agent-relay 1.0.22 → 1.2.0

package/dist/cloud/api/onboarding.js

@@ -0,0 +1,588 @@
+/**
+ * Onboarding API Routes
+ *
+ * Handles CLI proxy authentication for Claude Code and other providers.
+ * Spawns CLI tools via PTY to get auth URLs, captures tokens.
+ *
+ * We use node-pty instead of child_process.spawn because:
+ * 1. Many CLIs detect if they're in a TTY and behave differently
+ * 2. Interactive OAuth flows often require TTY for proper output
+ * 3. PTY ensures the CLI outputs auth URLs correctly
+ */
+import { Router } from 'express';
+import * as crypto from 'crypto';
+import { requireAuth } from './auth.js';
+import { db } from '../db/index.js';
+import { vault } from '../vault/index.js';
+// Import for local use
+import { CLI_AUTH_CONFIG, runCLIAuthViaPTY, stripAnsiCodes, matchesSuccessPattern, findMatchingPrompt, validateProviderConfig, validateAllProviderConfigs, getSupportedProviders, } from './cli-pty-runner.js';
+// Re-export from shared module for backward compatibility
+export { CLI_AUTH_CONFIG, runCLIAuthViaPTY, stripAnsiCodes, matchesSuccessPattern, findMatchingPrompt, validateProviderConfig, validateAllProviderConfigs, getSupportedProviders, };
+export const onboardingRouter = Router();
+// Debug: log all requests to this router
+onboardingRouter.use((req, res, next) => {
+    console.log(`[onboarding] ${req.method} ${req.path} - body:`, JSON.stringify(req.body));
+    next();
+});
+// All routes require authentication
+onboardingRouter.use(requireAuth);
+const activeSessions = new Map();
+// Clean up old sessions periodically
+setInterval(() => {
+    const now = Date.now();
+    activeSessions.forEach((session, id) => {
+        // Remove sessions older than 10 minutes
+        if (now - session.createdAt.getTime() > 10 * 60 * 1000) {
+            if (session.process) {
+                try {
+                    session.process.kill();
+                }
+                catch {
+                    // Process may already be dead
+                }
+            }
+            activeSessions.delete(id);
+        }
+    });
+}, 60000);
+/**
+ * POST /api/onboarding/cli/:provider/start
+ * Start CLI-based auth - forwards to workspace daemon if available
+ *
+ * CLI auth requires a running workspace since CLI tools are installed there.
+ * For onboarding without a workspace, users should use the API key flow.
+ */
+onboardingRouter.post('/cli/:provider/start', async (req, res) => {
+    console.log('[onboarding] Route handler entered! provider:', req.params.provider);
+    const { provider } = req.params;
+    const userId = req.session.userId;
+    const { workspaceId, useDeviceFlow } = req.body; // Optional: specific workspace, device flow option
+    console.log('[onboarding] userId:', userId, 'workspaceId:', workspaceId, 'useDeviceFlow:', useDeviceFlow);
+    const config = CLI_AUTH_CONFIG[provider];
+    if (!config) {
+        return res.status(400).json({
+            error: 'Provider not supported for CLI auth',
+            supportedProviders: Object.keys(CLI_AUTH_CONFIG),
+        });
+    }
+    try {
+        // Find a running workspace to use for CLI auth
+        let workspace;
+        if (workspaceId) {
+            workspace = await db.workspaces.findById(workspaceId);
+            if (!workspace) {
+                console.log(`[onboarding] Workspace ${workspaceId} not found in database`);
+                return res.status(404).json({ error: 'Workspace not found' });
+            }
+            if (workspace.userId !== userId) {
+                console.log(`[onboarding] Workspace ${workspaceId} belongs to ${workspace.userId}, not ${userId}`);
+                return res.status(404).json({ error: 'Workspace not found' });
+            }
+        }
+        else {
+            // Find any running workspace for this user
+            const workspaces = await db.workspaces.findByUserId(userId);
+            workspace = workspaces.find(w => w.status === 'running' && w.publicUrl);
+        }
+        if (!workspace || workspace.status !== 'running' || !workspace.publicUrl) {
+            return res.status(400).json({
+                error: 'CLI auth requires a running workspace',
+                code: 'NO_RUNNING_WORKSPACE',
+                message: 'Please start a workspace first, or use the API key input to connect your provider.',
+                hint: 'You can create a workspace without providers and connect them afterward using CLI auth.',
+            });
+        }
+        // Forward auth request to workspace daemon
+        // When running in Docker, localhost refers to the container, not the host
+        // Use host.docker.internal on Mac/Windows to reach the host machine
+        let workspaceUrl = workspace.publicUrl.replace(/\/$/, '');
+        // Detect Docker by checking for /.dockerenv file or RUNNING_IN_DOCKER env var
+        const isInDocker = process.env.RUNNING_IN_DOCKER === 'true' ||
+            await import('fs').then(fs => fs.existsSync('/.dockerenv')).catch(() => false);
+        console.log('[onboarding] isInDocker:', isInDocker, 'RUNNING_IN_DOCKER:', process.env.RUNNING_IN_DOCKER);
+        if (isInDocker && workspaceUrl.includes('localhost')) {
+            workspaceUrl = workspaceUrl.replace('localhost', 'host.docker.internal');
+            console.log('[onboarding] Translated localhost to host.docker.internal');
+        }
+        const targetUrl = `${workspaceUrl}/auth/cli/${provider}/start`;
+        console.log('[onboarding] Forwarding to workspace daemon:', targetUrl);
+        const authResponse = await fetch(targetUrl, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ useDeviceFlow }),
+        });
+        console.log('[onboarding] Workspace daemon response:', authResponse.status);
+        if (!authResponse.ok) {
+            const errorData = await authResponse.json().catch(() => ({}));
+            console.log('[onboarding] Workspace daemon error:', errorData);
+            return res.status(authResponse.status).json({
+                error: errorData.error || 'Failed to start CLI auth in workspace',
+            });
+        }
+        const workspaceSession = await authResponse.json();
+        // Create cloud session to track this
+        const sessionId = crypto.randomUUID();
+        const session = {
+            userId,
+            provider,
+            status: workspaceSession.status || 'starting',
+            authUrl: workspaceSession.authUrl,
+            createdAt: new Date(),
+            output: '',
+            // Store workspace info for status polling and auth code forwarding
+            workspaceUrl,
+            workspaceSessionId: workspaceSession.sessionId,
+        };
+        activeSessions.set(sessionId, session);
+        console.log('[onboarding] Session created:', { sessionId, workspaceUrl, workspaceSessionId: workspaceSession.sessionId });
+        res.json({
+            sessionId,
+            status: session.status,
+            authUrl: session.authUrl,
+            workspaceId: workspace.id,
+            message: session.authUrl ? 'Open the auth URL to complete login' : 'Auth session starting, poll for status',
+        });
+    }
+    catch (error) {
+        console.error(`Error starting CLI auth for ${provider}:`, error);
+        res.status(500).json({ error: 'Failed to start CLI authentication' });
+    }
+});
+/**
+ * GET /api/onboarding/cli/:provider/status/:sessionId
+ * Check status of CLI auth session - forwards to workspace daemon
+ */
+onboardingRouter.get('/cli/:provider/status/:sessionId', async (req, res) => {
+    const { provider, sessionId } = req.params;
+    const userId = req.session.userId;
+    const session = activeSessions.get(sessionId);
+    if (!session) {
+        return res.status(404).json({ error: 'Session not found or expired' });
+    }
+    if (session.userId !== userId) {
+        return res.status(403).json({ error: 'Unauthorized' });
+    }
+    // If we have workspace info, poll the workspace for status
+    if (session.workspaceUrl && session.workspaceSessionId) {
+        try {
+            const statusResponse = await fetch(`${session.workspaceUrl}/auth/cli/${provider}/status/${session.workspaceSessionId}`);
+            if (statusResponse.ok) {
+                const workspaceStatus = await statusResponse.json();
+                // Update local session with workspace status
+                session.status = workspaceStatus.status || session.status;
+                session.authUrl = workspaceStatus.authUrl || session.authUrl;
+                session.error = workspaceStatus.error;
+            }
+        }
+        catch (err) {
+            console.error('[onboarding] Failed to poll workspace status:', err);
+        }
+    }
+    res.json({
+        status: session.status,
+        authUrl: session.authUrl,
+        error: session.error,
+    });
+});
+/**
+ * POST /api/onboarding/cli/:provider/complete/:sessionId
+ * Mark CLI auth as complete and store credentials
+ *
+ * Handles two modes:
+ * 1. Workspace delegation: Forwards to workspace daemon to complete auth, then fetches credentials
+ * 2. Direct: Uses token from body or session
+ */
+onboardingRouter.post('/cli/:provider/complete/:sessionId', async (req, res) => {
+    const { provider, sessionId } = req.params;
+    const userId = req.session.userId;
+    const { token, authCode } = req.body; // token for direct mode, authCode for Codex redirect
+    console.log(`[onboarding] POST /cli/${provider}/complete/${sessionId} - token: ${token ? 'provided' : 'none'}, authCode: ${authCode ? 'provided' : 'none'}`);
+    const session = activeSessions.get(sessionId);
+    if (!session) {
+        return res.status(404).json({ error: 'Session not found or expired' });
+    }
+    if (session.userId !== userId) {
+        return res.status(403).json({ error: 'Unauthorized' });
+    }
+    try {
+        let accessToken = token || session.token;
+        let refreshToken = session.refreshToken;
+        let tokenExpiresAt = session.tokenExpiresAt;
+        // If using workspace delegation, forward complete request first
+        if (session.workspaceUrl && session.workspaceSessionId) {
+            // Forward authCode to workspace if provided (for Codex-style redirects)
+            if (authCode) {
+                const backendProviderId = provider === 'anthropic' ? 'anthropic' : provider;
+                const targetUrl = `${session.workspaceUrl}/auth/cli/${backendProviderId}/complete/${session.workspaceSessionId}`;
+                console.log('[onboarding] Forwarding complete request to workspace:', targetUrl);
+                const completeResponse = await fetch(targetUrl, {
+                    method: 'POST',
+                    headers: { 'Content-Type': 'application/json' },
+                    body: JSON.stringify({ authCode }),
+                });
+                if (!completeResponse.ok) {
+                    const errorData = await completeResponse.json().catch(() => ({}));
+                    return res.status(completeResponse.status).json({
+                        error: errorData.error || 'Failed to complete authentication in workspace',
+                    });
+                }
+                session.status = 'success';
+            }
+            // Fetch credentials from workspace
+            if (!accessToken) {
+                try {
+                    const credsResponse = await fetch(`${session.workspaceUrl}/auth/cli/${provider}/creds/${session.workspaceSessionId}`);
+                    if (credsResponse.ok) {
+                        const creds = await credsResponse.json();
+                        accessToken = creds.token;
+                        refreshToken = creds.refreshToken;
+                        if (creds.expiresAt) {
+                            tokenExpiresAt = new Date(creds.expiresAt);
+                        }
+                        console.log('[onboarding] Fetched credentials from workspace:', {
+                            hasToken: !!accessToken,
+                            hasRefreshToken: !!refreshToken,
+                        });
+                    }
+                }
+                catch (err) {
+                    console.error('[onboarding] Failed to get credentials from workspace:', err);
+                }
+            }
+        }
+        if (!accessToken) {
+            return res.status(400).json({
+                error: 'No token found. Please complete authentication or paste your token.',
+            });
+        }
+        // Store in vault with refresh token and expiry
+        await vault.storeCredential({
+            userId,
+            provider,
+            accessToken,
+            refreshToken,
+            tokenExpiresAt,
+            scopes: getProviderScopes(provider),
+        });
+        // Clean up session
+        activeSessions.delete(sessionId);
+        res.json({
+            success: true,
+            message: `${provider} connected successfully`,
+        });
+    }
+    catch (error) {
+        console.error(`Error completing CLI auth for ${provider}:`, error);
+        res.status(500).json({ error: 'Failed to complete authentication' });
+    }
+});
+/**
+ * POST /api/onboarding/cli/:provider/code/:sessionId
+ * Submit auth code to the CLI PTY session
+ * Used when OAuth returns a code that must be pasted into the CLI
+ */
+onboardingRouter.post('/cli/:provider/code/:sessionId', async (req, res) => {
+    const { provider, sessionId } = req.params;
+    const userId = req.session.userId;
+    const { code } = req.body;
+    console.log('[onboarding] Auth code submission request:', { provider, sessionId, codeLength: code?.length });
+    if (!code || typeof code !== 'string') {
+        return res.status(400).json({ error: 'Auth code is required' });
+    }
+    const session = activeSessions.get(sessionId);
+    if (!session) {
+        console.log('[onboarding] Session not found:', { sessionId, activeSessions: Array.from(activeSessions.keys()) });
+        return res.status(404).json({ error: 'Session not found or expired. Please try connecting again.' });
+    }
+    if (session.userId !== userId) {
+        return res.status(403).json({ error: 'Unauthorized' });
+    }
+    console.log('[onboarding] Session found:', {
+        sessionId,
+        workspaceUrl: session.workspaceUrl,
+        workspaceSessionId: session.workspaceSessionId,
+        status: session.status,
+    });
+    // Forward to workspace daemon
+    if (session.workspaceUrl && session.workspaceSessionId) {
+        try {
+            const targetUrl = `${session.workspaceUrl}/auth/cli/${provider}/code/${session.workspaceSessionId}`;
+            console.log('[onboarding] Forwarding auth code to workspace:', targetUrl);
+            const codeResponse = await fetch(targetUrl, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({ code }),
+            });
+            console.log('[onboarding] Workspace response:', { status: codeResponse.status });
+            if (codeResponse.ok) {
+                return res.json({ success: true, message: 'Auth code submitted' });
+            }
+            const errorData = await codeResponse.json().catch(() => ({}));
+            console.log('[onboarding] Workspace error:', errorData);
+            // Provide more helpful error message
+            const needsRestart = errorData.needsRestart;
+            if (codeResponse.status === 404 || codeResponse.status === 400) {
+                return res.status(400).json({
+                    error: errorData.error || 'Auth session expired in workspace. The CLI process may have timed out. Please try connecting again.',
+                    needsRestart: needsRestart ?? true,
+                });
+            }
+            return res.status(codeResponse.status).json({
+                error: errorData.error || 'Failed to submit auth code to workspace',
+                needsRestart,
+            });
+        }
+        catch (err) {
+            console.error('[onboarding] Failed to submit auth code to workspace:', err);
+            return res.status(500).json({
+                error: 'Failed to reach workspace. Please ensure your workspace is running and try again.',
+            });
+        }
+    }
+    console.log('[onboarding] No workspace session info available');
+    return res.status(400).json({
+        error: 'No workspace session available. This can happen if the workspace was restarted. Please try connecting again.',
+    });
+});
+// Note: POST /cli/:provider/complete/:sessionId handler is defined above (lines 269-368)
+// It handles both direct token storage and workspace delegation with authCode forwarding
+/**
+ * POST /api/onboarding/cli/:provider/cancel/:sessionId
+ * Cancel a CLI auth session
+ */
+onboardingRouter.post('/cli/:provider/cancel/:sessionId', async (req, res) => {
+    const { provider, sessionId } = req.params;
+    const userId = req.session.userId;
+    const session = activeSessions.get(sessionId);
+    if (session?.userId === userId) {
+        // Cancel on workspace side if applicable
+        if (session.workspaceUrl && session.workspaceSessionId) {
+            try {
+                await fetch(`${session.workspaceUrl}/auth/cli/${provider}/cancel/${session.workspaceSessionId}`, { method: 'POST' });
+            }
+            catch {
+                // Ignore cancel errors
+            }
+        }
+        activeSessions.delete(sessionId);
+    }
+    res.json({ success: true });
+});
+/**
+ * POST /api/onboarding/token/:provider
+ * Directly store a token (for manual paste flow)
+ */
+onboardingRouter.post('/token/:provider', async (req, res) => {
+    const { provider } = req.params;
+    const userId = req.session.userId;
+    const { token, email } = req.body;
+    if (!token) {
+        return res.status(400).json({ error: 'Token is required' });
+    }
+    try {
+        // Validate token by making a test API call
+        const isValid = await validateProviderToken(provider, token);
+        if (!isValid) {
+            return res.status(400).json({ error: 'Invalid token' });
+        }
+        // Store in vault
+        await vault.storeCredential({
+            userId,
+            provider,
+            accessToken: token,
+            scopes: getProviderScopes(provider),
+            providerAccountEmail: email,
+        });
+        res.json({
+            success: true,
+            message: `${provider} connected successfully`,
+        });
+    }
+    catch (error) {
+        console.error(`Error storing token for ${provider}:`, error);
+        res.status(500).json({ error: 'Failed to store token' });
+    }
+});
+/**
+ * GET /api/onboarding/status
+ * Get overall onboarding status
+ */
+onboardingRouter.get('/status', async (req, res) => {
+    const userId = req.session.userId;
+    try {
+        const [user, credentials, repositories] = await Promise.all([
+            db.users.findById(userId),
+            db.credentials.findByUserId(userId),
+            db.repositories.findByUserId(userId),
+        ]);
+        const connectedProviders = credentials.map(c => c.provider);
+        const hasAIProvider = connectedProviders.some(p => ['anthropic', 'openai', 'google'].includes(p));
+        res.json({
+            steps: {
+                github: { complete: connectedProviders.includes('github') },
+                aiProvider: {
+                    complete: hasAIProvider,
+                    connected: connectedProviders.filter(p => p !== 'github'),
+                },
+                repository: {
+                    complete: repositories.length > 0,
+                    count: repositories.length,
+                },
+            },
+            onboardingComplete: user?.onboardingCompletedAt != null,
+            canCreateWorkspace: hasAIProvider && repositories.length > 0,
+        });
+    }
+    catch (error) {
+        console.error('Error getting onboarding status:', error);
+        res.status(500).json({ error: 'Failed to get status' });
+    }
+});
+/**
+ * POST /api/onboarding/complete
+ * Mark onboarding as complete
+ */
+onboardingRouter.post('/complete', async (req, res) => {
+    const userId = req.session.userId;
+    try {
+        await db.users.completeOnboarding(userId);
+        res.json({ success: true });
+    }
+    catch (error) {
+        console.error('Error completing onboarding:', error);
+        res.status(500).json({ error: 'Failed to complete onboarding' });
+    }
+});
+/**
+ * Helper: Extract credentials from CLI credential file
+ * @deprecated Currently unused - kept for potential future use
+ */
+async function _extractCredentials(session, config) {
+    if (!config.credentialPath)
+        return;
+    try {
+        const fs = await import('fs/promises');
+        const os = await import('os');
+        const credPath = config.credentialPath.replace('~', os.homedir());
+        const content = await fs.readFile(credPath, 'utf8');
+        const creds = JSON.parse(content);
+        // Extract token based on provider structure
+        if (session.provider === 'anthropic') {
+            // Claude stores OAuth in: { claudeAiOauth: { accessToken: "...", refreshToken: "...", expiresAt: ... } }
+            if (creds.claudeAiOauth?.accessToken) {
+                session.token = creds.claudeAiOauth.accessToken;
+                session.refreshToken = creds.claudeAiOauth.refreshToken;
+                if (creds.claudeAiOauth.expiresAt) {
+                    session.tokenExpiresAt = new Date(creds.claudeAiOauth.expiresAt);
+                }
+            }
+            else {
+                // Fallback to legacy formats
+                session.token = creds.oauth_token || creds.access_token || creds.api_key;
+            }
+        }
+        else if (session.provider === 'openai') {
+            // Codex stores OAuth in: { tokens: { access_token: "...", refresh_token: "...", ... } }
+            if (creds.tokens?.access_token) {
+                session.token = creds.tokens.access_token;
+                session.refreshToken = creds.tokens.refresh_token;
+                // Codex doesn't store expiry in the file, but JWTs have exp claim
+                // We could decode it, but for now just skip
+            }
+            else {
+                // Fallback: API key or legacy formats
+                session.token = creds.OPENAI_API_KEY || creds.token || creds.access_token || creds.api_key;
+            }
+        }
+    }
+    catch (error) {
+        // Credentials file doesn't exist or isn't readable yet
+        console.log(`Could not read credentials file: ${error}`);
+    }
+}
+/**
+ * Helper: Get default scopes for a provider
+ */
+function getProviderScopes(provider) {
+    const scopes = {
+        anthropic: ['claude-code:execute', 'user:read'],
+        openai: ['codex:execute', 'chat:write'],
+        google: ['generative-language'],
+        github: ['read:user', 'user:email', 'repo'],
+    };
+    return scopes[provider] || [];
+}
+/**
+ * Helper: Validate a provider token by making a test API call
+ *
+ * Note: OAuth tokens from CLI flows (like `claude` CLI) are different from API keys.
+ * - API keys: sk-ant-api03-... (can be validated via API)
+ * - OAuth tokens: Session tokens from OAuth flow (can't be validated the same way)
+ *
+ * For OAuth tokens, we accept them if they look valid (non-empty, reasonable length).
+ * The CLI already validated the OAuth flow, so we trust those tokens.
+ */
+async function validateProviderToken(provider, token) {
+    // Basic sanity check
+    if (!token || token.length < 10) {
+        return false;
+    }
+    try {
+        // Check if this looks like an API key vs OAuth token
+        const isAnthropicApiKey = token.startsWith('sk-ant-');
+        const isOpenAIApiKey = token.startsWith('sk-');
+        // For OAuth tokens (not API keys), accept them without API validation
+        // The OAuth flow already authenticated the user
+        if (provider === 'anthropic' && !isAnthropicApiKey) {
+            console.log('[onboarding] Accepting OAuth token for anthropic (not an API key)');
+            return true;
+        }
+        if (provider === 'openai' && !isOpenAIApiKey) {
+            console.log('[onboarding] Accepting OAuth token for openai (not an API key)');
+            return true;
+        }
+        // For API keys, validate via API call
+        const endpoints = {
+            anthropic: {
+                url: 'https://api.anthropic.com/v1/messages',
+                headers: {
+                    'x-api-key': token,
+                    'anthropic-version': '2023-06-01',
+                },
+            },
+            openai: {
+                url: 'https://api.openai.com/v1/models',
+                headers: {
+                    Authorization: `Bearer ${token}`,
+                },
+            },
+            google: {
+                url: 'https://generativelanguage.googleapis.com/v1/models',
+                headers: {
+                    Authorization: `Bearer ${token}`,
+                },
+            },
+        };
+        const config = endpoints[provider];
+        if (!config)
+            return true; // Unknown provider, assume valid
+        const response = await fetch(config.url, {
+            method: provider === 'anthropic' ? 'POST' : 'GET',
+            headers: config.headers,
+            ...(provider === 'anthropic' && {
+                body: JSON.stringify({
+                    model: 'claude-3-haiku-20240307',
+                    max_tokens: 1,
+                    messages: [{ role: 'user', content: 'test' }],
+                }),
+            }),
+        });
+        // 401/403 means invalid token, anything else (including rate limits) means valid
+        return response.status !== 401 && response.status !== 403;
+    }
+    catch (error) {
+        console.error(`Error validating ${provider} token:`, error);
+        return false;
+    }
+}
+//# sourceMappingURL=onboarding.js.map

package/dist/cloud/api/onboarding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"onboarding.js","sourceRoot":"","sources":["../../../src/cloud/api/onboarding.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,MAAM,EAAqB,MAAM,SAAS,CAAC;AAEpD,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACxC,OAAO,EAAE,EAAE,EAAE,MAAM,gBAAgB,CAAC;AACpC,OAAO,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAC;AAE1C,uBAAuB;AACvB,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,qBAAqB,EACrB,kBAAkB,EAClB,sBAAsB,EACtB,0BAA0B,EAC1B,qBAAqB,GAKtB,MAAM,qBAAqB,CAAC;AAE7B,0DAA0D;AAC1D,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,qBAAqB,EACrB,kBAAkB,EAClB,sBAAsB,EACtB,0BAA0B,EAC1B,qBAAqB,GAKtB,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,MAAM,EAAE,CAAC;AAEzC,yCAAyC;AACzC,gBAAgB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;IACtC,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,IAAI,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;IACxF,IAAI,EAAE,CAAC;AACT,CAAC,CAAC,CAAC;AAEH,oCAAoC;AACpC,gBAAgB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;AAwBlC,MAAM,cAAc,GAAG,IAAI,GAAG,EAA0B,CAAC;AAEzD,qCAAqC;AACrC,WAAW,CAAC,GAAG,EAAE;IACf,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,cAAc,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,EAAE,EAAE;QACrC,wCAAwC;QACxC,IAAI,GAAG,GAAG,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;YACvD,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;gBACpB,IAAI,CAAC;oBACH,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;gBACzB,CAAC;gBAAC,MAAM,CAAC;oBACP,8BAA8B;gBAChC,CAAC;YACH,CAAC;YACD,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,EAAE,KAAK,CAAC,CAAC;AAEV;;;;;;GAMG;AACH,gBAAgB,CAAC,IAAI,CAAC,sBAAsB,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IAClF,OAAO,CAAC,GAAG,CAAC,+CAA+C,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAClF,MAAM,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;IAChC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAO,CAAC;IACnC,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,mDAAmD;IACpG,OAAO,CAAC,GAAG,CAAC,sBAAsB,EAAE,MAAM,EAAE,cAAc,EAAE,WAAW,EAAE,gBAAgB,EAAE,aAAa,CAAC,CAAC;IAE1G,MAAM,MAAM,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YAC1B,KAAK,EAAE,qCAAqC;YAC5C,kBAAkB,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC;SACjD,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC;QACH,+CAA+C;QAC/C,IAAI,SAAS,CAAC;QACd,IAAI,WAAW,EAAE,CAAC;YAChB,SAAS,GAAG,MAAM,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YACtD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,0BAA0B,WAAW,wBAAwB,CAAC,CAAC;gBAC3E,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;YAChE,CAAC;YACD,IAAI,SAAS,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAChC,OAAO,CAAC,GAAG,CAAC,0BAA0B,WAAW,eAAe,SAAS,CAAC,MAAM,SAAS,MAAM,EAAE,CAAC,CAAC;gBACnG,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;YAChE,CAAC;QACH,CAAC;aAAM,CAAC;YACN,2CAA2C;YAC3C,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAC5D,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,IAAI,CAAC,CAAC,SAAS,CAAC,CAAC;QAC1E,CAAC;QAED,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,SAAS,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;YACzE,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC1B,KAAK,EAAE,uCAAuC;gBAC9C,IAAI,EAAE,sBAAsB;gBAC5B,OAAO,EAAE,oFAAoF;gBAC7F,IAAI,EAAE,yFAAyF;aAChG,CAAC,CAAC;QACL,CAAC;QAED,2CAA2C;QAC3C,0EAA0E;QAC1E,oEAAoE;QACpE,IAAI,YAAY,GAAG,SAAS,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAE1D,8EAA8E;QAC9E,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,MAAM;YACxC,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;QAElG,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE,UAAU,EAAE,oBAAoB,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QAEzG,IAAI,UAAU,IAAI,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACrD,YAAY,GAAG,YAAY,CAAC,OAAO,CAAC,WAAW,EAAE,sBAAsB,CAAC,CAAC;YACzE,OAAO,CAAC,GAAG,CAAC,2DAA2D,CAAC,CAAC;QAC3E,CAAC;QACD,MAAM,SAAS,GAAG,GAAG,YAAY,aAAa,QAAQ,QAAQ,CAAC;QAC/D,OAAO,CAAC,GAAG,CAAC,8CAA8C,EAAE,SAAS,CAAC,CAAC;QAEvE,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;YAC1C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,aAAa,EAAE,CAAC;SACxC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,yCAAyC,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC;QAE5E,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;YACrB,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAuB,CAAC;YACpF,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE,SAAS,CAAC,CAAC;YAC/D,OAAO,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC;gBAC1C,KAAK,EAAE,SAAS,CAAC,KAAK,IAAI,uCAAuC;aAClE,CAAC,CAAC;QACL,CAAC;QAED,MAAM,gBAAgB,GAAG,MAAM,YAAY,CAAC,IAAI,EAI/C,CAAC;QAEF,qCAAqC;QACrC,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QACtC,MAAM,OAAO,GAAmB;YAC9B,MAAM;YACN,QAAQ;YACR,MAAM,EAAG,gBAAgB,CAAC,MAAmC,IAAI,UAAU;YAC3E,OAAO,EAAE,gBAAgB,CAAC,OAAO;YACjC,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,MAAM,EAAE,EAAE;YACV,mEAAmE;YACnE,YAAY;YACZ,kBAAkB,EAAE,gBAAgB,CAAC,SAAS;SAC/C,CAAC;QAEF,cAAc,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,+BAA+B,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,kBAAkB,EAAE,gBAAgB,CAAC,SAAS,EAAE,CAAC,CAAC;QAE1H,GAAG,CAAC,IAAI,CAAC;YACP,SAAS;YACT,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,WAAW,EAAE,SAAS,CAAC,EAAE;YACzB,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,qCAAqC,CAAC,CAAC,CAAC,wCAAwC;SAC5G,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,+BAA+B,QAAQ,GAAG,EAAE,KAAK,CAAC,CAAC;QACjE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC,CAAC;IACxE,CAAC;AACH,CAAC,CAAC,CAAC;AAEH;;;GAGG;AACH,gBAAgB,CAAC,GAAG,CAAC,kCAAkC,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IAC7F,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;IAC3C,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAO,CAAC;IAEnC,MAAM,OAAO,GAAG,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC9C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC9B,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,2DAA2D;IAC3D,IAAI,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,kBAAkB,EAAE,CAAC;QACvD,IAAI,CAAC;YACH,MAAM,cAAc,GAAG,MAAM,KAAK,CAChC,GAAG,OAAO,CAAC,YAAY,aAAa,QAAQ,WAAW,OAAO,CAAC,kBAAkB,EAAE,CACpF,CAAC;YACF,IAAI,cAAc,CAAC,EAAE,EAAE,CAAC;gBACtB,MAAM,eAAe,GAAG,MAAM,cAAc,CAAC,IAAI,EAIhD,CAAC;gBACF,6CAA6C;gBAC7C,OAAO,CAAC,MAAM,GAAI,eAAe,CAAC,MAAmC,IAAI,OAAO,CAAC,MAAM,CAAC;gBACxF,OAAO,CAAC,OAAO,GAAG,eAAe,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC;gBAC7D,OAAO,CAAC,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC;YACxC,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,+CAA+C,EAAE,GAAG,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAED,GAAG,CAAC,IAAI,CAAC;QACP,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,KAAK,EAAE,OAAO,CAAC,KAAK;KACrB,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH;;;;;;;GAOG;AACH,gBAAgB,CAAC,IAAI,CAAC,oCAAoC,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IAChG,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;IAC3C,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAO,CAAC;IACnC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,qDAAqD;IAE3F,OAAO,CAAC,GAAG,CAAC,0BAA0B,QAAQ,aAAa,SAAS,aAAa,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,eAAe,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAE7J,MAAM,OAAO,GAAG,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC9C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC9B,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,CAAC;QACH,IAAI,WAAW,GAAG,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;QACzC,IAAI,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QACxC,IAAI,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;QAE5C,gEAAgE;QAChE,IAAI,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,kBAAkB,EAAE,CAAC;YACvD,wEAAwE;YACxE,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,iBAAiB,GAAG,QAAQ,KAAK,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;gBAC5E,MAAM,SAAS,GAAG,GAAG,OAAO,CAAC,YAAY,aAAa,iBAAiB,aAAa,OAAO,CAAC,kBAAkB,EAAE,CAAC;gBACjH,OAAO,CAAC,GAAG,CAAC,wDAAwD,EAAE,SAAS,CAAC,CAAC;gBAEjF,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;oBAC9C,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;oBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC;iBACnC,CAAC,CAAC;gBAEH,IAAI,CAAC,gBAAgB,CAAC,EAAE,EAAE,CAAC;oBACzB,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAuB,CAAC;oBACxF,OAAO,GAAG,CAAC,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC;wBAC9C,KAAK,EAAE,SAAS,CAAC,KAAK,IAAI,gDAAgD;qBAC3E,CAAC,CAAC;gBACL,CAAC;gBACD,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;YAC7B,CAAC;YAED,mCAAmC;YACnC,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,IAAI,CAAC;oBACH,MAAM,aAAa,GAAG,MAAM,KAAK,CAC/B,GAAG,OAAO,CAAC,YAAY,aAAa,QAAQ,UAAU,OAAO,CAAC,kBAAkB,EAAE,CACnF,CAAC;oBACF,IAAI,aAAa,CAAC,EAAE,EAAE,CAAC;wBACrB,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,IAAI,EAIrC,CAAC;wBACF,WAAW,GAAG,KAAK,CAAC,KAAK,CAAC;wBAC1B,YAAY,GAAG,KAAK,CAAC,YAAY,CAAC;wBAClC,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;4BACpB,cAAc,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;wBAC7C,CAAC;wBACD,OAAO,CAAC,GAAG,CAAC,kDAAkD,EAAE;4BAC9D,QAAQ,EAAE,CAAC,CAAC,WAAW;4BACvB,eAAe,EAAE,CAAC,CAAC,YAAY;yBAChC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,OAAO,CAAC,KAAK,CAAC,wDAAwD,EAAE,GAAG,CAAC,CAAC;gBAC/E,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC1B,KAAK,EAAE,qEAAqE;aAC7E,CAAC,CAAC;QACL,CAAC;QAED,+CAA+C;QAC/C,MAAM,KAAK,CAAC,eAAe,CAAC;YAC1B,MAAM;YACN,QAAQ;YACR,WAAW;YACX,YAAY;YACZ,cAAc;YACd,MAAM,EAAE,iBAAiB,CAAC,QAAQ,CAAC;SACpC,CAAC,CAAC;QAEH,mBAAmB;QACnB,cAAc,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEjC,GAAG,CAAC,IAAI,CAAC;YACP,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,GAAG,QAAQ,yBAAyB;SAC9C,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,iCAAiC,QAAQ,GAAG,EAAE,KAAK,CAAC,CAAC;QACnE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC,CAAC;IACvE,CAAC;AACH,CAAC,CAAC,CAAC;AAEH;;;;GAIG;AACH,gBAAgB,CAAC,IAAI,CAAC,gCAAgC,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IAC5F,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;IAC3C,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAO,CAAC;IACnC,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;IAE1B,OAAO,CAAC,GAAG,CAAC,4CAA4C,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;IAE7G,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,MAAM,OAAO,GAAG,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC9C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,iCAAiC,EAAE,EAAE,SAAS,EAAE,cAAc,EAAE,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;QACjH,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,4DAA4D,EAAE,CAAC,CAAC;IACvG,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC9B,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,6BAA6B,EAAE;QACzC,SAAS;QACT,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;QAC9C,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAC,CAAC;IAEH,8BAA8B;IAC9B,IAAI,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,kBAAkB,EAAE,CAAC;QACvD,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,GAAG,OAAO,CAAC,YAAY,aAAa,QAAQ,SAAS,OAAO,CAAC,kBAAkB,EAAE,CAAC;YACpG,OAAO,CAAC,GAAG,CAAC,iDAAiD,EAAE,SAAS,CAAC,CAAC;YAE1E,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;gBAC1C,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC;aAC/B,CAAC,CAAC;YAEH,OAAO,CAAC,GAAG,CAAC,kCAAkC,EAAE,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;YAEjF,IAAI,YAAY,CAAC,EAAE,EAAE,CAAC;gBACpB,OAAO,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,qBAAqB,EAAE,CAAC,CAAC;YACrE,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAuB,CAAC;YACpF,OAAO,CAAC,GAAG,CAAC,+BAA+B,EAAE,SAAS,CAAC,CAAC;YAExD,qCAAqC;YACrC,MAAM,YAAY,GAAI,SAAwC,CAAC,YAAY,CAAC;YAC5E,IAAI,YAAY,CAAC,MAAM,KAAK,GAAG,IAAI,YAAY,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC/D,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBAC1B,KAAK,EAAE,SAAS,CAAC,KAAK,IAAI,qGAAqG;oBAC/H,YAAY,EAAE,YAAY,IAAI,IAAI;iBACnC,CAAC,CAAC;YACL,CAAC;YAED,OAAO,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC;gBAC1C,KAAK,EAAE,SAAS,CAAC,KAAK,IAAI,yCAAyC;gBACnE,YAAY;aACb,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,uDAAuD,EAAE,GAAG,CAAC,CAAC;YAC5E,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC1B,KAAK,EAAE,mFAAmF;aAC3F,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;IAChE,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;QAC1B,KAAK,EAAE,8GAA8G;KACtH,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,yFAAyF;AACzF,yFAAyF;AAEzF;;;GAGG;AACH,gBAAgB,CAAC,IAAI,CAAC,kCAAkC,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IAC9F,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;IAC3C,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAO,CAAC;IAEnC,MAAM,OAAO,GAAG,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC9C,IAAI,OAAO,EAAE,MAAM,KAAK,MAAM,EAAE,CAAC;QAC/B,yCAAyC;QACzC,IAAI,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,kBAAkB,EAAE,CAAC;YACvD,IAAI,CAAC;gBACH,MAAM,KAAK,CACT,GAAG,OAAO,CAAC,YAAY,aAAa,QAAQ,WAAW,OAAO,CAAC,kBAAkB,EAAE,EACnF,EAAE,MAAM,EAAE,MAAM,EAAE,CACnB,CAAC;YACJ,CAAC;YAAC,MAAM,CAAC;gBACP,uBAAuB;YACzB,CAAC;QACH,CAAC;QACD,cAAc,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACnC,CAAC;IAED,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;AAC9B,CAAC,CAAC,CAAC;AAEH;;;GAGG;AACH,gBAAgB,CAAC,IAAI,CAAC,kBAAkB,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IAC9E,MAAM,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;IAChC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAO,CAAC;IACnC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;IAElC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;IAC9D,CAAC;IAED,IAAI,CAAC;QACH,2CAA2C;QAC3C,MAAM,OAAO,GAAG,MAAM,qBAAqB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QAC7D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QAC1D,CAAC;QAED,iBAAiB;QACjB,MAAM,KAAK,CAAC,eAAe,CAAC;YAC1B,MAAM;YACN,QAAQ;YACR,WAAW,EAAE,KAAK;YAClB,MAAM,EAAE,iBAAiB,CAAC,QAAQ,CAAC;YACnC,oBAAoB,EAAE,KAAK;SAC5B,CAAC,CAAC;QAEH,GAAG,CAAC,IAAI,CAAC;YACP,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,GAAG,QAAQ,yBAAyB;SAC9C,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,2BAA2B,QAAQ,GAAG,EAAE,KAAK,CAAC,CAAC;QAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC,CAAC,CAAC;AAEH;;;GAGG;AACH,gBAAgB,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IACpE,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAO,CAAC;IAEnC,IAAI,CAAC;QACH,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,YAAY,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YAC1D,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;YACzB,EAAE,CAAC,WAAW,CAAC,YAAY,CAAC,MAAM,CAAC;YACnC,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,MAAM,CAAC;SACrC,CAAC,CAAC;QAEH,MAAM,kBAAkB,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC5D,MAAM,aAAa,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAChD,CAAC,WAAW,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAC9C,CAAC;QAEF,GAAG,CAAC,IAAI,CAAC;YACP,KAAK,EAAE;gBACL,MAAM,EAAE,EAAE,QAAQ,EAAE,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;gBAC3D,UAAU,EAAE;oBACV,QAAQ,EAAE,aAAa;oBACvB,SAAS,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,QAAQ,CAAC;iBAC1D;gBACD,UAAU,EAAE;oBACV,QAAQ,EAAE,YAAY,CAAC,MAAM,GAAG,CAAC;oBACjC,KAAK,EAAE,YAAY,CAAC,MAAM;iBAC3B;aACF;YACD,kBAAkB,EAAE,IAAI,EAAE,qBAAqB,IAAI,IAAI;YACvD,kBAAkB,EAAE,aAAa,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC;SAC7D,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,kCAAkC,EAAE,KAAK,CAAC,CAAC;QACzD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC,CAAC;IAC1D,CAAC;AACH,CAAC,CAAC,CAAC;AAEH;;;GAGG;AACH,gBAAgB,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IACvE,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAO,CAAC;IAEnC,IAAI,CAAC;QACH,MAAM,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAC1C,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;QACrD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC,CAAC;IACnE,CAAC;AACH,CAAC,CAAC,CAAC;AAEH;;;GAGG;AACH,KAAK,UAAU,mBAAmB,CAChC,OAAuB,EACvB,MAAsC;IAEtC,IAAI,CAAC,MAAM,CAAC,cAAc;QAAE,OAAO;IAEnC,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACvC,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;QAC9B,MAAM,QAAQ,GAAG,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;QAClE,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACpD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAElC,4CAA4C;QAC5C,IAAI,OAAO,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;YACrC,yGAAyG;YACzG,IAAI,KAAK,CAAC,aAAa,EAAE,WAAW,EAAE,CAAC;gBACrC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,aAAa,CAAC,WAAW,CAAC;gBAChD,OAAO,CAAC,YAAY,GAAG,KAAK,CAAC,aAAa,CAAC,YAAY,CAAC;gBACxD,IAAI,KAAK,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC;oBAClC,OAAO,CAAC,cAAc,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;gBACnE,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,6BAA6B;gBAC7B,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,YAAY,IAAI,KAAK,CAAC,OAAO,CAAC;YAC3E,CAAC;QACH,CAAC;aAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACzC,wFAAwF;YACxF,IAAI,KAAK,CAAC,MAAM,EAAE,YAAY,EAAE,CAAC;gBAC/B,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC;gBAC1C,OAAO,CAAC,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC,aAAa,CAAC;gBAClD,kEAAkE;gBAClE,4CAA4C;YAC9C,CAAC;iBAAM,CAAC;gBACN,sCAAsC;gBACtC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,cAAc,IAAI,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,YAAY,IAAI,KAAK,CAAC,OAAO,CAAC;YAC7F,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,uDAAuD;QACvD,OAAO,CAAC,GAAG,CAAC,oCAAoC,KAAK,EAAE,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,QAAgB;IACzC,MAAM,MAAM,GAA6B;QACvC,SAAS,EAAE,CAAC,qBAAqB,EAAE,WAAW,CAAC;QAC/C,MAAM,EAAE,CAAC,eAAe,EAAE,YAAY,CAAC;QACvC,MAAM,EAAE,CAAC,qBAAqB,CAAC;QAC/B,MAAM,EAAE,CAAC,WAAW,EAAE,YAAY,EAAE,MAAM,CAAC;KAC5C,CAAC;IACF,OAAO,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;AAChC,CAAC;AAED;;;;;;;;;GASG;AACH,KAAK,UAAU,qBAAqB,CAAC,QAAgB,EAAE,KAAa;IAClE,qBAAqB;IACrB,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAChC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,CAAC;QACH,qDAAqD;QACrD,MAAM,iBAAiB,GAAG,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QACtD,MAAM,cAAc,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAE/C,sEAAsE;QACtE,gDAAgD;QAChD,IAAI,QAAQ,KAAK,WAAW,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACnD,OAAO,CAAC,GAAG,CAAC,mEAAmE,CAAC,CAAC;YACjF,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,QAAQ,KAAK,QAAQ,IAAI,CAAC,cAAc,EAAE,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,gEAAgE,CAAC,CAAC;YAC9E,OAAO,IAAI,CAAC;QACd,CAAC;QAED,sCAAsC;QACtC,MAAM,SAAS,GAAqE;YAClF,SAAS,EAAE;gBACT,GAAG,EAAE,uCAAuC;gBAC5C,OAAO,EAAE;oBACP,WAAW,EAAE,KAAK;oBAClB,mBAAmB,EAAE,YAAY;iBAClC;aACF;YACD,MAAM,EAAE;gBACN,GAAG,EAAE,kCAAkC;gBACvC,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,KAAK,EAAE;iBACjC;aACF;YACD,MAAM,EAAE;gBACN,GAAG,EAAE,qDAAqD;gBAC1D,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,KAAK,EAAE;iBACjC;aACF;SACF,CAAC;QAEF,MAAM,MAAM,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QACnC,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC,CAAC,iCAAiC;QAE3D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE;YACvC,MAAM,EAAE,QAAQ,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK;YACjD,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,GAAG,CAAC,QAAQ,KAAK,WAAW,IAAI;gBAC9B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,KAAK,EAAE,yBAAyB;oBAChC,UAAU,EAAE,CAAC;oBACb,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;iBAC9C,CAAC;aACH,CAAC;SACH,CAAC,CAAC;QAEH,iFAAiF;QACjF,OAAO,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC;IAC5D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,oBAAoB,QAAQ,SAAS,EAAE,KAAK,CAAC,CAAC;QAC5D,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/cloud/api/policy.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Agent Policy API Routes
+ *
+ * Provides endpoints for managing workspace-level agent policies.
+ * These policies serve as fallbacks when repos don't have .claude/policies/ files.
+ */
+export declare const policyRouter: import("express-serve-static-core").Router;
+//# sourceMappingURL=policy.d.ts.map

package/dist/cloud/api/policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../../src/cloud/api/policy.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,eAAO,MAAM,YAAY,4CAAW,CAAC"}