iobroker.govee-smart 2.1.2 → 2.1.3

package/README.md

@@ -1,7 +1,7 @@
 # ioBroker.govee-smart
 
 [![npm version](https://img.shields.io/npm/v/iobroker.govee-smart)](https://www.npmjs.com/package/iobroker.govee-smart)
-![Node](https://img.shields.io/badge/node-%3E%3D20-brightgreen)
+![Node](https://img.shields.io/badge/node-%3E%3D22-brightgreen)
 ![TypeScript](https://img.shields.io/badge/TypeScript-strict-blue)
 [![License](https://img.shields.io/badge/license-MIT-green)](LICENSE)
 [![npm downloads](https://img.shields.io/npm/dt/iobroker.govee-smart)](https://www.npmjs.com/package/iobroker.govee-smart)
@@ -63,7 +63,7 @@ Full user documentation lives in the **[Wiki](https://github.com/krobipd/ioBroke
 
 ## Requirements
 
-- Node.js >= 20
+- Node.js >= 22
 - ioBroker js-controller >= 7.0.7
 - ioBroker Admin >= 7.7.22
 - A Govee account and at least one Govee WiFi device. LAN control needs a light with LAN mode enabled in the Govee Home app — see Govee's [LAN-supported device list](https://app-h5.govee.com/user-manual/wlan-guide).
@@ -124,6 +124,14 @@ This adapter's MQTT authentication and BLE-over-LAN (ptReal) protocol implementa
 ---
 
 ## Changelog
+### 2.1.3 (2026-05-03)
+
+- Critical fix: no more restart-loop after entering the verification code. The cached login is now stored in a state, not in the adapter config — saving the config doesn't trigger a restart anymore.
+- Saving email + password in the adapter config works again. The previous loop made it look like only the "Test login" button worked.
+- Honest startup messages: when MQTT really doesn't connect within the first minute, the log says why ("login rejected", "verification needed", etc.) instead of "still pending".
+- Verification warning shortened. The full step-by-step instructions live in the Wiki, the log only states the action.
+- "MQTT connected to AWS IoT" → "MQTT connected". "OpenAPI MQTT" → "Cloud-events" in user-facing logs.
+
 ### 2.1.2 (2026-05-02)
 
 - The verification message no longer claims your account has 2FA when it doesn't. Govee asks for a one-time check the first time it sees this client — same dialog, but the wording matches reality now.
@@ -153,11 +161,6 @@ This adapter's MQTT authentication and BLE-over-LAN (ptReal) protocol implementa
 
 - Min js-controller `>=6.0.11`, admin `>=7.6.20` (correcting an accidental bump in 2.0.2).
 
-### 2.0.2 (2026-04-26)
-
-- Sensor and appliance events (lack-of-water, ice-bucket-full, etc.) now arrive reliably across reconnects. Govee used to treat each reconnect as a new connection and drop the subscription.
-- Min js-controller `>=7.0.23`.
-
 Older entries are in [CHANGELOG_OLD.md](CHANGELOG_OLD.md).
 
 ## Support

package/build/lib/govee-mqtt-client.js

@@ -141,6 +141,35 @@ class GoveeMqttClient {
   get token() {
     return this._bearerToken;
   }
+  /**
+   * Short user-facing reason for "MQTT not connected", or null if the
+   * client has never seen an error. Used by the adapter ready-summary
+   * to give a concrete message instead of "still pending".
+   */
+  getFailureReason() {
+    if (this.connected) {
+      return null;
+    }
+    switch (this.lastErrorCategory) {
+      case "VERIFICATION_PENDING":
+        return "Govee asked for verification \u2014 request a code in adapter settings";
+      case "VERIFICATION_FAILED":
+        return "verification code rejected \u2014 request a fresh code";
+      case "AUTH":
+        return this.authFailCount >= MAX_AUTH_FAILURES ? "login rejected \u2014 check email/password" : "login failed (will retry)";
+      case "RATE_LIMIT":
+        return "rate-limited by Govee \u2014 will retry";
+      case "NETWORK":
+        return "cannot reach Govee servers \u2014 will retry";
+      case "TIMEOUT":
+        return "connection timeout \u2014 will retry";
+      case "UNKNOWN":
+        return "login rejected \u2014 see earlier log";
+      case null:
+      default:
+        return null;
+    }
+  }
   /** Persisted credentials from a previous run; null until setPersistedCredentials() is called. */
   persisted = null;
   /** Hook fired after a successful login so the adapter can persist the new credentials. */
@@ -263,9 +292,7 @@ class GoveeMqttClient {
         const isNew = this.lastErrorCategory !== category;
         this.lastErrorCategory = category;
         if (isNew) {
-          this.log.warn(
-            'Govee asked for one-time client verification (HTTP 454). Open adapter settings, click "Request verification code", paste the code from the email into the field, save. Govee remembers this client afterwards. Account-level 2FA is not required.'
-          );
+          this.log.warn("MQTT not connected: Govee asked for verification \u2014 request a code in adapter settings");
         } else {
           this.log.debug("MQTT verification still pending (Govee returned 454 again)");
         }
@@ -278,9 +305,7 @@ class GoveeMqttClient {
         const isNew = this.lastErrorCategory !== category;
         this.lastErrorCategory = category;
         if (isNew) {
-          this.log.warn(
-            "Govee rejected the verification code (HTTP 455) \u2014 request a fresh code via the adapter settings."
-          );
+          this.log.warn("MQTT not connected: verification code rejected \u2014 request a fresh code");
         } else {
           this.log.debug("MQTT verification code rejected again (Govee returned 455)");
         }
@@ -292,7 +317,7 @@ class GoveeMqttClient {
       if (category === "AUTH") {
         this.authFailCount++;
         if (this.authFailCount >= MAX_AUTH_FAILURES) {
-          this.log.warn(`MQTT login failed ${this.authFailCount} times \u2014 check email/password in adapter settings`);
+          this.log.warn("MQTT not connected: login rejected \u2014 check email/password");
           return;
         }
       } else {
@@ -415,7 +440,7 @@ class GoveeMqttClient {
     this.accountTopic = creds.accountTopic;
     (_a = this.onToken) == null ? void 0 : _a.call(this, this._bearerToken);
     const clientId = `AP/${creds.accountId}/${this.sessionUuid}`;
-    this.log.info("MQTT: trying cached credentials (no fresh login)");
+    this.log.debug("MQTT: trying cached credentials (no fresh login)");
     this.persistedAttemptInFlight = true;
     this.client = mqtt.connect(`mqtts://${creds.iotEndpoint}:8883`, {
       clientId,
@@ -449,7 +474,7 @@ class GoveeMqttClient {
         this.log.info("MQTT connection restored");
         this.lastErrorCategory = null;
       } else {
-        this.log.info("MQTT connected to AWS IoT");
+        this.log.info("MQTT connected");
       }
       (_a = this.client) == null ? void 0 : _a.subscribe(this.accountTopic, { qos: 0 }, (err) => {
         var _a2;
@@ -473,7 +498,7 @@ class GoveeMqttClient {
       if (this.persistedAttemptInFlight) {
         this.persistedAttemptInFlight = false;
         this.persisted = null;
-        this.log.info("MQTT: cached credentials rejected \u2014 falling back to fresh login");
+        this.log.debug("MQTT: cached credentials rejected \u2014 falling back to fresh login");
       }
       if (!this.lastErrorCategory) {
         this.lastErrorCategory = "NETWORK";

package/build/lib/govee-mqtt-client.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../src/lib/govee-mqtt-client.ts"],
-  "sourcesContent": ["import * as crypto from \"node:crypto\";\nimport * as forge from \"node-forge\";\nimport * as mqtt from \"mqtt\";\nimport { httpsRequest } from \"./http-client\";\nimport { GOVEE_APP_VERSION, GOVEE_CLIENT_TYPE, GOVEE_USER_AGENT, deriveGoveeClientId } from \"./govee-constants\";\nimport {\n  classifyError,\n  type ErrorCategory,\n  type GoveeIotKeyResponse,\n  type GoveeLoginResponse,\n  type MqttStatusUpdate,\n  type PersistedMqttCredentials,\n  type TimerAdapter,\n} from \"./types\";\n\n/** Max consecutive auth failures before giving up */\nconst MAX_AUTH_FAILURES = 3;\n\nconst LOGIN_URL = \"https://app2.govee.com/account/rest/account/v2/login\";\nconst IOT_KEY_URL = \"https://app2.govee.com/app/v1/account/iot/key\";\n\n/** Amazon Root CA 1 \u2014 required for AWS IoT Core TLS */\nconst AMAZON_ROOT_CA1 = `-----BEGIN CERTIFICATE-----\nMIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF\nADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\nb24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL\nMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv\nb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj\nca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM\n9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw\nIFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6\nVOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L\n93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm\njgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\nAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA\nA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI\nU5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs\nN+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv\no/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU\n5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy\nrqXRfboQnoZsG4q5WTP468SQvvG5\n-----END CERTIFICATE-----`;\n\n/** Callback for MQTT status updates */\nexport type MqttStatusCallback = (update: MqttStatusUpdate) => void;\n\n/** Callback for MQTT connection state changes */\nexport type MqttConnectionCallback = (connected: boolean) => void;\n\n/** Callback fired each time the login hands us a fresh bearer token */\nexport type MqttTokenCallback = (token: string) => void;\n\n/**\n * Govee AWS IoT MQTT client for real-time status and control.\n * Authenticates via Govee account, connects to AWS IoT Core with mutual TLS.\n */\nexport class GoveeMqttClient {\n  private readonly email: string;\n  private readonly password: string;\n  private readonly log: ioBroker.Logger;\n  private readonly timers: TimerAdapter;\n  private client: mqtt.MqttClient | null = null;\n  private accountTopic = \"\";\n  private _bearerToken = \"\";\n  private accountId = \"\";\n  /**\n   * Stable session UUID, generated once per adapter process.\n   * AWS IoT uses the clientId to track connection ownership \u2014 reusing the\n   * same id on reconnect lets the broker cleanly take over from a stale\n   * socket instead of refusing a new connection while the old one lingers.\n   */\n  private readonly sessionUuid: string = crypto.randomUUID();\n  private reconnectTimer: ioBroker.Timeout | undefined = undefined;\n  private reconnectAttempts = 0;\n  private authFailCount = 0;\n  private lastErrorCategory: ErrorCategory | null = null;\n  private onStatus: MqttStatusCallback | null = null;\n  private onConnection: MqttConnectionCallback | null = null;\n  private onToken: MqttTokenCallback | null = null;\n  /**\n   * Diagnostics hook \u2014 called for each parsed message with the device id,\n   * source topic and any op.command hex strings. The hook is responsible\n   * for forwarding to a DiagnosticsCollector if one is set up.\n   */\n  private onPacket: ((deviceId: string, topic: string, hex: string) => void) | null = null;\n\n  /** Account-derived client ID (UUIDv5(email)) \u2014 stable per account, distinct per user. */\n  private readonly clientId: string;\n\n  /** Optional 2FA code \u2014 set once after a 454, sent in the next login body, then cleared. */\n  private verificationCode: string = \"\";\n\n  /** Fired after a successful login that consumed a verification code, so the adapter can blank the settings field. */\n  private onVerificationConsumed: (() => void) | null = null;\n\n  /** Fired on 454 (pending) or 455 (failed) so the adapter can surface the actionable warning + auto-clear the code on failed. */\n  private onVerificationFailed: ((reason: \"pending\" | \"failed\") => void) | null = null;\n\n  /**\n   * @param email Govee account email\n   * @param password Govee account password\n   * @param log ioBroker logger\n   * @param timers Timer adapter\n   */\n  constructor(email: string, password: string, log: ioBroker.Logger, timers: TimerAdapter) {\n    this.email = email;\n    this.password = password;\n    this.log = log;\n    this.timers = timers;\n    this.clientId = deriveGoveeClientId(email);\n  }\n\n  /**\n   * Set the optional 2FA verification code. Empty string clears it.\n   *\n   * @param code Code from the Govee verification email\n   */\n  setVerificationCode(code: string): void {\n    this.verificationCode = (code ?? \"\").trim();\n  }\n\n  /**\n   * Hook called when a login successfully consumed a verification code.\n   * Adapter wires this to clear the settings field.\n   *\n   * @param cb Callback\n   */\n  setOnVerificationConsumed(cb: (() => void) | null): void {\n    this.onVerificationConsumed = cb;\n  }\n\n  /**\n   * Hook called when Govee returned 454 (pending) or 455 (failed). Reason\n   * lets the adapter clear the settings field on `failed` and prompt the\n   * user to request a code on `pending`.\n   *\n   * @param cb Callback\n   */\n  setOnVerificationFailed(cb: ((reason: \"pending\" | \"failed\") => void) | null): void {\n    this.onVerificationFailed = cb;\n  }\n\n  /** Bearer token from login \u2014 available after connect, used for undocumented API */\n  get token(): string {\n    return this._bearerToken;\n  }\n\n  /** Persisted credentials from a previous run; null until setPersistedCredentials() is called. */\n  private persisted: PersistedMqttCredentials | null = null;\n  /** Hook fired after a successful login so the adapter can persist the new credentials. */\n  private onCredentialsRefresh: ((creds: PersistedMqttCredentials) => void) | null = null;\n  /** Pre-scheduled timer for proactive token refresh (5 min before expiry). */\n  private refreshTimer: ioBroker.Timeout | undefined = undefined;\n\n  /**\n   * True between calling mqtt.connect() with persisted creds and the first\n   * `connect` event. If `close` fires while this is still true, the cached\n   * cert/token are invalid \u2014 wipe them so the next attempt does a fresh login.\n   */\n  private persistedAttemptInFlight = false;\n\n  /**\n   * Hand the client persisted credentials from a previous successful login.\n   * If the bearer token is not yet expired, the next connect() will skip the\n   * full login flow and try MQTT with the stored cert directly.\n   *\n   * @param creds Persisted credentials, or null to clear\n   */\n  setPersistedCredentials(creds: PersistedMqttCredentials | null): void {\n    this.persisted = creds;\n  }\n\n  /**\n   * Fired after a successful login so the adapter can write the bundle to\n   * `encryptedNative`/`native`. Includes the (potentially refreshed) TTL.\n   *\n   * @param cb Callback\n   */\n  setOnCredentialsRefresh(cb: ((creds: PersistedMqttCredentials) => void) | null): void {\n    this.onCredentialsRefresh = cb;\n  }\n\n  /**\n   * Connect to Govee MQTT.\n   * Flow: Login \u2192 Get IoT Key \u2192 Extract certs from P12 \u2192 Connect MQTT\n   *\n   * @param onStatus Called on device status updates\n   * @param onConnection Called on connection state changes\n   * @param onToken Called with every fresh bearer token (initial + each reconnect-login)\n   */\n  async connect(\n    onStatus: MqttStatusCallback,\n    onConnection: MqttConnectionCallback,\n    onToken?: MqttTokenCallback,\n  ): Promise<void> {\n    this.onStatus = onStatus;\n    this.onConnection = onConnection;\n    if (onToken) {\n      this.onToken = onToken;\n    }\n\n    try {\n      // Step 0: Try the persisted credentials first. If the cached bearer\n      // token is still inside its TTL and the stored P12 cert lets us connect,\n      // skip the full login flow \u2014 that avoids spamming the user's email\n      // with a 2FA verification request on every adapter restart.\n      if (this.tryPersistedReuse()) {\n        return;\n      }\n\n      // Step 1: Login\n      const codeWasSent = (this.verificationCode ?? \"\").trim().length > 0;\n      const loginResp = await this.login();\n      if (!loginResp.client) {\n        const apiStatus = loginResp.status ?? 0;\n        const apiMsg = loginResp.message ?? \"unknown error\";\n        const statusStr = `(status ${apiStatus || \"?\"})`;\n        // Classify the Govee response to avoid misleading error messages.\n        // 454/455 (2FA) MUST come before generic AUTH so the user gets the\n        // correct \"request a code\" hint instead of \"check email/password\".\n        if (apiStatus === 455 || (apiStatus === 454 && codeWasSent)) {\n          throw new Error(`Verification code invalid or expired ${statusStr}`);\n        }\n        if (apiStatus === 454) {\n          throw new Error(`Verification required by Govee \u2014 request a code via Adapter settings ${statusStr}`);\n        }\n        if (apiStatus === 429 || /too many|rate.?limit|frequent|throttl/i.test(apiMsg)) {\n          throw new Error(`Rate limited by Govee: ${apiMsg} ${statusStr}`);\n        }\n        if (apiStatus === 451 || /not.*registered/i.test(apiMsg)) {\n          throw new Error(`Login failed: email not registered ${statusStr}`);\n        }\n        if (apiStatus === 401 || /password|credential|unauthorized/i.test(apiMsg)) {\n          throw new Error(`Login failed: ${apiMsg} ${statusStr}`);\n        }\n        // Account temporarily locked \u2014 NOT a credential error, keep reconnecting\n        if (/abnormal|blocked|suspended|disabled/i.test(apiMsg)) {\n          throw new Error(`Account temporarily locked by Govee: ${apiMsg} ${statusStr}`);\n        }\n        // Other account issues, maintenance, etc.\n        throw new Error(`Govee login rejected: ${apiMsg} ${statusStr}`);\n      }\n      // Login OK \u2014 if a verification code was used, signal the adapter to clear it\n      if (codeWasSent) {\n        this.onVerificationConsumed?.();\n      }\n      this._bearerToken = loginResp.client.token;\n      this.accountId = String(loginResp.client.accountId);\n      this.accountTopic = loginResp.client.topic;\n      // Notify dependents (e.g. api-client for authenticated library endpoints)\n      // so they don't keep a stale token after a long-delay reconnect.\n      this.onToken?.(this._bearerToken);\n\n      // Step 2: Get IoT credentials\n      const iotResp = await this.getIotKey();\n      if (!iotResp.data?.endpoint) {\n        throw new Error(\"IoT key response missing endpoint/certificate data\");\n      }\n      const { endpoint, p12, p12Pass } = iotResp.data;\n\n      // Step 3: Extract key + cert from P12\n      const { key, cert, ca } = this.extractCertsFromP12(p12, p12Pass);\n\n      // Persist the fresh credentials so the next adapter restart skips this\n      // whole login dance (and avoids the 2FA email storm). TTL comes from\n      // Govee \u2014 `token_expire_cycle` (snake) or `tokenExpireCycle` (camel),\n      // depending on the response variant. 1h fallback if Govee sends nothing.\n      const ttlSec = loginResp.client.token_expire_cycle ?? loginResp.client.tokenExpireCycle ?? 3600;\n      const expiresAt = Date.now() + ttlSec * 1000;\n      this.onCredentialsRefresh?.({\n        bearerToken: this._bearerToken,\n        iotEndpoint: endpoint,\n        p12Cert: p12,\n        p12Pass,\n        accountId: this.accountId,\n        accountTopic: this.accountTopic,\n        tokenExpiresAt: expiresAt,\n      });\n      this.scheduleProactiveRefresh(expiresAt);\n\n      // Step 4: Connect MQTT with mutual TLS\n      const clientId = `AP/${this.accountId}/${this.sessionUuid}`;\n      this.client = mqtt.connect(`mqtts://${endpoint}:8883`, {\n        clientId,\n        key,\n        cert,\n        ca,\n        protocolVersion: 4,\n        keepalive: 60,\n        reconnectPeriod: 0, // We handle reconnect ourselves\n        rejectUnauthorized: true,\n      });\n\n      this.attachClientHandlers();\n    } catch (err) {\n      const category = classifyError(err);\n      const msg = `MQTT connection failed: ${err instanceof Error ? err.message : String(err)}`;\n\n      // State-Sync: connect() throw = not connected, unabh\u00E4ngig von Fehlertyp\n      this.onConnection?.(false);\n\n      // Govee verification 454: pause reconnect until the user submits a\n      // code via Settings (which triggers an adapter restart). Don't\n      // increment auth-failure counter \u2014 this is not a credential error.\n      //\n      // Wording: Govee returns 454 the first time a particular client-id\n      // tries to log in, regardless of whether the user enabled 2FA on\n      // their account. It's a \"new client, please verify once\" handshake\n      // \u2014 not \"you have 2FA enabled\". Earlier wording was scaring users\n      // whose accounts are 2FA-free. The actual message says: this is a\n      // one-time setup per client.\n      //\n      // Dedup: only warn on the FIRST occurrence of this category (per\n      // adapter lifetime). Subsequent reconnect attempts that hit the\n      // same 454 are demoted to debug.\n      if (category === \"VERIFICATION_PENDING\") {\n        const isNew = this.lastErrorCategory !== category;\n        this.lastErrorCategory = category;\n        if (isNew) {\n          this.log.warn(\n            'Govee asked for one-time client verification (HTTP 454). Open adapter settings, click \"Request verification code\", paste the code from the email into the field, save. Govee remembers this client afterwards. Account-level 2FA is not required.',\n          );\n        } else {\n          this.log.debug(\"MQTT verification still pending (Govee returned 454 again)\");\n        }\n        if (this.onVerificationFailed) {\n          this.onVerificationFailed(\"pending\");\n        }\n        return;\n      }\n      if (category === \"VERIFICATION_FAILED\") {\n        const isNew = this.lastErrorCategory !== category;\n        this.lastErrorCategory = category;\n        if (isNew) {\n          this.log.warn(\n            \"Govee rejected the verification code (HTTP 455) \u2014 request a fresh code via the adapter settings.\",\n          );\n        } else {\n          this.log.debug(\"MQTT verification code rejected again (Govee returned 455)\");\n        }\n        if (this.onVerificationFailed) {\n          this.onVerificationFailed(\"failed\");\n        }\n        return;\n      }\n\n      // Auth backoff \u2014 stop reconnecting after repeated auth failures\n      if (category === \"AUTH\") {\n        this.authFailCount++;\n        if (this.authFailCount >= MAX_AUTH_FAILURES) {\n          this.log.warn(`MQTT login failed ${this.authFailCount} times \u2014 check email/password in adapter settings`);\n          return;\n        }\n      } else {\n        this.authFailCount = 0;\n      }\n\n      // Error dedup \u2014 warn on first/new category, debug on repeat\n      if (category !== this.lastErrorCategory) {\n        this.lastErrorCategory = category;\n        this.log.warn(msg);\n      } else {\n        this.log.debug(msg);\n      }\n\n      this.scheduleReconnect();\n    }\n  }\n\n  /** Whether MQTT is currently connected */\n  get connected(): boolean {\n    return this.client?.connected ?? false;\n  }\n\n  /** Disconnect and cleanup */\n  disconnect(): void {\n    if (this.reconnectTimer) {\n      this.timers.clearTimeout(this.reconnectTimer);\n      this.reconnectTimer = undefined;\n    }\n    if (this.client) {\n      this.client.removeAllListeners();\n      this.client.on(\"error\", () => {\n        /* ignore late errors */\n      });\n      this.client.end(true);\n      this.client = null;\n    }\n  }\n\n  /**\n   * Parse MQTT status message\n   *\n   * @param payload Raw MQTT message buffer\n   * @param topic   AWS-IoT topic the message arrived on\n   */\n  private handleMessage(payload: Buffer, topic: string): void {\n    try {\n      const raw = JSON.parse(payload.toString()) as Record<string, unknown>;\n\n      // Defensive \u2014 blind casts would crash downstream if Govee pushes\n      // unexpected types. Validate each field before constructing the update.\n      const sku = typeof raw.sku === \"string\" ? raw.sku : \"\";\n      const device = typeof raw.device === \"string\" ? raw.device : \"\";\n      const state = raw.state && typeof raw.state === \"object\" ? (raw.state as MqttStatusUpdate[\"state\"]) : undefined;\n      const op = raw.op && typeof raw.op === \"object\" ? (raw.op as MqttStatusUpdate[\"op\"]) : undefined;\n\n      if (sku || device) {\n        this.onStatus?.({ sku, device, state, op });\n        if (this.onPacket && device && Array.isArray(op?.command)) {\n          for (const cmd of op.command) {\n            if (typeof cmd === \"string\" && cmd) {\n              this.onPacket(device, topic, cmd);\n            }\n          }\n        }\n      }\n    } catch {\n      this.log.debug(`MQTT: Failed to parse message: ${payload.toString().slice(0, 200)}`);\n    }\n  }\n\n  /**\n   * Register a hook called for every parsed MQTT packet. Used by the\n   * adapter to forward op.command hex strings into the DiagnosticsCollector\n   * for `diag.export`.\n   *\n   * @param cb Callback receiving (deviceId, topic, hex)\n   */\n  setPacketHook(cb: ((deviceId: string, topic: string, hex: string) => void) | null): void {\n    this.onPacket = cb;\n  }\n\n  /** Schedule reconnect with exponential backoff */\n  private scheduleReconnect(): void {\n    if (this.reconnectTimer) {\n      return;\n    }\n    if (this.authFailCount >= MAX_AUTH_FAILURES) {\n      return;\n    }\n\n    this.reconnectAttempts++;\n    const delay = Math.min(5_000 * Math.pow(2, this.reconnectAttempts - 1), 300_000);\n    this.log.debug(`MQTT: Reconnecting in ${delay / 1000}s (attempt ${this.reconnectAttempts})`);\n\n    this.reconnectTimer = this.timers.setTimeout(() => {\n      this.reconnectTimer = undefined;\n      if (this.onStatus && this.onConnection) {\n        void this.connect(this.onStatus, this.onConnection);\n      }\n    }, delay);\n  }\n\n  /**\n   * Reuse path: if a persisted bundle exists and is not expired yet, try\n   * MQTT directly with the stored cert. Returns true if a connection was\n   * initiated (caller should NOT continue to login).\n   *\n   * Uses the same ON-event handlers as the full login path \u2014 a successful\n   * connect publishes `mqttConnected: true` exactly like a fresh login.\n   * On failure (cert rejected, token revoked, network) we just return false\n   * and the caller falls through to the full login.\n   */\n  private tryPersistedReuse(): boolean {\n    const creds = this.persisted;\n    if (!creds || !creds.bearerToken || !creds.iotEndpoint || !creds.p12Cert) {\n      return false;\n    }\n    if (creds.tokenExpiresAt <= Date.now()) {\n      return false;\n    }\n    let extracted;\n    try {\n      extracted = this.extractCertsFromP12(creds.p12Cert, creds.p12Pass);\n    } catch (e) {\n      this.log.debug(\n        `Persisted P12 cert unusable: ${e instanceof Error ? e.message : String(e)} \u2014 falling back to fresh login`,\n      );\n      return false;\n    }\n    this._bearerToken = creds.bearerToken;\n    this.accountId = creds.accountId;\n    this.accountTopic = creds.accountTopic;\n    this.onToken?.(this._bearerToken);\n    const clientId = `AP/${creds.accountId}/${this.sessionUuid}`;\n    this.log.info(\"MQTT: trying cached credentials (no fresh login)\");\n    this.persistedAttemptInFlight = true;\n    this.client = mqtt.connect(`mqtts://${creds.iotEndpoint}:8883`, {\n      clientId,\n      key: extracted.key,\n      cert: extracted.cert,\n      ca: extracted.ca,\n      protocolVersion: 4,\n      keepalive: 60,\n      reconnectPeriod: 0,\n      rejectUnauthorized: true,\n    });\n    this.attachClientHandlers();\n    this.scheduleProactiveRefresh(creds.tokenExpiresAt);\n    return true;\n  }\n\n  /**\n   * Attach the standard `connect` / `message` / `error` / `close` handlers\n   * to the current `this.client`. Extracted so both paths (fresh login and\n   * persisted reuse) share exactly the same event wiring.\n   */\n  private attachClientHandlers(): void {\n    if (!this.client) {\n      return;\n    }\n    this.client.on(\"connect\", () => {\n      this.persistedAttemptInFlight = false;\n      this.reconnectAttempts = 0;\n      this.authFailCount = 0;\n      if (this.lastErrorCategory) {\n        this.log.info(\"MQTT connection restored\");\n        this.lastErrorCategory = null;\n      } else {\n        this.log.info(\"MQTT connected to AWS IoT\");\n      }\n      this.client?.subscribe(this.accountTopic, { qos: 0 }, err => {\n        if (err) {\n          this.log.warn(`MQTT subscribe failed: ${err.message}`);\n        } else {\n          this.log.debug(\"MQTT subscribed to account topic\");\n          this.onConnection?.(true);\n        }\n      });\n    });\n    this.client.on(\"message\", (topic, payload) => {\n      this.handleMessage(payload, topic);\n    });\n    this.client.on(\"error\", err => {\n      this.log.debug(`MQTT error: ${err.message}`);\n    });\n    this.client.on(\"close\", () => {\n      this.onConnection?.(false);\n      // Cached cert/token failed before producing a single successful\n      // connect \u2014 assume the bundle is stale (cert revoked, token\n      // expired before our TTL guess, account topic changed). Wipe it\n      // so scheduleReconnect \u2192 connect() falls through to a fresh login.\n      if (this.persistedAttemptInFlight) {\n        this.persistedAttemptInFlight = false;\n        this.persisted = null;\n        this.log.info(\"MQTT: cached credentials rejected \u2014 falling back to fresh login\");\n      }\n      if (!this.lastErrorCategory) {\n        this.lastErrorCategory = \"NETWORK\";\n        this.log.debug(\"MQTT disconnected \u2014 will reconnect\");\n      }\n      this.scheduleReconnect();\n    });\n  }\n\n  /**\n   * Schedule a proactive token refresh 5 minutes before bearer expiry.\n   *\n   * v2.1.0 disconnect+reconnect was disruptive: it killed the live MQTT\n   * session, then triggered a fresh login. If Govee responded with 454\n   * (e.g. account flagged for re-verification), the user saw the 2FA\n   * warning even though MQTT was previously working \u2014 and the\n   * disconnect dropped status push for the duration of the re-auth.\n   *\n   * v2.1.1: silent re-login. We just call /v1/login, save the new\n   * bearer + cert (so the next adapter restart skips full login), and\n   * let the existing MQTT session keep running. The current cert may\n   * stay valid past the bearer's expiry \u2014 losing the bearer only\n   * affects API-key-less REST calls, not the live MQTT push channel.\n   *\n   * @param expiresAt ms-timestamp at which the bearer token will be rejected\n   */\n  private scheduleProactiveRefresh(expiresAt: number): void {\n    if (this.refreshTimer) {\n      this.timers.clearTimeout(this.refreshTimer);\n      this.refreshTimer = undefined;\n    }\n    const refreshAt = expiresAt - 5 * 60 * 1000;\n    const delay = refreshAt - Date.now();\n    if (delay <= 0) {\n      return;\n    }\n    this.refreshTimer = this.timers.setTimeout(() => {\n      this.refreshTimer = undefined;\n      void this.refreshBearerSilently();\n    }, delay);\n  }\n\n  /**\n   * Refresh the bearer token without disconnecting MQTT. Called by the\n   * proactive-refresh timer. Failures don't disrupt the live session \u2014\n   * the next reconnect-cycle (if Govee invalidates the cert) handles\n   * recovery via the normal connect() path.\n   */\n  private async refreshBearerSilently(): Promise<void> {\n    this.log.debug(\"Proactive MQTT bearer refresh triggered\");\n    try {\n      const loginResp = await this.login();\n      if (!loginResp.client) {\n        // Login was rejected (454 / 455 / locked / rate-limited). Keep\n        // the current MQTT connection alive. If the bearer is needed\n        // for a REST call later, that call's catch path will surface\n        // the actual error to the user.\n        const status = loginResp.status ?? 0;\n        this.log.debug(`Silent bearer refresh declined by Govee (status ${status}) \u2014 current session kept`);\n        return;\n      }\n      this._bearerToken = loginResp.client.token;\n      this.onToken?.(this._bearerToken);\n      // Persist the new bearer + cert so the next restart skips full\n      // login. Cert may be the same as before (unchanged P12) \u2014 js-controller\n      // re-encrypts identical bytes anyway, no harm done.\n      const ttlSec = loginResp.client.token_expire_cycle ?? loginResp.client.tokenExpireCycle ?? 3600;\n      const newExpiresAt = Date.now() + ttlSec * 1000;\n      try {\n        const iotResp = await this.getIotKey();\n        if (iotResp?.data?.endpoint) {\n          this.onCredentialsRefresh?.({\n            bearerToken: this._bearerToken,\n            iotEndpoint: iotResp.data.endpoint,\n            p12Cert: iotResp.data.p12,\n            p12Pass: iotResp.data.p12Pass,\n            accountId: this.accountId,\n            accountTopic: this.accountTopic,\n            tokenExpiresAt: newExpiresAt,\n          });\n        }\n      } catch (e) {\n        this.log.debug(`Silent IoT-key refresh failed: ${e instanceof Error ? e.message : String(e)}`);\n      }\n      this.scheduleProactiveRefresh(newExpiresAt);\n    } catch (e) {\n      // Network error / 5xx \u2014 not a release-blocker. The live MQTT\n      // session continues; the next reconnect-cycle (if needed) will\n      // try a full login.\n      this.log.debug(\n        `Silent bearer refresh failed: ${e instanceof Error ? e.message : String(e)} \u2014 current session kept`,\n      );\n    }\n  }\n\n  /** Login to Govee account */\n  private login(): Promise<GoveeLoginResponse> {\n    const body: Record<string, string> = {\n      email: this.email,\n      password: this.password,\n      client: this.clientId,\n    };\n    const code = (this.verificationCode ?? \"\").trim();\n    if (code) {\n      body.code = code;\n    }\n    return httpsRequest<GoveeLoginResponse>({\n      method: \"POST\",\n      url: LOGIN_URL,\n      headers: {\n        appVersion: GOVEE_APP_VERSION,\n        clientId: this.clientId,\n        clientType: GOVEE_CLIENT_TYPE,\n        iotVersion: \"0\",\n        timestamp: String(Date.now()),\n        \"User-Agent\": GOVEE_USER_AGENT,\n      },\n      body,\n    });\n  }\n\n  /**\n   * Trigger Govee's verification-code email. Govee sends a one-time code\n   * to the account email; the user pastes it into Settings.\n   *\n   * Status 200 \u2192 email queued. The response body is irrelevant for the\n   * adapter \u2014 Govee may include a tracking token but we don't use it.\n   *\n   * Throws on non-200 or network failure so the caller (onMessage handler)\n   * can surface the error to the admin UI.\n   */\n  async requestVerificationCode(): Promise<void> {\n    const url = \"https://app2.govee.com/account/rest/account/v1/verification\";\n    await httpsRequest<unknown>({\n      method: \"POST\",\n      url,\n      headers: {\n        appVersion: GOVEE_APP_VERSION,\n        clientId: this.clientId,\n        clientType: GOVEE_CLIENT_TYPE,\n        iotVersion: \"0\",\n        timestamp: String(Date.now()),\n        \"User-Agent\": GOVEE_USER_AGENT,\n      },\n      body: {\n        type: 8,\n        email: this.email,\n      },\n    });\n  }\n\n  /** Get IoT key (P12 certificate) */\n  private getIotKey(): Promise<GoveeIotKeyResponse> {\n    return httpsRequest<GoveeIotKeyResponse>({\n      method: \"GET\",\n      url: IOT_KEY_URL,\n      headers: {\n        Authorization: `Bearer ${this._bearerToken}`,\n        appVersion: GOVEE_APP_VERSION,\n        clientId: this.clientId,\n        clientType: GOVEE_CLIENT_TYPE,\n        \"User-Agent\": GOVEE_USER_AGENT,\n      },\n    });\n  }\n\n  /**\n   * Extract PEM key + cert from PKCS12\n   *\n   * @param p12Base64 Base64-encoded PKCS12 data\n   * @param password PKCS12 password\n   */\n  private extractCertsFromP12(p12Base64: string, password: string): { key: string; cert: string; ca: string } {\n    const p12Der = forge.util.decode64(p12Base64);\n    const p12Asn1 = forge.asn1.fromDer(p12Der);\n    const p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, password);\n\n    // Extract private key\n    const keyBags = p12.getBags({\n      bagType: forge.pki.oids.pkcs8ShroudedKeyBag,\n    });\n    const keyBag = keyBags[forge.pki.oids.pkcs8ShroudedKeyBag]?.[0];\n    if (!keyBag?.key) {\n      throw new Error(\"No private key found in P12\");\n    }\n    const key = forge.pki.privateKeyToPem(keyBag.key);\n\n    // Extract certificate\n    const certBags = p12.getBags({ bagType: forge.pki.oids.certBag });\n    const certBag = certBags[forge.pki.oids.certBag]?.[0];\n    if (!certBag?.cert) {\n      throw new Error(\"No certificate found in P12\");\n    }\n    const cert = forge.pki.certificateToPem(certBag.cert);\n\n    // AWS IoT uses Amazon Root CA\n    const ca = AMAZON_ROOT_CA1;\n\n    return { key, cert, ca };\n  }\n}\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,aAAwB;AACxB,YAAuB;AACvB,WAAsB;AACtB,yBAA6B;AAC7B,6BAA4F;AAC5F,mBAQO;AAGP,MAAM,oBAAoB;AAE1B,MAAM,YAAY;AAClB,MAAM,cAAc;AAGpB,MAAM,kBAAkB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAkCjB,MAAM,gBAAgB;AAAA,EACV;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACT,SAAiC;AAAA,EACjC,eAAe;AAAA,EACf,eAAe;AAAA,EACf,YAAY;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOH,cAAsB,OAAO,WAAW;AAAA,EACjD,iBAA+C;AAAA,EAC/C,oBAAoB;AAAA,EACpB,gBAAgB;AAAA,EAChB,oBAA0C;AAAA,EAC1C,WAAsC;AAAA,EACtC,eAA8C;AAAA,EAC9C,UAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMpC,WAA4E;AAAA;AAAA,EAGnE;AAAA;AAAA,EAGT,mBAA2B;AAAA;AAAA,EAG3B,yBAA8C;AAAA;AAAA,EAG9C,uBAAwE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQhF,YAAY,OAAe,UAAkB,KAAsB,QAAsB;AACvF,SAAK,QAAQ;AACb,SAAK,WAAW;AAChB,SAAK,MAAM;AACX,SAAK,SAAS;AACd,SAAK,eAAW,4CAAoB,KAAK;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,oBAAoB,MAAoB;AACtC,SAAK,oBAAoB,sBAAQ,IAAI,KAAK;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,0BAA0B,IAA+B;AACvD,SAAK,yBAAyB;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,wBAAwB,IAA2D;AACjF,SAAK,uBAAuB;AAAA,EAC9B;AAAA;AAAA,EAGA,IAAI,QAAgB;AAClB,WAAO,KAAK;AAAA,EACd;AAAA;AAAA,EAGQ,YAA6C;AAAA;AAAA,EAE7C,uBAA2E;AAAA;AAAA,EAE3E,eAA6C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAO7C,2BAA2B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASnC,wBAAwB,OAA8C;AACpE,SAAK,YAAY;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,wBAAwB,IAA8D;AACpF,SAAK,uBAAuB;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,QACJ,UACA,cACA,SACe;AAlMnB;AAmMI,SAAK,WAAW;AAChB,SAAK,eAAe;AACpB,QAAI,SAAS;AACX,WAAK,UAAU;AAAA,IACjB;AAEA,QAAI;AAKF,UAAI,KAAK,kBAAkB,GAAG;AAC5B;AAAA,MACF;AAGA,YAAM,gBAAe,UAAK,qBAAL,YAAyB,IAAI,KAAK,EAAE,SAAS;AAClE,YAAM,YAAY,MAAM,KAAK,MAAM;AACnC,UAAI,CAAC,UAAU,QAAQ;AACrB,cAAM,aAAY,eAAU,WAAV,YAAoB;AACtC,cAAM,UAAS,eAAU,YAAV,YAAqB;AACpC,cAAM,YAAY,WAAW,aAAa,GAAG;AAI7C,YAAI,cAAc,OAAQ,cAAc,OAAO,aAAc;AAC3D,gBAAM,IAAI,MAAM,wCAAwC,SAAS,EAAE;AAAA,QACrE;AACA,YAAI,cAAc,KAAK;AACrB,gBAAM,IAAI,MAAM,6EAAwE,SAAS,EAAE;AAAA,QACrG;AACA,YAAI,cAAc,OAAO,yCAAyC,KAAK,MAAM,GAAG;AAC9E,gBAAM,IAAI,MAAM,0BAA0B,MAAM,IAAI,SAAS,EAAE;AAAA,QACjE;AACA,YAAI,cAAc,OAAO,mBAAmB,KAAK,MAAM,GAAG;AACxD,gBAAM,IAAI,MAAM,sCAAsC,SAAS,EAAE;AAAA,QACnE;AACA,YAAI,cAAc,OAAO,oCAAoC,KAAK,MAAM,GAAG;AACzE,gBAAM,IAAI,MAAM,iBAAiB,MAAM,IAAI,SAAS,EAAE;AAAA,QACxD;AAEA,YAAI,uCAAuC,KAAK,MAAM,GAAG;AACvD,gBAAM,IAAI,MAAM,wCAAwC,MAAM,IAAI,SAAS,EAAE;AAAA,QAC/E;AAEA,cAAM,IAAI,MAAM,yBAAyB,MAAM,IAAI,SAAS,EAAE;AAAA,MAChE;AAEA,UAAI,aAAa;AACf,mBAAK,2BAAL;AAAA,MACF;AACA,WAAK,eAAe,UAAU,OAAO;AACrC,WAAK,YAAY,OAAO,UAAU,OAAO,SAAS;AAClD,WAAK,eAAe,UAAU,OAAO;AAGrC,iBAAK,YAAL,8BAAe,KAAK;AAGpB,YAAM,UAAU,MAAM,KAAK,UAAU;AACrC,UAAI,GAAC,aAAQ,SAAR,mBAAc,WAAU;AAC3B,cAAM,IAAI,MAAM,oDAAoD;AAAA,MACtE;AACA,YAAM,EAAE,UAAU,KAAK,QAAQ,IAAI,QAAQ;AAG3C,YAAM,EAAE,KAAK,MAAM,GAAG,IAAI,KAAK,oBAAoB,KAAK,OAAO;AAM/D,YAAM,UAAS,qBAAU,OAAO,uBAAjB,YAAuC,UAAU,OAAO,qBAAxD,YAA4E;AAC3F,YAAM,YAAY,KAAK,IAAI,IAAI,SAAS;AACxC,iBAAK,yBAAL,8BAA4B;AAAA,QAC1B,aAAa,KAAK;AAAA,QAClB,aAAa;AAAA,QACb,SAAS;AAAA,QACT;AAAA,QACA,WAAW,KAAK;AAAA,QAChB,cAAc,KAAK;AAAA,QACnB,gBAAgB;AAAA,MAClB;AACA,WAAK,yBAAyB,SAAS;AAGvC,YAAM,WAAW,MAAM,KAAK,SAAS,IAAI,KAAK,WAAW;AACzD,WAAK,SAAS,KAAK,QAAQ,WAAW,QAAQ,SAAS;AAAA,QACrD;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,iBAAiB;AAAA,QACjB,WAAW;AAAA,QACX,iBAAiB;AAAA;AAAA,QACjB,oBAAoB;AAAA,MACtB,CAAC;AAED,WAAK,qBAAqB;AAAA,IAC5B,SAAS,KAAK;AACZ,YAAM,eAAW,4BAAc,GAAG;AAClC,YAAM,MAAM,2BAA2B,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAGvF,iBAAK,iBAAL,8BAAoB;AAgBpB,UAAI,aAAa,wBAAwB;AACvC,cAAM,QAAQ,KAAK,sBAAsB;AACzC,aAAK,oBAAoB;AACzB,YAAI,OAAO;AACT,eAAK,IAAI;AAAA,YACP;AAAA,UACF;AAAA,QACF,OAAO;AACL,eAAK,IAAI,MAAM,4DAA4D;AAAA,QAC7E;AACA,YAAI,KAAK,sBAAsB;AAC7B,eAAK,qBAAqB,SAAS;AAAA,QACrC;AACA;AAAA,MACF;AACA,UAAI,aAAa,uBAAuB;AACtC,cAAM,QAAQ,KAAK,sBAAsB;AACzC,aAAK,oBAAoB;AACzB,YAAI,OAAO;AACT,eAAK,IAAI;AAAA,YACP;AAAA,UACF;AAAA,QACF,OAAO;AACL,eAAK,IAAI,MAAM,4DAA4D;AAAA,QAC7E;AACA,YAAI,KAAK,sBAAsB;AAC7B,eAAK,qBAAqB,QAAQ;AAAA,QACpC;AACA;AAAA,MACF;AAGA,UAAI,aAAa,QAAQ;AACvB,aAAK;AACL,YAAI,KAAK,iBAAiB,mBAAmB;AAC3C,eAAK,IAAI,KAAK,qBAAqB,KAAK,aAAa,wDAAmD;AACxG;AAAA,QACF;AAAA,MACF,OAAO;AACL,aAAK,gBAAgB;AAAA,MACvB;AAGA,UAAI,aAAa,KAAK,mBAAmB;AACvC,aAAK,oBAAoB;AACzB,aAAK,IAAI,KAAK,GAAG;AAAA,MACnB,OAAO;AACL,aAAK,IAAI,MAAM,GAAG;AAAA,MACpB;AAEA,WAAK,kBAAkB;AAAA,IACzB;AAAA,EACF;AAAA;AAAA,EAGA,IAAI,YAAqB;AAlX3B;AAmXI,YAAO,gBAAK,WAAL,mBAAa,cAAb,YAA0B;AAAA,EACnC;AAAA;AAAA,EAGA,aAAmB;AACjB,QAAI,KAAK,gBAAgB;AACvB,WAAK,OAAO,aAAa,KAAK,cAAc;AAC5C,WAAK,iBAAiB;AAAA,IACxB;AACA,QAAI,KAAK,QAAQ;AACf,WAAK,OAAO,mBAAmB;AAC/B,WAAK,OAAO,GAAG,SAAS,MAAM;AAAA,MAE9B,CAAC;AACD,WAAK,OAAO,IAAI,IAAI;AACpB,WAAK,SAAS;AAAA,IAChB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,cAAc,SAAiB,OAAqB;AA5Y9D;AA6YI,QAAI;AACF,YAAM,MAAM,KAAK,MAAM,QAAQ,SAAS,CAAC;AAIzC,YAAM,MAAM,OAAO,IAAI,QAAQ,WAAW,IAAI,MAAM;AACpD,YAAM,SAAS,OAAO,IAAI,WAAW,WAAW,IAAI,SAAS;AAC7D,YAAM,QAAQ,IAAI,SAAS,OAAO,IAAI,UAAU,WAAY,IAAI,QAAsC;AACtG,YAAM,KAAK,IAAI,MAAM,OAAO,IAAI,OAAO,WAAY,IAAI,KAAgC;AAEvF,UAAI,OAAO,QAAQ;AACjB,mBAAK,aAAL,8BAAgB,EAAE,KAAK,QAAQ,OAAO,GAAG;AACzC,YAAI,KAAK,YAAY,UAAU,MAAM,QAAQ,yBAAI,OAAO,GAAG;AACzD,qBAAW,OAAO,GAAG,SAAS;AAC5B,gBAAI,OAAO,QAAQ,YAAY,KAAK;AAClC,mBAAK,SAAS,QAAQ,OAAO,GAAG;AAAA,YAClC;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF,QAAQ;AACN,WAAK,IAAI,MAAM,kCAAkC,QAAQ,SAAS,EAAE,MAAM,GAAG,GAAG,CAAC,EAAE;AAAA,IACrF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,cAAc,IAA2E;AACvF,SAAK,WAAW;AAAA,EAClB;AAAA;AAAA,EAGQ,oBAA0B;AAChC,QAAI,KAAK,gBAAgB;AACvB;AAAA,IACF;AACA,QAAI,KAAK,iBAAiB,mBAAmB;AAC3C;AAAA,IACF;AAEA,SAAK;AACL,UAAM,QAAQ,KAAK,IAAI,MAAQ,KAAK,IAAI,GAAG,KAAK,oBAAoB,CAAC,GAAG,GAAO;AAC/E,SAAK,IAAI,MAAM,yBAAyB,QAAQ,GAAI,cAAc,KAAK,iBAAiB,GAAG;AAE3F,SAAK,iBAAiB,KAAK,OAAO,WAAW,MAAM;AACjD,WAAK,iBAAiB;AACtB,UAAI,KAAK,YAAY,KAAK,cAAc;AACtC,aAAK,KAAK,QAAQ,KAAK,UAAU,KAAK,YAAY;AAAA,MACpD;AAAA,IACF,GAAG,KAAK;AAAA,EACV;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYQ,oBAA6B;AAhdvC;AAidI,UAAM,QAAQ,KAAK;AACnB,QAAI,CAAC,SAAS,CAAC,MAAM,eAAe,CAAC,MAAM,eAAe,CAAC,MAAM,SAAS;AACxE,aAAO;AAAA,IACT;AACA,QAAI,MAAM,kBAAkB,KAAK,IAAI,GAAG;AACtC,aAAO;AAAA,IACT;AACA,QAAI;AACJ,QAAI;AACF,kBAAY,KAAK,oBAAoB,MAAM,SAAS,MAAM,OAAO;AAAA,IACnE,SAAS,GAAG;AACV,WAAK,IAAI;AAAA,QACP,gCAAgC,aAAa,QAAQ,EAAE,UAAU,OAAO,CAAC,CAAC;AAAA,MAC5E;AACA,aAAO;AAAA,IACT;AACA,SAAK,eAAe,MAAM;AAC1B,SAAK,YAAY,MAAM;AACvB,SAAK,eAAe,MAAM;AAC1B,eAAK,YAAL,8BAAe,KAAK;AACpB,UAAM,WAAW,MAAM,MAAM,SAAS,IAAI,KAAK,WAAW;AAC1D,SAAK,IAAI,KAAK,kDAAkD;AAChE,SAAK,2BAA2B;AAChC,SAAK,SAAS,KAAK,QAAQ,WAAW,MAAM,WAAW,SAAS;AAAA,MAC9D;AAAA,MACA,KAAK,UAAU;AAAA,MACf,MAAM,UAAU;AAAA,MAChB,IAAI,UAAU;AAAA,MACd,iBAAiB;AAAA,MACjB,WAAW;AAAA,MACX,iBAAiB;AAAA,MACjB,oBAAoB;AAAA,IACtB,CAAC;AACD,SAAK,qBAAqB;AAC1B,SAAK,yBAAyB,MAAM,cAAc;AAClD,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOQ,uBAA6B;AACnC,QAAI,CAAC,KAAK,QAAQ;AAChB;AAAA,IACF;AACA,SAAK,OAAO,GAAG,WAAW,MAAM;AAhgBpC;AAigBM,WAAK,2BAA2B;AAChC,WAAK,oBAAoB;AACzB,WAAK,gBAAgB;AACrB,UAAI,KAAK,mBAAmB;AAC1B,aAAK,IAAI,KAAK,0BAA0B;AACxC,aAAK,oBAAoB;AAAA,MAC3B,OAAO;AACL,aAAK,IAAI,KAAK,2BAA2B;AAAA,MAC3C;AACA,iBAAK,WAAL,mBAAa,UAAU,KAAK,cAAc,EAAE,KAAK,EAAE,GAAG,SAAO;AA1gBnE,YAAAA;AA2gBQ,YAAI,KAAK;AACP,eAAK,IAAI,KAAK,0BAA0B,IAAI,OAAO,EAAE;AAAA,QACvD,OAAO;AACL,eAAK,IAAI,MAAM,kCAAkC;AACjD,WAAAA,MAAA,KAAK,iBAAL,gBAAAA,IAAA,WAAoB;AAAA,QACtB;AAAA,MACF;AAAA,IACF,CAAC;AACD,SAAK,OAAO,GAAG,WAAW,CAAC,OAAO,YAAY;AAC5C,WAAK,cAAc,SAAS,KAAK;AAAA,IACnC,CAAC;AACD,SAAK,OAAO,GAAG,SAAS,SAAO;AAC7B,WAAK,IAAI,MAAM,eAAe,IAAI,OAAO,EAAE;AAAA,IAC7C,CAAC;AACD,SAAK,OAAO,GAAG,SAAS,MAAM;AAzhBlC;AA0hBM,iBAAK,iBAAL,8BAAoB;AAKpB,UAAI,KAAK,0BAA0B;AACjC,aAAK,2BAA2B;AAChC,aAAK,YAAY;AACjB,aAAK,IAAI,KAAK,sEAAiE;AAAA,MACjF;AACA,UAAI,CAAC,KAAK,mBAAmB;AAC3B,aAAK,oBAAoB;AACzB,aAAK,IAAI,MAAM,yCAAoC;AAAA,MACrD;AACA,WAAK,kBAAkB;AAAA,IACzB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBQ,yBAAyB,WAAyB;AACxD,QAAI,KAAK,cAAc;AACrB,WAAK,OAAO,aAAa,KAAK,YAAY;AAC1C,WAAK,eAAe;AAAA,IACtB;AACA,UAAM,YAAY,YAAY,IAAI,KAAK;AACvC,UAAM,QAAQ,YAAY,KAAK,IAAI;AACnC,QAAI,SAAS,GAAG;AACd;AAAA,IACF;AACA,SAAK,eAAe,KAAK,OAAO,WAAW,MAAM;AAC/C,WAAK,eAAe;AACpB,WAAK,KAAK,sBAAsB;AAAA,IAClC,GAAG,KAAK;AAAA,EACV;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAc,wBAAuC;AAnlBvD;AAolBI,SAAK,IAAI,MAAM,yCAAyC;AACxD,QAAI;AACF,YAAM,YAAY,MAAM,KAAK,MAAM;AACnC,UAAI,CAAC,UAAU,QAAQ;AAKrB,cAAM,UAAS,eAAU,WAAV,YAAoB;AACnC,aAAK,IAAI,MAAM,mDAAmD,MAAM,+BAA0B;AAClG;AAAA,MACF;AACA,WAAK,eAAe,UAAU,OAAO;AACrC,iBAAK,YAAL,8BAAe,KAAK;AAIpB,YAAM,UAAS,qBAAU,OAAO,uBAAjB,YAAuC,UAAU,OAAO,qBAAxD,YAA4E;AAC3F,YAAM,eAAe,KAAK,IAAI,IAAI,SAAS;AAC3C,UAAI;AACF,cAAM,UAAU,MAAM,KAAK,UAAU;AACrC,aAAI,wCAAS,SAAT,mBAAe,UAAU;AAC3B,qBAAK,yBAAL,8BAA4B;AAAA,YAC1B,aAAa,KAAK;AAAA,YAClB,aAAa,QAAQ,KAAK;AAAA,YAC1B,SAAS,QAAQ,KAAK;AAAA,YACtB,SAAS,QAAQ,KAAK;AAAA,YACtB,WAAW,KAAK;AAAA,YAChB,cAAc,KAAK;AAAA,YACnB,gBAAgB;AAAA,UAClB;AAAA,QACF;AAAA,MACF,SAAS,GAAG;AACV,aAAK,IAAI,MAAM,kCAAkC,aAAa,QAAQ,EAAE,UAAU,OAAO,CAAC,CAAC,EAAE;AAAA,MAC/F;AACA,WAAK,yBAAyB,YAAY;AAAA,IAC5C,SAAS,GAAG;AAIV,WAAK,IAAI;AAAA,QACP,iCAAiC,aAAa,QAAQ,EAAE,UAAU,OAAO,CAAC,CAAC;AAAA,MAC7E;AAAA,IACF;AAAA,EACF;AAAA;AAAA,EAGQ,QAAqC;AAnoB/C;AAooBI,UAAM,OAA+B;AAAA,MACnC,OAAO,KAAK;AAAA,MACZ,UAAU,KAAK;AAAA,MACf,QAAQ,KAAK;AAAA,IACf;AACA,UAAM,SAAQ,UAAK,qBAAL,YAAyB,IAAI,KAAK;AAChD,QAAI,MAAM;AACR,WAAK,OAAO;AAAA,IACd;AACA,eAAO,iCAAiC;AAAA,MACtC,QAAQ;AAAA,MACR,KAAK;AAAA,MACL,SAAS;AAAA,QACP,YAAY;AAAA,QACZ,UAAU,KAAK;AAAA,QACf,YAAY;AAAA,QACZ,YAAY;AAAA,QACZ,WAAW,OAAO,KAAK,IAAI,CAAC;AAAA,QAC5B,cAAc;AAAA,MAChB;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,0BAAyC;AAC7C,UAAM,MAAM;AACZ,cAAM,iCAAsB;AAAA,MAC1B,QAAQ;AAAA,MACR;AAAA,MACA,SAAS;AAAA,QACP,YAAY;AAAA,QACZ,UAAU,KAAK;AAAA,QACf,YAAY;AAAA,QACZ,YAAY;AAAA,QACZ,WAAW,OAAO,KAAK,IAAI,CAAC;AAAA,QAC5B,cAAc;AAAA,MAChB;AAAA,MACA,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,OAAO,KAAK;AAAA,MACd;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA,EAGQ,YAA0C;AAChD,eAAO,iCAAkC;AAAA,MACvC,QAAQ;AAAA,MACR,KAAK;AAAA,MACL,SAAS;AAAA,QACP,eAAe,UAAU,KAAK,YAAY;AAAA,QAC1C,YAAY;AAAA,QACZ,UAAU,KAAK;AAAA,QACf,YAAY;AAAA,QACZ,cAAc;AAAA,MAChB;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,oBAAoB,WAAmB,UAA6D;AA/sB9G;AAgtBI,UAAM,SAAS,MAAM,KAAK,SAAS,SAAS;AAC5C,UAAM,UAAU,MAAM,KAAK,QAAQ,MAAM;AACzC,UAAM,MAAM,MAAM,OAAO,eAAe,SAAS,QAAQ;AAGzD,UAAM,UAAU,IAAI,QAAQ;AAAA,MAC1B,SAAS,MAAM,IAAI,KAAK;AAAA,IAC1B,CAAC;AACD,UAAM,UAAS,aAAQ,MAAM,IAAI,KAAK,mBAAmB,MAA1C,mBAA8C;AAC7D,QAAI,EAAC,iCAAQ,MAAK;AAChB,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AACA,UAAM,MAAM,MAAM,IAAI,gBAAgB,OAAO,GAAG;AAGhD,UAAM,WAAW,IAAI,QAAQ,EAAE,SAAS,MAAM,IAAI,KAAK,QAAQ,CAAC;AAChE,UAAM,WAAU,cAAS,MAAM,IAAI,KAAK,OAAO,MAA/B,mBAAmC;AACnD,QAAI,EAAC,mCAAS,OAAM;AAClB,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AACA,UAAM,OAAO,MAAM,IAAI,iBAAiB,QAAQ,IAAI;AAGpD,UAAM,KAAK;AAEX,WAAO,EAAE,KAAK,MAAM,GAAG;AAAA,EACzB;AACF;",
+  "sourcesContent": ["import * as crypto from \"node:crypto\";\nimport * as forge from \"node-forge\";\nimport * as mqtt from \"mqtt\";\nimport { httpsRequest } from \"./http-client\";\nimport { GOVEE_APP_VERSION, GOVEE_CLIENT_TYPE, GOVEE_USER_AGENT, deriveGoveeClientId } from \"./govee-constants\";\nimport {\n  classifyError,\n  type ErrorCategory,\n  type GoveeIotKeyResponse,\n  type GoveeLoginResponse,\n  type MqttStatusUpdate,\n  type PersistedMqttCredentials,\n  type TimerAdapter,\n} from \"./types\";\n\n/** Max consecutive auth failures before giving up */\nconst MAX_AUTH_FAILURES = 3;\n\nconst LOGIN_URL = \"https://app2.govee.com/account/rest/account/v2/login\";\nconst IOT_KEY_URL = \"https://app2.govee.com/app/v1/account/iot/key\";\n\n/** Amazon Root CA 1 \u2014 required for AWS IoT Core TLS */\nconst AMAZON_ROOT_CA1 = `-----BEGIN CERTIFICATE-----\nMIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF\nADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\nb24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL\nMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv\nb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj\nca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM\n9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw\nIFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6\nVOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L\n93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm\njgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\nAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA\nA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI\nU5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs\nN+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv\no/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU\n5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy\nrqXRfboQnoZsG4q5WTP468SQvvG5\n-----END CERTIFICATE-----`;\n\n/** Callback for MQTT status updates */\nexport type MqttStatusCallback = (update: MqttStatusUpdate) => void;\n\n/** Callback for MQTT connection state changes */\nexport type MqttConnectionCallback = (connected: boolean) => void;\n\n/** Callback fired each time the login hands us a fresh bearer token */\nexport type MqttTokenCallback = (token: string) => void;\n\n/**\n * Govee AWS IoT MQTT client for real-time status and control.\n * Authenticates via Govee account, connects to AWS IoT Core with mutual TLS.\n */\nexport class GoveeMqttClient {\n  private readonly email: string;\n  private readonly password: string;\n  private readonly log: ioBroker.Logger;\n  private readonly timers: TimerAdapter;\n  private client: mqtt.MqttClient | null = null;\n  private accountTopic = \"\";\n  private _bearerToken = \"\";\n  private accountId = \"\";\n  /**\n   * Stable session UUID, generated once per adapter process.\n   * AWS IoT uses the clientId to track connection ownership \u2014 reusing the\n   * same id on reconnect lets the broker cleanly take over from a stale\n   * socket instead of refusing a new connection while the old one lingers.\n   */\n  private readonly sessionUuid: string = crypto.randomUUID();\n  private reconnectTimer: ioBroker.Timeout | undefined = undefined;\n  private reconnectAttempts = 0;\n  private authFailCount = 0;\n  private lastErrorCategory: ErrorCategory | null = null;\n  private onStatus: MqttStatusCallback | null = null;\n  private onConnection: MqttConnectionCallback | null = null;\n  private onToken: MqttTokenCallback | null = null;\n  /**\n   * Diagnostics hook \u2014 called for each parsed message with the device id,\n   * source topic and any op.command hex strings. The hook is responsible\n   * for forwarding to a DiagnosticsCollector if one is set up.\n   */\n  private onPacket: ((deviceId: string, topic: string, hex: string) => void) | null = null;\n\n  /** Account-derived client ID (UUIDv5(email)) \u2014 stable per account, distinct per user. */\n  private readonly clientId: string;\n\n  /** Optional 2FA code \u2014 set once after a 454, sent in the next login body, then cleared. */\n  private verificationCode: string = \"\";\n\n  /** Fired after a successful login that consumed a verification code, so the adapter can blank the settings field. */\n  private onVerificationConsumed: (() => void) | null = null;\n\n  /** Fired on 454 (pending) or 455 (failed) so the adapter can surface the actionable warning + auto-clear the code on failed. */\n  private onVerificationFailed: ((reason: \"pending\" | \"failed\") => void) | null = null;\n\n  /**\n   * @param email Govee account email\n   * @param password Govee account password\n   * @param log ioBroker logger\n   * @param timers Timer adapter\n   */\n  constructor(email: string, password: string, log: ioBroker.Logger, timers: TimerAdapter) {\n    this.email = email;\n    this.password = password;\n    this.log = log;\n    this.timers = timers;\n    this.clientId = deriveGoveeClientId(email);\n  }\n\n  /**\n   * Set the optional 2FA verification code. Empty string clears it.\n   *\n   * @param code Code from the Govee verification email\n   */\n  setVerificationCode(code: string): void {\n    this.verificationCode = (code ?? \"\").trim();\n  }\n\n  /**\n   * Hook called when a login successfully consumed a verification code.\n   * Adapter wires this to clear the settings field.\n   *\n   * @param cb Callback\n   */\n  setOnVerificationConsumed(cb: (() => void) | null): void {\n    this.onVerificationConsumed = cb;\n  }\n\n  /**\n   * Hook called when Govee returned 454 (pending) or 455 (failed). Reason\n   * lets the adapter clear the settings field on `failed` and prompt the\n   * user to request a code on `pending`.\n   *\n   * @param cb Callback\n   */\n  setOnVerificationFailed(cb: ((reason: \"pending\" | \"failed\") => void) | null): void {\n    this.onVerificationFailed = cb;\n  }\n\n  /** Bearer token from login \u2014 available after connect, used for undocumented API */\n  get token(): string {\n    return this._bearerToken;\n  }\n\n  /**\n   * Short user-facing reason for \"MQTT not connected\", or null if the\n   * client has never seen an error. Used by the adapter ready-summary\n   * to give a concrete message instead of \"still pending\".\n   */\n  getFailureReason(): string | null {\n    if (this.connected) {\n      return null;\n    }\n    switch (this.lastErrorCategory) {\n      case \"VERIFICATION_PENDING\":\n        return \"Govee asked for verification \u2014 request a code in adapter settings\";\n      case \"VERIFICATION_FAILED\":\n        return \"verification code rejected \u2014 request a fresh code\";\n      case \"AUTH\":\n        return this.authFailCount >= MAX_AUTH_FAILURES\n          ? \"login rejected \u2014 check email/password\"\n          : \"login failed (will retry)\";\n      case \"RATE_LIMIT\":\n        return \"rate-limited by Govee \u2014 will retry\";\n      case \"NETWORK\":\n        return \"cannot reach Govee servers \u2014 will retry\";\n      case \"TIMEOUT\":\n        return \"connection timeout \u2014 will retry\";\n      case \"UNKNOWN\":\n        return \"login rejected \u2014 see earlier log\";\n      case null:\n      default:\n        return null;\n    }\n  }\n\n  /** Persisted credentials from a previous run; null until setPersistedCredentials() is called. */\n  private persisted: PersistedMqttCredentials | null = null;\n  /** Hook fired after a successful login so the adapter can persist the new credentials. */\n  private onCredentialsRefresh: ((creds: PersistedMqttCredentials) => void) | null = null;\n  /** Pre-scheduled timer for proactive token refresh (5 min before expiry). */\n  private refreshTimer: ioBroker.Timeout | undefined = undefined;\n\n  /**\n   * True between calling mqtt.connect() with persisted creds and the first\n   * `connect` event. If `close` fires while this is still true, the cached\n   * cert/token are invalid \u2014 wipe them so the next attempt does a fresh login.\n   */\n  private persistedAttemptInFlight = false;\n\n  /**\n   * Hand the client persisted credentials from a previous successful login.\n   * If the bearer token is not yet expired, the next connect() will skip the\n   * full login flow and try MQTT with the stored cert directly.\n   *\n   * @param creds Persisted credentials, or null to clear\n   */\n  setPersistedCredentials(creds: PersistedMqttCredentials | null): void {\n    this.persisted = creds;\n  }\n\n  /**\n   * Fired after a successful login so the adapter can write the bundle to\n   * `encryptedNative`/`native`. Includes the (potentially refreshed) TTL.\n   *\n   * @param cb Callback\n   */\n  setOnCredentialsRefresh(cb: ((creds: PersistedMqttCredentials) => void) | null): void {\n    this.onCredentialsRefresh = cb;\n  }\n\n  /**\n   * Connect to Govee MQTT.\n   * Flow: Login \u2192 Get IoT Key \u2192 Extract certs from P12 \u2192 Connect MQTT\n   *\n   * @param onStatus Called on device status updates\n   * @param onConnection Called on connection state changes\n   * @param onToken Called with every fresh bearer token (initial + each reconnect-login)\n   */\n  async connect(\n    onStatus: MqttStatusCallback,\n    onConnection: MqttConnectionCallback,\n    onToken?: MqttTokenCallback,\n  ): Promise<void> {\n    this.onStatus = onStatus;\n    this.onConnection = onConnection;\n    if (onToken) {\n      this.onToken = onToken;\n    }\n\n    try {\n      // Step 0: Try the persisted credentials first. If the cached bearer\n      // token is still inside its TTL and the stored P12 cert lets us connect,\n      // skip the full login flow \u2014 that avoids spamming the user's email\n      // with a 2FA verification request on every adapter restart.\n      if (this.tryPersistedReuse()) {\n        return;\n      }\n\n      // Step 1: Login\n      const codeWasSent = (this.verificationCode ?? \"\").trim().length > 0;\n      const loginResp = await this.login();\n      if (!loginResp.client) {\n        const apiStatus = loginResp.status ?? 0;\n        const apiMsg = loginResp.message ?? \"unknown error\";\n        const statusStr = `(status ${apiStatus || \"?\"})`;\n        // Classify the Govee response to avoid misleading error messages.\n        // 454/455 (2FA) MUST come before generic AUTH so the user gets the\n        // correct \"request a code\" hint instead of \"check email/password\".\n        if (apiStatus === 455 || (apiStatus === 454 && codeWasSent)) {\n          throw new Error(`Verification code invalid or expired ${statusStr}`);\n        }\n        if (apiStatus === 454) {\n          throw new Error(`Verification required by Govee \u2014 request a code via Adapter settings ${statusStr}`);\n        }\n        if (apiStatus === 429 || /too many|rate.?limit|frequent|throttl/i.test(apiMsg)) {\n          throw new Error(`Rate limited by Govee: ${apiMsg} ${statusStr}`);\n        }\n        if (apiStatus === 451 || /not.*registered/i.test(apiMsg)) {\n          throw new Error(`Login failed: email not registered ${statusStr}`);\n        }\n        if (apiStatus === 401 || /password|credential|unauthorized/i.test(apiMsg)) {\n          throw new Error(`Login failed: ${apiMsg} ${statusStr}`);\n        }\n        // Account temporarily locked \u2014 NOT a credential error, keep reconnecting\n        if (/abnormal|blocked|suspended|disabled/i.test(apiMsg)) {\n          throw new Error(`Account temporarily locked by Govee: ${apiMsg} ${statusStr}`);\n        }\n        // Other account issues, maintenance, etc.\n        throw new Error(`Govee login rejected: ${apiMsg} ${statusStr}`);\n      }\n      // Login OK \u2014 if a verification code was used, signal the adapter to clear it\n      if (codeWasSent) {\n        this.onVerificationConsumed?.();\n      }\n      this._bearerToken = loginResp.client.token;\n      this.accountId = String(loginResp.client.accountId);\n      this.accountTopic = loginResp.client.topic;\n      // Notify dependents (e.g. api-client for authenticated library endpoints)\n      // so they don't keep a stale token after a long-delay reconnect.\n      this.onToken?.(this._bearerToken);\n\n      // Step 2: Get IoT credentials\n      const iotResp = await this.getIotKey();\n      if (!iotResp.data?.endpoint) {\n        throw new Error(\"IoT key response missing endpoint/certificate data\");\n      }\n      const { endpoint, p12, p12Pass } = iotResp.data;\n\n      // Step 3: Extract key + cert from P12\n      const { key, cert, ca } = this.extractCertsFromP12(p12, p12Pass);\n\n      // Persist the fresh credentials so the next adapter restart skips this\n      // whole login dance (and avoids the 2FA email storm). TTL comes from\n      // Govee \u2014 `token_expire_cycle` (snake) or `tokenExpireCycle` (camel),\n      // depending on the response variant. 1h fallback if Govee sends nothing.\n      const ttlSec = loginResp.client.token_expire_cycle ?? loginResp.client.tokenExpireCycle ?? 3600;\n      const expiresAt = Date.now() + ttlSec * 1000;\n      this.onCredentialsRefresh?.({\n        bearerToken: this._bearerToken,\n        iotEndpoint: endpoint,\n        p12Cert: p12,\n        p12Pass,\n        accountId: this.accountId,\n        accountTopic: this.accountTopic,\n        tokenExpiresAt: expiresAt,\n      });\n      this.scheduleProactiveRefresh(expiresAt);\n\n      // Step 4: Connect MQTT with mutual TLS\n      const clientId = `AP/${this.accountId}/${this.sessionUuid}`;\n      this.client = mqtt.connect(`mqtts://${endpoint}:8883`, {\n        clientId,\n        key,\n        cert,\n        ca,\n        protocolVersion: 4,\n        keepalive: 60,\n        reconnectPeriod: 0, // We handle reconnect ourselves\n        rejectUnauthorized: true,\n      });\n\n      this.attachClientHandlers();\n    } catch (err) {\n      const category = classifyError(err);\n      const msg = `MQTT connection failed: ${err instanceof Error ? err.message : String(err)}`;\n\n      // State-Sync: connect() throw = not connected, unabh\u00E4ngig von Fehlertyp\n      this.onConnection?.(false);\n\n      // Govee verification 454: pause reconnect until the user submits a\n      // code via Settings (which triggers an adapter restart). Don't\n      // increment auth-failure counter \u2014 this is not a credential error.\n      //\n      // Wording: Govee returns 454 the first time a particular client-id\n      // tries to log in, regardless of whether the user enabled 2FA on\n      // their account. It's a \"new client, please verify once\" handshake\n      // \u2014 not \"you have 2FA enabled\". Earlier wording was scaring users\n      // whose accounts are 2FA-free. The actual message says: this is a\n      // one-time setup per client.\n      //\n      // Dedup: only warn on the FIRST occurrence of this category (per\n      // adapter lifetime). Subsequent reconnect attempts that hit the\n      // same 454 are demoted to debug.\n      if (category === \"VERIFICATION_PENDING\") {\n        const isNew = this.lastErrorCategory !== category;\n        this.lastErrorCategory = category;\n        if (isNew) {\n          this.log.warn(\"MQTT not connected: Govee asked for verification \u2014 request a code in adapter settings\");\n        } else {\n          this.log.debug(\"MQTT verification still pending (Govee returned 454 again)\");\n        }\n        if (this.onVerificationFailed) {\n          this.onVerificationFailed(\"pending\");\n        }\n        return;\n      }\n      if (category === \"VERIFICATION_FAILED\") {\n        const isNew = this.lastErrorCategory !== category;\n        this.lastErrorCategory = category;\n        if (isNew) {\n          this.log.warn(\"MQTT not connected: verification code rejected \u2014 request a fresh code\");\n        } else {\n          this.log.debug(\"MQTT verification code rejected again (Govee returned 455)\");\n        }\n        if (this.onVerificationFailed) {\n          this.onVerificationFailed(\"failed\");\n        }\n        return;\n      }\n\n      // Auth backoff \u2014 stop reconnecting after repeated auth failures\n      if (category === \"AUTH\") {\n        this.authFailCount++;\n        if (this.authFailCount >= MAX_AUTH_FAILURES) {\n          this.log.warn(\"MQTT not connected: login rejected \u2014 check email/password\");\n          return;\n        }\n      } else {\n        this.authFailCount = 0;\n      }\n\n      // Error dedup \u2014 warn on first/new category, debug on repeat\n      if (category !== this.lastErrorCategory) {\n        this.lastErrorCategory = category;\n        this.log.warn(msg);\n      } else {\n        this.log.debug(msg);\n      }\n\n      this.scheduleReconnect();\n    }\n  }\n\n  /** Whether MQTT is currently connected */\n  get connected(): boolean {\n    return this.client?.connected ?? false;\n  }\n\n  /** Disconnect and cleanup */\n  disconnect(): void {\n    if (this.reconnectTimer) {\n      this.timers.clearTimeout(this.reconnectTimer);\n      this.reconnectTimer = undefined;\n    }\n    if (this.client) {\n      this.client.removeAllListeners();\n      this.client.on(\"error\", () => {\n        /* ignore late errors */\n      });\n      this.client.end(true);\n      this.client = null;\n    }\n  }\n\n  /**\n   * Parse MQTT status message\n   *\n   * @param payload Raw MQTT message buffer\n   * @param topic   AWS-IoT topic the message arrived on\n   */\n  private handleMessage(payload: Buffer, topic: string): void {\n    try {\n      const raw = JSON.parse(payload.toString()) as Record<string, unknown>;\n\n      // Defensive \u2014 blind casts would crash downstream if Govee pushes\n      // unexpected types. Validate each field before constructing the update.\n      const sku = typeof raw.sku === \"string\" ? raw.sku : \"\";\n      const device = typeof raw.device === \"string\" ? raw.device : \"\";\n      const state = raw.state && typeof raw.state === \"object\" ? (raw.state as MqttStatusUpdate[\"state\"]) : undefined;\n      const op = raw.op && typeof raw.op === \"object\" ? (raw.op as MqttStatusUpdate[\"op\"]) : undefined;\n\n      if (sku || device) {\n        this.onStatus?.({ sku, device, state, op });\n        if (this.onPacket && device && Array.isArray(op?.command)) {\n          for (const cmd of op.command) {\n            if (typeof cmd === \"string\" && cmd) {\n              this.onPacket(device, topic, cmd);\n            }\n          }\n        }\n      }\n    } catch {\n      this.log.debug(`MQTT: Failed to parse message: ${payload.toString().slice(0, 200)}`);\n    }\n  }\n\n  /**\n   * Register a hook called for every parsed MQTT packet. Used by the\n   * adapter to forward op.command hex strings into the DiagnosticsCollector\n   * for `diag.export`.\n   *\n   * @param cb Callback receiving (deviceId, topic, hex)\n   */\n  setPacketHook(cb: ((deviceId: string, topic: string, hex: string) => void) | null): void {\n    this.onPacket = cb;\n  }\n\n  /** Schedule reconnect with exponential backoff */\n  private scheduleReconnect(): void {\n    if (this.reconnectTimer) {\n      return;\n    }\n    if (this.authFailCount >= MAX_AUTH_FAILURES) {\n      return;\n    }\n\n    this.reconnectAttempts++;\n    const delay = Math.min(5_000 * Math.pow(2, this.reconnectAttempts - 1), 300_000);\n    this.log.debug(`MQTT: Reconnecting in ${delay / 1000}s (attempt ${this.reconnectAttempts})`);\n\n    this.reconnectTimer = this.timers.setTimeout(() => {\n      this.reconnectTimer = undefined;\n      if (this.onStatus && this.onConnection) {\n        void this.connect(this.onStatus, this.onConnection);\n      }\n    }, delay);\n  }\n\n  /**\n   * Reuse path: if a persisted bundle exists and is not expired yet, try\n   * MQTT directly with the stored cert. Returns true if a connection was\n   * initiated (caller should NOT continue to login).\n   *\n   * Uses the same ON-event handlers as the full login path \u2014 a successful\n   * connect publishes `mqttConnected: true` exactly like a fresh login.\n   * On failure (cert rejected, token revoked, network) we just return false\n   * and the caller falls through to the full login.\n   */\n  private tryPersistedReuse(): boolean {\n    const creds = this.persisted;\n    if (!creds || !creds.bearerToken || !creds.iotEndpoint || !creds.p12Cert) {\n      return false;\n    }\n    if (creds.tokenExpiresAt <= Date.now()) {\n      return false;\n    }\n    let extracted;\n    try {\n      extracted = this.extractCertsFromP12(creds.p12Cert, creds.p12Pass);\n    } catch (e) {\n      this.log.debug(\n        `Persisted P12 cert unusable: ${e instanceof Error ? e.message : String(e)} \u2014 falling back to fresh login`,\n      );\n      return false;\n    }\n    this._bearerToken = creds.bearerToken;\n    this.accountId = creds.accountId;\n    this.accountTopic = creds.accountTopic;\n    this.onToken?.(this._bearerToken);\n    const clientId = `AP/${creds.accountId}/${this.sessionUuid}`;\n    this.log.debug(\"MQTT: trying cached credentials (no fresh login)\");\n    this.persistedAttemptInFlight = true;\n    this.client = mqtt.connect(`mqtts://${creds.iotEndpoint}:8883`, {\n      clientId,\n      key: extracted.key,\n      cert: extracted.cert,\n      ca: extracted.ca,\n      protocolVersion: 4,\n      keepalive: 60,\n      reconnectPeriod: 0,\n      rejectUnauthorized: true,\n    });\n    this.attachClientHandlers();\n    this.scheduleProactiveRefresh(creds.tokenExpiresAt);\n    return true;\n  }\n\n  /**\n   * Attach the standard `connect` / `message` / `error` / `close` handlers\n   * to the current `this.client`. Extracted so both paths (fresh login and\n   * persisted reuse) share exactly the same event wiring.\n   */\n  private attachClientHandlers(): void {\n    if (!this.client) {\n      return;\n    }\n    this.client.on(\"connect\", () => {\n      this.persistedAttemptInFlight = false;\n      this.reconnectAttempts = 0;\n      this.authFailCount = 0;\n      if (this.lastErrorCategory) {\n        this.log.info(\"MQTT connection restored\");\n        this.lastErrorCategory = null;\n      } else {\n        this.log.info(\"MQTT connected\");\n      }\n      this.client?.subscribe(this.accountTopic, { qos: 0 }, err => {\n        if (err) {\n          this.log.warn(`MQTT subscribe failed: ${err.message}`);\n        } else {\n          this.log.debug(\"MQTT subscribed to account topic\");\n          this.onConnection?.(true);\n        }\n      });\n    });\n    this.client.on(\"message\", (topic, payload) => {\n      this.handleMessage(payload, topic);\n    });\n    this.client.on(\"error\", err => {\n      this.log.debug(`MQTT error: ${err.message}`);\n    });\n    this.client.on(\"close\", () => {\n      this.onConnection?.(false);\n      // Cached cert/token failed before producing a single successful\n      // connect \u2014 assume the bundle is stale (cert revoked, token\n      // expired before our TTL guess, account topic changed). Wipe it\n      // so scheduleReconnect \u2192 connect() falls through to a fresh login.\n      if (this.persistedAttemptInFlight) {\n        this.persistedAttemptInFlight = false;\n        this.persisted = null;\n        this.log.debug(\"MQTT: cached credentials rejected \u2014 falling back to fresh login\");\n      }\n      if (!this.lastErrorCategory) {\n        this.lastErrorCategory = \"NETWORK\";\n        this.log.debug(\"MQTT disconnected \u2014 will reconnect\");\n      }\n      this.scheduleReconnect();\n    });\n  }\n\n  /**\n   * Schedule a proactive token refresh 5 minutes before bearer expiry.\n   *\n   * v2.1.0 disconnect+reconnect was disruptive: it killed the live MQTT\n   * session, then triggered a fresh login. If Govee responded with 454\n   * (e.g. account flagged for re-verification), the user saw the 2FA\n   * warning even though MQTT was previously working \u2014 and the\n   * disconnect dropped status push for the duration of the re-auth.\n   *\n   * v2.1.1: silent re-login. We just call /v1/login, save the new\n   * bearer + cert (so the next adapter restart skips full login), and\n   * let the existing MQTT session keep running. The current cert may\n   * stay valid past the bearer's expiry \u2014 losing the bearer only\n   * affects API-key-less REST calls, not the live MQTT push channel.\n   *\n   * @param expiresAt ms-timestamp at which the bearer token will be rejected\n   */\n  private scheduleProactiveRefresh(expiresAt: number): void {\n    if (this.refreshTimer) {\n      this.timers.clearTimeout(this.refreshTimer);\n      this.refreshTimer = undefined;\n    }\n    const refreshAt = expiresAt - 5 * 60 * 1000;\n    const delay = refreshAt - Date.now();\n    if (delay <= 0) {\n      return;\n    }\n    this.refreshTimer = this.timers.setTimeout(() => {\n      this.refreshTimer = undefined;\n      void this.refreshBearerSilently();\n    }, delay);\n  }\n\n  /**\n   * Refresh the bearer token without disconnecting MQTT. Called by the\n   * proactive-refresh timer. Failures don't disrupt the live session \u2014\n   * the next reconnect-cycle (if Govee invalidates the cert) handles\n   * recovery via the normal connect() path.\n   */\n  private async refreshBearerSilently(): Promise<void> {\n    this.log.debug(\"Proactive MQTT bearer refresh triggered\");\n    try {\n      const loginResp = await this.login();\n      if (!loginResp.client) {\n        // Login was rejected (454 / 455 / locked / rate-limited). Keep\n        // the current MQTT connection alive. If the bearer is needed\n        // for a REST call later, that call's catch path will surface\n        // the actual error to the user.\n        const status = loginResp.status ?? 0;\n        this.log.debug(`Silent bearer refresh declined by Govee (status ${status}) \u2014 current session kept`);\n        return;\n      }\n      this._bearerToken = loginResp.client.token;\n      this.onToken?.(this._bearerToken);\n      // Persist the new bearer + cert so the next restart skips full\n      // login. Cert may be the same as before (unchanged P12) \u2014 js-controller\n      // re-encrypts identical bytes anyway, no harm done.\n      const ttlSec = loginResp.client.token_expire_cycle ?? loginResp.client.tokenExpireCycle ?? 3600;\n      const newExpiresAt = Date.now() + ttlSec * 1000;\n      try {\n        const iotResp = await this.getIotKey();\n        if (iotResp?.data?.endpoint) {\n          this.onCredentialsRefresh?.({\n            bearerToken: this._bearerToken,\n            iotEndpoint: iotResp.data.endpoint,\n            p12Cert: iotResp.data.p12,\n            p12Pass: iotResp.data.p12Pass,\n            accountId: this.accountId,\n            accountTopic: this.accountTopic,\n            tokenExpiresAt: newExpiresAt,\n          });\n        }\n      } catch (e) {\n        this.log.debug(`Silent IoT-key refresh failed: ${e instanceof Error ? e.message : String(e)}`);\n      }\n      this.scheduleProactiveRefresh(newExpiresAt);\n    } catch (e) {\n      // Network error / 5xx \u2014 not a release-blocker. The live MQTT\n      // session continues; the next reconnect-cycle (if needed) will\n      // try a full login.\n      this.log.debug(\n        `Silent bearer refresh failed: ${e instanceof Error ? e.message : String(e)} \u2014 current session kept`,\n      );\n    }\n  }\n\n  /** Login to Govee account */\n  private login(): Promise<GoveeLoginResponse> {\n    const body: Record<string, string> = {\n      email: this.email,\n      password: this.password,\n      client: this.clientId,\n    };\n    const code = (this.verificationCode ?? \"\").trim();\n    if (code) {\n      body.code = code;\n    }\n    return httpsRequest<GoveeLoginResponse>({\n      method: \"POST\",\n      url: LOGIN_URL,\n      headers: {\n        appVersion: GOVEE_APP_VERSION,\n        clientId: this.clientId,\n        clientType: GOVEE_CLIENT_TYPE,\n        iotVersion: \"0\",\n        timestamp: String(Date.now()),\n        \"User-Agent\": GOVEE_USER_AGENT,\n      },\n      body,\n    });\n  }\n\n  /**\n   * Trigger Govee's verification-code email. Govee sends a one-time code\n   * to the account email; the user pastes it into Settings.\n   *\n   * Status 200 \u2192 email queued. The response body is irrelevant for the\n   * adapter \u2014 Govee may include a tracking token but we don't use it.\n   *\n   * Throws on non-200 or network failure so the caller (onMessage handler)\n   * can surface the error to the admin UI.\n   */\n  async requestVerificationCode(): Promise<void> {\n    const url = \"https://app2.govee.com/account/rest/account/v1/verification\";\n    await httpsRequest<unknown>({\n      method: \"POST\",\n      url,\n      headers: {\n        appVersion: GOVEE_APP_VERSION,\n        clientId: this.clientId,\n        clientType: GOVEE_CLIENT_TYPE,\n        iotVersion: \"0\",\n        timestamp: String(Date.now()),\n        \"User-Agent\": GOVEE_USER_AGENT,\n      },\n      body: {\n        type: 8,\n        email: this.email,\n      },\n    });\n  }\n\n  /** Get IoT key (P12 certificate) */\n  private getIotKey(): Promise<GoveeIotKeyResponse> {\n    return httpsRequest<GoveeIotKeyResponse>({\n      method: \"GET\",\n      url: IOT_KEY_URL,\n      headers: {\n        Authorization: `Bearer ${this._bearerToken}`,\n        appVersion: GOVEE_APP_VERSION,\n        clientId: this.clientId,\n        clientType: GOVEE_CLIENT_TYPE,\n        \"User-Agent\": GOVEE_USER_AGENT,\n      },\n    });\n  }\n\n  /**\n   * Extract PEM key + cert from PKCS12\n   *\n   * @param p12Base64 Base64-encoded PKCS12 data\n   * @param password PKCS12 password\n   */\n  private extractCertsFromP12(p12Base64: string, password: string): { key: string; cert: string; ca: string } {\n    const p12Der = forge.util.decode64(p12Base64);\n    const p12Asn1 = forge.asn1.fromDer(p12Der);\n    const p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, password);\n\n    // Extract private key\n    const keyBags = p12.getBags({\n      bagType: forge.pki.oids.pkcs8ShroudedKeyBag,\n    });\n    const keyBag = keyBags[forge.pki.oids.pkcs8ShroudedKeyBag]?.[0];\n    if (!keyBag?.key) {\n      throw new Error(\"No private key found in P12\");\n    }\n    const key = forge.pki.privateKeyToPem(keyBag.key);\n\n    // Extract certificate\n    const certBags = p12.getBags({ bagType: forge.pki.oids.certBag });\n    const certBag = certBags[forge.pki.oids.certBag]?.[0];\n    if (!certBag?.cert) {\n      throw new Error(\"No certificate found in P12\");\n    }\n    const cert = forge.pki.certificateToPem(certBag.cert);\n\n    // AWS IoT uses Amazon Root CA\n    const ca = AMAZON_ROOT_CA1;\n\n    return { key, cert, ca };\n  }\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,aAAwB;AACxB,YAAuB;AACvB,WAAsB;AACtB,yBAA6B;AAC7B,6BAA4F;AAC5F,mBAQO;AAGP,MAAM,oBAAoB;AAE1B,MAAM,YAAY;AAClB,MAAM,cAAc;AAGpB,MAAM,kBAAkB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAkCjB,MAAM,gBAAgB;AAAA,EACV;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACT,SAAiC;AAAA,EACjC,eAAe;AAAA,EACf,eAAe;AAAA,EACf,YAAY;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOH,cAAsB,OAAO,WAAW;AAAA,EACjD,iBAA+C;AAAA,EAC/C,oBAAoB;AAAA,EACpB,gBAAgB;AAAA,EAChB,oBAA0C;AAAA,EAC1C,WAAsC;AAAA,EACtC,eAA8C;AAAA,EAC9C,UAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMpC,WAA4E;AAAA;AAAA,EAGnE;AAAA;AAAA,EAGT,mBAA2B;AAAA;AAAA,EAG3B,yBAA8C;AAAA;AAAA,EAG9C,uBAAwE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQhF,YAAY,OAAe,UAAkB,KAAsB,QAAsB;AACvF,SAAK,QAAQ;AACb,SAAK,WAAW;AAChB,SAAK,MAAM;AACX,SAAK,SAAS;AACd,SAAK,eAAW,4CAAoB,KAAK;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,oBAAoB,MAAoB;AACtC,SAAK,oBAAoB,sBAAQ,IAAI,KAAK;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,0BAA0B,IAA+B;AACvD,SAAK,yBAAyB;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,wBAAwB,IAA2D;AACjF,SAAK,uBAAuB;AAAA,EAC9B;AAAA;AAAA,EAGA,IAAI,QAAgB;AAClB,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,mBAAkC;AAChC,QAAI,KAAK,WAAW;AAClB,aAAO;AAAA,IACT;AACA,YAAQ,KAAK,mBAAmB;AAAA,MAC9B,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO,KAAK,iBAAiB,oBACzB,+CACA;AAAA,MACN,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AAAA,MACL;AACE,eAAO;AAAA,IACX;AAAA,EACF;AAAA;AAAA,EAGQ,YAA6C;AAAA;AAAA,EAE7C,uBAA2E;AAAA;AAAA,EAE3E,eAA6C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAO7C,2BAA2B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASnC,wBAAwB,OAA8C;AACpE,SAAK,YAAY;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,wBAAwB,IAA8D;AACpF,SAAK,uBAAuB;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,QACJ,UACA,cACA,SACe;AAlOnB;AAmOI,SAAK,WAAW;AAChB,SAAK,eAAe;AACpB,QAAI,SAAS;AACX,WAAK,UAAU;AAAA,IACjB;AAEA,QAAI;AAKF,UAAI,KAAK,kBAAkB,GAAG;AAC5B;AAAA,MACF;AAGA,YAAM,gBAAe,UAAK,qBAAL,YAAyB,IAAI,KAAK,EAAE,SAAS;AAClE,YAAM,YAAY,MAAM,KAAK,MAAM;AACnC,UAAI,CAAC,UAAU,QAAQ;AACrB,cAAM,aAAY,eAAU,WAAV,YAAoB;AACtC,cAAM,UAAS,eAAU,YAAV,YAAqB;AACpC,cAAM,YAAY,WAAW,aAAa,GAAG;AAI7C,YAAI,cAAc,OAAQ,cAAc,OAAO,aAAc;AAC3D,gBAAM,IAAI,MAAM,wCAAwC,SAAS,EAAE;AAAA,QACrE;AACA,YAAI,cAAc,KAAK;AACrB,gBAAM,IAAI,MAAM,6EAAwE,SAAS,EAAE;AAAA,QACrG;AACA,YAAI,cAAc,OAAO,yCAAyC,KAAK,MAAM,GAAG;AAC9E,gBAAM,IAAI,MAAM,0BAA0B,MAAM,IAAI,SAAS,EAAE;AAAA,QACjE;AACA,YAAI,cAAc,OAAO,mBAAmB,KAAK,MAAM,GAAG;AACxD,gBAAM,IAAI,MAAM,sCAAsC,SAAS,EAAE;AAAA,QACnE;AACA,YAAI,cAAc,OAAO,oCAAoC,KAAK,MAAM,GAAG;AACzE,gBAAM,IAAI,MAAM,iBAAiB,MAAM,IAAI,SAAS,EAAE;AAAA,QACxD;AAEA,YAAI,uCAAuC,KAAK,MAAM,GAAG;AACvD,gBAAM,IAAI,MAAM,wCAAwC,MAAM,IAAI,SAAS,EAAE;AAAA,QAC/E;AAEA,cAAM,IAAI,MAAM,yBAAyB,MAAM,IAAI,SAAS,EAAE;AAAA,MAChE;AAEA,UAAI,aAAa;AACf,mBAAK,2BAAL;AAAA,MACF;AACA,WAAK,eAAe,UAAU,OAAO;AACrC,WAAK,YAAY,OAAO,UAAU,OAAO,SAAS;AAClD,WAAK,eAAe,UAAU,OAAO;AAGrC,iBAAK,YAAL,8BAAe,KAAK;AAGpB,YAAM,UAAU,MAAM,KAAK,UAAU;AACrC,UAAI,GAAC,aAAQ,SAAR,mBAAc,WAAU;AAC3B,cAAM,IAAI,MAAM,oDAAoD;AAAA,MACtE;AACA,YAAM,EAAE,UAAU,KAAK,QAAQ,IAAI,QAAQ;AAG3C,YAAM,EAAE,KAAK,MAAM,GAAG,IAAI,KAAK,oBAAoB,KAAK,OAAO;AAM/D,YAAM,UAAS,qBAAU,OAAO,uBAAjB,YAAuC,UAAU,OAAO,qBAAxD,YAA4E;AAC3F,YAAM,YAAY,KAAK,IAAI,IAAI,SAAS;AACxC,iBAAK,yBAAL,8BAA4B;AAAA,QAC1B,aAAa,KAAK;AAAA,QAClB,aAAa;AAAA,QACb,SAAS;AAAA,QACT;AAAA,QACA,WAAW,KAAK;AAAA,QAChB,cAAc,KAAK;AAAA,QACnB,gBAAgB;AAAA,MAClB;AACA,WAAK,yBAAyB,SAAS;AAGvC,YAAM,WAAW,MAAM,KAAK,SAAS,IAAI,KAAK,WAAW;AACzD,WAAK,SAAS,KAAK,QAAQ,WAAW,QAAQ,SAAS;AAAA,QACrD;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,iBAAiB;AAAA,QACjB,WAAW;AAAA,QACX,iBAAiB;AAAA;AAAA,QACjB,oBAAoB;AAAA,MACtB,CAAC;AAED,WAAK,qBAAqB;AAAA,IAC5B,SAAS,KAAK;AACZ,YAAM,eAAW,4BAAc,GAAG;AAClC,YAAM,MAAM,2BAA2B,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAGvF,iBAAK,iBAAL,8BAAoB;AAgBpB,UAAI,aAAa,wBAAwB;AACvC,cAAM,QAAQ,KAAK,sBAAsB;AACzC,aAAK,oBAAoB;AACzB,YAAI,OAAO;AACT,eAAK,IAAI,KAAK,4FAAuF;AAAA,QACvG,OAAO;AACL,eAAK,IAAI,MAAM,4DAA4D;AAAA,QAC7E;AACA,YAAI,KAAK,sBAAsB;AAC7B,eAAK,qBAAqB,SAAS;AAAA,QACrC;AACA;AAAA,MACF;AACA,UAAI,aAAa,uBAAuB;AACtC,cAAM,QAAQ,KAAK,sBAAsB;AACzC,aAAK,oBAAoB;AACzB,YAAI,OAAO;AACT,eAAK,IAAI,KAAK,4EAAuE;AAAA,QACvF,OAAO;AACL,eAAK,IAAI,MAAM,4DAA4D;AAAA,QAC7E;AACA,YAAI,KAAK,sBAAsB;AAC7B,eAAK,qBAAqB,QAAQ;AAAA,QACpC;AACA;AAAA,MACF;AAGA,UAAI,aAAa,QAAQ;AACvB,aAAK;AACL,YAAI,KAAK,iBAAiB,mBAAmB;AAC3C,eAAK,IAAI,KAAK,gEAA2D;AACzE;AAAA,QACF;AAAA,MACF,OAAO;AACL,aAAK,gBAAgB;AAAA,MACvB;AAGA,UAAI,aAAa,KAAK,mBAAmB;AACvC,aAAK,oBAAoB;AACzB,aAAK,IAAI,KAAK,GAAG;AAAA,MACnB,OAAO;AACL,aAAK,IAAI,MAAM,GAAG;AAAA,MACpB;AAEA,WAAK,kBAAkB;AAAA,IACzB;AAAA,EACF;AAAA;AAAA,EAGA,IAAI,YAAqB;AA9Y3B;AA+YI,YAAO,gBAAK,WAAL,mBAAa,cAAb,YAA0B;AAAA,EACnC;AAAA;AAAA,EAGA,aAAmB;AACjB,QAAI,KAAK,gBAAgB;AACvB,WAAK,OAAO,aAAa,KAAK,cAAc;AAC5C,WAAK,iBAAiB;AAAA,IACxB;AACA,QAAI,KAAK,QAAQ;AACf,WAAK,OAAO,mBAAmB;AAC/B,WAAK,OAAO,GAAG,SAAS,MAAM;AAAA,MAE9B,CAAC;AACD,WAAK,OAAO,IAAI,IAAI;AACpB,WAAK,SAAS;AAAA,IAChB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,cAAc,SAAiB,OAAqB;AAxa9D;AAyaI,QAAI;AACF,YAAM,MAAM,KAAK,MAAM,QAAQ,SAAS,CAAC;AAIzC,YAAM,MAAM,OAAO,IAAI,QAAQ,WAAW,IAAI,MAAM;AACpD,YAAM,SAAS,OAAO,IAAI,WAAW,WAAW,IAAI,SAAS;AAC7D,YAAM,QAAQ,IAAI,SAAS,OAAO,IAAI,UAAU,WAAY,IAAI,QAAsC;AACtG,YAAM,KAAK,IAAI,MAAM,OAAO,IAAI,OAAO,WAAY,IAAI,KAAgC;AAEvF,UAAI,OAAO,QAAQ;AACjB,mBAAK,aAAL,8BAAgB,EAAE,KAAK,QAAQ,OAAO,GAAG;AACzC,YAAI,KAAK,YAAY,UAAU,MAAM,QAAQ,yBAAI,OAAO,GAAG;AACzD,qBAAW,OAAO,GAAG,SAAS;AAC5B,gBAAI,OAAO,QAAQ,YAAY,KAAK;AAClC,mBAAK,SAAS,QAAQ,OAAO,GAAG;AAAA,YAClC;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF,QAAQ;AACN,WAAK,IAAI,MAAM,kCAAkC,QAAQ,SAAS,EAAE,MAAM,GAAG,GAAG,CAAC,EAAE;AAAA,IACrF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,cAAc,IAA2E;AACvF,SAAK,WAAW;AAAA,EAClB;AAAA;AAAA,EAGQ,oBAA0B;AAChC,QAAI,KAAK,gBAAgB;AACvB;AAAA,IACF;AACA,QAAI,KAAK,iBAAiB,mBAAmB;AAC3C;AAAA,IACF;AAEA,SAAK;AACL,UAAM,QAAQ,KAAK,IAAI,MAAQ,KAAK,IAAI,GAAG,KAAK,oBAAoB,CAAC,GAAG,GAAO;AAC/E,SAAK,IAAI,MAAM,yBAAyB,QAAQ,GAAI,cAAc,KAAK,iBAAiB,GAAG;AAE3F,SAAK,iBAAiB,KAAK,OAAO,WAAW,MAAM;AACjD,WAAK,iBAAiB;AACtB,UAAI,KAAK,YAAY,KAAK,cAAc;AACtC,aAAK,KAAK,QAAQ,KAAK,UAAU,KAAK,YAAY;AAAA,MACpD;AAAA,IACF,GAAG,KAAK;AAAA,EACV;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYQ,oBAA6B;AA5evC;AA6eI,UAAM,QAAQ,KAAK;AACnB,QAAI,CAAC,SAAS,CAAC,MAAM,eAAe,CAAC,MAAM,eAAe,CAAC,MAAM,SAAS;AACxE,aAAO;AAAA,IACT;AACA,QAAI,MAAM,kBAAkB,KAAK,IAAI,GAAG;AACtC,aAAO;AAAA,IACT;AACA,QAAI;AACJ,QAAI;AACF,kBAAY,KAAK,oBAAoB,MAAM,SAAS,MAAM,OAAO;AAAA,IACnE,SAAS,GAAG;AACV,WAAK,IAAI;AAAA,QACP,gCAAgC,aAAa,QAAQ,EAAE,UAAU,OAAO,CAAC,CAAC;AAAA,MAC5E;AACA,aAAO;AAAA,IACT;AACA,SAAK,eAAe,MAAM;AAC1B,SAAK,YAAY,MAAM;AACvB,SAAK,eAAe,MAAM;AAC1B,eAAK,YAAL,8BAAe,KAAK;AACpB,UAAM,WAAW,MAAM,MAAM,SAAS,IAAI,KAAK,WAAW;AAC1D,SAAK,IAAI,MAAM,kDAAkD;AACjE,SAAK,2BAA2B;AAChC,SAAK,SAAS,KAAK,QAAQ,WAAW,MAAM,WAAW,SAAS;AAAA,MAC9D;AAAA,MACA,KAAK,UAAU;AAAA,MACf,MAAM,UAAU;AAAA,MAChB,IAAI,UAAU;AAAA,MACd,iBAAiB;AAAA,MACjB,WAAW;AAAA,MACX,iBAAiB;AAAA,MACjB,oBAAoB;AAAA,IACtB,CAAC;AACD,SAAK,qBAAqB;AAC1B,SAAK,yBAAyB,MAAM,cAAc;AAClD,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOQ,uBAA6B;AACnC,QAAI,CAAC,KAAK,QAAQ;AAChB;AAAA,IACF;AACA,SAAK,OAAO,GAAG,WAAW,MAAM;AA5hBpC;AA6hBM,WAAK,2BAA2B;AAChC,WAAK,oBAAoB;AACzB,WAAK,gBAAgB;AACrB,UAAI,KAAK,mBAAmB;AAC1B,aAAK,IAAI,KAAK,0BAA0B;AACxC,aAAK,oBAAoB;AAAA,MAC3B,OAAO;AACL,aAAK,IAAI,KAAK,gBAAgB;AAAA,MAChC;AACA,iBAAK,WAAL,mBAAa,UAAU,KAAK,cAAc,EAAE,KAAK,EAAE,GAAG,SAAO;AAtiBnE,YAAAA;AAuiBQ,YAAI,KAAK;AACP,eAAK,IAAI,KAAK,0BAA0B,IAAI,OAAO,EAAE;AAAA,QACvD,OAAO;AACL,eAAK,IAAI,MAAM,kCAAkC;AACjD,WAAAA,MAAA,KAAK,iBAAL,gBAAAA,IAAA,WAAoB;AAAA,QACtB;AAAA,MACF;AAAA,IACF,CAAC;AACD,SAAK,OAAO,GAAG,WAAW,CAAC,OAAO,YAAY;AAC5C,WAAK,cAAc,SAAS,KAAK;AAAA,IACnC,CAAC;AACD,SAAK,OAAO,GAAG,SAAS,SAAO;AAC7B,WAAK,IAAI,MAAM,eAAe,IAAI,OAAO,EAAE;AAAA,IAC7C,CAAC;AACD,SAAK,OAAO,GAAG,SAAS,MAAM;AArjBlC;AAsjBM,iBAAK,iBAAL,8BAAoB;AAKpB,UAAI,KAAK,0BAA0B;AACjC,aAAK,2BAA2B;AAChC,aAAK,YAAY;AACjB,aAAK,IAAI,MAAM,sEAAiE;AAAA,MAClF;AACA,UAAI,CAAC,KAAK,mBAAmB;AAC3B,aAAK,oBAAoB;AACzB,aAAK,IAAI,MAAM,yCAAoC;AAAA,MACrD;AACA,WAAK,kBAAkB;AAAA,IACzB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBQ,yBAAyB,WAAyB;AACxD,QAAI,KAAK,cAAc;AACrB,WAAK,OAAO,aAAa,KAAK,YAAY;AAC1C,WAAK,eAAe;AAAA,IACtB;AACA,UAAM,YAAY,YAAY,IAAI,KAAK;AACvC,UAAM,QAAQ,YAAY,KAAK,IAAI;AACnC,QAAI,SAAS,GAAG;AACd;AAAA,IACF;AACA,SAAK,eAAe,KAAK,OAAO,WAAW,MAAM;AAC/C,WAAK,eAAe;AACpB,WAAK,KAAK,sBAAsB;AAAA,IAClC,GAAG,KAAK;AAAA,EACV;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAc,wBAAuC;AA/mBvD;AAgnBI,SAAK,IAAI,MAAM,yCAAyC;AACxD,QAAI;AACF,YAAM,YAAY,MAAM,KAAK,MAAM;AACnC,UAAI,CAAC,UAAU,QAAQ;AAKrB,cAAM,UAAS,eAAU,WAAV,YAAoB;AACnC,aAAK,IAAI,MAAM,mDAAmD,MAAM,+BAA0B;AAClG;AAAA,MACF;AACA,WAAK,eAAe,UAAU,OAAO;AACrC,iBAAK,YAAL,8BAAe,KAAK;AAIpB,YAAM,UAAS,qBAAU,OAAO,uBAAjB,YAAuC,UAAU,OAAO,qBAAxD,YAA4E;AAC3F,YAAM,eAAe,KAAK,IAAI,IAAI,SAAS;AAC3C,UAAI;AACF,cAAM,UAAU,MAAM,KAAK,UAAU;AACrC,aAAI,wCAAS,SAAT,mBAAe,UAAU;AAC3B,qBAAK,yBAAL,8BAA4B;AAAA,YAC1B,aAAa,KAAK;AAAA,YAClB,aAAa,QAAQ,KAAK;AAAA,YAC1B,SAAS,QAAQ,KAAK;AAAA,YACtB,SAAS,QAAQ,KAAK;AAAA,YACtB,WAAW,KAAK;AAAA,YAChB,cAAc,KAAK;AAAA,YACnB,gBAAgB;AAAA,UAClB;AAAA,QACF;AAAA,MACF,SAAS,GAAG;AACV,aAAK,IAAI,MAAM,kCAAkC,aAAa,QAAQ,EAAE,UAAU,OAAO,CAAC,CAAC,EAAE;AAAA,MAC/F;AACA,WAAK,yBAAyB,YAAY;AAAA,IAC5C,SAAS,GAAG;AAIV,WAAK,IAAI;AAAA,QACP,iCAAiC,aAAa,QAAQ,EAAE,UAAU,OAAO,CAAC,CAAC;AAAA,MAC7E;AAAA,IACF;AAAA,EACF;AAAA;AAAA,EAGQ,QAAqC;AA/pB/C;AAgqBI,UAAM,OAA+B;AAAA,MACnC,OAAO,KAAK;AAAA,MACZ,UAAU,KAAK;AAAA,MACf,QAAQ,KAAK;AAAA,IACf;AACA,UAAM,SAAQ,UAAK,qBAAL,YAAyB,IAAI,KAAK;AAChD,QAAI,MAAM;AACR,WAAK,OAAO;AAAA,IACd;AACA,eAAO,iCAAiC;AAAA,MACtC,QAAQ;AAAA,MACR,KAAK;AAAA,MACL,SAAS;AAAA,QACP,YAAY;AAAA,QACZ,UAAU,KAAK;AAAA,QACf,YAAY;AAAA,QACZ,YAAY;AAAA,QACZ,WAAW,OAAO,KAAK,IAAI,CAAC;AAAA,QAC5B,cAAc;AAAA,MAChB;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,0BAAyC;AAC7C,UAAM,MAAM;AACZ,cAAM,iCAAsB;AAAA,MAC1B,QAAQ;AAAA,MACR;AAAA,MACA,SAAS;AAAA,QACP,YAAY;AAAA,QACZ,UAAU,KAAK;AAAA,QACf,YAAY;AAAA,QACZ,YAAY;AAAA,QACZ,WAAW,OAAO,KAAK,IAAI,CAAC;AAAA,QAC5B,cAAc;AAAA,MAChB;AAAA,MACA,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,OAAO,KAAK;AAAA,MACd;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA,EAGQ,YAA0C;AAChD,eAAO,iCAAkC;AAAA,MACvC,QAAQ;AAAA,MACR,KAAK;AAAA,MACL,SAAS;AAAA,QACP,eAAe,UAAU,KAAK,YAAY;AAAA,QAC1C,YAAY;AAAA,QACZ,UAAU,KAAK;AAAA,QACf,YAAY;AAAA,QACZ,cAAc;AAAA,MAChB;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,oBAAoB,WAAmB,UAA6D;AA3uB9G;AA4uBI,UAAM,SAAS,MAAM,KAAK,SAAS,SAAS;AAC5C,UAAM,UAAU,MAAM,KAAK,QAAQ,MAAM;AACzC,UAAM,MAAM,MAAM,OAAO,eAAe,SAAS,QAAQ;AAGzD,UAAM,UAAU,IAAI,QAAQ;AAAA,MAC1B,SAAS,MAAM,IAAI,KAAK;AAAA,IAC1B,CAAC;AACD,UAAM,UAAS,aAAQ,MAAM,IAAI,KAAK,mBAAmB,MAA1C,mBAA8C;AAC7D,QAAI,EAAC,iCAAQ,MAAK;AAChB,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AACA,UAAM,MAAM,MAAM,IAAI,gBAAgB,OAAO,GAAG;AAGhD,UAAM,WAAW,IAAI,QAAQ,EAAE,SAAS,MAAM,IAAI,KAAK,QAAQ,CAAC;AAChE,UAAM,WAAU,cAAS,MAAM,IAAI,KAAK,OAAO,MAA/B,mBAAmC;AACnD,QAAI,EAAC,mCAAS,OAAM;AAClB,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AACA,UAAM,OAAO,MAAM,IAAI,iBAAiB,QAAQ,IAAI;AAGpD,UAAM,KAAK;AAEX,WAAO,EAAE,KAAK,MAAM,GAAG;AAAA,EACzB;AACF;",
   "names": ["_a"]
 }

package/build/lib/govee-openapi-mqtt-client.js

@@ -69,7 +69,7 @@ class GoveeOpenapiMqttClient {
     this.topic = `GA/${apiKey}`;
   }
   /**
-   * Connect to the OpenAPI MQTT broker.
+   * Connect to the Cloud-events broker.
    *
    * @param onEvent Called on incoming sensor events
    * @param onConnection Called on connection state changes
@@ -94,15 +94,15 @@ class GoveeOpenapiMqttClient {
         this.reconnectAttempts = 0;
         this.connectFailCount = 0;
         if (this.lastErrorCategory) {
-          this.log.info("OpenAPI MQTT connection restored");
+          this.log.info("Cloud-events connection restored");
           this.lastErrorCategory = null;
         }
         (_a = this.client) == null ? void 0 : _a.subscribe(this.topic, { qos: 0 }, (err) => {
           var _a2;
           if (err) {
-            this.log.warn(`OpenAPI MQTT subscribe failed: ${err.message}`);
+            this.log.warn(`Cloud-events subscribe failed: ${err.message}`);
           } else {
-            this.log.debug("OpenAPI MQTT subscribed to event topic");
+            this.log.debug("Cloud-events subscribed to event topic");
             (_a2 = this.onConnection) == null ? void 0 : _a2.call(this, true);
           }
         });
@@ -116,26 +116,26 @@ class GoveeOpenapiMqttClient {
         if (category === "AUTH") {
           this.connectFailCount++;
           if (this.connectFailCount >= MAX_CONNECT_FAILURES) {
-            this.log.warn("OpenAPI MQTT auth failed repeatedly \u2014 check API key");
+            this.log.warn("Cloud-events auth failed repeatedly \u2014 check API key");
             (_a = this.onConnection) == null ? void 0 : _a.call(this, false);
             this.disconnect();
             return;
           }
         }
-        this.log.debug(`OpenAPI MQTT error: ${err.message}`);
+        this.log.debug(`Cloud-events error: ${err.message}`);
       });
       this.client.on("close", () => {
         var _a;
         (_a = this.onConnection) == null ? void 0 : _a.call(this, false);
         if (!this.lastErrorCategory) {
           this.lastErrorCategory = "NETWORK";
-          this.log.debug("OpenAPI MQTT disconnected \u2014 will reconnect");
+          this.log.debug("Cloud-events disconnected \u2014 will reconnect");
         }
         this.scheduleReconnect();
       });
     } catch (err) {
       const category = (0, import_types.classifyError)(err);
-      const msg = `OpenAPI MQTT connection failed: ${err instanceof Error ? err.message : String(err)}`;
+      const msg = `Cloud-events connection failed: ${err instanceof Error ? err.message : String(err)}`;
       if (category !== this.lastErrorCategory) {
         this.lastErrorCategory = category;
         this.log.warn(msg);
@@ -179,18 +179,18 @@ class GoveeOpenapiMqttClient {
       const sku = (_b = raw.sku) != null ? _b : "";
       const device = (_c = raw.device) != null ? _c : "";
       if (!sku && !device) {
-        this.log.debug(`OpenAPI MQTT: message without device info: ${payload.toString().slice(0, 200)}`);
+        this.log.debug(`Cloud-events: message without device info: ${payload.toString().slice(0, 200)}`);
         return;
       }
       const caps = raw.capabilities;
       if (!caps || !Array.isArray(caps) || caps.length === 0) {
-        this.log.debug(`OpenAPI MQTT: message without capabilities from ${sku}: ${payload.toString().slice(0, 300)}`);
+        this.log.debug(`Cloud-events: message without capabilities from ${sku}: ${payload.toString().slice(0, 300)}`);
         return;
       }
       const event = { sku, device, capabilities: caps };
       (_d = this.onEvent) == null ? void 0 : _d.call(this, event);
     } catch {
-      this.log.debug(`OpenAPI MQTT: failed to parse message: ${payload.toString().slice(0, 200)}`);
+      this.log.debug(`Cloud-events: failed to parse message: ${payload.toString().slice(0, 200)}`);
     }
   }
   /** Schedule reconnect with exponential backoff */
@@ -203,7 +203,7 @@ class GoveeOpenapiMqttClient {
     }
     this.reconnectAttempts++;
     const delay = Math.min(5e3 * Math.pow(2, this.reconnectAttempts - 1), 3e5);
-    this.log.debug(`OpenAPI MQTT: reconnecting in ${delay / 1e3}s (attempt ${this.reconnectAttempts})`);
+    this.log.debug(`Cloud-events: reconnecting in ${delay / 1e3}s (attempt ${this.reconnectAttempts})`);
     this.reconnectTimer = this.timers.setTimeout(() => {
       var _a;
       this.reconnectTimer = void 0;

package/build/lib/govee-openapi-mqtt-client.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../src/lib/govee-openapi-mqtt-client.ts"],
-  "sourcesContent": ["import * as crypto from \"node:crypto\";\nimport * as mqtt from \"mqtt\";\nimport {\n  classifyError,\n  type ErrorCategory,\n  type OpenApiMqttEvent,\n  type CloudStateCapability,\n  type TimerAdapter,\n} from \"./types\";\n\n/** Max consecutive connection failures before giving up */\nconst MAX_CONNECT_FAILURES = 5;\n\nconst BROKER_URL = \"mqtts://mqtt.openapi.govee.com:8883\";\n\n/** Callback for incoming sensor events */\nexport type OpenApiEventCallback = (event: OpenApiMqttEvent) => void;\n\n/** Callback for raw MQTT messages (for diagnostics) */\nexport type OpenApiRawCallback = (rawJson: string) => void;\n\n/** Callback for connection state changes */\nexport type OpenApiConnectionCallback = (connected: boolean) => void;\n\n/**\n * Govee OpenAPI MQTT client for real-time sensor events.\n * Connects to mqtt.openapi.govee.com:8883 using the API key for auth.\n * Receives event capabilities (lackWater, iceFull, bodyAppeared etc.)\n * without consuming Cloud API budget.\n */\nexport class GoveeOpenapiMqttClient {\n  private readonly apiKey: string;\n  private readonly log: ioBroker.Logger;\n  private readonly timers: TimerAdapter;\n  /**\n   * Stable client ID for the lifetime of the adapter instance. Generated once\n   * in the constructor so reconnects keep the same identity \u2014 Govee's broker\n   * can then take over the previous socket cleanly instead of rejecting the\n   * new connection as a duplicate. Reusing Date.now() per connect() created a\n   * fresh ID on every reconnect.\n   */\n  private readonly sessionUuid: string = crypto.randomUUID();\n  private client: mqtt.MqttClient | null = null;\n  private topic: string;\n  private reconnectTimer: ioBroker.Timeout | undefined = undefined;\n  private reconnectAttempts = 0;\n  private connectFailCount = 0;\n  private lastErrorCategory: ErrorCategory | null = null;\n  private onEvent: OpenApiEventCallback | null = null;\n  private onRaw: OpenApiRawCallback | null = null;\n  private onConnection: OpenApiConnectionCallback | null = null;\n\n  /**\n   * @param apiKey Govee Cloud API key (used as username AND password)\n   * @param log ioBroker logger\n   * @param timers Timer adapter\n   */\n  constructor(apiKey: string, log: ioBroker.Logger, timers: TimerAdapter) {\n    this.apiKey = apiKey;\n    this.log = log;\n    this.timers = timers;\n    this.topic = `GA/${apiKey}`;\n  }\n\n  /**\n   * Connect to the OpenAPI MQTT broker.\n   *\n   * @param onEvent Called on incoming sensor events\n   * @param onConnection Called on connection state changes\n   * @param onRaw Called with raw JSON for diagnostics\n   */\n  connect(onEvent: OpenApiEventCallback, onConnection: OpenApiConnectionCallback, onRaw?: OpenApiRawCallback): void {\n    this.onEvent = onEvent;\n    this.onConnection = onConnection;\n    this.onRaw = onRaw ?? null;\n\n    try {\n      this.client = mqtt.connect(BROKER_URL, {\n        username: this.apiKey,\n        password: this.apiKey,\n        clientId: `iob_govee_smart_${this.sessionUuid}`,\n        protocolVersion: 4,\n        keepalive: 60,\n        reconnectPeriod: 0,\n        rejectUnauthorized: true,\n      });\n\n      this.client.on(\"connect\", () => {\n        this.reconnectAttempts = 0;\n        this.connectFailCount = 0;\n        if (this.lastErrorCategory) {\n          // Only log on transition out of an error state \u2014 the routine\n          // first-connect message is redundant with the adapter-level\n          // \"Govee adapter ready \u2014 N devices, M groups (channels: \u2026)\"\n          // line and was just noise.\n          this.log.info(\"OpenAPI MQTT connection restored\");\n          this.lastErrorCategory = null;\n        }\n\n        this.client?.subscribe(this.topic, { qos: 0 }, err => {\n          if (err) {\n            this.log.warn(`OpenAPI MQTT subscribe failed: ${err.message}`);\n          } else {\n            this.log.debug(\"OpenAPI MQTT subscribed to event topic\");\n            this.onConnection?.(true);\n          }\n        });\n      });\n\n      this.client.on(\"message\", (_topic, payload) => {\n        this.handleMessage(payload);\n      });\n\n      this.client.on(\"error\", err => {\n        const category = classifyError(err);\n        if (category === \"AUTH\") {\n          this.connectFailCount++;\n          if (this.connectFailCount >= MAX_CONNECT_FAILURES) {\n            this.log.warn(\"OpenAPI MQTT auth failed repeatedly \u2014 check API key\");\n            this.onConnection?.(false);\n            this.disconnect();\n            return;\n          }\n        }\n        this.log.debug(`OpenAPI MQTT error: ${err.message}`);\n      });\n\n      this.client.on(\"close\", () => {\n        this.onConnection?.(false);\n        if (!this.lastErrorCategory) {\n          this.lastErrorCategory = \"NETWORK\";\n          this.log.debug(\"OpenAPI MQTT disconnected \u2014 will reconnect\");\n        }\n        this.scheduleReconnect();\n      });\n    } catch (err) {\n      const category = classifyError(err);\n      const msg = `OpenAPI MQTT connection failed: ${err instanceof Error ? err.message : String(err)}`;\n\n      if (category !== this.lastErrorCategory) {\n        this.lastErrorCategory = category;\n        this.log.warn(msg);\n      } else {\n        this.log.debug(msg);\n      }\n\n      this.scheduleReconnect();\n    }\n  }\n\n  /** Whether the client is currently connected */\n  get connected(): boolean {\n    return this.client?.connected ?? false;\n  }\n\n  /** Disconnect and cleanup */\n  disconnect(): void {\n    if (this.reconnectTimer) {\n      this.timers.clearTimeout(this.reconnectTimer);\n      this.reconnectTimer = undefined;\n    }\n    if (this.client) {\n      this.client.removeAllListeners();\n      this.client.on(\"error\", () => {\n        /* ignore late errors */\n      });\n      this.client.end(true);\n      this.client = null;\n    }\n  }\n\n  /**\n   * Parse incoming MQTT event message.\n   * Expected format: { sku, device, capabilities: [{ type, instance, state: { value } }] }\n   *\n   * @param payload Raw MQTT message buffer\n   */\n  private handleMessage(payload: Buffer): void {\n    try {\n      const rawStr = payload.toString();\n\n      // Always forward raw JSON for diagnostics\n      this.onRaw?.(rawStr);\n\n      const raw = JSON.parse(rawStr) as Record<string, unknown>;\n\n      const sku = (raw.sku as string) ?? \"\";\n      const device = (raw.device as string) ?? \"\";\n\n      if (!sku && !device) {\n        this.log.debug(`OpenAPI MQTT: message without device info: ${payload.toString().slice(0, 200)}`);\n        return;\n      }\n\n      // Extract capabilities array\n      const caps = raw.capabilities as CloudStateCapability[] | undefined;\n      if (!caps || !Array.isArray(caps) || caps.length === 0) {\n        this.log.debug(`OpenAPI MQTT: message without capabilities from ${sku}: ${payload.toString().slice(0, 300)}`);\n        return;\n      }\n\n      const event: OpenApiMqttEvent = { sku, device, capabilities: caps };\n      this.onEvent?.(event);\n    } catch {\n      this.log.debug(`OpenAPI MQTT: failed to parse message: ${payload.toString().slice(0, 200)}`);\n    }\n  }\n\n  /** Schedule reconnect with exponential backoff */\n  private scheduleReconnect(): void {\n    if (this.reconnectTimer) {\n      return;\n    }\n    if (this.connectFailCount >= MAX_CONNECT_FAILURES) {\n      return;\n    }\n\n    this.reconnectAttempts++;\n    const delay = Math.min(5_000 * Math.pow(2, this.reconnectAttempts - 1), 300_000);\n    this.log.debug(`OpenAPI MQTT: reconnecting in ${delay / 1000}s (attempt ${this.reconnectAttempts})`);\n\n    this.reconnectTimer = this.timers.setTimeout(() => {\n      this.reconnectTimer = undefined;\n      if (this.onEvent && this.onConnection) {\n        this.connect(this.onEvent, this.onConnection, this.onRaw ?? undefined);\n      }\n    }, delay);\n  }\n}\n"],
+  "sourcesContent": ["import * as crypto from \"node:crypto\";\nimport * as mqtt from \"mqtt\";\nimport {\n  classifyError,\n  type ErrorCategory,\n  type OpenApiMqttEvent,\n  type CloudStateCapability,\n  type TimerAdapter,\n} from \"./types\";\n\n/** Max consecutive connection failures before giving up */\nconst MAX_CONNECT_FAILURES = 5;\n\nconst BROKER_URL = \"mqtts://mqtt.openapi.govee.com:8883\";\n\n/** Callback for incoming sensor events */\nexport type OpenApiEventCallback = (event: OpenApiMqttEvent) => void;\n\n/** Callback for raw MQTT messages (for diagnostics) */\nexport type OpenApiRawCallback = (rawJson: string) => void;\n\n/** Callback for connection state changes */\nexport type OpenApiConnectionCallback = (connected: boolean) => void;\n\n/**\n * Govee Cloud-events client for real-time sensor events.\n * Connects to mqtt.openapi.govee.com:8883 using the API key for auth.\n * Receives event capabilities (lackWater, iceFull, bodyAppeared etc.)\n * without consuming Cloud API budget.\n */\nexport class GoveeOpenapiMqttClient {\n  private readonly apiKey: string;\n  private readonly log: ioBroker.Logger;\n  private readonly timers: TimerAdapter;\n  /**\n   * Stable client ID for the lifetime of the adapter instance. Generated once\n   * in the constructor so reconnects keep the same identity \u2014 Govee's broker\n   * can then take over the previous socket cleanly instead of rejecting the\n   * new connection as a duplicate. Reusing Date.now() per connect() created a\n   * fresh ID on every reconnect.\n   */\n  private readonly sessionUuid: string = crypto.randomUUID();\n  private client: mqtt.MqttClient | null = null;\n  private topic: string;\n  private reconnectTimer: ioBroker.Timeout | undefined = undefined;\n  private reconnectAttempts = 0;\n  private connectFailCount = 0;\n  private lastErrorCategory: ErrorCategory | null = null;\n  private onEvent: OpenApiEventCallback | null = null;\n  private onRaw: OpenApiRawCallback | null = null;\n  private onConnection: OpenApiConnectionCallback | null = null;\n\n  /**\n   * @param apiKey Govee Cloud API key (used as username AND password)\n   * @param log ioBroker logger\n   * @param timers Timer adapter\n   */\n  constructor(apiKey: string, log: ioBroker.Logger, timers: TimerAdapter) {\n    this.apiKey = apiKey;\n    this.log = log;\n    this.timers = timers;\n    this.topic = `GA/${apiKey}`;\n  }\n\n  /**\n   * Connect to the Cloud-events broker.\n   *\n   * @param onEvent Called on incoming sensor events\n   * @param onConnection Called on connection state changes\n   * @param onRaw Called with raw JSON for diagnostics\n   */\n  connect(onEvent: OpenApiEventCallback, onConnection: OpenApiConnectionCallback, onRaw?: OpenApiRawCallback): void {\n    this.onEvent = onEvent;\n    this.onConnection = onConnection;\n    this.onRaw = onRaw ?? null;\n\n    try {\n      this.client = mqtt.connect(BROKER_URL, {\n        username: this.apiKey,\n        password: this.apiKey,\n        clientId: `iob_govee_smart_${this.sessionUuid}`,\n        protocolVersion: 4,\n        keepalive: 60,\n        reconnectPeriod: 0,\n        rejectUnauthorized: true,\n      });\n\n      this.client.on(\"connect\", () => {\n        this.reconnectAttempts = 0;\n        this.connectFailCount = 0;\n        if (this.lastErrorCategory) {\n          // Only log on transition out of an error state \u2014 the routine\n          // first-connect message is redundant with the adapter-level\n          // \"Govee adapter ready \u2014 N devices, M groups (channels: \u2026)\"\n          // line and was just noise.\n          this.log.info(\"Cloud-events connection restored\");\n          this.lastErrorCategory = null;\n        }\n\n        this.client?.subscribe(this.topic, { qos: 0 }, err => {\n          if (err) {\n            this.log.warn(`Cloud-events subscribe failed: ${err.message}`);\n          } else {\n            this.log.debug(\"Cloud-events subscribed to event topic\");\n            this.onConnection?.(true);\n          }\n        });\n      });\n\n      this.client.on(\"message\", (_topic, payload) => {\n        this.handleMessage(payload);\n      });\n\n      this.client.on(\"error\", err => {\n        const category = classifyError(err);\n        if (category === \"AUTH\") {\n          this.connectFailCount++;\n          if (this.connectFailCount >= MAX_CONNECT_FAILURES) {\n            this.log.warn(\"Cloud-events auth failed repeatedly \u2014 check API key\");\n            this.onConnection?.(false);\n            this.disconnect();\n            return;\n          }\n        }\n        this.log.debug(`Cloud-events error: ${err.message}`);\n      });\n\n      this.client.on(\"close\", () => {\n        this.onConnection?.(false);\n        if (!this.lastErrorCategory) {\n          this.lastErrorCategory = \"NETWORK\";\n          this.log.debug(\"Cloud-events disconnected \u2014 will reconnect\");\n        }\n        this.scheduleReconnect();\n      });\n    } catch (err) {\n      const category = classifyError(err);\n      const msg = `Cloud-events connection failed: ${err instanceof Error ? err.message : String(err)}`;\n\n      if (category !== this.lastErrorCategory) {\n        this.lastErrorCategory = category;\n        this.log.warn(msg);\n      } else {\n        this.log.debug(msg);\n      }\n\n      this.scheduleReconnect();\n    }\n  }\n\n  /** Whether the client is currently connected */\n  get connected(): boolean {\n    return this.client?.connected ?? false;\n  }\n\n  /** Disconnect and cleanup */\n  disconnect(): void {\n    if (this.reconnectTimer) {\n      this.timers.clearTimeout(this.reconnectTimer);\n      this.reconnectTimer = undefined;\n    }\n    if (this.client) {\n      this.client.removeAllListeners();\n      this.client.on(\"error\", () => {\n        /* ignore late errors */\n      });\n      this.client.end(true);\n      this.client = null;\n    }\n  }\n\n  /**\n   * Parse incoming MQTT event message.\n   * Expected format: { sku, device, capabilities: [{ type, instance, state: { value } }] }\n   *\n   * @param payload Raw MQTT message buffer\n   */\n  private handleMessage(payload: Buffer): void {\n    try {\n      const rawStr = payload.toString();\n\n      // Always forward raw JSON for diagnostics\n      this.onRaw?.(rawStr);\n\n      const raw = JSON.parse(rawStr) as Record<string, unknown>;\n\n      const sku = (raw.sku as string) ?? \"\";\n      const device = (raw.device as string) ?? \"\";\n\n      if (!sku && !device) {\n        this.log.debug(`Cloud-events: message without device info: ${payload.toString().slice(0, 200)}`);\n        return;\n      }\n\n      // Extract capabilities array\n      const caps = raw.capabilities as CloudStateCapability[] | undefined;\n      if (!caps || !Array.isArray(caps) || caps.length === 0) {\n        this.log.debug(`Cloud-events: message without capabilities from ${sku}: ${payload.toString().slice(0, 300)}`);\n        return;\n      }\n\n      const event: OpenApiMqttEvent = { sku, device, capabilities: caps };\n      this.onEvent?.(event);\n    } catch {\n      this.log.debug(`Cloud-events: failed to parse message: ${payload.toString().slice(0, 200)}`);\n    }\n  }\n\n  /** Schedule reconnect with exponential backoff */\n  private scheduleReconnect(): void {\n    if (this.reconnectTimer) {\n      return;\n    }\n    if (this.connectFailCount >= MAX_CONNECT_FAILURES) {\n      return;\n    }\n\n    this.reconnectAttempts++;\n    const delay = Math.min(5_000 * Math.pow(2, this.reconnectAttempts - 1), 300_000);\n    this.log.debug(`Cloud-events: reconnecting in ${delay / 1000}s (attempt ${this.reconnectAttempts})`);\n\n    this.reconnectTimer = this.timers.setTimeout(() => {\n      this.reconnectTimer = undefined;\n      if (this.onEvent && this.onConnection) {\n        this.connect(this.onEvent, this.onConnection, this.onRaw ?? undefined);\n      }\n    }, delay);\n  }\n}\n"],
   "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,aAAwB;AACxB,WAAsB;AACtB,mBAMO;AAGP,MAAM,uBAAuB;AAE7B,MAAM,aAAa;AAiBZ,MAAM,uBAAuB;AAAA,EACjB;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,cAAsB,OAAO,WAAW;AAAA,EACjD,SAAiC;AAAA,EACjC;AAAA,EACA,iBAA+C;AAAA,EAC/C,oBAAoB;AAAA,EACpB,mBAAmB;AAAA,EACnB,oBAA0C;AAAA,EAC1C,UAAuC;AAAA,EACvC,QAAmC;AAAA,EACnC,eAAiD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOzD,YAAY,QAAgB,KAAsB,QAAsB;AACtE,SAAK,SAAS;AACd,SAAK,MAAM;AACX,SAAK,SAAS;AACd,SAAK,QAAQ,MAAM,MAAM;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,QAAQ,SAA+B,cAAyC,OAAkC;AAChH,SAAK,UAAU;AACf,SAAK,eAAe;AACpB,SAAK,QAAQ,wBAAS;AAEtB,QAAI;AACF,WAAK,SAAS,KAAK,QAAQ,YAAY;AAAA,QACrC,UAAU,KAAK;AAAA,QACf,UAAU,KAAK;AAAA,QACf,UAAU,mBAAmB,KAAK,WAAW;AAAA,QAC7C,iBAAiB;AAAA,QACjB,WAAW;AAAA,QACX,iBAAiB;AAAA,QACjB,oBAAoB;AAAA,MACtB,CAAC;AAED,WAAK,OAAO,GAAG,WAAW,MAAM;AAvFtC;AAwFQ,aAAK,oBAAoB;AACzB,aAAK,mBAAmB;AACxB,YAAI,KAAK,mBAAmB;AAK1B,eAAK,IAAI,KAAK,kCAAkC;AAChD,eAAK,oBAAoB;AAAA,QAC3B;AAEA,mBAAK,WAAL,mBAAa,UAAU,KAAK,OAAO,EAAE,KAAK,EAAE,GAAG,SAAO;AAnG9D,cAAAA;AAoGU,cAAI,KAAK;AACP,iBAAK,IAAI,KAAK,kCAAkC,IAAI,OAAO,EAAE;AAAA,UAC/D,OAAO;AACL,iBAAK,IAAI,MAAM,wCAAwC;AACvD,aAAAA,MAAA,KAAK,iBAAL,gBAAAA,IAAA,WAAoB;AAAA,UACtB;AAAA,QACF;AAAA,MACF,CAAC;AAED,WAAK,OAAO,GAAG,WAAW,CAAC,QAAQ,YAAY;AAC7C,aAAK,cAAc,OAAO;AAAA,MAC5B,CAAC;AAED,WAAK,OAAO,GAAG,SAAS,SAAO;AAjHrC;AAkHQ,cAAM,eAAW,4BAAc,GAAG;AAClC,YAAI,aAAa,QAAQ;AACvB,eAAK;AACL,cAAI,KAAK,oBAAoB,sBAAsB;AACjD,iBAAK,IAAI,KAAK,0DAAqD;AACnE,uBAAK,iBAAL,8BAAoB;AACpB,iBAAK,WAAW;AAChB;AAAA,UACF;AAAA,QACF;AACA,aAAK,IAAI,MAAM,uBAAuB,IAAI,OAAO,EAAE;AAAA,MACrD,CAAC;AAED,WAAK,OAAO,GAAG,SAAS,MAAM;AA/HpC;AAgIQ,mBAAK,iBAAL,8BAAoB;AACpB,YAAI,CAAC,KAAK,mBAAmB;AAC3B,eAAK,oBAAoB;AACzB,eAAK,IAAI,MAAM,iDAA4C;AAAA,QAC7D;AACA,aAAK,kBAAkB;AAAA,MACzB,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,YAAM,eAAW,4BAAc,GAAG;AAClC,YAAM,MAAM,mCAAmC,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAE/F,UAAI,aAAa,KAAK,mBAAmB;AACvC,aAAK,oBAAoB;AACzB,aAAK,IAAI,KAAK,GAAG;AAAA,MACnB,OAAO;AACL,aAAK,IAAI,MAAM,GAAG;AAAA,MACpB;AAEA,WAAK,kBAAkB;AAAA,IACzB;AAAA,EACF;AAAA;AAAA,EAGA,IAAI,YAAqB;AAvJ3B;AAwJI,YAAO,gBAAK,WAAL,mBAAa,cAAb,YAA0B;AAAA,EACnC;AAAA;AAAA,EAGA,aAAmB;AACjB,QAAI,KAAK,gBAAgB;AACvB,WAAK,OAAO,aAAa,KAAK,cAAc;AAC5C,WAAK,iBAAiB;AAAA,IACxB;AACA,QAAI,KAAK,QAAQ;AACf,WAAK,OAAO,mBAAmB;AAC/B,WAAK,OAAO,GAAG,SAAS,MAAM;AAAA,MAE9B,CAAC;AACD,WAAK,OAAO,IAAI,IAAI;AACpB,WAAK,SAAS;AAAA,IAChB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,cAAc,SAAuB;AAjL/C;AAkLI,QAAI;AACF,YAAM,SAAS,QAAQ,SAAS;AAGhC,iBAAK,UAAL,8BAAa;AAEb,YAAM,MAAM,KAAK,MAAM,MAAM;AAE7B,YAAM,OAAO,SAAI,QAAJ,YAAsB;AACnC,YAAM,UAAU,SAAI,WAAJ,YAAyB;AAEzC,UAAI,CAAC,OAAO,CAAC,QAAQ;AACnB,aAAK,IAAI,MAAM,8CAA8C,QAAQ,SAAS,EAAE,MAAM,GAAG,GAAG,CAAC,EAAE;AAC/F;AAAA,MACF;AAGA,YAAM,OAAO,IAAI;AACjB,UAAI,CAAC,QAAQ,CAAC,MAAM,QAAQ,IAAI,KAAK,KAAK,WAAW,GAAG;AACtD,aAAK,IAAI,MAAM,mDAAmD,GAAG,KAAK,QAAQ,SAAS,EAAE,MAAM,GAAG,GAAG,CAAC,EAAE;AAC5G;AAAA,MACF;AAEA,YAAM,QAA0B,EAAE,KAAK,QAAQ,cAAc,KAAK;AAClE,iBAAK,YAAL,8BAAe;AAAA,IACjB,QAAQ;AACN,WAAK,IAAI,MAAM,0CAA0C,QAAQ,SAAS,EAAE,MAAM,GAAG,GAAG,CAAC,EAAE;AAAA,IAC7F;AAAA,EACF;AAAA;AAAA,EAGQ,oBAA0B;AAChC,QAAI,KAAK,gBAAgB;AACvB;AAAA,IACF;AACA,QAAI,KAAK,oBAAoB,sBAAsB;AACjD;AAAA,IACF;AAEA,SAAK;AACL,UAAM,QAAQ,KAAK,IAAI,MAAQ,KAAK,IAAI,GAAG,KAAK,oBAAoB,CAAC,GAAG,GAAO;AAC/E,SAAK,IAAI,MAAM,iCAAiC,QAAQ,GAAI,cAAc,KAAK,iBAAiB,GAAG;AAEnG,SAAK,iBAAiB,KAAK,OAAO,WAAW,MAAM;AA7NvD;AA8NM,WAAK,iBAAiB;AACtB,UAAI,KAAK,WAAW,KAAK,cAAc;AACrC,aAAK,QAAQ,KAAK,SAAS,KAAK,eAAc,UAAK,UAAL,YAAc,MAAS;AAAA,MACvE;AAAA,IACF,GAAG,KAAK;AAAA,EACV;AACF;",
   "names": ["_a"]
 }