couchloop-eq-mcp 1.0.4 → 1.1.0

package/dist/server/oauth/pkce.d.ts

@@ -1,61 +0,0 @@
-/**
- * PKCE Challenge data structure
- */
-export interface PKCEChallenge {
-    challenge: string;
-    method: 'S256' | 'plain';
-    clientId: string;
-    expiresAt: Date;
-    createdAt: Date;
-}
-/**
- * PKCE (Proof Key for Code Exchange) Manager
- * Implements RFC 7636 for OAuth 2.0 public clients
- * Prevents authorization code interception attacks
- */
-export declare class PKCEManager {
-    private challenges;
-    private readonly MIN_VERIFIER_LENGTH;
-    private readonly MAX_VERIFIER_LENGTH;
-    private readonly CHALLENGE_TTL;
-    /**
-     * Generate a cryptographically secure code verifier
-     * According to RFC 7636, must be 43-128 characters
-     */
-    generateVerifier(): string;
-    /**
-     * Generate code challenge from verifier
-     * S256 is mandatory in OAuth 2.1, plain is deprecated
-     */
-    generateChallenge(verifier: string, method?: 'S256' | 'plain'): string;
-    /**
-     * Store PKCE challenge for later verification
-     */
-    storeChallenge(authorizationCode: string, challenge: string, method: 'S256' | 'plain', clientId: string): Promise<void>;
-    /**
-     * Validate PKCE verifier against stored challenge
-     * Uses constant-time comparison to prevent timing attacks
-     */
-    validatePKCE(authorizationCode: string, verifier: string, clientId: string): Promise<boolean>;
-    /**
-     * Get stored challenge (for testing/debugging)
-     */
-    getChallenge(authorizationCode: string): PKCEChallenge | undefined;
-    /**
-     * Clean up expired challenges to prevent memory leak
-     */
-    private cleanupExpiredChallenges;
-    /**
-     * Clear all challenges (for testing)
-     */
-    clearAll(): void;
-    /**
-     * Get statistics about stored challenges
-     */
-    getStats(): {
-        total: number;
-        expired: number;
-    };
-}
-export declare const pkceManager: PKCEManager;
-//# sourceMappingURL=pkce.d.ts.map

package/dist/server/oauth/pkce.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"pkce.d.ts","sourceRoot":"","sources":["../../../src/server/oauth/pkce.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED;;;;GAIG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,UAAU,CAAoC;IACtD,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAM;IAC1C,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAO;IAC3C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAkB;IAEhD;;;OAGG;IACH,gBAAgB,IAAI,MAAM;IAc1B;;;OAGG;IACH,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,GAAE,MAAM,GAAG,OAAgB,GAAG,MAAM;IAe9E;;OAEG;IACG,cAAc,CAClB,iBAAiB,EAAE,MAAM,EACzB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,GAAG,OAAO,EACxB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,IAAI,CAAC;IAgBhB;;;OAGG;IACG,YAAY,CAChB,iBAAiB,EAAE,MAAM,EACzB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,OAAO,CAAC;IAqDnB;;OAEG;IACH,YAAY,CAAC,iBAAiB,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS;IAIlE;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAgBhC;;OAEG;IACH,QAAQ,IAAI,IAAI;IAKhB;;OAEG;IACH,QAAQ,IAAI;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE;CAe/C;AAGD,eAAO,MAAM,WAAW,aAAoB,CAAC"}

package/dist/server/oauth/pkce.js

@@ -1,157 +0,0 @@
-import { createHash, randomBytes } from 'crypto';
-import { logger } from '../../utils/logger.js';
-/**
- * PKCE (Proof Key for Code Exchange) Manager
- * Implements RFC 7636 for OAuth 2.0 public clients
- * Prevents authorization code interception attacks
- */
-export class PKCEManager {
-    challenges = new Map();
-    MIN_VERIFIER_LENGTH = 43;
-    MAX_VERIFIER_LENGTH = 128;
-    CHALLENGE_TTL = 10 * 60 * 1000; // 10 minutes
-    /**
-     * Generate a cryptographically secure code verifier
-     * According to RFC 7636, must be 43-128 characters
-     */
-    generateVerifier() {
-        // Generate 32 bytes (will produce 43 chars in base64url)
-        const buffer = randomBytes(32);
-        const verifier = buffer.toString('base64url');
-        if (verifier.length < this.MIN_VERIFIER_LENGTH ||
-            verifier.length > this.MAX_VERIFIER_LENGTH) {
-            throw new Error('Generated verifier length is out of bounds');
-        }
-        logger.debug(`Generated PKCE verifier of length ${verifier.length}`);
-        return verifier;
-    }
-    /**
-     * Generate code challenge from verifier
-     * S256 is mandatory in OAuth 2.1, plain is deprecated
-     */
-    generateChallenge(verifier, method = 'S256') {
-        if (method === 'plain') {
-            logger.warn('Using plain PKCE method is not recommended and will be deprecated');
-            return verifier;
-        }
-        // S256 = BASE64URL(SHA256(verifier))
-        const hash = createHash('sha256')
-            .update(verifier, 'ascii')
-            .digest('base64url');
-        logger.debug(`Generated S256 PKCE challenge`);
-        return hash;
-    }
-    /**
-     * Store PKCE challenge for later verification
-     */
-    async storeChallenge(authorizationCode, challenge, method, clientId) {
-        // Clean up expired challenges
-        this.cleanupExpiredChallenges();
-        const pkceChallenge = {
-            challenge,
-            method,
-            clientId,
-            createdAt: new Date(),
-            expiresAt: new Date(Date.now() + this.CHALLENGE_TTL),
-        };
-        this.challenges.set(authorizationCode, pkceChallenge);
-        logger.info(`Stored PKCE challenge for authorization code ${authorizationCode.substring(0, 8)}...`);
-    }
-    /**
-     * Validate PKCE verifier against stored challenge
-     * Uses constant-time comparison to prevent timing attacks
-     */
-    async validatePKCE(authorizationCode, verifier, clientId) {
-        const storedChallenge = this.challenges.get(authorizationCode);
-        if (!storedChallenge) {
-            logger.warn(`No PKCE challenge found for authorization code ${authorizationCode.substring(0, 8)}...`);
-            return false;
-        }
-        // Check expiration
-        if (new Date() > storedChallenge.expiresAt) {
-            logger.warn(`PKCE challenge expired for authorization code ${authorizationCode.substring(0, 8)}...`);
-            this.challenges.delete(authorizationCode);
-            return false;
-        }
-        // Verify client ID matches
-        if (storedChallenge.clientId !== clientId) {
-            logger.error(`Client ID mismatch in PKCE validation. Expected: ${storedChallenge.clientId}, Got: ${clientId}`);
-            return false;
-        }
-        // Compute challenge from provided verifier
-        const computedChallenge = this.generateChallenge(verifier, storedChallenge.method);
-        // Use constant-time comparison to prevent timing attacks
-        const storedBuffer = Buffer.from(storedChallenge.challenge, 'ascii');
-        const computedBuffer = Buffer.from(computedChallenge, 'ascii');
-        if (storedBuffer.length !== computedBuffer.length) {
-            logger.warn(`PKCE challenge length mismatch`);
-            return false;
-        }
-        let isValid;
-        try {
-            // crypto.timingSafeEqual throws if buffers are different lengths
-            isValid = storedBuffer.length === computedBuffer.length &&
-                crypto.timingSafeEqual(storedBuffer, computedBuffer);
-        }
-        catch {
-            isValid = false;
-        }
-        if (isValid) {
-            logger.info(`PKCE validation successful for authorization code ${authorizationCode.substring(0, 8)}...`);
-            // Remove used challenge
-            this.challenges.delete(authorizationCode);
-        }
-        else {
-            logger.warn(`PKCE validation failed for authorization code ${authorizationCode.substring(0, 8)}...`);
-        }
-        return isValid;
-    }
-    /**
-     * Get stored challenge (for testing/debugging)
-     */
-    getChallenge(authorizationCode) {
-        return this.challenges.get(authorizationCode);
-    }
-    /**
-     * Clean up expired challenges to prevent memory leak
-     */
-    cleanupExpiredChallenges() {
-        const now = new Date();
-        let cleaned = 0;
-        for (const [code, challenge] of this.challenges.entries()) {
-            if (now > challenge.expiresAt) {
-                this.challenges.delete(code);
-                cleaned++;
-            }
-        }
-        if (cleaned > 0) {
-            logger.debug(`Cleaned up ${cleaned} expired PKCE challenges`);
-        }
-    }
-    /**
-     * Clear all challenges (for testing)
-     */
-    clearAll() {
-        this.challenges.clear();
-        logger.debug('Cleared all PKCE challenges');
-    }
-    /**
-     * Get statistics about stored challenges
-     */
-    getStats() {
-        const now = new Date();
-        let expired = 0;
-        for (const challenge of this.challenges.values()) {
-            if (now > challenge.expiresAt) {
-                expired++;
-            }
-        }
-        return {
-            total: this.challenges.size,
-            expired,
-        };
-    }
-}
-// Export singleton instance
-export const pkceManager = new PKCEManager();
-//# sourceMappingURL=pkce.js.map

package/dist/server/oauth/pkce.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"pkce.js","sourceRoot":"","sources":["../../../src/server/oauth/pkce.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACjD,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAa/C;;;;GAIG;AACH,MAAM,OAAO,WAAW;IACd,UAAU,GAAG,IAAI,GAAG,EAAyB,CAAC;IACrC,mBAAmB,GAAG,EAAE,CAAC;IACzB,mBAAmB,GAAG,GAAG,CAAC;IAC1B,aAAa,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,aAAa;IAE9D;;;OAGG;IACH,gBAAgB;QACd,yDAAyD;QACzD,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAC/B,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAE9C,IAAI,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,mBAAmB;YAC1C,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC/C,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,qCAAqC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QACrE,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;;OAGG;IACH,iBAAiB,CAAC,QAAgB,EAAE,SAA2B,MAAM;QACnE,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;YACvB,MAAM,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;YACjF,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,qCAAqC;QACrC,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC;aAC9B,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC;aACzB,MAAM,CAAC,WAAW,CAAC,CAAC;QAEvB,MAAM,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAClB,iBAAyB,EACzB,SAAiB,EACjB,MAAwB,EACxB,QAAgB;QAEhB,8BAA8B;QAC9B,IAAI,CAAC,wBAAwB,EAAE,CAAC;QAEhC,MAAM,aAAa,GAAkB;YACnC,SAAS;YACT,MAAM;YACN,QAAQ;YACR,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,aAAa,CAAC;SACrD,CAAC;QAEF,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAC;QACtD,MAAM,CAAC,IAAI,CAAC,gDAAgD,iBAAiB,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;IACtG,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAChB,iBAAyB,EACzB,QAAgB,EAChB,QAAgB;QAEhB,MAAM,eAAe,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QAE/D,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,MAAM,CAAC,IAAI,CAAC,kDAAkD,iBAAiB,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;YACtG,OAAO,KAAK,CAAC;QACf,CAAC;QAED,mBAAmB;QACnB,IAAI,IAAI,IAAI,EAAE,GAAG,eAAe,CAAC,SAAS,EAAE,CAAC;YAC3C,MAAM,CAAC,IAAI,CAAC,iDAAiD,iBAAiB,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;YACrG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;YAC1C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,2BAA2B;QAC3B,IAAI,eAAe,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC1C,MAAM,CAAC,KAAK,CAAC,oDAAoD,eAAe,CAAC,QAAQ,UAAU,QAAQ,EAAE,CAAC,CAAC;YAC/G,OAAO,KAAK,CAAC;QACf,CAAC;QAED,2CAA2C;QAC3C,MAAM,iBAAiB,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC;QAEnF,yDAAyD;QACzD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACrE,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC;QAE/D,IAAI,YAAY,CAAC,MAAM,KAAK,cAAc,CAAC,MAAM,EAAE,CAAC;YAClD,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;YAC9C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,OAAgB,CAAC;QACrB,IAAI,CAAC;YACH,iEAAiE;YACjE,OAAO,GAAG,YAAY,CAAC,MAAM,KAAK,cAAc,CAAC,MAAM;gBAC7C,MAAM,CAAC,eAAe,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;QACjE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,GAAG,KAAK,CAAC;QAClB,CAAC;QAED,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CAAC,qDAAqD,iBAAiB,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;YACzG,wBAAwB;YACxB,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,iDAAiD,iBAAiB,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;QACvG,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,iBAAyB;QACpC,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAChD,CAAC;IAED;;OAEG;IACK,wBAAwB;QAC9B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,OAAO,GAAG,CAAC,CAAC;QAEhB,KAAK,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC;YAC1D,IAAI,GAAG,GAAG,SAAS,CAAC,SAAS,EAAE,CAAC;gBAC9B,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBAC7B,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QAED,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;YAChB,MAAM,CAAC,KAAK,CAAC,cAAc,OAAO,0BAA0B,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACxB,MAAM,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,OAAO,GAAG,CAAC,CAAC;QAEhB,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,CAAC;YACjD,IAAI,GAAG,GAAG,SAAS,CAAC,SAAS,EAAE,CAAC;gBAC9B,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QAED,OAAO;YACL,KAAK,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI;YAC3B,OAAO;SACR,CAAC;IACJ,CAAC;CACF;AAED,4BAA4B;AAC5B,MAAM,CAAC,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC"}

package/dist/server/oauth/providers/base.d.ts

@@ -1,147 +0,0 @@
-import { JWK } from 'jose';
-/**
- * OAuth token response structure
- */
-export interface TokenResponse {
-    access_token: string;
-    token_type: string;
-    expires_in?: number;
-    refresh_token?: string;
-    id_token?: string;
-    scope?: string;
-}
-/**
- * User information from OAuth provider
- */
-export interface UserInfo {
-    id: string;
-    email?: string;
-    email_verified?: boolean;
-    name?: string;
-    picture?: string;
-    locale?: string;
-    provider: string;
-    raw?: Record<string, any>;
-}
-/**
- * ID Token claims (OpenID Connect)
- */
-export interface IdTokenClaims {
-    iss: string;
-    sub: string;
-    aud: string | string[];
-    exp: number;
-    iat: number;
-    nonce?: string;
-    email?: string;
-    email_verified?: boolean;
-    name?: string;
-    picture?: string;
-    [key: string]: any;
-}
-/**
- * Provider configuration
- */
-export interface ProviderConfig {
-    clientId: string;
-    clientSecret: string;
-    redirectUri: string;
-    scopes?: string[];
-    additionalParams?: Record<string, string>;
-}
-/**
- * Abstract base class for OAuth providers
- * Implements common OAuth 2.0/OIDC functionality
- */
-export declare abstract class OAuthProvider {
-    abstract readonly name: string;
-    abstract readonly authorizationUrl: string;
-    abstract readonly tokenUrl: string;
-    abstract readonly userInfoUrl: string;
-    abstract readonly revokeUrl?: string;
-    abstract readonly jwksUrl?: string;
-    protected config: ProviderConfig;
-    private jwksCache;
-    private readonly JWKS_CACHE_TTL;
-    constructor(config: ProviderConfig);
-    /**
-     * Build authorization URL with required parameters
-     */
-    buildAuthorizationUrl(params: {
-        state: string;
-        codeChallenge?: string;
-        codeChallengeMethod?: string;
-        nonce?: string;
-        scope?: string;
-        additionalParams?: Record<string, string>;
-    }): string;
-    /**
-     * Exchange authorization code for tokens
-     */
-    exchangeCode(code: string, codeVerifier?: string): Promise<TokenResponse>;
-    /**
-     * Refresh access token
-     */
-    refreshToken(refreshToken: string): Promise<TokenResponse>;
-    /**
-     * Get user information from provider
-     */
-    getUserInfo(accessToken: string): Promise<UserInfo>;
-    /**
-     * Revoke token (if supported by provider)
-     */
-    revokeToken(token: string, tokenType?: 'access_token' | 'refresh_token'): Promise<void>;
-    /**
-     * Validate ID token (OpenID Connect)
-     */
-    protected validateIdToken(idToken: string): Promise<IdTokenClaims>;
-    /**
-     * Get JWKS from provider (with caching)
-     */
-    protected getJWKS(): Promise<{
-        keys: JWK[];
-    }>;
-    /**
-     * Validate redirect URI
-     */
-    protected validateRedirectUri(uri: string): boolean;
-    /**
-     * Get default scopes for this provider
-     */
-    protected abstract getDefaultScopes(): string[];
-    /**
-     * Get expected issuer for ID token validation
-     */
-    protected abstract getExpectedIssuer(): string;
-    /**
-     * Normalize user info to common format
-     */
-    protected abstract normalizeUserInfo(data: any): UserInfo;
-    /**
-     * Additional ID token claims validation
-     */
-    protected validateIdTokenClaims(claims: IdTokenClaims): void;
-    /**
-     * Handle provider-specific errors
-     */
-    protected handleProviderError(error: any): never;
-}
-/**
- * Provider factory
- */
-export declare class ProviderFactory {
-    private static providers;
-    /**
-     * Register a provider
-     */
-    static register(name: string, providerClass: typeof OAuthProvider): void;
-    /**
-     * Create provider instance
-     */
-    static create(name: string, config: ProviderConfig): OAuthProvider;
-    /**
-     * Get list of registered providers
-     */
-    static getProviders(): string[];
-}
-//# sourceMappingURL=base.d.ts.map

package/dist/server/oauth/providers/base.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"base.d.ts","sourceRoot":"","sources":["../../../../src/server/oauth/providers/base.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwB,GAAG,EAAE,MAAM,MAAM,CAAC;AAIjD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC3C;AAED;;;GAGG;AACH,8BAAsB,aAAa;IACjC,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAC3C,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IACtC,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IACrC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAEnC,SAAS,CAAC,MAAM,EAAE,cAAc,CAAC;IACjC,OAAO,CAAC,SAAS,CAAkD;IACnE,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAW;gBAE9B,MAAM,EAAE,cAAc;IAIlC;;OAEG;IACH,qBAAqB,CAAC,MAAM,EAAE;QAC5B,KAAK,EAAE,MAAM,CAAC;QACd,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC3C,GAAG,MAAM;IA0CV;;OAEG;IACG,YAAY,CAChB,IAAI,EAAE,MAAM,EACZ,YAAY,CAAC,EAAE,MAAM,GACpB,OAAO,CAAC,aAAa,CAAC;IA6CzB;;OAEG;IACG,YAAY,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAkChE;;OAEG;IACG,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IA0BzD;;OAEG;IACG,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,GAAE,cAAc,GAAG,eAAgC,GAAG,OAAO,CAAC,IAAI,CAAC;IAgC7G;;OAEG;cACa,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAwCxE;;OAEG;cACa,OAAO,IAAI,OAAO,CAAC;QAAE,IAAI,EAAE,GAAG,EAAE,CAAA;KAAE,CAAC;IAiCnD;;OAEG;IACH,SAAS,CAAC,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAInD;;OAEG;IACH,SAAS,CAAC,QAAQ,CAAC,gBAAgB,IAAI,MAAM,EAAE;IAE/C;;OAEG;IACH,SAAS,CAAC,QAAQ,CAAC,iBAAiB,IAAI,MAAM;IAE9C;;OAEG;IACH,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC,IAAI,EAAE,GAAG,GAAG,QAAQ;IAEzD;;OAEG;IACH,SAAS,CAAC,qBAAqB,CAAC,MAAM,EAAE,aAAa,GAAG,IAAI;IAe5D;;OAEG;IACH,SAAS,CAAC,mBAAmB,CAAC,KAAK,EAAE,GAAG,GAAG,KAAK;CAIjD;AAED;;GAEG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,MAAM,CAAC,SAAS,CAA2C;IAEnE;;OAEG;IACH,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,aAAa,EAAE,OAAO,aAAa,GAAG,IAAI;IAKxE;;OAEG;IACH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,cAAc,GAAG,aAAa;IAWlE;;OAEG;IACH,MAAM,CAAC,YAAY,IAAI,MAAM,EAAE;CAGhC"}