arc-1 0.9.5 → 0.9.6

package/dist/server/http.js

@@ -186,6 +186,26 @@ export async function startHttpServer(serverFactory, config, xsuaaCredentials) {
     // and correct client IP detection behind CF's reverse proxy.
     app.set('trust proxy', 1);
     applySecurityMiddleware(app, config.allowedOrigins);
+    // ─── Layer 1: HTTP-edge rate limiter helper ──────────────────────────
+    // One operator-facing knob (`ARC1_AUTH_RATE_LIMIT`, default 20/min/IP) controls all
+    // OAuth endpoints uniformly. `/mcp` gets `max(value × 30, 600)/min/IP` so legitimate
+    // batched tool-call traffic isn't choked while pre-bearer-auth probing is still gated.
+    // Per-endpoint differentiation lives here, not in env, so the operator surface stays tiny.
+    // See docs_page/rate-limiting.md (Layer 1) and ADR-0004.
+    //
+    // Implementation note: the limiter is mounted DIRECTLY via createAuthRateLimiter →
+    // express-rate-limit. The disabled path skips the mount entirely rather than going
+    // through a noop indirection — this keeps the dataflow `rateLimit({...}) → app.use`
+    // direct and makes CodeQL's `js/missing-rate-limiting` query close cleanly.
+    const { createAuthRateLimiter, isCopilotJsonRpc } = await import('./auth-rate-limit.js');
+    const rateLimitEnabled = config.authRateLimit > 0;
+    const mcpRatePerMinute = rateLimitEnabled ? Math.max(config.authRateLimit * 30, 600) : 0;
+    logger.info('Auth rate limiting', {
+        perMinute: config.authRateLimit,
+        mcpPerMinute: mcpRatePerMinute,
+        endpoints: rateLimitEnabled ? ['/register', '/authorize', '/token', '/revoke', '/mcp'] : [],
+        disabled: !rateLimitEnabled,
+    });
     app.use(express.json());
     app.use(express.urlencoded({ extended: false }));
     const mcpHandler = createMcpHandler(serverFactory);
@@ -232,6 +252,42 @@ export async function startHttpServer(serverFactory, config, xsuaaCredentials) {
             verifier: { verifyAccessToken: chainedVerifier },
             resourceMetadataUrl,
         });
+        // ─── Layer 1: per-IP rate limiters on OAuth endpoints + /mcp ────────
+        // Mounted BEFORE the auth router so spammed credentials are rejected before any
+        // crypto / DB work. Discovery endpoints (/.well-known/*) are intentionally NOT
+        // rate-limited — they're cheap, cacheable, and legitimate clients hit them on
+        // every reconnect. See docs_page/rate-limiting.md.
+        //
+        // Every `app.use(path, …)` here receives a fresh `rateLimit({...})` middleware
+        // DIRECTLY. No conditional dispatchers, no helper wrappers. CodeQL's
+        // `js/missing-rate-limiting` query only recognises that exact pattern; going
+        // through an inline arrow function with branch-based delegation makes it
+        // re-open the alert (verified — see PR #276 review history).
+        //
+        // Copilot Studio quirk: that client POSTs MCP JSON-RPC bodies to `/authorize`
+        // (see routing handler below). To stop those tool calls being choked at the
+        // low OAuth cap, we mount TWO limiters on `/authorize`:
+        //   1. OAuth cap, with `skip` returning true for Copilot JSON-RPC traffic.
+        //   2. /mcp cap, with `skip` returning true for everything BUT Copilot JSON-RPC.
+        // Each request hits one bucket — the OAuth bucket for real OAuth flows, the
+        // higher /mcp bucket for Copilot. The `isCopilotJsonRpc` predicate is shared
+        // with auth-rate-limit.ts so the two mounts can never drift.
+        //
+        // Trade-off: the /authorize-JSON-RPC bucket is a separate store from the
+        // direct /mcp bucket. An attacker alternating routes effectively gets
+        // `mcpCap + mcpCap = 2 × mcpCap`/min/IP. At default config that's still
+        // 1200/min, well below abuse thresholds. Sharing the store would require
+        // injecting a custom MemoryStore into both `rateLimit({...})` calls — not
+        // worth the complexity for a 2× headroom on an already loose cap.
+        if (rateLimitEnabled) {
+            app.use('/register', createAuthRateLimiter('/register', config.authRateLimit));
+            // /authorize OAuth limiter — skips Copilot Studio MCP JSON-RPC traffic.
+            app.use('/authorize', createAuthRateLimiter('/authorize', config.authRateLimit, { skip: isCopilotJsonRpc }));
+            // /authorize MCP limiter — only applies to Copilot Studio JSON-RPC; uses /mcp cap.
+            app.use('/authorize', createAuthRateLimiter('/mcp', mcpRatePerMinute, { skip: (req) => !isCopilotJsonRpc(req) }));
+            app.use('/token', createAuthRateLimiter('/token', config.authRateLimit));
+            app.use('/revoke', createAuthRateLimiter('/revoke', config.authRateLimit));
+        }
         // ─── OAuth authorize normalization + Copilot Studio MCP workaround ──
         // Copilot Studio sends MCP JSON-RPC requests to /authorize instead of
         // /mcp after completing the OAuth flow. When we detect a JSON-RPC body
@@ -241,8 +297,11 @@ export async function startHttpServer(serverFactory, config, xsuaaCredentials) {
         // For normal OAuth requests, merge query params into body as fallback
         // (some clients send POST /authorize with params in query string).
         app.use('/authorize', (req, res, next) => {
-            // Detect MCP JSON-RPC on /authorize (Copilot Studio quirk)
-            if (req.method === 'POST' && req.body?.jsonrpc) {
+            // Detect MCP JSON-RPC on /authorize (Copilot Studio quirk). Reuses the
+            // exact same predicate as the rate-limit skip()s above — the two MUST
+            // agree, otherwise a request that one path treats as Copilot and the
+            // other treats as OAuth slips through the wrong rate-limit bucket.
+            if (isCopilotJsonRpc(req)) {
                 logger.info('MCP JSON-RPC on /authorize, routing to MCP handler', {
                     rpcMethod: req.body.method,
                     id: req.body.id,
@@ -354,6 +413,12 @@ export async function startHttpServer(serverFactory, config, xsuaaCredentials) {
             scopesSupported,
             resourceName: 'ARC-1 SAP MCP Server',
         }));
+        // Layer 1: rate-limit /mcp BEFORE bearer auth so anonymous probing is gated.
+        // Direct `app.use(path, rateLimit({...}))` mount — no helper indirection —
+        // so CodeQL's `js/missing-rate-limiting` query sees the dataflow cleanly.
+        if (rateLimitEnabled) {
+            app.use('/mcp', createAuthRateLimiter('/mcp', mcpRatePerMinute));
+        }
         // Protected MCP endpoint with chained token verification
         app.all('/mcp', bearerAuth, mcpHandler);
         logger.info('XSUAA OAuth proxy enabled', {
@@ -366,6 +431,12 @@ export async function startHttpServer(serverFactory, config, xsuaaCredentials) {
         if (config.oidcIssuer) {
             await initJwks(config.oidcIssuer);
         }
+        // Layer 1 on /mcp also applies outside XSUAA mode — API-key / OIDC / no-auth
+        // deployments get the same anonymous-probing protection. OAuth endpoints don't
+        // exist in non-XSUAA mode so only /mcp needs mounting here.
+        if (rateLimitEnabled) {
+            app.use('/mcp', createAuthRateLimiter('/mcp', mcpRatePerMinute));
+        }
         if (config.apiKeys || config.oidcIssuer) {
             // Use requireBearerAuth so that authInfo is populated on the MCP request context.
             // This enables scope enforcement, per-request safety, and principal propagation.

package/dist/server/http.js.map

@@ -1 +1 @@
-{"version":3,"file":"http.js","sourceRoot":"","sources":["../../src/server/http.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAGH,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AACnG,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAItC,wEAAwE;AAExE;;;GAGG;AACH,SAAS,WAAW,CAClB,KAAa,EACb,MAAoB;IAEpB,8FAA8F;IAC9F,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnC,IAAI,KAAK,KAAK,KAAK,CAAC,GAAG,EAAE,CAAC;gBACxB,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAChD,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,4DAA4D;oBAC5D,OAAO,SAAS,CAAC;gBACnB,CAAC;gBACD,MAAM,MAAM,GAAG,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBAC5C,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;YAClF,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,wEAAwE;AAExE,IAAI,UAAU,GAAiC,IAAI,CAAC;AACpD,IAAI,UAAU,GAAgE,IAAI,CAAC;AAEnF,wEAAwE;AAExE;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,uBAAuB,CAAC,GAAwB,EAAE,cAAwB;IACxF,MAAM,cAAc,GAAG,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC;IACjD,GAAG,CAAC,GAAG,CACL,MAAM,CAAC;QACL,0EAA0E;QAC1E,qDAAqD;QACrD,uBAAuB,EAAE,KAAK;QAC9B,yBAAyB,EAAE,cAAc,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,cAAuB,EAAE,CAAC,CAAC,CAAC,SAAS;QAC3F,yEAAyE;QACzE,kEAAkE;QAClE,wEAAwE;QACxE,2CAA2C;QAC3C,qBAAqB,EAAE,cAAc;YACnC,CAAC,CAAC;gBACE,WAAW,EAAE,IAAI;gBACjB,UAAU,EAAE;oBACV,WAAW,EAAE,CAAC,QAAQ,EAAE,iBAAiB,CAAC;iBAC3C;aACF;YACH,CAAC,CAAC,SAAS;KACd,CAAC,CACH,CAAC;IAEF,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,CAAC;QACxC,GAAG,CAAC,GAAG,CACL,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE;gBAC3B,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,kEAAkE;oBAClE,6CAA6C;oBAC7C,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;oBACtB,OAAO;gBACT,CAAC;gBACD,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;YACtC,CAAC;YACD,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,CAAC;YAC7C,cAAc,EAAE,CAAC,cAAc,EAAE,eAAe,EAAE,gBAAgB,CAAC;YACnE,cAAc,EAAE,CAAC,gBAAgB,CAAC;YAClC,WAAW,EAAE,IAAI;SAClB,CAAC,CACH,CAAC;QACF,mEAAmE;QACnE,wEAAwE;QACxE,0EAA0E;QAC1E,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;YAC1B,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC;YAClC,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC5E,MAAM,CAAC,SAAS,CAAC;oBACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACnC,KAAK,EAAE,MAAM;oBACb,KAAK,EAAE,eAAe;oBACtB,MAAM;oBACN,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,IAAI,EAAE,GAAG,CAAC,IAAI;iBACf,CAAC,CAAC;YACL,CAAC;YACD,IAAI,EAAE,CAAC;QACT,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC;AAED,wEAAwE;AAExE;;;GAGG;AACH,SAAS,gBAAgB,CAAC,aAA8B;IACtD,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QAC3C,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE;YAClC,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;YACxC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI;YACnB,UAAU,EAAE,GAAG,CAAC,IAAI,EAAE,MAAM;YAC5B,MAAM,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE;SACrB,CAAC,CAAC;QACH,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC;gBAClD,kBAAkB,EAAE,SAAS,EAAE,iBAAiB;aACjD,CAAC,CAAC;YACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAChC,8DAA8D;YAC9D,uEAAuE;YACvE,qEAAqE;YACrE,kEAAkE;YAClE,qEAAqE;YACrE,oDAAoD;YACpD,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC/F,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,aAA8B,EAC9B,MAAoB,EACpB,gBAAmC;IAEnC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,IAAI,IAAI,SAAS,CAAC;IAEnC,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;IACtB,oEAAoE;IACpE,6DAA6D;IAC7D,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;IAE1B,uBAAuB,CAAC,GAAG,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;IAEpD,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IACxB,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IACjD,MAAM,UAAU,GAAG,gBAAgB,CAAC,aAAa,CAAC,CAAC;IAEnD,+DAA+D;IAC/D,2DAA2D;IAC3D,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;QAC1B,MAAM,CAAC,KAAK,CAAC,cAAc,EAAE;YAC3B,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;YACxC,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAClD,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa;YACpC,EAAE,EAAE,GAAG,CAAC,EAAE;SACX,CAAC,CAAC;QACH,IAAI,EAAE,CAAC;IACT,CAAC,CAAC,CAAC;IAEH,4DAA4D;IAC5D,2EAA2E;IAC3E,gFAAgF;IAChF,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QAC/B,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAC5E,CAAC,CAAC,CAAC;IAEH,4DAA4D;IAC5D,IAAI,MAAM,CAAC,SAAS,IAAI,gBAAgB,EAAE,CAAC;QACzC,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,iDAAiD,CAAC,CAAC;QAC1F,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,gEAAgE,CAAC,CAAC;QAC7G,MAAM,EAAE,wBAAwB,EAAE,0BAA0B,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CACrG,YAAY,CACb,CAAC;QACF,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC;QAEpD,uCAAuC;QACvC,MAAM,MAAM,GAAG,SAAS,EAAE,IAAI,UAAU,QAAQ,IAAI,IAAI,EAAE,CAAC;QAE3D,2CAA2C;QAC3C,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,wBAAwB,CAAC,gBAAgB,EAAE,MAAM,EAAE;YACnF,aAAa,EAAE,MAAM,CAAC,kBAAkB;YACxC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC1C,CAAC,CAAC;QACH,MAAM,aAAa,GAAG,wBAAwB,CAAC,gBAAgB,CAAC,CAAC;QACjE,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACtF,MAAM,eAAe,GAAG,0BAA0B,CAAC,MAAM,EAAE,aAAa,EAAE,YAAY,CAAC,CAAC;QAExF,uFAAuF;QACvF,yFAAyF;QACzF,MAAM,mBAAmB,GAAG,GAAG,MAAM,2CAA2C,CAAC;QACjF,MAAM,UAAU,GAAG,iBAAiB,CAAC;YACnC,QAAQ,EAAE,EAAE,iBAAiB,EAAE,eAAe,EAAE;YAChD,mBAAmB;SACpB,CAAC,CAAC;QAEH,uEAAuE;QACvE,sEAAsE;QACtE,uEAAuE;QACvE,wEAAwE;QACxE,iDAAiD;QACjD,EAAE;QACF,sEAAsE;QACtE,mEAAmE;QACnE,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YACvC,2DAA2D;YAC3D,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;gBAC/C,MAAM,CAAC,IAAI,CAAC,oDAAoD,EAAE;oBAChE,SAAS,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM;oBAC1B,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE;oBACf,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;iBACnD,CAAC,CAAC;gBACH,qEAAqE;gBACrE,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,GAAa,EAAE,EAAE;oBACrC,IAAI,GAAG,EAAE,CAAC;wBACR,IAAI,CAAC,GAAG,CAAC,CAAC;wBACV,OAAO;oBACT,CAAC;oBACD,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;gBACvB,CAAC,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;gBACtC,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;gBACxC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI;gBACnB,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE;gBAC/C,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;aAClC,CAAC,CAAC;YACH,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC;gBACzE,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,CAAC;gBACjD,MAAM,CAAC,KAAK,CAAC,gDAAgD,EAAE;oBAC7D,SAAS,EAAE,GAAG,CAAC,IAAI,CAAC,SAAS;iBAC9B,CAAC,CAAC;YACL,CAAC;YAED,kEAAkE;YAClE,qEAAqE;YACrE,sEAAsE;YACtE,wEAAwE;YACxE,qEAAqE;YACrE,uEAAuE;YACvE,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC;YAC5D,MAAM,WAAW,GAAG,MAAM,EAAE,YAAY,CAAC;YACzC,MAAM,QAAQ,GAAG,MAAM,EAAE,SAAS,CAAC;YACnC,IAAI,QAAQ,IAAI,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;gBAC/D,WAAW,CAAC,iBAAiB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,IAAI,EAAE,CAAC;QACT,CAAC,CAAC,CAAC;QAEH,iEAAiE;QACjE,0DAA0D;QAC1D,yEAAyE;QACzE,0EAA0E;QAC1E,qEAAqE;QACrE,kEAAkE;QAClE,qEAAqE;QACrE,EAAE;QACF,yEAAyE;QACzE,wEAAwE;QACxE,wEAAwE;QACxE,yEAAyE;QACzE,0EAA0E;QAC1E,qDAAqD;QACrD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;QACrC,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,iCAAiC;QAC5F,MAAM,QAAQ,GAAG,GAAG,YAAY,CAAC,MAAM,GAAG,QAAQ,EAAE,CAAC,CAAC,sCAAsC;QAC5F,MAAM,eAAe,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QAEvF,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,kBAAkB,GAAG;gBACzB,MAAM,EAAE,GAAG,QAAQ,GAAG;gBACtB,sBAAsB,EAAE,GAAG,QAAQ,YAAY;gBAC/C,wBAAwB,EAAE,CAAC,MAAM,CAAC;gBAClC,gCAAgC,EAAE,CAAC,MAAM,CAAC;gBAC1C,cAAc,EAAE,GAAG,QAAQ,QAAQ;gBACnC,qCAAqC,EAAE,CAAC,oBAAoB,EAAE,MAAM,CAAC;gBACrE,qBAAqB,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;gBAC9D,gBAAgB,EAAE,eAAe;gBACjC,mBAAmB,EAAE,GAAG,QAAQ,SAAS;gBACzC,0CAA0C,EAAE,CAAC,oBAAoB,CAAC;gBAClE,qBAAqB,EAAE,GAAG,QAAQ,WAAW;aAC9C,CAAC;YACF,MAAM,sBAAsB,GAAG;gBAC7B,QAAQ,EAAE,GAAG,QAAQ,MAAM;gBAC3B,qBAAqB,EAAE,CAAC,GAAG,QAAQ,GAAG,CAAC;gBACvC,gBAAgB,EAAE,eAAe;gBACjC,aAAa,EAAE,sBAAsB;aACtC,CAAC;YAEF,GAAG,CAAC,GAAG,CAAC,yCAAyC,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;gBAC/D,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YAC/B,CAAC,CAAC,CAAC;YACH,2EAA2E;YAC3E,wEAAwE;YACxE,qDAAqD;YACrD,GAAG,CAAC,GAAG,CAAC,2CAA2C,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;gBACjE,GAAG,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;YACnC,CAAC,CAAC,CAAC;YACH,GAAG,CAAC,GAAG,CAAC,wCAAwC,QAAQ,MAAM,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;gBAC5E,GAAG,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;YACnC,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,mDAAmD,EAAE;gBAC/D,SAAS,EAAE,QAAQ;gBACnB,QAAQ;aACT,CAAC,CAAC;QACL,CAAC;QAED,+DAA+D;QAC/D,wEAAwE;QACxE,yEAAyE;QACzE,wEAAwE;QACxE,yEAAyE;QACzE,QAAQ;QACR,GAAG,CAAC,GAAG,CACL,aAAa,CAAC;YACZ,QAAQ;YACR,SAAS,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC;YAC1B,OAAO,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC;YACxB,iBAAiB,EAAE,IAAI,GAAG,CAAC,GAAG,MAAM,MAAM,CAAC;YAC3C,eAAe;YACf,YAAY,EAAE,sBAAsB;SACrC,CAAC,CACH,CAAC;QAEF,yDAAyD;QACzD,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;QAExC,MAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE;YACvC,SAAS,EAAE,gBAAgB,CAAC,SAAS;YACrC,MAAM;SACP,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,4DAA4D;QAC5D,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACtB,MAAM,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACpC,CAAC;QAED,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACxC,kFAAkF;YAClF,iFAAiF;YACjF,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,gEAAgE,CAAC,CAAC;YAC7G,MAAM,QAAQ,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;YAChD,MAAM,UAAU,GAAG,iBAAiB,CAAC,EAAE,QAAQ,EAAE,EAAE,iBAAiB,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;YACpF,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,mCAAmC;YACnC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,8DAA8D;IAC9D,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACnB,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;QAC5F,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iEAAiE,EAAE,CAAC,CAAC;IACrG,CAAC,CAAC,CAAC;IAEH,8DAA8D;IAC9D,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE;QACjD,IAAI,QAAQ,GAAG,aAAa,CAAC;QAC7B,IAAI,MAAM,CAAC,SAAS,IAAI,gBAAgB;YAAE,QAAQ,GAAG,mBAAmB,CAAC;aACpE,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,UAAU;YAAE,QAAQ,GAAG,iBAAiB,CAAC;aACtE,IAAI,MAAM,CAAC,OAAO;YAAE,QAAQ,GAAG,aAAa,MAAM,CAAC,OAAO,CAAC,MAAM,QAAQ,CAAC;aAC1E,IAAI,MAAM,CAAC,UAAU;YAAE,QAAQ,GAAG,MAAM,CAAC;QAE9C,MAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE;YACvC,IAAI,EAAE,GAAG,QAAQ,IAAI,IAAI,EAAE;YAC3B,MAAM,EAAE,UAAU,QAAQ,IAAI,IAAI,SAAS;YAC3C,GAAG,EAAE,UAAU,QAAQ,IAAI,IAAI,MAAM;YACrC,IAAI,EAAE,QAAQ;SACf,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,oFAAoF;IACpF,gDAAgD;IAChD,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;QACpD,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC9B,MAAM,CAAC,KAAK,CACV,QAAQ,IAAI,yHAAyH,EACrI,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CACzB,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;QACtF,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,uEAAuE;AAEvE;;;;GAIG;AACH,SAAS,sBAAsB,CAC7B,MAAoB;IAEpB,OAAO,KAAK,EAAE,KAAa,EAAE,EAAE;QAC7B,mEAAmE;QACnE,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,iDAAiD,CAAC,CAAC;QAE9F,qDAAqD;QACrD,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC/C,IAAI,WAAW,EAAE,CAAC;YAChB,qFAAqF;YACrF,MAAM,aAAa,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;YACzC,OAAO;gBACL,KAAK;gBACL,QAAQ,EAAE,WAAW,CAAC,QAAQ;gBAC9B,MAAM,EAAE,WAAW,CAAC,MAAM;gBAC1B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,aAAa;aACzD,CAAC;QACJ,CAAC;QAED,wCAAwC;QACxC,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACtB,IAAI,CAAC;gBACH,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,EAAE,CAAC;oBAC/B,MAAM,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;gBACpC,CAAC;gBACD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,EAAE,CAAC;oBAC/B,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;gBAChF,CAAC;gBACD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,KAAK,EAAE,UAAU,EAAE;oBAChE,MAAM,EAAE,MAAM,CAAC,UAAU;oBACzB,QAAQ,EAAE,MAAM,CAAC,YAAY;oBAC7B,cAAc,EAAE,CAAC,KAAK,CAAC;oBACvB,GAAG,CAAC,MAAM,CAAC,kBAAkB,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBAC5F,CAAC,CAAC;gBAEH,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;gBAEpF,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;gBAE1C,OAAO;oBACL,KAAK;oBACL,QAAQ,EAAG,OAAO,CAAC,GAAc,IAAK,OAAO,CAAC,GAAc,IAAI,WAAW;oBAC3E,MAAM;oBACN,SAAS,EAAE,OAAO,CAAC,GAAG;oBACtB,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;iBAC9C,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,4EAA4E;gBAC5E,IAAI,GAAG,YAAY,iBAAiB;oBAAE,MAAM,GAAG,CAAC;gBAChD,MAAM,IAAI,iBAAiB,CAAE,GAAa,CAAC,OAAO,IAAI,eAAe,CAAC,CAAC;YACzE,CAAC;QACH,CAAC;QAED,MAAM,IAAI,iBAAiB,CAAC,sCAAsC,CAAC,CAAC;IACtE,CAAC,CAAC;AACJ,CAAC;AAED,wEAAwE;AAExE;;;GAGG;AACH,KAAK,UAAU,kBAAkB,CAC/B,MAAoB;IAEpB,MAAM,QAAQ,CAAC,MAAM,CAAC,UAAW,CAAC,CAAC;IAEnC,OAAO,KAAK,EAAE,KAAa,EAAE,EAAE;QAC7B,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QACD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,KAAK,EAAE,UAAU,EAAE;YAChE,MAAM,EAAE,MAAM,CAAC,UAAU;YACzB,QAAQ,EAAE,MAAM,CAAC,YAAY;YAC7B,cAAc,EAAE,CAAC,KAAK,CAAC;YACvB,GAAG,CAAC,MAAM,CAAC,kBAAkB,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC5F,CAAC,CAAC;QAEH,MAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAE3E,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAE1C,OAAO;YACL,KAAK;YACL,QAAQ,EAAG,OAAO,CAAC,GAAc,IAAK,OAAO,CAAC,GAAc,IAAI,WAAW;YAC3E,MAAM;YACN,SAAS,EAAE,OAAO,CAAC,GAAG;YACtB,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;SAC9C,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED,uEAAuE;AAEvE,MAAM,YAAY,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;AAEpF;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAgC;IAChE,IAAI,SAA+B,CAAC;IAEpC,wCAAwC;IACxC,IAAI,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QACtC,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACnE,CAAC;IACD,6FAA6F;SACxF,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QACzC,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACjE,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACtC,SAAS,GAAI,OAAO,CAAC,GAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC7F,CAAC;IAED,oDAAoD;IACpD,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CACT,gEAAgE;YAC9D,8EAA8E,CACjF,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,CAAC;IAClB,CAAC;IAED,yBAAyB;IACzB,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAEnE,uEAAuE;IACvE,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,IAAI,CAAC,4EAA4E,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;QACzG,OAAO,CAAC,MAAM,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,YAAY,CAAC,QAAQ,CAAC,CAAC;AAChC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,QAAQ,CAAC,MAAc;IACpC,IAAI,UAAU,IAAI,UAAU;QAAE,OAAO;IAErC,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;QACpC,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,kCAAkC,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,GAAG,CAAC,CAAC;QAC1G,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;QACtD,MAAM,SAAS,GAAG,CAAC,MAAM,aAAa,CAAC,IAAI,EAAE,CAAyB,CAAC;QAEvE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,+CAA+C,OAAO,EAAE,CAAC,CAAC;QAC5E,CAAC;QAED,UAAU,GAAG,UAAU,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,IAAI,CAAC,uBAAuB,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC;IAChF,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,gCAAgC,EAAE;YAC7C,MAAM;YACN,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SACxD,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}
+{"version":3,"file":"http.js","sourceRoot":"","sources":["../../src/server/http.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAGH,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AACnG,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAItC,wEAAwE;AAExE;;;GAGG;AACH,SAAS,WAAW,CAClB,KAAa,EACb,MAAoB;IAEpB,8FAA8F;IAC9F,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnC,IAAI,KAAK,KAAK,KAAK,CAAC,GAAG,EAAE,CAAC;gBACxB,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAChD,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,4DAA4D;oBAC5D,OAAO,SAAS,CAAC;gBACnB,CAAC;gBACD,MAAM,MAAM,GAAG,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBAC5C,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;YAClF,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,wEAAwE;AAExE,IAAI,UAAU,GAAiC,IAAI,CAAC;AACpD,IAAI,UAAU,GAAgE,IAAI,CAAC;AAEnF,wEAAwE;AAExE;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,uBAAuB,CAAC,GAAwB,EAAE,cAAwB;IACxF,MAAM,cAAc,GAAG,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC;IACjD,GAAG,CAAC,GAAG,CACL,MAAM,CAAC;QACL,0EAA0E;QAC1E,qDAAqD;QACrD,uBAAuB,EAAE,KAAK;QAC9B,yBAAyB,EAAE,cAAc,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,cAAuB,EAAE,CAAC,CAAC,CAAC,SAAS;QAC3F,yEAAyE;QACzE,kEAAkE;QAClE,wEAAwE;QACxE,2CAA2C;QAC3C,qBAAqB,EAAE,cAAc;YACnC,CAAC,CAAC;gBACE,WAAW,EAAE,IAAI;gBACjB,UAAU,EAAE;oBACV,WAAW,EAAE,CAAC,QAAQ,EAAE,iBAAiB,CAAC;iBAC3C;aACF;YACH,CAAC,CAAC,SAAS;KACd,CAAC,CACH,CAAC;IAEF,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,CAAC;QACxC,GAAG,CAAC,GAAG,CACL,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE;gBAC3B,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,kEAAkE;oBAClE,6CAA6C;oBAC7C,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;oBACtB,OAAO;gBACT,CAAC;gBACD,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;YACtC,CAAC;YACD,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,CAAC;YAC7C,cAAc,EAAE,CAAC,cAAc,EAAE,eAAe,EAAE,gBAAgB,CAAC;YACnE,cAAc,EAAE,CAAC,gBAAgB,CAAC;YAClC,WAAW,EAAE,IAAI;SAClB,CAAC,CACH,CAAC;QACF,mEAAmE;QACnE,wEAAwE;QACxE,0EAA0E;QAC1E,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;YAC1B,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC;YAClC,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC5E,MAAM,CAAC,SAAS,CAAC;oBACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACnC,KAAK,EAAE,MAAM;oBACb,KAAK,EAAE,eAAe;oBACtB,MAAM;oBACN,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,IAAI,EAAE,GAAG,CAAC,IAAI;iBACf,CAAC,CAAC;YACL,CAAC;YACD,IAAI,EAAE,CAAC;QACT,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC;AAED,wEAAwE;AAExE;;;GAGG;AACH,SAAS,gBAAgB,CAAC,aAA8B;IACtD,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QAC3C,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE;YAClC,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;YACxC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI;YACnB,UAAU,EAAE,GAAG,CAAC,IAAI,EAAE,MAAM;YAC5B,MAAM,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE;SACrB,CAAC,CAAC;QACH,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC;gBAClD,kBAAkB,EAAE,SAAS,EAAE,iBAAiB;aACjD,CAAC,CAAC;YACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAChC,8DAA8D;YAC9D,uEAAuE;YACvE,qEAAqE;YACrE,kEAAkE;YAClE,qEAAqE;YACrE,oDAAoD;YACpD,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC/F,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,aAA8B,EAC9B,MAAoB,EACpB,gBAAmC;IAEnC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,IAAI,IAAI,SAAS,CAAC;IAEnC,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;IACtB,oEAAoE;IACpE,6DAA6D;IAC7D,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;IAE1B,uBAAuB,CAAC,GAAG,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;IAEpD,wEAAwE;IACxE,oFAAoF;IACpF,qFAAqF;IACrF,uFAAuF;IACvF,2FAA2F;IAC3F,yDAAyD;IACzD,EAAE;IACF,mFAAmF;IACnF,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;IACzF,MAAM,gBAAgB,GAAG,MAAM,CAAC,aAAa,GAAG,CAAC,CAAC;IAClD,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,aAAa,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACzF,MAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE;QAChC,SAAS,EAAE,MAAM,CAAC,aAAa;QAC/B,YAAY,EAAE,gBAAgB;QAC9B,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE;QAC3F,QAAQ,EAAE,CAAC,gBAAgB;KAC5B,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IACxB,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IACjD,MAAM,UAAU,GAAG,gBAAgB,CAAC,aAAa,CAAC,CAAC;IAEnD,+DAA+D;IAC/D,2DAA2D;IAC3D,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;QAC1B,MAAM,CAAC,KAAK,CAAC,cAAc,EAAE;YAC3B,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;YACxC,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAClD,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa;YACpC,EAAE,EAAE,GAAG,CAAC,EAAE;SACX,CAAC,CAAC;QACH,IAAI,EAAE,CAAC;IACT,CAAC,CAAC,CAAC;IAEH,4DAA4D;IAC5D,2EAA2E;IAC3E,gFAAgF;IAChF,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QAC/B,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAC5E,CAAC,CAAC,CAAC;IAEH,4DAA4D;IAC5D,IAAI,MAAM,CAAC,SAAS,IAAI,gBAAgB,EAAE,CAAC;QACzC,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,iDAAiD,CAAC,CAAC;QAC1F,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,gEAAgE,CAAC,CAAC;QAC7G,MAAM,EAAE,wBAAwB,EAAE,0BAA0B,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CACrG,YAAY,CACb,CAAC;QACF,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC;QAEpD,uCAAuC;QACvC,MAAM,MAAM,GAAG,SAAS,EAAE,IAAI,UAAU,QAAQ,IAAI,IAAI,EAAE,CAAC;QAE3D,2CAA2C;QAC3C,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,wBAAwB,CAAC,gBAAgB,EAAE,MAAM,EAAE;YACnF,aAAa,EAAE,MAAM,CAAC,kBAAkB;YACxC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC1C,CAAC,CAAC;QACH,MAAM,aAAa,GAAG,wBAAwB,CAAC,gBAAgB,CAAC,CAAC;QACjE,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACtF,MAAM,eAAe,GAAG,0BAA0B,CAAC,MAAM,EAAE,aAAa,EAAE,YAAY,CAAC,CAAC;QAExF,uFAAuF;QACvF,yFAAyF;QACzF,MAAM,mBAAmB,GAAG,GAAG,MAAM,2CAA2C,CAAC;QACjF,MAAM,UAAU,GAAG,iBAAiB,CAAC;YACnC,QAAQ,EAAE,EAAE,iBAAiB,EAAE,eAAe,EAAE;YAChD,mBAAmB;SACpB,CAAC,CAAC;QAEH,uEAAuE;QACvE,gFAAgF;QAChF,+EAA+E;QAC/E,8EAA8E;QAC9E,mDAAmD;QACnD,EAAE;QACF,+EAA+E;QAC/E,qEAAqE;QACrE,6EAA6E;QAC7E,yEAAyE;QACzE,6DAA6D;QAC7D,EAAE;QACF,8EAA8E;QAC9E,4EAA4E;QAC5E,wDAAwD;QACxD,2EAA2E;QAC3E,iFAAiF;QACjF,4EAA4E;QAC5E,6EAA6E;QAC7E,6DAA6D;QAC7D,EAAE;QACF,yEAAyE;QACzE,sEAAsE;QACtE,wEAAwE;QACxE,yEAAyE;QACzE,0EAA0E;QAC1E,kEAAkE;QAClE,IAAI,gBAAgB,EAAE,CAAC;YACrB,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,qBAAqB,CAAC,WAAW,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC;YAC/E,wEAAwE;YACxE,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,qBAAqB,CAAC,YAAY,EAAE,MAAM,CAAC,aAAa,EAAE,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC,CAAC,CAAC;YAC7G,mFAAmF;YACnF,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,qBAAqB,CAAC,MAAM,EAAE,gBAAgB,EAAE,EAAE,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YAClH,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,QAAQ,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC;YACzE,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,qBAAqB,CAAC,SAAS,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC;QAC7E,CAAC;QAED,uEAAuE;QACvE,sEAAsE;QACtE,uEAAuE;QACvE,wEAAwE;QACxE,iDAAiD;QACjD,EAAE;QACF,sEAAsE;QACtE,mEAAmE;QACnE,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YACvC,uEAAuE;YACvE,sEAAsE;YACtE,qEAAqE;YACrE,mEAAmE;YACnE,IAAI,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,MAAM,CAAC,IAAI,CAAC,oDAAoD,EAAE;oBAChE,SAAS,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM;oBAC1B,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE;oBACf,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;iBACnD,CAAC,CAAC;gBACH,qEAAqE;gBACrE,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,GAAa,EAAE,EAAE;oBACrC,IAAI,GAAG,EAAE,CAAC;wBACR,IAAI,CAAC,GAAG,CAAC,CAAC;wBACV,OAAO;oBACT,CAAC;oBACD,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;gBACvB,CAAC,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;gBACtC,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;gBACxC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI;gBACnB,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE;gBAC/C,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;aAClC,CAAC,CAAC;YACH,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC;gBACzE,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,CAAC;gBACjD,MAAM,CAAC,KAAK,CAAC,gDAAgD,EAAE;oBAC7D,SAAS,EAAE,GAAG,CAAC,IAAI,CAAC,SAAS;iBAC9B,CAAC,CAAC;YACL,CAAC;YAED,kEAAkE;YAClE,qEAAqE;YACrE,sEAAsE;YACtE,wEAAwE;YACxE,qEAAqE;YACrE,uEAAuE;YACvE,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC;YAC5D,MAAM,WAAW,GAAG,MAAM,EAAE,YAAY,CAAC;YACzC,MAAM,QAAQ,GAAG,MAAM,EAAE,SAAS,CAAC;YACnC,IAAI,QAAQ,IAAI,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;gBAC/D,WAAW,CAAC,iBAAiB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,IAAI,EAAE,CAAC;QACT,CAAC,CAAC,CAAC;QAEH,iEAAiE;QACjE,0DAA0D;QAC1D,yEAAyE;QACzE,0EAA0E;QAC1E,qEAAqE;QACrE,kEAAkE;QAClE,qEAAqE;QACrE,EAAE;QACF,yEAAyE;QACzE,wEAAwE;QACxE,wEAAwE;QACxE,yEAAyE;QACzE,0EAA0E;QAC1E,qDAAqD;QACrD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;QACrC,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,iCAAiC;QAC5F,MAAM,QAAQ,GAAG,GAAG,YAAY,CAAC,MAAM,GAAG,QAAQ,EAAE,CAAC,CAAC,sCAAsC;QAC5F,MAAM,eAAe,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QAEvF,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,kBAAkB,GAAG;gBACzB,MAAM,EAAE,GAAG,QAAQ,GAAG;gBACtB,sBAAsB,EAAE,GAAG,QAAQ,YAAY;gBAC/C,wBAAwB,EAAE,CAAC,MAAM,CAAC;gBAClC,gCAAgC,EAAE,CAAC,MAAM,CAAC;gBAC1C,cAAc,EAAE,GAAG,QAAQ,QAAQ;gBACnC,qCAAqC,EAAE,CAAC,oBAAoB,EAAE,MAAM,CAAC;gBACrE,qBAAqB,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;gBAC9D,gBAAgB,EAAE,eAAe;gBACjC,mBAAmB,EAAE,GAAG,QAAQ,SAAS;gBACzC,0CAA0C,EAAE,CAAC,oBAAoB,CAAC;gBAClE,qBAAqB,EAAE,GAAG,QAAQ,WAAW;aAC9C,CAAC;YACF,MAAM,sBAAsB,GAAG;gBAC7B,QAAQ,EAAE,GAAG,QAAQ,MAAM;gBAC3B,qBAAqB,EAAE,CAAC,GAAG,QAAQ,GAAG,CAAC;gBACvC,gBAAgB,EAAE,eAAe;gBACjC,aAAa,EAAE,sBAAsB;aACtC,CAAC;YAEF,GAAG,CAAC,GAAG,CAAC,yCAAyC,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;gBAC/D,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YAC/B,CAAC,CAAC,CAAC;YACH,2EAA2E;YAC3E,wEAAwE;YACxE,qDAAqD;YACrD,GAAG,CAAC,GAAG,CAAC,2CAA2C,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;gBACjE,GAAG,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;YACnC,CAAC,CAAC,CAAC;YACH,GAAG,CAAC,GAAG,CAAC,wCAAwC,QAAQ,MAAM,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;gBAC5E,GAAG,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;YACnC,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,mDAAmD,EAAE;gBAC/D,SAAS,EAAE,QAAQ;gBACnB,QAAQ;aACT,CAAC,CAAC;QACL,CAAC;QAED,+DAA+D;QAC/D,wEAAwE;QACxE,yEAAyE;QACzE,wEAAwE;QACxE,yEAAyE;QACzE,QAAQ;QACR,GAAG,CAAC,GAAG,CACL,aAAa,CAAC;YACZ,QAAQ;YACR,SAAS,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC;YAC1B,OAAO,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC;YACxB,iBAAiB,EAAE,IAAI,GAAG,CAAC,GAAG,MAAM,MAAM,CAAC;YAC3C,eAAe;YACf,YAAY,EAAE,sBAAsB;SACrC,CAAC,CACH,CAAC;QAEF,6EAA6E;QAC7E,2EAA2E;QAC3E,0EAA0E;QAC1E,IAAI,gBAAgB,EAAE,CAAC;YACrB,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,qBAAqB,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAC;QACnE,CAAC;QACD,yDAAyD;QACzD,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;QAExC,MAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE;YACvC,SAAS,EAAE,gBAAgB,CAAC,SAAS;YACrC,MAAM;SACP,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,4DAA4D;QAC5D,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACtB,MAAM,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACpC,CAAC;QAED,6EAA6E;QAC7E,+EAA+E;QAC/E,4DAA4D;QAC5D,IAAI,gBAAgB,EAAE,CAAC;YACrB,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,qBAAqB,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAC;QACnE,CAAC;QAED,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACxC,kFAAkF;YAClF,iFAAiF;YACjF,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,gEAAgE,CAAC,CAAC;YAC7G,MAAM,QAAQ,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;YAChD,MAAM,UAAU,GAAG,iBAAiB,CAAC,EAAE,QAAQ,EAAE,EAAE,iBAAiB,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;YACpF,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,mCAAmC;YACnC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,8DAA8D;IAC9D,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACnB,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;QAC5F,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iEAAiE,EAAE,CAAC,CAAC;IACrG,CAAC,CAAC,CAAC;IAEH,8DAA8D;IAC9D,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE;QACjD,IAAI,QAAQ,GAAG,aAAa,CAAC;QAC7B,IAAI,MAAM,CAAC,SAAS,IAAI,gBAAgB;YAAE,QAAQ,GAAG,mBAAmB,CAAC;aACpE,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,UAAU;YAAE,QAAQ,GAAG,iBAAiB,CAAC;aACtE,IAAI,MAAM,CAAC,OAAO;YAAE,QAAQ,GAAG,aAAa,MAAM,CAAC,OAAO,CAAC,MAAM,QAAQ,CAAC;aAC1E,IAAI,MAAM,CAAC,UAAU;YAAE,QAAQ,GAAG,MAAM,CAAC;QAE9C,MAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE;YACvC,IAAI,EAAE,GAAG,QAAQ,IAAI,IAAI,EAAE;YAC3B,MAAM,EAAE,UAAU,QAAQ,IAAI,IAAI,SAAS;YAC3C,GAAG,EAAE,UAAU,QAAQ,IAAI,IAAI,MAAM;YACrC,IAAI,EAAE,QAAQ;SACf,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,oFAAoF;IACpF,gDAAgD;IAChD,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;QACpD,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC9B,MAAM,CAAC,KAAK,CACV,QAAQ,IAAI,yHAAyH,EACrI,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CACzB,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;QACtF,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,uEAAuE;AAEvE;;;;GAIG;AACH,SAAS,sBAAsB,CAC7B,MAAoB;IAEpB,OAAO,KAAK,EAAE,KAAa,EAAE,EAAE;QAC7B,mEAAmE;QACnE,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,iDAAiD,CAAC,CAAC;QAE9F,qDAAqD;QACrD,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC/C,IAAI,WAAW,EAAE,CAAC;YAChB,qFAAqF;YACrF,MAAM,aAAa,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;YACzC,OAAO;gBACL,KAAK;gBACL,QAAQ,EAAE,WAAW,CAAC,QAAQ;gBAC9B,MAAM,EAAE,WAAW,CAAC,MAAM;gBAC1B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,aAAa;aACzD,CAAC;QACJ,CAAC;QAED,wCAAwC;QACxC,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACtB,IAAI,CAAC;gBACH,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,EAAE,CAAC;oBAC/B,MAAM,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;gBACpC,CAAC;gBACD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,EAAE,CAAC;oBAC/B,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;gBAChF,CAAC;gBACD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,KAAK,EAAE,UAAU,EAAE;oBAChE,MAAM,EAAE,MAAM,CAAC,UAAU;oBACzB,QAAQ,EAAE,MAAM,CAAC,YAAY;oBAC7B,cAAc,EAAE,CAAC,KAAK,CAAC;oBACvB,GAAG,CAAC,MAAM,CAAC,kBAAkB,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBAC5F,CAAC,CAAC;gBAEH,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;gBAEpF,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;gBAE1C,OAAO;oBACL,KAAK;oBACL,QAAQ,EAAG,OAAO,CAAC,GAAc,IAAK,OAAO,CAAC,GAAc,IAAI,WAAW;oBAC3E,MAAM;oBACN,SAAS,EAAE,OAAO,CAAC,GAAG;oBACtB,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;iBAC9C,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,4EAA4E;gBAC5E,IAAI,GAAG,YAAY,iBAAiB;oBAAE,MAAM,GAAG,CAAC;gBAChD,MAAM,IAAI,iBAAiB,CAAE,GAAa,CAAC,OAAO,IAAI,eAAe,CAAC,CAAC;YACzE,CAAC;QACH,CAAC;QAED,MAAM,IAAI,iBAAiB,CAAC,sCAAsC,CAAC,CAAC;IACtE,CAAC,CAAC;AACJ,CAAC;AAED,wEAAwE;AAExE;;;GAGG;AACH,KAAK,UAAU,kBAAkB,CAC/B,MAAoB;IAEpB,MAAM,QAAQ,CAAC,MAAM,CAAC,UAAW,CAAC,CAAC;IAEnC,OAAO,KAAK,EAAE,KAAa,EAAE,EAAE;QAC7B,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QACD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,KAAK,EAAE,UAAU,EAAE;YAChE,MAAM,EAAE,MAAM,CAAC,UAAU;YACzB,QAAQ,EAAE,MAAM,CAAC,YAAY;YAC7B,cAAc,EAAE,CAAC,KAAK,CAAC;YACvB,GAAG,CAAC,MAAM,CAAC,kBAAkB,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC5F,CAAC,CAAC;QAEH,MAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAE3E,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAE1C,OAAO;YACL,KAAK;YACL,QAAQ,EAAG,OAAO,CAAC,GAAc,IAAK,OAAO,CAAC,GAAc,IAAI,WAAW;YAC3E,MAAM;YACN,SAAS,EAAE,OAAO,CAAC,GAAG;YACtB,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;SAC9C,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED,uEAAuE;AAEvE,MAAM,YAAY,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;AAEpF;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAgC;IAChE,IAAI,SAA+B,CAAC;IAEpC,wCAAwC;IACxC,IAAI,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QACtC,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACnE,CAAC;IACD,6FAA6F;SACxF,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QACzC,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACjE,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACtC,SAAS,GAAI,OAAO,CAAC,GAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC7F,CAAC;IAED,oDAAoD;IACpD,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CACT,gEAAgE;YAC9D,8EAA8E,CACjF,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,CAAC;IAClB,CAAC;IAED,yBAAyB;IACzB,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAEnE,uEAAuE;IACvE,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,IAAI,CAAC,4EAA4E,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;QACzG,OAAO,CAAC,MAAM,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,YAAY,CAAC,QAAQ,CAAC,CAAC;AAChC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,QAAQ,CAAC,MAAc;IACpC,IAAI,UAAU,IAAI,UAAU;QAAE,OAAO;IAErC,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;QACpC,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,kCAAkC,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,GAAG,CAAC,CAAC;QAC1G,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;QACtD,MAAM,SAAS,GAAG,CAAC,MAAM,aAAa,CAAC,IAAI,EAAE,CAAyB,CAAC;QAEvE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,+CAA+C,OAAO,EAAE,CAAC,CAAC;QAC5E,CAAC;QAED,UAAU,GAAG,UAAU,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,IAAI,CAAC,uBAAuB,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC;IAChF,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,gCAAgC,EAAE;YAC7C,MAAM;YACN,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SACxD,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}

package/dist/server/mcp-rate-limit.d.ts

@@ -0,0 +1,69 @@
+/**
+ * Layer 2 — Per-user MCP tool-call rate limiter.
+ *
+ * Applied at the top of `handleToolCall` in `src/handlers/intent.ts`. Returns an MCP
+ * tool error (NOT HTTP 429) on denial so the LLM client surfaces it as a tool failure
+ * and the agent loop backs off correctly. Per-user token bucket keyed on the resolved
+ * user identity (userName / clientId / __anon__).
+ *
+ * Design choices:
+ * - Per-instance, in-memory only. Multi-instance attackers cost `limit × instances` —
+ *   acceptable trade-off, matches stateless-DCR philosophy from PR #212.
+ * - Stdio mode is exempt because there's no authInfo to key on; the caller is
+ *   responsible for skipping the consume in that case.
+ * - When `perMinute === 0`, the factory returns a stub whose `consume` resolves
+ *   immediately with `{ allowed: true }` — no allocation, no per-key bookkeeping.
+ *   This is the clean opt-out for single-user deployments.
+ * - Cost weighting per tool is intentionally deferred to v2 — every consume call is
+ *   one point. See ADR-0004 for the rationale.
+ */
+import type { AuthInfo } from '@modelcontextprotocol/sdk/server/auth/types.js';
+export type RateLimitDecision = {
+    allowed: true;
+} | {
+    allowed: false;
+    retryAfterMs: number;
+    limitPerMinute: number;
+};
+/**
+ * Resolve the per-user rate-limit key from an `AuthInfo`, walking the most-
+ * specific identity claims first so distinct users never share a quota when
+ * they share an auth client / application.
+ *
+ * Order, by descending specificity:
+ *   1. `extra.userName`        — XSUAA logon name (`securityContext.getLogonName()`)
+ *   2. `extra.email`           — XSUAA / OIDC email when populated
+ *   3. `extra.sub`             — OIDC subject claim (guaranteed unique per user within issuer)
+ *   4. `extra.preferred_username` — sometimes set on OIDC tokens
+ *   5. `clientId`              — last resort. Note for OIDC this is `azp`
+ *      (the app's client id), shared by all users of that app — so falling here
+ *      collapses them into one bucket. The earlier checks exist specifically
+ *      to avoid that. Acceptable only for the API-key path where the clientId
+ *      is `api-key:<profile>` and the operator has chosen the profile granularity.
+ *   6. `'__anon__'`            — token with no usable identity claim. Single
+ *      shared bucket for anonymous traffic. Operators should configure auth so
+ *      this branch is never reached in production.
+ *
+ * Why not just `sub`? Because XSUAA tokens don't put `sub` on `extra`; they put
+ * the SAP logon name on `extra.userName`. OIDC does the inverse. We accept both
+ * shapes rather than forcing every auth provider to align on one claim.
+ */
+export declare function resolveRateLimitUserKey(authInfo: AuthInfo | undefined): string;
+export interface McpRateLimiter {
+    /**
+     * Try to consume one point for `userKey`. Resolves `{ allowed: true }` when the
+     * bucket has tokens, `{ allowed: false, retryAfterMs, limitPerMinute }` when it
+     * doesn't. Never throws — internal RateLimiterRes rejection is caught here.
+     *
+     * `tool` is recorded for the audit event at the call site; it doesn't affect
+     * the bucket.
+     */
+    consume(userKey: string, tool: string): Promise<RateLimitDecision>;
+}
+/**
+ * Build a per-user MCP rate limiter.
+ *
+ * @param perMinute Per-user requests per minute. `0` returns a no-op stub.
+ */
+export declare function createMcpRateLimiter(perMinute: number): McpRateLimiter;
+//# sourceMappingURL=mcp-rate-limit.d.ts.map

package/dist/server/mcp-rate-limit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-rate-limit.d.ts","sourceRoot":"","sources":["../../src/server/mcp-rate-limit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gDAAgD,CAAC;AAG/E,MAAM,MAAM,iBAAiB,GAAG;IAAE,OAAO,EAAE,IAAI,CAAA;CAAE,GAAG;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,YAAY,EAAE,MAAM,CAAC;IAAC,cAAc,EAAE,MAAM,CAAA;CAAE,CAAC;AAErH;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,QAAQ,GAAG,SAAS,GAAG,MAAM,CAa9E;AAED,MAAM,WAAW,cAAc;IAC7B;;;;;;;OAOG;IACH,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;CACpE;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CAAC,SAAS,EAAE,MAAM,GAAG,cAAc,CAgCtE"}

package/dist/server/mcp-rate-limit.js

@@ -0,0 +1,92 @@
+/**
+ * Layer 2 — Per-user MCP tool-call rate limiter.
+ *
+ * Applied at the top of `handleToolCall` in `src/handlers/intent.ts`. Returns an MCP
+ * tool error (NOT HTTP 429) on denial so the LLM client surfaces it as a tool failure
+ * and the agent loop backs off correctly. Per-user token bucket keyed on the resolved
+ * user identity (userName / clientId / __anon__).
+ *
+ * Design choices:
+ * - Per-instance, in-memory only. Multi-instance attackers cost `limit × instances` —
+ *   acceptable trade-off, matches stateless-DCR philosophy from PR #212.
+ * - Stdio mode is exempt because there's no authInfo to key on; the caller is
+ *   responsible for skipping the consume in that case.
+ * - When `perMinute === 0`, the factory returns a stub whose `consume` resolves
+ *   immediately with `{ allowed: true }` — no allocation, no per-key bookkeeping.
+ *   This is the clean opt-out for single-user deployments.
+ * - Cost weighting per tool is intentionally deferred to v2 — every consume call is
+ *   one point. See ADR-0004 for the rationale.
+ */
+import { RateLimiterMemory, RateLimiterRes } from 'rate-limiter-flexible';
+/**
+ * Resolve the per-user rate-limit key from an `AuthInfo`, walking the most-
+ * specific identity claims first so distinct users never share a quota when
+ * they share an auth client / application.
+ *
+ * Order, by descending specificity:
+ *   1. `extra.userName`        — XSUAA logon name (`securityContext.getLogonName()`)
+ *   2. `extra.email`           — XSUAA / OIDC email when populated
+ *   3. `extra.sub`             — OIDC subject claim (guaranteed unique per user within issuer)
+ *   4. `extra.preferred_username` — sometimes set on OIDC tokens
+ *   5. `clientId`              — last resort. Note for OIDC this is `azp`
+ *      (the app's client id), shared by all users of that app — so falling here
+ *      collapses them into one bucket. The earlier checks exist specifically
+ *      to avoid that. Acceptable only for the API-key path where the clientId
+ *      is `api-key:<profile>` and the operator has chosen the profile granularity.
+ *   6. `'__anon__'`            — token with no usable identity claim. Single
+ *      shared bucket for anonymous traffic. Operators should configure auth so
+ *      this branch is never reached in production.
+ *
+ * Why not just `sub`? Because XSUAA tokens don't put `sub` on `extra`; they put
+ * the SAP logon name on `extra.userName`. OIDC does the inverse. We accept both
+ * shapes rather than forcing every auth provider to align on one claim.
+ */
+export function resolveRateLimitUserKey(authInfo) {
+    if (!authInfo)
+        return '__anon__';
+    const extra = (authInfo.extra ?? {});
+    const candidates = [extra.userName, extra.email, extra.sub, extra.preferred_username, authInfo.clientId];
+    for (const c of candidates) {
+        if (typeof c === 'string' && c.length > 0)
+            return c;
+    }
+    return '__anon__';
+}
+/**
+ * Build a per-user MCP rate limiter.
+ *
+ * @param perMinute Per-user requests per minute. `0` returns a no-op stub.
+ */
+export function createMcpRateLimiter(perMinute) {
+    if (perMinute === 0) {
+        return {
+            async consume(_userKey, _tool) {
+                return { allowed: true };
+            },
+        };
+    }
+    const limiter = new RateLimiterMemory({ points: perMinute, duration: 60 });
+    return {
+        async consume(userKey, _tool) {
+            try {
+                await limiter.consume(userKey, 1);
+                return { allowed: true };
+            }
+            catch (rejected) {
+                // RateLimiterRes is thrown on overflow; anything else is unexpected.
+                if (rejected instanceof RateLimiterRes) {
+                    return {
+                        allowed: false,
+                        retryAfterMs: rejected.msBeforeNext,
+                        limitPerMinute: perMinute,
+                    };
+                }
+                // Defensive: treat unexpected errors as "allowed" so a misbehaving limiter
+                // can never wedge legitimate traffic. The exception itself bubbles up via
+                // logging when the limiter is fixed; in the meantime users still get through.
+                return { allowed: true };
+            }
+        },
+    };
+}
+//# sourceMappingURL=mcp-rate-limit.js.map

package/dist/server/mcp-rate-limit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-rate-limit.js","sourceRoot":"","sources":["../../src/server/mcp-rate-limit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAI1E;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,uBAAuB,CAAC,QAA8B;IACpE,IAAI,CAAC,QAAQ;QAAE,OAAO,UAAU,CAAC;IACjC,MAAM,KAAK,GAAG,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAKlC,CAAC;IACF,MAAM,UAAU,GAAG,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,kBAAkB,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACzG,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAcD;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAAC,SAAiB;IACpD,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;QACpB,OAAO;YACL,KAAK,CAAC,OAAO,CAAC,QAAgB,EAAE,KAAa;gBAC3C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YAC3B,CAAC;SACF,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,iBAAiB,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;IAE3E,OAAO;QACL,KAAK,CAAC,OAAO,CAAC,OAAe,EAAE,KAAa;YAC1C,IAAI,CAAC;gBACH,MAAM,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;gBAClC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YAC3B,CAAC;YAAC,OAAO,QAAQ,EAAE,CAAC;gBAClB,qEAAqE;gBACrE,IAAI,QAAQ,YAAY,cAAc,EAAE,CAAC;oBACvC,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,YAAY,EAAE,QAAQ,CAAC,YAAY;wBACnC,cAAc,EAAE,SAAS;qBAC1B,CAAC;gBACJ,CAAC;gBACD,2EAA2E;gBAC3E,0EAA0E;gBAC1E,8EAA8E;gBAC9E,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YAC3B,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/server/server.d.ts

@@ -9,11 +9,13 @@
 import { Server } from '@modelcontextprotocol/sdk/server/index.js';
 import type { BTPConfig, BTPProxyConfig } from '../adt/btp.js';
 import type { AdtClientConfig } from '../adt/config.js';
+import { Semaphore } from '../adt/semaphore.js';
 import { CachingLayer } from '../cache/caching-layer.js';
 import { type ToolDefinition } from '../handlers/tools.js';
+import { type McpRateLimiter } from './mcp-rate-limit.js';
 import type { ServerConfig } from './types.js';
 /** ARC-1 version */
-export declare const VERSION = "0.9.5";
+export declare const VERSION = "0.9.6";
 /**
  * Filter tools by user scope + server deny list.
  *
@@ -27,7 +29,7 @@ export declare function logAuthSummary(config: ServerConfig): void;
 /** Build the base ADT client config (without per-user auth) */
 export declare function buildAdtConfig(config: ServerConfig, btpProxy?: BTPProxyConfig, bearerTokenProvider?: () => Promise<string>, opts?: {
     perUser?: boolean;
-}): Partial<AdtClientConfig>;
+}, adtSemaphore?: Semaphore): Partial<AdtClientConfig>;
 /**
  * Run a one-time feature probe against the SAP system using the shared/default client.
  * Returns a promise that resolves once probe results are stored in cachedFeatures.
@@ -36,7 +38,7 @@ export declare function buildAdtConfig(config: ServerConfig, btpProxy?: BTPProxy
  * source_code from users who might have authorization.  Without btpConfig, PP cannot
  * create per-user clients, so shared-client auth failures are definitive.
  */
-export declare function runStartupProbe(config: ServerConfig, btpProxy?: BTPProxyConfig, bearerTokenProvider?: () => Promise<string>, btpConfig?: BTPConfig): Promise<void>;
+export declare function runStartupProbe(config: ServerConfig, btpProxy?: BTPProxyConfig, bearerTokenProvider?: () => Promise<string>, btpConfig?: BTPConfig, adtSemaphore?: Semaphore): Promise<void>;
 export interface StartupAuthPreflightResult {
     status: 'ok' | 'failed' | 'inconclusive' | 'skipped';
     /** When true, shared-client SAP tool calls must be blocked to prevent repeated auth failures. */
@@ -58,7 +60,7 @@ export interface StartupAuthPreflightResult {
  * - 401/403 are blocking failures
  * - Network/other failures are inconclusive (non-blocking)
  */
-export declare function runStartupAuthPreflight(config: ServerConfig, btpProxy?: BTPProxyConfig, bearerTokenProvider?: () => Promise<string>): Promise<StartupAuthPreflightResult>;
+export declare function runStartupAuthPreflight(config: ServerConfig, btpProxy?: BTPProxyConfig, bearerTokenProvider?: () => Promise<string>, adtSemaphore?: Semaphore): Promise<StartupAuthPreflightResult>;
 export declare function formatStartupAuthPreflightToolError(preflight: StartupAuthPreflightResult): string;
 /**
  * Create the MCP server with registered tool handlers.
@@ -70,7 +72,7 @@ export declare function formatStartupAuthPreflightToolError(preflight: StartupAu
  * @param startupProbePromise Promise from runStartupProbe() — ListTools waits on this
  * @param startupAuthPreflightPromise Promise from runStartupAuthPreflight() — CallTool blocks on auth failure in shared mode
  */
-export declare function createServer(config: ServerConfig, btpProxy?: BTPProxyConfig, btpConfig?: BTPConfig, bearerTokenProvider?: () => Promise<string>, cachingLayer?: CachingLayer, startupProbePromise?: Promise<void>, startupAuthPreflightPromise?: Promise<StartupAuthPreflightResult>): Server;
+export declare function createServer(config: ServerConfig, btpProxy?: BTPProxyConfig, btpConfig?: BTPConfig, bearerTokenProvider?: () => Promise<string>, cachingLayer?: CachingLayer, startupProbePromise?: Promise<void>, startupAuthPreflightPromise?: Promise<StartupAuthPreflightResult>, adtSemaphore?: Semaphore, mcpRateLimiter?: McpRateLimiter): Server;
 /**
  * Create and start the MCP server.
  */

package/dist/server/server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/server/server.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AAGnE,OAAO,KAAK,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE/D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAMxD,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AASzD,OAAO,EAAsB,KAAK,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAK/E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE/C,oBAAoB;AACpB,eAAO,MAAM,OAAO,UAAU,CAAC;AAuD/B;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,cAAc,EAAE,EACvB,MAAM,EAAE,MAAM,EAAE,EAChB,WAAW,GAAE,MAAM,EAAO,GACzB,cAAc,EAAE,CA0BlB;AAED,wBAAgB,cAAc,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI,CAgCzD;AAED,+DAA+D;AAG/D,wBAAgB,cAAc,CAC5B,MAAM,EAAE,YAAY,EACpB,QAAQ,CAAC,EAAE,cAAc,EACzB,mBAAmB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,EAC3C,IAAI,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,GAC3B,OAAO,CAAC,eAAe,CAAC,CAkC1B;AAqFD;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,YAAY,EACpB,QAAQ,CAAC,EAAE,cAAc,EACzB,mBAAmB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,EAC3C,SAAS,CAAC,EAAE,SAAS,GACpB,OAAO,CAAC,IAAI,CAAC,CA8Cf;AAED,MAAM,WAAW,0BAA0B;IACzC,MAAM,EAAE,IAAI,GAAG,QAAQ,GAAG,cAAc,GAAG,SAAS,CAAC;IACrD,iGAAiG;IACjG,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;CAChB;AAqCD;;;;;;;;;;;GAWG;AACH,wBAAsB,uBAAuB,CAC3C,MAAM,EAAE,YAAY,EACpB,QAAQ,CAAC,EAAE,cAAc,EACzB,mBAAmB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,GAC1C,OAAO,CAAC,0BAA0B,CAAC,CAmDrC;AAED,wBAAgB,mCAAmC,CAAC,SAAS,EAAE,0BAA0B,GAAG,MAAM,CASjG;AAED;;;;;;;;;GASG;AACH,wBAAgB,YAAY,CAC1B,MAAM,EAAE,YAAY,EACpB,QAAQ,CAAC,EAAE,cAAc,EACzB,SAAS,CAAC,EAAE,SAAS,EACrB,mBAAmB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,EAC3C,YAAY,CAAC,EAAE,YAAY,EAC3B,mBAAmB,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC,EACnC,2BAA2B,CAAC,EAAE,OAAO,CAAC,0BAA0B,CAAC,GAChE,MAAM,CA4JR;AAoCD;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,YAAY,EACpB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,YAAY,EAAE,YAAY,CAAC,GAC1D,OAAO,CAAC,MAAM,CAAC,CA4QjB"}
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/server/server.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AAGnE,OAAO,KAAK,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE/D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAIxD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAGhD,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AASzD,OAAO,EAAsB,KAAK,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAI/E,OAAO,EAAwB,KAAK,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAEhF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE/C,oBAAoB;AACpB,eAAO,MAAM,OAAO,UAAU,CAAC;AAuD/B;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,cAAc,EAAE,EACvB,MAAM,EAAE,MAAM,EAAE,EAChB,WAAW,GAAE,MAAM,EAAO,GACzB,cAAc,EAAE,CA0BlB;AAED,wBAAgB,cAAc,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI,CAgCzD;AAED,+DAA+D;AAO/D,wBAAgB,cAAc,CAC5B,MAAM,EAAE,YAAY,EACpB,QAAQ,CAAC,EAAE,cAAc,EACzB,mBAAmB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,EAC3C,IAAI,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,EAC5B,YAAY,CAAC,EAAE,SAAS,GACvB,OAAO,CAAC,eAAe,CAAC,CAmC1B;AAsFD;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,YAAY,EACpB,QAAQ,CAAC,EAAE,cAAc,EACzB,mBAAmB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,EAC3C,SAAS,CAAC,EAAE,SAAS,EACrB,YAAY,CAAC,EAAE,SAAS,GACvB,OAAO,CAAC,IAAI,CAAC,CA8Cf;AAED,MAAM,WAAW,0BAA0B;IACzC,MAAM,EAAE,IAAI,GAAG,QAAQ,GAAG,cAAc,GAAG,SAAS,CAAC;IACrD,iGAAiG;IACjG,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;CAChB;AAqCD;;;;;;;;;;;GAWG;AACH,wBAAsB,uBAAuB,CAC3C,MAAM,EAAE,YAAY,EACpB,QAAQ,CAAC,EAAE,cAAc,EACzB,mBAAmB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,EAC3C,YAAY,CAAC,EAAE,SAAS,GACvB,OAAO,CAAC,0BAA0B,CAAC,CAmDrC;AAED,wBAAgB,mCAAmC,CAAC,SAAS,EAAE,0BAA0B,GAAG,MAAM,CASjG;AAED;;;;;;;;;GASG;AACH,wBAAgB,YAAY,CAC1B,MAAM,EAAE,YAAY,EACpB,QAAQ,CAAC,EAAE,cAAc,EACzB,SAAS,CAAC,EAAE,SAAS,EACrB,mBAAmB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,EAC3C,YAAY,CAAC,EAAE,YAAY,EAC3B,mBAAmB,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC,EACnC,2BAA2B,CAAC,EAAE,OAAO,CAAC,0BAA0B,CAAC,EACjE,YAAY,CAAC,EAAE,SAAS,EACxB,cAAc,CAAC,EAAE,cAAc,GAC9B,MAAM,CA+JR;AAoCD;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,YAAY,EACpB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,YAAY,EAAE,YAAY,CAAC,GAC1D,OAAO,CAAC,MAAM,CAAC,CAoSjB"}

package/dist/server/server.js

@@ -13,6 +13,7 @@ import { AdtClient } from '../adt/client.js';
 import { resolveCookies } from '../adt/cookies.js';
 import { AdtApiError } from '../adt/errors.js';
 import { deriveUserSafety, deriveUserSafetyFromProfile } from '../adt/safety.js';
+import { Semaphore } from '../adt/semaphore.js';
 import { getActionPolicy, hasRequiredScope } from '../authz/policy.js';
 import { CachingLayer } from '../cache/caching-layer.js';
 import { MemoryCache } from '../cache/memory.js';
@@ -21,9 +22,10 @@ import { getToolDefinitions } from '../handlers/tools.js';
 import { API_KEY_PROFILES } from './config.js';
 import { isActionDenied } from './deny-actions.js';
 import { initLogger, logger } from './logger.js';
+import { createMcpRateLimiter } from './mcp-rate-limit.js';
 import { FileSink } from './sinks/file.js';
 /** ARC-1 version */
-export const VERSION = '0.9.5'; // x-release-please-version
+export const VERSION = '0.9.6'; // x-release-please-version
 /**
  * Prune a tool's action OR type enum (or both) based on the user's scopes and
  * the server's denyActions list. Uses ACTION_POLICY as the single source of truth.
@@ -159,7 +161,11 @@ export function logAuthSummary(config) {
 /** Build the base ADT client config (without per-user auth) */
 // When perUser=true, strips shared credentials (username/password/cookies)
 // so per-user PP clients never inherit admin auth.
-export function buildAdtConfig(config, btpProxy, bearerTokenProvider, opts) {
+//
+// adtSemaphore (Layer 3): when provided, the constructed AdtClient shares this single
+// server-wide semaphore with every other client built from this server. This is what
+// makes ARC1_MAX_CONCURRENT a true server-wide cap rather than per-client.
+export function buildAdtConfig(config, btpProxy, bearerTokenProvider, opts, adtSemaphore) {
     const adtConfig = {
         baseUrl: config.url,
         client: config.client,
@@ -169,6 +175,7 @@ export function buildAdtConfig(config, btpProxy, bearerTokenProvider, opts) {
         btpProxy,
         bearerTokenProvider,
         maxConcurrent: config.maxConcurrent,
+        adtSemaphore,
         safety: {
             allowWrites: config.allowWrites,
             allowDataPreview: config.allowDataPreview,
@@ -203,7 +210,7 @@ export function buildAdtConfig(config, btpProxy, bearerTokenProvider, opts) {
  * The Cloud Connector uses this header to generate an X.509 cert
  * mapped to the SAP user via CERTRULE.
  */
-async function createPerUserClient(config, btpConfig, btpProxy, userJwt) {
+async function createPerUserClient(config, btpConfig, btpProxy, userJwt, adtSemaphore) {
     const { lookupDestinationWithUserToken } = await import('../adt/btp.js');
     // Use SAP_BTP_PP_DESTINATION if set, otherwise fall back to SAP_BTP_DESTINATION.
     // This enables a dual-destination approach:
@@ -222,7 +229,7 @@ async function createPerUserClient(config, btpConfig, btpProxy, userJwt) {
     const effectiveProxy = btpProxy && destination.CloudConnectorLocationId !== undefined
         ? { ...btpProxy, locationId: destination.CloudConnectorLocationId }
         : btpProxy;
-    const adtConfig = buildAdtConfig(config, effectiveProxy, undefined, { perUser: true });
+    const adtConfig = buildAdtConfig(config, effectiveProxy, undefined, { perUser: true }, adtSemaphore);
     // Override URL from destination (in case it differs from startup-resolved URL)
     adtConfig.baseUrl = destination.URL;
     // Set per-user auth for principal propagation.
@@ -273,8 +280,8 @@ async function createPerUserClient(config, btpConfig, btpProxy, userJwt) {
  * source_code from users who might have authorization.  Without btpConfig, PP cannot
  * create per-user clients, so shared-client auth failures are definitive.
  */
-export function runStartupProbe(config, btpProxy, bearerTokenProvider, btpConfig) {
-    const client = new AdtClient(buildAdtConfig(config, btpProxy, bearerTokenProvider));
+export function runStartupProbe(config, btpProxy, bearerTokenProvider, btpConfig, adtSemaphore) {
+    const client = new AdtClient(buildAdtConfig(config, btpProxy, bearerTokenProvider, undefined, adtSemaphore));
     return (async () => {
         try {
             const { defaultFeatureConfig } = await import('../adt/config.js');
@@ -358,7 +365,7 @@ function buildStartupAuthFailureReason(statusCode, config) {
  * - 401/403 are blocking failures
  * - Network/other failures are inconclusive (non-blocking)
  */
-export async function runStartupAuthPreflight(config, btpProxy, bearerTokenProvider) {
+export async function runStartupAuthPreflight(config, btpProxy, bearerTokenProvider, adtSemaphore) {
     const checkedAt = new Date().toISOString();
     const endpoint = STARTUP_AUTH_ENDPOINT;
     if (config.ppEnabled) {
@@ -372,7 +379,7 @@ export async function runStartupAuthPreflight(config, btpProxy, bearerTokenProvi
         return { status: 'skipped', blocking: false, endpoint, checkedAt, reason };
     }
     try {
-        const client = new AdtClient(buildAdtConfig(config, btpProxy, bearerTokenProvider));
+        const client = new AdtClient(buildAdtConfig(config, btpProxy, bearerTokenProvider, undefined, adtSemaphore));
         await client.http.get(endpoint);
         const reason = 'Startup auth preflight succeeded for shared SAP credentials.';
         logger.info(reason, { endpoint });
@@ -424,10 +431,12 @@ export function formatStartupAuthPreflightToolError(preflight) {
  * @param startupProbePromise Promise from runStartupProbe() — ListTools waits on this
  * @param startupAuthPreflightPromise Promise from runStartupAuthPreflight() — CallTool blocks on auth failure in shared mode
  */
-export function createServer(config, btpProxy, btpConfig, bearerTokenProvider, cachingLayer, startupProbePromise, startupAuthPreflightPromise) {
+export function createServer(config, btpProxy, btpConfig, bearerTokenProvider, cachingLayer, startupProbePromise, startupAuthPreflightPromise, adtSemaphore, mcpRateLimiter) {
     const server = new Server({ name: 'arc-1', version: VERSION }, { capabilities: { tools: {} } });
-    // Create default ADT client (shared, uses startup-time credentials or OAuth bearer)
-    const defaultClient = new AdtClient(buildAdtConfig(config, btpProxy, bearerTokenProvider));
+    // Create default ADT client (shared, uses startup-time credentials or OAuth bearer).
+    // Passes the shared server-wide semaphore so per-user PP clients (created at request
+    // time) share the same Layer 3 concurrency cap.
+    const defaultClient = new AdtClient(buildAdtConfig(config, btpProxy, bearerTokenProvider, undefined, adtSemaphore));
     // Cookie-auth preflight propagation: when startup preflight returned a non-blocking
     // 401 in SAP_COOKIE_FILE mode, the throwaway preflight client marked itself stale —
     // but the long-lived defaultClient was constructed independently with cookies read at
@@ -487,7 +496,7 @@ export function createServer(config, btpProxy, btpConfig, bearerTokenProvider, c
             const ppUser = (extra.authInfo?.extra?.userName ?? extra.authInfo?.clientId);
             const ppDest = process.env.SAP_BTP_PP_DESTINATION ?? process.env.SAP_BTP_DESTINATION ?? '';
             try {
-                client = await createPerUserClient(config, btpConfig, btpProxy, token);
+                client = await createPerUserClient(config, btpConfig, btpProxy, token, adtSemaphore);
                 isPerUserClient = true;
                 logger.emitAudit({
                     timestamp: new Date().toISOString(),
@@ -558,7 +567,7 @@ export function createServer(config, btpProxy, btpConfig, bearerTokenProvider, c
             effectiveClient = client.withSafety(effectiveSafety);
         }
         effectiveClient.http.setDiscoveryMap(getCachedDiscovery());
-        const result = await handleToolCall(effectiveClient, config, toolName, args, extra.authInfo, server, cachingLayer, isPerUserClient);
+        const result = await handleToolCall(effectiveClient, config, toolName, args, extra.authInfo, server, cachingLayer, isPerUserClient, mcpRateLimiter);
         return { ...result };
     });
     return server;
@@ -705,6 +714,22 @@ export async function createAndStartServer(config, sources) {
             ppEnabled: config.ppEnabled,
         });
     }
+    // ─── Layer 3: shared SAP-bound Semaphore (server-wide cap) ────────
+    // One Semaphore for the whole process. Threaded into the shared startup client AND
+    // every per-user PP client built at request time, so ARC1_MAX_CONCURRENT is a true
+    // server-wide ceiling rather than a per-client one (the latter would multiply the cap
+    // by the number of active PP users — see ADR-0004).
+    const adtSemaphore = new Semaphore(config.maxConcurrent);
+    logger.info('SAP semaphore', { maxConcurrent: config.maxConcurrent, scope: 'server-wide' });
+    // ─── Layer 2: per-user MCP tool-call rate limiter ─────────────────
+    // Applied inside handleToolCall. Stdio (no authInfo) is exempt — there's no user
+    // identity to key on. When rateLimit=0 the factory returns a no-op stub.
+    // See docs_page/rate-limiting.md.
+    const mcpRateLimiter = createMcpRateLimiter(config.rateLimit);
+    logger.info('MCP rate limiting', {
+        perMinute: config.rateLimit,
+        disabled: config.rateLimit === 0,
+    });
     // ─── Cache Setup ───────────────────────────────────────────────────
     const cachingLayer = await createCachingLayer(config);
     if (cachingLayer) {
@@ -720,7 +745,7 @@ export async function createAndStartServer(config, sources) {
     if (config.cacheWarmup && cachingLayer && config.url) {
         try {
             const { runWarmup } = await import('../cache/warmup.js');
-            const warmupClient = new AdtClient(buildAdtConfig(config, btpProxy, bearerTokenProvider));
+            const warmupClient = new AdtClient(buildAdtConfig(config, btpProxy, bearerTokenProvider, undefined, adtSemaphore));
             const result = await runWarmup(warmupClient, cachingLayer, config.cacheWarmupPackages || undefined, config.systemType);
             logger.info('Cache warmup completed', {
                 objects: result.totalObjects,
@@ -740,7 +765,7 @@ export async function createAndStartServer(config, sources) {
     // Run feature probe once at startup — shared across all requests (stdio and HTTP).
     // First run startup auth preflight in shared mode. If it blocks (401/403), skip feature probe
     // to avoid firing many failing requests with invalid technical credentials.
-    const startupAuthPreflightPromise = runStartupAuthPreflight(config, btpProxy, bearerTokenProvider);
+    const startupAuthPreflightPromise = runStartupAuthPreflight(config, btpProxy, bearerTokenProvider, adtSemaphore);
     const startupProbePromise = (async () => {
         const authPreflight = await startupAuthPreflightPromise;
         if (authPreflight.blocking) {
@@ -748,9 +773,9 @@ export async function createAndStartServer(config, sources) {
             setCachedDiscovery(new Map());
             return;
         }
-        await runStartupProbe(config, btpProxy, bearerTokenProvider, btpConfig);
+        await runStartupProbe(config, btpProxy, bearerTokenProvider, btpConfig, adtSemaphore);
     })();
-    const server = createServer(config, btpProxy, btpConfig, bearerTokenProvider, cachingLayer, startupProbePromise, startupAuthPreflightPromise);
+    const server = createServer(config, btpProxy, btpConfig, bearerTokenProvider, cachingLayer, startupProbePromise, startupAuthPreflightPromise, adtSemaphore, mcpRateLimiter);
     // Shutdown hook for SQLite cache cleanup (guard against double-close from multiple signals).
     // IMPORTANT: registering a SIGINT/SIGTERM listener suppresses Node's default exit behavior,
     // so we must call process.exit() explicitly after cleanup — otherwise Ctrl+C hangs the process.
@@ -820,7 +845,7 @@ export async function createAndStartServer(config, sources) {
             }
         }
         const { startHttpServer } = await import('./http.js');
-        await startHttpServer(() => createServer(config, btpProxy, btpConfig, bearerTokenProvider, cachingLayer, startupProbePromise, startupAuthPreflightPromise), config, xsuaaCredentials);
+        await startHttpServer(() => createServer(config, btpProxy, btpConfig, bearerTokenProvider, cachingLayer, startupProbePromise, startupAuthPreflightPromise, adtSemaphore, mcpRateLimiter), config, xsuaaCredentials);
     }
     return server;
 }