@zuplo/runtime 6.70.50 → 6.70.51

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/out/esm/{browser-login-idp-NPHGGA54.js → browser-login-idp-QZEGTRKY.js} +2 -2
  2. package/out/esm/{chunk-OATPYDFL.js → chunk-ORBTGJIA.js} +2 -2
  3. package/out/esm/{chunk-OATPYDFL.js.map → chunk-ORBTGJIA.js.map} +1 -1
  4. package/out/esm/{chunk-GK7ZF3JA.js → chunk-WASXKKBJ.js} +2 -2
  5. package/out/esm/index.js +1 -1
  6. package/out/esm/mcp-gateway/index.js +8 -8
  7. package/out/esm/mcp-gateway/index.js.map +1 -1
  8. package/out/types/index.d.ts +4 -2
  9. package/out/types/mcp-gateway/index.d.ts +9 -5
  10. package/package.json +1 -1
  11. /package/out/esm/{browser-login-idp-NPHGGA54.js.map → browser-login-idp-QZEGTRKY.js.map} +0 -0
  12. /package/out/esm/{chunk-OATPYDFL.js.LEGAL.txt → chunk-ORBTGJIA.js.LEGAL.txt} +0 -0
  13. /package/out/esm/{chunk-GK7ZF3JA.js.map → chunk-WASXKKBJ.js.map} +0 -0
package/out/esm/{chunk-GK7ZF3JA.js → chunk-WASXKKBJ.js} RENAMED
@@ -22,5 +22,5 @@
22
22
  * DEALINGS IN THE SOFTWARE.
23
23
  *--------------------------------------------------------------------------------------------*/
24
24
 
25
- import{Eb as q,fc as N,gb as w,gc as b,hb as U,jb as H,kc as G,zb as u}from"./chunk-OATPYDFL.js";import{d as L}from"./chunk-JRXZBVXH.js";import{a as n,aa as d}from"./chunk-ZIKV2LUM.js";function l(e){return new d({message:e,extensionMembers:{[u]:"invalid_request"}})}n(l,"invalidOutboundUrl");function X(){let e=L.__TEST_ONLY_MCP_GATEWAY_ALLOW_HTTP_LOOPBACK_IDP??globalThis.process?.env?.__TEST_ONLY_MCP_GATEWAY_ALLOW_HTTP_LOOPBACK_IDP;return typeof e=="string"&&e==="1"}n(X,"isTestOnlyAllowHttpLoopbackIdpEnabled");function Z(){let e=L.__TEST_ONLY_MCP_GATEWAY_ALLOW_HTTP_LOOPBACK_CIMD??globalThis.process?.env?.__TEST_ONLY_MCP_GATEWAY_ALLOW_HTTP_LOOPBACK_CIMD;return typeof e=="string"&&e==="1"}n(Z,"isTestOnlyAllowHttpLoopbackCimdEnabled");var Q=new Set(["undefined","null","nan"]);function E(e,t){if(!e.hostname)throw l(`Outbound URL has an empty hostname (got ${JSON.stringify(t)}). This typically indicates an unset $env(...) reference or a JS template literal coercing \`undefined\` into a URL. Check the policy options or runtime config that produced this URL.`);if(Q.has(e.hostname.toLowerCase()))throw l(`Outbound URL hostname is ${JSON.stringify(e.hostname)} (from ${JSON.stringify(t)}). This almost always means an environment variable referenced by $env(...) is unset and a JS value was string-coerced into a URL. Set the missing env var or fix the policy option that produced this URL.`)}n(E,"assertSafeOutboundHostname");var ee=new Set(["localhost","169.254.169.254","metadata.google.internal","metadata"]),te=[{first:0},{first:10},{first:127},{first:169,secondMin:254,secondMax:254},{first:172,secondMin:16,secondMax:31},{first:192,secondMin:168,secondMax:168},{first:100,secondMin:64,secondMax:127},{first:224,firstMax:239},{first:240,firstMax:255}];function F(e){if(!/^\d+\.\d+\.\d+\.\d+$/.test(e))return;let t=e.split(".").map(r=>Number(r));if(!(t.length!==4||t.some(r=>Number.isNaN(r)||r<0||r>255)))return t}n(F,"parseIpv4Octets");function re([e,t],r){let o=r.firstMax??r.first;return e<r.first||e>o?!1:r.secondMin===void 0||r.secondMax===void 0?!0:t>=r.secondMin&&t<=r.secondMax}n(re,"ipv4RangeMatches");function j(e){let t=F(e);return t!==void 0&&te.some(r=>re(t,r))}n(j,"isPrivateIpv4");function P(e){if(!e||e.length>4)return;let t=Number.parseInt(e,16);return Number.isNaN(t)||t<0||t>65535?void 0:t}n(P,"parseIpv6Word");function ne(e,t){return[e>>8&255,e&255,t>>8&255,t&255].join(".")}n(ne,"formatIpv4FromWords");function oe(e){let t=e.slice(7),r=F(t);if(r!==void 0)return r.join(".");let[o,s,i]=t.split(":"),c=P(o),m=P(s);return i===void 0&&c!==void 0&&m!==void 0?ne(c,m):void 0}n(oe,"parseIpv6MappedIpv4");function se(e){return P(e.split(":").find(Boolean))}n(se,"readFirstIpv6Hextet");function ie(e){let t=w(e);if(!t.includes(":"))return!1;if(t==="::"||t==="::1")return!0;if(t.startsWith("::ffff:")){let o=oe(t);return o===void 0||j(o)}let r=se(t);return r===void 0?!1:(r&65024)===64512||(r&65472)===65152}n(ie,"isPrivateIpv6");function S(e){let t=w(e);return ee.has(t)||t.endsWith(".internal")||j(t)||ie(t)}n(S,"isBlockedOutboundHostname");function D(e){let t=new URL(e);if(t.protocol!=="https:"&&t.protocol!=="http:")throw l(`Unsupported outbound protocol: ${t.protocol}`);E(t,e);let r=U(t);if(t.protocol==="http:"&&!r)throw l("Configured outbound HTTP URLs must target loopback hosts.");let o=w(t.hostname);if(!r&&S(o))throw l(`Blocked outbound host: ${o}`);return t}n(D,"validateConfiguredOutboundUrl");function W(e){let t=new URL(e),r=U(t),o=r&&X();if(t.protocol!=="https:"&&!o)throw l("Identity provider URLs must use https.");if(t.username||t.password||t.search||t.hash)throw l("Identity provider URLs must not include credentials, query params, or fragments.");E(t,e);let s=w(t.hostname);if(!r&&S(s))throw l(`Blocked identity provider host: ${s}`);return t}n(W,"validateIdentityProviderUrl");function J(e,t){let r=new URL(e),o=r.protocol==="http:"&&U(r)&&Z();if(r.protocol!=="https:"&&!o||r.pathname==="/"||r.username||r.password||r.hash)throw l(`CIMD ${t} must be an HTTPS URL with a path and no credentials or fragment.`);if(E(r,e),!o&&S(r.hostname))throw l(`CIMD ${t} points at a blocked host.`);return r}n(J,"validateCimdUrl");function $(e){return J(e,"client_id")}n($,"validateCimdClientMetadataUrl");function Y(e){return J(e,"jwks_uri")}n(Y,"validateCimdClientJwksUrl");function z(e,t){if(!t)return;if(t.aborted){e.abort(t.reason);return}let r=n(()=>e.abort(t.reason),"abort");return t.addEventListener("abort",r,{once:!0}),()=>t.removeEventListener("abort",r)}n(z,"mergeAbortSignals");async function ae(e){try{await e.cancel()}catch{}}n(ae,"cancelReader");async function K(e,t){if(!e)return new Uint8Array;let r=e.getReader(),o=[],s=0,i=await r.read();for(;!i.done;){let a=i.value;if(s+=a.byteLength,s>t.maxBytes)throw await ae(r),t.createLimitError();o.push(a),i=await r.read()}let c=new Uint8Array(s),m=0;for(let a of o)c.set(a,m),m+=a.byteLength;return c}n(K,"readBoundedByteStream");var de=2,ue=1024*1024,ce=1e4,fe=new Set([301,302,303,307,308]),le=["authorization","proxy-authorization","cookie","cookie2"];function T(e){return typeof e=="string"?e:e instanceof URL?e.toString():e.url}n(T,"readRequestUrl");function y(e,t){return t?.method!==void 0?t.method.toUpperCase():e instanceof Request?e.method.toUpperCase():"GET"}n(y,"readRequestMethod");function me(e,t,r){let o=e.headers.get("content-length");if(!o)return;let s=Number.parseInt(o,10);if(Number.isFinite(s)&&s>t)throw new d({message:"Outbound response exceeded the maximum allowed size.",extensionMembers:{[u]:r}})}n(me,"assertContentLengthWithinLimit");async function pe(e,t,r){return me(e,t,r),K(e.body,{maxBytes:t,createLimitError:n(()=>new d({message:"Outbound response exceeded the maximum allowed size.",extensionMembers:{[u]:r}}),"createLimitError")})}n(pe,"readBoundedResponseBody");function he(e,t){let r=new ArrayBuffer(t.byteLength);return new Uint8Array(r).set(t),new Response(r,{status:e.status,statusText:e.statusText,headers:e.headers})}n(he,"responseFromBufferedBody");function be(e,t){if(!fe.has(e.status))return;let r=e.headers.get("location");if(r)return new URL(r,t).toString()}n(be,"resolveRedirectUrl");function V(e,t){try{return t.validateUrl(e)}catch(r){throw new d({message:"Outbound URL was not allowed.",extensionMembers:{[u]:t.problemCode}},{cause:r})}}n(V,"validateOutboundUrl");function ge(e,t){throw e instanceof d&&q(e.extensionMembers?.[u])?e:new d({message:"Outbound fetch failed.",extensionMembers:{[u]:t}},{cause:e})}n(ge,"normalizeFetchError");function O(e,t){if(e===void 0)return;let r={event:t.event,code:t.problemCode,method:t.method};if(t.host!==void 0&&(r.host=t.host),t.extra!==void 0)for(let[o,s]of Object.entries(t.extra))s!==void 0&&(r[o]=s);t.error!==void 0&&N(r,"error",t.error),e.log.warn(r,"Outbound HTTP exchange rejected")}n(O,"logOutboundFailure");async function ye(e,t,r,o,s,i,c){let m=y(r,o);try{return await t(r,o)}catch(a){let g=a instanceof DOMException&&a.name==="AbortError";O(e,{event:g?"outbound_fetch_aborted":"outbound_fetch_failed",problemCode:s,method:m,host:b(i),error:a,extra:{abortReason:c()}}),ge(a,s)}}n(ye,"fetchWithNormalizedError");function Re(e){if(e.redirects>=e.maxRedirects)throw new d({message:"Outbound redirects exceeded the maximum allowed depth.",extensionMembers:{[u]:e.problemCode}});if(e.method!=="GET"&&e.method!=="HEAD")throw new d({message:"Outbound redirect after a non-idempotent request was blocked.",extensionMembers:{[u]:e.problemCode}})}n(Re,"assertRedirectAllowed");function xe(e,t){let r=new Headers(e);for(let o of le)r.delete(o);for(let o of t)r.delete(o);return r}n(xe,"stripCrossOriginHeaders");function we(e,t,r,o,s){let i={...e,method:t,redirect:"manual",signal:r};return o&&(i.headers=xe(e.headers,s)),i}n(we,"buildRedirectInit");function Oe(e,t,r){let o={...t,redirect:"manual",signal:r};return o.headers===void 0&&e instanceof Request&&(o.headers=e.headers),o}n(Oe,"buildInitialRequestInit");function ve(e){let t=y(e.currentInput,e.currentInit);Re({redirects:e.redirects,maxRedirects:e.maxRedirects,method:t,problemCode:e.problemCode});let r=V(e.redirectUrl,{problemCode:e.problemCode,validateUrl:e.validateUrl}),o=new URL(e.currentUrl),s=r.origin!==o.origin,i=r.toString();return{currentInput:i,currentUrl:i,currentInit:we(e.currentInit,t,e.signal,s,e.additionalCrossOriginStrippedHeaders),redirects:e.redirects+1}}n(ve,"followRedirect");async function M(e,t,r){let o=r.problemCode??"invalid_request",s=r.maxRedirects??de,i=r.maxResponseBytes??ue,c=r.timeoutMs??ce,m=r.fetchImpl??fetch,a=r.additionalCrossOriginStrippedHeaders??[],g=r.context,v=new AbortController,A=z(v,t.signal),B=!1,k=setTimeout(()=>{B=!0,v.abort()},c),R=e,x=Oe(e,t,v.signal),p;try{p=V(T(e),{problemCode:o,validateUrl:r.validateUrl}).toString()}catch(h){throw O(g,{event:"outbound_url_blocked",problemCode:o,method:y(e,t),host:b(T(e)),error:h}),clearTimeout(k),A?.(),h}let C=0;try{for(;;){let h=await ye(g,m,R,x,o,p,()=>B?`timeout_after_${c}ms`:void 0),I=be(h,p);if(I!==void 0)try{let f=ve({currentInput:R,currentInit:x,currentUrl:p,redirectUrl:I,redirects:C,maxRedirects:s,problemCode:o,validateUrl:r.validateUrl,signal:v.signal,additionalCrossOriginStrippedHeaders:a});R=f.currentInput,x=f.currentInit,p=f.currentUrl,C=f.redirects;continue}catch(f){throw O(g,{event:"outbound_redirect_blocked",problemCode:o,method:y(R,x),host:b(p),error:f,extra:{redirects:C,maxRedirects:s,redirectTargetHost:b(I)}}),f}try{return he(h,await pe(h,i,o))}catch(f){throw O(g,{event:"outbound_response_size_exceeded",problemCode:o,method:y(R,x),host:b(p),error:f,extra:{maxResponseBytes:i,status:h.status}}),f}}}finally{clearTimeout(k),A?.()}}n(M,"runSafeOutboundExchange");async function _(e,t,r){let o=await M(e,t,r);try{return{response:o,json:await o.clone().json()}}catch(s){throw O(r.context,{event:"outbound_json_parse_failed",problemCode:r.problemCode??"invalid_request",method:y(e,t),host:b(T(e)),error:s,extra:{status:o.status,contentType:o.headers.get("content-type")??void 0}}),new d({message:"Outbound JSON response could not be parsed.",extensionMembers:{[u]:r.problemCode??"invalid_request"}},{cause:s})}}n(_,"runSafeOutboundJsonExchange");function je(e,t={},r={}){return M(e,t,{...r,validateUrl:D})}n(je,"fetchConfiguredOutbound");function De(e,t={},r={}){return _(e,t,{...r,validateUrl:W})}n(De,"fetchIdentityProviderJson");function We(e,t={},r={}){return _(e,t,{...r,validateUrl:$})}n(We,"fetchCimdClientMetadataJson");function Je(e,t={},r={}){return _(e,t,{...r,validateUrl:Y})}n(Je,"fetchCimdClientJwksJson");function Ve(e){let t=H().browserLogin[e];if(typeof t=="string"&&t.length>0)return t;throw G("internal_server_error",`browserLogin.${e} is required for federated browser login. Set it on the mcp-oauth-inbound policy options.`)}n(Ve,"requireBrowserLoginField");export{D as a,$ as b,Y as c,K as d,je as e,De as f,We as g,Je as h,Ve as i};
26
- //# sourceMappingURL=chunk-GK7ZF3JA.js.map
25
+ import{Eb as q,fc as N,gb as w,gc as b,hb as U,jb as H,kc as G,zb as u}from"./chunk-ORBTGJIA.js";import{d as L}from"./chunk-JRXZBVXH.js";import{a as n,aa as d}from"./chunk-ZIKV2LUM.js";function l(e){return new d({message:e,extensionMembers:{[u]:"invalid_request"}})}n(l,"invalidOutboundUrl");function X(){let e=L.__TEST_ONLY_MCP_GATEWAY_ALLOW_HTTP_LOOPBACK_IDP??globalThis.process?.env?.__TEST_ONLY_MCP_GATEWAY_ALLOW_HTTP_LOOPBACK_IDP;return typeof e=="string"&&e==="1"}n(X,"isTestOnlyAllowHttpLoopbackIdpEnabled");function Z(){let e=L.__TEST_ONLY_MCP_GATEWAY_ALLOW_HTTP_LOOPBACK_CIMD??globalThis.process?.env?.__TEST_ONLY_MCP_GATEWAY_ALLOW_HTTP_LOOPBACK_CIMD;return typeof e=="string"&&e==="1"}n(Z,"isTestOnlyAllowHttpLoopbackCimdEnabled");var Q=new Set(["undefined","null","nan"]);function E(e,t){if(!e.hostname)throw l(`Outbound URL has an empty hostname (got ${JSON.stringify(t)}). This typically indicates an unset $env(...) reference or a JS template literal coercing \`undefined\` into a URL. Check the policy options or runtime config that produced this URL.`);if(Q.has(e.hostname.toLowerCase()))throw l(`Outbound URL hostname is ${JSON.stringify(e.hostname)} (from ${JSON.stringify(t)}). This almost always means an environment variable referenced by $env(...) is unset and a JS value was string-coerced into a URL. Set the missing env var or fix the policy option that produced this URL.`)}n(E,"assertSafeOutboundHostname");var ee=new Set(["localhost","169.254.169.254","metadata.google.internal","metadata"]),te=[{first:0},{first:10},{first:127},{first:169,secondMin:254,secondMax:254},{first:172,secondMin:16,secondMax:31},{first:192,secondMin:168,secondMax:168},{first:100,secondMin:64,secondMax:127},{first:224,firstMax:239},{first:240,firstMax:255}];function F(e){if(!/^\d+\.\d+\.\d+\.\d+$/.test(e))return;let t=e.split(".").map(r=>Number(r));if(!(t.length!==4||t.some(r=>Number.isNaN(r)||r<0||r>255)))return t}n(F,"parseIpv4Octets");function re([e,t],r){let o=r.firstMax??r.first;return e<r.first||e>o?!1:r.secondMin===void 0||r.secondMax===void 0?!0:t>=r.secondMin&&t<=r.secondMax}n(re,"ipv4RangeMatches");function j(e){let t=F(e);return t!==void 0&&te.some(r=>re(t,r))}n(j,"isPrivateIpv4");function P(e){if(!e||e.length>4)return;let t=Number.parseInt(e,16);return Number.isNaN(t)||t<0||t>65535?void 0:t}n(P,"parseIpv6Word");function ne(e,t){return[e>>8&255,e&255,t>>8&255,t&255].join(".")}n(ne,"formatIpv4FromWords");function oe(e){let t=e.slice(7),r=F(t);if(r!==void 0)return r.join(".");let[o,s,i]=t.split(":"),c=P(o),m=P(s);return i===void 0&&c!==void 0&&m!==void 0?ne(c,m):void 0}n(oe,"parseIpv6MappedIpv4");function se(e){return P(e.split(":").find(Boolean))}n(se,"readFirstIpv6Hextet");function ie(e){let t=w(e);if(!t.includes(":"))return!1;if(t==="::"||t==="::1")return!0;if(t.startsWith("::ffff:")){let o=oe(t);return o===void 0||j(o)}let r=se(t);return r===void 0?!1:(r&65024)===64512||(r&65472)===65152}n(ie,"isPrivateIpv6");function S(e){let t=w(e);return ee.has(t)||t.endsWith(".internal")||j(t)||ie(t)}n(S,"isBlockedOutboundHostname");function D(e){let t=new URL(e);if(t.protocol!=="https:"&&t.protocol!=="http:")throw l(`Unsupported outbound protocol: ${t.protocol}`);E(t,e);let r=U(t);if(t.protocol==="http:"&&!r)throw l("Configured outbound HTTP URLs must target loopback hosts.");let o=w(t.hostname);if(!r&&S(o))throw l(`Blocked outbound host: ${o}`);return t}n(D,"validateConfiguredOutboundUrl");function W(e){let t=new URL(e),r=U(t),o=r&&X();if(t.protocol!=="https:"&&!o)throw l("Identity provider URLs must use https.");if(t.username||t.password||t.search||t.hash)throw l("Identity provider URLs must not include credentials, query params, or fragments.");E(t,e);let s=w(t.hostname);if(!r&&S(s))throw l(`Blocked identity provider host: ${s}`);return t}n(W,"validateIdentityProviderUrl");function J(e,t){let r=new URL(e),o=r.protocol==="http:"&&U(r)&&Z();if(r.protocol!=="https:"&&!o||r.pathname==="/"||r.username||r.password||r.hash)throw l(`CIMD ${t} must be an HTTPS URL with a path and no credentials or fragment.`);if(E(r,e),!o&&S(r.hostname))throw l(`CIMD ${t} points at a blocked host.`);return r}n(J,"validateCimdUrl");function $(e){return J(e,"client_id")}n($,"validateCimdClientMetadataUrl");function Y(e){return J(e,"jwks_uri")}n(Y,"validateCimdClientJwksUrl");function z(e,t){if(!t)return;if(t.aborted){e.abort(t.reason);return}let r=n(()=>e.abort(t.reason),"abort");return t.addEventListener("abort",r,{once:!0}),()=>t.removeEventListener("abort",r)}n(z,"mergeAbortSignals");async function ae(e){try{await e.cancel()}catch{}}n(ae,"cancelReader");async function K(e,t){if(!e)return new Uint8Array;let r=e.getReader(),o=[],s=0,i=await r.read();for(;!i.done;){let a=i.value;if(s+=a.byteLength,s>t.maxBytes)throw await ae(r),t.createLimitError();o.push(a),i=await r.read()}let c=new Uint8Array(s),m=0;for(let a of o)c.set(a,m),m+=a.byteLength;return c}n(K,"readBoundedByteStream");var de=2,ue=1024*1024,ce=1e4,fe=new Set([301,302,303,307,308]),le=["authorization","proxy-authorization","cookie","cookie2"];function T(e){return typeof e=="string"?e:e instanceof URL?e.toString():e.url}n(T,"readRequestUrl");function y(e,t){return t?.method!==void 0?t.method.toUpperCase():e instanceof Request?e.method.toUpperCase():"GET"}n(y,"readRequestMethod");function me(e,t,r){let o=e.headers.get("content-length");if(!o)return;let s=Number.parseInt(o,10);if(Number.isFinite(s)&&s>t)throw new d({message:"Outbound response exceeded the maximum allowed size.",extensionMembers:{[u]:r}})}n(me,"assertContentLengthWithinLimit");async function pe(e,t,r){return me(e,t,r),K(e.body,{maxBytes:t,createLimitError:n(()=>new d({message:"Outbound response exceeded the maximum allowed size.",extensionMembers:{[u]:r}}),"createLimitError")})}n(pe,"readBoundedResponseBody");function he(e,t){let r=new ArrayBuffer(t.byteLength);return new Uint8Array(r).set(t),new Response(r,{status:e.status,statusText:e.statusText,headers:e.headers})}n(he,"responseFromBufferedBody");function be(e,t){if(!fe.has(e.status))return;let r=e.headers.get("location");if(r)return new URL(r,t).toString()}n(be,"resolveRedirectUrl");function V(e,t){try{return t.validateUrl(e)}catch(r){throw new d({message:"Outbound URL was not allowed.",extensionMembers:{[u]:t.problemCode}},{cause:r})}}n(V,"validateOutboundUrl");function ge(e,t){throw e instanceof d&&q(e.extensionMembers?.[u])?e:new d({message:"Outbound fetch failed.",extensionMembers:{[u]:t}},{cause:e})}n(ge,"normalizeFetchError");function O(e,t){if(e===void 0)return;let r={event:t.event,code:t.problemCode,method:t.method};if(t.host!==void 0&&(r.host=t.host),t.extra!==void 0)for(let[o,s]of Object.entries(t.extra))s!==void 0&&(r[o]=s);t.error!==void 0&&N(r,"error",t.error),e.log.warn(r,"Outbound HTTP exchange rejected")}n(O,"logOutboundFailure");async function ye(e,t,r,o,s,i,c){let m=y(r,o);try{return await t(r,o)}catch(a){let g=a instanceof DOMException&&a.name==="AbortError";O(e,{event:g?"outbound_fetch_aborted":"outbound_fetch_failed",problemCode:s,method:m,host:b(i),error:a,extra:{abortReason:c()}}),ge(a,s)}}n(ye,"fetchWithNormalizedError");function Re(e){if(e.redirects>=e.maxRedirects)throw new d({message:"Outbound redirects exceeded the maximum allowed depth.",extensionMembers:{[u]:e.problemCode}});if(e.method!=="GET"&&e.method!=="HEAD")throw new d({message:"Outbound redirect after a non-idempotent request was blocked.",extensionMembers:{[u]:e.problemCode}})}n(Re,"assertRedirectAllowed");function xe(e,t){let r=new Headers(e);for(let o of le)r.delete(o);for(let o of t)r.delete(o);return r}n(xe,"stripCrossOriginHeaders");function we(e,t,r,o,s){let i={...e,method:t,redirect:"manual",signal:r};return o&&(i.headers=xe(e.headers,s)),i}n(we,"buildRedirectInit");function Oe(e,t,r){let o={...t,redirect:"manual",signal:r};return o.headers===void 0&&e instanceof Request&&(o.headers=e.headers),o}n(Oe,"buildInitialRequestInit");function ve(e){let t=y(e.currentInput,e.currentInit);Re({redirects:e.redirects,maxRedirects:e.maxRedirects,method:t,problemCode:e.problemCode});let r=V(e.redirectUrl,{problemCode:e.problemCode,validateUrl:e.validateUrl}),o=new URL(e.currentUrl),s=r.origin!==o.origin,i=r.toString();return{currentInput:i,currentUrl:i,currentInit:we(e.currentInit,t,e.signal,s,e.additionalCrossOriginStrippedHeaders),redirects:e.redirects+1}}n(ve,"followRedirect");async function M(e,t,r){let o=r.problemCode??"invalid_request",s=r.maxRedirects??de,i=r.maxResponseBytes??ue,c=r.timeoutMs??ce,m=r.fetchImpl??fetch,a=r.additionalCrossOriginStrippedHeaders??[],g=r.context,v=new AbortController,A=z(v,t.signal),B=!1,k=setTimeout(()=>{B=!0,v.abort()},c),R=e,x=Oe(e,t,v.signal),p;try{p=V(T(e),{problemCode:o,validateUrl:r.validateUrl}).toString()}catch(h){throw O(g,{event:"outbound_url_blocked",problemCode:o,method:y(e,t),host:b(T(e)),error:h}),clearTimeout(k),A?.(),h}let C=0;try{for(;;){let h=await ye(g,m,R,x,o,p,()=>B?`timeout_after_${c}ms`:void 0),I=be(h,p);if(I!==void 0)try{let f=ve({currentInput:R,currentInit:x,currentUrl:p,redirectUrl:I,redirects:C,maxRedirects:s,problemCode:o,validateUrl:r.validateUrl,signal:v.signal,additionalCrossOriginStrippedHeaders:a});R=f.currentInput,x=f.currentInit,p=f.currentUrl,C=f.redirects;continue}catch(f){throw O(g,{event:"outbound_redirect_blocked",problemCode:o,method:y(R,x),host:b(p),error:f,extra:{redirects:C,maxRedirects:s,redirectTargetHost:b(I)}}),f}try{return he(h,await pe(h,i,o))}catch(f){throw O(g,{event:"outbound_response_size_exceeded",problemCode:o,method:y(R,x),host:b(p),error:f,extra:{maxResponseBytes:i,status:h.status}}),f}}}finally{clearTimeout(k),A?.()}}n(M,"runSafeOutboundExchange");async function _(e,t,r){let o=await M(e,t,r);try{return{response:o,json:await o.clone().json()}}catch(s){throw O(r.context,{event:"outbound_json_parse_failed",problemCode:r.problemCode??"invalid_request",method:y(e,t),host:b(T(e)),error:s,extra:{status:o.status,contentType:o.headers.get("content-type")??void 0}}),new d({message:"Outbound JSON response could not be parsed.",extensionMembers:{[u]:r.problemCode??"invalid_request"}},{cause:s})}}n(_,"runSafeOutboundJsonExchange");function je(e,t={},r={}){return M(e,t,{...r,validateUrl:D})}n(je,"fetchConfiguredOutbound");function De(e,t={},r={}){return _(e,t,{...r,validateUrl:W})}n(De,"fetchIdentityProviderJson");function We(e,t={},r={}){return _(e,t,{...r,validateUrl:$})}n(We,"fetchCimdClientMetadataJson");function Je(e,t={},r={}){return _(e,t,{...r,validateUrl:Y})}n(Je,"fetchCimdClientJwksJson");function Ve(e){let t=H().browserLogin[e];if(typeof t=="string"&&t.length>0)return t;throw G("internal_server_error",`browserLogin.${e} is required for federated browser login. Set it on the mcp-oauth-inbound policy options.`)}n(Ve,"requireBrowserLoginField");export{D as a,$ as b,Y as c,K as d,je as e,De as f,We as g,Je as h,Ve as i};
26
+ //# sourceMappingURL=chunk-WASXKKBJ.js.map
package/out/esm/index.js CHANGED
@@ -22,5 +22,5 @@
22
22
  * DEALINGS IN THE SOFTWARE.
23
23
  *--------------------------------------------------------------------------------------------*/
24
24
 
25
- import{$ as tt,$a as tr,$c as wr,A as I,Aa as Ht,Ad as Xr,B as J,Ba as Pt,Bd as Yr,C as K,Ca as St,Cd as Zr,D as M,Da as Tt,Dd as _r,E as N,Ea as Ut,Ed as ts,F as O,Fa as $t,Fd as rs,Ga as kt,Gd as ss,Ha as Ft,Hd as es,Ia as Lt,Id as os,Ja as Rt,Jd as as,Ka as qt,Kd as ns,La as vt,Ld as is,Ma as zt,Md as ps,Na as Gt,Nd as cs,Oa as It,Od as hs,Pa as Jt,Pd as ms,Qa as Kt,Qd as gs,Ra as Mt,Rd as ds,Sa as Nt,Sd as us,Ta as Ot,Td as fs,U as Q,Ua as Qt,Ud as xs,V,Va as Vt,Vd as ys,W,Wa as Wt,X,Xa as Xt,Y,Ya as Yt,Z,Za as Zt,_,_a as _t,a as n,aa as rt,ab as rr,ad as Ar,b as x,ba as st,bb as sr,bd as br,c as y,ca as et,cb as er,cd as lr,d as w,da as ot,db as or,dd as jr,e as A,ea as at,eb as ar,ed as Br,f as b,fa as nt,fb as nr,fd as Cr,g as l,ga as it,gd as Dr,h as j,ha as pt,hd as Er,i as B,ia as ct,id as Hr,ja as ht,jd as Pr,k as C,ka as mt,kd as Sr,l as D,la as gt,lb as ir,ld as Tr,m as E,ma as dt,mb as pr,md as Ur,n as H,na as ut,nb as cr,nd as $r,o as P,oa as ft,ob as hr,od as kr,pa as xt,pb as mr,pd as Fr,q as T,qa as yt,qb as gr,qd as Lr,r as U,ra as wt,rb as dr,rd as Rr,s as $,sa as At,sb as ur,sd as qr,t as k,ta as bt,tb as fr,td as vr,u as F,ua as lt,ub as xr,ud as Mr,v as L,va as jt,vb as yr,vd as Nr,w as R,wa as Bt,wd as Or,x as q,xa as Ct,xd as Qr,y as v,ya as Dt,yd as Vr,z as G,za as Et,zd as Wr}from"./chunk-OATPYDFL.js";import{a as S,d as z,e as zr,f as Gr,g as Ir,h as Jr,i as Kr}from"./chunk-JRXZBVXH.js";import"./chunk-4SACVMDH.js";import{_ as u,a as t,aa as a,ba as f}from"./chunk-ZIKV2LUM.js";var e=["sha-1","sha-256","sha-384","sha-512"],r=class{static{t(this,"BaseCryptoBeta")}};var o=class extends r{static{t(this,"WorkerCryptoBeta")}async digest(s,p){if(n("runtime.crypto-beta"),!e.includes(s.toLowerCase()))throw new a(`Algorithm ${s} is not supported. Try using ${e.join(", ")}`);let c=new TextEncoder().encode(p),h=await crypto.subtle.digest(s,c);return Array.from(new Uint8Array(h)).map(m=>m.toString(16).padStart(2,"0")).join("")}};export{Dt as AIGatewayAnthropicToOpenAIInboundPolicy,Et as AIGatewayAuthInboundPolicy,I as AIGatewayMeteringInboundPolicy,Ht as AIGatewayOpenAIToAnthropicOutboundPolicy,Pt as AIGatewaySemanticCacheInboundPolicy,St as AIGatewaySemanticCacheOutboundPolicy,Tt as AIGatewayUsageTrackerPolicy,rt as AWSLoggingPlugin,Ut as AkamaiAIFirewallInboundPolicy,wt as AkamaiApiSecurityPlugin,$t as AkamaiFirewallForAiInboundPolicy,kt as AkamaiFirewallForAiOutboundPolicy,Lt as AmberfloMeteringInboundPolicy,Ft as AmberfloMeteringPolicy,qt as ApiAuthKeyInboundPolicy,xs as ApiKeyConsumerClient,Rt as ApiKeyInboundPolicy,dt as AuditLogDataStaxProvider,ut as AuditLogPlugin,zt as Auth0JwtInboundPolicy,Gt as AuthZenInboundPolicy,K as AwsLambdaHandlerExtensions,It as AxiomaticsAuthZInboundPolicy,bt as AzureBlobPlugin,lt as AzureEventHubsRequestLoggerPlugin,At as BackgroundDispatcher,ys as BackgroundLoader,Jt as BasicAuthInboundPolicy,$r as BasicRateLimitInboundPolicy,P as BatchDispatch,Kt as BrownoutInboundPolicy,Mt as CachingInboundPolicy,Nt as ChangeMethodInboundPolicy,Ot as ClearHeadersInboundPolicy,Qt as ClearHeadersOutboundPolicy,Vt as ClerkJwtInboundPolicy,Wt as CognitoJwtInboundPolicy,Xt as CometOpikTracingInboundPolicy,Yt as ComplexRateLimitInboundPolicy,Zt as CompositeInboundPolicy,_t as CompositeOutboundPolicy,f as ConfigurationError,E as ContentTypes,v as ContextData,o as CryptoBeta,tr as CurityPhantomTokenInboundPolicy,F as DataDogLoggingPlugin,ct as DataDogMetricsPlugin,st as DynaTraceLoggingPlugin,ht as DynatraceMetricsPlugin,rr as FirebaseJwtInboundPolicy,sr as FormDataToJsonInboundPolicy,er as GalileoTracingInboundPolicy,or as GeoFilterInboundPolicy,k as GoogleCloudLoggingPlugin,G as Handler,ar as HttpDeprecationOutboundPolicy,B as HttpProblems,b as HttpStatusCode,Bt as HydrolixRequestLoggerPlugin,U as InboundPolicy,nr as JWTScopeValidationInboundPolicy,ft as JwtServicePlugin,et as LokiLoggingPlugin,L as LookupResult,Br as MTLSAuthInboundPolicy,wr as McpAuth0OAuthInboundPolicy,ir as McpClerkOAuthInboundPolicy,pr as McpCognitoOAuthInboundPolicy,cr as McpEntraOAuthInboundPolicy,xt as McpGatewayOAuthProtectedResourcePlugin,hr as McpGoogleOAuthInboundPolicy,mr as McpKeycloakOAuthInboundPolicy,gr as McpLogtoOAuthInboundPolicy,dr as McpOAuthInboundPolicy,ur as McpOktaOAuthInboundPolicy,fr as McpOneLoginOAuthInboundPolicy,xr as McpPingOAuthInboundPolicy,yr as McpWorkosOAuthInboundPolicy,w as MemoryZoneReadThroughCache,Ar as MockApiInboundPolicy,lr as MoesifInboundPolicy,jr as MonetizationInboundPolicy,ot as NewRelicLoggingPlugin,mt as NewRelicMetricsPlugin,yt as OAuthProtectedResourcePlugin,gt as OTelMetricsPlugin,Cr as OktaFGAAuthZInboundPolicy,Dr as OktaJwtInboundPolicy,Er as OpenFGAAuthZInboundPolicy,vt as OpenIdJwtInboundPolicy,Hr as OpenMeterInboundPolicy,$ as OutboundPolicy,j as ProblemResponseFormatter,Pr as PromptInjectionDetectionOutboundPolicy,Sr as PropelAuthJwtInboundPolicy,Tr as QueryParamToHeaderInboundPolicy,Ur as QuotaInboundPolicy,$r as RateLimitInboundPolicy,kr as ReadmeMetricsInboundPolicy,Fr as RemoveHeadersInboundPolicy,Lr as RemoveHeadersOutboundPolicy,Rr as RemoveQueryParamsInboundPolicy,qr as ReplaceStringOutboundPolicy,Ct as RequestLoggerPlugin,vr as RequestSizeLimitInboundPolicy,Mr as RequestValidationInboundPolicy,Or as RequireOriginInboundPolicy,R as ResponseSendingEvent,q as ResponseSentEvent,a as RuntimeError,u as SYSTEM_LOGGER,Nr as SchemaBasedRequestValidation,Qr as SecretMaskingOutboundPolicy,T as SemanticAttributes,Vr as SemanticCacheInboundPolicy,fs as ServiceProviderImpl,Wr as SetBodyInboundPolicy,Xr as SetHeadersInboundPolicy,Yr as SetHeadersOutboundPolicy,Zr as SetQueryParamsInboundPolicy,_r as SetStatusOutboundPolicy,ts as SetUpstreamApiKeyInboundPolicy,rs as SleepInboundPolicy,at as SplunkLoggingPlugin,A as StreamingZoneCache,ss as StripeWebhookVerificationInboundPolicy,nt as SumoLogicLoggingPlugin,es as SupabaseJwtInboundPolicy,S as SystemRouteName,C as TelemetryPlugin,os as UpstreamAzureAdServiceAuthInboundPolicy,as as UpstreamFirebaseAdminAuthInboundPolicy,ns as UpstreamFirebaseUserAuthInboundPolicy,ps as UpstreamGcpFederatedAuthInboundPolicy,cs as UpstreamGcpJwtInboundPolicy,hs as UpstreamGcpServiceAuthInboundPolicy,ms as UpstreamZuploJwtAuthInboundPolicy,it as VMWareLogInsightLoggingPlugin,gs as ValidateJsonSchemaInbound,ds as WebBotAuthInboundPolicy,us as XmlToJsonOutboundPolicy,y as ZoneCache,pt as ZuploMcpSdk,D as ZuploRequest,is as ZuploServices,J as aiGatewayHandler,x as apiServices,M as awsLambdaHandler,jt as defaultGenerateHydrolixEntry,z as environment,Gr as getIdForParameterSchema,Jr as getIdForRefSchema,Ir as getIdForRequestBodySchema,zr as getRawOperationDataIdentifierName,l as httpStatuses,N as legacyDevPortalHandler,Q as mcpServerHandler,V as openApiSpecHandler,W as redirectHandler,O as redirectLegacyDevPortal,Kr as sanitizedIdentifierName,H as serialize,br as setMoesifContext,n as trackFeature,Y as urlForwardHandler,Z as urlRewriteHandler,_ as webSocketHandler,tt as webSocketPipelineHandler,X as zuploServiceProxy};
25
+ import{$ as tt,$a as tr,$c as wr,A as I,Aa as Ht,Ad as Xr,B as J,Ba as Pt,Bd as Yr,C as K,Ca as St,Cd as Zr,D as M,Da as Tt,Dd as _r,E as N,Ea as Ut,Ed as ts,F as O,Fa as $t,Fd as rs,Ga as kt,Gd as ss,Ha as Ft,Hd as es,Ia as Lt,Id as os,Ja as Rt,Jd as as,Ka as qt,Kd as ns,La as vt,Ld as is,Ma as zt,Md as ps,Na as Gt,Nd as cs,Oa as It,Od as hs,Pa as Jt,Pd as ms,Qa as Kt,Qd as gs,Ra as Mt,Rd as ds,Sa as Nt,Sd as us,Ta as Ot,Td as fs,U as Q,Ua as Qt,Ud as xs,V,Va as Vt,Vd as ys,W,Wa as Wt,X,Xa as Xt,Y,Ya as Yt,Z,Za as Zt,_,_a as _t,a as n,aa as rt,ab as rr,ad as Ar,b as x,ba as st,bb as sr,bd as br,c as y,ca as et,cb as er,cd as lr,d as w,da as ot,db as or,dd as jr,e as A,ea as at,eb as ar,ed as Br,f as b,fa as nt,fb as nr,fd as Cr,g as l,ga as it,gd as Dr,h as j,ha as pt,hd as Er,i as B,ia as ct,id as Hr,ja as ht,jd as Pr,k as C,ka as mt,kd as Sr,l as D,la as gt,lb as ir,ld as Tr,m as E,ma as dt,mb as pr,md as Ur,n as H,na as ut,nb as cr,nd as $r,o as P,oa as ft,ob as hr,od as kr,pa as xt,pb as mr,pd as Fr,q as T,qa as yt,qb as gr,qd as Lr,r as U,ra as wt,rb as dr,rd as Rr,s as $,sa as At,sb as ur,sd as qr,t as k,ta as bt,tb as fr,td as vr,u as F,ua as lt,ub as xr,ud as Mr,v as L,va as jt,vb as yr,vd as Nr,w as R,wa as Bt,wd as Or,x as q,xa as Ct,xd as Qr,y as v,ya as Dt,yd as Vr,z as G,za as Et,zd as Wr}from"./chunk-ORBTGJIA.js";import{a as S,d as z,e as zr,f as Gr,g as Ir,h as Jr,i as Kr}from"./chunk-JRXZBVXH.js";import"./chunk-4SACVMDH.js";import{_ as u,a as t,aa as a,ba as f}from"./chunk-ZIKV2LUM.js";var e=["sha-1","sha-256","sha-384","sha-512"],r=class{static{t(this,"BaseCryptoBeta")}};var o=class extends r{static{t(this,"WorkerCryptoBeta")}async digest(s,p){if(n("runtime.crypto-beta"),!e.includes(s.toLowerCase()))throw new a(`Algorithm ${s} is not supported. Try using ${e.join(", ")}`);let c=new TextEncoder().encode(p),h=await crypto.subtle.digest(s,c);return Array.from(new Uint8Array(h)).map(m=>m.toString(16).padStart(2,"0")).join("")}};export{Dt as AIGatewayAnthropicToOpenAIInboundPolicy,Et as AIGatewayAuthInboundPolicy,I as AIGatewayMeteringInboundPolicy,Ht as AIGatewayOpenAIToAnthropicOutboundPolicy,Pt as AIGatewaySemanticCacheInboundPolicy,St as AIGatewaySemanticCacheOutboundPolicy,Tt as AIGatewayUsageTrackerPolicy,rt as AWSLoggingPlugin,Ut as AkamaiAIFirewallInboundPolicy,wt as AkamaiApiSecurityPlugin,$t as AkamaiFirewallForAiInboundPolicy,kt as AkamaiFirewallForAiOutboundPolicy,Lt as AmberfloMeteringInboundPolicy,Ft as AmberfloMeteringPolicy,qt as ApiAuthKeyInboundPolicy,xs as ApiKeyConsumerClient,Rt as ApiKeyInboundPolicy,dt as AuditLogDataStaxProvider,ut as AuditLogPlugin,zt as Auth0JwtInboundPolicy,Gt as AuthZenInboundPolicy,K as AwsLambdaHandlerExtensions,It as AxiomaticsAuthZInboundPolicy,bt as AzureBlobPlugin,lt as AzureEventHubsRequestLoggerPlugin,At as BackgroundDispatcher,ys as BackgroundLoader,Jt as BasicAuthInboundPolicy,$r as BasicRateLimitInboundPolicy,P as BatchDispatch,Kt as BrownoutInboundPolicy,Mt as CachingInboundPolicy,Nt as ChangeMethodInboundPolicy,Ot as ClearHeadersInboundPolicy,Qt as ClearHeadersOutboundPolicy,Vt as ClerkJwtInboundPolicy,Wt as CognitoJwtInboundPolicy,Xt as CometOpikTracingInboundPolicy,Yt as ComplexRateLimitInboundPolicy,Zt as CompositeInboundPolicy,_t as CompositeOutboundPolicy,f as ConfigurationError,E as ContentTypes,v as ContextData,o as CryptoBeta,tr as CurityPhantomTokenInboundPolicy,F as DataDogLoggingPlugin,ct as DataDogMetricsPlugin,st as DynaTraceLoggingPlugin,ht as DynatraceMetricsPlugin,rr as FirebaseJwtInboundPolicy,sr as FormDataToJsonInboundPolicy,er as GalileoTracingInboundPolicy,or as GeoFilterInboundPolicy,k as GoogleCloudLoggingPlugin,G as Handler,ar as HttpDeprecationOutboundPolicy,B as HttpProblems,b as HttpStatusCode,Bt as HydrolixRequestLoggerPlugin,U as InboundPolicy,nr as JWTScopeValidationInboundPolicy,ft as JwtServicePlugin,et as LokiLoggingPlugin,L as LookupResult,Br as MTLSAuthInboundPolicy,wr as McpAuth0OAuthInboundPolicy,ir as McpClerkOAuthInboundPolicy,pr as McpCognitoOAuthInboundPolicy,cr as McpEntraOAuthInboundPolicy,xt as McpGatewayOAuthProtectedResourcePlugin,hr as McpGoogleOAuthInboundPolicy,mr as McpKeycloakOAuthInboundPolicy,gr as McpLogtoOAuthInboundPolicy,dr as McpOAuthInboundPolicy,ur as McpOktaOAuthInboundPolicy,fr as McpOneLoginOAuthInboundPolicy,xr as McpPingOAuthInboundPolicy,yr as McpWorkosOAuthInboundPolicy,w as MemoryZoneReadThroughCache,Ar as MockApiInboundPolicy,lr as MoesifInboundPolicy,jr as MonetizationInboundPolicy,ot as NewRelicLoggingPlugin,mt as NewRelicMetricsPlugin,yt as OAuthProtectedResourcePlugin,gt as OTelMetricsPlugin,Cr as OktaFGAAuthZInboundPolicy,Dr as OktaJwtInboundPolicy,Er as OpenFGAAuthZInboundPolicy,vt as OpenIdJwtInboundPolicy,Hr as OpenMeterInboundPolicy,$ as OutboundPolicy,j as ProblemResponseFormatter,Pr as PromptInjectionDetectionOutboundPolicy,Sr as PropelAuthJwtInboundPolicy,Tr as QueryParamToHeaderInboundPolicy,Ur as QuotaInboundPolicy,$r as RateLimitInboundPolicy,kr as ReadmeMetricsInboundPolicy,Fr as RemoveHeadersInboundPolicy,Lr as RemoveHeadersOutboundPolicy,Rr as RemoveQueryParamsInboundPolicy,qr as ReplaceStringOutboundPolicy,Ct as RequestLoggerPlugin,vr as RequestSizeLimitInboundPolicy,Mr as RequestValidationInboundPolicy,Or as RequireOriginInboundPolicy,R as ResponseSendingEvent,q as ResponseSentEvent,a as RuntimeError,u as SYSTEM_LOGGER,Nr as SchemaBasedRequestValidation,Qr as SecretMaskingOutboundPolicy,T as SemanticAttributes,Vr as SemanticCacheInboundPolicy,fs as ServiceProviderImpl,Wr as SetBodyInboundPolicy,Xr as SetHeadersInboundPolicy,Yr as SetHeadersOutboundPolicy,Zr as SetQueryParamsInboundPolicy,_r as SetStatusOutboundPolicy,ts as SetUpstreamApiKeyInboundPolicy,rs as SleepInboundPolicy,at as SplunkLoggingPlugin,A as StreamingZoneCache,ss as StripeWebhookVerificationInboundPolicy,nt as SumoLogicLoggingPlugin,es as SupabaseJwtInboundPolicy,S as SystemRouteName,C as TelemetryPlugin,os as UpstreamAzureAdServiceAuthInboundPolicy,as as UpstreamFirebaseAdminAuthInboundPolicy,ns as UpstreamFirebaseUserAuthInboundPolicy,ps as UpstreamGcpFederatedAuthInboundPolicy,cs as UpstreamGcpJwtInboundPolicy,hs as UpstreamGcpServiceAuthInboundPolicy,ms as UpstreamZuploJwtAuthInboundPolicy,it as VMWareLogInsightLoggingPlugin,gs as ValidateJsonSchemaInbound,ds as WebBotAuthInboundPolicy,us as XmlToJsonOutboundPolicy,y as ZoneCache,pt as ZuploMcpSdk,D as ZuploRequest,is as ZuploServices,J as aiGatewayHandler,x as apiServices,M as awsLambdaHandler,jt as defaultGenerateHydrolixEntry,z as environment,Gr as getIdForParameterSchema,Jr as getIdForRefSchema,Ir as getIdForRequestBodySchema,zr as getRawOperationDataIdentifierName,l as httpStatuses,N as legacyDevPortalHandler,Q as mcpServerHandler,V as openApiSpecHandler,W as redirectHandler,O as redirectLegacyDevPortal,Kr as sanitizedIdentifierName,H as serialize,br as setMoesifContext,n as trackFeature,Y as urlForwardHandler,Z as urlRewriteHandler,_ as webSocketHandler,tt as webSocketPipelineHandler,X as zuploServiceProxy};
26
26
  //# sourceMappingURL=index.js.map