npm - agentic-qe - Versions diffs - 3.3.4 → 3.4.0 - Mend

agentic-qe 3.3.4 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (457) hide show

package/v3/dist/adapters/a2a/auth/routes.js ADDED Viewed

@@ -0,0 +1,496 @@
+/**
+ * A2A OAuth 2.0 Endpoint Routes
+ *
+ * Implements OAuth 2.0 authorization server endpoints for A2A authentication.
+ * Supports authorization_code, client_credentials, and refresh_token grants.
+ *
+ * Endpoints:
+ * - POST /oauth/token - Token exchange
+ * - GET /oauth/authorize - Authorization redirect (for authorization_code flow)
+ * - POST /oauth/revoke - Token revocation
+ * - GET /oauth/.well-known/openid-configuration - OpenID Connect discovery
+ *
+ * @module adapters/a2a/auth/routes
+ * @see https://datatracker.ietf.org/doc/html/rfc6749
+ * @see https://openid.net/specs/openid-connect-discovery-1_0.html
+ */
+import { createOAuthError } from './middleware.js';
+// ============================================================================
+// Default Configuration
+// ============================================================================
+/**
+ * Default OAuth routes configuration
+ */
+export const DEFAULT_OAUTH_ROUTES_CONFIG = {
+    basePath: '/oauth',
+    enableCors: true,
+    loginPageUrl: '/login',
+};
+// ============================================================================
+// Error Helpers
+// ============================================================================
+/**
+ * Send OAuth error response
+ */
+function sendOAuthError(res, status, error, description) {
+    res.setHeader('Content-Type', 'application/json');
+    res.setHeader('Cache-Control', 'no-store');
+    res.setHeader('Pragma', 'no-cache');
+    res.status(status).json(createOAuthError(error, description));
+}
+/**
+ * Parse form-urlencoded body
+ */
+function parseFormBody(body) {
+    if (typeof body === 'object') {
+        // Already parsed as JSON
+        const result = {};
+        for (const [key, value] of Object.entries(body)) {
+            if (typeof value === 'string') {
+                result[key] = value;
+            }
+            else if (value !== undefined && value !== null) {
+                result[key] = String(value);
+            }
+        }
+        return result;
+    }
+    // Parse x-www-form-urlencoded
+    const params = new URLSearchParams(body);
+    const result = {};
+    params.forEach((value, key) => {
+        result[key] = value;
+    });
+    return result;
+}
+// ============================================================================
+// Route Handlers
+// ============================================================================
+/**
+ * Create OAuth route handlers
+ */
+function createOAuthHandlers(config) {
+    const { provider, enableCors, loginPageUrl } = config;
+    /**
+     * Set common response headers
+     */
+    function setCommonHeaders(res) {
+        res.setHeader('Cache-Control', 'no-store');
+        res.setHeader('Pragma', 'no-cache');
+        if (enableCors) {
+            res.setHeader('Access-Control-Allow-Origin', '*');
+            res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
+            res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+        }
+    }
+    return {
+        /**
+         * POST /oauth/token - Token endpoint
+         *
+         * Handles all grant types:
+         * - authorization_code: Exchange auth code for tokens
+         * - client_credentials: Service-to-service auth
+         * - refresh_token: Refresh access token
+         */
+        async handleToken(req, res) {
+            setCommonHeaders(res);
+            res.setHeader('Content-Type', 'application/json');
+            try {
+                // Parse request body
+                const body = parseFormBody(req.body ?? {});
+                const { grant_type, code, refresh_token, client_id, client_secret, scope, redirect_uri, code_verifier, } = body;
+                // Validate required fields
+                if (!grant_type) {
+                    sendOAuthError(res, 400, 'invalid_request', 'Missing grant_type parameter');
+                    return;
+                }
+                if (!client_id) {
+                    sendOAuthError(res, 400, 'invalid_request', 'Missing client_id parameter');
+                    return;
+                }
+                // Validate client
+                const validClient = await provider.validateClient(client_id, client_secret);
+                if (!validClient) {
+                    sendOAuthError(res, 401, 'invalid_client', 'Client authentication failed');
+                    return;
+                }
+                let tokenResponse;
+                switch (grant_type) {
+                    case 'authorization_code': {
+                        if (!code) {
+                            sendOAuthError(res, 400, 'invalid_request', 'Missing code parameter');
+                            return;
+                        }
+                        if (!redirect_uri) {
+                            sendOAuthError(res, 400, 'invalid_request', 'Missing redirect_uri parameter');
+                            return;
+                        }
+                        try {
+                            tokenResponse = await provider.exchangeAuthorizationCode(code, client_id, redirect_uri, code_verifier);
+                        }
+                        catch (error) {
+                            const message = error instanceof Error ? error.message : 'Invalid authorization code';
+                            sendOAuthError(res, 400, 'invalid_grant', message);
+                            return;
+                        }
+                        break;
+                    }
+                    case 'client_credentials': {
+                        if (!client_secret) {
+                            sendOAuthError(res, 400, 'invalid_request', 'Missing client_secret for client_credentials grant');
+                            return;
+                        }
+                        try {
+                            tokenResponse = await provider.exchangeClientCredentials(client_id, client_secret, scope);
+                        }
+                        catch (error) {
+                            const message = error instanceof Error ? error.message : 'Client credentials exchange failed';
+                            sendOAuthError(res, 400, 'invalid_grant', message);
+                            return;
+                        }
+                        break;
+                    }
+                    case 'refresh_token': {
+                        if (!refresh_token) {
+                            sendOAuthError(res, 400, 'invalid_request', 'Missing refresh_token parameter');
+                            return;
+                        }
+                        try {
+                            tokenResponse = await provider.refreshToken(refresh_token, client_id);
+                        }
+                        catch (error) {
+                            const message = error instanceof Error ? error.message : 'Invalid refresh token';
+                            sendOAuthError(res, 400, 'invalid_grant', message);
+                            return;
+                        }
+                        break;
+                    }
+                    default:
+                        sendOAuthError(res, 400, 'unsupported_grant_type', `Unsupported grant type: ${grant_type}`);
+                        return;
+                }
+                res.status(200).json(tokenResponse);
+            }
+            catch (error) {
+                const message = error instanceof Error ? error.message : 'Token endpoint error';
+                sendOAuthError(res, 500, 'invalid_request', message);
+            }
+        },
+        /**
+         * GET /oauth/authorize - Authorization endpoint
+         *
+         * Initiates the authorization code flow.
+         * Redirects to login page with parameters.
+         */
+        async handleAuthorize(req, res) {
+            setCommonHeaders(res);
+            try {
+                const { response_type, client_id, redirect_uri, scope, state, code_challenge, code_challenge_method, } = req.query;
+                // Validate required parameters
+                if (!response_type) {
+                    sendOAuthError(res, 400, 'invalid_request', 'Missing response_type parameter');
+                    return;
+                }
+                if (!client_id) {
+                    sendOAuthError(res, 400, 'invalid_request', 'Missing client_id parameter');
+                    return;
+                }
+                if (!redirect_uri) {
+                    sendOAuthError(res, 400, 'invalid_request', 'Missing redirect_uri parameter');
+                    return;
+                }
+                // Validate client
+                const validClient = await provider.validateClient(client_id);
+                if (!validClient) {
+                    sendOAuthError(res, 400, 'unauthorized_client', 'Unknown client_id');
+                    return;
+                }
+                // Only support 'code' response type for now
+                if (response_type !== 'code') {
+                    sendOAuthError(res, 400, 'unsupported_grant_type', 'Only response_type=code is supported');
+                    return;
+                }
+                // Build login page redirect URL
+                const loginUrl = new URL(loginPageUrl, 'http://localhost');
+                loginUrl.searchParams.set('client_id', client_id);
+                loginUrl.searchParams.set('redirect_uri', redirect_uri);
+                if (scope)
+                    loginUrl.searchParams.set('scope', scope);
+                if (state)
+                    loginUrl.searchParams.set('state', state);
+                if (code_challenge)
+                    loginUrl.searchParams.set('code_challenge', code_challenge);
+                if (code_challenge_method)
+                    loginUrl.searchParams.set('code_challenge_method', code_challenge_method);
+                // Redirect to login page
+                res.setHeader('Location', loginUrl.pathname + loginUrl.search);
+                res.status(302).end();
+            }
+            catch (error) {
+                const message = error instanceof Error ? error.message : 'Authorization error';
+                sendOAuthError(res, 500, 'invalid_request', message);
+            }
+        },
+        /**
+         * POST /oauth/revoke - Token revocation endpoint
+         *
+         * Revokes access tokens or refresh tokens.
+         * Always returns 200 OK (even for invalid tokens) per RFC 7009.
+         */
+        async handleRevoke(req, res) {
+            setCommonHeaders(res);
+            try {
+                const body = parseFormBody(req.body ?? {});
+                const { token, token_type_hint, client_id, client_secret } = body;
+                if (!token) {
+                    sendOAuthError(res, 400, 'invalid_request', 'Missing token parameter');
+                    return;
+                }
+                // Validate client if provided
+                if (client_id) {
+                    const validClient = await provider.validateClient(client_id, client_secret);
+                    if (!validClient) {
+                        sendOAuthError(res, 401, 'invalid_client', 'Client authentication failed');
+                        return;
+                    }
+                }
+                // Revoke the token
+                await provider.revokeToken(token, token_type_hint);
+                // RFC 7009: Always return 200 OK
+                res.status(200).end();
+            }
+            catch (error) {
+                // Even on error, return 200 per RFC 7009
+                res.status(200).end();
+            }
+        },
+        /**
+         * GET /oauth/.well-known/openid-configuration - OpenID Connect discovery
+         *
+         * Returns the OpenID Connect discovery document.
+         */
+        async handleOpenIDConfiguration(_req, res) {
+            setCommonHeaders(res);
+            res.setHeader('Content-Type', 'application/json');
+            try {
+                const config = provider.getOpenIDConfiguration();
+                res.status(200).json(config);
+            }
+            catch (error) {
+                const message = error instanceof Error ? error.message : 'Configuration error';
+                sendOAuthError(res, 500, 'invalid_request', message);
+            }
+        },
+        /**
+         * OPTIONS handler for CORS preflight
+         */
+        handleOptions(_req, res) {
+            if (enableCors) {
+                res.setHeader('Access-Control-Allow-Origin', '*');
+                res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
+                res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+                res.setHeader('Access-Control-Max-Age', '86400');
+            }
+            res.status(204).end();
+        },
+    };
+}
+// ============================================================================
+// Route Factory
+// ============================================================================
+/**
+ * Get OAuth route definitions
+ *
+ * Returns an array of route definitions that can be used to setup routes
+ * in Express or any compatible HTTP framework.
+ *
+ * @param config OAuth routes configuration
+ * @returns Array of route definitions
+ *
+ * @example
+ * ```typescript
+ * const routeDefs = getOAuthRouteDefinitions({
+ *   provider: myOAuthProvider,
+ * });
+ *
+ * // Setup in custom router
+ * for (const route of routeDefs) {
+ *   router.add(route.method, route.path, route.handler);
+ * }
+ * ```
+ */
+export function getOAuthRouteDefinitions(config) {
+    const fullConfig = {
+        ...DEFAULT_OAUTH_ROUTES_CONFIG,
+        ...config,
+    };
+    const { basePath } = fullConfig;
+    const handlers = createOAuthHandlers(fullConfig);
+    return [
+        // CORS preflight
+        {
+            method: 'options',
+            path: `${basePath}/token`,
+            handler: async (req, res) => handlers.handleOptions(req, res),
+        },
+        {
+            method: 'options',
+            path: `${basePath}/authorize`,
+            handler: async (req, res) => handlers.handleOptions(req, res),
+        },
+        {
+            method: 'options',
+            path: `${basePath}/revoke`,
+            handler: async (req, res) => handlers.handleOptions(req, res),
+        },
+        {
+            method: 'options',
+            path: `${basePath}/.well-known/openid-configuration`,
+            handler: async (req, res) => handlers.handleOptions(req, res),
+        },
+        // Token endpoint
+        {
+            method: 'post',
+            path: `${basePath}/token`,
+            handler: handlers.handleToken.bind(handlers),
+        },
+        // Authorization endpoint
+        {
+            method: 'get',
+            path: `${basePath}/authorize`,
+            handler: handlers.handleAuthorize.bind(handlers),
+        },
+        // Revocation endpoint
+        {
+            method: 'post',
+            path: `${basePath}/revoke`,
+            handler: handlers.handleRevoke.bind(handlers),
+        },
+        // OpenID Connect discovery
+        {
+            method: 'get',
+            path: `${basePath}/.well-known/openid-configuration`,
+            handler: handlers.handleOpenIDConfiguration.bind(handlers),
+        },
+    ];
+}
+/**
+ * Create OAuth routes for Express
+ *
+ * NOTE: This function requires Express to be installed separately.
+ * If Express is not available, use getOAuthRouteDefinitions() instead.
+ *
+ * @param config OAuth routes configuration
+ * @returns Express router
+ *
+ * @example
+ * ```typescript
+ * import express from 'express';
+ * import { createOAuthRoutes } from '@agentic-qe/v3';
+ *
+ * const app = express();
+ * const oauthRouter = createOAuthRoutes({
+ *   provider: myOAuthProvider,
+ * });
+ *
+ * app.use(oauthRouter);
+ * ```
+ */
+export function createOAuthRoutes(config) {
+    // Dynamically import express
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
+    const express = require('express');
+    const router = express.Router();
+    // Add body parsing middleware
+    router.use(express.json());
+    router.use(express.urlencoded({ extended: true }));
+    const routeDefs = getOAuthRouteDefinitions(config);
+    for (const route of routeDefs) {
+        router[route.method](route.path, route.handler);
+    }
+    return router;
+}
+// ============================================================================
+// Utility Functions
+// ============================================================================
+/**
+ * Validate redirect URI against allowed URIs
+ *
+ * @param uri URI to validate
+ * @param allowedUris List of allowed URIs (supports wildcards)
+ * @returns True if URI is allowed
+ */
+export function validateRedirectUri(uri, allowedUris) {
+    try {
+        const parsed = new URL(uri);
+        for (const allowed of allowedUris) {
+            // Exact match
+            if (allowed === uri) {
+                return true;
+            }
+            // Wildcard match (e.g., "https://*.example.com/callback")
+            if (allowed.includes('*')) {
+                const pattern = allowed
+                    .replace(/[.+?^${}()|[\]\\]/g, '\\$&')
+                    .replace(/\*/g, '.*');
+                const regex = new RegExp(`^${pattern}$`);
+                if (regex.test(uri)) {
+                    return true;
+                }
+            }
+            // Same origin match
+            try {
+                const allowedParsed = new URL(allowed);
+                if (parsed.protocol === allowedParsed.protocol &&
+                    parsed.host === allowedParsed.host &&
+                    parsed.pathname.startsWith(allowedParsed.pathname)) {
+                    return true;
+                }
+            }
+            catch {
+                // Invalid allowed URI, skip
+            }
+        }
+        return false;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Generate PKCE code challenge from verifier
+ *
+ * @param verifier Code verifier string
+ * @param method Challenge method (plain or S256)
+ * @returns Code challenge
+ */
+export async function generateCodeChallenge(verifier, method = 'S256') {
+    if (method === 'plain') {
+        return verifier;
+    }
+    // S256: BASE64URL(SHA256(verifier))
+    const encoder = new TextEncoder();
+    const data = encoder.encode(verifier);
+    const hash = await crypto.subtle.digest('SHA-256', data);
+    const hashArray = new Uint8Array(hash);
+    // Base64URL encode - convert Uint8Array to string manually
+    let binary = '';
+    for (let i = 0; i < hashArray.length; i++) {
+        binary += String.fromCharCode(hashArray[i]);
+    }
+    const base64 = btoa(binary);
+    return base64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+}
+/**
+ * Verify PKCE code challenge
+ *
+ * @param verifier Code verifier from token request
+ * @param challenge Original code challenge from authorization
+ * @param method Challenge method
+ * @returns True if verification passes
+ */
+export async function verifyCodeChallenge(verifier, challenge, method = 'S256') {
+    const computed = await generateCodeChallenge(verifier, method);
+    return computed === challenge;
+}
+//# sourceMappingURL=routes.js.map

package/v3/dist/adapters/a2a/auth/routes.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"routes.js","sourceRoot":"","sources":["../../../../src/adapters/a2a/auth/routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,EAAE,gBAAgB,EAAwC,MAAM,iBAAiB,CAAC;AAgLzF,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG;IACzC,QAAQ,EAAE,QAAQ;IAClB,UAAU,EAAE,IAAI;IAChB,YAAY,EAAE,QAAQ;CACd,CAAC;AAEX,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E;;GAEG;AACH,SAAS,cAAc,CACrB,GAAiB,EACjB,MAAc,EACd,KAAqB,EACrB,WAAoB;IAEpB,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IAClD,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;IAC3C,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IACpC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC,CAAC;AAChE,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,IAAsC;IAC3D,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,yBAAyB;QACzB,MAAM,MAAM,GAA2B,EAAE,CAAC;QAC1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YAChD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9B,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YACtB,CAAC;iBAAM,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBACjD,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,8BAA8B;IAC9B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC;IACzC,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QAC5B,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACtB,CAAC,CAAC,CAAC;IACH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,+EAA+E;AAC/E,iBAAiB;AACjB,+EAA+E;AAE/E;;GAEG;AACH,SAAS,mBAAmB,CAAC,MAAmC;IAC9D,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;IAEtD;;OAEG;IACH,SAAS,gBAAgB,CAAC,GAAiB;QACzC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QAC3C,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QAEpC,IAAI,UAAU,EAAE,CAAC;YACf,GAAG,CAAC,SAAS,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC;YAClD,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,oBAAoB,CAAC,CAAC;YACpE,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,6BAA6B,CAAC,CAAC;QAC/E,CAAC;IACH,CAAC;IAED,OAAO;QACL;;;;;;;WAOG;QACH,KAAK,CAAC,WAAW,CACf,GAA8D,EAC9D,GAAiB;YAEjB,gBAAgB,CAAC,GAAG,CAAC,CAAC;YACtB,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;YAElD,IAAI,CAAC;gBACH,qBAAqB;gBACrB,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;gBAC3C,MAAM,EACJ,UAAU,EACV,IAAI,EACJ,aAAa,EACb,SAAS,EACT,aAAa,EACb,KAAK,EACL,YAAY,EACZ,aAAa,GACd,GAAG,IAA+B,CAAC;gBAEpC,2BAA2B;gBAC3B,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,iBAAiB,EAAE,8BAA8B,CAAC,CAAC;oBAC5E,OAAO;gBACT,CAAC;gBAED,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,iBAAiB,EAAE,6BAA6B,CAAC,CAAC;oBAC3E,OAAO;gBACT,CAAC;gBAED,kBAAkB;gBAClB,MAAM,WAAW,GAAG,MAAM,QAAQ,CAAC,cAAc,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;gBAC5E,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,gBAAgB,EAAE,8BAA8B,CAAC,CAAC;oBAC3E,OAAO;gBACT,CAAC;gBAED,IAAI,aAA4B,CAAC;gBAEjC,QAAQ,UAAU,EAAE,CAAC;oBACnB,KAAK,oBAAoB,CAAC,CAAC,CAAC;wBAC1B,IAAI,CAAC,IAAI,EAAE,CAAC;4BACV,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,iBAAiB,EAAE,wBAAwB,CAAC,CAAC;4BACtE,OAAO;wBACT,CAAC;wBACD,IAAI,CAAC,YAAY,EAAE,CAAC;4BAClB,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,iBAAiB,EAAE,gCAAgC,CAAC,CAAC;4BAC9E,OAAO;wBACT,CAAC;wBAED,IAAI,CAAC;4BACH,aAAa,GAAG,MAAM,QAAQ,CAAC,yBAAyB,CACtD,IAAI,EACJ,SAAS,EACT,YAAY,EACZ,aAAa,CACd,CAAC;wBACJ,CAAC;wBAAC,OAAO,KAAK,EAAE,CAAC;4BACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,4BAA4B,CAAC;4BACtF,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;4BACnD,OAAO;wBACT,CAAC;wBACD,MAAM;oBACR,CAAC;oBAED,KAAK,oBAAoB,CAAC,CAAC,CAAC;wBAC1B,IAAI,CAAC,aAAa,EAAE,CAAC;4BACnB,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,iBAAiB,EAAE,oDAAoD,CAAC,CAAC;4BAClG,OAAO;wBACT,CAAC;wBAED,IAAI,CAAC;4BACH,aAAa,GAAG,MAAM,QAAQ,CAAC,yBAAyB,CACtD,SAAS,EACT,aAAa,EACb,KAAK,CACN,CAAC;wBACJ,CAAC;wBAAC,OAAO,KAAK,EAAE,CAAC;4BACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,oCAAoC,CAAC;4BAC9F,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;4BACnD,OAAO;wBACT,CAAC;wBACD,MAAM;oBACR,CAAC;oBAED,KAAK,eAAe,CAAC,CAAC,CAAC;wBACrB,IAAI,CAAC,aAAa,EAAE,CAAC;4BACnB,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,iBAAiB,EAAE,iCAAiC,CAAC,CAAC;4BAC/E,OAAO;wBACT,CAAC;wBAED,IAAI,CAAC;4BACH,aAAa,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;wBACxE,CAAC;wBAAC,OAAO,KAAK,EAAE,CAAC;4BACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC;4BACjF,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;4BACnD,OAAO;wBACT,CAAC;wBACD,MAAM;oBACR,CAAC;oBAED;wBACE,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,wBAAwB,EAAE,2BAA2B,UAAU,EAAE,CAAC,CAAC;wBAC5F,OAAO;gBACX,CAAC;gBAED,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YACtC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,sBAAsB,CAAC;gBAChF,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,iBAAiB,EAAE,OAAO,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;QAED;;;;;WAKG;QACH,KAAK,CAAC,eAAe,CAAC,GAAgB,EAAE,GAAiB;YACvD,gBAAgB,CAAC,GAAG,CAAC,CAAC;YAEtB,IAAI,CAAC;gBACH,MAAM,EACJ,aAAa,EACb,SAAS,EACT,YAAY,EACZ,KAAK,EACL,KAAK,EACL,cAAc,EACd,qBAAqB,GACtB,GAAG,GAAG,CAAC,KAAwC,CAAC;gBAEjD,+BAA+B;gBAC/B,IAAI,CAAC,aAAa,EAAE,CAAC;oBACnB,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,iBAAiB,EAAE,iCAAiC,CAAC,CAAC;oBAC/E,OAAO;gBACT,CAAC;gBAED,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,iBAAiB,EAAE,6BAA6B,CAAC,CAAC;oBAC3E,OAAO;gBACT,CAAC;gBAED,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,iBAAiB,EAAE,gCAAgC,CAAC,CAAC;oBAC9E,OAAO;gBACT,CAAC;gBAED,kBAAkB;gBAClB,MAAM,WAAW,GAAG,MAAM,QAAQ,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;gBAC7D,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,qBAAqB,EAAE,mBAAmB,CAAC,CAAC;oBACrE,OAAO;gBACT,CAAC;gBAED,4CAA4C;gBAC5C,IAAI,aAAa,KAAK,MAAM,EAAE,CAAC;oBAC7B,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,wBAAwB,EAAE,sCAAsC,CAAC,CAAC;oBAC3F,OAAO;gBACT,CAAC;gBAED,gCAAgC;gBAChC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC;gBAC3D,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;gBAClD,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;gBACxD,IAAI,KAAK;oBAAE,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;gBACrD,IAAI,KAAK;oBAAE,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;gBACrD,IAAI,cAAc;oBAAE,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAC;gBAChF,IAAI,qBAAqB;oBAAE,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,qBAAqB,CAAC,CAAC;gBAErG,yBAAyB;gBACzB,GAAG,CAAC,SAAS,CAAC,UAAU,EAAE,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;gBAC/D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;YACxB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,qBAAqB,CAAC;gBAC/E,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,iBAAiB,EAAE,OAAO,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;QAED;;;;;WAKG;QACH,KAAK,CAAC,YAAY,CAChB,GAA8D,EAC9D,GAAiB;YAEjB,gBAAgB,CAAC,GAAG,CAAC,CAAC;YAEtB,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;gBAC3C,MAAM,EAAE,KAAK,EAAE,eAAe,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,IAAgC,CAAC;gBAE9F,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,iBAAiB,EAAE,yBAAyB,CAAC,CAAC;oBACvE,OAAO;gBACT,CAAC;gBAED,8BAA8B;gBAC9B,IAAI,SAAS,EAAE,CAAC;oBACd,MAAM,WAAW,GAAG,MAAM,QAAQ,CAAC,cAAc,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;oBAC5E,IAAI,CAAC,WAAW,EAAE,CAAC;wBACjB,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,gBAAgB,EAAE,8BAA8B,CAAC,CAAC;wBAC3E,OAAO;oBACT,CAAC;gBACH,CAAC;gBAED,mBAAmB;gBACnB,MAAM,QAAQ,CAAC,WAAW,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;gBAEnD,iCAAiC;gBACjC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;YACxB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,yCAAyC;gBACzC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;YACxB,CAAC;QACH,CAAC;QAED;;;;WAIG;QACH,KAAK,CAAC,yBAAyB,CAAC,IAAiB,EAAE,GAAiB;YAClE,gBAAgB,CAAC,GAAG,CAAC,CAAC;YACtB,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;YAElD,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,QAAQ,CAAC,sBAAsB,EAAE,CAAC;gBACjD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC/B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,qBAAqB,CAAC;gBAC/E,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,iBAAiB,EAAE,OAAO,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;QAED;;WAEG;QACH,aAAa,CAAC,IAAiB,EAAE,GAAiB;YAChD,IAAI,UAAU,EAAE,CAAC;gBACf,GAAG,CAAC,SAAS,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC;gBAClD,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,oBAAoB,CAAC,CAAC;gBACpE,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,6BAA6B,CAAC,CAAC;gBAC7E,GAAG,CAAC,SAAS,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAC;YACnD,CAAC;YACD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;QACxB,CAAC;KACF,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,wBAAwB,CAAC,MAAyB;IAChE,MAAM,UAAU,GAAgC;QAC9C,GAAG,2BAA2B;QAC9B,GAAG,MAAM;KACV,CAAC;IAEF,MAAM,EAAE,QAAQ,EAAE,GAAG,UAAU,CAAC;IAChC,MAAM,QAAQ,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAEjD,OAAO;QACL,iBAAiB;QACjB;YACE,MAAM,EAAE,SAAS;YACjB,IAAI,EAAE,GAAG,QAAQ,QAAQ;YACzB,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC;SAC9D;QACD;YACE,MAAM,EAAE,SAAS;YACjB,IAAI,EAAE,GAAG,QAAQ,YAAY;YAC7B,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC;SAC9D;QACD;YACE,MAAM,EAAE,SAAS;YACjB,IAAI,EAAE,GAAG,QAAQ,SAAS;YAC1B,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC;SAC9D;QACD;YACE,MAAM,EAAE,SAAS;YACjB,IAAI,EAAE,GAAG,QAAQ,mCAAmC;YACpD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC;SAC9D;QAED,iBAAiB;QACjB;YACE,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,GAAG,QAAQ,QAAQ;YACzB,OAAO,EAAE,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC7C;QAED,yBAAyB;QACzB;YACE,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,GAAG,QAAQ,YAAY;YAC7B,OAAO,EAAE,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC;SACjD;QAED,sBAAsB;QACtB;YACE,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,GAAG,QAAQ,SAAS;YAC1B,OAAO,EAAE,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC9C;QAED,2BAA2B;QAC3B;YACE,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,GAAG,QAAQ,mCAAmC;YACpD,OAAO,EAAE,QAAQ,CAAC,yBAAyB,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3D;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,UAAU,iBAAiB,CAC/B,MAAyB;IAEzB,6BAA6B;IAC7B,iEAAiE;IACjE,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IACnC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,8BAA8B;IAC9B,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3B,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAEnD,MAAM,SAAS,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;IAEnD,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;QAC9B,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;IAClD,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,GAAW,EAAE,WAAqB;IACpE,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAE5B,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;YAClC,cAAc;YACd,IAAI,OAAO,KAAK,GAAG,EAAE,CAAC;gBACpB,OAAO,IAAI,CAAC;YACd,CAAC;YAED,0DAA0D;YAC1D,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,MAAM,OAAO,GAAG,OAAO;qBACpB,OAAO,CAAC,oBAAoB,EAAE,MAAM,CAAC;qBACrC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;gBACxB,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,OAAO,GAAG,CAAC,CAAC;gBACzC,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;oBACpB,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,oBAAoB;YACpB,IAAI,CAAC;gBACH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;gBACvC,IACE,MAAM,CAAC,QAAQ,KAAK,aAAa,CAAC,QAAQ;oBAC1C,MAAM,CAAC,IAAI,KAAK,aAAa,CAAC,IAAI;oBAClC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,QAAQ,CAAC,EAClD,CAAC;oBACD,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,4BAA4B;YAC9B,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,QAAgB,EAChB,SAA2B,MAAM;IAEjC,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,oCAAoC;IACpC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC;IAEvC,2DAA2D;IAC3D,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1C,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9C,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5B,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAC3E,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,QAAgB,EAChB,SAAiB,EACjB,SAA2B,MAAM;IAEjC,MAAM,QAAQ,GAAG,MAAM,qBAAqB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC/D,OAAO,QAAQ,KAAK,SAAS,CAAC;AAChC,CAAC"}