npm - crewly - Versions diffs - 1.11.5 → 1.11.6 - Mend

crewly 1.11.5 → 1.11.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (75) hide show

package/dist/cli/backend/src/controllers/cloud/cloud-google-auth.controller.js ADDED Viewed

@@ -0,0 +1,427 @@
+/**
+ * Cloud Google OAuth Controller
+ *
+ * Handles Google OAuth login flow for the CrewlyAI Cloud Console.
+ * Provides both browser-redirect (GET) and API (POST) flows.
+ *
+ * Routes:
+ * - GET  /api/cloud/google/start    -> Redirects to Google consent screen
+ * - GET  /api/cloud/google/callback  -> Handles Google redirect, issues JWT, redirects to frontend
+ * - POST /api/cloud/google/url       -> Returns Google OAuth URL as JSON (for SPA clients)
+ * - POST /api/cloud/google/callback  -> Exchanges code for JWT, returns JSON (for SPA clients)
+ *
+ * @module controllers/cloud/cloud-google-auth.controller
+ */
+import crypto from 'crypto';
+import { GOOGLE_OAUTH_CONSTANTS, AUTH_CONSTANTS, CLOUD_AUTH_CONSTANTS } from '../../constants.js';
+import { UserIdentityService } from '../../services/user/user-identity.service.js';
+import { DeviceIdentityService } from '../../services/cloud/device-identity.service.js';
+import { CloudClientService } from '../../services/cloud/cloud-client.service.js';
+import { LoggerService } from '../../services/core/logger.service.js';
+const logger = LoggerService.getInstance().createComponentLogger('CloudGoogleAuth');
+/** Env var for the Cloud Console frontend URL (where to redirect after login). */
+const CLOUD_CONSOLE_FRONTEND_URL = () => process.env['CLOUD_CONSOLE_URL'] || process.env['CLOUD_PORTAL_URL'] || 'https://crewlyai.com';
+/** Env var for the Google OAuth redirect URI (must match GCP console). */
+const CLOUD_GOOGLE_REDIRECT_URI = (req) => process.env['CLOUD_GOOGLE_REDIRECT_URI'] ||
+    `${req.protocol}://${req.get('host')}/api/cloud/google/callback`;
+/** Scopes for Cloud Console login -- only need email and profile. */
+const LOGIN_SCOPES = ['openid', 'email', 'profile'];
+/** Default user plan assigned to new users. */
+const DEFAULT_USER_PLAN = AUTH_CONSTANTS.PLANS.FREE;
+/**
+ * Build a Google OAuth consent URL with the given post-login redirect.
+ *
+ * Consolidates URL construction used by both cloudGoogleStart and cloudGoogleUrl.
+ *
+ * @param req - Express request (used to derive redirect_uri)
+ * @param postLoginRedirect - Where to send user after login completes
+ * @returns Full Google OAuth consent URL string
+ * @throws Error if GOOGLE_CLIENT_ID is not configured
+ */
+function buildGoogleOAuthUrl(req, postLoginRedirect) {
+    const clientId = CLOUD_AUTH_CONSTANTS.GOOGLE.CLIENT_ID;
+    if (!clientId)
+        throw new Error('GOOGLE_CLIENT_ID is not configured');
+    const redirectUri = CLOUD_GOOGLE_REDIRECT_URI(req);
+    const statePayload = {
+        redirectTo: postLoginRedirect,
+        t: Date.now(),
+        nonce: crypto.randomUUID(),
+    };
+    const state = Buffer.from(JSON.stringify(statePayload)).toString('base64url');
+    const url = new URL(GOOGLE_OAUTH_CONSTANTS.AUTH_BASE_URL);
+    url.searchParams.set('client_id', clientId);
+    url.searchParams.set('redirect_uri', redirectUri);
+    url.searchParams.set('response_type', 'code');
+    url.searchParams.set('access_type', 'offline');
+    url.searchParams.set('prompt', 'consent');
+    url.searchParams.set('scope', LOGIN_SCOPES.join(' '));
+    url.searchParams.set('state', state);
+    return url.toString();
+}
+/**
+ * Exchange a Google authorization code for tokens, fetch user profile,
+ * and upsert the user in the local identity store.
+ *
+ * Shared by both GET and POST callback handlers.
+ *
+ * @param code - Google authorization code
+ * @param req - Express request (used to derive redirect_uri)
+ * @returns GoogleLoginResult with user, profile, and token data
+ * @throws Error on credential misconfiguration, token exchange failure, or missing profile data
+ */
+async function exchangeCodeAndCreateUser(code, req) {
+    const clientId = CLOUD_AUTH_CONSTANTS.GOOGLE.CLIENT_ID;
+    const clientSecret = process.env['GOOGLE_CLIENT_SECRET'] || '';
+    if (!clientId || !clientSecret) {
+        throw new Error('Google OAuth credentials not configured');
+    }
+    const redirectUri = CLOUD_GOOGLE_REDIRECT_URI(req);
+    // Exchange code for tokens
+    const tokenResp = await fetch(GOOGLE_OAUTH_CONSTANTS.TOKEN_ENDPOINT, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: new URLSearchParams({
+            code,
+            client_id: clientId,
+            client_secret: clientSecret,
+            redirect_uri: redirectUri,
+            grant_type: 'authorization_code',
+        }),
+    });
+    if (!tokenResp.ok) {
+        const details = await tokenResp.text();
+        logger.error('Failed to exchange Google OAuth code', { status: tokenResp.status, details });
+        throw new Error(`token_exchange_failed: ${tokenResp.status}`);
+    }
+    const tokenData = (await tokenResp.json());
+    // Fetch Google profile
+    const profileResp = await fetch(GOOGLE_OAUTH_CONSTANTS.USERINFO_ENDPOINT, {
+        headers: { Authorization: `Bearer ${tokenData.access_token}` },
+    });
+    if (!profileResp.ok) {
+        logger.error('Failed to fetch Google profile', { status: profileResp.status });
+        throw new Error(`profile_fetch_failed: ${profileResp.status}`);
+    }
+    const profile = (await profileResp.json());
+    if (!profile.email) {
+        throw new Error('no_email');
+    }
+    // Create or find user and store tokens
+    const users = UserIdentityService.getInstance();
+    const user = await users.createOrUpdateUser({ email: profile.email });
+    if (tokenData.refresh_token || tokenData.access_token) {
+        await users.connectService(user.id, 'google', {
+            refreshToken: tokenData.refresh_token || tokenData.access_token,
+            accessToken: tokenData.access_token,
+            scopes: LOGIN_SCOPES,
+        });
+    }
+    return {
+        user,
+        profile: { email: profile.email, name: profile.name, picture: profile.picture },
+        tokenData: { access_token: tokenData.access_token, refresh_token: tokenData.refresh_token },
+    };
+}
+/**
+ * Sign a JWT using HMAC-SHA256.
+ *
+ * @param payload - JWT payload object
+ * @returns Signed JWT string (header.payload.signature)
+ */
+export function signJwt(payload) {
+    const header = { alg: 'HS256', typ: 'JWT' };
+    const headerB64 = Buffer.from(JSON.stringify(header)).toString('base64url');
+    const payloadB64 = Buffer.from(JSON.stringify(payload)).toString('base64url');
+    const signature = crypto
+        .createHmac('sha256', AUTH_CONSTANTS.JWT.DEFAULT_SECRET)
+        .update(`${headerB64}.${payloadB64}`)
+        .digest('base64url');
+    return `${headerB64}.${payloadB64}.${signature}`;
+}
+/**
+ * Verify a JWT signed with HMAC-SHA256.
+ *
+ * @param token - JWT string (header.payload.signature)
+ * @returns Decoded payload if valid, null if invalid or expired
+ */
+export function verifyJwt(token) {
+    try {
+        const parts = token.split('.');
+        if (parts.length !== 3)
+            return null;
+        const [headerB64, payloadB64, signature] = parts;
+        const expectedSig = crypto
+            .createHmac('sha256', AUTH_CONSTANTS.JWT.DEFAULT_SECRET)
+            .update(`${headerB64}.${payloadB64}`)
+            .digest('base64url');
+        if (signature !== expectedSig)
+            return null;
+        const payload = JSON.parse(Buffer.from(payloadB64, 'base64url').toString('utf8'));
+        // Check expiry
+        if (payload.exp && payload.exp < Math.floor(Date.now() / 1000)) {
+            return null;
+        }
+        return payload;
+    }
+    catch {
+        return null;
+    }
+}
+// ---------------------------------------------------------------------------
+// Route handlers
+// ---------------------------------------------------------------------------
+/**
+ * GET /api/cloud/google/start
+ *
+ * Redirects the browser to the Google OAuth consent screen.
+ *
+ * @param req - Express request with optional query: { redirect }
+ * @param res - Express response (302 redirect)
+ * @param next - Next function for error propagation
+ */
+export async function cloudGoogleStart(req, res, next) {
+    try {
+        const postLoginRedirect = req.query['redirect'] ? String(req.query['redirect']) : '';
+        const url = buildGoogleOAuthUrl(req, postLoginRedirect);
+        logger.info('Redirecting to Google OAuth consent screen');
+        res.redirect(url);
+    }
+    catch (error) {
+        if (error instanceof Error && error.message.includes('GOOGLE_CLIENT_ID')) {
+            res.status(500).json({ success: false, error: error.message });
+            return;
+        }
+        logger.error('Failed to initiate Google OAuth', {
+            error: error instanceof Error ? error.message : String(error),
+        });
+        next(error);
+    }
+}
+/**
+ * GET /api/cloud/google/callback
+ *
+ * Handles the Google OAuth redirect, exchanges code, issues JWT, and redirects.
+ *
+ * @param req - Express request with query: { code, state? }
+ * @param res - Express response (302 redirect to frontend)
+ * @param next - Next function for error propagation
+ */
+export async function cloudGoogleCallback(req, res, next) {
+    try {
+        const code = req.query['code'] ? String(req.query['code']) : '';
+        const state = req.query['state'] ? String(req.query['state']) : '';
+        const errorParam = req.query['error'] ? String(req.query['error']) : '';
+        const consoleUrl = CLOUD_CONSOLE_FRONTEND_URL();
+        if (errorParam) {
+            logger.warn('Google OAuth returned error', { error: errorParam });
+            res.redirect(`${consoleUrl}/login?error=${encodeURIComponent(errorParam)}`);
+            return;
+        }
+        if (!code) {
+            logger.warn('Google OAuth callback missing code');
+            res.redirect(`${consoleUrl}/login?error=missing_code`);
+            return;
+        }
+        let result;
+        try {
+            result = await exchangeCodeAndCreateUser(code, req);
+        }
+        catch (err) {
+            const errMsg = err instanceof Error ? err.message : String(err);
+            logger.error('Google OAuth exchange failed', { error: errMsg });
+            const errorCode = errMsg.split(':')[0] || 'exchange_failed';
+            res.redirect(`${consoleUrl}/login?error=${encodeURIComponent(errorCode)}`);
+            return;
+        }
+        // Resolve device ID for JWT (enables Cloud-side auto-registration on poll/send)
+        let deviceId;
+        try {
+            const identity = await DeviceIdentityService.getInstance().getOrCreateIdentity();
+            deviceId = identity.deviceId;
+        }
+        catch {
+            logger.debug('Could not resolve deviceId for JWT (non-fatal)');
+        }
+        // Issue JWT access token
+        const now = Math.floor(Date.now() / 1000);
+        const accessToken = signJwt({
+            sub: result.user.id,
+            email: result.profile.email,
+            name: result.profile.name || '',
+            plan: DEFAULT_USER_PLAN,
+            ...(deviceId && { deviceId }),
+            iat: now,
+            exp: now + AUTH_CONSTANTS.JWT.ACCESS_TOKEN_EXPIRY_S,
+            iss: AUTH_CONSTANTS.JWT.ISSUER,
+            type: 'access',
+        });
+        // Issue refresh token (long-lived, enables auto-renewal after access token expires)
+        const refreshToken = signJwt({
+            sub: result.user.id,
+            email: result.profile.email,
+            name: result.profile.name || '',
+            plan: DEFAULT_USER_PLAN,
+            ...(deviceId && { deviceId }),
+            iat: now,
+            exp: now + AUTH_CONSTANTS.JWT.REFRESH_TOKEN_EXPIRY_S,
+            iss: AUTH_CONSTANTS.JWT.ISSUER,
+            type: 'refresh',
+        });
+        // Parse state for post-login redirect
+        let postLoginRedirect = '';
+        if (state) {
+            try {
+                const parsed = JSON.parse(Buffer.from(state, 'base64url').toString('utf8'));
+                postLoginRedirect = parsed.redirectTo || parsed.redirect || '';
+            }
+            catch {
+                logger.warn('Failed to parse OAuth state parameter');
+            }
+        }
+        const finalRedirect = postLoginRedirect || consoleUrl;
+        const separator = finalRedirect.includes('?') ? '&' : '?';
+        // Persist tokens to CloudClientService immediately so the refresh token
+        // is written to ~/.crewly/cloud/config.json before the frontend calls /connect.
+        try {
+            const cloudUrl = `${req.protocol}://${req.get('host')}`;
+            const client = CloudClientService.getInstance();
+            client.connectLocal(cloudUrl, accessToken, DEFAULT_USER_PLAN, refreshToken);
+        }
+        catch (connectErr) {
+            logger.warn('Failed to connect CloudClientService during OAuth callback (non-fatal)', {
+                error: connectErr instanceof Error ? connectErr.message : String(connectErr),
+            });
+        }
+        logger.info('Cloud Google OAuth login successful', { email: result.profile.email, userId: result.user.id });
+        res.redirect(`${finalRedirect}${separator}token=${accessToken}&refreshToken=${refreshToken}`);
+    }
+    catch (error) {
+        logger.error('Cloud Google OAuth callback error', {
+            error: error instanceof Error ? error.message : String(error),
+        });
+        next(error);
+    }
+}
+/**
+ * POST /api/cloud/google/url
+ *
+ * Returns the Google OAuth consent URL as JSON (for SPA clients).
+ *
+ * @param req - Request with optional body: { redirectTo, redirectUrl }
+ * @param res - Response returning { success, data: { url } }
+ * @param next - Next function for error propagation
+ */
+export async function cloudGoogleUrl(req, res, next) {
+    try {
+        const postLoginRedirect = req.body?.redirectTo || req.body?.redirectUrl || '';
+        const url = buildGoogleOAuthUrl(req, postLoginRedirect);
+        logger.info('Returning Google OAuth URL for SPA client');
+        res.json({ success: true, data: { url } });
+    }
+    catch (error) {
+        if (error instanceof Error && error.message.includes('GOOGLE_CLIENT_ID')) {
+            res.status(500).json({ success: false, error: error.message });
+            return;
+        }
+        logger.error('Failed to generate Google OAuth URL', {
+            error: error instanceof Error ? error.message : String(error),
+        });
+        next(error);
+    }
+}
+/**
+ * POST /api/cloud/google/callback
+ *
+ * SPA-friendly code exchange: accepts { code } in body, returns JWT + user as JSON.
+ *
+ * @param req - Request with body: { code }
+ * @param res - Response returning { success, data: { accessToken, refreshToken, expiresIn, user } }
+ * @param next - Next function for error propagation
+ */
+export async function cloudGoogleCallbackPost(req, res, next) {
+    try {
+        const { code } = req.body;
+        if (!code) {
+            res.status(400).json({ success: false, error: 'Missing authorization code' });
+            return;
+        }
+        const result = await exchangeCodeAndCreateUser(code, req);
+        // Resolve device ID for JWT (enables Cloud-side auto-registration on poll/send)
+        let deviceIdForJwt;
+        try {
+            const identity = await DeviceIdentityService.getInstance().getOrCreateIdentity();
+            deviceIdForJwt = identity.deviceId;
+        }
+        catch {
+            logger.debug('Could not resolve deviceId for JWT (non-fatal)');
+        }
+        // Issue access token
+        const now = Math.floor(Date.now() / 1000);
+        const accessToken = signJwt({
+            sub: result.user.id,
+            email: result.profile.email,
+            name: result.profile.name || '',
+            plan: DEFAULT_USER_PLAN,
+            ...(deviceIdForJwt && { deviceId: deviceIdForJwt }),
+            iat: now,
+            exp: now + AUTH_CONSTANTS.JWT.ACCESS_TOKEN_EXPIRY_S,
+            iss: AUTH_CONSTANTS.JWT.ISSUER,
+            type: 'access',
+        });
+        // Issue refresh token (longer lived, carries user claims for token refresh)
+        const refreshToken = signJwt({
+            sub: result.user.id,
+            email: result.profile.email,
+            name: result.profile.name || '',
+            plan: DEFAULT_USER_PLAN,
+            ...(deviceIdForJwt && { deviceId: deviceIdForJwt }),
+            iat: now,
+            exp: now + AUTH_CONSTANTS.JWT.REFRESH_TOKEN_EXPIRY_S,
+            iss: AUTH_CONSTANTS.JWT.ISSUER,
+            type: 'refresh',
+        });
+        // Persist tokens to CloudClientService immediately so the refresh token
+        // is written to ~/.crewly/cloud/config.json before the frontend calls /connect.
+        try {
+            const cloudUrl = `${req.protocol}://${req.get('host')}`;
+            const client = CloudClientService.getInstance();
+            client.connectLocal(cloudUrl, accessToken, DEFAULT_USER_PLAN, refreshToken);
+        }
+        catch (connectErr) {
+            logger.warn('Failed to connect CloudClientService during OAuth POST callback (non-fatal)', {
+                error: connectErr instanceof Error ? connectErr.message : String(connectErr),
+            });
+        }
+        logger.info('Cloud Google OAuth login successful (POST)', { email: result.profile.email, userId: result.user.id });
+        res.json({
+            success: true,
+            data: {
+                accessToken,
+                refreshToken,
+                expiresIn: AUTH_CONSTANTS.JWT.ACCESS_TOKEN_EXPIRY_S,
+                user: {
+                    id: result.user.id,
+                    email: result.profile.email,
+                    displayName: result.profile.name || '',
+                    plan: DEFAULT_USER_PLAN,
+                    createdAt: result.user.createdAt || '',
+                },
+            },
+        });
+    }
+    catch (error) {
+        const errMsg = error instanceof Error ? error.message : String(error);
+        if (errMsg.includes('credentials not configured')) {
+            res.status(500).json({ success: false, error: 'Google OAuth credentials not configured' });
+            return;
+        }
+        if (errMsg.startsWith('token_exchange_failed') || errMsg.startsWith('profile_fetch_failed') || errMsg === 'no_email') {
+            res.status(400).json({ success: false, error: errMsg.includes(':') ? errMsg.split(':')[0] : errMsg });
+            return;
+        }
+        logger.error('Cloud Google OAuth callback (POST) error', { error: errMsg });
+        next(error);
+    }
+}
+//# sourceMappingURL=cloud-google-auth.controller.js.map

package/dist/cli/backend/src/controllers/cloud/cloud-google-auth.controller.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"cloud-google-auth.controller.js","sourceRoot":"","sources":["../../../../../../backend/src/controllers/cloud/cloud-google-auth.controller.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAGH,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,sBAAsB,EAAE,cAAc,EAAE,oBAAoB,EAAkB,MAAM,oBAAoB,CAAC;AAClH,OAAO,EAAE,mBAAmB,EAAE,MAAM,8CAA8C,CAAC;AACnF,OAAO,EAAE,qBAAqB,EAAE,MAAM,iDAAiD,CAAC;AACxF,OAAO,EAAE,kBAAkB,EAAE,MAAM,8CAA8C,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,MAAM,uCAAuC,CAAC;AAEtE,MAAM,MAAM,GAAG,aAAa,CAAC,WAAW,EAAE,CAAC,qBAAqB,CAAC,iBAAiB,CAAC,CAAC;AAEpF,kFAAkF;AAClF,MAAM,0BAA0B,GAAG,GAAW,EAAE,CAC9C,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,sBAAsB,CAAC;AAEhG,0EAA0E;AAC1E,MAAM,yBAAyB,GAAG,CAAC,GAAY,EAAU,EAAE,CACzD,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC;IACxC,GAAG,GAAG,CAAC,QAAQ,MAAM,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,4BAA4B,CAAC;AAEnE,qEAAqE;AACrE,MAAM,YAAY,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;AAEpD,+CAA+C;AAC/C,MAAM,iBAAiB,GAAG,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC;AAapD;;;;;;;;;GASG;AACH,SAAS,mBAAmB,CAAC,GAAY,EAAE,iBAAyB;IAClE,MAAM,QAAQ,GAAG,oBAAoB,CAAC,MAAM,CAAC,SAAS,CAAC;IACvD,IAAI,CAAC,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IAErE,MAAM,WAAW,GAAG,yBAAyB,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,YAAY,GAAG;QACnB,UAAU,EAAE,iBAAiB;QAC7B,CAAC,EAAE,IAAI,CAAC,GAAG,EAAE;QACb,KAAK,EAAE,MAAM,CAAC,UAAU,EAAE;KAC3B,CAAC;IACF,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAE9E,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,sBAAsB,CAAC,aAAa,CAAC,CAAC;IAC1D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAC5C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IAClD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAC9C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;IAC/C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAC1C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACtD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACrC,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC;AAED;;;;;;;;;;GAUG;AACH,KAAK,UAAU,yBAAyB,CAAC,IAAY,EAAE,GAAY;IACjE,MAAM,QAAQ,GAAG,oBAAoB,CAAC,MAAM,CAAC,SAAS,CAAC;IACvD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,EAAE,CAAC;IAE/D,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,WAAW,GAAG,yBAAyB,CAAC,GAAG,CAAC,CAAC;IAEnD,2BAA2B;IAC3B,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,sBAAsB,CAAC,cAAc,EAAE;QACnE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,IAAI;YACJ,SAAS,EAAE,QAAQ;YACnB,aAAa,EAAE,YAAY;YAC3B,YAAY,EAAE,WAAW;YACzB,UAAU,EAAE,oBAAoB;SACjC,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC;QAClB,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,IAAI,EAAE,CAAC;QACvC,MAAM,CAAC,KAAK,CAAC,sCAAsC,EAAE,EAAE,MAAM,EAAE,SAAS,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;QAC5F,MAAM,IAAI,KAAK,CAAC,0BAA0B,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,SAAS,GAAG,CAAC,MAAM,SAAS,CAAC,IAAI,EAAE,CAIxC,CAAC;IAEF,uBAAuB;IACvB,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,sBAAsB,CAAC,iBAAiB,EAAE;QACxE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,SAAS,CAAC,YAAY,EAAE,EAAE;KAC/D,CAAC,CAAC;IAEH,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,CAAC;QACpB,MAAM,CAAC,KAAK,CAAC,gCAAgC,EAAE,EAAE,MAAM,EAAE,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC;QAC/E,MAAM,IAAI,KAAK,CAAC,yBAAyB,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC;IACjE,CAAC;IAED,MAAM,OAAO,GAAG,CAAC,MAAM,WAAW,CAAC,IAAI,EAAE,CAIxC,CAAC;IAEF,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,UAAU,CAAC,CAAC;IAC9B,CAAC;IAED,uCAAuC;IACvC,MAAM,KAAK,GAAG,mBAAmB,CAAC,WAAW,EAAE,CAAC;IAChD,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,kBAAkB,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;IAEtE,IAAI,SAAS,CAAC,aAAa,IAAI,SAAS,CAAC,YAAY,EAAE,CAAC;QACtD,MAAM,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE;YAC5C,YAAY,EAAE,SAAS,CAAC,aAAa,IAAI,SAAS,CAAC,YAAY;YAC/D,WAAW,EAAE,SAAS,CAAC,YAAY;YACnC,MAAM,EAAE,YAAY;SACrB,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,IAAI;QACJ,OAAO,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE;QAC/E,SAAS,EAAE,EAAE,YAAY,EAAE,SAAS,CAAC,YAAY,EAAE,aAAa,EAAE,SAAS,CAAC,aAAa,EAAE;KAC5F,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,OAAO,CAAC,OAAgC;IACtD,MAAM,MAAM,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;IAC5C,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC5E,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC9E,MAAM,SAAS,GAAG,MAAM;SACrB,UAAU,CAAC,QAAQ,EAAE,cAAc,CAAC,GAAG,CAAC,cAAc,CAAC;SACvD,MAAM,CAAC,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;SACpC,MAAM,CAAC,WAAW,CAAC,CAAC;IACvB,OAAO,GAAG,SAAS,IAAI,UAAU,IAAI,SAAS,EAAE,CAAC;AACnD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,SAAS,CAAC,KAAa;IACrC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAEpC,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC;QACjD,MAAM,WAAW,GAAG,MAAM;aACvB,UAAU,CAAC,QAAQ,EAAE,cAAc,CAAC,GAAG,CAAC,cAAc,CAAC;aACvD,MAAM,CAAC,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;aACpC,MAAM,CAAC,WAAW,CAAC,CAAC;QAEvB,IAAI,SAAS,KAAK,WAAW;YAAE,OAAO,IAAI,CAAC;QAE3C,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,UAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QAEnF,eAAe;QACf,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;YAC/D,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB;IACpF,IAAI,CAAC;QACH,MAAM,iBAAiB,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACrF,MAAM,GAAG,GAAG,mBAAmB,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC;QAExD,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QAC1D,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IACpB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACzE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC/D,OAAO;QACT,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,iCAAiC,EAAE;YAC9C,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAC9D,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB;IACvF,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAChE,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACnE,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAExE,MAAM,UAAU,GAAG,0BAA0B,EAAE,CAAC;QAEhD,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC;YAClE,GAAG,CAAC,QAAQ,CAAC,GAAG,UAAU,gBAAgB,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;YAC5E,OAAO;QACT,CAAC;QAED,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;YAClD,GAAG,CAAC,QAAQ,CAAC,GAAG,UAAU,2BAA2B,CAAC,CAAC;YACvD,OAAO;QACT,CAAC;QAED,IAAI,MAAyB,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,yBAAyB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,MAAM,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAChE,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;YAChE,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,iBAAiB,CAAC;YAC5D,GAAG,CAAC,QAAQ,CAAC,GAAG,UAAU,gBAAgB,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;YAC3E,OAAO;QACT,CAAC;QAED,gFAAgF;QAChF,IAAI,QAA4B,CAAC;QACjC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,qBAAqB,CAAC,WAAW,EAAE,CAAC,mBAAmB,EAAE,CAAC;YACjF,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACjE,CAAC;QAED,yBAAyB;QACzB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,WAAW,GAAG,OAAO,CAAC;YAC1B,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;YACnB,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK;YAC3B,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE;YAC/B,IAAI,EAAE,iBAAiB;YACvB,GAAG,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,CAAC;YAC7B,GAAG,EAAE,GAAG;YACR,GAAG,EAAE,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,qBAAqB;YACnD,GAAG,EAAE,cAAc,CAAC,GAAG,CAAC,MAAM;YAC9B,IAAI,EAAE,QAAQ;SACf,CAAC,CAAC;QAEH,oFAAoF;QACpF,MAAM,YAAY,GAAG,OAAO,CAAC;YAC3B,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;YACnB,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK;YAC3B,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE;YAC/B,IAAI,EAAE,iBAAiB;YACvB,GAAG,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,CAAC;YAC7B,GAAG,EAAE,GAAG;YACR,GAAG,EAAE,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,sBAAsB;YACpD,GAAG,EAAE,cAAc,CAAC,GAAG,CAAC,MAAM;YAC9B,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;QAEH,sCAAsC;QACtC,IAAI,iBAAiB,GAAG,EAAE,CAAC;QAC3B,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAA+C,CAAC;gBAC1H,iBAAiB,GAAG,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;YACjE,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;QAED,MAAM,aAAa,GAAG,iBAAiB,IAAI,UAAU,CAAC;QACtD,MAAM,SAAS,GAAG,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QAE1D,wEAAwE;QACxE,gFAAgF;QAChF,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,GAAG,GAAG,CAAC,QAAQ,MAAM,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACxD,MAAM,MAAM,GAAG,kBAAkB,CAAC,WAAW,EAAE,CAAC;YAChD,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,WAAW,EAAE,iBAA8B,EAAE,YAAY,CAAC,CAAC;QAC3F,CAAC;QAAC,OAAO,UAAU,EAAE,CAAC;YACpB,MAAM,CAAC,IAAI,CAAC,wEAAwE,EAAE;gBACpF,KAAK,EAAE,UAAU,YAAY,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC;aAC7E,CAAC,CAAC;QACL,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QAC5G,GAAG,CAAC,QAAQ,CAAC,GAAG,aAAa,GAAG,SAAS,SAAS,WAAW,iBAAiB,YAAY,EAAE,CAAC,CAAC;IAChG,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,mCAAmC,EAAE;YAChD,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAC9D,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB;IAClF,IAAI,CAAC;QACH,MAAM,iBAAiB,GAAG,GAAG,CAAC,IAAI,EAAE,UAAU,IAAI,GAAG,CAAC,IAAI,EAAE,WAAW,IAAI,EAAE,CAAC;QAC9E,MAAM,GAAG,GAAG,mBAAmB,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC;QAExD,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;QACzD,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IAC7C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACzE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC/D,OAAO;QACT,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,qCAAqC,EAAE;YAClD,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAC9D,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB;IAC3F,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;QAC1B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC,CAAC;YAC9E,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAE1D,gFAAgF;QAChF,IAAI,cAAkC,CAAC;QACvC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,qBAAqB,CAAC,WAAW,EAAE,CAAC,mBAAmB,EAAE,CAAC;YACjF,cAAc,GAAG,QAAQ,CAAC,QAAQ,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACjE,CAAC;QAED,qBAAqB;QACrB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,WAAW,GAAG,OAAO,CAAC;YAC1B,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;YACnB,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK;YAC3B,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE;YAC/B,IAAI,EAAE,iBAAiB;YACvB,GAAG,CAAC,cAAc,IAAI,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAC;YACnD,GAAG,EAAE,GAAG;YACR,GAAG,EAAE,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,qBAAqB;YACnD,GAAG,EAAE,cAAc,CAAC,GAAG,CAAC,MAAM;YAC9B,IAAI,EAAE,QAAQ;SACf,CAAC,CAAC;QAEH,4EAA4E;QAC5E,MAAM,YAAY,GAAG,OAAO,CAAC;YAC3B,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;YACnB,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK;YAC3B,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE;YAC/B,IAAI,EAAE,iBAAiB;YACvB,GAAG,CAAC,cAAc,IAAI,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAC;YACnD,GAAG,EAAE,GAAG;YACR,GAAG,EAAE,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,sBAAsB;YACpD,GAAG,EAAE,cAAc,CAAC,GAAG,CAAC,MAAM;YAC9B,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;QAEH,wEAAwE;QACxE,gFAAgF;QAChF,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,GAAG,GAAG,CAAC,QAAQ,MAAM,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACxD,MAAM,MAAM,GAAG,kBAAkB,CAAC,WAAW,EAAE,CAAC;YAChD,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,WAAW,EAAE,iBAA8B,EAAE,YAAY,CAAC,CAAC;QAC3F,CAAC;QAAC,OAAO,UAAU,EAAE,CAAC;YACpB,MAAM,CAAC,IAAI,CAAC,6EAA6E,EAAE;gBACzF,KAAK,EAAE,UAAU,YAAY,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC;aAC7E,CAAC,CAAC;QACL,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,4CAA4C,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QACnH,GAAG,CAAC,IAAI,CAAC;YACP,OAAO,EAAE,IAAI;YACb,IAAI,EAAE;gBACJ,WAAW;gBACX,YAAY;gBACZ,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,qBAAqB;gBACnD,IAAI,EAAE;oBACJ,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;oBAClB,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK;oBAC3B,WAAW,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE;oBACtC,IAAI,EAAE,iBAAiB;oBACvB,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE;iBACvC;aACF;SACF,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,MAAM,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACtE,IAAI,MAAM,CAAC,QAAQ,CAAC,4BAA4B,CAAC,EAAE,CAAC;YAClD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAC,CAAC;YAC3F,OAAO;QACT,CAAC;QACD,IAAI,MAAM,CAAC,UAAU,CAAC,uBAAuB,CAAC,IAAI,MAAM,CAAC,UAAU,CAAC,sBAAsB,CAAC,IAAI,MAAM,KAAK,UAAU,EAAE,CAAC;YACrH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;YACvG,OAAO;QACT,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,0CAA0C,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QAC5E,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/cli/backend/src/services/backup/backup-archive.service.d.ts ADDED Viewed

@@ -0,0 +1,90 @@
+/**
+ * Backup Archive Service (P0)
+ *
+ * Builds a portable workspace backup: a single `.tar.gz` containing a
+ * top-level `manifest.json`, the captured `CREWLY_HOME` globals (under
+ * `home/`), each project's `.crewly/` tree (under `projects/<id>/`), and
+ * optionally `chat.db`.
+ *
+ * Runs locally with no Cloud dependency — `crewly backup create`. The Cloud
+ * upload/park step (Pro-gated) is a later phase and consumes the archive this
+ * service produces. See specs/2026-06-07-workspace-backup.md.
+ *
+ * @module services/backup/backup-archive.service
+ */
+import { type ComponentLogger } from '../core/logger.service.js';
+import { type CreateBackupOptions, type CreateBackupResult } from './backup.types.js';
+/**
+ * Service that builds workspace backup archives.
+ */
+export declare class BackupArchiveService {
+    private readonly logger;
+    constructor(logger?: ComponentLogger);
+    /**
+     * Build a workspace backup archive.
+     *
+     * Captures CREWLY_HOME globals (exclude-based, so new data domains are
+     * picked up automatically), each project's `.crewly/` tree (walked from
+     * projects.json) with git provenance, and chat.db (unless excluded). Stages
+     * everything into a temp dir, writes the manifest, and tars it to `outPath`.
+     *
+     * @param options - Build options (createdAt is required — no clock in lib code)
+     * @returns The archive path, manifest, and total captured bytes
+     * @throws If CREWLY_HOME does not exist or the tar write fails
+     */
+    createArchive(options: CreateBackupOptions): Promise<CreateBackupResult>;
+    /**
+     * Recursively collect capturable global files under CREWLY_HOME (relative
+     * paths). Exclude-based so new data domains are captured automatically.
+     *
+     * @param home - CREWLY_HOME absolute path
+     * @returns Relative file paths (POSIX-style) to capture
+     */
+    private collectGlobalFiles;
+    /**
+     * Walk projects.json and capture each project's `.crewly/` tree + git
+     * provenance into staging/projects/<id>/.
+     *
+     * @param home - CREWLY_HOME absolute path
+     * @param staging - staging dir root
+     * @returns Project entries for the manifest
+     */
+    private collectProjects;
+    /**
+     * Read `origin` remote + HEAD commit for a project dir (best-effort).
+     *
+     * @param projectPath - Absolute project path
+     * @returns Git provenance (nulls when not a repo / unavailable)
+     */
+    private readGitProvenance;
+    /**
+     * Capture chat.db via the SQLite online backup API (consistent snapshot of a
+     * possibly-live DB). Degrades gracefully when chat.db is absent or the native
+     * module can't load — the backup just omits it with a recorded reason.
+     *
+     * @param home - CREWLY_HOME absolute path
+     * @param staging - staging dir root
+     * @returns chat.db manifest record
+     */
+    private captureChatDb;
+    /**
+     * Copy a source file into the staging archive layout, returning its manifest
+     * entry (archive-relative path + sha256 + size).
+     *
+     * @param srcRoot - Root the relative path is resolved against
+     * @param rel - Source path relative to srcRoot (POSIX-style)
+     * @param staging - staging dir root
+     * @param archivePath - Destination path inside the archive
+     * @returns Manifest file entry
+     */
+    private stageFile;
+    /**
+     * Read the running Crewly version (best-effort). Uses npm_package_version —
+     * the same source as tracing.service.ts — which works under both the ESM
+     * runtime and the CJS test runner (no import.meta / __dirname).
+     *
+     * @returns Version string or 'unknown'
+     */
+    private readCrewlyVersion;
+}
+//# sourceMappingURL=backup-archive.service.d.ts.map

package/dist/cli/backend/src/services/backup/backup-archive.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"backup-archive.service.d.ts","sourceRoot":"","sources":["../../../../../../backend/src/services/backup/backup-archive.service.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAYH,OAAO,EAAiB,KAAK,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAChF,OAAO,EAKL,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACxB,MAAM,mBAAmB,CAAC;AAkC3B;;GAEG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAkB;gBAE7B,MAAM,CAAC,EAAE,eAAe;IAIpC;;;;;;;;;;;OAWG;IACG,aAAa,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAmE9E;;;;;;OAMG;YACW,kBAAkB;IAmBhC;;;;;;;OAOG;YACW,eAAe;IAqC7B;;;;;OAKG;YACW,iBAAiB;IAgB/B;;;;;;;;OAQG;YACW,aAAa;IA6B3B;;;;;;;;;OASG;YACW,SAAS;IASvB;;;;;;OAMG;IACH,OAAO,CAAC,iBAAiB;CAG1B"}