max-account-api 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,328 @@
+# max-account-api
+
+> ⚠️ **Неофициальная библиотека.** Не аффилирована с MAX / VK. Используйте на свой страх и риск — ваш аккаунт может быть помечен или заблокирован за нестандартную активность.
+
+Node.js-клиент для **личного** MAX-аккаунта — залогиньтесь по номеру телефона или QR-коду и автоматизируйте всё что делает обычный пользователь: получать сообщения, отвечать, читать, реагировать, редактировать, отправлять фото / файлы / стикеры / опросы, создавать группы, и т.д.
+
+Сложные части (TLS + msgpack + LZ4 бинарный протокол для phone-auth, WebSocket для всего остального, корреляция фреймов, ping / heartbeat, авто-реконнект, ack серверных push-ев) спрятаны за маленьким event-driven API.
+
+```ts
+import { MaxClient } from 'max-account-api';
+
+const client = await MaxClient.loginWithPhone({
+  phone: '+79991234567',
+  getSmsCode: async () => prompt('SMS code: '),
+});
+
+client.on('message', (m) => console.log(`[${m.chatId}] ${m.fromId}: ${m.text}`));
+await client.sendMessage(0, 'Привет в Избранное!');
+```
+
+## Возможности
+
+| | |
+|---|---|
+| 📱 **Phone-auth + auto QR-bind** | Один метод `loginWithPhone({phone, getSmsCode, getPassword?})` — SMS-код, опционально облачный пароль (2FA), под капотом mobile binary protocol + WS QR-bind. Web-токен сохраняется автоматически. |
+| 📷 **QR-логин** (как раньше) | Терминал-QR + событие со ссылкой. Старый flow `new MaxClient().start()` тоже работает. |
+| 💾 **Гибкая сессия** | По умолчанию — `./.max-session.json`. Можно отдать кастомный `SessionStore` или инжектить `deviceId`+`loginToken` из env. |
+| 🧩 **Несколько инстансов в процессе** | Каждый со своим store / тoken pair'ом. |
+| 📨 **Сообщения** | Текст, реплаи, форварды, цитаты, редактирование, удаление, реакции, голосование в опросах. |
+| 📎 **Вложения** | Фото, файлы, видео, стикеры, контакты, опросы — с end-to-end upload. |
+| 👥 **Чаты / группы** | Создание групп / каналов, добавление / удаление / промоут участников, переименование, аватары, инвайт-линки, mute / unmute, pin, политика реакций. |
+| 📞 **Звонки** | Signalling для 1:1 audio / video (медиа через отдельный `videowebrtc.okcdn.ru`). |
+| 🔁 **Auto-reconnect** | Тихий повторный handshake при обрыве. |
+| 📡 **Server push** | Подтверждается автоматически — вы получаете `'message'`, `'chatUpdate'`, `'presence'`, `'readByOther'`, и т.д. |
+| 🔐 **Управление сессией** | Список активных сессий, logout, 2FA включить / выключить, смена пароля. |
+| 📚 **Полная TypeScript-типизация** | На каждый запрос и ответ. 160+ опкодов с каноническими именами, извлечёнными из декомпилированного MAX-клиента. |
+| 🪟 **Запасной выход** | `client.raw(opcode, payload)` для любого опкода которого нет в high-level API. |
+
+## Установка
+
+```bash
+npm install max-account-api
+```
+
+Требуется Node.js 18+.
+
+## Быстрый старт
+
+### Вход по номеру телефона (рекомендуется)
+
+```ts
+import { MaxClient } from 'max-account-api';
+import * as readline from 'node:readline/promises';
+import { stdin as input, stdout as output } from 'node:process';
+
+const rl = readline.createInterface({ input, output });
+
+const client = await MaxClient.loginWithPhone({
+  phone: await rl.question('Phone (+79991234567): '),
+  getSmsCode: () => rl.question('SMS code: '),
+  // Опционально: вызовется только если у аккаунта 2FA облачный пароль
+  getPassword: (challenge) =>
+    rl.question(`2FA password (hint: ${challenge.hint}): `),
+  sessionFile: './.max-session.json',
+});
+
+console.log('Logged in as', client.getMe()?.names?.[0]?.name);
+
+client.on('message', async (m) => {
+  if (m.fromId !== client.getMe()?.id) {
+    await client.reply(m, `Эхо: ${m.text}`);
+  }
+});
+
+rl.close();
+// keep process alive
+await new Promise(() => {});
+```
+
+На первом запуске MAX пришлёт SMS, после ввода кода + (если есть) 2FA пароля библиотека сохранит **оба** токена (mobile + web) в session-файл. На последующих запусках — тихий reconnect, ничего вводить не надо.
+
+> **Регион:** SMS-доставка и phone-auth заблокированы серверной геолокацией. Запускайте из РФ или через VPN с RU-IP, иначе получите `service.unavailable` / `phone.region.unsupported`.
+
+### Вход по QR-коду (без номера)
+
+```ts
+const client = new MaxClient();
+client.on('qr', ({ link, expiresAt }) => {
+  console.log('Откройте/отсканируйте:', link);
+  console.log('Истекает в', new Date(expiresAt).toLocaleString());
+});
+await client.start();
+```
+
+QR печатается в терминал автоматически. После сканирования мобильным MAX в консоль выводятся `deviceId` + `loginToken` — сохраните их в env.
+
+### Переиспользование токена (silent login)
+
+```ts
+const client = new MaxClient({
+  deviceId:   process.env.MAX_DEVICE_ID,
+  loginToken: process.env.MAX_LOGIN_TOKEN,
+});
+await client.start();
+```
+
+Если оба значения корректны — никакого QR / SMS не будет.
+
+### Несколько инстансов в одном процессе
+
+```ts
+const a = new MaxClient({ deviceId: process.env.A_ID, loginToken: process.env.A_TOK });
+const b = new MaxClient({ deviceId: process.env.B_ID, loginToken: process.env.B_TOK });
+await Promise.all([a.start(), b.start()]);
+```
+
+## API по разделам
+
+Полный справочник: [`docs/API.md`](docs/API.md). Основные группы:
+
+### Сообщения
+
+```ts
+await client.sendMessage(chatId, 'привет');
+await client.sendReply(chatId, replyToMessageId, 'ответ на сообщение');
+await client.reply(incoming, 'эхо');                   // ответить на полученное
+await client.editMessage(chatId, msgId, 'новый текст');
+await client.deleteMessages(chatId, [msgId1, msgId2], /*forAll*/ true);
+await client.forwardMessage(toChatId, fromChatId, msgId, 'опциональный комментарий');
+await client.sendTyping(chatId);
+await client.readMessage(chatId, msgId);
+await client.getHistory(chatId, { backward: 50 });
+await client.searchMessages(chatId, 'query');
+```
+
+### Реакции
+
+```ts
+await client.setReaction(chatId, msgId, '👍');
+await client.removeReaction(chatId, msgId);
+const reactions = await client.getReactions(chatId, [msgId1, msgId2]);
+```
+
+### Вложения
+
+```ts
+const photoToken = await client.uploadPhotoBytes({ data: pngBytes, filename: 'pic.png' });
+await client.sendPhoto(chatId, photoToken, 'подпись');
+
+const file = await client.uploadFileBytes({ data: pdfBytes, filename: 'doc.pdf' });
+await client.sendFile(chatId, file.fileId, 'договор');
+
+await client.sendVoice(chatId, { data: oggBytes, filename: 'voice.ogg' }, { duration: 12 });
+await client.sendVideo(chatId, { data: mp4Bytes, filename: 'clip.mp4' }, 'смотри ролик');
+await client.sendVideoNote(chatId, { data: mp4Bytes });  // круглый кружок
+
+await client.sendSticker(chatId, stickerId);
+await client.sendContact(chatId, contactId);
+await client.sendLocation(chatId, 55.7558, 37.6173, { name: 'Кремль' });
+await client.sendPoll(chatId, 'Куда едем?', ['Сочи', 'Питер', 'Казань']);
+```
+
+> `sendVoice` / `sendVideo` / `sendVideoNote` требуют `mobileLoginToken` (т.е. сессию, заведённую через `MaxClient.loginWithPhone()`); через QR-only login они недоступны.
+
+### Группы / каналы
+
+```ts
+const group = await client.createGroup('Тестовая группа', [userId1, userId2]);
+await client.addGroupParticipants(group.chatId, [userId3]);
+await client.setGroupAdmin(group.chatId, userId1);
+await client.renameGroup(group.chatId, 'Новое имя');
+await client.setChatAvatar(group.chatId, photoToken);
+await client.pinMessage(group.chatId, msgId);
+await client.leaveChat(group.chatId);
+await client.resolveChatLink('https://max.ru/somegroup');  // op 57 — фактически вступает в чат
+```
+
+### Чаты
+
+```ts
+const chats = client.getChats();                       // снимок при логине
+const fresh = await client.getChatsByIds([id1, id2]);
+await client.muteChat(chatId, /*muteUntilMs*/ -1);
+await client.unmuteChat(chatId);
+await client.clearChatHistory(chatId);                 // только история
+await client.deleteChat(chatId);                       // полностью удалить
+await client.subscribeChat(chatId, true);
+```
+
+### Контакты
+
+```ts
+const me = client.getMe();
+const c = await client.getContactInfo(userId);
+await client.addContactByPhone('+79991234567', 'Имя', 'Фамилия');
+await client.lookupContactByPhone('+79991234567');     // без сохранения
+await client.renameContact(userId, 'Новое имя');
+await client.blockContact(userId);
+await client.unblockContact(userId);
+await client.removeContact(userId);
+const blocked = await client.listBlockedContacts();
+const presence = await client.getPresence([userId]);
+```
+
+### Профиль
+
+```ts
+await client.setProfileName('Имя', 'Фамилия');
+await client.setProfileDescription('обо мне');
+await client.setProfileAvatar(photoToken);
+await client.updateProfile({ firstName: 'Имя', description: 'обо мне' });
+```
+
+### Сессии / безопасность
+
+```ts
+const sessions = await client.listSessions();
+await client.logout();                                 // op 20 + локально стереть токен
+await client.enable2faPassword({
+  password: 'NewSecurePass123',
+  hint: 'мамин день рождения',
+  recoveryEmail: 'me@example.com',
+  getCode: async ({ codeLength }) => prompt(`Code from email (${codeLength}): `),
+});
+await client.disable2faPassword(currentPassword);
+```
+
+### Папки
+
+```ts
+const folders = await client.getFolders(['folder-id-1']);
+await client.upsertFolder({ title: 'Боты', filters: [10], /* ... */ });
+await client.reorderFolders(['id1', 'id2', 'id3']);
+```
+
+### Поиск
+
+```ts
+const result = await client.globalSearch('текст');
+const channels = await client.globalSearchByType('канал', 'CHANNELS');
+const inChat = await client.searchMessages(chatId, 'слово');
+```
+
+### Запасной выход
+
+```ts
+// Любой опкод которого нет в high-level API:
+const res = await client.raw<MyResponse>(Opcode.SOME_OP, { /* payload */ });
+```
+
+## События
+
+```ts
+client.on('qr',                ({ link, expiresAt }) => …);  // QR готов
+client.on('login',             (me) => …);                    // QR подтверждён, профиль есть
+client.on('ready',             () => …);                      // полная инициализация
+client.on('message',           (m) => …);                     // входящее сообщение
+client.on('chatUpdate',        (chat) => …);                  // chat info изменился
+client.on('readByOther',       (mark) => …);                  // кто-то прочитал твоё сообщение
+client.on('presence',          (p) => …);                     // online/offline у контакта
+client.on('contactUpdate',     (contact) => …);
+client.on('memberLeave',       (notif) => …);
+client.on('stickerRecentsUpdate', (push) => …);
+client.on('fileUploadDone',    (push) => …);
+client.on('configChanged',     (hash) => …);
+client.on('raw',               (frame) => …);                 // любой WS-фрейм (отладка)
+client.on('reconnect',         (attempt) => …);
+client.on('close',             (code, reason) => …);
+client.on('error',             (err) => …);
+```
+
+## Документация
+
+| Файл | Что внутри |
+|---|---|
+| [`docs/API.md`](docs/API.md) | Полный справочник по `MaxClient` (каждый метод + типы аргументов / возвращаемых значений) |
+| [`docs/ROADMAP.md`](docs/ROADMAP.md) | Что реализовано, известные ограничения |
+
+## Примеры
+
+В [`examples/`](examples/) — десяток мини-сценариев (echo-бот, отправка фото / файла / голоса / видео-кружка / локации, реакции, опросы, группы, поиск, контакты, …):
+
+```bash
+npm run example:phone        # tsx examples/phone-bot.ts  — phone-login + echo
+npm run example:echo         # tsx examples/echo-bot.ts   — QR-логин + echo
+npx tsx examples/send-photo.ts ./pic.png 0
+npx tsx examples/send-voice.ts ./voice.ogg 12 0
+```
+
+Подробнее — [`examples/README.md`](examples/README.md).
+
+## Безопасность сессии
+
+Файл `.max-session*.json` содержит **LOGIN-токен** — это эквивалент пароля от вашего MAX-аккаунта. Никогда не коммитьте, не передавайте в логи / Slack / GitHub Issues. В `.gitignore` уже добавлено правило `.max-session*.json`.
+
+Если токен скомпрометирован — `await client.logout()` или войдите в **mobile MAX** → Настройки → Устройства → завершите сессию.
+
+Для multi-tenant / production хранилищ реализуйте свой `SessionStore`:
+
+```ts
+import type { SessionStore, StoredSession } from 'max-account-api';
+
+class VaultSessionStore implements SessionStore {
+  async load(): Promise<StoredSession> { /* read from secrets vault */ }
+  async save(s: StoredSession): Promise<void> { /* write back */ }
+}
+
+const client = new MaxClient({ session: new VaultSessionStore() });
+```
+
+## Что не покрыто / ограничения
+
+- **Медиа звонков** (`videowebrtc.okcdn.ru/ws2`) — есть только signalling (`startCall`), сами RTP / WebRTC потоки вне scope библиотеки.
+- **Live streams** — есть `chatLivestreamInfo` (op 62), но запуск стрима не реализован.
+- **Mini-apps / WebView** — есть `openBotMiniApp` (op 160), сам WebApp / WebView пользователь рендерит сам.
+- **SMS phone-auth** — заблокирован сервером для не-RU IP, нужен RU-IP или VPN.
+
+Полная таблица — [`docs/ROADMAP.md`](docs/ROADMAP.md).
+
+## Дисклеймер
+
+Это пользовательский эксперимент по реверс-инжинирингу. Протокол не публичный; опкоды наблюдены через официальный веб-клиент и Android-клиент (v26.15.1), могут быть изменены MAX без предупреждения. Автор не несёт ответственности за блокировку аккаунтов в результате использования библиотеки.
+
+**Не используйте её для спама, скрейпинга, массовых рассылок или иных нарушений условий использования MAX.**
+
+## Лицензия
+
+MIT

package/dist/auth.d.ts

@@ -0,0 +1,85 @@
+import type { Transport } from './transport.js';
+import type { RawTransport } from './raw-transport.js';
+/** Transport that can speak the mobile binary protocol (phone-auth). */
+type PhoneAuthTransport = RawTransport;
+import type { PhoneAuthStartResponse, PhoneAuthVerifyResponse, AuthEmailSendCodeResponse, AuthEmailVerifyCodeResponse, AuthPasswordCommitRequest, AuthPasswordInfoResponse, AuthPasswordVerifyResponse, AuthQrPasswordLoginResponse, AuthTrackStartResponse, HelloResponse, LoginResponse, PasswordChallenge, QrLoginResponse, UserAgent } from './types.js';
+export declare const DEFAULT_USER_AGENT: UserAgent;
+export interface QrEmitter {
+    emitQr(info: {
+        link: string;
+        expiresAt: number;
+    }): void;
+    printToTerminal: boolean;
+    /**
+     * Called when the QR scan succeeds but the account has 2FA cloud password
+     * enabled — caller must return the password (string) or `null` to abort.
+     * If absent, `loginViaQr` throws when 2FA is required.
+     */
+    resolvePassword?: (challenge: PasswordChallenge) => Promise<string | null>;
+}
+export declare function hello(transport: Transport, deviceId: string, userAgent?: UserAgent): Promise<HelloResponse>;
+/**
+ * Run QR login flow:
+ *  1. opcode 288 → get qrLink + trackId + pollingInterval
+ *  2. emit qrLink to user (terminal QR + event)
+ *  3. poll opcode 289 with trackId until loginAvailable=true or expiry
+ *  4. opcode 291 → returns LOGIN token + profile
+ */
+export declare function loginViaQr(transport: Transport, emitter: QrEmitter): Promise<QrLoginResponse>;
+/**
+ * Submit login token (received from QR or persisted from previous session)
+ * to obtain full app state (profile, chats, contacts, config).
+ */
+export declare function loginWithToken(transport: Transport, token: string, opts?: {
+    chatsCount?: number;
+    interactive?: boolean;
+}): Promise<LoginResponse>;
+/** Op 112: open a fresh auth track. Returns `trackId` used by all `auth*` ops. */
+export declare function startAuthTrack(transport: Transport, type?: number): Promise<AuthTrackStartResponse>;
+/** Op 104: returns whether 2FA is set on the account and the recovery email (if any). */
+export declare function getPasswordInfo(transport: Transport, trackId: string): Promise<AuthPasswordInfoResponse>;
+/** Op 107: pre-flight password strength check. Throws server `password.invalid` for weak. */
+export declare function validatePassword(transport: Transport, trackId: string, password: string): Promise<void>;
+/** Op 108: stash the password hint (shown later as a reminder). */
+export declare function setPasswordHint(transport: Transport, trackId: string, hint: string): Promise<void>;
+/** Op 109: ask the server to email a verification code to `email`. */
+export declare function sendEmailCode(transport: Transport, trackId: string, email: string): Promise<AuthEmailSendCodeResponse>;
+/** Op 110: confirm the code mailed by `sendEmailCode`. */
+export declare function verifyEmailCode(transport: Transport, trackId: string, verifyCode: string): Promise<AuthEmailVerifyCodeResponse>;
+/**
+ * Op 111: commit a 2FA cloud password change.
+ *  - to ENABLE: `{password, hint, expectedCapabilities:[0,3,4]}` after a verified
+ *    email track (ops 109/110 done).
+ *  - to DISABLE: `{remove2fa:true, expectedCapabilities:[5]}` after `verifyPassword`.
+ */
+export declare function commitPasswordChange(transport: Transport, req: AuthPasswordCommitRequest): Promise<void>;
+/** Op 113: prove ownership of the account with the existing 2FA password. */
+export declare function verifyPassword(transport: Transport, trackId: string, password: string): Promise<AuthPasswordVerifyResponse>;
+/** Op 115: exchange a `passwordChallenge.trackId` + 2FA password for a LOGIN token. */
+export declare function completeQrPasswordLogin(transport: Transport, trackId: string, password: string): Promise<AuthQrPasswordLoginResponse>;
+/** Op 20: invalidate the current login token server-side. */
+export declare function logout(transport: Transport): Promise<void>;
+/**
+ * Op 17: request an SMS verification code.
+ *
+ * IMPORTANT: this op is **mobile-only**. The web WebSocket endpoint refuses
+ * `userAgent.deviceType:'ANDROID'` with close code 1008 ("deviceType forbidden"),
+ * and a WEB hello returns `phone-auth-enabled:false`. You must use
+ * `RawTransport` (TLS to `api.oneme.ru:443`) with an ANDROID/IOS userAgent.
+ *
+ * `type='START_AUTH'` for a fresh request; `type='RESEND'` to re-send.
+ * Returns a short-lived `token` that must be passed to `verifyPhoneAuthCode`.
+ */
+export declare function sendPhoneAuthCode(transport: PhoneAuthTransport, phone: string, type?: 'START_AUTH' | 'RESEND'): Promise<PhoneAuthStartResponse>;
+/**
+ * Op 18: submit the SMS code received after `sendPhoneAuthCode`.
+ * On success returns `tokenAttrs.LOGIN.token` (use with `loginWithToken`).
+ * If 2FA cloud password is set, returns `passwordChallenge` instead — pass to
+ * `completeQrPasswordLogin` (op 115, same shape as QR flow).
+ * On wrong code the server throws `{error:'verify.code.wrong'}`.
+ *
+ * Mobile-only — see `sendPhoneAuthCode` for the transport requirement.
+ */
+export declare function verifyPhoneAuthCode(transport: PhoneAuthTransport, verifyCode: string, token: string): Promise<PhoneAuthVerifyResponse>;
+export {};
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAEvD,wEAAwE;AACxE,KAAK,kBAAkB,GAAG,YAAY,CAAC;AACvC,OAAO,KAAK,EAEV,sBAAsB,EAEtB,uBAAuB,EAEvB,yBAAyB,EAEzB,2BAA2B,EAC3B,yBAAyB,EAGzB,wBAAwB,EAGxB,0BAA0B,EAE1B,2BAA2B,EAE3B,sBAAsB,EAEtB,aAAa,EACb,aAAa,EACb,iBAAiB,EACjB,eAAe,EAGf,SAAS,EACV,MAAM,YAAY,CAAC;AAEpB,eAAO,MAAM,kBAAkB,EAAE,SAWhC,CAAC;AAEF,MAAM,WAAW,SAAS;IACxB,MAAM,CAAC,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;IACxD,eAAe,EAAE,OAAO,CAAC;IACzB;;;;OAIG;IACH,eAAe,CAAC,EAAE,CAAC,SAAS,EAAE,iBAAiB,KAAK,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;CAC5E;AAeD,wBAAsB,KAAK,CACzB,SAAS,EAAE,SAAS,EACpB,QAAQ,EAAE,MAAM,EAChB,SAAS,GAAE,SAA8B,GACxC,OAAO,CAAC,aAAa,CAAC,CAGxB;AAED;;;;;;GAMG;AACH,wBAAsB,UAAU,CAC9B,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,SAAS,GACjB,OAAO,CAAC,eAAe,CAAC,CAqD1B;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,SAAS,EAAE,SAAS,EACpB,KAAK,EAAE,MAAM,EACb,IAAI,GAAE;IAAE,UAAU,CAAC,EAAE,MAAM,CAAC;IAAC,WAAW,CAAC,EAAE,OAAO,CAAA;CAAO,GACxD,OAAO,CAAC,aAAa,CAAC,CAUxB;AAUD,kFAAkF;AAClF,wBAAsB,cAAc,CAClC,SAAS,EAAE,SAAS,EACpB,IAAI,SAAI,GACP,OAAO,CAAC,sBAAsB,CAAC,CAIjC;AAED,yFAAyF;AACzF,wBAAsB,eAAe,CACnC,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,wBAAwB,CAAC,CAInC;AAED,6FAA6F;AAC7F,wBAAsB,gBAAgB,CACpC,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,IAAI,CAAC,CAKf;AAED,mEAAmE;AACnE,wBAAsB,eAAe,CACnC,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,IAAI,CAAC,CAKf;AAED,sEAAsE;AACtE,wBAAsB,aAAa,CACjC,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,yBAAyB,CAAC,CAKpC;AAED,0DAA0D;AAC1D,wBAAsB,eAAe,CACnC,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,2BAA2B,CAAC,CAKtC;AAED;;;;;GAKG;AACH,wBAAsB,oBAAoB,CACxC,SAAS,EAAE,SAAS,EACpB,GAAG,EAAE,yBAAyB,GAC7B,OAAO,CAAC,IAAI,CAAC,CAEf;AAED,6EAA6E;AAC7E,wBAAsB,cAAc,CAClC,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,0BAA0B,CAAC,CAKrC;AAED,uFAAuF;AACvF,wBAAsB,uBAAuB,CAC3C,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,2BAA2B,CAAC,CAKtC;AAED,6DAA6D;AAC7D,wBAAsB,MAAM,CAAC,SAAS,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAEhE;AAMD;;;;;;;;;;GAUG;AACH,wBAAsB,iBAAiB,CACrC,SAAS,EAAE,kBAAkB,EAC7B,KAAK,EAAE,MAAM,EACb,IAAI,GAAE,YAAY,GAAG,QAAuB,GAC3C,OAAO,CAAC,sBAAsB,CAAC,CAQjC;AAED;;;;;;;;GAQG;AACH,wBAAsB,mBAAmB,CACvC,SAAS,EAAE,kBAAkB,EAC7B,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,uBAAuB,CAAC,CASlC"}

package/dist/auth.js

@@ -0,0 +1,204 @@
+import qrTerminal from 'qrcode-terminal';
+import { Opcode } from './opcodes.js';
+export const DEFAULT_USER_AGENT = {
+    deviceType: 'WEB',
+    locale: 'ru',
+    deviceLocale: 'ru',
+    osVersion: 'macOS',
+    deviceName: 'Chrome',
+    headerUserAgent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36',
+    appVersion: '26.5.5',
+    screen: '720x1280 1.0x',
+    timezone: 'Europe/Moscow',
+};
+function formatExpiry(expiresAt) {
+    const ms = expiresAt - Date.now();
+    const inSec = Math.max(0, Math.round(ms / 1000));
+    const d = new Date(expiresAt);
+    const local = d.toLocaleString(undefined, {
+        hour: '2-digit',
+        minute: '2-digit',
+        second: '2-digit',
+        timeZoneName: 'short',
+    });
+    return { local, inSec };
+}
+export async function hello(transport, deviceId, userAgent = DEFAULT_USER_AGENT) {
+    const req = { userAgent, deviceId };
+    return transport.request(Opcode.HELLO, req);
+}
+/**
+ * Run QR login flow:
+ *  1. opcode 288 → get qrLink + trackId + pollingInterval
+ *  2. emit qrLink to user (terminal QR + event)
+ *  3. poll opcode 289 with trackId until loginAvailable=true or expiry
+ *  4. opcode 291 → returns LOGIN token + profile
+ */
+export async function loginViaQr(transport, emitter) {
+    const start = await transport.request(Opcode.QR_START);
+    emitter.emitQr({ link: start.qrLink, expiresAt: start.expiresAt });
+    if (emitter.printToTerminal) {
+        qrTerminal.generate(start.qrLink, { small: true });
+        const { local, inSec } = formatExpiry(start.expiresAt);
+        // eslint-disable-next-line no-console
+        console.log(`\n[max-account-api] Отсканируйте QR или откройте ссылку:\n  ${start.qrLink}\n` +
+            `Код истечёт через ${inSec} с (в ${local}).\n`);
+    }
+    const interval = Math.max(1000, start.pollingInterval ?? 5000);
+    const deadline = start.expiresAt;
+    while (Date.now() < deadline) {
+        const poll = await transport.request(Opcode.QR_POLL, {
+            trackId: start.trackId,
+        });
+        if (poll.status?.loginAvailable) {
+            const res = await transport.request(Opcode.QR_LOGIN, {
+                trackId: start.trackId,
+            });
+            // Account with 2FA cloud password: tokenAttrs is `{}`, passwordChallenge is set.
+            if (!res.tokenAttrs?.LOGIN && res.passwordChallenge) {
+                if (!emitter.resolvePassword) {
+                    throw new Error('Аккаунт защищён облачным паролем (2FA). Передайте `resolvePassword` в loginViaQr или используйте `client.completeQrPasswordLogin`.');
+                }
+                const pw = await emitter.resolvePassword(res.passwordChallenge);
+                if (pw === null || pw === undefined) {
+                    throw new Error('2FA-пароль не предоставлен — вход отменён.');
+                }
+                const final = await transport.request(Opcode.AUTH_QR_PASSWORD_LOGIN, { trackId: res.passwordChallenge.trackId, password: pw });
+                return {
+                    tokenAttrs: final.tokenAttrs,
+                    ...(final.profile ? { profile: final.profile } : {}),
+                };
+            }
+            return res;
+        }
+        await sleep(interval);
+    }
+    if (emitter.printToTerminal) {
+        // eslint-disable-next-line no-console
+        console.log('\n[max-account-api] QR-код истёк. Перезапустите скрипт.\n');
+    }
+    throw new Error('QR-код истёк до сканирования. Перезапустите скрипт.');
+}
+/**
+ * Submit login token (received from QR or persisted from previous session)
+ * to obtain full app state (profile, chats, contacts, config).
+ */
+export async function loginWithToken(transport, token, opts = {}) {
+    return transport.request(Opcode.LOGIN, {
+        token,
+        chatsCount: opts.chatsCount ?? 40,
+        interactive: opts.interactive ?? true,
+        chatsSync: 0,
+        contactsSync: 0,
+        presenceSync: -1,
+        draftsSync: 0,
+    });
+}
+function sleep(ms) {
+    return new Promise((r) => setTimeout(r, ms));
+}
+// --------------------------------------------------------------------------
+// Cloud-password / email auth track (ops 104, 107–113)
+// --------------------------------------------------------------------------
+/** Op 112: open a fresh auth track. Returns `trackId` used by all `auth*` ops. */
+export async function startAuthTrack(transport, type = 0) {
+    return transport.request(Opcode.AUTH_TRACK_START, {
+        type,
+    });
+}
+/** Op 104: returns whether 2FA is set on the account and the recovery email (if any). */
+export async function getPasswordInfo(transport, trackId) {
+    return transport.request(Opcode.AUTH_PASSWORD_INFO, {
+        trackId,
+    });
+}
+/** Op 107: pre-flight password strength check. Throws server `password.invalid` for weak. */
+export async function validatePassword(transport, trackId, password) {
+    await transport.request(Opcode.AUTH_PASSWORD_VALIDATE, {
+        trackId,
+        password,
+    });
+}
+/** Op 108: stash the password hint (shown later as a reminder). */
+export async function setPasswordHint(transport, trackId, hint) {
+    await transport.request(Opcode.AUTH_PASSWORD_HINT, {
+        trackId,
+        hint,
+    });
+}
+/** Op 109: ask the server to email a verification code to `email`. */
+export async function sendEmailCode(transport, trackId, email) {
+    return transport.request(Opcode.AUTH_EMAIL_SEND_CODE, {
+        trackId,
+        email,
+    });
+}
+/** Op 110: confirm the code mailed by `sendEmailCode`. */
+export async function verifyEmailCode(transport, trackId, verifyCode) {
+    return transport.request(Opcode.AUTH_EMAIL_VERIFY_CODE, {
+        trackId,
+        verifyCode,
+    });
+}
+/**
+ * Op 111: commit a 2FA cloud password change.
+ *  - to ENABLE: `{password, hint, expectedCapabilities:[0,3,4]}` after a verified
+ *    email track (ops 109/110 done).
+ *  - to DISABLE: `{remove2fa:true, expectedCapabilities:[5]}` after `verifyPassword`.
+ */
+export async function commitPasswordChange(transport, req) {
+    await transport.request(Opcode.AUTH_PASSWORD_COMMIT, req);
+}
+/** Op 113: prove ownership of the account with the existing 2FA password. */
+export async function verifyPassword(transport, trackId, password) {
+    return transport.request(Opcode.AUTH_PASSWORD_VERIFY, {
+        trackId,
+        password,
+    });
+}
+/** Op 115: exchange a `passwordChallenge.trackId` + 2FA password for a LOGIN token. */
+export async function completeQrPasswordLogin(transport, trackId, password) {
+    return transport.request(Opcode.AUTH_QR_PASSWORD_LOGIN, {
+        trackId,
+        password,
+    });
+}
+/** Op 20: invalidate the current login token server-side. */
+export async function logout(transport) {
+    await transport.request(Opcode.LOGOUT);
+}
+// --------------------------------------------------------------------------
+// Phone auth (ops 17, 18) — Android mobile flow
+// --------------------------------------------------------------------------
+/**
+ * Op 17: request an SMS verification code.
+ *
+ * IMPORTANT: this op is **mobile-only**. The web WebSocket endpoint refuses
+ * `userAgent.deviceType:'ANDROID'` with close code 1008 ("deviceType forbidden"),
+ * and a WEB hello returns `phone-auth-enabled:false`. You must use
+ * `RawTransport` (TLS to `api.oneme.ru:443`) with an ANDROID/IOS userAgent.
+ *
+ * `type='START_AUTH'` for a fresh request; `type='RESEND'` to re-send.
+ * Returns a short-lived `token` that must be passed to `verifyPhoneAuthCode`.
+ */
+export async function sendPhoneAuthCode(transport, phone, type = 'START_AUTH') {
+    // Observed sub-type hints embedded by mobile client: 21 for START_AUTH, 17 for RESEND.
+    const hint = type === 'START_AUTH' ? 21 : 17;
+    return transport.request(Opcode.PHONE_AUTH_START, { type, phone }, { prependOpHint: hint });
+}
+/**
+ * Op 18: submit the SMS code received after `sendPhoneAuthCode`.
+ * On success returns `tokenAttrs.LOGIN.token` (use with `loginWithToken`).
+ * If 2FA cloud password is set, returns `passwordChallenge` instead — pass to
+ * `completeQrPasswordLogin` (op 115, same shape as QR flow).
+ * On wrong code the server throws `{error:'verify.code.wrong'}`.
+ *
+ * Mobile-only — see `sendPhoneAuthCode` for the transport requirement.
+ */
+export async function verifyPhoneAuthCode(transport, verifyCode, token) {
+    // Mobile op 18 observed:
+    //   header flags byte = 0x02
+    //   body = msgpack int (-31) followed by map {verifyCode, token, type:'CHECK_CODE'}
+    return transport.request(Opcode.PHONE_AUTH_VERIFY, { verifyCode, token, authTokenType: 'CHECK_CODE' }, { prependOpHint: 0xad, flags: 1 });
+}
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA,OAAO,UAAU,MAAM,iBAAiB,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAoCtC,MAAM,CAAC,MAAM,kBAAkB,GAAc;IAC3C,UAAU,EAAE,KAAK;IACjB,MAAM,EAAE,IAAI;IACZ,YAAY,EAAE,IAAI;IAClB,SAAS,EAAE,OAAO;IAClB,UAAU,EAAE,QAAQ;IACpB,eAAe,EACb,uHAAuH;IACzH,UAAU,EAAE,QAAQ;IACpB,MAAM,EAAE,eAAe;IACvB,QAAQ,EAAE,eAAe;CAC1B,CAAC;AAaF,SAAS,YAAY,CAAC,SAAiB;IACrC,MAAM,EAAE,GAAG,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAClC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;IACjD,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC;IAC9B,MAAM,KAAK,GAAG,CAAC,CAAC,cAAc,CAAC,SAAS,EAAE;QACxC,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,SAAS;QACjB,MAAM,EAAE,SAAS;QACjB,YAAY,EAAE,OAAO;KACtB,CAAC,CAAC;IACH,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;AAC1B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,KAAK,CACzB,SAAoB,EACpB,QAAgB,EAChB,YAAuB,kBAAkB;IAEzC,MAAM,GAAG,GAAiB,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;IAClD,OAAO,SAAS,CAAC,OAAO,CAAgB,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;AAC7D,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,SAAoB,EACpB,OAAkB;IAElB,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,OAAO,CAAkB,MAAM,CAAC,QAAQ,CAAC,CAAC;IACxE,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;IACnE,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;QAC5B,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACnD,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,YAAY,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACvD,sCAAsC;QACtC,OAAO,CAAC,GAAG,CACT,+DAA+D,KAAK,CAAC,MAAM,IAAI;YAC7E,qBAAqB,KAAK,SAAS,KAAK,MAAM,CACjD,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,eAAe,IAAI,IAAI,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,KAAK,CAAC,SAAS,CAAC;IAEjC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,OAAO,CAAiB,MAAM,CAAC,OAAO,EAAE;YACnE,OAAO,EAAE,KAAK,CAAC,OAAO;SACvB,CAAC,CAAC;QACH,IAAI,IAAI,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC;YAChC,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,OAAO,CAAkB,MAAM,CAAC,QAAQ,EAAE;gBACpE,OAAO,EAAE,KAAK,CAAC,OAAO;aACvB,CAAC,CAAC;YACH,iFAAiF;YACjF,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,IAAI,GAAG,CAAC,iBAAiB,EAAE,CAAC;gBACpD,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;oBAC7B,MAAM,IAAI,KAAK,CACb,oIAAoI,CACrI,CAAC;gBACJ,CAAC;gBACD,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;gBAChE,IAAI,EAAE,KAAK,IAAI,IAAI,EAAE,KAAK,SAAS,EAAE,CAAC;oBACpC,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;gBAChE,CAAC;gBACD,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,OAAO,CACnC,MAAM,CAAC,sBAAsB,EAC7B,EAAE,OAAO,EAAE,GAAG,CAAC,iBAAiB,CAAC,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAuC,CAC9F,CAAC;gBACF,OAAO;oBACL,UAAU,EAAE,KAAK,CAAC,UAAU;oBAC5B,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACrD,CAAC;YACJ,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QACD,MAAM,KAAK,CAAC,QAAQ,CAAC,CAAC;IACxB,CAAC;IACD,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;QAC5B,sCAAsC;QACtC,OAAO,CAAC,GAAG,CAAC,2DAA2D,CAAC,CAAC;IAC3E,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;AACzE,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,SAAoB,EACpB,KAAa,EACb,OAAuD,EAAE;IAEzD,OAAO,SAAS,CAAC,OAAO,CAAgB,MAAM,CAAC,KAAK,EAAE;QACpD,KAAK;QACL,UAAU,EAAE,IAAI,CAAC,UAAU,IAAI,EAAE;QACjC,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,IAAI;QACrC,SAAS,EAAE,CAAC;QACZ,YAAY,EAAE,CAAC;QACf,YAAY,EAAE,CAAC,CAAC;QAChB,UAAU,EAAE,CAAC;KACd,CAAC,CAAC;AACL,CAAC;AAED,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;AAC/C,CAAC;AAED,6EAA6E;AAC7E,uDAAuD;AACvD,6EAA6E;AAE7E,kFAAkF;AAClF,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,SAAoB,EACpB,IAAI,GAAG,CAAC;IAER,OAAO,SAAS,CAAC,OAAO,CAAyB,MAAM,CAAC,gBAAgB,EAAE;QACxE,IAAI;KAC2B,CAAC,CAAC;AACrC,CAAC;AAED,yFAAyF;AACzF,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,SAAoB,EACpB,OAAe;IAEf,OAAO,SAAS,CAAC,OAAO,CAA2B,MAAM,CAAC,kBAAkB,EAAE;QAC5E,OAAO;KAC0B,CAAC,CAAC;AACvC,CAAC;AAED,6FAA6F;AAC7F,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,SAAoB,EACpB,OAAe,EACf,QAAgB;IAEhB,MAAM,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,sBAAsB,EAAE;QACrD,OAAO;QACP,QAAQ;KAC6B,CAAC,CAAC;AAC3C,CAAC;AAED,mEAAmE;AACnE,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,SAAoB,EACpB,OAAe,EACf,IAAY;IAEZ,MAAM,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,kBAAkB,EAAE;QACjD,OAAO;QACP,IAAI;KAC6B,CAAC,CAAC;AACvC,CAAC;AAED,sEAAsE;AACtE,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,SAAoB,EACpB,OAAe,EACf,KAAa;IAEb,OAAO,SAAS,CAAC,OAAO,CAA4B,MAAM,CAAC,oBAAoB,EAAE;QAC/E,OAAO;QACP,KAAK;KAC6B,CAAC,CAAC;AACxC,CAAC;AAED,0DAA0D;AAC1D,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,SAAoB,EACpB,OAAe,EACf,UAAkB;IAElB,OAAO,SAAS,CAAC,OAAO,CAA8B,MAAM,CAAC,sBAAsB,EAAE;QACnF,OAAO;QACP,UAAU;KAC0B,CAAC,CAAC;AAC1C,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,SAAoB,EACpB,GAA8B;IAE9B,MAAM,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC;AAC5D,CAAC;AAED,6EAA6E;AAC7E,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,SAAoB,EACpB,OAAe,EACf,QAAgB;IAEhB,OAAO,SAAS,CAAC,OAAO,CAA6B,MAAM,CAAC,oBAAoB,EAAE;QAChF,OAAO;QACP,QAAQ;KAC2B,CAAC,CAAC;AACzC,CAAC;AAED,uFAAuF;AACvF,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,SAAoB,EACpB,OAAe,EACf,QAAgB;IAEhB,OAAO,SAAS,CAAC,OAAO,CAA8B,MAAM,CAAC,sBAAsB,EAAE;QACnF,OAAO;QACP,QAAQ;KAC4B,CAAC,CAAC;AAC1C,CAAC;AAED,6DAA6D;AAC7D,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,SAAoB;IAC/C,MAAM,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;AACzC,CAAC;AAED,6EAA6E;AAC7E,gDAAgD;AAChD,6EAA6E;AAE7E;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,SAA6B,EAC7B,KAAa,EACb,OAAgC,YAAY;IAE5C,uFAAuF;IACvF,MAAM,IAAI,GAAG,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC7C,OAAO,SAAS,CAAC,OAAO,CACtB,MAAM,CAAC,gBAAgB,EACvB,EAAE,IAAI,EAAE,KAAK,EAAkC,EAC/C,EAAE,aAAa,EAAE,IAAI,EAAE,CACxB,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,SAA6B,EAC7B,UAAkB,EAClB,KAAa;IAEb,yBAAyB;IACzB,6BAA6B;IAC7B,oFAAoF;IACpF,OAAO,SAAS,CAAC,OAAO,CACtB,MAAM,CAAC,iBAAiB,EACxB,EAAE,UAAU,EAAE,KAAK,EAAE,aAAa,EAAE,YAAY,EAA4B,EAC5E,EAAE,aAAa,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,CAClC,CAAC;AACJ,CAAC"}