arc-1 0.9.7 → 0.9.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (58) hide show
  1. package/dist/adt/client.d.ts +28 -1
  2. package/dist/adt/client.d.ts.map +1 -1
  3. package/dist/adt/client.js +75 -2
  4. package/dist/adt/client.js.map +1 -1
  5. package/dist/adt/ddic-xml.d.ts +18 -0
  6. package/dist/adt/ddic-xml.d.ts.map +1 -1
  7. package/dist/adt/ddic-xml.js +21 -4
  8. package/dist/adt/ddic-xml.js.map +1 -1
  9. package/dist/adt/devtools.d.ts.map +1 -1
  10. package/dist/adt/devtools.js +29 -13
  11. package/dist/adt/devtools.js.map +1 -1
  12. package/dist/adt/http.d.ts +4 -0
  13. package/dist/adt/http.d.ts.map +1 -1
  14. package/dist/adt/http.js +8 -0
  15. package/dist/adt/http.js.map +1 -1
  16. package/dist/adt/transport.d.ts +75 -2
  17. package/dist/adt/transport.d.ts.map +1 -1
  18. package/dist/adt/transport.js +148 -2
  19. package/dist/adt/transport.js.map +1 -1
  20. package/dist/adt/types.d.ts +20 -0
  21. package/dist/adt/types.d.ts.map +1 -1
  22. package/dist/adt/xml-parser.d.ts +11 -5
  23. package/dist/adt/xml-parser.d.ts.map +1 -1
  24. package/dist/adt/xml-parser.js +25 -10
  25. package/dist/adt/xml-parser.js.map +1 -1
  26. package/dist/authz/policy.d.ts.map +1 -1
  27. package/dist/authz/policy.js +2 -0
  28. package/dist/authz/policy.js.map +1 -1
  29. package/dist/handlers/intent.d.ts +1 -1
  30. package/dist/handlers/intent.d.ts.map +1 -1
  31. package/dist/handlers/intent.js +166 -36
  32. package/dist/handlers/intent.js.map +1 -1
  33. package/dist/handlers/schemas.d.ts +4 -0
  34. package/dist/handlers/schemas.d.ts.map +1 -1
  35. package/dist/handlers/schemas.js +15 -1
  36. package/dist/handlers/schemas.js.map +1 -1
  37. package/dist/handlers/tools.d.ts.map +1 -1
  38. package/dist/handlers/tools.js +14 -4
  39. package/dist/handlers/tools.js.map +1 -1
  40. package/dist/server/auth-rate-limit.d.ts +2 -0
  41. package/dist/server/auth-rate-limit.d.ts.map +1 -1
  42. package/dist/server/auth-rate-limit.js +9 -2
  43. package/dist/server/auth-rate-limit.js.map +1 -1
  44. package/dist/server/http.d.ts +18 -0
  45. package/dist/server/http.d.ts.map +1 -1
  46. package/dist/server/http.js +182 -4
  47. package/dist/server/http.js.map +1 -1
  48. package/dist/server/oauth-state.d.ts +90 -0
  49. package/dist/server/oauth-state.d.ts.map +1 -0
  50. package/dist/server/oauth-state.js +160 -0
  51. package/dist/server/oauth-state.js.map +1 -0
  52. package/dist/server/server.d.ts +1 -1
  53. package/dist/server/server.js +1 -1
  54. package/dist/server/xsuaa.d.ts +24 -0
  55. package/dist/server/xsuaa.d.ts.map +1 -1
  56. package/dist/server/xsuaa.js +74 -25
  57. package/dist/server/xsuaa.js.map +1 -1
  58. package/package.json +10 -10
package/dist/server/http.js CHANGED
@@ -32,6 +32,148 @@ import { expandScopes } from '../authz/policy.js';
32
32
  import { API_KEY_PROFILES } from './config.js';
33
33
  import { logger } from './logger.js';
34
34
  import { VERSION } from './server.js';
35
+ // ─── OAuth Callback Proxy Handler (issue #214) ───────────────────────
36
+ /**
37
+ * Minimal HTML-escape for embedding untrusted text (e.g. an OAuth
38
+ * `error_description` from the query string) into the error page below.
39
+ */
40
+ function escapeHtml(value) {
41
+ return value
42
+ .replace(/&/g, '&')
43
+ .replace(/</g, '&lt;')
44
+ .replace(/>/g, '&gt;')
45
+ .replace(/"/g, '&quot;')
46
+ .replace(/'/g, '&#39;');
47
+ }
48
+ /**
49
+ * Is this a loopback HTTP redirect URI (`http://localhost|127.0.0.1|[::1]`)?
50
+ * Such callbacks are ephemeral local listeners that native MCP clients (GitHub
51
+ * Copilot, MCP Inspector) tear down on failure — so on an OAuth error we render
52
+ * a self-hosted page for them rather than 302-ing to a dead port. Hosted HTTPS
53
+ * callbacks (claude.ai, Copilot Studio) and custom-scheme app callbacks
54
+ * (`vscode:`, `cursor:`) are live and expect the spec error redirect, so they
55
+ * keep getting it.
56
+ */
57
+ function isLoopbackHttpRedirect(url) {
58
+ if (url.protocol !== 'http:')
59
+ return false;
60
+ const host = url.hostname.toLowerCase();
61
+ return host === 'localhost' || host === '127.0.0.1' || host === '::1' || host === '[::1]';
62
+ }
63
+ /**
64
+ * Render a self-hosted OAuth error page for `/oauth/callback`. Surfaces the
65
+ * IdP's error to the human (loopback MCP clients usually can't — they close
66
+ * their listener on failure) with an actionable hint for the most common case,
67
+ * `invalid_scope` (authenticated but no granted scopes → an admin must assign an
68
+ * ARC-1 role collection under the user's login IdP). `clientReturnUrl` carries
69
+ * the error + original state for the rare client still listening.
70
+ */
71
+ function renderOAuthErrorPage(error, errorDescription, clientReturnUrl) {
72
+ const hint = error === 'invalid_scope'
73
+ ? 'You are signed in, but your user is not granted any ARC-1 scopes. An administrator must assign you an ARC-1 role collection (for example "ARC-1 Admin") under the identity provider you sign in with — see the ARC-1 authorization docs.'
74
+ : 'Retry the sign-in from your MCP client. If it keeps failing, share this error with your ARC-1 administrator.';
75
+ const descBlock = errorDescription ? `<p><code>${escapeHtml(errorDescription)}</code></p>` : '';
76
+ return ('<!doctype html><html><head><meta charset="utf-8"><title>ARC-1 sign-in failed</title></head>' +
77
+ '<body style="font-family:sans-serif;max-width:42rem;margin:3rem auto;padding:0 1rem;line-height:1.5">' +
78
+ '<h1>ARC-1 sign-in failed</h1>' +
79
+ `<p><strong>Error:</strong> <code>${escapeHtml(error)}</code></p>` +
80
+ descBlock +
81
+ `<p>${escapeHtml(hint)}</p>` +
82
+ `<p><a href="${escapeHtml(clientReturnUrl)}">Return to your application</a></p>` +
83
+ '</body></html>');
84
+ }
85
+ /**
86
+ * Express handler for ARC-1's `/oauth/callback`, the second half of the
87
+ * XSUAA callback proxy that fixes the `+`-in-state bug (issue #214).
88
+ *
89
+ * XSUAA redirects here (not to the client) with an opaque base64url `state`
90
+ * token that ARC-1's `authorize()` minted. We verify + decode it to recover
91
+ * the client's ORIGINAL `redirect_uri` and `state`, then 302 to the client
92
+ * re-emitting the state via `URL.searchParams` — whose serializer encodes a
93
+ * literal `+` as `%2B`, exactly the encoding the client's parser expects.
94
+ *
95
+ * Removal condition + upstream tracking (XSUAA root cause, arc-1#214,
96
+ * vscode#314715) are documented at the top of `oauth-state.ts`.
97
+ *
98
+ * Exported for unit tests; mounted in `startHttpServer`.
99
+ */
100
+ export function createOAuthCallbackHandler(stateCodec) {
101
+ return (req, res) => {
102
+ const stateToken = typeof req.query.state === 'string' ? req.query.state : '';
103
+ const decoded = stateCodec.decode(stateToken);
104
+ if (decoded.kind !== 'ok') {
105
+ logger.warn('OAuth callback: invalid state token', { reason: decoded.reason });
106
+ // We cannot safely redirect anywhere — the client redirect_uri lives
107
+ // inside the (unverified) token. Return a terminal error page.
108
+ res
109
+ .status(400)
110
+ .type('html')
111
+ .send('<!doctype html><html><body style="font-family:sans-serif;padding:2rem">' +
112
+ '<h1>Authentication failed</h1>' +
113
+ '<p>The OAuth state token was invalid or expired. Please retry the sign-in from your MCP client.</p>' +
114
+ '</body></html>');
115
+ return;
116
+ }
117
+ let target;
118
+ try {
119
+ target = new URL(decoded.clientRedirectUri);
120
+ }
121
+ catch {
122
+ logger.warn('OAuth callback: stored redirect_uri is not a valid URL');
123
+ res.status(400).type('html').send('<!doctype html><html><body>Invalid redirect target.</body></html>');
124
+ return;
125
+ }
126
+ // On error there is no auth code. Forward the error to the client per the
127
+ // OAuth spec — EXCEPT for loopback HTTP callbacks. Native MCP clients
128
+ // (GitHub Copilot, MCP Inspector, …) tear down their ephemeral localhost
129
+ // listener the instant the flow fails, so a 302 there lands on a dead port
130
+ // and the user sees a blank ERR_CONNECTION_REFUSED with no clue why. For
131
+ // those we render a self-hosted page that surfaces the real reason (e.g.
132
+ // invalid_scope → missing role collection), with a best-effort link back.
133
+ // Hosted HTTPS callbacks (claude.ai, Copilot Studio) and custom-scheme app
134
+ // callbacks (vscode:, cursor:) are live and expect the redirect, so they
135
+ // keep getting it.
136
+ const error = typeof req.query.error === 'string' ? req.query.error : undefined;
137
+ if (error) {
138
+ const errorDescription = typeof req.query.error_description === 'string' ? req.query.error_description : '';
139
+ if (decoded.clientState !== undefined)
140
+ target.searchParams.set('state', decoded.clientState);
141
+ target.searchParams.set('error', error);
142
+ if (errorDescription)
143
+ target.searchParams.set('error_description', errorDescription);
144
+ const loopback = isLoopbackHttpRedirect(target);
145
+ logger.warn('OAuth callback: identity provider returned an error', {
146
+ error,
147
+ errorDescriptionPreview: errorDescription.slice(0, 200),
148
+ clientRedirectUriHost: target.host,
149
+ loopback,
150
+ });
151
+ if (loopback) {
152
+ res
153
+ .status(400)
154
+ .type('html')
155
+ .send(renderOAuthErrorPage(error, errorDescription, target.toString()));
156
+ }
157
+ else {
158
+ res.redirect(302, target.toString());
159
+ }
160
+ return;
161
+ }
162
+ // Success: forward the authorization code, re-attaching the client's
163
+ // ORIGINAL state. URLSearchParams serialization encodes `+` as `%2B`, which
164
+ // is exactly what fixes the round-trip (issue #214).
165
+ const code = typeof req.query.code === 'string' ? req.query.code : '';
166
+ target.searchParams.set('code', code);
167
+ if (decoded.clientState !== undefined) {
168
+ target.searchParams.set('state', decoded.clientState);
169
+ }
170
+ logger.debug('OAuth callback: redirecting to client', {
171
+ clientRedirectUriHost: target.host,
172
+ hasState: decoded.clientState !== undefined,
173
+ });
174
+ res.redirect(302, target.toString());
175
+ };
176
+ }
35
177
  // ─── API Key Matching Helper ─────────────────────────────────────────
36
178
  /**
37
179
  * Match a token against configured API keys (multi-key with profiles).
@@ -237,10 +379,23 @@ export async function startHttpServer(serverFactory, config, xsuaaCredentials) {
237
379
  const { getAppUrl } = await import('../adt/btp.js');
238
380
  // Determine app URL for OAuth metadata
239
381
  const appUrl = getAppUrl() ?? `http://${bindHost}:${port}`;
382
+ // Compute the prefix-aware public base once, up front — it's needed both
383
+ // for the callback URL (below) and the metadata override (further down).
384
+ // When ARC-1 is fronted by SAP API Management with a base path (e.g.
385
+ // /arc1), endpoints must be advertised at that prefix even though the
386
+ // Express routes live at the root (the proxy strips the prefix).
387
+ const oauthParsedAppUrl = new URL(appUrl);
388
+ const oauthBasePath = oauthParsedAppUrl.pathname.replace(/\/$/, ''); // '' for root, '/arc1' otherwise
389
+ const oauthFullBase = `${oauthParsedAppUrl.origin}${oauthBasePath}`;
390
+ // ARC-1's own OAuth callback (issue #214 callback proxy). Public, prefix-aware
391
+ // URL sent to XSUAA as redirect_uri; the Express route is mounted at the root
392
+ // `/oauth/callback` below since the proxy strips the prefix before forwarding.
393
+ const oauthCallbackUrl = `${oauthFullBase}/oauth/callback`;
240
394
  // Create XSUAA provider + chained verifier
241
- const { provider, clientStore } = createXsuaaOAuthProvider(xsuaaCredentials, appUrl, {
395
+ const { provider, clientStore, stateCodec } = createXsuaaOAuthProvider(xsuaaCredentials, appUrl, {
242
396
  dcrTtlSeconds: config.oauthDcrTtlSeconds,
243
397
  dcrSigningSecret: config.dcrSigningSecret,
398
+ callbackUrl: oauthCallbackUrl,
244
399
  });
245
400
  const xsuaaVerifier = createXsuaaTokenVerifier(xsuaaCredentials);
246
401
  const oidcVerifier = config.oidcIssuer ? await createOidcVerifier(config) : undefined;
@@ -287,6 +442,9 @@ export async function startHttpServer(serverFactory, config, xsuaaCredentials) {
287
442
  app.use('/authorize', createAuthRateLimiter('/mcp', mcpRatePerMinute, { skip: (req) => !isCopilotJsonRpc(req) }));
288
443
  app.use('/token', createAuthRateLimiter('/token', config.authRateLimit));
289
444
  app.use('/revoke', createAuthRateLimiter('/revoke', config.authRateLimit));
445
+ // /oauth/callback is unauthenticated and does an HMAC verify per hit —
446
+ // rate-limit it like the other OAuth endpoints to gate token-probing.
447
+ app.use('/oauth/callback', createAuthRateLimiter('/oauth/callback', config.authRateLimit));
290
448
  }
291
449
  // ─── OAuth authorize normalization + Copilot Studio MCP workaround ──
292
450
  // Copilot Studio sends MCP JSON-RPC requests to /authorize instead of
@@ -344,6 +502,26 @@ export async function startHttpServer(serverFactory, config, xsuaaCredentials) {
344
502
  }
345
503
  next();
346
504
  });
505
+ // ─── OAuth callback proxy (issue #214) ─────────────────────────
506
+ // XSUAA echoes a literal `+` (not `%2B`) in the `state` it appends to the
507
+ // redirect URL. base64 `state` values (e.g. VS Code's
508
+ // `randomBytes(16).toString('base64')`) contain `+` ~50% of the time; the
509
+ // receiving client parses the callback query with form-urlencoded
510
+ // semantics (`+`→space), so the round-tripped `state` no longer matches
511
+ // and login fails with "State does not match".
512
+ //
513
+ // ARC-1 cannot change what XSUAA emits, so the provider's authorize()
514
+ // sends XSUAA ARC-1's own /oauth/callback + an opaque base64url state
515
+ // token (immune to the `+` bug). XSUAA redirects HERE; we decode the token
516
+ // to recover the client's ORIGINAL redirect_uri + state, then redirect to
517
+ // the client re-emitting the state via URLSearchParams, which encodes `+`
518
+ // as `%2B` so the client parses it back correctly.
519
+ //
520
+ // Mounted at the root path; the public (prefix-aware) form was sent to
521
+ // XSUAA as oauthCallbackUrl. A strip-prefix proxy maps the public path
522
+ // back to this root route. Handler is extracted (exported) so the
523
+ // state-round-trip contract is unit-testable without a live XSUAA.
524
+ app.get('/oauth/callback', createOAuthCallbackHandler(stateCodec));
347
525
  // ─── Path-prefix-aware OAuth metadata override ────────────────
348
526
  // The MCP SDK's `mcpAuthRouter` builds endpoint URLs with
349
527
  // `new URL("/authorize", baseUrl).href`, which strips any path component
@@ -358,9 +536,9 @@ export async function startHttpServer(serverFactory, config, xsuaaCredentials) {
358
536
  // endpoints (/authorize, /token, /register, /revoke) stay at the root of
359
537
  // arc-1's Express app — the proxy strips its base path before forwarding,
360
538
  // so they resolve correctly without further changes.
361
- const parsedAppUrl = new URL(appUrl);
362
- const basePath = parsedAppUrl.pathname.replace(/\/$/, ''); // '' for root, '/arc1' otherwise
363
- const fullBase = `${parsedAppUrl.origin}${basePath}`; // 'https://api/arc1' or 'https://api'
539
+ // Reuse the prefix-aware base computed once near the top of this block.
540
+ const basePath = oauthBasePath;
541
+ const fullBase = oauthFullBase;
364
542
  const scopesSupported = ['read', 'write', 'data', 'sql', 'transports', 'git', 'admin'];
365
543
  if (basePath) {
366
544
  const customAuthMetadata = {
package/dist/server/http.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"http.js","sourceRoot":"","sources":["../../src/server/http.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAGH,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AACnG,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAItC,wEAAwE;AAExE;;;GAGG;AACH,SAAS,WAAW,CAClB,KAAa,EACb,MAAoB;IAEpB,8FAA8F;IAC9F,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnC,IAAI,KAAK,KAAK,KAAK,CAAC,GAAG,EAAE,CAAC;gBACxB,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAChD,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,4DAA4D;oBAC5D,OAAO,SAAS,CAAC;gBACnB,CAAC;gBACD,MAAM,MAAM,GAAG,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBAC5C,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;YAClF,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,wEAAwE;AAExE,IAAI,UAAU,GAAiC,IAAI,CAAC;AACpD,IAAI,UAAU,GAAgE,IAAI,CAAC;AAEnF,wEAAwE;AAExE;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,uBAAuB,CAAC,GAAwB,EAAE,cAAwB;IACxF,MAAM,cAAc,GAAG,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC;IACjD,GAAG,CAAC,GAAG,CACL,MAAM,CAAC;QACL,0EAA0E;QAC1E,qDAAqD;QACrD,uBAAuB,EAAE,KAAK;QAC9B,yBAAyB,EAAE,cAAc,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,cAAuB,EAAE,CAAC,CAAC,CAAC,SAAS;QAC3F,yEAAyE;QACzE,kEAAkE;QAClE,wEAAwE;QACxE,2CAA2C;QAC3C,qBAAqB,EAAE,cAAc;YACnC,CAAC,CAAC;gBACE,WAAW,EAAE,IAAI;gBACjB,UAAU,EAAE;oBACV,WAAW,EAAE,CAAC,QAAQ,EAAE,iBAAiB,CAAC;iBAC3C;aACF;YACH,CAAC,CAAC,SAAS;KACd,CAAC,CACH,CAAC;IAEF,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,CAAC;QACxC,GAAG,CAAC,GAAG,CACL,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE;gBAC3B,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,kEAAkE;oBAClE,6CAA6C;oBAC7C,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;oBACtB,OAAO;gBACT,CAAC;gBACD,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;YACtC,CAAC;YACD,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,CAAC;YAC7C,cAAc,EAAE,CAAC,cAAc,EAAE,eAAe,EAAE,gBAAgB,CAAC;YACnE,cAAc,EAAE,CAAC,gBAAgB,CAAC;YAClC,WAAW,EAAE,IAAI;SAClB,CAAC,CACH,CAAC;QACF,mEAAmE;QACnE,wEAAwE;QACxE,0EAA0E;QAC1E,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;YAC1B,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC;YAClC,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC5E,MAAM,CAAC,SAAS,CAAC;oBACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACnC,KAAK,EAAE,MAAM;oBACb,KAAK,EAAE,eAAe;oBACtB,MAAM;oBACN,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,IAAI,EAAE,GAAG,CAAC,IAAI;iBACf,CAAC,CAAC;YACL,CAAC;YACD,IAAI,EAAE,CAAC;QACT,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC;AAED,wEAAwE;AAExE;;;GAGG;AACH,SAAS,gBAAgB,CAAC,aAA8B;IACtD,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QAC3C,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE;YAClC,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;YACxC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI;YACnB,UAAU,EAAE,GAAG,CAAC,IAAI,EAAE,MAAM;YAC5B,MAAM,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE;SACrB,CAAC,CAAC;QACH,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC;gBAClD,kBAAkB,EAAE,SAAS,EAAE,iBAAiB;aACjD,CAAC,CAAC;YACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAChC,8DAA8D;YAC9D,uEAAuE;YACvE,qEAAqE;YACrE,kEAAkE;YAClE,qEAAqE;YACrE,oDAAoD;YACpD,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC/F,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,aAA8B,EAC9B,MAAoB,EACpB,gBAAmC;IAEnC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,IAAI,IAAI,SAAS,CAAC;IAEnC,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;IACtB,oEAAoE;IACpE,6DAA6D;IAC7D,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;IAE1B,uBAAuB,CAAC,GAAG,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;IAEpD,wEAAwE;IACxE,oFAAoF;IACpF,qFAAqF;IACrF,uFAAuF;IACvF,2FAA2F;IAC3F,yDAAyD;IACzD,EAAE;IACF,mFAAmF;IACnF,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;IACzF,MAAM,gBAAgB,GAAG,MAAM,CAAC,aAAa,GAAG,CAAC,CAAC;IAClD,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,aAAa,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACzF,MAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE;QAChC,SAAS,EAAE,MAAM,CAAC,aAAa;QAC/B,YAAY,EAAE,gBAAgB;QAC9B,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE;QAC3F,QAAQ,EAAE,CAAC,gBAAgB;KAC5B,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IACxB,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IACjD,MAAM,UAAU,GAAG,gBAAgB,CAAC,aAAa,CAAC,CAAC;IAEnD,+DAA+D;IAC/D,2DAA2D;IAC3D,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;QAC1B,MAAM,CAAC,KAAK,CAAC,cAAc,EAAE;YAC3B,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;YACxC,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAClD,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa;YACpC,EAAE,EAAE,GAAG,CAAC,EAAE;SACX,CAAC,CAAC;QACH,IAAI,EAAE,CAAC;IACT,CAAC,CAAC,CAAC;IAEH,4DAA4D;IAC5D,2EAA2E;IAC3E,gFAAgF;IAChF,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QAC/B,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAC5E,CAAC,CAAC,CAAC;IAEH,4DAA4D;IAC5D,IAAI,MAAM,CAAC,SAAS,IAAI,gBAAgB,EAAE,CAAC;QACzC,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,iDAAiD,CAAC,CAAC;QAC1F,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,gEAAgE,CAAC,CAAC;QAC7G,MAAM,EAAE,wBAAwB,EAAE,0BAA0B,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CACrG,YAAY,CACb,CAAC;QACF,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC;QAEpD,uCAAuC;QACvC,MAAM,MAAM,GAAG,SAAS,EAAE,IAAI,UAAU,QAAQ,IAAI,IAAI,EAAE,CAAC;QAE3D,2CAA2C;QAC3C,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,wBAAwB,CAAC,gBAAgB,EAAE,MAAM,EAAE;YACnF,aAAa,EAAE,MAAM,CAAC,kBAAkB;YACxC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC1C,CAAC,CAAC;QACH,MAAM,aAAa,GAAG,wBAAwB,CAAC,gBAAgB,CAAC,CAAC;QACjE,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACtF,MAAM,eAAe,GAAG,0BAA0B,CAAC,MAAM,EAAE,aAAa,EAAE,YAAY,CAAC,CAAC;QAExF,uFAAuF;QACvF,yFAAyF;QACzF,MAAM,mBAAmB,GAAG,GAAG,MAAM,2CAA2C,CAAC;QACjF,MAAM,UAAU,GAAG,iBAAiB,CAAC;YACnC,QAAQ,EAAE,EAAE,iBAAiB,EAAE,eAAe,EAAE;YAChD,mBAAmB;SACpB,CAAC,CAAC;QAEH,uEAAuE;QACvE,gFAAgF;QAChF,+EAA+E;QAC/E,8EAA8E;QAC9E,mDAAmD;QACnD,EAAE;QACF,+EAA+E;QAC/E,qEAAqE;QACrE,6EAA6E;QAC7E,yEAAyE;QACzE,6DAA6D;QAC7D,EAAE;QACF,8EAA8E;QAC9E,4EAA4E;QAC5E,wDAAwD;QACxD,2EAA2E;QAC3E,iFAAiF;QACjF,4EAA4E;QAC5E,6EAA6E;QAC7E,6DAA6D;QAC7D,EAAE;QACF,yEAAyE;QACzE,sEAAsE;QACtE,wEAAwE;QACxE,yEAAyE;QACzE,0EAA0E;QAC1E,kEAAkE;QAClE,IAAI,gBAAgB,EAAE,CAAC;YACrB,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,qBAAqB,CAAC,WAAW,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC;YAC/E,wEAAwE;YACxE,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,qBAAqB,CAAC,YAAY,EAAE,MAAM,CAAC,aAAa,EAAE,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC,CAAC,CAAC;YAC7G,mFAAmF;YACnF,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,qBAAqB,CAAC,MAAM,EAAE,gBAAgB,EAAE,EAAE,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YAClH,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,QAAQ,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC;YACzE,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,qBAAqB,CAAC,SAAS,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC;QAC7E,CAAC;QAED,uEAAuE;QACvE,sEAAsE;QACtE,uEAAuE;QACvE,wEAAwE;QACxE,iDAAiD;QACjD,EAAE;QACF,sEAAsE;QACtE,mEAAmE;QACnE,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YACvC,uEAAuE;YACvE,sEAAsE;YACtE,qEAAqE;YACrE,mEAAmE;YACnE,IAAI,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,MAAM,CAAC,IAAI,CAAC,oDAAoD,EAAE;oBAChE,SAAS,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM;oBAC1B,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE;oBACf,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;iBACnD,CAAC,CAAC;gBACH,qEAAqE;gBACrE,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,GAAa,EAAE,EAAE;oBACrC,IAAI,GAAG,EAAE,CAAC;wBACR,IAAI,CAAC,GAAG,CAAC,CAAC;wBACV,OAAO;oBACT,CAAC;oBACD,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;gBACvB,CAAC,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;gBACtC,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;gBACxC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI;gBACnB,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE;gBAC/C,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;aAClC,CAAC,CAAC;YACH,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC;gBACzE,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,CAAC;gBACjD,MAAM,CAAC,KAAK,CAAC,gDAAgD,EAAE;oBAC7D,SAAS,EAAE,GAAG,CAAC,IAAI,CAAC,SAAS;iBAC9B,CAAC,CAAC;YACL,CAAC;YAED,kEAAkE;YAClE,qEAAqE;YACrE,sEAAsE;YACtE,wEAAwE;YACxE,qEAAqE;YACrE,uEAAuE;YACvE,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC;YAC5D,MAAM,WAAW,GAAG,MAAM,EAAE,YAAY,CAAC;YACzC,MAAM,QAAQ,GAAG,MAAM,EAAE,SAAS,CAAC;YACnC,IAAI,QAAQ,IAAI,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;gBAC/D,WAAW,CAAC,iBAAiB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,IAAI,EAAE,CAAC;QACT,CAAC,CAAC,CAAC;QAEH,iEAAiE;QACjE,0DAA0D;QAC1D,yEAAyE;QACzE,0EAA0E;QAC1E,qEAAqE;QACrE,kEAAkE;QAClE,qEAAqE;QACrE,EAAE;QACF,yEAAyE;QACzE,wEAAwE;QACxE,wEAAwE;QACxE,yEAAyE;QACzE,0EAA0E;QAC1E,qDAAqD;QACrD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;QACrC,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,iCAAiC;QAC5F,MAAM,QAAQ,GAAG,GAAG,YAAY,CAAC,MAAM,GAAG,QAAQ,EAAE,CAAC,CAAC,sCAAsC;QAC5F,MAAM,eAAe,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QAEvF,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,kBAAkB,GAAG;gBACzB,MAAM,EAAE,GAAG,QAAQ,GAAG;gBACtB,sBAAsB,EAAE,GAAG,QAAQ,YAAY;gBAC/C,wBAAwB,EAAE,CAAC,MAAM,CAAC;gBAClC,gCAAgC,EAAE,CAAC,MAAM,CAAC;gBAC1C,cAAc,EAAE,GAAG,QAAQ,QAAQ;gBACnC,qCAAqC,EAAE,CAAC,oBAAoB,EAAE,MAAM,CAAC;gBACrE,qBAAqB,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;gBAC9D,gBAAgB,EAAE,eAAe;gBACjC,mBAAmB,EAAE,GAAG,QAAQ,SAAS;gBACzC,0CAA0C,EAAE,CAAC,oBAAoB,CAAC;gBAClE,qBAAqB,EAAE,GAAG,QAAQ,WAAW;aAC9C,CAAC;YACF,MAAM,sBAAsB,GAAG;gBAC7B,QAAQ,EAAE,GAAG,QAAQ,MAAM;gBAC3B,qBAAqB,EAAE,CAAC,GAAG,QAAQ,GAAG,CAAC;gBACvC,gBAAgB,EAAE,eAAe;gBACjC,aAAa,EAAE,sBAAsB;aACtC,CAAC;YAEF,GAAG,CAAC,GAAG,CAAC,yCAAyC,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;gBAC/D,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YAC/B,CAAC,CAAC,CAAC;YACH,2EAA2E;YAC3E,wEAAwE;YACxE,qDAAqD;YACrD,GAAG,CAAC,GAAG,CAAC,2CAA2C,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;gBACjE,GAAG,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;YACnC,CAAC,CAAC,CAAC;YACH,GAAG,CAAC,GAAG,CAAC,wCAAwC,QAAQ,MAAM,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;gBAC5E,GAAG,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;YACnC,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,mDAAmD,EAAE;gBAC/D,SAAS,EAAE,QAAQ;gBACnB,QAAQ;aACT,CAAC,CAAC;QACL,CAAC;QAED,+DAA+D;QAC/D,wEAAwE;QACxE,yEAAyE;QACzE,wEAAwE;QACxE,yEAAyE;QACzE,QAAQ;QACR,GAAG,CAAC,GAAG,CACL,aAAa,CAAC;YACZ,QAAQ;YACR,SAAS,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC;YAC1B,OAAO,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC;YACxB,iBAAiB,EAAE,IAAI,GAAG,CAAC,GAAG,MAAM,MAAM,CAAC;YAC3C,eAAe;YACf,YAAY,EAAE,sBAAsB;SACrC,CAAC,CACH,CAAC;QAEF,6EAA6E;QAC7E,2EAA2E;QAC3E,0EAA0E;QAC1E,IAAI,gBAAgB,EAAE,CAAC;YACrB,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,qBAAqB,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAC;QACnE,CAAC;QACD,yDAAyD;QACzD,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;QAExC,MAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE;YACvC,SAAS,EAAE,gBAAgB,CAAC,SAAS;YACrC,MAAM;SACP,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,4DAA4D;QAC5D,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACtB,MAAM,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACpC,CAAC;QAED,6EAA6E;QAC7E,+EAA+E;QAC/E,4DAA4D;QAC5D,IAAI,gBAAgB,EAAE,CAAC;YACrB,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,qBAAqB,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAC;QACnE,CAAC;QAED,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACxC,kFAAkF;YAClF,iFAAiF;YACjF,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,gEAAgE,CAAC,CAAC;YAC7G,MAAM,QAAQ,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;YAChD,MAAM,UAAU,GAAG,iBAAiB,CAAC,EAAE,QAAQ,EAAE,EAAE,iBAAiB,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;YACpF,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,mCAAmC;YACnC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,8DAA8D;IAC9D,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACnB,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;QAC5F,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iEAAiE,EAAE,CAAC,CAAC;IACrG,CAAC,CAAC,CAAC;IAEH,8DAA8D;IAC9D,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE;QACjD,IAAI,QAAQ,GAAG,aAAa,CAAC;QAC7B,IAAI,MAAM,CAAC,SAAS,IAAI,gBAAgB;YAAE,QAAQ,GAAG,mBAAmB,CAAC;aACpE,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,UAAU;YAAE,QAAQ,GAAG,iBAAiB,CAAC;aACtE,IAAI,MAAM,CAAC,OAAO;YAAE,QAAQ,GAAG,aAAa,MAAM,CAAC,OAAO,CAAC,MAAM,QAAQ,CAAC;aAC1E,IAAI,MAAM,CAAC,UAAU;YAAE,QAAQ,GAAG,MAAM,CAAC;QAE9C,MAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE;YACvC,IAAI,EAAE,GAAG,QAAQ,IAAI,IAAI,EAAE;YAC3B,MAAM,EAAE,UAAU,QAAQ,IAAI,IAAI,SAAS;YAC3C,GAAG,EAAE,UAAU,QAAQ,IAAI,IAAI,MAAM;YACrC,IAAI,EAAE,QAAQ;SACf,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,oFAAoF;IACpF,gDAAgD;IAChD,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;QACpD,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC9B,MAAM,CAAC,KAAK,CACV,QAAQ,IAAI,yHAAyH,EACrI,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CACzB,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;QACtF,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,uEAAuE;AAEvE;;;;GAIG;AACH,SAAS,sBAAsB,CAC7B,MAAoB;IAEpB,OAAO,KAAK,EAAE,KAAa,EAAE,EAAE;QAC7B,mEAAmE;QACnE,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,iDAAiD,CAAC,CAAC;QAE9F,qDAAqD;QACrD,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC/C,IAAI,WAAW,EAAE,CAAC;YAChB,qFAAqF;YACrF,MAAM,aAAa,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;YACzC,OAAO;gBACL,KAAK;gBACL,QAAQ,EAAE,WAAW,CAAC,QAAQ;gBAC9B,MAAM,EAAE,WAAW,CAAC,MAAM;gBAC1B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,aAAa;aACzD,CAAC;QACJ,CAAC;QAED,wCAAwC;QACxC,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACtB,IAAI,CAAC;gBACH,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,EAAE,CAAC;oBAC/B,MAAM,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;gBACpC,CAAC;gBACD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,EAAE,CAAC;oBAC/B,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;gBAChF,CAAC;gBACD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,KAAK,EAAE,UAAU,EAAE;oBAChE,MAAM,EAAE,MAAM,CAAC,UAAU;oBACzB,QAAQ,EAAE,MAAM,CAAC,YAAY;oBAC7B,cAAc,EAAE,CAAC,KAAK,CAAC;oBACvB,GAAG,CAAC,MAAM,CAAC,kBAAkB,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBAC5F,CAAC,CAAC;gBAEH,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;gBAEpF,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;gBAE1C,OAAO;oBACL,KAAK;oBACL,QAAQ,EAAG,OAAO,CAAC,GAAc,IAAK,OAAO,CAAC,GAAc,IAAI,WAAW;oBAC3E,MAAM;oBACN,SAAS,EAAE,OAAO,CAAC,GAAG;oBACtB,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;iBAC9C,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,4EAA4E;gBAC5E,IAAI,GAAG,YAAY,iBAAiB;oBAAE,MAAM,GAAG,CAAC;gBAChD,MAAM,IAAI,iBAAiB,CAAE,GAAa,CAAC,OAAO,IAAI,eAAe,CAAC,CAAC;YACzE,CAAC;QACH,CAAC;QAED,MAAM,IAAI,iBAAiB,CAAC,sCAAsC,CAAC,CAAC;IACtE,CAAC,CAAC;AACJ,CAAC;AAED,wEAAwE;AAExE;;;GAGG;AACH,KAAK,UAAU,kBAAkB,CAC/B,MAAoB;IAEpB,MAAM,QAAQ,CAAC,MAAM,CAAC,UAAW,CAAC,CAAC;IAEnC,OAAO,KAAK,EAAE,KAAa,EAAE,EAAE;QAC7B,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QACD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,KAAK,EAAE,UAAU,EAAE;YAChE,MAAM,EAAE,MAAM,CAAC,UAAU;YACzB,QAAQ,EAAE,MAAM,CAAC,YAAY;YAC7B,cAAc,EAAE,CAAC,KAAK,CAAC;YACvB,GAAG,CAAC,MAAM,CAAC,kBAAkB,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC5F,CAAC,CAAC;QAEH,MAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAE3E,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAE1C,OAAO;YACL,KAAK;YACL,QAAQ,EAAG,OAAO,CAAC,GAAc,IAAK,OAAO,CAAC,GAAc,IAAI,WAAW;YAC3E,MAAM;YACN,SAAS,EAAE,OAAO,CAAC,GAAG;YACtB,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;SAC9C,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED,uEAAuE;AAEvE,MAAM,YAAY,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;AAEpF;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAgC;IAChE,IAAI,SAA+B,CAAC;IAEpC,wCAAwC;IACxC,IAAI,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QACtC,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACnE,CAAC;IACD,6FAA6F;SACxF,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QACzC,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACjE,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACtC,SAAS,GAAI,OAAO,CAAC,GAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC7F,CAAC;IAED,oDAAoD;IACpD,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CACT,gEAAgE;YAC9D,8EAA8E,CACjF,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,CAAC;IAClB,CAAC;IAED,yBAAyB;IACzB,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAEnE,uEAAuE;IACvE,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,IAAI,CAAC,4EAA4E,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;QACzG,OAAO,CAAC,MAAM,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,YAAY,CAAC,QAAQ,CAAC,CAAC;AAChC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,QAAQ,CAAC,MAAc;IACpC,IAAI,UAAU,IAAI,UAAU;QAAE,OAAO;IAErC,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;QACpC,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,kCAAkC,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,GAAG,CAAC,CAAC;QAC1G,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;QACtD,MAAM,SAAS,GAAG,CAAC,MAAM,aAAa,CAAC,IAAI,EAAE,CAAyB,CAAC;QAEvE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,+CAA+C,OAAO,EAAE,CAAC,CAAC;QAC5E,CAAC;QAED,UAAU,GAAG,UAAU,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,IAAI,CAAC,uBAAuB,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC;IAChF,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,gCAAgC,EAAE;YAC7C,MAAM;YACN,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SACxD,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}
1
+ {"version":3,"file":"http.js","sourceRoot":"","sources":["../../src/server/http.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAGH,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AACnG,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAItC,wEAAwE;AAExE;;;GAGG;AACH,SAAS,UAAU,CAAC,KAAa;IAC/B,OAAO,KAAK;SACT,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,sBAAsB,CAAC,GAAQ;IACtC,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO;QAAE,OAAO,KAAK,CAAC;IAC3C,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IACxC,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,OAAO,CAAC;AAC5F,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,oBAAoB,CAAC,KAAa,EAAE,gBAAwB,EAAE,eAAuB;IAC5F,MAAM,IAAI,GACR,KAAK,KAAK,eAAe;QACvB,CAAC,CAAC,0OAA0O;QAC5O,CAAC,CAAC,8GAA8G,CAAC;IACrH,MAAM,SAAS,GAAG,gBAAgB,CAAC,CAAC,CAAC,YAAY,UAAU,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC;IAChG,OAAO,CACL,6FAA6F;QAC7F,uGAAuG;QACvG,+BAA+B;QAC/B,oCAAoC,UAAU,CAAC,KAAK,CAAC,aAAa;QAClE,SAAS;QACT,MAAM,UAAU,CAAC,IAAI,CAAC,MAAM;QAC5B,eAAe,UAAU,CAAC,eAAe,CAAC,sCAAsC;QAChF,gBAAgB,CACjB,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,0BAA0B,CAAC,UAA2B;IACpE,OAAO,CAAC,GAAY,EAAE,GAAa,EAAQ,EAAE;QAC3C,MAAM,UAAU,GAAG,OAAO,GAAG,CAAC,KAAK,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9E,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAC9C,IAAI,OAAO,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YAC1B,MAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;YAC/E,qEAAqE;YACrE,+DAA+D;YAC/D,GAAG;iBACA,MAAM,CAAC,GAAG,CAAC;iBACX,IAAI,CAAC,MAAM,CAAC;iBACZ,IAAI,CACH,yEAAyE;gBACvE,gCAAgC;gBAChC,qGAAqG;gBACrG,gBAAgB,CACnB,CAAC;YACJ,OAAO;QACT,CAAC;QAED,IAAI,MAAW,CAAC;QAChB,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;YACtE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;YACvG,OAAO;QACT,CAAC;QAED,0EAA0E;QAC1E,sEAAsE;QACtE,yEAAyE;QACzE,2EAA2E;QAC3E,yEAAyE;QACzE,yEAAyE;QACzE,0EAA0E;QAC1E,2EAA2E;QAC3E,yEAAyE;QACzE,mBAAmB;QACnB,MAAM,KAAK,GAAG,OAAO,GAAG,CAAC,KAAK,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAChF,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,gBAAgB,GAAG,OAAO,GAAG,CAAC,KAAK,CAAC,iBAAiB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5G,IAAI,OAAO,CAAC,WAAW,KAAK,SAAS;gBAAE,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YAC7F,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YACxC,IAAI,gBAAgB;gBAAE,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,EAAE,gBAAgB,CAAC,CAAC;YACrF,MAAM,QAAQ,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;YAChD,MAAM,CAAC,IAAI,CAAC,qDAAqD,EAAE;gBACjE,KAAK;gBACL,uBAAuB,EAAE,gBAAgB,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;gBACvD,qBAAqB,EAAE,MAAM,CAAC,IAAI;gBAClC,QAAQ;aACT,CAAC,CAAC;YACH,IAAI,QAAQ,EAAE,CAAC;gBACb,GAAG;qBACA,MAAM,CAAC,GAAG,CAAC;qBACX,IAAI,CAAC,MAAM,CAAC;qBACZ,IAAI,CAAC,oBAAoB,CAAC,KAAK,EAAE,gBAAgB,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;YAC5E,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;YACvC,CAAC;YACD,OAAO;QACT,CAAC;QAED,qEAAqE;QACrE,4EAA4E;QAC5E,qDAAqD;QACrD,MAAM,IAAI,GAAG,OAAO,GAAG,CAAC,KAAK,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QACtE,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACtC,IAAI,OAAO,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YACtC,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,uCAAuC,EAAE;YACpD,qBAAqB,EAAE,MAAM,CAAC,IAAI;YAClC,QAAQ,EAAE,OAAO,CAAC,WAAW,KAAK,SAAS;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IACvC,CAAC,CAAC;AACJ,CAAC;AAED,wEAAwE;AAExE;;;GAGG;AACH,SAAS,WAAW,CAClB,KAAa,EACb,MAAoB;IAEpB,8FAA8F;IAC9F,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnC,IAAI,KAAK,KAAK,KAAK,CAAC,GAAG,EAAE,CAAC;gBACxB,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAChD,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,4DAA4D;oBAC5D,OAAO,SAAS,CAAC;gBACnB,CAAC;gBACD,MAAM,MAAM,GAAG,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBAC5C,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;YAClF,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,wEAAwE;AAExE,IAAI,UAAU,GAAiC,IAAI,CAAC;AACpD,IAAI,UAAU,GAAgE,IAAI,CAAC;AAEnF,wEAAwE;AAExE;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,uBAAuB,CAAC,GAAwB,EAAE,cAAwB;IACxF,MAAM,cAAc,GAAG,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC;IACjD,GAAG,CAAC,GAAG,CACL,MAAM,CAAC;QACL,0EAA0E;QAC1E,qDAAqD;QACrD,uBAAuB,EAAE,KAAK;QAC9B,yBAAyB,EAAE,cAAc,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,cAAuB,EAAE,CAAC,CAAC,CAAC,SAAS;QAC3F,yEAAyE;QACzE,kEAAkE;QAClE,wEAAwE;QACxE,2CAA2C;QAC3C,qBAAqB,EAAE,cAAc;YACnC,CAAC,CAAC;gBACE,WAAW,EAAE,IAAI;gBACjB,UAAU,EAAE;oBACV,WAAW,EAAE,CAAC,QAAQ,EAAE,iBAAiB,CAAC;iBAC3C;aACF;YACH,CAAC,CAAC,SAAS;KACd,CAAC,CACH,CAAC;IAEF,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,CAAC;QACxC,GAAG,CAAC,GAAG,CACL,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE;gBAC3B,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,kEAAkE;oBAClE,6CAA6C;oBAC7C,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;oBACtB,OAAO;gBACT,CAAC;gBACD,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;YACtC,CAAC;YACD,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,CAAC;YAC7C,cAAc,EAAE,CAAC,cAAc,EAAE,eAAe,EAAE,gBAAgB,CAAC;YACnE,cAAc,EAAE,CAAC,gBAAgB,CAAC;YAClC,WAAW,EAAE,IAAI;SAClB,CAAC,CACH,CAAC;QACF,mEAAmE;QACnE,wEAAwE;QACxE,0EAA0E;QAC1E,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;YAC1B,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC;YAClC,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC5E,MAAM,CAAC,SAAS,CAAC;oBACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACnC,KAAK,EAAE,MAAM;oBACb,KAAK,EAAE,eAAe;oBACtB,MAAM;oBACN,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,IAAI,EAAE,GAAG,CAAC,IAAI;iBACf,CAAC,CAAC;YACL,CAAC;YACD,IAAI,EAAE,CAAC;QACT,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC;AAED,wEAAwE;AAExE;;;GAGG;AACH,SAAS,gBAAgB,CAAC,aAA8B;IACtD,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QAC3C,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE;YAClC,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;YACxC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI;YACnB,UAAU,EAAE,GAAG,CAAC,IAAI,EAAE,MAAM;YAC5B,MAAM,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE;SACrB,CAAC,CAAC;QACH,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC;gBAClD,kBAAkB,EAAE,SAAS,EAAE,iBAAiB;aACjD,CAAC,CAAC;YACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAChC,8DAA8D;YAC9D,uEAAuE;YACvE,qEAAqE;YACrE,kEAAkE;YAClE,qEAAqE;YACrE,oDAAoD;YACpD,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC/F,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,aAA8B,EAC9B,MAAoB,EACpB,gBAAmC;IAEnC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,IAAI,IAAI,SAAS,CAAC;IAEnC,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;IACtB,oEAAoE;IACpE,6DAA6D;IAC7D,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;IAE1B,uBAAuB,CAAC,GAAG,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;IAEpD,wEAAwE;IACxE,oFAAoF;IACpF,qFAAqF;IACrF,uFAAuF;IACvF,2FAA2F;IAC3F,yDAAyD;IACzD,EAAE;IACF,mFAAmF;IACnF,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;IACzF,MAAM,gBAAgB,GAAG,MAAM,CAAC,aAAa,GAAG,CAAC,CAAC;IAClD,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,aAAa,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACzF,MAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE;QAChC,SAAS,EAAE,MAAM,CAAC,aAAa;QAC/B,YAAY,EAAE,gBAAgB;QAC9B,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE;QAC3F,QAAQ,EAAE,CAAC,gBAAgB;KAC5B,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IACxB,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IACjD,MAAM,UAAU,GAAG,gBAAgB,CAAC,aAAa,CAAC,CAAC;IAEnD,+DAA+D;IAC/D,2DAA2D;IAC3D,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;QAC1B,MAAM,CAAC,KAAK,CAAC,cAAc,EAAE;YAC3B,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;YACxC,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAClD,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa;YACpC,EAAE,EAAE,GAAG,CAAC,EAAE;SACX,CAAC,CAAC;QACH,IAAI,EAAE,CAAC;IACT,CAAC,CAAC,CAAC;IAEH,4DAA4D;IAC5D,2EAA2E;IAC3E,gFAAgF;IAChF,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QAC/B,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAC5E,CAAC,CAAC,CAAC;IAEH,4DAA4D;IAC5D,IAAI,MAAM,CAAC,SAAS,IAAI,gBAAgB,EAAE,CAAC;QACzC,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,iDAAiD,CAAC,CAAC;QAC1F,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,gEAAgE,CAAC,CAAC;QAC7G,MAAM,EAAE,wBAAwB,EAAE,0BAA0B,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CACrG,YAAY,CACb,CAAC;QACF,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC;QAEpD,uCAAuC;QACvC,MAAM,MAAM,GAAG,SAAS,EAAE,IAAI,UAAU,QAAQ,IAAI,IAAI,EAAE,CAAC;QAE3D,yEAAyE;QACzE,yEAAyE;QACzE,qEAAqE;QACrE,sEAAsE;QACtE,iEAAiE;QACjE,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;QAC1C,MAAM,aAAa,GAAG,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,iCAAiC;QACtG,MAAM,aAAa,GAAG,GAAG,iBAAiB,CAAC,MAAM,GAAG,aAAa,EAAE,CAAC;QACpE,+EAA+E;QAC/E,8EAA8E;QAC9E,+EAA+E;QAC/E,MAAM,gBAAgB,GAAG,GAAG,aAAa,iBAAiB,CAAC;QAE3D,2CAA2C;QAC3C,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,GAAG,wBAAwB,CAAC,gBAAgB,EAAE,MAAM,EAAE;YAC/F,aAAa,EAAE,MAAM,CAAC,kBAAkB;YACxC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,WAAW,EAAE,gBAAgB;SAC9B,CAAC,CAAC;QACH,MAAM,aAAa,GAAG,wBAAwB,CAAC,gBAAgB,CAAC,CAAC;QACjE,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACtF,MAAM,eAAe,GAAG,0BAA0B,CAAC,MAAM,EAAE,aAAa,EAAE,YAAY,CAAC,CAAC;QAExF,uFAAuF;QACvF,yFAAyF;QACzF,MAAM,mBAAmB,GAAG,GAAG,MAAM,2CAA2C,CAAC;QACjF,MAAM,UAAU,GAAG,iBAAiB,CAAC;YACnC,QAAQ,EAAE,EAAE,iBAAiB,EAAE,eAAe,EAAE;YAChD,mBAAmB;SACpB,CAAC,CAAC;QAEH,uEAAuE;QACvE,gFAAgF;QAChF,+EAA+E;QAC/E,8EAA8E;QAC9E,mDAAmD;QACnD,EAAE;QACF,+EAA+E;QAC/E,qEAAqE;QACrE,6EAA6E;QAC7E,yEAAyE;QACzE,6DAA6D;QAC7D,EAAE;QACF,8EAA8E;QAC9E,4EAA4E;QAC5E,wDAAwD;QACxD,2EAA2E;QAC3E,iFAAiF;QACjF,4EAA4E;QAC5E,6EAA6E;QAC7E,6DAA6D;QAC7D,EAAE;QACF,yEAAyE;QACzE,sEAAsE;QACtE,wEAAwE;QACxE,yEAAyE;QACzE,0EAA0E;QAC1E,kEAAkE;QAClE,IAAI,gBAAgB,EAAE,CAAC;YACrB,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,qBAAqB,CAAC,WAAW,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC;YAC/E,wEAAwE;YACxE,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,qBAAqB,CAAC,YAAY,EAAE,MAAM,CAAC,aAAa,EAAE,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC,CAAC,CAAC;YAC7G,mFAAmF;YACnF,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,qBAAqB,CAAC,MAAM,EAAE,gBAAgB,EAAE,EAAE,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YAClH,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,QAAQ,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC;YACzE,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,qBAAqB,CAAC,SAAS,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC;YAC3E,uEAAuE;YACvE,sEAAsE;YACtE,GAAG,CAAC,GAAG,CAAC,iBAAiB,EAAE,qBAAqB,CAAC,iBAAiB,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC;QAC7F,CAAC;QAED,uEAAuE;QACvE,sEAAsE;QACtE,uEAAuE;QACvE,wEAAwE;QACxE,iDAAiD;QACjD,EAAE;QACF,sEAAsE;QACtE,mEAAmE;QACnE,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YACvC,uEAAuE;YACvE,sEAAsE;YACtE,qEAAqE;YACrE,mEAAmE;YACnE,IAAI,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,MAAM,CAAC,IAAI,CAAC,oDAAoD,EAAE;oBAChE,SAAS,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM;oBAC1B,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE;oBACf,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;iBACnD,CAAC,CAAC;gBACH,qEAAqE;gBACrE,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,GAAa,EAAE,EAAE;oBACrC,IAAI,GAAG,EAAE,CAAC;wBACR,IAAI,CAAC,GAAG,CAAC,CAAC;wBACV,OAAO;oBACT,CAAC;oBACD,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;gBACvB,CAAC,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;gBACtC,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;gBACxC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI;gBACnB,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE;gBAC/C,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;aAClC,CAAC,CAAC;YACH,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC;gBACzE,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,CAAC;gBACjD,MAAM,CAAC,KAAK,CAAC,gDAAgD,EAAE;oBAC7D,SAAS,EAAE,GAAG,CAAC,IAAI,CAAC,SAAS;iBAC9B,CAAC,CAAC;YACL,CAAC;YAED,kEAAkE;YAClE,qEAAqE;YACrE,sEAAsE;YACtE,wEAAwE;YACxE,qEAAqE;YACrE,uEAAuE;YACvE,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC;YAC5D,MAAM,WAAW,GAAG,MAAM,EAAE,YAAY,CAAC;YACzC,MAAM,QAAQ,GAAG,MAAM,EAAE,SAAS,CAAC;YACnC,IAAI,QAAQ,IAAI,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;gBAC/D,WAAW,CAAC,iBAAiB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,IAAI,EAAE,CAAC;QACT,CAAC,CAAC,CAAC;QAEH,kEAAkE;QAClE,0EAA0E;QAC1E,sDAAsD;QACtD,0EAA0E;QAC1E,kEAAkE;QAClE,wEAAwE;QACxE,+CAA+C;QAC/C,EAAE;QACF,sEAAsE;QACtE,sEAAsE;QACtE,2EAA2E;QAC3E,0EAA0E;QAC1E,0EAA0E;QAC1E,mDAAmD;QACnD,EAAE;QACF,uEAAuE;QACvE,uEAAuE;QACvE,kEAAkE;QAClE,mEAAmE;QACnE,GAAG,CAAC,GAAG,CAAC,iBAAiB,EAAE,0BAA0B,CAAC,UAAU,CAAC,CAAC,CAAC;QAEnE,iEAAiE;QACjE,0DAA0D;QAC1D,yEAAyE;QACzE,0EAA0E;QAC1E,qEAAqE;QACrE,kEAAkE;QAClE,qEAAqE;QACrE,EAAE;QACF,yEAAyE;QACzE,wEAAwE;QACxE,wEAAwE;QACxE,yEAAyE;QACzE,0EAA0E;QAC1E,qDAAqD;QACrD,wEAAwE;QACxE,MAAM,QAAQ,GAAG,aAAa,CAAC;QAC/B,MAAM,QAAQ,GAAG,aAAa,CAAC;QAC/B,MAAM,eAAe,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QAEvF,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,kBAAkB,GAAG;gBACzB,MAAM,EAAE,GAAG,QAAQ,GAAG;gBACtB,sBAAsB,EAAE,GAAG,QAAQ,YAAY;gBAC/C,wBAAwB,EAAE,CAAC,MAAM,CAAC;gBAClC,gCAAgC,EAAE,CAAC,MAAM,CAAC;gBAC1C,cAAc,EAAE,GAAG,QAAQ,QAAQ;gBACnC,qCAAqC,EAAE,CAAC,oBAAoB,EAAE,MAAM,CAAC;gBACrE,qBAAqB,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;gBAC9D,gBAAgB,EAAE,eAAe;gBACjC,mBAAmB,EAAE,GAAG,QAAQ,SAAS;gBACzC,0CAA0C,EAAE,CAAC,oBAAoB,CAAC;gBAClE,qBAAqB,EAAE,GAAG,QAAQ,WAAW;aAC9C,CAAC;YACF,MAAM,sBAAsB,GAAG;gBAC7B,QAAQ,EAAE,GAAG,QAAQ,MAAM;gBAC3B,qBAAqB,EAAE,CAAC,GAAG,QAAQ,GAAG,CAAC;gBACvC,gBAAgB,EAAE,eAAe;gBACjC,aAAa,EAAE,sBAAsB;aACtC,CAAC;YAEF,GAAG,CAAC,GAAG,CAAC,yCAAyC,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;gBAC/D,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YAC/B,CAAC,CAAC,CAAC;YACH,2EAA2E;YAC3E,wEAAwE;YACxE,qDAAqD;YACrD,GAAG,CAAC,GAAG,CAAC,2CAA2C,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;gBACjE,GAAG,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;YACnC,CAAC,CAAC,CAAC;YACH,GAAG,CAAC,GAAG,CAAC,wCAAwC,QAAQ,MAAM,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;gBAC5E,GAAG,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;YACnC,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,mDAAmD,EAAE;gBAC/D,SAAS,EAAE,QAAQ;gBACnB,QAAQ;aACT,CAAC,CAAC;QACL,CAAC;QAED,+DAA+D;QAC/D,wEAAwE;QACxE,yEAAyE;QACzE,wEAAwE;QACxE,yEAAyE;QACzE,QAAQ;QACR,GAAG,CAAC,GAAG,CACL,aAAa,CAAC;YACZ,QAAQ;YACR,SAAS,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC;YAC1B,OAAO,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC;YACxB,iBAAiB,EAAE,IAAI,GAAG,CAAC,GAAG,MAAM,MAAM,CAAC;YAC3C,eAAe;YACf,YAAY,EAAE,sBAAsB;SACrC,CAAC,CACH,CAAC;QAEF,6EAA6E;QAC7E,2EAA2E;QAC3E,0EAA0E;QAC1E,IAAI,gBAAgB,EAAE,CAAC;YACrB,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,qBAAqB,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAC;QACnE,CAAC;QACD,yDAAyD;QACzD,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;QAExC,MAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE;YACvC,SAAS,EAAE,gBAAgB,CAAC,SAAS;YACrC,MAAM;SACP,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,4DAA4D;QAC5D,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACtB,MAAM,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACpC,CAAC;QAED,6EAA6E;QAC7E,+EAA+E;QAC/E,4DAA4D;QAC5D,IAAI,gBAAgB,EAAE,CAAC;YACrB,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,qBAAqB,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAC;QACnE,CAAC;QAED,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACxC,kFAAkF;YAClF,iFAAiF;YACjF,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,gEAAgE,CAAC,CAAC;YAC7G,MAAM,QAAQ,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;YAChD,MAAM,UAAU,GAAG,iBAAiB,CAAC,EAAE,QAAQ,EAAE,EAAE,iBAAiB,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;YACpF,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,mCAAmC;YACnC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,8DAA8D;IAC9D,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACnB,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;QAC5F,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iEAAiE,EAAE,CAAC,CAAC;IACrG,CAAC,CAAC,CAAC;IAEH,8DAA8D;IAC9D,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE;QACjD,IAAI,QAAQ,GAAG,aAAa,CAAC;QAC7B,IAAI,MAAM,CAAC,SAAS,IAAI,gBAAgB;YAAE,QAAQ,GAAG,mBAAmB,CAAC;aACpE,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,UAAU;YAAE,QAAQ,GAAG,iBAAiB,CAAC;aACtE,IAAI,MAAM,CAAC,OAAO;YAAE,QAAQ,GAAG,aAAa,MAAM,CAAC,OAAO,CAAC,MAAM,QAAQ,CAAC;aAC1E,IAAI,MAAM,CAAC,UAAU;YAAE,QAAQ,GAAG,MAAM,CAAC;QAE9C,MAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE;YACvC,IAAI,EAAE,GAAG,QAAQ,IAAI,IAAI,EAAE;YAC3B,MAAM,EAAE,UAAU,QAAQ,IAAI,IAAI,SAAS;YAC3C,GAAG,EAAE,UAAU,QAAQ,IAAI,IAAI,MAAM;YACrC,IAAI,EAAE,QAAQ;SACf,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,oFAAoF;IACpF,gDAAgD;IAChD,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;QACpD,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC9B,MAAM,CAAC,KAAK,CACV,QAAQ,IAAI,yHAAyH,EACrI,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CACzB,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;QACtF,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,uEAAuE;AAEvE;;;;GAIG;AACH,SAAS,sBAAsB,CAC7B,MAAoB;IAEpB,OAAO,KAAK,EAAE,KAAa,EAAE,EAAE;QAC7B,mEAAmE;QACnE,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,iDAAiD,CAAC,CAAC;QAE9F,qDAAqD;QACrD,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC/C,IAAI,WAAW,EAAE,CAAC;YAChB,qFAAqF;YACrF,MAAM,aAAa,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;YACzC,OAAO;gBACL,KAAK;gBACL,QAAQ,EAAE,WAAW,CAAC,QAAQ;gBAC9B,MAAM,EAAE,WAAW,CAAC,MAAM;gBAC1B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,aAAa;aACzD,CAAC;QACJ,CAAC;QAED,wCAAwC;QACxC,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACtB,IAAI,CAAC;gBACH,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,EAAE,CAAC;oBAC/B,MAAM,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;gBACpC,CAAC;gBACD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,EAAE,CAAC;oBAC/B,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;gBAChF,CAAC;gBACD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,KAAK,EAAE,UAAU,EAAE;oBAChE,MAAM,EAAE,MAAM,CAAC,UAAU;oBACzB,QAAQ,EAAE,MAAM,CAAC,YAAY;oBAC7B,cAAc,EAAE,CAAC,KAAK,CAAC;oBACvB,GAAG,CAAC,MAAM,CAAC,kBAAkB,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBAC5F,CAAC,CAAC;gBAEH,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;gBAEpF,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;gBAE1C,OAAO;oBACL,KAAK;oBACL,QAAQ,EAAG,OAAO,CAAC,GAAc,IAAK,OAAO,CAAC,GAAc,IAAI,WAAW;oBAC3E,MAAM;oBACN,SAAS,EAAE,OAAO,CAAC,GAAG;oBACtB,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;iBAC9C,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,4EAA4E;gBAC5E,IAAI,GAAG,YAAY,iBAAiB;oBAAE,MAAM,GAAG,CAAC;gBAChD,MAAM,IAAI,iBAAiB,CAAE,GAAa,CAAC,OAAO,IAAI,eAAe,CAAC,CAAC;YACzE,CAAC;QACH,CAAC;QAED,MAAM,IAAI,iBAAiB,CAAC,sCAAsC,CAAC,CAAC;IACtE,CAAC,CAAC;AACJ,CAAC;AAED,wEAAwE;AAExE;;;GAGG;AACH,KAAK,UAAU,kBAAkB,CAC/B,MAAoB;IAEpB,MAAM,QAAQ,CAAC,MAAM,CAAC,UAAW,CAAC,CAAC;IAEnC,OAAO,KAAK,EAAE,KAAa,EAAE,EAAE;QAC7B,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QACD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,KAAK,EAAE,UAAU,EAAE;YAChE,MAAM,EAAE,MAAM,CAAC,UAAU;YACzB,QAAQ,EAAE,MAAM,CAAC,YAAY;YAC7B,cAAc,EAAE,CAAC,KAAK,CAAC;YACvB,GAAG,CAAC,MAAM,CAAC,kBAAkB,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC5F,CAAC,CAAC;QAEH,MAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAE3E,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAE1C,OAAO;YACL,KAAK;YACL,QAAQ,EAAG,OAAO,CAAC,GAAc,IAAK,OAAO,CAAC,GAAc,IAAI,WAAW;YAC3E,MAAM;YACN,SAAS,EAAE,OAAO,CAAC,GAAG;YACtB,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;SAC9C,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED,uEAAuE;AAEvE,MAAM,YAAY,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;AAEpF;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAgC;IAChE,IAAI,SAA+B,CAAC;IAEpC,wCAAwC;IACxC,IAAI,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QACtC,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACnE,CAAC;IACD,6FAA6F;SACxF,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QACzC,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACjE,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACtC,SAAS,GAAI,OAAO,CAAC,GAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC7F,CAAC;IAED,oDAAoD;IACpD,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CACT,gEAAgE;YAC9D,8EAA8E,CACjF,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,CAAC;IAClB,CAAC;IAED,yBAAyB;IACzB,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAEnE,uEAAuE;IACvE,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,IAAI,CAAC,4EAA4E,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;QACzG,OAAO,CAAC,MAAM,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,YAAY,CAAC,QAAQ,CAAC,CAAC;AAChC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,QAAQ,CAAC,MAAc;IACpC,IAAI,UAAU,IAAI,UAAU;QAAE,OAAO;IAErC,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;QACpC,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,kCAAkC,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,GAAG,CAAC,CAAC;QAC1G,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;QACtD,MAAM,SAAS,GAAG,CAAC,MAAM,aAAa,CAAC,IAAI,EAAE,CAAyB,CAAC;QAEvE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,+CAA+C,OAAO,EAAE,CAAC,CAAC;QAC5E,CAAC;QAED,UAAU,GAAG,UAAU,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,IAAI,CAAC,uBAAuB,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC;IAChF,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,gCAAgC,EAAE;YAC7C,MAAM;YACN,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SACxD,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}
package/dist/server/oauth-state.d.ts ADDED
@@ -0,0 +1,90 @@
1
+ /**
2
+ * Stateless, signed OAuth `state` codec for the XSUAA callback proxy.
3
+ *
4
+ * ── Why this exists (issue #214) ──────────────────────────────────────
5
+ * XSUAA echoes a literal `+` (not `%2B`) for any `state` value that
6
+ * contains `+` when it redirects back to the OAuth client. Standard base64
7
+ * `state` values (e.g. VS Code generates `randomBytes(16).toString('base64')`)
8
+ * contain `+` ~50% of the time. The receiving client parses the callback
9
+ * query string with `application/x-www-form-urlencoded` semantics, where
10
+ * `+` decodes to a space, so the round-tripped `state` no longer matches the
11
+ * value the client generated → "State does not match" → login fails.
12
+ *
13
+ * ARC-1 cannot influence what XSUAA emits, and XSUAA redirects DIRECTLY to
14
+ * the client today (ARC-1 is not in the return path). The only fix is to
15
+ * insert ARC-1 into the return path: send XSUAA a `state` that ARC-1
16
+ * controls and that is immune to the `+` bug, then re-emit the client's
17
+ * ORIGINAL `state` correctly when redirecting back to the client.
18
+ *
19
+ * ── How this codec is immune to the `+` bug ───────────────────────────
20
+ * The token is `base64url(payload) + "." + base64url(sig)`. base64url uses
21
+ * the alphabet `A-Za-z0-9-_` — no `+`, no `/`. The `.` separator is an
22
+ * RFC 3986 unreserved character. So the entire token is URL-safe: XSUAA has
23
+ * no `+` to mangle, and Express's `+`→space query decoding is a no-op on it.
24
+ * The client's real `state` (which may contain `+`) rides INSIDE the opaque
25
+ * base64url payload, so it survives the XSUAA round-trip untouched.
26
+ *
27
+ * ── Why stateless (vs an in-memory map) ───────────────────────────────
28
+ * Mirrors the StatelessDcrClientStore design (PR #212): the token carries
29
+ * its own payload + HMAC signature, so any instance with the same signing
30
+ * key can validate it. No in-memory map → survives `cf restart`, cell
31
+ * moves, and horizontal scale-out. The signing key is derived (HKDF-style)
32
+ * from the same secret the DCR store uses, with a distinct domain-separation
33
+ * label so the two key spaces never overlap.
34
+ *
35
+ * ── Upstream tracking / when this whole module can be deleted ──────────
36
+ * This is a WORKAROUND for an XSUAA bug. It can be removed ONLY when XSUAA
37
+ * stops emitting a literal `+` (emits `%2B`) for `state` on the authorize
38
+ * redirect. Tracking:
39
+ * - arc-1 issue: https://github.com/marianfoo/arc-1/issues/214
40
+ * - XSUAA root cause: no public SAP Note as of 2026-06; the `+`→literal
41
+ * echo is the actual defect and the only thing whose
42
+ * fix makes this module removable.
43
+ * - VS Code (client): https://github.com/microsoft/vscode/issues/314715
44
+ * asks VS Code to use base64url `state`. If accepted it
45
+ * fixes the VS Code SYMPTOM only — other MCP clients
46
+ * (Cursor, claude.ai, Copilot Studio, …) still send
47
+ * base64 `state` containing `+`, so the callback proxy
48
+ * stays until the XSUAA-side fix lands. Do NOT delete
49
+ * this module just because vscode#314715 closes.
50
+ * To verify whether the XSUAA bug is gone, re-run the issue #214 spectrum
51
+ * reproducer (see the issue thread) against the target XSUAA tenant.
52
+ */
53
+ export type DecodeResult = {
54
+ kind: 'ok';
55
+ clientState?: string;
56
+ clientRedirectUri: string;
57
+ } | {
58
+ kind: 'error';
59
+ reason: 'malformed' | 'bad_signature' | 'invalid_payload' | 'expired';
60
+ };
61
+ /**
62
+ * Signs and verifies OAuth `state` tokens for the XSUAA callback proxy.
63
+ */
64
+ export declare class OAuthStateCodec {
65
+ private readonly hmacKey;
66
+ private readonly ttlSeconds;
67
+ constructor(signingSecret: string, opts?: {
68
+ ttlSeconds?: number;
69
+ });
70
+ /**
71
+ * Encode a URL-safe, signed state token. The returned value is safe to put
72
+ * in a query string and round-trip through XSUAA (no `+`, no `/`).
73
+ *
74
+ * @param input.now Injectable clock (epoch ms) for deterministic tests.
75
+ */
76
+ encode(input: {
77
+ clientState?: string;
78
+ clientRedirectUri: string;
79
+ now?: number;
80
+ }): string;
81
+ /**
82
+ * Decode and verify a state token. Never throws — returns a typed result.
83
+ *
84
+ * @param now Injectable clock (epoch ms) for deterministic tests.
85
+ */
86
+ decode(token: string, now?: number): DecodeResult;
87
+ private sign;
88
+ private verifySignature;
89
+ }
90
+ //# sourceMappingURL=oauth-state.d.ts.map
package/dist/server/oauth-state.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth-state.d.ts","sourceRoot":"","sources":["../../src/server/oauth-state.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmDG;AAgCH,MAAM,MAAM,YAAY,GACpB;IAAE,IAAI,EAAE,IAAI,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAAC,iBAAiB,EAAE,MAAM,CAAA;CAAE,GAC/D;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,WAAW,GAAG,eAAe,GAAG,iBAAiB,GAAG,SAAS,CAAA;CAAE,CAAC;AAE7F;;GAEG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;gBAExB,aAAa,EAAE,MAAM,EAAE,IAAI,GAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAA;KAAO;IAUrE;;;;;OAKG;IACH,MAAM,CAAC,KAAK,EAAE;QAAE,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAC;QAAC,GAAG,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,MAAM;IAcxF;;;;OAIG;IACH,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,GAAE,MAAmB,GAAG,YAAY;IA2B7D,OAAO,CAAC,IAAI;IAKZ,OAAO,CAAC,eAAe;CAQxB"}
package/dist/server/oauth-state.js ADDED
@@ -0,0 +1,160 @@
1
+ /**
2
+ * Stateless, signed OAuth `state` codec for the XSUAA callback proxy.
3
+ *
4
+ * ── Why this exists (issue #214) ──────────────────────────────────────
5
+ * XSUAA echoes a literal `+` (not `%2B`) for any `state` value that
6
+ * contains `+` when it redirects back to the OAuth client. Standard base64
7
+ * `state` values (e.g. VS Code generates `randomBytes(16).toString('base64')`)
8
+ * contain `+` ~50% of the time. The receiving client parses the callback
9
+ * query string with `application/x-www-form-urlencoded` semantics, where
10
+ * `+` decodes to a space, so the round-tripped `state` no longer matches the
11
+ * value the client generated → "State does not match" → login fails.
12
+ *
13
+ * ARC-1 cannot influence what XSUAA emits, and XSUAA redirects DIRECTLY to
14
+ * the client today (ARC-1 is not in the return path). The only fix is to
15
+ * insert ARC-1 into the return path: send XSUAA a `state` that ARC-1
16
+ * controls and that is immune to the `+` bug, then re-emit the client's
17
+ * ORIGINAL `state` correctly when redirecting back to the client.
18
+ *
19
+ * ── How this codec is immune to the `+` bug ───────────────────────────
20
+ * The token is `base64url(payload) + "." + base64url(sig)`. base64url uses
21
+ * the alphabet `A-Za-z0-9-_` — no `+`, no `/`. The `.` separator is an
22
+ * RFC 3986 unreserved character. So the entire token is URL-safe: XSUAA has
23
+ * no `+` to mangle, and Express's `+`→space query decoding is a no-op on it.
24
+ * The client's real `state` (which may contain `+`) rides INSIDE the opaque
25
+ * base64url payload, so it survives the XSUAA round-trip untouched.
26
+ *
27
+ * ── Why stateless (vs an in-memory map) ───────────────────────────────
28
+ * Mirrors the StatelessDcrClientStore design (PR #212): the token carries
29
+ * its own payload + HMAC signature, so any instance with the same signing
30
+ * key can validate it. No in-memory map → survives `cf restart`, cell
31
+ * moves, and horizontal scale-out. The signing key is derived (HKDF-style)
32
+ * from the same secret the DCR store uses, with a distinct domain-separation
33
+ * label so the two key spaces never overlap.
34
+ *
35
+ * ── Upstream tracking / when this whole module can be deleted ──────────
36
+ * This is a WORKAROUND for an XSUAA bug. It can be removed ONLY when XSUAA
37
+ * stops emitting a literal `+` (emits `%2B`) for `state` on the authorize
38
+ * redirect. Tracking:
39
+ * - arc-1 issue: https://github.com/marianfoo/arc-1/issues/214
40
+ * - XSUAA root cause: no public SAP Note as of 2026-06; the `+`→literal
41
+ * echo is the actual defect and the only thing whose
42
+ * fix makes this module removable.
43
+ * - VS Code (client): https://github.com/microsoft/vscode/issues/314715
44
+ * asks VS Code to use base64url `state`. If accepted it
45
+ * fixes the VS Code SYMPTOM only — other MCP clients
46
+ * (Cursor, claude.ai, Copilot Studio, …) still send
47
+ * base64 `state` containing `+`, so the callback proxy
48
+ * stays until the XSUAA-side fix lands. Do NOT delete
49
+ * this module just because vscode#314715 closes.
50
+ * To verify whether the XSUAA bug is gone, re-run the issue #214 spectrum
51
+ * reproducer (see the issue thread) against the target XSUAA tenant.
52
+ */
53
+ import crypto from 'node:crypto';
54
+ /** Domain-separation label for the HKDF-style key derivation. Bump the
55
+ * version suffix to invalidate every outstanding state token at once. */
56
+ const KDF_LABEL = 'arc1-oauth-state/v1';
57
+ /** Truncated HMAC length in bytes. 16 bytes (128 bits) is ample for a
58
+ * short-lived, single-use CSRF state token — matches StatelessDcrClientStore. */
59
+ const SIG_BYTES = 16;
60
+ /** Default lifetime of a state token. The OAuth authorize→callback hop is
61
+ * interactive (user logs in), so a few minutes covers it; XSUAA auth codes
62
+ * themselves expire on a similar horizon. */
63
+ const DEFAULT_TTL_SECONDS = 600; // 10 minutes
64
+ /**
65
+ * Signs and verifies OAuth `state` tokens for the XSUAA callback proxy.
66
+ */
67
+ export class OAuthStateCodec {
68
+ hmacKey;
69
+ ttlSeconds;
70
+ constructor(signingSecret, opts = {}) {
71
+ if (!signingSecret) {
72
+ throw new Error('OAuthStateCodec requires a non-empty signingSecret');
73
+ }
74
+ // HKDF-style: derive a dedicated key from the shared secret + label.
75
+ // The label domain-separates this key from the DCR client-id signing key.
76
+ this.hmacKey = crypto.createHmac('sha256', signingSecret).update(KDF_LABEL).digest();
77
+ this.ttlSeconds = opts.ttlSeconds ?? DEFAULT_TTL_SECONDS;
78
+ }
79
+ /**
80
+ * Encode a URL-safe, signed state token. The returned value is safe to put
81
+ * in a query string and round-trip through XSUAA (no `+`, no `/`).
82
+ *
83
+ * @param input.now Injectable clock (epoch ms) for deterministic tests.
84
+ */
85
+ encode(input) {
86
+ const nowSec = Math.floor((input.now ?? Date.now()) / 1000);
87
+ const payload = {
88
+ v: 1,
89
+ r: input.clientRedirectUri,
90
+ exp: nowSec + this.ttlSeconds,
91
+ };
92
+ if (input.clientState !== undefined) {
93
+ payload.s = input.clientState;
94
+ }
95
+ const payloadB64 = Buffer.from(JSON.stringify(payload), 'utf8').toString('base64url');
96
+ return `${payloadB64}.${this.sign(payloadB64)}`;
97
+ }
98
+ /**
99
+ * Decode and verify a state token. Never throws — returns a typed result.
100
+ *
101
+ * @param now Injectable clock (epoch ms) for deterministic tests.
102
+ */
103
+ decode(token, now = Date.now()) {
104
+ if (typeof token !== 'string' || token.length === 0) {
105
+ return { kind: 'error', reason: 'malformed' };
106
+ }
107
+ const dot = token.lastIndexOf('.');
108
+ if (dot <= 0 || dot === token.length - 1) {
109
+ return { kind: 'error', reason: 'malformed' };
110
+ }
111
+ const payloadB64 = token.slice(0, dot);
112
+ const sigB64 = token.slice(dot + 1);
113
+ if (!this.verifySignature(payloadB64, sigB64)) {
114
+ return { kind: 'error', reason: 'bad_signature' };
115
+ }
116
+ const payload = parsePayload(payloadB64);
117
+ if (!payload) {
118
+ return { kind: 'error', reason: 'invalid_payload' };
119
+ }
120
+ if (payload.exp * 1000 <= now) {
121
+ return { kind: 'error', reason: 'expired' };
122
+ }
123
+ return { kind: 'ok', clientState: payload.s, clientRedirectUri: payload.r };
124
+ }
125
+ sign(payloadB64) {
126
+ const fullDigest = crypto.createHmac('sha256', this.hmacKey).update(payloadB64).digest();
127
+ return fullDigest.subarray(0, SIG_BYTES).toString('base64url');
128
+ }
129
+ verifySignature(payloadB64, sigB64) {
130
+ const expected = Buffer.from(this.sign(payloadB64), 'base64url');
131
+ const actual = Buffer.from(sigB64, 'base64url');
132
+ if (actual.length !== expected.length || actual.length !== SIG_BYTES) {
133
+ return false;
134
+ }
135
+ return crypto.timingSafeEqual(actual, expected);
136
+ }
137
+ }
138
+ /**
139
+ * Parse a base64url payload back into a typed `StatePayload`. Returns
140
+ * `undefined` on any failure (decode error, JSON parse error, schema mismatch).
141
+ */
142
+ function parsePayload(payloadB64) {
143
+ try {
144
+ const json = Buffer.from(payloadB64, 'base64url').toString('utf8');
145
+ const obj = JSON.parse(json);
146
+ if (obj.v !== 1)
147
+ return undefined;
148
+ if (typeof obj.r !== 'string' || obj.r.length === 0)
149
+ return undefined;
150
+ if (typeof obj.exp !== 'number' || !Number.isFinite(obj.exp))
151
+ return undefined;
152
+ if (obj.s !== undefined && typeof obj.s !== 'string')
153
+ return undefined;
154
+ return { v: 1, s: obj.s, r: obj.r, exp: obj.exp };
155
+ }
156
+ catch {
157
+ return undefined;
158
+ }
159
+ }
160
+ //# sourceMappingURL=oauth-state.js.map
package/dist/server/oauth-state.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth-state.js","sourceRoot":"","sources":["../../src/server/oauth-state.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmDG;AAEH,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC;0EAC0E;AAC1E,MAAM,SAAS,GAAG,qBAAqB,CAAC;AAExC;kFACkF;AAClF,MAAM,SAAS,GAAG,EAAE,CAAC;AAErB;;8CAE8C;AAC9C,MAAM,mBAAmB,GAAG,GAAG,CAAC,CAAC,aAAa;AAqB9C;;GAEG;AACH,MAAM,OAAO,eAAe;IACT,OAAO,CAAS;IAChB,UAAU,CAAS;IAEpC,YAAY,aAAqB,EAAE,OAAgC,EAAE;QACnE,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;QACD,qEAAqE;QACrE,0EAA0E;QAC1E,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,CAAC;QACrF,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,mBAAmB,CAAC;IAC3D,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,KAAwE;QAC7E,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;QAC5D,MAAM,OAAO,GAAiB;YAC5B,CAAC,EAAE,CAAC;YACJ,CAAC,EAAE,KAAK,CAAC,iBAAiB;YAC1B,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC,UAAU;SAC9B,CAAC;QACF,IAAI,KAAK,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YACpC,OAAO,CAAC,CAAC,GAAG,KAAK,CAAC,WAAW,CAAC;QAChC,CAAC;QACD,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QACtF,OAAO,GAAG,UAAU,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;IAClD,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,KAAa,EAAE,MAAc,IAAI,CAAC,GAAG,EAAE;QAC5C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;QAChD,CAAC;QACD,MAAM,GAAG,GAAG,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,GAAG,IAAI,CAAC,IAAI,GAAG,KAAK,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;QAChD,CAAC;QACD,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACvC,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;QAEpC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC;YAC9C,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;QACpD,CAAC;QAED,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;QACzC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;QACtD,CAAC;QAED,IAAI,OAAO,CAAC,GAAG,GAAG,IAAI,IAAI,GAAG,EAAE,CAAC;YAC9B,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;QAC9C,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC,EAAE,iBAAiB,EAAE,OAAO,CAAC,CAAC,EAAE,CAAC;IAC9E,CAAC;IAEO,IAAI,CAAC,UAAkB;QAC7B,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE,CAAC;QACzF,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACjE,CAAC;IAEO,eAAe,CAAC,UAAkB,EAAE,MAAc;QACxD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,WAAW,CAAC,CAAC;QACjE,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAChD,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACrE,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAClD,CAAC;CACF;AAED;;;GAGG;AACH,SAAS,YAAY,CAAC,UAAkB;IACtC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACnE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;QACxD,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC;YAAE,OAAO,SAAS,CAAC;QAClC,IAAI,OAAO,GAAG,CAAC,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,SAAS,CAAC;QACtE,IAAI,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO,SAAS,CAAC;QAC/E,IAAI,GAAG,CAAC,CAAC,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,CAAC,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC;QACvE,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAuB,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC"}
package/dist/server/server.d.ts CHANGED
@@ -15,7 +15,7 @@ import { type ToolDefinition } from '../handlers/tools.js';
15
15
  import { type McpRateLimiter } from './mcp-rate-limit.js';
16
16
  import type { ServerConfig } from './types.js';
17
17
  /** ARC-1 version */
18
- export declare const VERSION = "0.9.7";
18
+ export declare const VERSION = "0.9.9";
19
19
  /**
20
20
  * Filter tools by user scope + server deny list.
21
21
  *
package/dist/server/server.js CHANGED
@@ -26,7 +26,7 @@ import { initLogger, logger } from './logger.js';
26
26
  import { createMcpRateLimiter } from './mcp-rate-limit.js';
27
27
  import { FileSink } from './sinks/file.js';
28
28
  /** ARC-1 version */
29
- export const VERSION = '0.9.7'; // x-release-please-version
29
+ export const VERSION = '0.9.9'; // x-release-please-version
30
30
  /**
31
31
  * Prune a tool's action OR type enum (or both) based on the user's scopes and
32
32
  * the server's denyActions list. Uses ACTION_POLICY as the single source of truth.