamAuthorizeRedirectError")}redirectUri;clientState;errorCode;errorDescription;constructor(t){super(t.errorDescription?`${t.errorCode}: ${t.errorDescription}`:t.errorCode,t.cause===void 0?void 0:{cause:t.cause}),this.name="DownstreamAuthorizeRedirectError",this.redirectUri=t.redirectUri,this.clientState=t.clientState,this.errorCode=t.errorCode,this.errorDescription=t.errorDescription}};function Uw(e){return typeof e=="string"&&e.length>0?e:void 0}o(Uw,"readQueryString");function Vz(e,t){let r=Uw(e.query.resource);if(t===void 0){if(r!==void 0)return r;throw new G("invalid_target",jz)}let n=Wr(t,e.url);if(r===void 0||r===n)return n;throw new G("invalid_target","resource must match the scoped OAuth authorization endpoint resource.")}o(Vz,"requireAuthorizeResource");async function Fz(e,t,r){let n={virtualServerId:t};r!==void 0&&(n.context=r);let a=await $s(e,n);if(a.principal)return{principal:a.principal};if(!e.user)return a.evictCookie===void 0?{}:{setCookie:a.evictCookie};let i=rw(e);return{principal:i,setCookie:await xa({principal:i,requestUrl:e.url,virtualServerId:t})}}o(Fz,"resolveBrowserPrincipal");async function Zz(e,t,r){let n={virtualServerId:t};r!==void 0&&(n.context=r);let a=await $s(e,n);if(!a.principal)throw g("authentication_required","Authorization setup requires a current browser session.");return a.principal}o(Zz,"requireSetupPrincipal");async function Ow(e){let t=await wp({transaction:e.transaction,requestUrl:e.requestUrl,returnTo:`/oauth/setup?state=${encodeURIComponent(e.csrfToken)}`}),r=await vp({transaction:e.transaction,requestUrl:e.requestUrl}),n={kind:"setup_page",html:Sp({state:e.csrfToken,virtualServerId:e.transaction.virtualServerId,upstreams:t,...r})};return e.setCookie!==void 0&&(n.setCookie=e.setCookie),n}o(Ow,"renderSetup");function Kz(e){if(e===void 0)return;let t=e.metadata.token_endpoint_auth_method;if(t==="private_key_jwt")throw new G("invalid_client","OAuth client authentication method is not supported.");return{clientId:e.clientId,clientName:e.metadata.client_name,tokenEndpointAuthMethod:t}}o(Kz,"toAuthorizationTransactionClient");async function bp(e,t={}){let r=Hz.parse({...e.query,resource:Vz(e,t.virtualServerId),state:Uw(e.query.state)}),n=ka(r.scope);Aa(r.redirect_uri);let a=new Date,i=Be.parse(r.client_id),s=await Cw(r.client_id,a);Iw(s,r.redirect_uri);try{let c=to(e.url,r.resource),d=Kz(s);t.context?.log.info({event:"oauth_authorize_request_parsed",clientId:i,virtualServerId:c.virtualServerId,scope:n,hasClientState:r.state!==void 0},"Downstream OAuth authorize: request parsed and client resolved");let p={clientId:s?.clientId??i,...d===void 0?{}:{client:d},redirectUri:r.redirect_uri,resource:r.resource,virtualServerId:c.virtualServerId,scope:n,codeChallenge:r.code_challenge,codeChallengeMethod:r.code_challenge_method,...r.state===void 0?{}:{clientState:r.state}},{principal:l,setCookie:m}=await Fz(e,c.virtualServerId,t.context);if(!l){let y=await Sw({transaction:p,requestUrl:e.url,now:a});t.context?.log.info({event:"oauth_authorize_awaiting_login",clientId:i,virtualServerId:c.virtualServerId},"Downstream OAuth authorize: redirecting to browser login (no session)");let _={kind:"redirect",location:y.browserLoginUrl};return m!==void 0&&(_.setCookie=m),_}let h=await _w({transaction:p,principal:l,now:a});return t.context?.log.info({event:"oauth_authorize_awaiting_setup",clientId:i,virtualServerId:c.virtualServerId,subjectId:l.subjectId},"Downstream OAuth authorize: rendering consent/setup page"),Ow({transaction:h.transaction,csrfToken:h.csrfToken,requestUrl:e.url,setCookie:m})}catch(c){throw Wz({redirectUri:r.redirect_uri,clientState:r.state,cause:c})}}o(bp,"authorizeDownstreamClient");function Wz(e){if(e.cause instanceof sn)return e.cause;let t=Jz(e.cause);return t?new sn({redirectUri:e.redirectUri,clientState:e.clientState,errorCode:t.errorCode,errorDescription:t.errorDescription,cause:e.cause}):e.cause}o(Wz,"toDownstreamAuthorizeRedirectError");function Jz(e){if(e instanceof G)return{errorCode:e.errorCode,errorDescription:e.message};if(e instanceof u.ZodError){let t=e.issues[0];return{errorCode:t?.path.includes("resource")?"invalid_target":"invalid_request",errorDescription:t?.message}}}o(Jz,"mapToOAuthRedirectError");async function $w(e,t={}){let r=typeof e.query.error=="string"?e.query.error:void 0;if(r){let p=typeof e.query.error_description=="string"?e.query.error_description.slice(0,256):void 0,l=typeof e.query.error_uri=="string"?e.query.error_uri.slice(0,256):void 0;throw t.context?.log.warn({event:"browser_login_callback_idp_error",code:"provider_access_denied",idpError:r,...p===void 0?{}:{idpErrorDescription:p},...l===void 0?{}:{idpErrorUri:l}},"Identity provider redirected browser-login callback with an error"),g("provider_access_denied",p??"The delegated browser login was not completed.")}let n=typeof e.query.state=="string"?e.query.state:void 0;if(!n)throw t.context?.log.warn({event:"browser_login_callback_state_missing",code:"oauth_state_invalid"},"Browser login callback was invoked without a state parameter"),g("oauth_state_invalid","Browser login callback is missing state.");let a=await Ns(n),i={request:e,stateId:a.stateId};t.context!==void 0&&(i.context=t.context);let s=await ow(i),c=await pp({browserLoginStateToken:n,principal:s}),d=await Ow({transaction:c.transaction,csrfToken:c.csrfToken,requestUrl:e.url});return d.setCookie=await xa({principal:s,requestUrl:e.url,virtualServerId:c.transaction.virtualServerId}),d}o($w,"completeBrowserLoginCallback");async function zw(e){let t=xe(),r=new URL(e.url);if(!Le(r))throw g("forbidden","Local browser login is only available on loopback HTTP origins.");let n=typeof e.query.state=="string"?e.query.state:void 0;if(!n)throw g("oauth_state_invalid","Local browser login is missing state.");let a=new URL(typeof e.query.redirect_uri=="string"?e.query.redirect_uri:"/oauth/callback",se(e.url)),i=new URL(se(e.url)).origin;if(a.origin!==i||a.pathname!=="/oauth/callback")throw g("oauth_callback_mismatch","Local browser login redirect_uri must target this gateway's /oauth/callback route.");a.searchParams.set("state",n);let s={subjectId:Se.parse(Dz),roles:Nz};return{kind:"redirect",location:a,setCookie:await xa({principal:s,requestUrl:e.url})}}o(zw,"completeLocalDevBrowserLogin");async function Mw(e){let t=Gz.parse(e.body),r=await ww({browserLoginStateToken:t.state}),n=await nw({apiKey:t.apiKey,virtualServerId:r.virtualServerId}),a=await pp({browserLoginStateToken:t.state,principal:n});await c_({apiKey:t.apiKey,principal:n,virtualServerId:a.transaction.virtualServerId});let i=new URL("/oauth/setup",Ct(e.request.url));return i.searchParams.set("state",a.csrfToken),{kind:"redirect",location:i,setCookie:await xa({principal:n,requestUrl:e.request.url,virtualServerId:a.transaction.virtualServerId})}}o(Mw,"completeApiKeyBrowserLogin");function Yz(e){let t=e.method==="POST"?e.body:e.query;return Bz.parse(t)}o(Yz,"readSetupContinueRequest");async function qw(e){let{state:t,decision:r}=Yz({method:e.request.method,query:e.request.query,body:e.body}),n=new Date,a=await mp({csrfToken:t,now:n}),i=await Zz(e.request,a.virtualServerId,e.context);if(r==="cancel")return{kind:"redirect",location:await Rw({csrfToken:t,currentBrowserPrincipal:i,now:n})};let s=await vw({csrfToken:t,currentBrowserPrincipal:i,now:n}),c=await wp({transaction:s,requestUrl:e.request.url,returnTo:`/oauth/setup?state=${encodeURIComponent(t)}`});if(r==="continue"||Ew(c)){let d=await vp({transaction:s,requestUrl:e.request.url});return{kind:"setup_page",html:Sp({state:t,virtualServerId:s.virtualServerId,upstreams:c,...d})}}return{kind:"redirect",location:await bw({csrfToken:t,currentBrowserPrincipal:i,now:n})}}o(qw,"continueDownstreamAuthorizeSetup");ue();var Qz=new Set(["authorization_code","refresh_token"]),Xz=u.discriminatedUnion("grant_type",[u.object({grant_type:u.literal("authorization_code"),code:u.string().min(1),redirect_uri:u.string().min(1),client_id:u.string().min(1).optional(),code_verifier:rs,resource:u.url(),scope:u.literal(ye).optional(),client_secret:u.string().min(1).optional()}),u.object({grant_type:u.literal("refresh_token"),refresh_token:u.string().min(1),client_id:u.string().min(1).optional(),resource:u.url(),scope:u.literal(ye).optional(),client_secret:u.string().min(1).optional()})]);function eM(e){if(typeof e!="object"||e===null)return;let t=e.grant_type;if(t!==void 0&&(typeof t!="string"||!Qz.has(t)))throw new G("unsupported_grant_type",`Grant type "${typeof t=="string"?t:""}" is not supported.`)}o(eM,"assertSupportedGrantType");var tM=u.object({token:u.string().min(1),client_id:u.string().min(1).optional(),token_type_hint:u.string().optional(),client_secret:u.string().min(1).optional()});function Nw(){return xe().gateway.accessTokenTtlSeconds}o(Nw,"readAccessTokenTtlSeconds");function rM(){return xe().gateway.refreshTokenTtlSeconds}o(rM,"readRefreshTokenTtlSeconds");function nM(e,t){let r=Nw(),n=Math.max(1,Math.floor((new Date(t).getTime()-e.getTime())/1e3)),a=Math.min(r,n);return{expiresAt:ne(Wt(e,a)),expiresIn:a}}o(nM,"calculateAccessTokenExpiresAt");function Dw(e){if(!e?.startsWith("Basic "))return{};let t;try{t=atob(e.slice(6))}catch{throw new G("invalid_client","Malformed HTTP Basic client authentication.")}let r=t.indexOf(":");if(r<0)throw new G("invalid_client","Malformed HTTP Basic client authentication.");try{return{clientId:decodeURIComponent(t.slice(0,r)),clientSecret:decodeURIComponent(t.slice(r+1))}}catch{throw new G("invalid_client","Malformed HTTP Basic client authentication.")}}o(Dw,"readBasicClientSecret");function jw(e){if(e.basicClientId!==void 0&&e.bodyClientId!==void 0&&e.basicClientId!==e.bodyClientId)throw new G("invalid_request","Authenticated client_id must match request client_id.");let t=e.basicClientId??e.bodyClientId;if(t===void 0)throw new G("invalid_client","Client authentication or client_id is required.");return t}o(jw,"resolveAuthenticatedClientId");function Hw(e){if(e.basicClientSecret!==void 0&&e.bodyClientSecret!==void 0)throw new G("invalid_request","Use only one client authentication method per request.");return e.basicClientSecret!==void 0?{clientSecret:e.basicClientSecret,clientSecretSource:"basic"}:e.bodyClientSecret!==void 0?{clientSecret:e.bodyClientSecret,clientSecretSource:"post"}:{}}o(Hw,"resolveClientSecretInput");async function Lw(e){let t=Be.parse(e.clientId);return e.clientSecret===void 0?{method:"none",clientId:t}:{method:e.clientSecretSource==="post"?"client_secret_post":"client_secret_basic",clientId:t,clientSecretHashInput:await pe(e.clientSecret)}}o(Lw,"buildRuntimeHttpClientAuth");async function Bw(e){eM(e.body);let t=Xz.parse(e.body),r=Dw(e.authorizationHeader),n=jw({basicClientId:r.clientId,bodyClientId:t.client_id}),a=new Date,i=Hw({basicClientSecret:r.clientSecret,bodyClientSecret:t.client_secret});return oM({parsed:t,clientId:n,clientSecretInput:i,now:a,requestUrl:e.requestUrl})}o(Bw,"exchangeDownstreamToken");async function oM(e){let t=await Lw({clientId:e.clientId,...e.clientSecretInput});if(e.parsed.grant_type==="authorization_code"){Aa(e.parsed.redirect_uri),ka(e.parsed.scope),e.parsed.resource!==void 0&&to(e.requestUrl??e.parsed.resource,e.parsed.resource);let c=Jt(),d=Jt(),p=ne(Wt(e.now,rM())),l=nM(e.now,p),m=await J().exchangeAuthorizationCode({clientAuth:t,codeHash:await pe(e.parsed.code),redirectUri:e.parsed.redirect_uri,...e.parsed.resource===void 0?{}:{resource:e.parsed.resource},codeChallenge:await Kg(e.parsed.code_verifier),currentRefreshTokenHash:await pe(c),accessTokenHash:await pe(d),grantExpiresAt:p,accessTokenExpiresAt:l.expiresAt,now:ne(e.now)});if(m.kind==="invalid_client")throw new G("invalid_client","Client authentication failed.");if(m.kind==="resource_mismatch")throw new G("invalid_target","Token request resource must match the authorization code resource.");if(m.kind!=="exchanged")throw new G("invalid_grant","Authorization code is invalid, expired, already used, or failed binding validation.");return{access_token:d,token_type:"Bearer",expires_in:l.expiresIn,refresh_token:c,scope:m.grant.scope,resource:m.grant.resource}}ka(e.parsed.scope),e.parsed.resource!==void 0&&to(e.requestUrl??e.parsed.resource,e.parsed.resource);let r=Jt(),n=Jt(),a=ne(Wt(e.now,Nw())),i=await J().refreshToken({clientAuth:t,currentRefreshTokenHash:await pe(e.parsed.refresh_token),nextRefreshTokenHash:await pe(r),accessTokenHash:await pe(n),...e.parsed.resource===void 0?{}:{resource:e.parsed.resource},accessTokenExpiresAt:a,now:ne(e.now)});if(i.kind==="invalid_client")throw new G("invalid_client","Client authentication failed.");if(i.kind==="resource_mismatch")throw new G("invalid_target","Token request resource must match the refresh token grant resource.");if(i.kind!=="rotated")throw new G("invalid_grant","Refresh token is invalid, expired, or revoked.");to(e.requestUrl??i.grant.resource,i.grant.resource);let s=i.accessToken.expiresAt;return{access_token:n,token_type:"Bearer",expires_in:Math.max(1,Math.floor((new Date(s).getTime()-e.now.getTime())/1e3)),refresh_token:r,scope:i.grant.scope,resource:i.grant.resource}}o(oM,"exchangeDownstreamTokenWithRuntimeHttp");async function Gw(e){let t=tM.parse(e.body),r=Dw(e.authorizationHeader),n=jw({basicClientId:r.clientId,bodyClientId:t.client_id}),a=Hw({basicClientSecret:r.clientSecret,bodyClientSecret:t.client_secret}),i=new Date;if((await J().revokeOAuthToken({clientAuth:await Lw({clientId:n,...a}),tokenHash:await pe(t.token),now:ne(i)})).kind==="invalid_client")throw new G("invalid_client","Client authentication failed.");e.context?.log.info({event:"oauth_token_revoked",clientId:n,...t.token_type_hint===void 0?{}:{tokenTypeHint:t.token_type_hint}},"OAuth token revocation request processed")}o(Gw,"revokeDownstreamToken");var aM=64*1024,iM=16*1024,sM="text/html; charset=utf-8";function cM(e){let t={};for(let[r,n]of e.entries())t[r]=n;return t}o(cM,"formDataToObject");async function uM(e){return z_(e,{maxBytes:aM,label:"Request body"})}o(uM,"readJsonBody");async function Ls(e){return cM(await Os(e,{maxBytes:iM,label:"Request body"}))}o(Ls,"readFormBody");async function Bs(e,t,r){let n=he(r),a=r instanceof u.ZodError?Vw(r):r instanceof Error?r.message:void 0,i={code:n??"invalid_request"};return a!==void 0&&(i.detail=a),ft(e,t,i)}o(Bs,"handleProblem");function Ta(e){let t=new Headers(e.headers);t.set("cache-control","no-store"),t.set("pragma","no-cache");let r={error:e.error};return e.errorDescription!==void 0&&(r.error_description=e.errorDescription),Response.json(r,{status:e.status??400,headers:t})}o(Ta,"oauthErrorResponse");function dM(e,t){return e.errorCode!=="invalid_client"?{}:t.includeInvalidClientChallenge===!1?{}:{"WWW-Authenticate":'Basic realm="OAuth"'}}o(dM,"readOAuthProtocolHeaders");function lM(e,t){let r=Qe("internal_server_error");return Ta({error:e.errorCode,errorDescription:e.errorCode==="server_error"?r.publicDetail:e.message,status:e.status,headers:dM(e,t)})}o(lM,"oauthProtocolErrorResponse");function pM(e){return e.issues[0]?.path.includes("resource")===!0?"invalid_target":"invalid_request"}o(pM,"readZodOAuthErrorCode");function mM(e){let t={error:pM(e)},r=Vw(e);return r!==void 0&&(t.errorDescription=r),Ta(t)}o(mM,"oauthZodErrorResponse");function fM(e){let t=he(e);if(t===void 0)return;let r=Qe(t);if(r.oauthError===void 0)return;let n={error:r.oauthError,status:gM(r.oauthError)};return r.oauthError==="server_error"?n.errorDescription=r.publicDetail:e instanceof Error?n.errorDescription=e.message:n.errorDescription=r.publicDetail,Ta(n)}o(fM,"oauthGatewayProblemResponse");function hM(){let t={error:"server_error",status:500,errorDescription:Qe("internal_server_error").publicDetail};return Ta(t)}o(hM,"oauthFallbackErrorResponse");function gM(e){switch(e){case"invalid_client":return 401;case"server_error":return 500;default:return 400}}o(gM,"readOAuthStatus");function ro(e,t={}){return e instanceof sn?yM(e):e instanceof G?lM(e,t):e instanceof u.ZodError?mM(e):fM(e)??hM()}o(ro,"oauthProblemResponse");function Mt(e,t,r){let n={event:t},a=!1;if(r instanceof G)n.oauthError=r.errorCode,n.status=r.status,Oe(n,"error",r);else if(r instanceof sn)n.oauthError=r.errorCode,Oe(n,"error",r);else if(r instanceof u.ZodError){n.code="invalid_request",Oe(n,"error",r);let i=r.issues[0];i&&(n.zodPath=i.path.join("."))}else{let i=he(r);if(i!==void 0){let s=Qe(i);n.code=i,n.status=s.status,s.oauthError!==void 0&&(n.oauthError=s.oauthError),a=s.status>=500||s.oauthError==="server_error",Oe(n,"error",r)}else a=!0,Oe(n,"error",r)}if(a){let i=r instanceof Error?r:new Error("Non-Error thrown from OAuth handler",{cause:r});e.log.error(n,i.message)}else e.log.warn(n,"OAuth handler rejected the request")}o(Mt,"logUnexpectedOAuthHandlerError");function yM(e){let t;try{t=new URL(e.redirectUri)}catch{return Ta({error:e.errorCode,...e.errorDescription===void 0?{}:{errorDescription:e.errorDescription}})}t.searchParams.set("error",e.errorCode),e.errorDescription!==void 0&&t.searchParams.set("error_description",e.errorDescription),e.clientState!==void 0&&t.searchParams.set("state",e.clientState);let r=new Headers({location:t.toString(),"cache-control":"no-store"});return new Response(null,{status:302,headers:r})}o(yM,"downstreamAuthorizeRedirectErrorResponse");function Vw(e){let t=e.issues[0];if(!t)return;let r=t.path.join(".");return r?`${r}: ${t.message}`:t.message}o(Vw,"formatZodErrorDetail");function SM(e,t){let r={event:"browser_login_callback_failed",code:he(t)??"invalid_request"};Oe(r,"error",t),e.log.warn(r,"Browser login callback failed; client received a connection-failure page")}o(SM,"logBrowserLoginCallbackFailure");function Rp(e){e.location.hash||(e.location.hash="#");let t=new Headers({location:e.location.toString(),"cache-control":"no-store"});return e.setCookie&&t.append("set-cookie",e.setCookie),new Response(null,{status:302,headers:t})}o(Rp,"redirectResultResponse");function Gs(e){if(e.kind==="setup_page"){let t=new Headers({"content-type":sM,"cache-control":"no-store","referrer-policy":"no-referrer","x-frame-options":"DENY"});return e.setCookie&&t.append("set-cookie",e.setCookie),new Response(e.html,{status:200,headers:t})}return Rp(e)}o(Gs,"authorizeResultResponse");async function Fw(e,t){try{return Response.json(il(e.url))}catch(r){return Mt(t,"oauth_authorization_server_metadata_failed",r),Bs(e,t,r)}}o(Fw,"authorizationServerMetadataHandler");async function Zw(e,t){try{let r=Pe.parse(e.params.virtualServerId),n=ea(r);return Response.json(Gg({virtualServerId:n.virtualServerId,requestUrl:e.url}))}catch(r){return Mt(t,"oauth_authorization_server_metadata_failed",r),Bs(e,t,r)}}o(Zw,"scopedAuthorizationServerMetadataHandler");async function Kw(e,t){try{let r=await xw(await uM(e)),n=r;return t.log.info({event:"oauth_dcr_client_registered",clientId:typeof n.client_id=="string"?n.client_id:void 0,clientName:typeof n.client_name=="string"?n.client_name:void 0,redirectUriCount:Array.isArray(n.redirect_uris)?n.redirect_uris.length:void 0,tokenEndpointAuthMethod:typeof n.token_endpoint_auth_method=="string"?n.token_endpoint_auth_method:void 0},"OAuth Dynamic Client Registration completed"),Response.json(r,{status:201,headers:{"cache-control":"no-store"}})}catch(r){return Mt(t,"oauth_register_failed",r),ro(r)}}o(Kw,"registerHandler");async function Ww(e,t){try{return Gs(await bp(e,{context:t}))}catch(r){return Mt(t,"oauth_authorize_failed",r),ro(r,{includeInvalidClientChallenge:!1})}}o(Ww,"authorizeHandler");async function Jw(e,t){try{let r=Pe.parse(e.params.virtualServerId),n=ea(r);return Gs(await bp(e,{virtualServerId:n.virtualServerId,context:t}))}catch(r){return Mt(t,"oauth_authorize_scoped_failed",r),ro(r,{includeInvalidClientChallenge:!1})}}o(Jw,"scopedAuthorizeHandler");async function Yw(e,t){try{let r=await $w(e,{context:t});return t.log.info({event:"browser_login_callback_completed",resultKind:r.kind},"Browser login callback completed; consent setup rendered"),Gs(r)}catch(r){return SM(t,r),Bs(e,t,r)}}o(Yw,"callbackHandler");async function Qw(e,t){try{return Rp(await zw(e))}catch(r){return Mt(t,"oauth_dev_login_failed",r),ro(r)}}o(Qw,"devLoginHandler");async function Xw(e,t){let r=(()=>{try{return new URL(e.url).host}catch{return""}})();try{if(e.method==="GET"){let n=typeof e.query.state=="string"?e.query.state:void 0;return n?W_(r,n):ip(r,400)}return e.method!=="POST"?new Response(null,{status:405,headers:{allow:"GET, POST"}}):Rp(await Mw({request:e,body:await Ls(e)}))}catch(n){return Mt(t,"oauth_api_key_login_failed",n),ip(r)}}o(Xw,"apiKeyLoginHandler");async function ev(e,t){try{if(!["GET","POST"].includes(e.method))return new Response(null,{status:405,headers:{allow:"GET, POST"}});let r=await qw({request:e,body:e.method==="POST"?await Ls(e):void 0,context:t});return Gs(r)}catch(r){return Mt(t,"oauth_setup_failed",r),Bs(e,t,r)}}o(ev,"setupHandler");async function tv(e,t){try{return Response.json(await Bw({body:await Ls(e),authorizationHeader:e.headers.get("authorization"),requestUrl:e.url,context:t}),{headers:{"cache-control":"no-store",pragma:"no-cache"}})}catch(r){return Mt(t,"oauth_token_failed",r),ro(r)}}o(tv,"tokenHandler");async function rv(e,t){try{return await Gw({body:await Ls(e),authorizationHeader:e.headers.get("authorization"),context:t}),new Response(null,{status:200,headers:{"cache-control":"no-store"}})}catch(r){return Mt(t,"oauth_revoke_failed",r),ro(r)}}o(rv,"revokeHandler");var _M={connect:"Connect",app_password:"App password",callback_authorization_code:"Callback",callback_provider_error:"Callback",callback_invalid:"Callback",client_metadata:"Client metadata"},nv=new Dt("upstream-request");function wM(e){let t=nv.get(e);if(!t)throw g("internal_server_error","Upstream request context has not been set");return t}o(wM,"readUpstreamRequestContext");function vM(e,t){return t.some(r=>r===e)}o(vM,"requestContextMatchesKind");function bM(e){return typeof e=="string"?[e]:e}o(bM,"toExpectedKinds");function cn(e,t){nv.set(e,t)}o(cn,"setUpstreamRequestContext");function un(e,t){let r=wM(e),n=bM(t);if(!vM(r.kind,n)){let a=_M[n[0]];throw g("internal_server_error",`${a} request context has not been set`)}return r}o(un,"requireUpstreamRequestContext");function ov(e){return T`<form class="form" method="post" action="${e.action}" autocomplete="off"><input type="hidden" name="browserTicket" value="${e.browserTicket}" />${e.fields}<p class="form__note">The gateway stores this encrypted and keeps it out of MCP client
54
+ configuration.</p><button class="button button--primary button--block form__submit" type="submit" >Connect</button></form>`}o(ov,"renderAppPassword");function av(e){return T`<p data-gateway-error-code="${e.code}">${e.body}</p>`}o(av,"renderBrowserResult");var RM="text/html; charset=utf-8",CM="none";function iv(e){return nr({title:e.title,host:e.host,styles:rr,heading:e.title,subhead:"",body:av({body:e.body,code:e.code??CM}),footer:""})}o(iv,"browserResultHtml");function sv(e,t=200){return new Response(tr(e),{status:t,headers:{"content-type":RM,"cache-control":"no-store","referrer-policy":"no-referrer","x-frame-options":"DENY"}})}o(sv,"browserResultResponse");function Vs(e){return sv(iv(e))}o(Vs,"browserConnectionSuccessResponse");function no(e,t){let r=sg(t);return sv(iv({host:e,title:r.title,body:r.body,code:t}),400)}o(no,"browserConnectionFailureResponse");function Cp(e){try{return new URL(e).host}catch{return""}}o(Cp,"safeHostFromUrl");var IM="text/html; charset=utf-8",PM=16*1024;function xM(e,t=200){return new Response(tr(e),{status:t,headers:{"content-type":IM,"cache-control":"no-store","referrer-policy":"no-referrer","x-frame-options":"DENY"}})}o(xM,"htmlResponse");function AM(e,t){return Response.redirect(new URL(t,e).toString(),302)}o(AM,"safeRedirect");function kM(e){if(!e)throw g("oauth_state_invalid","App password capture requires a signed browser ticket.");return e}o(kM,"requireBrowserTicket");function TM(e,t){return[e.ownerMode!=="user"||e.upstreamServerId!==t.upstreamServerId||t.virtualServerId!==void 0&&e.virtualServerId!==t.virtualServerId].every(n=>!n)}o(TM,"appPasswordTicketMatchesTarget");async function cv(e){let t=kM(e.browserTicket),r=await ys(t);if(!TM(r,e))throw g("oauth_callback_mismatch","App password capture ticket did not match the requested upstream flow.");return{upstreamServerId:e.upstreamServerId,authProfileId:r.authProfileId,virtualServerId:r.virtualServerId,browserTicket:t,ticket:r}}o(cv,"readAppPasswordTarget");function EM(e,t){let r=El(e.upstreamServerId,e.authProfileId),n=`/auth/connections/${encodeURIComponent(e.upstreamServerId)}/app-password`,a=r.kind==="basic_auth_app_password"?T`<label class="form__label" for="username">${r.usernameLabel}</label><input class="form__input" id="username" name="username" required autocomplete="username"><label class="form__label" for="appPassword">${r.passwordLabel}</label><input class="form__input" id="appPassword" name="appPassword" type="password" required autocomplete="current-password">`:T`<label class="form__label" for="token">${r.label}</label><input class="form__input" id="token" name="token" type="password" required autocomplete="off">`;return xM(nr({title:"Connect upstream",host:t,styles:rr,heading:"Connect upstream",subhead:T`<p class="card__subtitle">Enter the per-user credential for this approved upstream.</p>`,body:ov({action:n,browserTicket:e.browserTicket,fields:a}),footer:""}))}o(EM,"renderCaptureForm");function Fs(e,t){let r=e.get(t);if(typeof r!="string"||r.length===0)throw g("invalid_request",`Missing form field: ${t}`);return r}o(Fs,"readRequiredFormValue");function UM(e){return{upstreamServerId:e.upstreamServerId,...e.virtualServerId===void 0?{}:{virtualServerId:e.virtualServerId},...e.browserTicket===void 0?{}:{browserTicket:e.browserTicket}}}o(UM,"readCaptureFormTargetInput");async function OM(e,t){return EM(await cv(UM(e)),t)}o(OM,"handleCaptureFormRequest");async function $M(e){let t=await Os(e.request,{maxBytes:PM,label:"App password request body"});return{form:t,target:await cv({upstreamServerId:e.upstreamServerId,browserTicket:Fs(t,"browserTicket")})}}o($M,"readSubmittedAppPasswordTarget");async function zM(e){let t=Bn(e.target.ticket);if(await Ss(e.target.ticket),El(e.target.upstreamServerId,e.target.authProfileId).kind==="bearer_token"){await _s({owner:t,initiatedBySubjectId:e.target.ticket.initiatedBySubjectId,upstreamServerId:e.target.upstreamServerId,authProfileId:e.target.authProfileId,token:Fs(e.form,"token")});return}await PS({owner:t,initiatedBySubjectId:e.target.ticket.initiatedBySubjectId,upstreamServerId:e.target.upstreamServerId,authProfileId:e.target.authProfileId,username:Fs(e.form,"username"),appPassword:Fs(e.form,"appPassword")})}o(zM,"saveSubmittedAppPasswordCredential");function MM(e,t){return t.ticket.returnTo?AM(e,t.ticket.returnTo):Vs({host:Cp(e),title:"Connection complete",body:"The upstream credential was saved. Return to your MCP client and retry the request."})}o(MM,"appPasswordSuccessResponse");async function qM(e){let t=await $M({request:e.request,upstreamServerId:e.appPasswordRequest.upstreamServerId});return await zM(t),MM(e.request.url,t.target)}o(qM,"handleAppPasswordSubmission");function NM(){return new Response(null,{status:405,headers:{Allow:"GET, POST"}})}o(NM,"methodNotAllowedResponse");function DM(e,t){let r=he(t);return no(e,Hi(r)?r:"oauth_state_invalid")}o(DM,"appPasswordFailureResponse");async function jM(e){let t=Cp(e.request.url);switch(e.request.method){case"GET":return OM(e.appPasswordRequest,t);case"POST":return qM(e);default:return NM()}}o(jM,"handleAppPasswordMethod");async function Ip(e,t){let r=un(t,"app_password");try{return await jM({request:e,appPasswordRequest:r})}catch(n){return DM(Cp(e.url),n)}}o(Ip,"appPasswordHandler");var HM=["callback_authorization_code","callback_provider_error","callback_invalid"];function LM(e){return"cause"in e?e.cause:void 0}o(LM,"readErrorCause");function BM(e){return e.stack?.split(`
55
+ `).slice(1,4).map(t=>t.trim()).join(" | ")}o(BM,"readFirstStackFrame");function uv(e,t,r){r instanceof Error&&(e[`${t}Name`]=r.name,e[`${t}Message`]=r.message,e[`${t}StackFrame`]=BM(r))}o(uv,"addErrorAttributes");function dv(e){try{return new URL(e).host}catch{return""}}o(dv,"safeHostFromUrl");function GM(e,t,r){switch(t.kind){case"callback_provider_error":return e.log.warn({event:"upstream_oauth_provider_error",code:"provider_access_denied",upstreamServerId:t.upstreamServerId,providerError:t.error,...t.errorDescription===void 0?{}:{providerErrorDescription:t.errorDescription.slice(0,256)}},"Upstream identity provider returned an error to the OAuth callback"),tt(e,{eventType:K.MCP_GATEWAY_AUTH_UPSTREAM_TOKEN_EXCHANGE_FAILED,outcome:"failure",upstreamServerName:t.upstreamServerId,reasonCode:"provider_access_denied",reasonClass:"auth",attributes:{error:t.error,errorDescription:t.errorDescription}}),no(r,"provider_access_denied");case"callback_invalid":return e.log.warn({event:"upstream_oauth_callback_invalid",code:"oauth_state_invalid",upstreamServerId:t.upstreamServerId},"Upstream OAuth callback request missing required code/state parameters"),no(r,"oauth_state_invalid");case"callback_authorization_code":return t}}o(GM,"requireAuthorizationCallbackRequest");function VM(e,t){tt(e,{eventType:K.MCP_GATEWAY_AUTH_UPSTREAM_CALLBACK_RECEIVED,outcome:"success",upstreamServerName:t.upstreamServerId})}o(VM,"emitCallbackReceivedAnalyticsEvent");function FM(e,t){tt(e,{eventType:K.MCP_GATEWAY_AUTH_UPSTREAM_TOKEN_EXCHANGE_SUCCEEDED,outcome:"success",upstreamServerName:t.upstreamServerId,virtualServerName:t.virtualServerId})}o(FM,"emitTokenExchangeSucceededAnalyticsEvent");function ZM(e,t){if(t.returnTo){let r=t.returnOrigin??e.url;return Response.redirect(new URL(t.returnTo,r).toString(),302)}return Vs({host:dv(e.url),title:"Connection complete",body:"The upstream authorization flow completed successfully. You can return to your MCP client."})}o(ZM,"buildSuccessfulCallbackResponse");function KM(e){let t={detail:e instanceof Error?e.message:void 0};return uv(t,"error",e),e instanceof Error&&uv(t,"cause",LM(e)),t}o(KM,"buildTokenExchangeFailureAttributes");function WM(e){tt(e.context,{eventType:K.MCP_GATEWAY_AUTH_UPSTREAM_TOKEN_EXCHANGE_FAILED,outcome:"failure",upstreamServerName:e.callbackRequest.upstreamServerId,reasonCode:he(e.error)??"token_exchange_failed",reasonClass:"auth",errorType:e.error instanceof Error?e.error.name:"unknown",attributes:KM(e.error)})}o(WM,"emitTokenExchangeFailedAnalyticsEvent");function JM(e,t){let r=he(t);return no(e,Hi(r)?r:"upstream_token_exchange_failed")}o(JM,"tokenExchangeFailureResponse");async function Pp(e,t){let r=un(t,HM),n=dv(e.url),a=GM(t,r,n);if(a instanceof Response)return a;VM(t,a);try{let i=await d_({request:e,callbackRequest:a});return FM(t,i),t.log.info({event:"upstream_oauth_token_exchange_succeeded",upstreamServerId:i.upstreamServerId,virtualServerId:i.virtualServerId,authProfileId:i.authProfileId,ownerMode:i.ownerMode},"Upstream OAuth token exchange completed; user connection established"),ZM(e,i)}catch(i){let s={event:"upstream_oauth_token_exchange_failed",code:he(i)??"upstream_token_exchange_failed",upstreamServerId:a.upstreamServerId};return Oe(s,"error",i),t.log.warn(s,"Upstream OAuth token exchange failed; user shown connection-failure page"),WM({context:t,callbackRequest:a,error:i}),JM(n,i)}}o(Pp,"callbackHandler");function YM(e){let t=he(e);return t==="unknown_upstream_server"?t:"not_found"}o(YM,"clientMetadataProblemCode");function QM(e){return(e instanceof Error?e.message:void 0)??"The requested upstream client metadata document was not found."}o(QM,"clientMetadataProblemDetail");async function lv(e,t){let r=un(t,"connect"),n=await u_({request:e,connectRequest:r});if(tt(t,{eventType:K.MCP_GATEWAY_AUTH_UPSTREAM_CONNECT_STARTED,outcome:"success",upstreamServerName:r.upstreamServerId,virtualServerName:n.virtualServerId,upstreamServerTitle:n.upstreamDisplayName}),t.log.info({event:"upstream_connect_started",upstreamServerId:r.upstreamServerId,authProfileId:n.authProfileId,virtualServerId:n.virtualServerId,ownerMode:r.ownerMode,redirect:r.redirect,hasReturnTo:r.returnTo!==void 0},"Upstream OAuth connect flow started"),r.redirect)return Response.redirect(n.authUrl,302);let a=await Fn({requestUrl:e.url,owner:n.owner,initiatedBySubjectId:n.initiatedBySubjectId,upstreamServerId:r.upstreamServerId,authProfileId:n.authProfileId,upstreamDisplayName:n.upstreamDisplayName,virtualServerId:n.virtualServerId,subject:"virtual server",...r.returnTo===void 0?{}:{returnTo:r.returnTo}});return Response.json(a,{status:428})}o(lv,"connectHandler");async function pv(e,t){let r=un(t,"client_metadata");try{let n=KS(e.url),a=WS(n,r.upstreamServerId,r.authProfileId);return Response.json(a)}catch(n){let a=YM(n),i=n instanceof Error?n.message:String(n);return t.log.warn({event:"oauth_client_metadata_request_failed",code:a,upstreamServerId:r.upstreamServerId,authProfileId:r.authProfileId,errorMessage:i},"Failed to serve OAuth client metadata document for upstream connection"),ft(e,t,{code:a,detail:QM(n)})}}o(pv,"oauthClientMetadataHandler");function or(e){if(typeof e=="string"&&e.length!==0)return e}o(or,"readOptionalQueryString");function XM(e,t){let r=e.params[t];if(typeof r!="string"||r.length===0)throw g("internal_server_error",`Validated path parameter ${t} is missing`);return r}o(XM,"requirePathString");function mv(e){let t=or(e);return t?Pe.parse(t):void 0}o(mv,"readOptionalVirtualServerId");function eq(e,t){let r=or(e);return r?et.parse(r):Nn(t,"user_oauth")}o(eq,"readOptionalAuthProfileId");function tq(e){let t=mv(e);if(!t)throw g("invalid_request","virtualServerId query parameter is required.");return t}o(tq,"readRequiredVirtualServerId");function rq(e){let t=or(e.query.browserTicket);return t===void 0?{}:{browserTicket:t}}o(rq,"readOptionalBrowserTicket");function nq(e){let t=cs(or(e));return t===void 0?{}:{returnTo:t}}o(nq,"readOptionalReturnTo");function oq(e){let t=mv(e.query.virtualServerId);return t===void 0?{}:{virtualServerId:t}}o(oq,"readOptionalVirtualServerIdContext");function aq(e){let t=or(e.query.error_description);return t===void 0?{}:{errorDescription:t}}o(aq,"readOptionalProviderErrorDescription");function iq(e){let t=$t(e.authMode);if(t.connectSupport!=="none")return e;throw g("invalid_request",t.connectUnsupportedDetail??"This upstream does not support browser connection flows.")}o(iq,"requireConnectableRouteAuth");function sq(e,t,r,n){let a=Us(e,t);if(a.ownerMode==="none"||a.authMode==="shared-secret")throw g("invalid_request","Static-secret upstreams do not support browser connection flows.");return{kind:"connect",...a,...n===void 0?{}:{returnTo:n},redirect:r}}o(sq,"buildConnectContextForPrincipal");function cq(e,t,r){let n=Bn(t),a=$t(e.authMode);if(n.mode!==a.ownerMode)throw g("oauth_callback_mismatch","Browser connect ticket did not match the requested upstream flow");return{kind:"connect",...e,...t.returnTo===void 0?{}:{returnTo:t.returnTo},owner:n,initiatedBySubjectId:t.initiatedBySubjectId,redirect:r}}o(cq,"buildConnectContextForTicket");async function uq(e,t){let r=iq(E_(t,tq(e.query.virtualServerId))),n=e.query.redirect==="true",a=or(e.query.browserTicket);if(e.user){if(a)throw g("invalid_request","Use either an authenticated gateway request or a browser connect ticket, not both.");let s=jn(e.user,e.url);return sq(r,s,n,nq(e.query.returnTo).returnTo)}if(!a)throw g("authentication_required","Authentication is required to start the upstream connection flow.");let i=await ys(a);if(i.ownerMode!==r.ownerMode||i.upstreamServerId!==r.upstreamServerId||i.authProfileId!==r.authProfileId||i.virtualServerId!==r.virtualServerId)throw g("oauth_callback_mismatch","Browser connect ticket did not match the requested upstream flow");return await Ss(i),cq(r,i,n)}o(uq,"resolveConnectContext");async function dq(e,t,r){let n=Xe.parse(XM(e,"connection"));switch(r){case"connect":cn(t,await uq(e,n));return;case"app_password":cn(t,{kind:"app_password",upstreamServerId:n,...oq(e),...rq(e)});return;case"callback":{let a=or(e.query.error);if(a){cn(t,{kind:"callback_provider_error",upstreamServerId:n,error:a,...aq(e)});return}let i=or(e.query.code),s=or(e.query.state);if(i&&s){cn(t,{kind:"callback_authorization_code",upstreamServerId:n,code:i,state:s});return}cn(t,{kind:"callback_invalid",upstreamServerId:n});return}case"client_metadata":cn(t,{kind:"client_metadata",upstreamServerId:n,authProfileId:eq(e.query.authProfileId,n)});return}}o(dq,"resolveUpstreamRequestInbound");async function lq(e,t,r){try{await dq(e,t,r);return}catch(n){let a=he(n);if(!a)throw n;let i=n instanceof Error?n.message:void 0;return ft(e,t,{code:a,...i===void 0?{}:{detail:i}})}}o(lq,"applyUpstreamRequestContext");function Ea(e,t){return o(async(n,a)=>{let i=await lq(n,a,e);return i||t(n,a)},"wrapped")}o(Ea,"withUpstreamRequestContext");var pq={"access-control-allow-origin":"*","access-control-allow-methods":"GET, OPTIONS","access-control-allow-headers":"content-type, authorization","access-control-max-age":"86400"};function mq(){return new Response(null,{status:204,headers:pq})}o(mq,"buildWellKnownPreflightResponse");function fq(e){let t=new Headers(e.headers);return t.set("access-control-allow-origin","*"),new Response(e.body,{status:e.status,statusText:e.statusText,headers:t})}o(fq,"withWellKnownCorsHeaders");function xp(e){return async(t,r)=>t.method==="OPTIONS"?mq():fq(await e(t,r))}o(xp,"wrapWellKnownHandler");var hq=[{routeName:"oauth_as_metadata",path:"/.well-known/oauth-authorization-server",methods:["GET","OPTIONS"],handler:xp(Fw)},{routeName:"oauth_as_metadata_scoped",path:"/.well-known/oauth-authorization-server/mcp/:virtualServerId",methods:["GET","OPTIONS"],handler:xp(Zw)},{routeName:"oauth_protected_resource_metadata",path:"/.well-known/oauth-protected-resource/mcp/:virtualServerId",methods:["GET","OPTIONS"],handler:xp(Vg)},{routeName:"oauth_register",path:"/oauth/register",methods:["POST"],handler:Kw},{routeName:"oauth_authorize",path:"/oauth/authorize",methods:["GET"],handler:Ww},{routeName:"oauth_authorize_scoped",path:"/oauth/authorize/mcp/:virtualServerId",methods:["GET"],handler:Jw},{routeName:"oauth_callback",path:"/oauth/callback",methods:["GET"],handler:Yw},{routeName:"oauth_dev_login",path:"/oauth/dev-login",methods:["GET"],handler:Qw},{routeName:"oauth_api_key_login",path:"/oauth/api-key-login",methods:["GET","POST"],handler:Xw},{routeName:"oauth_setup",path:"/oauth/setup",methods:["GET","POST"],handler:ev},{routeName:"oauth_token",path:"/oauth/token",methods:["POST"],handler:tv},{routeName:"oauth_revoke",path:"/oauth/revoke",methods:["POST"],handler:rv},{routeName:"upstream_client_metadata",path:"/.well-known/oauth-client/:connection",methods:["GET"],handler:Ea("client_metadata",pv)},{routeName:"upstream_connect",path:"/auth/connections/:connection/connect",methods:["GET"],handler:Ea("connect",lv)},{routeName:"upstream_callback",path:"/auth/connections/:connection/callback",methods:["GET"],handler:Ea("callback",Pp)},{routeName:"upstream_app_password",path:"/auth/connections/:connection/app-password",methods:["GET","POST"],handler:Ea("app_password",Ip)}];function fv(e){if(e)return e.find(t=>Fi(t.policyType))}o(fv,"findMcpOAuthPolicy");function hv(e){return fv(e)!==void 0}o(hv,"shouldRegisterMcpGatewayInternalRoutes");function gq(e){let t=qd(e.policyType);if(!t){let r=Nd();throw new Or(`MCP gateway: unknown MCP authorization policy type '${String(e.policyType)}'. Registered policy types: ${r.length>0?r.join(", "):"<none>"}.`)}try{return t.getConfig(e.handler.options)}catch(r){throw r instanceof u.ZodError?new Or(yq(e.name??e.policyType,r),{cause:r}):r}}o(gq,"resolveOAuthConfigFromPolicy");function yq(e,t){let r=t.issues.map(n=>` - ${n.path.length>0?n.path.join("."):"<root>"}: ${n.message}`).join(`
57
56
  `);return`MCP OAuth policy "${e}" is misconfigured. Missing/invalid options:
58
- ${r}`}o(Cq,"formatPolicyConfigError");function _v(e){let t=yv(e.policies);if(!t){let r=qd(),n=r.length>0?`Add one of [${r.map(a=>`\`${a}\``).join(", ")}] and reference it on your MCP routes.`:"Register an MCP authorization policy descriptor and reference it on your MCP routes.";throw new jt(`MCP gateway: could not find an MCP authorization policy in policies.json. ${n}`)}Hg(Rq(t)),bg(vg({routes:e.routes,policies:e.policies}))}o(_v,"initializeMcpGatewayState");function Iq(e,t){return async(r,n)=>{let a=n,i=r.method==="OPTIONS",s=Date.now();i||a.log.info({event:`${e}_received`,method:r.method},`MCP gateway: ${e} received`);try{let c=await t(r,n);return i||a.log.info({event:`${e}_responded`,status:c.status,durationMs:Date.now()-s},`MCP gateway: ${e} responded`),c}catch(c){let d={event:`${e}_threw`,durationMs:Date.now()-s};throw Oe(d,"err",c),a.log.error(d,`MCP gateway: ${e} threw`),c}}}o(Iq,"wrapInternalHandler");function wv(e){for(let t of bq){let r=Iq(t.routeName,t.handler),n=o((a,i)=>r(a,i),"handler");e.addPluginRoute({path:t.path,methods:t.methods,handler:n,processors:[ec],corsPolicy:"none"})}}o(wv,"registerMcpGatewayInternalRoutes");var Tp=class extends Dp{static{o(this,"McpGatewayPlugin")}registerRoutes(t){let r=t.parsedRouteData;r&&Sv(r.policies)&&(_v({routes:r.routes,policies:r.policies}),wv(t.router))}};export{s$ as McpAuth0OAuthInboundPolicy,Tp as McpGatewayPlugin,d$ as McpOAuthInboundPolicy,f$ as McpUpstreamConnectionInboundPolicy,YO as McpVirtualServerHandler};
57
+ ${r}`}o(yq,"formatPolicyConfigError");function gv(e){let t=fv(e.policies);if(!t){let r=Nd(),n=r.length>0?`Add one of [${r.map(a=>`\`${a}\``).join(", ")}] and reference it on your MCP routes.`:"Register an MCP authorization policy descriptor and reference it on your MCP routes.";throw new Or(`MCP gateway: could not find an MCP authorization policy in policies.json. ${n}`)}Dg(gq(t)),wg(_g({routes:e.routes,policies:e.policies}))}o(gv,"initializeMcpGatewayState");function Sq(e,t){return async(r,n)=>{let a=n,i=r.method==="OPTIONS",s=Date.now();i||a.log.info({event:`${e}_received`,method:r.method},`MCP gateway: ${e} received`);try{let c=await t(r,n);return i||a.log.info({event:`${e}_responded`,status:c.status,durationMs:Date.now()-s},`MCP gateway: ${e} responded`),c}catch(c){let d={event:`${e}_threw`,durationMs:Date.now()-s};throw Oe(d,"err",c),a.log.error(d,`MCP gateway: ${e} threw`),c}}}o(Sq,"wrapInternalHandler");function yv(e){for(let t of hq){let r=Sq(t.routeName,t.handler),n=o((a,i)=>r(a,i),"handler");e.addPluginRoute({path:t.path,methods:t.methods,handler:n,processors:[ec],corsPolicy:"none"})}}o(yv,"registerMcpGatewayInternalRoutes");var Ap=class extends Np{static{o(this,"McpGatewayPlugin")}registerRoutes(t){let r=t.parsedRouteData;r&&hv(r.policies)&&(gv({routes:r.routes,policies:r.policies}),yv(t.router))}};export{e$ as McpAuth0OAuthInboundPolicy,Ap as McpGatewayPlugin,n$ as McpOAuthInboundPolicy,s$ as McpUpstreamConnectionInboundPolicy,GO as McpVirtualServerHandler};
59
58
  //# sourceMappingURL=index.js.map