mcp-keycloak-admin 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +173 -0
- package/dist/index.js +3519 -0
- package/dist/index.js.map +1 -0
- package/package.json +81 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/index.ts","../src/config/config.ts","../src/server.ts","../src/domain/shared/guards.ts","../src/domain/shared/realm-name.ts","../src/domain/policy/realm-access-policy.ts","../src/domain/policy/tool-access-policy.ts","../src/infrastructure/auth/caching-token-provider.ts","../src/domain/shared/access-token.ts","../src/infrastructure/auth/token-endpoint.ts","../src/infrastructure/auth/client-credentials-provider.ts","../src/infrastructure/auth/password-provider.ts","../src/infrastructure/auth/system-clock.ts","../src/infrastructure/keycloak/errors.ts","../src/infrastructure/keycloak/admin-client.ts","../src/domain/shared/client-id.ts","../src/domain/shared/client-secret.ts","../src/domain/shared/client-uuid.ts","../src/infrastructure/keycloak/client-repository.ts","../src/infrastructure/keycloak/authentication-repository.ts","../src/infrastructure/keycloak/authorization-repository.ts","../src/domain/shared/client-scope-id.ts","../src/domain/shared/client-scope-name.ts","../src/infrastructure/keycloak/client-scope-repository.ts","../src/infrastructure/keycloak/event-log.ts","../src/domain/shared/component-id.ts","../src/infrastructure/keycloak/federation-repository.ts","../src/domain/shared/group-id.ts","../src/domain/shared/group-name.ts","../src/domain/shared/email.ts","../src/domain/shared/user-id.ts","../src/domain/shared/username.ts","../src/infrastructure/keycloak/user-repository.ts","../src/infrastructure/keycloak/group-repository.ts","../src/domain/shared/idp-alias.ts","../src/infrastructure/keycloak/identity-provider-repository.ts","../src/infrastructure/keycloak/realm-info.ts","../src/domain/shared/role-name.ts","../src/infrastructure/keycloak/role-repository.ts","../src/infrastructure/mcp/auth-tools.ts","../src/application/authentication/list-auth-flows.use-case.ts","../src/application/authentication/list-required-actions.use-case.ts","../src/application/authentication/set-required-action-enabled.use-case.ts","../src/infrastructure/mcp/tool-definition.ts","../src/infrastructure/mcp/authz-tools.ts","../src/application/authz/list-authz-permissions.use-case.ts","../src/application/authz/list-authz-policies.use-case.ts","../src/application/authz/list-authz-resources.use-case.ts","../src/infrastructure/mcp/client-scope-tools.ts","../src/application/clientscopes/assign-client-scope.use-case.ts","../src/application/clientscopes/get-client-default-scopes.use-case.ts","../src/application/clientscopes/list-client-mappers.use-case.ts","../src/application/clientscopes/list-client-scopes.use-case.ts","../src/domain/policy/destructive-operation.ts","../src/application/clientscopes/remove-client-scope.use-case.ts","../src/infrastructure/mcp/client-tools.ts","../src/application/clients/get-client-secret.use-case.ts","../src/application/clients/get-client.use-case.ts","../src/application/clients/list-clients.use-case.ts","../src/application/clients/regenerate-client-secret.use-case.ts","../src/infrastructure/mcp/confirmation/elicitation-confirmer.ts","../src/infrastructure/mcp/confirmation/param-confirmer.ts","../src/infrastructure/mcp/confirmation/confirmer-factory.ts","../src/infrastructure/mcp/event-realm-tools.ts","../src/application/events/get-admin-events.use-case.ts","../src/application/events/get-login-events.use-case.ts","../src/application/realm/get-realm-config.use-case.ts","../src/application/realm/get-server-info.use-case.ts","../src/infrastructure/mcp/federation-tools.ts","../src/application/federation/get-federation-provider.use-case.ts","../src/application/federation/list-federation-providers.use-case.ts","../src/application/federation/sync-federation.use-case.ts","../src/infrastructure/mcp/group-tools.ts","../src/application/groups/add-group-member.use-case.ts","../src/application/groups/assign-group-role.use-case.ts","../src/application/groups/create-group.use-case.ts","../src/application/groups/delete-group.use-case.ts","../src/application/groups/list-group-members.use-case.ts","../src/application/groups/list-groups.use-case.ts","../src/application/groups/list-user-groups.use-case.ts","../src/application/groups/remove-group-member.use-case.ts","../src/infrastructure/mcp/idp-tools.ts","../src/application/idp/create-identity-provider.use-case.ts","../src/application/idp/delete-identity-provider.use-case.ts","../src/application/idp/get-identity-provider.use-case.ts","../src/application/idp/list-identity-providers.use-case.ts","../src/application/idp/list-idp-mappers.use-case.ts","../src/infrastructure/mcp/role-tools.ts","../src/application/roles/assign-user-role.use-case.ts","../src/application/roles/get-user-roles.use-case.ts","../src/application/roles/list-realm-roles.use-case.ts","../src/application/roles/unassign-user-role.use-case.ts","../src/infrastructure/mcp/tool-registry.ts","../src/infrastructure/mcp/user-tools.ts","../src/application/users/create-user.use-case.ts","../src/application/users/delete-user.use-case.ts","../src/application/users/get-user.use-case.ts","../src/application/users/list-user-sessions.use-case.ts","../src/application/users/logout-user.use-case.ts","../src/application/users/reset-user-password.use-case.ts","../src/application/users/search-users.use-case.ts","../src/application/users/send-action-email.use-case.ts","../src/application/users/set-user-enabled.use-case.ts","../src/application/users/update-user.use-case.ts","../src/domain/shared/action-email-type.ts","../src/domain/shared/password.ts"],"sourcesContent":["import { StdioServerTransport } from \"@modelcontextprotocol/sdk/server/stdio.js\";\n\nimport { loadConfig } from \"./config/config.js\";\nimport { createServer } from \"./server.js\";\n\nasync function main(): Promise<void> {\n const config = loadConfig(process.env);\n const server = createServer(config);\n await server.connect(new StdioServerTransport());\n}\n\nmain().catch((error: unknown) => {\n console.error(error);\n process.exitCode = 1;\n});\n","import { z } from \"zod\";\n\nconst baseSchema = z.object({\n KEYCLOAK_BASE_URL: z.string().min(1),\n KEYCLOAK_REALM: z.string().min(1),\n READ_ONLY: z.string().optional(),\n ALLOWED_REALMS: z.string().optional(),\n});\n\nconst authSchema = z.discriminatedUnion(\"AUTH_MODE\", [\n z.object({\n AUTH_MODE: z.literal(\"service_account\"),\n KC_CLIENT_ID: z.string().min(1),\n KC_CLIENT_SECRET: z.string().min(1),\n }),\n z.object({\n AUTH_MODE: z.literal(\"password\"),\n KC_ADMIN_USERNAME: z.string().min(1),\n KC_ADMIN_PASSWORD: z.string().min(1),\n KC_ADMIN_REALM: z.string().min(1).default(\"master\"),\n }),\n]);\n\nconst schema = z.intersection(baseSchema, authSchema);\n\nexport type AuthConfig =\n | { readonly mode: \"service_account\"; clientId: string; clientSecret: string }\n | {\n readonly mode: \"password\";\n username: string;\n password: string;\n adminRealm: string;\n };\n\nexport interface AppConfig {\n readonly baseUrl: string;\n readonly realm: string;\n readonly readOnly: boolean;\n readonly allowedRealms: string[];\n readonly auth: AuthConfig;\n}\n\nfunction parseRealms(raw: string | undefined): string[] {\n if (raw === undefined) {\n return [];\n }\n return raw\n .split(\",\")\n .map((value) => value.trim())\n .filter((value) => value.length > 0);\n}\n\nfunction toAuthConfig(parsed: z.infer<typeof schema>): AuthConfig {\n if (parsed.AUTH_MODE === \"service_account\") {\n return {\n mode: \"service_account\",\n clientId: parsed.KC_CLIENT_ID,\n clientSecret: parsed.KC_CLIENT_SECRET,\n };\n }\n return {\n mode: \"password\",\n username: parsed.KC_ADMIN_USERNAME,\n password: parsed.KC_ADMIN_PASSWORD,\n adminRealm: parsed.KC_ADMIN_REALM,\n };\n}\n\nexport function loadConfig(env: Record<string, string | undefined>): AppConfig {\n const result = schema.safeParse(env);\n if (!result.success) {\n const details = result.error.issues\n .map((issue) => `${issue.path.join(\".\") || \"(root)\"}: ${issue.message}`)\n .join(\"; \");\n throw new Error(`Invalid configuration: ${details}`);\n }\n const parsed = result.data;\n return {\n baseUrl: parsed.KEYCLOAK_BASE_URL,\n realm: parsed.KEYCLOAK_REALM,\n readOnly: parsed.READ_ONLY === \"true\",\n allowedRealms: parseRealms(parsed.ALLOWED_REALMS),\n auth: toAuthConfig(parsed),\n };\n}\n","import { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\n\nimport type { AppConfig } from \"./config/config.js\";\nimport { RealmAccessPolicy } from \"./domain/policy/realm-access-policy.js\";\nimport { ToolAccessPolicy } from \"./domain/policy/tool-access-policy.js\";\nimport type { TokenProvider } from \"./domain/ports/token-provider.js\";\nimport { RealmName } from \"./domain/shared/realm-name.js\";\nimport { createClientCredentialsProvider } from \"./infrastructure/auth/client-credentials-provider.js\";\nimport { createPasswordProvider } from \"./infrastructure/auth/password-provider.js\";\nimport { systemClock } from \"./infrastructure/auth/system-clock.js\";\nimport type { FetchFn } from \"./infrastructure/auth/token-endpoint.js\";\nimport { KeycloakAdminClient } from \"./infrastructure/keycloak/admin-client.js\";\nimport { KeycloakClientRepository } from \"./infrastructure/keycloak/client-repository.js\";\nimport { KeycloakAuthenticationRepository } from \"./infrastructure/keycloak/authentication-repository.js\";\nimport { KeycloakAuthorizationRepository } from \"./infrastructure/keycloak/authorization-repository.js\";\nimport { KeycloakClientScopeRepository } from \"./infrastructure/keycloak/client-scope-repository.js\";\nimport { KeycloakEventLog } from \"./infrastructure/keycloak/event-log.js\";\nimport { KeycloakFederationRepository } from \"./infrastructure/keycloak/federation-repository.js\";\nimport { KeycloakGroupRepository } from \"./infrastructure/keycloak/group-repository.js\";\nimport { KeycloakIdentityProviderRepository } from \"./infrastructure/keycloak/identity-provider-repository.js\";\nimport { KeycloakRealmInfo } from \"./infrastructure/keycloak/realm-info.js\";\nimport { KeycloakRoleRepository } from \"./infrastructure/keycloak/role-repository.js\";\nimport { KeycloakUserRepository } from \"./infrastructure/keycloak/user-repository.js\";\nimport { buildAuthTools } from \"./infrastructure/mcp/auth-tools.js\";\nimport { buildAuthzTools } from \"./infrastructure/mcp/authz-tools.js\";\nimport { buildClientScopeTools } from \"./infrastructure/mcp/client-scope-tools.js\";\nimport { buildClientTools } from \"./infrastructure/mcp/client-tools.js\";\nimport { McpConfirmerFactory } from \"./infrastructure/mcp/confirmation/confirmer-factory.js\";\nimport { buildEventRealmTools } from \"./infrastructure/mcp/event-realm-tools.js\";\nimport { buildFederationTools } from \"./infrastructure/mcp/federation-tools.js\";\nimport { buildGroupTools } from \"./infrastructure/mcp/group-tools.js\";\nimport { buildIdpTools } from \"./infrastructure/mcp/idp-tools.js\";\nimport { buildRoleTools } from \"./infrastructure/mcp/role-tools.js\";\nimport {\n filterTools,\n registerTools,\n} from \"./infrastructure/mcp/tool-registry.js\";\nimport { buildUserTools } from \"./infrastructure/mcp/user-tools.js\";\n\nconst httpFetch: FetchFn = (url, init) => fetch(url, init);\n\nfunction createTokenProvider(config: AppConfig): TokenProvider {\n if (config.auth.mode === \"service_account\") {\n return createClientCredentialsProvider(\n {\n baseUrl: config.baseUrl,\n realm: config.realm,\n clientId: config.auth.clientId,\n clientSecret: config.auth.clientSecret,\n },\n httpFetch,\n systemClock,\n );\n }\n return createPasswordProvider(\n {\n baseUrl: config.baseUrl,\n realm: config.auth.adminRealm,\n username: config.auth.username,\n password: config.auth.password,\n },\n httpFetch,\n systemClock,\n );\n}\n\nexport function createServer(config: AppConfig): McpServer {\n RealmAccessPolicy.of(\n config.allowedRealms.map((realm) => RealmName.fromString(realm)),\n ).assertAllowed(RealmName.fromString(config.realm));\n\n const server = new McpServer({\n name: \"mcp-keycloak-admin\",\n version: \"0.0.0\",\n });\n\n const tokens = createTokenProvider(config);\n const client = new KeycloakAdminClient(\n { baseUrl: config.baseUrl, realm: config.realm },\n tokens,\n httpFetch,\n );\n const userRepository = new KeycloakUserRepository(client);\n const roleRepository = new KeycloakRoleRepository(client);\n const clientRepository = new KeycloakClientRepository(client);\n const clientScopeRepository = new KeycloakClientScopeRepository(client);\n const groupRepository = new KeycloakGroupRepository(client);\n const eventLog = new KeycloakEventLog(client);\n const realmInfo = new KeycloakRealmInfo(client);\n const identityProviderRepository = new KeycloakIdentityProviderRepository(\n client,\n );\n const federationRepository = new KeycloakFederationRepository(client);\n const authenticationRepository = new KeycloakAuthenticationRepository(client);\n const authorizationRepository = new KeycloakAuthorizationRepository(client);\n const confirmers = new McpConfirmerFactory(server);\n\n const tools = filterTools(\n [\n ...buildUserTools({ userRepository, confirmers }),\n ...buildRoleTools({ roleRepository, confirmers }),\n ...buildClientTools({ clientRepository, confirmers }),\n ...buildClientScopeTools({\n clientRepository,\n clientScopeRepository,\n confirmers,\n }),\n ...buildGroupTools({ groupRepository, roleRepository, confirmers }),\n ...buildIdpTools({ identityProviderRepository, confirmers }),\n ...buildFederationTools({ federationRepository }),\n ...buildAuthTools({ authenticationRepository }),\n ...buildAuthzTools({ clientRepository, authorizationRepository }),\n ...buildEventRealmTools({ eventLog, realmInfo }),\n ],\n ToolAccessPolicy.of(config.readOnly),\n );\n registerTools(server, tools);\n\n return server;\n}\n","const UUID_PATTERN =\n /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;\n\nexport function ensureNonBlank(value: string, label: string): string {\n const trimmed = value.trim();\n if (trimmed.length === 0) {\n throw new Error(`${label} cannot be empty`);\n }\n return trimmed;\n}\n\nexport function ensureUuid(value: string, label: string): string {\n const trimmed = value.trim();\n if (!UUID_PATTERN.test(trimmed)) {\n throw new Error(`${label} must be a valid UUID`);\n }\n return trimmed;\n}\n","import { ensureNonBlank } from \"./guards.js\";\n\nexport class RealmName {\n private constructor(private readonly value: string) {}\n\n static fromString(value: string): RealmName {\n return new RealmName(ensureNonBlank(value, \"RealmName\"));\n }\n\n toString(): string {\n return this.value;\n }\n\n equals(other: RealmName): boolean {\n return this.value === other.value;\n }\n}\n","import { RealmName } from \"../shared/realm-name.js\";\n\n/** Enforces the optional realm allow-list. An empty list allows every realm. */\nexport class RealmAccessPolicy {\n private constructor(private readonly allowed: readonly RealmName[]) {}\n\n static of(allowed: readonly RealmName[]): RealmAccessPolicy {\n return new RealmAccessPolicy(allowed);\n }\n\n assertAllowed(realm: RealmName): void {\n if (this.allowed.length === 0) {\n return;\n }\n if (!this.allowed.some((candidate) => candidate.equals(realm))) {\n throw new Error(`Realm \"${realm.toString()}\" is not allowed`);\n }\n }\n}\n","import { ToolLevel } from \"./tool-level.js\";\n\n/** Decides whether a tool may run given the read-only guardrail. */\nexport class ToolAccessPolicy {\n private constructor(private readonly readOnly: boolean) {}\n\n static of(readOnly: boolean): ToolAccessPolicy {\n return new ToolAccessPolicy(readOnly);\n }\n\n isBlocked(level: ToolLevel): boolean {\n return this.readOnly && level !== ToolLevel.Read;\n }\n}\n","import type { Clock } from \"../../domain/ports/clock.js\";\nimport type { TokenProvider } from \"../../domain/ports/token-provider.js\";\nimport type { AccessToken } from \"../../domain/shared/access-token.js\";\n\nconst REFRESH_THRESHOLD_MS = 30_000;\n\nexport type FetchToken = () => Promise<AccessToken>;\n\n/**\n * Caches a token and refreshes it shortly before expiry. Concurrent refreshes\n * share a single in-flight request.\n */\nexport class CachingTokenProvider implements TokenProvider {\n private cached: AccessToken | null = null;\n private inFlight: Promise<AccessToken> | null = null;\n\n constructor(\n private readonly fetchToken: FetchToken,\n private readonly clock: Clock,\n ) {}\n\n getToken(): Promise<AccessToken> {\n const current = this.cached;\n if (\n current !== null &&\n !current.isExpiringWithin(REFRESH_THRESHOLD_MS, this.clock.now())\n ) {\n return Promise.resolve(current);\n }\n this.inFlight ??= this.refresh();\n return this.inFlight;\n }\n\n private refresh(): Promise<AccessToken> {\n return this.fetchToken()\n .then((token) => {\n this.cached = token;\n this.inFlight = null;\n return token;\n })\n .catch((error: unknown) => {\n this.inFlight = null;\n throw error;\n });\n }\n}\n","import { ensureNonBlank } from \"./guards.js\";\n\nexport class AccessToken {\n private constructor(\n private readonly value: string,\n private readonly expiresAt: number,\n ) {}\n\n /**\n * @param value the raw bearer token\n * @param expiresAt absolute expiry, epoch milliseconds\n */\n static issue(value: string, expiresAt: number): AccessToken {\n return new AccessToken(ensureNonBlank(value, \"AccessToken\"), expiresAt);\n }\n\n toString(): string {\n return this.value;\n }\n\n isExpiringWithin(thresholdMs: number, now: number): boolean {\n return this.expiresAt - now <= thresholdMs;\n }\n}\n","import type { Clock } from \"../../domain/ports/clock.js\";\nimport { AccessToken } from \"../../domain/shared/access-token.js\";\n\nexport type FetchFn = (url: string, init?: RequestInit) => Promise<Response>;\n\ninterface TokenResponse {\n readonly access_token: string;\n readonly expires_in: number;\n}\n\nexport function tokenUrl(baseUrl: string, realm: string): string {\n return `${baseUrl}/realms/${realm}/protocol/openid-connect/token`;\n}\n\nexport async function requestToken(\n fetchFn: FetchFn,\n url: string,\n form: Record<string, string>,\n clock: Clock,\n): Promise<AccessToken> {\n const response = await fetchFn(url, {\n method: \"POST\",\n headers: { \"content-type\": \"application/x-www-form-urlencoded\" },\n body: new URLSearchParams(form).toString(),\n });\n\n if (!response.ok) {\n throw new Error(\n `Authentication against Keycloak failed (HTTP ${String(response.status)})`,\n );\n }\n\n const json = (await response.json()) as TokenResponse;\n const expiresAt = clock.now() + json.expires_in * 1000;\n return AccessToken.issue(json.access_token, expiresAt);\n}\n","import type { Clock } from \"../../domain/ports/clock.js\";\nimport type { TokenProvider } from \"../../domain/ports/token-provider.js\";\nimport { CachingTokenProvider } from \"./caching-token-provider.js\";\nimport { type FetchFn, requestToken, tokenUrl } from \"./token-endpoint.js\";\n\nexport interface ClientCredentialsConfig {\n readonly baseUrl: string;\n readonly realm: string;\n readonly clientId: string;\n readonly clientSecret: string;\n}\n\nexport function createClientCredentialsProvider(\n config: ClientCredentialsConfig,\n fetchFn: FetchFn,\n clock: Clock,\n): TokenProvider {\n const url = tokenUrl(config.baseUrl, config.realm);\n return new CachingTokenProvider(\n () =>\n requestToken(\n fetchFn,\n url,\n {\n grant_type: \"client_credentials\",\n client_id: config.clientId,\n client_secret: config.clientSecret,\n },\n clock,\n ),\n clock,\n );\n}\n","import type { Clock } from \"../../domain/ports/clock.js\";\nimport type { TokenProvider } from \"../../domain/ports/token-provider.js\";\nimport { CachingTokenProvider } from \"./caching-token-provider.js\";\nimport { type FetchFn, requestToken, tokenUrl } from \"./token-endpoint.js\";\n\nexport interface PasswordConfig {\n readonly baseUrl: string;\n readonly realm: string;\n readonly username: string;\n readonly password: string;\n}\n\nexport function createPasswordProvider(\n config: PasswordConfig,\n fetchFn: FetchFn,\n clock: Clock,\n): TokenProvider {\n const url = tokenUrl(config.baseUrl, config.realm);\n return new CachingTokenProvider(\n () =>\n requestToken(\n fetchFn,\n url,\n {\n grant_type: \"password\",\n client_id: \"admin-cli\",\n username: config.username,\n password: config.password,\n },\n clock,\n ),\n clock,\n );\n}\n","import type { Clock } from \"../../domain/ports/clock.js\";\n\nexport const systemClock: Clock = {\n now: () => Date.now(),\n};\n","export class KeycloakError extends Error {\n constructor(\n readonly status: number,\n message: string,\n ) {\n super(message);\n this.name = \"KeycloakError\";\n }\n}\n\nfunction extractDetail(body: unknown): string | null {\n if (typeof body !== \"object\" || body === null) {\n return null;\n }\n const record = body as Record<string, unknown>;\n const candidate =\n record.errorMessage ?? record.error_description ?? record.error;\n return typeof candidate === \"string\" ? candidate : null;\n}\n\nexport function toReadableKeycloakError(\n status: number,\n body: unknown,\n): KeycloakError {\n const detail = extractDetail(body);\n switch (status) {\n case 401:\n return new KeycloakError(401, \"Authentication failed\");\n case 403:\n return new KeycloakError(\n 403,\n \"Permission denied: the configured credentials lack the required role\",\n );\n case 404:\n return new KeycloakError(404, \"Resource not found\");\n case 409:\n return new KeycloakError(\n 409,\n detail !== null\n ? `Conflict: ${detail}`\n : \"Conflict: the resource already exists\",\n );\n default:\n return new KeycloakError(\n status,\n detail !== null\n ? `Keycloak request failed: ${detail}`\n : `Keycloak request failed (HTTP ${String(status)})`,\n );\n }\n}\n","import type { TokenProvider } from \"../../domain/ports/token-provider.js\";\nimport type { FetchFn } from \"../auth/token-endpoint.js\";\nimport { toReadableKeycloakError } from \"./errors.js\";\n\nexport interface AdminClientConfig {\n readonly baseUrl: string;\n readonly realm: string;\n}\n\nconst DEFAULT_PAGE_SIZE = 100;\n\nexport class KeycloakAdminClient {\n constructor(\n private readonly config: AdminClientConfig,\n private readonly tokens: TokenProvider,\n private readonly fetchFn: FetchFn,\n ) {}\n\n async getJson<T>(\n path: string,\n query: Record<string, string> = {},\n ): Promise<T> {\n const response = await this.send(\"GET\", path, query);\n return (await response.json()) as T;\n }\n\n async post(path: string, body?: unknown): Promise<void> {\n await this.send(\"POST\", path, {}, body);\n }\n\n async postJson<T>(path: string, body?: unknown): Promise<T> {\n const response = await this.send(\"POST\", path, {}, body);\n return (await response.json()) as T;\n }\n\n async put(path: string, body?: unknown): Promise<void> {\n await this.send(\"PUT\", path, {}, body);\n }\n\n async delete(path: string, body?: unknown): Promise<void> {\n await this.send(\"DELETE\", path, {}, body);\n }\n\n /** Fetches every page of a list endpoint using Keycloak's first/max paging. */\n async list<T>(\n path: string,\n query: Record<string, string> = {},\n pageSize = DEFAULT_PAGE_SIZE,\n ): Promise<T[]> {\n const all: T[] = [];\n let first = 0;\n for (;;) {\n const page = await this.getJson<T[]>(path, {\n ...query,\n first: String(first),\n max: String(pageSize),\n });\n all.push(...page);\n if (page.length < pageSize) {\n break;\n }\n first += pageSize;\n }\n return all;\n }\n\n /** GET a non-realm-scoped admin resource, e.g. `/serverinfo`. */\n async getAdminJson<T>(adminPath: string): Promise<T> {\n const response = await this.sendUrl(\n \"GET\",\n `${this.config.baseUrl}/admin${adminPath}`,\n );\n return (await response.json()) as T;\n }\n\n private url(path: string, query: Record<string, string>): string {\n const base = `${this.config.baseUrl}/admin/realms/${this.config.realm}${path}`;\n const params = new URLSearchParams(query).toString();\n return params.length === 0 ? base : `${base}?${params}`;\n }\n\n private send(\n method: string,\n path: string,\n query: Record<string, string>,\n body?: unknown,\n ): Promise<Response> {\n return this.sendUrl(method, this.url(path, query), body);\n }\n\n private async sendUrl(\n method: string,\n url: string,\n body?: unknown,\n attempt = 0,\n ): Promise<Response> {\n const token = await this.tokens.getToken();\n const headers: Record<string, string> = {\n authorization: `Bearer ${token.toString()}`,\n };\n const init: RequestInit = { method, headers };\n if (body !== undefined) {\n headers[\"content-type\"] = \"application/json\";\n init.body = JSON.stringify(body);\n }\n\n const response = await this.fetchFn(url, init);\n\n if (response.status === 401 && attempt === 0) {\n return this.sendUrl(method, url, body, attempt + 1);\n }\n if (!response.ok) {\n throw toReadableKeycloakError(response.status, await safeJson(response));\n }\n return response;\n }\n}\n\nasync function safeJson(response: Response): Promise<unknown> {\n try {\n return await response.json();\n } catch {\n return null;\n }\n}\n","import { ensureNonBlank } from \"./guards.js\";\n\n/** The human-readable `clientId` of a Keycloak client (e.g. \"mcp-admin\"). */\nexport class ClientId {\n private constructor(private readonly value: string) {}\n\n static fromString(value: string): ClientId {\n return new ClientId(ensureNonBlank(value, \"ClientId\"));\n }\n\n toString(): string {\n return this.value;\n }\n\n equals(other: ClientId): boolean {\n return this.value === other.value;\n }\n}\n","import { ensureNonBlank } from \"./guards.js\";\n\nexport class ClientSecret {\n private constructor(private readonly value: string) {}\n\n static fromString(value: string): ClientSecret {\n return new ClientSecret(ensureNonBlank(value, \"ClientSecret\"));\n }\n\n /** Reveals the raw secret. Only call when the caller explicitly opted in. */\n reveal(): string {\n return this.value;\n }\n\n /** A safe representation that never exposes the secret. */\n masked(): string {\n return \"••••••••\";\n }\n\n toString(): string {\n return this.masked();\n }\n}\n","import { ensureUuid } from \"./guards.js\";\n\n/** The internal UUID Keycloak assigns to a client (distinct from its clientId). */\nexport class ClientUuid {\n private constructor(private readonly value: string) {}\n\n static fromString(value: string): ClientUuid {\n return new ClientUuid(ensureUuid(value, \"ClientUuid\"));\n }\n\n toString(): string {\n return this.value;\n }\n\n equals(other: ClientUuid): boolean {\n return this.value === other.value;\n }\n}\n","import type { ClientSummary } from \"../../domain/client/client-summary.js\";\nimport type { ClientRepository } from \"../../domain/ports/client-repository.js\";\nimport { ClientId } from \"../../domain/shared/client-id.js\";\nimport { ClientSecret } from \"../../domain/shared/client-secret.js\";\nimport { ClientUuid } from \"../../domain/shared/client-uuid.js\";\nimport type { KeycloakAdminClient } from \"./admin-client.js\";\n\ninterface KeycloakClientRep {\n readonly id: string;\n readonly clientId: string;\n readonly enabled?: boolean;\n readonly publicClient?: boolean;\n}\n\ninterface SecretRep {\n readonly value: string;\n}\n\nfunction toSummary(raw: KeycloakClientRep): ClientSummary {\n return {\n uuid: ClientUuid.fromString(raw.id),\n clientId: ClientId.fromString(raw.clientId),\n enabled: raw.enabled ?? false,\n publicClient: raw.publicClient ?? false,\n };\n}\n\nexport class KeycloakClientRepository implements ClientRepository {\n constructor(private readonly client: KeycloakAdminClient) {}\n\n async list(): Promise<ClientSummary[]> {\n const raw = await this.client.getJson<KeycloakClientRep[]>(\"/clients\");\n return raw.map(toSummary);\n }\n\n async findByClientId(clientId: ClientId): Promise<ClientSummary | null> {\n const raw = await this.client.getJson<KeycloakClientRep[]>(\"/clients\", {\n clientId: clientId.toString(),\n });\n const first = raw[0];\n return first === undefined ? null : toSummary(first);\n }\n\n async getSecret(uuid: ClientUuid): Promise<ClientSecret> {\n const raw = await this.client.getJson<SecretRep>(\n `/clients/${uuid.toString()}/client-secret`,\n );\n return ClientSecret.fromString(raw.value);\n }\n\n async regenerateSecret(uuid: ClientUuid): Promise<ClientSecret> {\n const raw = await this.client.postJson<SecretRep>(\n `/clients/${uuid.toString()}/client-secret`,\n );\n return ClientSecret.fromString(raw.value);\n }\n}\n","import type {\n AuthFlow,\n RequiredAction,\n} from \"../../domain/authentication/authentication.js\";\nimport type { AuthenticationRepository } from \"../../domain/ports/authentication-repository.js\";\nimport type { KeycloakAdminClient } from \"./admin-client.js\";\n\ninterface KeycloakFlow {\n readonly id?: string;\n readonly alias?: string;\n readonly builtIn?: boolean;\n}\n\ninterface KeycloakRequiredAction {\n readonly alias?: string;\n readonly name?: string;\n readonly enabled?: boolean;\n readonly defaultAction?: boolean;\n}\n\nexport class KeycloakAuthenticationRepository implements AuthenticationRepository {\n constructor(private readonly client: KeycloakAdminClient) {}\n\n async listFlows(): Promise<AuthFlow[]> {\n const raw = await this.client.getJson<KeycloakFlow[]>(\n \"/authentication/flows\",\n );\n return raw.map((flow) => ({\n id: flow.id ?? \"\",\n alias: flow.alias ?? \"\",\n builtIn: flow.builtIn ?? false,\n }));\n }\n\n async listRequiredActions(): Promise<RequiredAction[]> {\n const raw = await this.client.getJson<KeycloakRequiredAction[]>(\n \"/authentication/required-actions\",\n );\n return raw.map((action) => ({\n alias: action.alias ?? \"\",\n name: action.name ?? \"\",\n enabled: action.enabled ?? false,\n defaultAction: action.defaultAction ?? false,\n }));\n }\n\n async setRequiredActionEnabled(\n alias: string,\n enabled: boolean,\n ): Promise<void> {\n const current = await this.client.getJson<Record<string, unknown>>(\n `/authentication/required-actions/${encodeURIComponent(alias)}`,\n );\n await this.client.put(\n `/authentication/required-actions/${encodeURIComponent(alias)}`,\n { ...current, enabled },\n );\n }\n}\n","import type { AuthzEntry } from \"../../domain/authz/authorization.js\";\nimport type { AuthorizationRepository } from \"../../domain/ports/authorization-repository.js\";\nimport type { ClientUuid } from \"../../domain/shared/client-uuid.js\";\nimport type { KeycloakAdminClient } from \"./admin-client.js\";\n\ninterface KeycloakAuthzEntry {\n readonly id?: string;\n readonly _id?: string;\n readonly name?: string;\n readonly type?: string;\n}\n\nfunction toEntry(raw: KeycloakAuthzEntry): AuthzEntry {\n return {\n id: raw.id ?? raw._id ?? \"\",\n name: raw.name ?? \"\",\n type: raw.type ?? \"\",\n };\n}\n\nexport class KeycloakAuthorizationRepository implements AuthorizationRepository {\n constructor(private readonly client: KeycloakAdminClient) {}\n\n private base(clientUuid: ClientUuid): string {\n return `/clients/${clientUuid.toString()}/authz/resource-server`;\n }\n\n async resources(clientUuid: ClientUuid): Promise<AuthzEntry[]> {\n const raw = await this.client.getJson<KeycloakAuthzEntry[]>(\n `${this.base(clientUuid)}/resource`,\n );\n return raw.map(toEntry);\n }\n\n async policies(clientUuid: ClientUuid): Promise<AuthzEntry[]> {\n const raw = await this.client.getJson<KeycloakAuthzEntry[]>(\n `${this.base(clientUuid)}/policy`,\n );\n return raw.map(toEntry);\n }\n\n async permissions(clientUuid: ClientUuid): Promise<AuthzEntry[]> {\n const raw = await this.client.getJson<KeycloakAuthzEntry[]>(\n `${this.base(clientUuid)}/permission`,\n );\n return raw.map(toEntry);\n }\n}\n","import { ensureUuid } from \"./guards.js\";\n\nexport class ClientScopeId {\n private constructor(private readonly value: string) {}\n\n static fromString(value: string): ClientScopeId {\n return new ClientScopeId(ensureUuid(value, \"ClientScopeId\"));\n }\n\n toString(): string {\n return this.value;\n }\n\n equals(other: ClientScopeId): boolean {\n return this.value === other.value;\n }\n}\n","import { ensureNonBlank } from \"./guards.js\";\n\nexport class ClientScopeName {\n private constructor(private readonly value: string) {}\n\n static fromString(value: string): ClientScopeName {\n return new ClientScopeName(ensureNonBlank(value, \"ClientScopeName\"));\n }\n\n toString(): string {\n return this.value;\n }\n\n equals(other: ClientScopeName): boolean {\n return this.value === other.value;\n }\n}\n","import type {\n ClientScope,\n ProtocolMapper,\n} from \"../../domain/clientscope/client-scope.js\";\nimport type { ClientScopeRepository } from \"../../domain/ports/client-scope-repository.js\";\nimport { ClientScopeId } from \"../../domain/shared/client-scope-id.js\";\nimport { ClientScopeName } from \"../../domain/shared/client-scope-name.js\";\nimport type { ClientUuid } from \"../../domain/shared/client-uuid.js\";\nimport type { KeycloakAdminClient } from \"./admin-client.js\";\n\ninterface KeycloakClientScope {\n readonly id: string;\n readonly name: string;\n readonly protocol?: string;\n}\n\ninterface KeycloakMapper {\n readonly id: string;\n readonly name: string;\n readonly protocol?: string;\n readonly protocolMapper?: string;\n}\n\nfunction toScope(raw: KeycloakClientScope): ClientScope {\n return {\n id: ClientScopeId.fromString(raw.id),\n name: ClientScopeName.fromString(raw.name),\n protocol: raw.protocol ?? \"openid-connect\",\n };\n}\n\nfunction toMapper(raw: KeycloakMapper): ProtocolMapper {\n return {\n id: raw.id,\n name: raw.name,\n protocol: raw.protocol ?? \"openid-connect\",\n type: raw.protocolMapper ?? \"unknown\",\n };\n}\n\nexport class KeycloakClientScopeRepository implements ClientScopeRepository {\n constructor(private readonly client: KeycloakAdminClient) {}\n\n async listScopes(): Promise<ClientScope[]> {\n const raw =\n await this.client.getJson<KeycloakClientScope[]>(\"/client-scopes\");\n return raw.map(toScope);\n }\n\n async findScopeByName(name: ClientScopeName): Promise<ClientScope | null> {\n const scopes = await this.listScopes();\n return scopes.find((scope) => scope.name.equals(name)) ?? null;\n }\n\n async defaultScopes(clientUuid: ClientUuid): Promise<ClientScope[]> {\n const raw = await this.client.getJson<KeycloakClientScope[]>(\n `/clients/${clientUuid.toString()}/default-client-scopes`,\n );\n return raw.map(toScope);\n }\n\n assignDefaultScope(\n clientUuid: ClientUuid,\n scopeId: ClientScopeId,\n ): Promise<void> {\n return this.client.put(\n `/clients/${clientUuid.toString()}/default-client-scopes/${scopeId.toString()}`,\n );\n }\n\n removeDefaultScope(\n clientUuid: ClientUuid,\n scopeId: ClientScopeId,\n ): Promise<void> {\n return this.client.delete(\n `/clients/${clientUuid.toString()}/default-client-scopes/${scopeId.toString()}`,\n );\n }\n\n async listMappers(clientUuid: ClientUuid): Promise<ProtocolMapper[]> {\n const raw = await this.client.getJson<KeycloakMapper[]>(\n `/clients/${clientUuid.toString()}/protocol-mappers/models`,\n );\n return raw.map(toMapper);\n }\n}\n","import type { EventLog } from \"../../domain/ports/event-log.js\";\nimport type {\n AdminEvent,\n EventQuery,\n LoginEvent,\n} from \"../../domain/event/events.js\";\nimport type { KeycloakAdminClient } from \"./admin-client.js\";\n\ninterface KeycloakLoginEvent {\n readonly time?: number;\n readonly type?: string;\n readonly userId?: string;\n readonly ipAddress?: string;\n}\n\ninterface KeycloakAdminEvent {\n readonly time?: number;\n readonly operationType?: string;\n readonly resourceType?: string;\n readonly resourcePath?: string;\n}\n\nfunction toLoginEvent(raw: KeycloakLoginEvent): LoginEvent {\n return {\n time: raw.time ?? 0,\n type: raw.type ?? \"UNKNOWN\",\n userId: raw.userId ?? null,\n ipAddress: raw.ipAddress ?? null,\n };\n}\n\nfunction toAdminEvent(raw: KeycloakAdminEvent): AdminEvent {\n return {\n time: raw.time ?? 0,\n operationType: raw.operationType ?? \"UNKNOWN\",\n resourceType: raw.resourceType ?? \"UNKNOWN\",\n resourcePath: raw.resourcePath ?? null,\n };\n}\n\nfunction toParams(query: EventQuery): Record<string, string> {\n const params: Record<string, string> = { max: String(query.max) };\n if (query.type !== undefined) {\n params.type = query.type;\n }\n if (query.user !== undefined) {\n params.user = query.user;\n }\n return params;\n}\n\nexport class KeycloakEventLog implements EventLog {\n constructor(private readonly client: KeycloakAdminClient) {}\n\n async loginEvents(query: EventQuery): Promise<LoginEvent[]> {\n const raw = await this.client.getJson<KeycloakLoginEvent[]>(\n \"/events\",\n toParams(query),\n );\n return raw.map(toLoginEvent);\n }\n\n async adminEvents(query: EventQuery): Promise<AdminEvent[]> {\n const raw = await this.client.getJson<KeycloakAdminEvent[]>(\n \"/admin-events\",\n {\n max: String(query.max),\n },\n );\n return raw.map(toAdminEvent);\n }\n}\n","import { ensureUuid } from \"./guards.js\";\n\nexport class ComponentId {\n private constructor(private readonly value: string) {}\n\n static fromString(value: string): ComponentId {\n return new ComponentId(ensureUuid(value, \"ComponentId\"));\n }\n\n toString(): string {\n return this.value;\n }\n\n equals(other: ComponentId): boolean {\n return this.value === other.value;\n }\n}\n","import type {\n FederationProvider,\n SyncMode,\n SyncResult,\n} from \"../../domain/federation/federation-provider.js\";\nimport type { FederationRepository } from \"../../domain/ports/federation-repository.js\";\nimport { ComponentId } from \"../../domain/shared/component-id.js\";\nimport type { KeycloakAdminClient } from \"./admin-client.js\";\nimport { KeycloakError } from \"./errors.js\";\n\nconst PROVIDER_TYPE = \"org.keycloak.storage.UserStorageProvider\";\n\ninterface KeycloakComponent {\n readonly id: string;\n readonly name?: string;\n readonly providerId?: string;\n}\n\ninterface KeycloakSyncResult {\n readonly status?: string;\n readonly added?: number;\n readonly updated?: number;\n readonly removed?: number;\n}\n\nfunction toProvider(raw: KeycloakComponent): FederationProvider {\n return {\n id: ComponentId.fromString(raw.id),\n name: raw.name ?? \"unnamed\",\n providerId: raw.providerId ?? \"unknown\",\n };\n}\n\nexport class KeycloakFederationRepository implements FederationRepository {\n constructor(private readonly client: KeycloakAdminClient) {}\n\n async list(): Promise<FederationProvider[]> {\n const raw = await this.client.getJson<KeycloakComponent[]>(\"/components\", {\n type: PROVIDER_TYPE,\n });\n return raw.map(toProvider);\n }\n\n async find(id: ComponentId): Promise<FederationProvider | null> {\n try {\n const raw = await this.client.getJson<KeycloakComponent>(\n `/components/${id.toString()}`,\n );\n return toProvider(raw);\n } catch (error) {\n if (error instanceof KeycloakError && error.status === 404) {\n return null;\n }\n throw error;\n }\n }\n\n async sync(id: ComponentId, mode: SyncMode): Promise<SyncResult> {\n const action =\n mode === \"full\" ? \"triggerFullSync\" : \"triggerChangedUsersSync\";\n const raw = await this.client.postJson<KeycloakSyncResult>(\n `/user-storage/${id.toString()}/sync?action=${action}`,\n );\n return {\n status: raw.status ?? \"completed\",\n added: raw.added ?? 0,\n updated: raw.updated ?? 0,\n removed: raw.removed ?? 0,\n };\n }\n}\n","import { ensureUuid } from \"./guards.js\";\n\nexport class GroupId {\n private constructor(private readonly value: string) {}\n\n static fromString(value: string): GroupId {\n return new GroupId(ensureUuid(value, \"GroupId\"));\n }\n\n toString(): string {\n return this.value;\n }\n\n equals(other: GroupId): boolean {\n return this.value === other.value;\n }\n}\n","import { ensureNonBlank } from \"./guards.js\";\n\nexport class GroupName {\n private constructor(private readonly value: string) {}\n\n static fromString(value: string): GroupName {\n return new GroupName(ensureNonBlank(value, \"GroupName\"));\n }\n\n toString(): string {\n return this.value;\n }\n\n equals(other: GroupName): boolean {\n return this.value === other.value;\n }\n}\n","const EMAIL_PATTERN = /^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/;\n\nexport class Email {\n private constructor(private readonly value: string) {}\n\n static fromString(value: string): Email {\n const trimmed = value.trim().toLowerCase();\n if (!EMAIL_PATTERN.test(trimmed)) {\n throw new Error(`Invalid email address: ${value}`);\n }\n return new Email(trimmed);\n }\n\n toString(): string {\n return this.value;\n }\n\n equals(other: Email): boolean {\n return this.value === other.value;\n }\n}\n","import { ensureUuid } from \"./guards.js\";\n\nexport class UserId {\n private constructor(private readonly value: string) {}\n\n static fromString(value: string): UserId {\n return new UserId(ensureUuid(value, \"UserId\"));\n }\n\n toString(): string {\n return this.value;\n }\n\n equals(other: UserId): boolean {\n return this.value === other.value;\n }\n}\n","import { ensureNonBlank } from \"./guards.js\";\n\nexport class Username {\n private constructor(private readonly value: string) {}\n\n static fromString(value: string): Username {\n const trimmed = ensureNonBlank(value, \"Username\");\n if (/\\s/.test(trimmed)) {\n throw new Error(\"Username cannot contain whitespace\");\n }\n return new Username(trimmed);\n }\n\n toString(): string {\n return this.value;\n }\n\n equals(other: Username): boolean {\n return this.value === other.value;\n }\n}\n","import type { UserRepository } from \"../../domain/ports/user-repository.js\";\nimport type { ActionEmailType } from \"../../domain/shared/action-email-type.js\";\nimport { Email } from \"../../domain/shared/email.js\";\nimport type { Password } from \"../../domain/shared/password.js\";\nimport { UserId } from \"../../domain/shared/user-id.js\";\nimport { Username } from \"../../domain/shared/username.js\";\nimport type { NewUser } from \"../../domain/user/new-user.js\";\nimport type { User } from \"../../domain/user/user.js\";\nimport type { UserSearchCriteria } from \"../../domain/user/user-search-criteria.js\";\nimport type { UserSession } from \"../../domain/user/user-session.js\";\nimport type { UserUpdate } from \"../../domain/user/user-update.js\";\nimport type { KeycloakAdminClient } from \"./admin-client.js\";\nimport { KeycloakError } from \"./errors.js\";\n\ninterface KeycloakUser {\n readonly id: string;\n readonly username: string;\n readonly email?: string;\n readonly enabled?: boolean;\n}\n\ninterface KeycloakSession {\n readonly id?: string;\n readonly ipAddress?: string;\n readonly start?: number;\n readonly lastAccess?: number;\n}\n\nexport function toUser(raw: KeycloakUser): User {\n return {\n id: UserId.fromString(raw.id),\n username: Username.fromString(raw.username),\n email:\n raw.email === undefined || raw.email === \"\"\n ? null\n : Email.fromString(raw.email),\n enabled: raw.enabled ?? false,\n };\n}\n\nexport class KeycloakUserRepository implements UserRepository {\n constructor(private readonly client: KeycloakAdminClient) {}\n\n search(criteria: UserSearchCriteria): Promise<User[]> {\n const query: Record<string, string> = {\n first: String(criteria.first),\n max: String(criteria.max),\n };\n if (criteria.email !== undefined) {\n query.email = criteria.email.toString();\n }\n if (criteria.username !== undefined) {\n query.username = criteria.username.toString();\n }\n if (criteria.search !== undefined) {\n query.search = criteria.search;\n }\n return this.client\n .getJson<KeycloakUser[]>(\"/users\", query)\n .then((raw) => raw.map(toUser));\n }\n\n async findById(id: UserId): Promise<User | null> {\n try {\n const raw = await this.client.getJson<KeycloakUser>(\n `/users/${id.toString()}`,\n );\n return toUser(raw);\n } catch (error) {\n if (error instanceof KeycloakError && error.status === 404) {\n return null;\n }\n throw error;\n }\n }\n\n create(user: NewUser): Promise<void> {\n return this.client.post(\"/users\", {\n username: user.username.toString(),\n ...(user.email === undefined ? {} : { email: user.email.toString() }),\n enabled: user.enabled,\n emailVerified: user.emailVerified,\n });\n }\n\n update(id: UserId, changes: UserUpdate): Promise<void> {\n const body: Record<string, unknown> = {};\n if (changes.email !== undefined) {\n body.email = changes.email.toString();\n }\n if (changes.firstName !== undefined) {\n body.firstName = changes.firstName;\n }\n if (changes.lastName !== undefined) {\n body.lastName = changes.lastName;\n }\n if (changes.enabled !== undefined) {\n body.enabled = changes.enabled;\n }\n return this.client.put(`/users/${id.toString()}`, body);\n }\n\n setEnabled(id: UserId, enabled: boolean): Promise<void> {\n return this.client.put(`/users/${id.toString()}`, { enabled });\n }\n\n resetPassword(\n id: UserId,\n password: Password,\n temporary: boolean,\n ): Promise<void> {\n return this.client.put(`/users/${id.toString()}/reset-password`, {\n type: \"password\",\n value: password.reveal(),\n temporary,\n });\n }\n\n sendActionsEmail(id: UserId, actions: ActionEmailType[]): Promise<void> {\n return this.client.put(\n `/users/${id.toString()}/execute-actions-email`,\n actions.map((action) => action.toString()),\n );\n }\n\n logout(id: UserId): Promise<void> {\n return this.client.post(`/users/${id.toString()}/logout`);\n }\n\n delete(id: UserId): Promise<void> {\n return this.client.delete(`/users/${id.toString()}`);\n }\n\n async listSessions(id: UserId): Promise<UserSession[]> {\n const raw = await this.client.getJson<KeycloakSession[]>(\n `/users/${id.toString()}/sessions`,\n );\n return raw.map((session) => ({\n id: session.id ?? \"\",\n ipAddress: session.ipAddress ?? null,\n start: session.start ?? 0,\n lastAccess: session.lastAccess ?? 0,\n }));\n }\n\n async countActiveSessions(id: UserId): Promise<number> {\n return (await this.listSessions(id)).length;\n }\n}\n","import type { Group } from \"../../domain/group/group.js\";\nimport type { GroupRepository } from \"../../domain/ports/group-repository.js\";\nimport type { Role } from \"../../domain/role/role.js\";\nimport { GroupId } from \"../../domain/shared/group-id.js\";\nimport { GroupName } from \"../../domain/shared/group-name.js\";\nimport type { UserId } from \"../../domain/shared/user-id.js\";\nimport type { User } from \"../../domain/user/user.js\";\nimport type { KeycloakAdminClient } from \"./admin-client.js\";\nimport { toUser } from \"./user-repository.js\";\n\ninterface KeycloakGroup {\n readonly id: string;\n readonly name: string;\n readonly path?: string;\n}\n\nfunction toGroup(raw: KeycloakGroup): Group {\n return {\n id: GroupId.fromString(raw.id),\n name: GroupName.fromString(raw.name),\n path: raw.path ?? `/${raw.name}`,\n };\n}\n\nexport class KeycloakGroupRepository implements GroupRepository {\n constructor(private readonly client: KeycloakAdminClient) {}\n\n async list(): Promise<Group[]> {\n const raw = await this.client.getJson<KeycloakGroup[]>(\"/groups\");\n return raw.map(toGroup);\n }\n\n create(name: GroupName): Promise<void> {\n return this.client.post(\"/groups\", { name: name.toString() });\n }\n\n delete(id: GroupId): Promise<void> {\n return this.client.delete(`/groups/${id.toString()}`);\n }\n\n addMember(groupId: GroupId, userId: UserId): Promise<void> {\n return this.client.put(\n `/users/${userId.toString()}/groups/${groupId.toString()}`,\n );\n }\n\n removeMember(groupId: GroupId, userId: UserId): Promise<void> {\n return this.client.delete(\n `/users/${userId.toString()}/groups/${groupId.toString()}`,\n );\n }\n\n assignRealmRole(groupId: GroupId, role: Role): Promise<void> {\n return this.client.post(\n `/groups/${groupId.toString()}/role-mappings/realm`,\n [{ id: role.id, name: role.name.toString() }],\n );\n }\n\n async members(groupId: GroupId): Promise<User[]> {\n const raw = await this.client.getJson<\n { id: string; username: string; email?: string; enabled?: boolean }[]\n >(`/groups/${groupId.toString()}/members`);\n return raw.map(toUser);\n }\n\n async userGroups(userId: UserId): Promise<Group[]> {\n const raw = await this.client.getJson<\n { id: string; name: string; path?: string }[]\n >(`/users/${userId.toString()}/groups`);\n return raw.map(toGroup);\n }\n}\n","import { ensureNonBlank } from \"./guards.js\";\n\nexport class IdpAlias {\n private constructor(private readonly value: string) {}\n\n static fromString(value: string): IdpAlias {\n return new IdpAlias(ensureNonBlank(value, \"IdpAlias\"));\n }\n\n toString(): string {\n return this.value;\n }\n\n equals(other: IdpAlias): boolean {\n return this.value === other.value;\n }\n}\n","import type {\n IdentityProvider,\n IdpMapper,\n NewIdentityProvider,\n} from \"../../domain/idp/identity-provider.js\";\nimport type { IdentityProviderRepository } from \"../../domain/ports/identity-provider-repository.js\";\nimport { IdpAlias } from \"../../domain/shared/idp-alias.js\";\nimport type { KeycloakAdminClient } from \"./admin-client.js\";\nimport { KeycloakError } from \"./errors.js\";\n\ninterface KeycloakIdp {\n readonly alias: string;\n readonly providerId?: string;\n readonly enabled?: boolean;\n readonly displayName?: string;\n}\n\ninterface KeycloakIdpMapper {\n readonly id: string;\n readonly name: string;\n readonly identityProviderMapper?: string;\n}\n\nfunction toIdp(raw: KeycloakIdp): IdentityProvider {\n return {\n alias: IdpAlias.fromString(raw.alias),\n providerId: raw.providerId ?? \"unknown\",\n enabled: raw.enabled ?? false,\n displayName: raw.displayName ?? null,\n };\n}\n\nexport class KeycloakIdentityProviderRepository implements IdentityProviderRepository {\n constructor(private readonly client: KeycloakAdminClient) {}\n\n async list(): Promise<IdentityProvider[]> {\n const raw = await this.client.getJson<KeycloakIdp[]>(\n \"/identity-provider/instances\",\n );\n return raw.map(toIdp);\n }\n\n async find(alias: IdpAlias): Promise<IdentityProvider | null> {\n try {\n const raw = await this.client.getJson<KeycloakIdp>(\n `/identity-provider/instances/${alias.toString()}`,\n );\n return toIdp(raw);\n } catch (error) {\n if (error instanceof KeycloakError && error.status === 404) {\n return null;\n }\n throw error;\n }\n }\n\n create(idp: NewIdentityProvider): Promise<void> {\n return this.client.post(\"/identity-provider/instances\", {\n alias: idp.alias.toString(),\n providerId: idp.providerId,\n enabled: idp.enabled,\n config: idp.config,\n });\n }\n\n delete(alias: IdpAlias): Promise<void> {\n return this.client.delete(\n `/identity-provider/instances/${alias.toString()}`,\n );\n }\n\n async listMappers(alias: IdpAlias): Promise<IdpMapper[]> {\n const raw = await this.client.getJson<KeycloakIdpMapper[]>(\n `/identity-provider/instances/${alias.toString()}/mappers`,\n );\n return raw.map((mapper) => ({\n id: mapper.id,\n name: mapper.name,\n type: mapper.identityProviderMapper ?? \"unknown\",\n }));\n }\n}\n","import type { RealmInfo } from \"../../domain/ports/realm-info.js\";\nimport type { KeycloakAdminClient } from \"./admin-client.js\";\n\nexport class KeycloakRealmInfo implements RealmInfo {\n constructor(private readonly client: KeycloakAdminClient) {}\n\n getRealmConfig(): Promise<Record<string, unknown>> {\n return this.client.getJson<Record<string, unknown>>(\"\");\n }\n\n serverInfo(): Promise<Record<string, unknown>> {\n return this.client.getAdminJson<Record<string, unknown>>(\"/serverinfo\");\n }\n}\n","import { ensureNonBlank } from \"./guards.js\";\n\nexport class RoleName {\n private constructor(private readonly value: string) {}\n\n static fromString(value: string): RoleName {\n return new RoleName(ensureNonBlank(value, \"RoleName\"));\n }\n\n toString(): string {\n return this.value;\n }\n\n equals(other: RoleName): boolean {\n return this.value === other.value;\n }\n}\n","import type { RoleRepository } from \"../../domain/ports/role-repository.js\";\nimport type { Role } from \"../../domain/role/role.js\";\nimport { RoleName } from \"../../domain/shared/role-name.js\";\nimport type { UserId } from \"../../domain/shared/user-id.js\";\nimport type { KeycloakAdminClient } from \"./admin-client.js\";\nimport { KeycloakError } from \"./errors.js\";\n\ninterface KeycloakRole {\n readonly id: string;\n readonly name: string;\n readonly description?: string;\n}\n\nfunction toRole(raw: KeycloakRole): Role {\n return {\n id: raw.id,\n name: RoleName.fromString(raw.name),\n description: raw.description ?? null,\n };\n}\n\nfunction toRepresentation(role: Role): { id: string; name: string } {\n return { id: role.id, name: role.name.toString() };\n}\n\nexport class KeycloakRoleRepository implements RoleRepository {\n constructor(private readonly client: KeycloakAdminClient) {}\n\n async listRealmRoles(): Promise<Role[]> {\n const raw = await this.client.getJson<KeycloakRole[]>(\"/roles\");\n return raw.map(toRole);\n }\n\n async findRealmRole(name: RoleName): Promise<Role | null> {\n try {\n const raw = await this.client.getJson<KeycloakRole>(\n `/roles/${encodeURIComponent(name.toString())}`,\n );\n return toRole(raw);\n } catch (error) {\n if (error instanceof KeycloakError && error.status === 404) {\n return null;\n }\n throw error;\n }\n }\n\n async listUserRealmRoles(userId: UserId): Promise<Role[]> {\n const raw = await this.client.getJson<KeycloakRole[]>(\n `/users/${userId.toString()}/role-mappings/realm`,\n );\n return raw.map(toRole);\n }\n\n assignRealmRole(userId: UserId, role: Role): Promise<void> {\n return this.client.post(`/users/${userId.toString()}/role-mappings/realm`, [\n toRepresentation(role),\n ]);\n }\n\n removeRealmRole(userId: UserId, role: Role): Promise<void> {\n return this.client.delete(\n `/users/${userId.toString()}/role-mappings/realm`,\n [toRepresentation(role)],\n );\n }\n}\n","import { z } from \"zod\";\n\nimport { ListAuthFlowsUseCase } from \"../../application/authentication/list-auth-flows.use-case.js\";\nimport { ListRequiredActionsUseCase } from \"../../application/authentication/list-required-actions.use-case.js\";\nimport { SetRequiredActionEnabledUseCase } from \"../../application/authentication/set-required-action-enabled.use-case.js\";\nimport type { AuthenticationRepository } from \"../../domain/ports/authentication-repository.js\";\nimport { ToolLevel } from \"../../domain/policy/tool-level.js\";\nimport { type ToolDefinition, textResult } from \"./tool-definition.js\";\n\nexport interface AuthToolDeps {\n readonly authenticationRepository: AuthenticationRepository;\n}\n\nfunction listFlowsTool(deps: AuthToolDeps): ToolDefinition {\n return {\n name: \"keycloak_auth_flows_list\",\n title: \"List authentication flows\",\n description: \"List the realm's authentication flows.\",\n level: ToolLevel.Read,\n inputSchema: {},\n annotations: {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler() {\n const flows = await new ListAuthFlowsUseCase(\n deps.authenticationRepository,\n ).execute();\n return textResult(JSON.stringify(flows, null, 2));\n },\n };\n}\n\nfunction listRequiredActionsTool(deps: AuthToolDeps): ToolDefinition {\n return {\n name: \"keycloak_auth_required_actions_list\",\n title: \"List required actions\",\n description: \"List the realm's required actions.\",\n level: ToolLevel.Read,\n inputSchema: {},\n annotations: {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler() {\n const actions = await new ListRequiredActionsUseCase(\n deps.authenticationRepository,\n ).execute();\n return textResult(JSON.stringify(actions, null, 2));\n },\n };\n}\n\nfunction setRequiredActionEnabledTool(deps: AuthToolDeps): ToolDefinition {\n return {\n name: \"keycloak_auth_required_action_set_enabled\",\n title: \"Enable or disable a required action\",\n description: \"Enable or disable a realm required action by alias.\",\n level: ToolLevel.Write,\n inputSchema: { alias: z.string(), enabled: z.boolean() },\n annotations: {\n readOnlyHint: false,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler(args) {\n const enabled = args.enabled === true;\n await new SetRequiredActionEnabledUseCase(\n deps.authenticationRepository,\n ).execute({ alias: String(args.alias), enabled });\n return textResult(\n `Required action ${String(args.alias)} ${\n enabled ? \"enabled\" : \"disabled\"\n }.`,\n );\n },\n };\n}\n\nexport function buildAuthTools(deps: AuthToolDeps): ToolDefinition[] {\n return [\n listFlowsTool(deps),\n listRequiredActionsTool(deps),\n setRequiredActionEnabledTool(deps),\n ];\n}\n","import type { AuthFlow } from \"../../domain/authentication/authentication.js\";\nimport type { AuthenticationRepository } from \"../../domain/ports/authentication-repository.js\";\n\nexport class ListAuthFlowsUseCase {\n constructor(private readonly authentication: AuthenticationRepository) {}\n\n execute(): Promise<AuthFlow[]> {\n return this.authentication.listFlows();\n }\n}\n","import type { RequiredAction } from \"../../domain/authentication/authentication.js\";\nimport type { AuthenticationRepository } from \"../../domain/ports/authentication-repository.js\";\n\nexport class ListRequiredActionsUseCase {\n constructor(private readonly authentication: AuthenticationRepository) {}\n\n execute(): Promise<RequiredAction[]> {\n return this.authentication.listRequiredActions();\n }\n}\n","import type { AuthenticationRepository } from \"../../domain/ports/authentication-repository.js\";\n\nexport interface SetRequiredActionEnabledInput {\n readonly alias: string;\n readonly enabled: boolean;\n}\n\nexport class SetRequiredActionEnabledUseCase {\n constructor(private readonly authentication: AuthenticationRepository) {}\n\n execute(input: SetRequiredActionEnabledInput): Promise<void> {\n return this.authentication.setRequiredActionEnabled(\n input.alias,\n input.enabled,\n );\n }\n}\n","import type { z } from \"zod\";\n\nimport type { ToolLevel } from \"../../domain/policy/tool-level.js\";\n\nexport interface ToolTextResult {\n readonly content: { type: \"text\"; text: string }[];\n readonly isError?: boolean;\n}\n\nexport interface ToolAnnotations {\n readonly readOnlyHint?: boolean;\n readonly destructiveHint?: boolean;\n readonly idempotentHint?: boolean;\n}\n\nexport interface ToolDefinition {\n readonly name: string;\n readonly title: string;\n readonly description: string;\n readonly level: ToolLevel;\n readonly inputSchema: Record<string, z.ZodType>;\n readonly annotations: ToolAnnotations;\n handler(args: Record<string, unknown>): Promise<ToolTextResult>;\n}\n\nexport function textResult(text: string): ToolTextResult {\n return { content: [{ type: \"text\", text }] };\n}\n","import { z } from \"zod\";\n\nimport { ListAuthzPermissionsUseCase } from \"../../application/authz/list-authz-permissions.use-case.js\";\nimport { ListAuthzPoliciesUseCase } from \"../../application/authz/list-authz-policies.use-case.js\";\nimport { ListAuthzResourcesUseCase } from \"../../application/authz/list-authz-resources.use-case.js\";\nimport type { AuthzEntry } from \"../../domain/authz/authorization.js\";\nimport type { AuthorizationRepository } from \"../../domain/ports/authorization-repository.js\";\nimport type { ClientRepository } from \"../../domain/ports/client-repository.js\";\nimport { ToolLevel } from \"../../domain/policy/tool-level.js\";\nimport { ClientId } from \"../../domain/shared/client-id.js\";\nimport { type ToolDefinition, textResult } from \"./tool-definition.js\";\n\nexport interface AuthzToolDeps {\n readonly clientRepository: ClientRepository;\n readonly authorizationRepository: AuthorizationRepository;\n}\n\ntype Lister = (clientId: ClientId) => Promise<AuthzEntry[] | null>;\n\nfunction listTool(\n name: string,\n title: string,\n description: string,\n run: Lister,\n): ToolDefinition {\n return {\n name,\n title,\n description,\n level: ToolLevel.Read,\n inputSchema: { clientId: z.string() },\n annotations: {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler(args) {\n const entries = await run(ClientId.fromString(String(args.clientId)));\n return textResult(\n entries === null\n ? \"Client not found.\"\n : JSON.stringify(entries, null, 2),\n );\n },\n };\n}\n\nexport function buildAuthzTools(deps: AuthzToolDeps): ToolDefinition[] {\n return [\n listTool(\n \"keycloak_authz_resources_list\",\n \"List authorization resources\",\n \"List a client's authorization-services resources.\",\n (clientId) =>\n new ListAuthzResourcesUseCase(\n deps.clientRepository,\n deps.authorizationRepository,\n ).execute(clientId),\n ),\n listTool(\n \"keycloak_authz_policies_list\",\n \"List authorization policies\",\n \"List a client's authorization-services policies.\",\n (clientId) =>\n new ListAuthzPoliciesUseCase(\n deps.clientRepository,\n deps.authorizationRepository,\n ).execute(clientId),\n ),\n listTool(\n \"keycloak_authz_permissions_list\",\n \"List authorization permissions\",\n \"List a client's authorization-services permissions.\",\n (clientId) =>\n new ListAuthzPermissionsUseCase(\n deps.clientRepository,\n deps.authorizationRepository,\n ).execute(clientId),\n ),\n ];\n}\n","import type { AuthzEntry } from \"../../domain/authz/authorization.js\";\nimport type { AuthorizationRepository } from \"../../domain/ports/authorization-repository.js\";\nimport type { ClientRepository } from \"../../domain/ports/client-repository.js\";\nimport type { ClientId } from \"../../domain/shared/client-id.js\";\n\nexport class ListAuthzPermissionsUseCase {\n constructor(\n private readonly clients: ClientRepository,\n private readonly authz: AuthorizationRepository,\n ) {}\n\n async execute(clientId: ClientId): Promise<AuthzEntry[] | null> {\n const client = await this.clients.findByClientId(clientId);\n if (client === null) {\n return null;\n }\n return this.authz.permissions(client.uuid);\n }\n}\n","import type { AuthzEntry } from \"../../domain/authz/authorization.js\";\nimport type { AuthorizationRepository } from \"../../domain/ports/authorization-repository.js\";\nimport type { ClientRepository } from \"../../domain/ports/client-repository.js\";\nimport type { ClientId } from \"../../domain/shared/client-id.js\";\n\nexport class ListAuthzPoliciesUseCase {\n constructor(\n private readonly clients: ClientRepository,\n private readonly authz: AuthorizationRepository,\n ) {}\n\n async execute(clientId: ClientId): Promise<AuthzEntry[] | null> {\n const client = await this.clients.findByClientId(clientId);\n if (client === null) {\n return null;\n }\n return this.authz.policies(client.uuid);\n }\n}\n","import type { AuthzEntry } from \"../../domain/authz/authorization.js\";\nimport type { AuthorizationRepository } from \"../../domain/ports/authorization-repository.js\";\nimport type { ClientRepository } from \"../../domain/ports/client-repository.js\";\nimport type { ClientId } from \"../../domain/shared/client-id.js\";\n\nexport class ListAuthzResourcesUseCase {\n constructor(\n private readonly clients: ClientRepository,\n private readonly authz: AuthorizationRepository,\n ) {}\n\n async execute(clientId: ClientId): Promise<AuthzEntry[] | null> {\n const client = await this.clients.findByClientId(clientId);\n if (client === null) {\n return null;\n }\n return this.authz.resources(client.uuid);\n }\n}\n","import { z } from \"zod\";\n\nimport { AssignClientScopeUseCase } from \"../../application/clientscopes/assign-client-scope.use-case.js\";\nimport { GetClientDefaultScopesUseCase } from \"../../application/clientscopes/get-client-default-scopes.use-case.js\";\nimport { ListClientMappersUseCase } from \"../../application/clientscopes/list-client-mappers.use-case.js\";\nimport { ListClientScopesUseCase } from \"../../application/clientscopes/list-client-scopes.use-case.js\";\nimport { RemoveClientScopeUseCase } from \"../../application/clientscopes/remove-client-scope.use-case.js\";\nimport type { ClientScope } from \"../../domain/clientscope/client-scope.js\";\nimport type { ClientRepository } from \"../../domain/ports/client-repository.js\";\nimport type { ClientScopeRepository } from \"../../domain/ports/client-scope-repository.js\";\nimport { ToolLevel } from \"../../domain/policy/tool-level.js\";\nimport { ClientId } from \"../../domain/shared/client-id.js\";\nimport { ClientScopeName } from \"../../domain/shared/client-scope-name.js\";\nimport type { ConfirmerFactory } from \"./confirmation/confirmer-factory.js\";\nimport { type ToolDefinition, textResult } from \"./tool-definition.js\";\n\nexport interface ClientScopeToolDeps {\n readonly clientRepository: ClientRepository;\n readonly clientScopeRepository: ClientScopeRepository;\n readonly confirmers: ConfirmerFactory;\n}\n\nfunction serializeScope(scope: ClientScope): Record<string, unknown> {\n return {\n id: scope.id.toString(),\n name: scope.name.toString(),\n protocol: scope.protocol,\n };\n}\n\nfunction listScopesTool(deps: ClientScopeToolDeps): ToolDefinition {\n return {\n name: \"keycloak_client_scopes_list\",\n title: \"List client scopes\",\n description: \"List the realm's client scopes.\",\n level: ToolLevel.Read,\n inputSchema: {},\n annotations: {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler() {\n const scopes = await new ListClientScopesUseCase(\n deps.clientScopeRepository,\n ).execute();\n return textResult(JSON.stringify(scopes.map(serializeScope), null, 2));\n },\n };\n}\n\nfunction defaultScopesTool(deps: ClientScopeToolDeps): ToolDefinition {\n return {\n name: \"keycloak_client_default_scopes_get\",\n title: \"Get a client's default scopes\",\n description: \"List the default client scopes assigned to a client.\",\n level: ToolLevel.Read,\n inputSchema: { clientId: z.string() },\n annotations: {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler(args) {\n const scopes = await new GetClientDefaultScopesUseCase(\n deps.clientRepository,\n deps.clientScopeRepository,\n ).execute(ClientId.fromString(String(args.clientId)));\n return textResult(\n scopes === null\n ? \"Client not found.\"\n : JSON.stringify(scopes.map(serializeScope), null, 2),\n );\n },\n };\n}\n\nfunction listMappersTool(deps: ClientScopeToolDeps): ToolDefinition {\n return {\n name: \"keycloak_client_mappers_list\",\n title: \"List client protocol mappers\",\n description: \"List a client's protocol mappers.\",\n level: ToolLevel.Read,\n inputSchema: { clientId: z.string() },\n annotations: {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler(args) {\n const mappers = await new ListClientMappersUseCase(\n deps.clientRepository,\n deps.clientScopeRepository,\n ).execute(ClientId.fromString(String(args.clientId)));\n return textResult(\n mappers === null\n ? \"Client not found.\"\n : JSON.stringify(mappers, null, 2),\n );\n },\n };\n}\n\nfunction assignScopeTool(deps: ClientScopeToolDeps): ToolDefinition {\n return {\n name: \"keycloak_client_scope_assign\",\n title: \"Assign a default scope to a client\",\n description: \"Add a default client scope to a client.\",\n level: ToolLevel.Write,\n inputSchema: { clientId: z.string(), scope: z.string() },\n annotations: {\n readOnlyHint: false,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler(args) {\n const result = await new AssignClientScopeUseCase(\n deps.clientRepository,\n deps.clientScopeRepository,\n ).execute({\n clientId: ClientId.fromString(String(args.clientId)),\n scope: ClientScopeName.fromString(String(args.scope)),\n });\n return textResult(\n result.assigned\n ? `Scope \"${String(args.scope)}\" assigned.`\n : `Not assigned: ${result.reason ?? \"unknown reason\"}`,\n );\n },\n };\n}\n\nfunction unassignScopeTool(deps: ClientScopeToolDeps): ToolDefinition {\n return {\n name: \"keycloak_client_scope_unassign\",\n title: \"Remove a default scope from a client\",\n description:\n \"Remove a default client scope from a client. Requires confirmation.\",\n level: ToolLevel.Destructive,\n inputSchema: {\n clientId: z.string(),\n scope: z.string(),\n confirm: z.boolean().optional(),\n },\n annotations: {\n readOnlyHint: false,\n destructiveHint: true,\n idempotentHint: false,\n },\n async handler(args) {\n const confirmer = deps.confirmers.create(args.confirm === true);\n const result = await new RemoveClientScopeUseCase(\n deps.clientRepository,\n deps.clientScopeRepository,\n confirmer,\n ).execute({\n clientId: ClientId.fromString(String(args.clientId)),\n scope: ClientScopeName.fromString(String(args.scope)),\n });\n return textResult(\n result.removed\n ? `Scope \"${String(args.scope)}\" removed.`\n : `Not removed: ${result.reason ?? \"unknown reason\"}`,\n );\n },\n };\n}\n\nexport function buildClientScopeTools(\n deps: ClientScopeToolDeps,\n): ToolDefinition[] {\n return [\n listScopesTool(deps),\n defaultScopesTool(deps),\n listMappersTool(deps),\n assignScopeTool(deps),\n unassignScopeTool(deps),\n ];\n}\n","import type { ClientRepository } from \"../../domain/ports/client-repository.js\";\nimport type { ClientScopeRepository } from \"../../domain/ports/client-scope-repository.js\";\nimport type { ClientId } from \"../../domain/shared/client-id.js\";\nimport type { ClientScopeName } from \"../../domain/shared/client-scope-name.js\";\n\nexport interface AssignClientScopeInput {\n readonly clientId: ClientId;\n readonly scope: ClientScopeName;\n}\n\nexport interface AssignClientScopeResult {\n readonly assigned: boolean;\n readonly reason?: string;\n}\n\nexport class AssignClientScopeUseCase {\n constructor(\n private readonly clients: ClientRepository,\n private readonly scopes: ClientScopeRepository,\n ) {}\n\n async execute(\n input: AssignClientScopeInput,\n ): Promise<AssignClientScopeResult> {\n const client = await this.clients.findByClientId(input.clientId);\n if (client === null) {\n return { assigned: false, reason: \"Client not found\" };\n }\n const scope = await this.scopes.findScopeByName(input.scope);\n if (scope === null) {\n return { assigned: false, reason: \"Scope not found\" };\n }\n await this.scopes.assignDefaultScope(client.uuid, scope.id);\n return { assigned: true };\n }\n}\n","import type { ClientScope } from \"../../domain/clientscope/client-scope.js\";\nimport type { ClientRepository } from \"../../domain/ports/client-repository.js\";\nimport type { ClientScopeRepository } from \"../../domain/ports/client-scope-repository.js\";\nimport type { ClientId } from \"../../domain/shared/client-id.js\";\n\nexport class GetClientDefaultScopesUseCase {\n constructor(\n private readonly clients: ClientRepository,\n private readonly scopes: ClientScopeRepository,\n ) {}\n\n async execute(clientId: ClientId): Promise<ClientScope[] | null> {\n const client = await this.clients.findByClientId(clientId);\n if (client === null) {\n return null;\n }\n return this.scopes.defaultScopes(client.uuid);\n }\n}\n","import type { ProtocolMapper } from \"../../domain/clientscope/client-scope.js\";\nimport type { ClientRepository } from \"../../domain/ports/client-repository.js\";\nimport type { ClientScopeRepository } from \"../../domain/ports/client-scope-repository.js\";\nimport type { ClientId } from \"../../domain/shared/client-id.js\";\n\nexport class ListClientMappersUseCase {\n constructor(\n private readonly clients: ClientRepository,\n private readonly scopes: ClientScopeRepository,\n ) {}\n\n async execute(clientId: ClientId): Promise<ProtocolMapper[] | null> {\n const client = await this.clients.findByClientId(clientId);\n if (client === null) {\n return null;\n }\n return this.scopes.listMappers(client.uuid);\n }\n}\n","import type { ClientScope } from \"../../domain/clientscope/client-scope.js\";\nimport type { ClientScopeRepository } from \"../../domain/ports/client-scope-repository.js\";\n\nexport class ListClientScopesUseCase {\n constructor(private readonly scopes: ClientScopeRepository) {}\n\n execute(): Promise<ClientScope[]> {\n return this.scopes.listScopes();\n }\n}\n","import { ensureNonBlank } from \"../shared/guards.js\";\n\n/**\n * A destructive operation awaiting confirmation, carrying a concrete,\n * human-readable description of its impact.\n */\nexport class DestructiveOperation {\n private constructor(\n private readonly summary: string,\n private readonly impact: string,\n ) {}\n\n static of(summary: string, impact: string): DestructiveOperation {\n return new DestructiveOperation(\n ensureNonBlank(summary, \"summary\"),\n ensureNonBlank(impact, \"impact\"),\n );\n }\n\n describe(): string {\n return `${this.summary}\\n\\n${this.impact}`;\n }\n}\n","import { DestructiveOperation } from \"../../domain/policy/destructive-operation.js\";\nimport type { Confirmer } from \"../../domain/ports/confirmer.js\";\nimport type { ClientRepository } from \"../../domain/ports/client-repository.js\";\nimport type { ClientScopeRepository } from \"../../domain/ports/client-scope-repository.js\";\nimport type { ClientId } from \"../../domain/shared/client-id.js\";\nimport type { ClientScopeName } from \"../../domain/shared/client-scope-name.js\";\n\nexport interface RemoveClientScopeInput {\n readonly clientId: ClientId;\n readonly scope: ClientScopeName;\n}\n\nexport interface RemoveClientScopeResult {\n readonly removed: boolean;\n readonly reason?: string;\n}\n\nexport class RemoveClientScopeUseCase {\n constructor(\n private readonly clients: ClientRepository,\n private readonly scopes: ClientScopeRepository,\n private readonly confirmer: Confirmer,\n ) {}\n\n async execute(\n input: RemoveClientScopeInput,\n ): Promise<RemoveClientScopeResult> {\n const client = await this.clients.findByClientId(input.clientId);\n if (client === null) {\n return { removed: false, reason: \"Client not found\" };\n }\n const scope = await this.scopes.findScopeByName(input.scope);\n if (scope === null) {\n return { removed: false, reason: \"Scope not found\" };\n }\n\n const operation = DestructiveOperation.of(\n `Remove default scope ${input.scope.toString()} from client ${input.clientId.toString()}`,\n \"The client stops emitting the claims and roles this scope contributes \" +\n \"to its tokens.\",\n );\n if (!(await this.confirmer.confirm(operation))) {\n return { removed: false, reason: \"Operation not confirmed\" };\n }\n\n await this.scopes.removeDefaultScope(client.uuid, scope.id);\n return { removed: true };\n }\n}\n","import { z } from \"zod\";\n\nimport { GetClientSecretUseCase } from \"../../application/clients/get-client-secret.use-case.js\";\nimport { GetClientUseCase } from \"../../application/clients/get-client.use-case.js\";\nimport { ListClientsUseCase } from \"../../application/clients/list-clients.use-case.js\";\nimport { RegenerateClientSecretUseCase } from \"../../application/clients/regenerate-client-secret.use-case.js\";\nimport type { ClientSummary } from \"../../domain/client/client-summary.js\";\nimport type { ClientRepository } from \"../../domain/ports/client-repository.js\";\nimport { ToolLevel } from \"../../domain/policy/tool-level.js\";\nimport { ClientId } from \"../../domain/shared/client-id.js\";\nimport type { ConfirmerFactory } from \"./confirmation/confirmer-factory.js\";\nimport { type ToolDefinition, textResult } from \"./tool-definition.js\";\n\nexport interface ClientToolDeps {\n readonly clientRepository: ClientRepository;\n readonly confirmers: ConfirmerFactory;\n}\n\nfunction serializeClient(client: ClientSummary): Record<string, unknown> {\n return {\n uuid: client.uuid.toString(),\n clientId: client.clientId.toString(),\n enabled: client.enabled,\n publicClient: client.publicClient,\n };\n}\n\nfunction listClientsTool(deps: ClientToolDeps): ToolDefinition {\n return {\n name: \"keycloak_client_list\",\n title: \"List clients\",\n description: \"List the realm clients.\",\n level: ToolLevel.Read,\n inputSchema: {},\n annotations: {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler() {\n const clients = await new ListClientsUseCase(\n deps.clientRepository,\n ).execute();\n return textResult(JSON.stringify(clients.map(serializeClient), null, 2));\n },\n };\n}\n\nfunction getClientTool(deps: ClientToolDeps): ToolDefinition {\n return {\n name: \"keycloak_client_get\",\n title: \"Get client\",\n description: \"Fetch a client by its clientId.\",\n level: ToolLevel.Read,\n inputSchema: { clientId: z.string() },\n annotations: {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler(args) {\n const client = await new GetClientUseCase(deps.clientRepository).execute(\n ClientId.fromString(String(args.clientId)),\n );\n return textResult(\n client === null\n ? \"Client not found.\"\n : JSON.stringify(serializeClient(client), null, 2),\n );\n },\n };\n}\n\nfunction getClientSecretTool(deps: ClientToolDeps): ToolDefinition {\n return {\n name: \"keycloak_client_get_secret\",\n title: \"Get client secret\",\n description:\n \"Read a confidential client's secret. Masked unless reveal is true.\",\n level: ToolLevel.Read,\n inputSchema: { clientId: z.string(), reveal: z.boolean().optional() },\n annotations: {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler(args) {\n const secret = await new GetClientSecretUseCase(\n deps.clientRepository,\n ).execute(ClientId.fromString(String(args.clientId)));\n if (secret === null) {\n return textResult(\"Client not found.\");\n }\n return textResult(\n args.reveal === true ? secret.reveal() : secret.masked(),\n );\n },\n };\n}\n\nfunction regenerateClientSecretTool(deps: ClientToolDeps): ToolDefinition {\n return {\n name: \"keycloak_client_regenerate_secret\",\n title: \"Regenerate client secret\",\n description:\n \"Regenerate a confidential client's secret. Requires confirmation; the \" +\n \"old secret stops working.\",\n level: ToolLevel.Destructive,\n inputSchema: { clientId: z.string(), confirm: z.boolean().optional() },\n annotations: {\n readOnlyHint: false,\n destructiveHint: true,\n idempotentHint: false,\n },\n async handler(args) {\n const confirmer = deps.confirmers.create(args.confirm === true);\n const result = await new RegenerateClientSecretUseCase(\n deps.clientRepository,\n confirmer,\n ).execute(ClientId.fromString(String(args.clientId)));\n if (!result.regenerated || result.secret === undefined) {\n return textResult(\n `Not regenerated: ${result.reason ?? \"unknown reason\"}`,\n );\n }\n return textResult(`New secret: ${result.secret.reveal()}`);\n },\n };\n}\n\nexport function buildClientTools(deps: ClientToolDeps): ToolDefinition[] {\n return [\n listClientsTool(deps),\n getClientTool(deps),\n getClientSecretTool(deps),\n regenerateClientSecretTool(deps),\n ];\n}\n","import type { ClientRepository } from \"../../domain/ports/client-repository.js\";\nimport type { ClientId } from \"../../domain/shared/client-id.js\";\nimport type { ClientSecret } from \"../../domain/shared/client-secret.js\";\n\nexport class GetClientSecretUseCase {\n constructor(private readonly clients: ClientRepository) {}\n\n async execute(clientId: ClientId): Promise<ClientSecret | null> {\n const client = await this.clients.findByClientId(clientId);\n if (client === null) {\n return null;\n }\n return this.clients.getSecret(client.uuid);\n }\n}\n","import type { ClientSummary } from \"../../domain/client/client-summary.js\";\nimport type { ClientRepository } from \"../../domain/ports/client-repository.js\";\nimport type { ClientId } from \"../../domain/shared/client-id.js\";\n\nexport class GetClientUseCase {\n constructor(private readonly clients: ClientRepository) {}\n\n execute(clientId: ClientId): Promise<ClientSummary | null> {\n return this.clients.findByClientId(clientId);\n }\n}\n","import type { ClientSummary } from \"../../domain/client/client-summary.js\";\nimport type { ClientRepository } from \"../../domain/ports/client-repository.js\";\n\nexport class ListClientsUseCase {\n constructor(private readonly clients: ClientRepository) {}\n\n execute(): Promise<ClientSummary[]> {\n return this.clients.list();\n }\n}\n","import { DestructiveOperation } from \"../../domain/policy/destructive-operation.js\";\nimport type { Confirmer } from \"../../domain/ports/confirmer.js\";\nimport type { ClientRepository } from \"../../domain/ports/client-repository.js\";\nimport type { ClientId } from \"../../domain/shared/client-id.js\";\nimport type { ClientSecret } from \"../../domain/shared/client-secret.js\";\n\nexport interface RegenerateClientSecretResult {\n readonly regenerated: boolean;\n readonly secret?: ClientSecret;\n readonly reason?: string;\n}\n\nexport class RegenerateClientSecretUseCase {\n constructor(\n private readonly clients: ClientRepository,\n private readonly confirmer: Confirmer,\n ) {}\n\n async execute(clientId: ClientId): Promise<RegenerateClientSecretResult> {\n const client = await this.clients.findByClientId(clientId);\n if (client === null) {\n return { regenerated: false, reason: \"Client not found\" };\n }\n\n const operation = DestructiveOperation.of(\n `Regenerate secret for client ${clientId.toString()}`,\n \"Any service still using the old secret will fail to authenticate until \" +\n \"it is updated with the new one.\",\n );\n if (!(await this.confirmer.confirm(operation))) {\n return { regenerated: false, reason: \"Operation not confirmed\" };\n }\n\n const secret = await this.clients.regenerateSecret(client.uuid);\n return { regenerated: true, secret };\n }\n}\n","import type { Confirmer } from \"../../../domain/ports/confirmer.js\";\nimport type { DestructiveOperation } from \"../../../domain/policy/destructive-operation.js\";\n\nexport interface ElicitRequest {\n readonly message: string;\n readonly requestedSchema: {\n type: \"object\";\n properties: Record<string, unknown>;\n required?: string[];\n };\n}\n\nexport interface ElicitResponse {\n readonly action: string;\n readonly content?: Record<string, unknown>;\n}\n\nexport type ElicitInput = (request: ElicitRequest) => Promise<ElicitResponse>;\n\n/**\n * Asks the user to confirm through the MCP elicitation flow. The operation is\n * approved only when the user accepts and ticks the confirmation box.\n */\nexport class ElicitationConfirmer implements Confirmer {\n constructor(private readonly elicit: ElicitInput) {}\n\n async confirm(operation: DestructiveOperation): Promise<boolean> {\n const response = await this.elicit({\n message: operation.describe(),\n requestedSchema: {\n type: \"object\",\n properties: {\n confirm: {\n type: \"boolean\",\n title: \"Confirm\",\n description: \"Proceed with this irreversible operation?\",\n },\n },\n required: [\"confirm\"],\n },\n });\n return response.action === \"accept\" && response.content?.confirm === true;\n }\n}\n","import type { Confirmer } from \"../../../domain/ports/confirmer.js\";\n\n/**\n * Fallback confirmer for clients without elicitation support: the operation is\n * approved only when the caller explicitly passed `confirm: true`.\n */\nexport class ParamConfirmer implements Confirmer {\n constructor(private readonly provided: boolean) {}\n\n confirm(): Promise<boolean> {\n return Promise.resolve(this.provided);\n }\n}\n","import type { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\n\nimport type { Confirmer } from \"../../../domain/ports/confirmer.js\";\nimport {\n ElicitationConfirmer,\n type ElicitRequest,\n type ElicitResponse,\n} from \"./elicitation-confirmer.js\";\nimport { ParamConfirmer } from \"./param-confirmer.js\";\n\nexport interface ConfirmerFactory {\n create(providedConfirm: boolean): Confirmer;\n}\n\n/**\n * Chooses the elicitation confirmer when the connected client advertises the\n * capability, otherwise falls back to the explicit `confirm` parameter.\n */\nexport class McpConfirmerFactory implements ConfirmerFactory {\n constructor(private readonly server: McpServer) {}\n\n create(providedConfirm: boolean): Confirmer {\n const capabilities = this.server.server.getClientCapabilities();\n if (capabilities?.elicitation !== undefined) {\n return new ElicitationConfirmer(\n (request: ElicitRequest) =>\n this.server.server.elicitInput(\n request as unknown as Parameters<\n McpServer[\"server\"][\"elicitInput\"]\n >[0],\n ) as unknown as Promise<ElicitResponse>,\n );\n }\n return new ParamConfirmer(providedConfirm);\n }\n}\n","import { z } from \"zod\";\n\nimport { GetAdminEventsUseCase } from \"../../application/events/get-admin-events.use-case.js\";\nimport { GetLoginEventsUseCase } from \"../../application/events/get-login-events.use-case.js\";\nimport { GetRealmConfigUseCase } from \"../../application/realm/get-realm-config.use-case.js\";\nimport { GetServerInfoUseCase } from \"../../application/realm/get-server-info.use-case.js\";\nimport type { EventQuery } from \"../../domain/event/events.js\";\nimport type { EventLog } from \"../../domain/ports/event-log.js\";\nimport type { RealmInfo } from \"../../domain/ports/realm-info.js\";\nimport { ToolLevel } from \"../../domain/policy/tool-level.js\";\nimport { type ToolDefinition, textResult } from \"./tool-definition.js\";\n\nexport interface EventRealmToolDeps {\n readonly eventLog: EventLog;\n readonly realmInfo: RealmInfo;\n}\n\nconst REALM_FIELDS = [\n \"realm\",\n \"enabled\",\n \"registrationAllowed\",\n \"resetPasswordAllowed\",\n \"verifyEmail\",\n \"loginWithEmailAllowed\",\n \"bruteForceProtected\",\n \"sslRequired\",\n \"accessTokenLifespan\",\n \"ssoSessionIdleTimeout\",\n \"ssoSessionMaxLifespan\",\n];\n\nconst READ_ANNOTATIONS = {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n} as const;\n\nfunction pick(\n record: Record<string, unknown>,\n keys: string[],\n): Record<string, unknown> {\n const out: Record<string, unknown> = {};\n for (const key of keys) {\n if (key in record) {\n out[key] = record[key];\n }\n }\n return out;\n}\n\nfunction serverSummary(info: Record<string, unknown>): Record<string, unknown> {\n const systemInfo = info.systemInfo;\n const version =\n typeof systemInfo === \"object\" &&\n systemInfo !== null &&\n \"version\" in systemInfo\n ? (systemInfo as Record<string, unknown>).version\n : null;\n return { keycloakVersion: version };\n}\n\nfunction eventQuery(args: Record<string, unknown>): EventQuery {\n const query: { max: number; type?: string; user?: string } = {\n max: typeof args.max === \"number\" ? args.max : 20,\n };\n if (typeof args.type === \"string\") {\n query.type = args.type;\n }\n if (typeof args.user === \"string\") {\n query.user = args.user;\n }\n return query;\n}\n\nfunction loginEventsTool(deps: EventRealmToolDeps): ToolDefinition {\n return {\n name: \"keycloak_events_login\",\n title: \"List login events\",\n description: \"Read recent login events, optionally filtered.\",\n level: ToolLevel.Read,\n inputSchema: {\n max: z.number().int().min(1).max(500).optional(),\n type: z.string().optional(),\n user: z.string().optional(),\n },\n annotations: READ_ANNOTATIONS,\n async handler(args) {\n const events = await new GetLoginEventsUseCase(deps.eventLog).execute(\n eventQuery(args),\n );\n return textResult(JSON.stringify(events, null, 2));\n },\n };\n}\n\nfunction adminEventsTool(deps: EventRealmToolDeps): ToolDefinition {\n return {\n name: \"keycloak_events_admin\",\n title: \"List admin events\",\n description: \"Read recent admin events.\",\n level: ToolLevel.Read,\n inputSchema: { max: z.number().int().min(1).max(500).optional() },\n annotations: READ_ANNOTATIONS,\n async handler(args) {\n const events = await new GetAdminEventsUseCase(deps.eventLog).execute(\n eventQuery(args),\n );\n return textResult(JSON.stringify(events, null, 2));\n },\n };\n}\n\nfunction realmConfigTool(deps: EventRealmToolDeps): ToolDefinition {\n return {\n name: \"keycloak_realm_get_config\",\n title: \"Get realm configuration\",\n description: \"Read key realm configuration flags.\",\n level: ToolLevel.Read,\n inputSchema: {},\n annotations: READ_ANNOTATIONS,\n async handler() {\n const config = await new GetRealmConfigUseCase(deps.realmInfo).execute();\n return textResult(JSON.stringify(pick(config, REALM_FIELDS), null, 2));\n },\n };\n}\n\nfunction serverInfoTool(deps: EventRealmToolDeps): ToolDefinition {\n return {\n name: \"keycloak_server_info\",\n title: \"Get server info\",\n description: \"Read the Keycloak server version and profile.\",\n level: ToolLevel.Read,\n inputSchema: {},\n annotations: READ_ANNOTATIONS,\n async handler() {\n const info = await new GetServerInfoUseCase(deps.realmInfo).execute();\n return textResult(JSON.stringify(serverSummary(info), null, 2));\n },\n };\n}\n\nexport function buildEventRealmTools(\n deps: EventRealmToolDeps,\n): ToolDefinition[] {\n return [\n loginEventsTool(deps),\n adminEventsTool(deps),\n realmConfigTool(deps),\n serverInfoTool(deps),\n ];\n}\n","import type { EventLog } from \"../../domain/ports/event-log.js\";\nimport type { AdminEvent, EventQuery } from \"../../domain/event/events.js\";\n\nexport class GetAdminEventsUseCase {\n constructor(private readonly events: EventLog) {}\n\n execute(query: EventQuery): Promise<AdminEvent[]> {\n return this.events.adminEvents(query);\n }\n}\n","import type { EventLog } from \"../../domain/ports/event-log.js\";\nimport type { EventQuery, LoginEvent } from \"../../domain/event/events.js\";\n\nexport class GetLoginEventsUseCase {\n constructor(private readonly events: EventLog) {}\n\n execute(query: EventQuery): Promise<LoginEvent[]> {\n return this.events.loginEvents(query);\n }\n}\n","import type { RealmInfo } from \"../../domain/ports/realm-info.js\";\n\nexport class GetRealmConfigUseCase {\n constructor(private readonly realm: RealmInfo) {}\n\n execute(): Promise<Record<string, unknown>> {\n return this.realm.getRealmConfig();\n }\n}\n","import type { RealmInfo } from \"../../domain/ports/realm-info.js\";\n\nexport class GetServerInfoUseCase {\n constructor(private readonly realm: RealmInfo) {}\n\n execute(): Promise<Record<string, unknown>> {\n return this.realm.serverInfo();\n }\n}\n","import { z } from \"zod\";\n\nimport { GetFederationProviderUseCase } from \"../../application/federation/get-federation-provider.use-case.js\";\nimport { ListFederationProvidersUseCase } from \"../../application/federation/list-federation-providers.use-case.js\";\nimport { SyncFederationUseCase } from \"../../application/federation/sync-federation.use-case.js\";\nimport type { FederationProvider } from \"../../domain/federation/federation-provider.js\";\nimport type { FederationRepository } from \"../../domain/ports/federation-repository.js\";\nimport { ToolLevel } from \"../../domain/policy/tool-level.js\";\nimport { ComponentId } from \"../../domain/shared/component-id.js\";\nimport { type ToolDefinition, textResult } from \"./tool-definition.js\";\n\nexport interface FederationToolDeps {\n readonly federationRepository: FederationRepository;\n}\n\nfunction serializeProvider(\n provider: FederationProvider,\n): Record<string, unknown> {\n return {\n id: provider.id.toString(),\n name: provider.name,\n providerId: provider.providerId,\n };\n}\n\nfunction listFederationTool(deps: FederationToolDeps): ToolDefinition {\n return {\n name: \"keycloak_federation_list\",\n title: \"List user federation providers\",\n description: \"List the realm's user federation (LDAP/Kerberos) providers.\",\n level: ToolLevel.Read,\n inputSchema: {},\n annotations: {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler() {\n const providers = await new ListFederationProvidersUseCase(\n deps.federationRepository,\n ).execute();\n return textResult(\n JSON.stringify(providers.map(serializeProvider), null, 2),\n );\n },\n };\n}\n\nfunction getFederationTool(deps: FederationToolDeps): ToolDefinition {\n return {\n name: \"keycloak_federation_get\",\n title: \"Get a user federation provider\",\n description: \"Fetch a user federation provider by id.\",\n level: ToolLevel.Read,\n inputSchema: { id: z.string() },\n annotations: {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler(args) {\n const provider = await new GetFederationProviderUseCase(\n deps.federationRepository,\n ).execute(ComponentId.fromString(String(args.id)));\n return textResult(\n provider === null\n ? \"Federation provider not found.\"\n : JSON.stringify(serializeProvider(provider), null, 2),\n );\n },\n };\n}\n\nfunction syncFederationTool(deps: FederationToolDeps): ToolDefinition {\n return {\n name: \"keycloak_federation_sync\",\n title: \"Synchronize a user federation provider\",\n description:\n \"Trigger a user sync from a federation provider (full or changed).\",\n level: ToolLevel.Write,\n inputSchema: {\n id: z.string(),\n mode: z.enum([\"full\", \"changed\"]).optional(),\n },\n annotations: {\n readOnlyHint: false,\n destructiveHint: false,\n idempotentHint: false,\n },\n async handler(args) {\n const mode = args.mode === \"full\" ? \"full\" : \"changed\";\n const result = await new SyncFederationUseCase(\n deps.federationRepository,\n ).execute({ id: ComponentId.fromString(String(args.id)), mode });\n return textResult(JSON.stringify(result, null, 2));\n },\n };\n}\n\nexport function buildFederationTools(\n deps: FederationToolDeps,\n): ToolDefinition[] {\n return [\n listFederationTool(deps),\n getFederationTool(deps),\n syncFederationTool(deps),\n ];\n}\n","import type { FederationProvider } from \"../../domain/federation/federation-provider.js\";\nimport type { FederationRepository } from \"../../domain/ports/federation-repository.js\";\nimport type { ComponentId } from \"../../domain/shared/component-id.js\";\n\nexport class GetFederationProviderUseCase {\n constructor(private readonly federation: FederationRepository) {}\n\n execute(id: ComponentId): Promise<FederationProvider | null> {\n return this.federation.find(id);\n }\n}\n","import type { FederationProvider } from \"../../domain/federation/federation-provider.js\";\nimport type { FederationRepository } from \"../../domain/ports/federation-repository.js\";\n\nexport class ListFederationProvidersUseCase {\n constructor(private readonly federation: FederationRepository) {}\n\n execute(): Promise<FederationProvider[]> {\n return this.federation.list();\n }\n}\n","import type { FederationRepository } from \"../../domain/ports/federation-repository.js\";\nimport type {\n SyncMode,\n SyncResult,\n} from \"../../domain/federation/federation-provider.js\";\nimport type { ComponentId } from \"../../domain/shared/component-id.js\";\n\nexport interface SyncFederationInput {\n readonly id: ComponentId;\n readonly mode: SyncMode;\n}\n\nexport class SyncFederationUseCase {\n constructor(private readonly federation: FederationRepository) {}\n\n execute(input: SyncFederationInput): Promise<SyncResult> {\n return this.federation.sync(input.id, input.mode);\n }\n}\n","import { z } from \"zod\";\n\nimport { AddGroupMemberUseCase } from \"../../application/groups/add-group-member.use-case.js\";\nimport { AssignGroupRoleUseCase } from \"../../application/groups/assign-group-role.use-case.js\";\nimport { CreateGroupUseCase } from \"../../application/groups/create-group.use-case.js\";\nimport { DeleteGroupUseCase } from \"../../application/groups/delete-group.use-case.js\";\nimport { ListGroupMembersUseCase } from \"../../application/groups/list-group-members.use-case.js\";\nimport { ListGroupsUseCase } from \"../../application/groups/list-groups.use-case.js\";\nimport { ListUserGroupsUseCase } from \"../../application/groups/list-user-groups.use-case.js\";\nimport { RemoveGroupMemberUseCase } from \"../../application/groups/remove-group-member.use-case.js\";\nimport type { Group } from \"../../domain/group/group.js\";\nimport type { GroupRepository } from \"../../domain/ports/group-repository.js\";\nimport type { RoleRepository } from \"../../domain/ports/role-repository.js\";\nimport { ToolLevel } from \"../../domain/policy/tool-level.js\";\nimport { GroupId } from \"../../domain/shared/group-id.js\";\nimport { GroupName } from \"../../domain/shared/group-name.js\";\nimport { RoleName } from \"../../domain/shared/role-name.js\";\nimport { UserId } from \"../../domain/shared/user-id.js\";\nimport type { User } from \"../../domain/user/user.js\";\nimport type { ConfirmerFactory } from \"./confirmation/confirmer-factory.js\";\nimport { type ToolDefinition, textResult } from \"./tool-definition.js\";\n\nexport interface GroupToolDeps {\n readonly groupRepository: GroupRepository;\n readonly roleRepository: RoleRepository;\n readonly confirmers: ConfirmerFactory;\n}\n\nfunction serializeGroup(group: Group): Record<string, unknown> {\n return {\n id: group.id.toString(),\n name: group.name.toString(),\n path: group.path,\n };\n}\n\nfunction serializeUser(user: User): Record<string, unknown> {\n return {\n id: user.id.toString(),\n username: user.username.toString(),\n email: user.email?.toString() ?? null,\n enabled: user.enabled,\n };\n}\n\nfunction listGroupsTool(deps: GroupToolDeps): ToolDefinition {\n return {\n name: \"keycloak_group_list\",\n title: \"List groups\",\n description: \"List the realm's top-level groups.\",\n level: ToolLevel.Read,\n inputSchema: {},\n annotations: {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler() {\n const groups = await new ListGroupsUseCase(\n deps.groupRepository,\n ).execute();\n return textResult(JSON.stringify(groups.map(serializeGroup), null, 2));\n },\n };\n}\n\nfunction createGroupTool(deps: GroupToolDeps): ToolDefinition {\n return {\n name: \"keycloak_group_create\",\n title: \"Create group\",\n description: \"Create a top-level group.\",\n level: ToolLevel.Write,\n inputSchema: { name: z.string() },\n annotations: {\n readOnlyHint: false,\n destructiveHint: false,\n idempotentHint: false,\n },\n async handler(args) {\n await new CreateGroupUseCase(deps.groupRepository).execute(\n GroupName.fromString(String(args.name)),\n );\n return textResult(`Group \"${String(args.name)}\" created.`);\n },\n };\n}\n\nfunction addGroupMemberTool(deps: GroupToolDeps): ToolDefinition {\n return {\n name: \"keycloak_group_member_add\",\n title: \"Add group member\",\n description: \"Add a user to a group.\",\n level: ToolLevel.Write,\n inputSchema: { groupId: z.string(), userId: z.string() },\n annotations: {\n readOnlyHint: false,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler(args) {\n await new AddGroupMemberUseCase(deps.groupRepository).execute({\n groupId: GroupId.fromString(String(args.groupId)),\n userId: UserId.fromString(String(args.userId)),\n });\n return textResult(\"User added to group.\");\n },\n };\n}\n\nfunction removeGroupMemberTool(deps: GroupToolDeps): ToolDefinition {\n return {\n name: \"keycloak_group_member_remove\",\n title: \"Remove group member\",\n description: \"Remove a user from a group. Requires confirmation.\",\n level: ToolLevel.Destructive,\n inputSchema: {\n groupId: z.string(),\n userId: z.string(),\n confirm: z.boolean().optional(),\n },\n annotations: {\n readOnlyHint: false,\n destructiveHint: true,\n idempotentHint: false,\n },\n async handler(args) {\n const confirmer = deps.confirmers.create(args.confirm === true);\n const result = await new RemoveGroupMemberUseCase(\n deps.groupRepository,\n confirmer,\n ).execute({\n groupId: GroupId.fromString(String(args.groupId)),\n userId: UserId.fromString(String(args.userId)),\n });\n return textResult(\n result.removed\n ? \"User removed from group.\"\n : `Not removed: ${result.reason ?? \"unknown reason\"}`,\n );\n },\n };\n}\n\nfunction deleteGroupTool(deps: GroupToolDeps): ToolDefinition {\n return {\n name: \"keycloak_group_delete\",\n title: \"Delete group\",\n description: \"Delete a group. Requires confirmation.\",\n level: ToolLevel.Destructive,\n inputSchema: { id: z.string(), confirm: z.boolean().optional() },\n annotations: {\n readOnlyHint: false,\n destructiveHint: true,\n idempotentHint: false,\n },\n async handler(args) {\n const confirmer = deps.confirmers.create(args.confirm === true);\n const result = await new DeleteGroupUseCase(\n deps.groupRepository,\n confirmer,\n ).execute(GroupId.fromString(String(args.id)));\n return textResult(\n result.deleted\n ? \"Group deleted.\"\n : `Not deleted: ${result.reason ?? \"unknown reason\"}`,\n );\n },\n };\n}\n\nfunction assignGroupRoleTool(deps: GroupToolDeps): ToolDefinition {\n return {\n name: \"keycloak_group_role_assign\",\n title: \"Assign a realm role to a group\",\n description: \"Grant a realm role to a group (inherited by its members).\",\n level: ToolLevel.Write,\n inputSchema: { groupId: z.string(), role: z.string() },\n annotations: {\n readOnlyHint: false,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler(args) {\n const result = await new AssignGroupRoleUseCase(\n deps.roleRepository,\n deps.groupRepository,\n ).execute({\n groupId: GroupId.fromString(String(args.groupId)),\n role: RoleName.fromString(String(args.role)),\n });\n return textResult(\n result.assigned\n ? `Role \"${String(args.role)}\" assigned to group.`\n : `Not assigned: ${result.reason ?? \"unknown reason\"}`,\n );\n },\n };\n}\n\nfunction listGroupMembersTool(deps: GroupToolDeps): ToolDefinition {\n return {\n name: \"keycloak_group_members_list\",\n title: \"List group members\",\n description: \"List the users that are members of a group.\",\n level: ToolLevel.Read,\n inputSchema: { groupId: z.string() },\n annotations: {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler(args) {\n const members = await new ListGroupMembersUseCase(\n deps.groupRepository,\n ).execute(GroupId.fromString(String(args.groupId)));\n return textResult(JSON.stringify(members.map(serializeUser), null, 2));\n },\n };\n}\n\nfunction listUserGroupsTool(deps: GroupToolDeps): ToolDefinition {\n return {\n name: \"keycloak_user_groups_list\",\n title: \"List a user's groups\",\n description: \"List the groups a user belongs to.\",\n level: ToolLevel.Read,\n inputSchema: { userId: z.string() },\n annotations: {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler(args) {\n const groups = await new ListUserGroupsUseCase(\n deps.groupRepository,\n ).execute(UserId.fromString(String(args.userId)));\n return textResult(JSON.stringify(groups.map(serializeGroup), null, 2));\n },\n };\n}\n\nexport function buildGroupTools(deps: GroupToolDeps): ToolDefinition[] {\n return [\n listGroupsTool(deps),\n listGroupMembersTool(deps),\n listUserGroupsTool(deps),\n createGroupTool(deps),\n addGroupMemberTool(deps),\n assignGroupRoleTool(deps),\n removeGroupMemberTool(deps),\n deleteGroupTool(deps),\n ];\n}\n","import type { GroupRepository } from \"../../domain/ports/group-repository.js\";\nimport type { GroupId } from \"../../domain/shared/group-id.js\";\nimport type { UserId } from \"../../domain/shared/user-id.js\";\n\nexport interface AddGroupMemberInput {\n readonly groupId: GroupId;\n readonly userId: UserId;\n}\n\nexport class AddGroupMemberUseCase {\n constructor(private readonly groups: GroupRepository) {}\n\n execute(input: AddGroupMemberInput): Promise<void> {\n return this.groups.addMember(input.groupId, input.userId);\n }\n}\n","import type { GroupRepository } from \"../../domain/ports/group-repository.js\";\nimport type { RoleRepository } from \"../../domain/ports/role-repository.js\";\nimport type { GroupId } from \"../../domain/shared/group-id.js\";\nimport type { RoleName } from \"../../domain/shared/role-name.js\";\n\nexport interface AssignGroupRoleInput {\n readonly groupId: GroupId;\n readonly role: RoleName;\n}\n\nexport interface AssignGroupRoleResult {\n readonly assigned: boolean;\n readonly reason?: string;\n}\n\nexport class AssignGroupRoleUseCase {\n constructor(\n private readonly roles: RoleRepository,\n private readonly groups: GroupRepository,\n ) {}\n\n async execute(input: AssignGroupRoleInput): Promise<AssignGroupRoleResult> {\n const role = await this.roles.findRealmRole(input.role);\n if (role === null) {\n return { assigned: false, reason: \"Role not found\" };\n }\n await this.groups.assignRealmRole(input.groupId, role);\n return { assigned: true };\n }\n}\n","import type { GroupRepository } from \"../../domain/ports/group-repository.js\";\nimport type { GroupName } from \"../../domain/shared/group-name.js\";\n\nexport class CreateGroupUseCase {\n constructor(private readonly groups: GroupRepository) {}\n\n execute(name: GroupName): Promise<void> {\n return this.groups.create(name);\n }\n}\n","import { DestructiveOperation } from \"../../domain/policy/destructive-operation.js\";\nimport type { Confirmer } from \"../../domain/ports/confirmer.js\";\nimport type { GroupRepository } from \"../../domain/ports/group-repository.js\";\nimport type { GroupId } from \"../../domain/shared/group-id.js\";\n\nexport interface DeleteGroupResult {\n readonly deleted: boolean;\n readonly reason?: string;\n}\n\nexport class DeleteGroupUseCase {\n constructor(\n private readonly groups: GroupRepository,\n private readonly confirmer: Confirmer,\n ) {}\n\n async execute(id: GroupId): Promise<DeleteGroupResult> {\n const operation = DestructiveOperation.of(\n `Delete group ${id.toString()}`,\n \"Removes the group, its sub-groups, and every membership and role \" +\n \"mapping it carries. This is irreversible.\",\n );\n if (!(await this.confirmer.confirm(operation))) {\n return { deleted: false, reason: \"Operation not confirmed\" };\n }\n await this.groups.delete(id);\n return { deleted: true };\n }\n}\n","import type { GroupRepository } from \"../../domain/ports/group-repository.js\";\nimport type { GroupId } from \"../../domain/shared/group-id.js\";\nimport type { User } from \"../../domain/user/user.js\";\n\nexport class ListGroupMembersUseCase {\n constructor(private readonly groups: GroupRepository) {}\n\n execute(groupId: GroupId): Promise<User[]> {\n return this.groups.members(groupId);\n }\n}\n","import type { Group } from \"../../domain/group/group.js\";\nimport type { GroupRepository } from \"../../domain/ports/group-repository.js\";\n\nexport class ListGroupsUseCase {\n constructor(private readonly groups: GroupRepository) {}\n\n execute(): Promise<Group[]> {\n return this.groups.list();\n }\n}\n","import type { GroupRepository } from \"../../domain/ports/group-repository.js\";\nimport type { Group } from \"../../domain/group/group.js\";\nimport type { UserId } from \"../../domain/shared/user-id.js\";\n\nexport class ListUserGroupsUseCase {\n constructor(private readonly groups: GroupRepository) {}\n\n execute(userId: UserId): Promise<Group[]> {\n return this.groups.userGroups(userId);\n }\n}\n","import { DestructiveOperation } from \"../../domain/policy/destructive-operation.js\";\nimport type { Confirmer } from \"../../domain/ports/confirmer.js\";\nimport type { GroupRepository } from \"../../domain/ports/group-repository.js\";\nimport type { GroupId } from \"../../domain/shared/group-id.js\";\nimport type { UserId } from \"../../domain/shared/user-id.js\";\n\nexport interface RemoveGroupMemberInput {\n readonly groupId: GroupId;\n readonly userId: UserId;\n}\n\nexport interface RemoveGroupMemberResult {\n readonly removed: boolean;\n readonly reason?: string;\n}\n\nexport class RemoveGroupMemberUseCase {\n constructor(\n private readonly groups: GroupRepository,\n private readonly confirmer: Confirmer,\n ) {}\n\n async execute(\n input: RemoveGroupMemberInput,\n ): Promise<RemoveGroupMemberResult> {\n const operation = DestructiveOperation.of(\n `Remove user ${input.userId.toString()} from group ${input.groupId.toString()}`,\n \"The user loses every role and permission granted through this group.\",\n );\n if (!(await this.confirmer.confirm(operation))) {\n return { removed: false, reason: \"Operation not confirmed\" };\n }\n await this.groups.removeMember(input.groupId, input.userId);\n return { removed: true };\n }\n}\n","import { z } from \"zod\";\n\nimport { CreateIdentityProviderUseCase } from \"../../application/idp/create-identity-provider.use-case.js\";\nimport { DeleteIdentityProviderUseCase } from \"../../application/idp/delete-identity-provider.use-case.js\";\nimport { GetIdentityProviderUseCase } from \"../../application/idp/get-identity-provider.use-case.js\";\nimport { ListIdentityProvidersUseCase } from \"../../application/idp/list-identity-providers.use-case.js\";\nimport { ListIdpMappersUseCase } from \"../../application/idp/list-idp-mappers.use-case.js\";\nimport type { IdentityProvider } from \"../../domain/idp/identity-provider.js\";\nimport type { IdentityProviderRepository } from \"../../domain/ports/identity-provider-repository.js\";\nimport { ToolLevel } from \"../../domain/policy/tool-level.js\";\nimport { IdpAlias } from \"../../domain/shared/idp-alias.js\";\nimport type { ConfirmerFactory } from \"./confirmation/confirmer-factory.js\";\nimport { type ToolDefinition, textResult } from \"./tool-definition.js\";\n\nexport interface IdpToolDeps {\n readonly identityProviderRepository: IdentityProviderRepository;\n readonly confirmers: ConfirmerFactory;\n}\n\nfunction serializeIdp(idp: IdentityProvider): Record<string, unknown> {\n return {\n alias: idp.alias.toString(),\n providerId: idp.providerId,\n enabled: idp.enabled,\n displayName: idp.displayName,\n };\n}\n\nfunction readConfig(value: unknown): Record<string, string> {\n const config: Record<string, string> = {};\n if (value !== null && typeof value === \"object\") {\n for (const [key, entry] of Object.entries(\n value as Record<string, unknown>,\n )) {\n if (typeof entry === \"string\") {\n config[key] = entry;\n }\n }\n }\n return config;\n}\n\nfunction listIdpsTool(deps: IdpToolDeps): ToolDefinition {\n return {\n name: \"keycloak_idp_list\",\n title: \"List identity providers\",\n description: \"List the realm's identity providers.\",\n level: ToolLevel.Read,\n inputSchema: {},\n annotations: {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler() {\n const idps = await new ListIdentityProvidersUseCase(\n deps.identityProviderRepository,\n ).execute();\n return textResult(JSON.stringify(idps.map(serializeIdp), null, 2));\n },\n };\n}\n\nfunction getIdpTool(deps: IdpToolDeps): ToolDefinition {\n return {\n name: \"keycloak_idp_get\",\n title: \"Get identity provider\",\n description: \"Fetch an identity provider by alias.\",\n level: ToolLevel.Read,\n inputSchema: { alias: z.string() },\n annotations: {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler(args) {\n const idp = await new GetIdentityProviderUseCase(\n deps.identityProviderRepository,\n ).execute(IdpAlias.fromString(String(args.alias)));\n return textResult(\n idp === null\n ? \"Identity provider not found.\"\n : JSON.stringify(serializeIdp(idp), null, 2),\n );\n },\n };\n}\n\nfunction listIdpMappersTool(deps: IdpToolDeps): ToolDefinition {\n return {\n name: \"keycloak_idp_mappers_list\",\n title: \"List identity provider mappers\",\n description: \"List an identity provider's mappers.\",\n level: ToolLevel.Read,\n inputSchema: { alias: z.string() },\n annotations: {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler(args) {\n const mappers = await new ListIdpMappersUseCase(\n deps.identityProviderRepository,\n ).execute(IdpAlias.fromString(String(args.alias)));\n return textResult(JSON.stringify(mappers, null, 2));\n },\n };\n}\n\nfunction createIdpTool(deps: IdpToolDeps): ToolDefinition {\n return {\n name: \"keycloak_idp_create\",\n title: \"Create identity provider\",\n description:\n \"Create an identity provider. `config` carries provider-specific keys \" +\n \"(clientId, clientSecret, authorizationUrl, …).\",\n level: ToolLevel.Write,\n inputSchema: {\n alias: z.string(),\n providerId: z.string(),\n enabled: z.boolean().optional(),\n config: z.record(z.string(), z.string()).optional(),\n },\n annotations: {\n readOnlyHint: false,\n destructiveHint: false,\n idempotentHint: false,\n },\n async handler(args) {\n await new CreateIdentityProviderUseCase(\n deps.identityProviderRepository,\n ).execute({\n alias: IdpAlias.fromString(String(args.alias)),\n providerId: String(args.providerId),\n enabled: args.enabled !== false,\n config: readConfig(args.config),\n });\n return textResult(`Identity provider \"${String(args.alias)}\" created.`);\n },\n };\n}\n\nfunction deleteIdpTool(deps: IdpToolDeps): ToolDefinition {\n return {\n name: \"keycloak_idp_delete\",\n title: \"Delete identity provider\",\n description: \"Delete an identity provider. Requires confirmation.\",\n level: ToolLevel.Destructive,\n inputSchema: { alias: z.string(), confirm: z.boolean().optional() },\n annotations: {\n readOnlyHint: false,\n destructiveHint: true,\n idempotentHint: false,\n },\n async handler(args) {\n const confirmer = deps.confirmers.create(args.confirm === true);\n const result = await new DeleteIdentityProviderUseCase(\n deps.identityProviderRepository,\n confirmer,\n ).execute(IdpAlias.fromString(String(args.alias)));\n return textResult(\n result.deleted\n ? `Identity provider \"${String(args.alias)}\" deleted.`\n : `Not deleted: ${result.reason ?? \"unknown reason\"}`,\n );\n },\n };\n}\n\nexport function buildIdpTools(deps: IdpToolDeps): ToolDefinition[] {\n return [\n listIdpsTool(deps),\n getIdpTool(deps),\n listIdpMappersTool(deps),\n createIdpTool(deps),\n deleteIdpTool(deps),\n ];\n}\n","import type { IdentityProviderRepository } from \"../../domain/ports/identity-provider-repository.js\";\nimport type { NewIdentityProvider } from \"../../domain/idp/identity-provider.js\";\n\nexport class CreateIdentityProviderUseCase {\n constructor(private readonly idps: IdentityProviderRepository) {}\n\n execute(idp: NewIdentityProvider): Promise<void> {\n return this.idps.create(idp);\n }\n}\n","import { DestructiveOperation } from \"../../domain/policy/destructive-operation.js\";\nimport type { Confirmer } from \"../../domain/ports/confirmer.js\";\nimport type { IdentityProviderRepository } from \"../../domain/ports/identity-provider-repository.js\";\nimport type { IdpAlias } from \"../../domain/shared/idp-alias.js\";\n\nexport interface DeleteIdentityProviderResult {\n readonly deleted: boolean;\n readonly reason?: string;\n}\n\nexport class DeleteIdentityProviderUseCase {\n constructor(\n private readonly idps: IdentityProviderRepository,\n private readonly confirmer: Confirmer,\n ) {}\n\n async execute(alias: IdpAlias): Promise<DeleteIdentityProviderResult> {\n const operation = DestructiveOperation.of(\n `Delete identity provider ${alias.toString()}`,\n \"Users who authenticate through this provider can no longer log in via \" +\n \"it, and their federated links are removed. This is irreversible.\",\n );\n if (!(await this.confirmer.confirm(operation))) {\n return { deleted: false, reason: \"Operation not confirmed\" };\n }\n await this.idps.delete(alias);\n return { deleted: true };\n }\n}\n","import type { IdentityProvider } from \"../../domain/idp/identity-provider.js\";\nimport type { IdentityProviderRepository } from \"../../domain/ports/identity-provider-repository.js\";\nimport type { IdpAlias } from \"../../domain/shared/idp-alias.js\";\n\nexport class GetIdentityProviderUseCase {\n constructor(private readonly idps: IdentityProviderRepository) {}\n\n execute(alias: IdpAlias): Promise<IdentityProvider | null> {\n return this.idps.find(alias);\n }\n}\n","import type { IdentityProvider } from \"../../domain/idp/identity-provider.js\";\nimport type { IdentityProviderRepository } from \"../../domain/ports/identity-provider-repository.js\";\n\nexport class ListIdentityProvidersUseCase {\n constructor(private readonly idps: IdentityProviderRepository) {}\n\n execute(): Promise<IdentityProvider[]> {\n return this.idps.list();\n }\n}\n","import type { IdpMapper } from \"../../domain/idp/identity-provider.js\";\nimport type { IdentityProviderRepository } from \"../../domain/ports/identity-provider-repository.js\";\nimport type { IdpAlias } from \"../../domain/shared/idp-alias.js\";\n\nexport class ListIdpMappersUseCase {\n constructor(private readonly idps: IdentityProviderRepository) {}\n\n execute(alias: IdpAlias): Promise<IdpMapper[]> {\n return this.idps.listMappers(alias);\n }\n}\n","import { z } from \"zod\";\n\nimport { AssignUserRoleUseCase } from \"../../application/roles/assign-user-role.use-case.js\";\nimport { GetUserRolesUseCase } from \"../../application/roles/get-user-roles.use-case.js\";\nimport { ListRealmRolesUseCase } from \"../../application/roles/list-realm-roles.use-case.js\";\nimport { UnassignUserRoleUseCase } from \"../../application/roles/unassign-user-role.use-case.js\";\nimport type { RoleRepository } from \"../../domain/ports/role-repository.js\";\nimport { ToolLevel } from \"../../domain/policy/tool-level.js\";\nimport type { Role } from \"../../domain/role/role.js\";\nimport { RoleName } from \"../../domain/shared/role-name.js\";\nimport { UserId } from \"../../domain/shared/user-id.js\";\nimport type { ConfirmerFactory } from \"./confirmation/confirmer-factory.js\";\nimport { type ToolDefinition, textResult } from \"./tool-definition.js\";\n\nexport interface RoleToolDeps {\n readonly roleRepository: RoleRepository;\n readonly confirmers: ConfirmerFactory;\n}\n\nfunction serializeRole(role: Role): Record<string, unknown> {\n return {\n id: role.id,\n name: role.name.toString(),\n description: role.description,\n };\n}\n\nfunction listRealmRolesTool(deps: RoleToolDeps): ToolDefinition {\n return {\n name: \"keycloak_role_list\",\n title: \"List realm roles\",\n description: \"List the realm roles.\",\n level: ToolLevel.Read,\n inputSchema: {},\n annotations: {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler() {\n const roles = await new ListRealmRolesUseCase(\n deps.roleRepository,\n ).execute();\n return textResult(JSON.stringify(roles.map(serializeRole), null, 2));\n },\n };\n}\n\nfunction getUserRolesTool(deps: RoleToolDeps): ToolDefinition {\n return {\n name: \"keycloak_user_roles_get\",\n title: \"Get a user's realm roles\",\n description: \"List the realm roles assigned to a user.\",\n level: ToolLevel.Read,\n inputSchema: { userId: z.string() },\n annotations: {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler(args) {\n const roles = await new GetUserRolesUseCase(deps.roleRepository).execute(\n UserId.fromString(String(args.userId)),\n );\n return textResult(JSON.stringify(roles.map(serializeRole), null, 2));\n },\n };\n}\n\nfunction assignUserRoleTool(deps: RoleToolDeps): ToolDefinition {\n return {\n name: \"keycloak_user_role_assign\",\n title: \"Assign a realm role to a user\",\n description: \"Grant a realm role to a user.\",\n level: ToolLevel.Write,\n inputSchema: { userId: z.string(), role: z.string() },\n annotations: {\n readOnlyHint: false,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler(args) {\n const result = await new AssignUserRoleUseCase(\n deps.roleRepository,\n ).execute({\n userId: UserId.fromString(String(args.userId)),\n role: RoleName.fromString(String(args.role)),\n });\n return textResult(\n result.assigned\n ? `Role \"${String(args.role)}\" assigned.`\n : `Not assigned: ${result.reason ?? \"unknown reason\"}`,\n );\n },\n };\n}\n\nfunction unassignUserRoleTool(deps: RoleToolDeps): ToolDefinition {\n return {\n name: \"keycloak_user_role_unassign\",\n title: \"Remove a realm role from a user\",\n description: \"Revoke a realm role from a user. Requires confirmation.\",\n level: ToolLevel.Destructive,\n inputSchema: {\n userId: z.string(),\n role: z.string(),\n confirm: z.boolean().optional(),\n },\n annotations: {\n readOnlyHint: false,\n destructiveHint: true,\n idempotentHint: false,\n },\n async handler(args) {\n const confirmer = deps.confirmers.create(args.confirm === true);\n const result = await new UnassignUserRoleUseCase(\n deps.roleRepository,\n confirmer,\n ).execute({\n userId: UserId.fromString(String(args.userId)),\n role: RoleName.fromString(String(args.role)),\n });\n return textResult(\n result.removed\n ? `Role \"${String(args.role)}\" removed.`\n : `Not removed: ${result.reason ?? \"unknown reason\"}`,\n );\n },\n };\n}\n\nexport function buildRoleTools(deps: RoleToolDeps): ToolDefinition[] {\n return [\n listRealmRolesTool(deps),\n getUserRolesTool(deps),\n assignUserRoleTool(deps),\n unassignUserRoleTool(deps),\n ];\n}\n","import type { RoleRepository } from \"../../domain/ports/role-repository.js\";\nimport type { RoleName } from \"../../domain/shared/role-name.js\";\nimport type { UserId } from \"../../domain/shared/user-id.js\";\n\nexport interface AssignUserRoleInput {\n readonly userId: UserId;\n readonly role: RoleName;\n}\n\nexport interface AssignUserRoleResult {\n readonly assigned: boolean;\n readonly reason?: string;\n}\n\nexport class AssignUserRoleUseCase {\n constructor(private readonly roles: RoleRepository) {}\n\n async execute(input: AssignUserRoleInput): Promise<AssignUserRoleResult> {\n const role = await this.roles.findRealmRole(input.role);\n if (role === null) {\n return { assigned: false, reason: \"Role not found\" };\n }\n await this.roles.assignRealmRole(input.userId, role);\n return { assigned: true };\n }\n}\n","import type { RoleRepository } from \"../../domain/ports/role-repository.js\";\nimport type { Role } from \"../../domain/role/role.js\";\nimport type { UserId } from \"../../domain/shared/user-id.js\";\n\nexport class GetUserRolesUseCase {\n constructor(private readonly roles: RoleRepository) {}\n\n execute(userId: UserId): Promise<Role[]> {\n return this.roles.listUserRealmRoles(userId);\n }\n}\n","import type { RoleRepository } from \"../../domain/ports/role-repository.js\";\nimport type { Role } from \"../../domain/role/role.js\";\n\nexport class ListRealmRolesUseCase {\n constructor(private readonly roles: RoleRepository) {}\n\n execute(): Promise<Role[]> {\n return this.roles.listRealmRoles();\n }\n}\n","import { DestructiveOperation } from \"../../domain/policy/destructive-operation.js\";\nimport type { Confirmer } from \"../../domain/ports/confirmer.js\";\nimport type { RoleRepository } from \"../../domain/ports/role-repository.js\";\nimport type { RoleName } from \"../../domain/shared/role-name.js\";\nimport type { UserId } from \"../../domain/shared/user-id.js\";\n\nexport interface UnassignUserRoleInput {\n readonly userId: UserId;\n readonly role: RoleName;\n}\n\nexport interface UnassignUserRoleResult {\n readonly removed: boolean;\n readonly reason?: string;\n}\n\nexport class UnassignUserRoleUseCase {\n constructor(\n private readonly roles: RoleRepository,\n private readonly confirmer: Confirmer,\n ) {}\n\n async execute(input: UnassignUserRoleInput): Promise<UnassignUserRoleResult> {\n const role = await this.roles.findRealmRole(input.role);\n if (role === null) {\n return { removed: false, reason: \"Role not found\" };\n }\n\n const operation = DestructiveOperation.of(\n `Remove role ${role.name.toString()} from user ${input.userId.toString()}`,\n \"The user immediately loses every permission granted by this role.\",\n );\n if (!(await this.confirmer.confirm(operation))) {\n return { removed: false, reason: \"Operation not confirmed\" };\n }\n\n await this.roles.removeRealmRole(input.userId, role);\n return { removed: true };\n }\n}\n","import type { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\nimport type { CallToolResult } from \"@modelcontextprotocol/sdk/types.js\";\n\nimport type { ToolAccessPolicy } from \"../../domain/policy/tool-access-policy.js\";\nimport type { ToolDefinition } from \"./tool-definition.js\";\n\n/** Drops tools blocked by the read-only guardrail. */\nexport function filterTools(\n definitions: ToolDefinition[],\n policy: ToolAccessPolicy,\n): ToolDefinition[] {\n return definitions.filter(\n (definition) => !policy.isBlocked(definition.level),\n );\n}\n\nexport function registerTools(\n server: McpServer,\n definitions: ToolDefinition[],\n): void {\n for (const definition of definitions) {\n server.registerTool(\n definition.name,\n {\n title: definition.title,\n description: definition.description,\n inputSchema: definition.inputSchema,\n annotations: definition.annotations,\n },\n (args: Record<string, unknown>): Promise<CallToolResult> =>\n definition.handler(args).then((result) => ({ ...result })),\n );\n }\n}\n","import { z } from \"zod\";\n\nimport { CreateUserUseCase } from \"../../application/users/create-user.use-case.js\";\nimport { DeleteUserUseCase } from \"../../application/users/delete-user.use-case.js\";\nimport { GetUserUseCase } from \"../../application/users/get-user.use-case.js\";\nimport { ListUserSessionsUseCase } from \"../../application/users/list-user-sessions.use-case.js\";\nimport { LogoutUserUseCase } from \"../../application/users/logout-user.use-case.js\";\nimport { ResetUserPasswordUseCase } from \"../../application/users/reset-user-password.use-case.js\";\nimport { SearchUsersUseCase } from \"../../application/users/search-users.use-case.js\";\nimport { SendActionEmailUseCase } from \"../../application/users/send-action-email.use-case.js\";\nimport { SetUserEnabledUseCase } from \"../../application/users/set-user-enabled.use-case.js\";\nimport { UpdateUserUseCase } from \"../../application/users/update-user.use-case.js\";\nimport type { UserRepository } from \"../../domain/ports/user-repository.js\";\nimport type { UserUpdate } from \"../../domain/user/user-update.js\";\nimport { ToolLevel } from \"../../domain/policy/tool-level.js\";\nimport { ActionEmailType } from \"../../domain/shared/action-email-type.js\";\nimport { Email } from \"../../domain/shared/email.js\";\nimport { Password } from \"../../domain/shared/password.js\";\nimport { UserId } from \"../../domain/shared/user-id.js\";\nimport { Username } from \"../../domain/shared/username.js\";\nimport type { NewUser } from \"../../domain/user/new-user.js\";\nimport type { User } from \"../../domain/user/user.js\";\nimport type { UserSearchCriteria } from \"../../domain/user/user-search-criteria.js\";\nimport type { ConfirmerFactory } from \"./confirmation/confirmer-factory.js\";\nimport { type ToolDefinition, textResult } from \"./tool-definition.js\";\n\nexport interface UserToolDeps {\n readonly userRepository: UserRepository;\n readonly confirmers: ConfirmerFactory;\n}\n\nfunction serializeUser(user: User): Record<string, unknown> {\n return {\n id: user.id.toString(),\n username: user.username.toString(),\n email: user.email?.toString() ?? null,\n enabled: user.enabled,\n };\n}\n\nfunction buildCriteria(args: Record<string, unknown>): UserSearchCriteria {\n const criteria: {\n email?: Email;\n username?: Username;\n search?: string;\n first: number;\n max: number;\n } = {\n first: typeof args.first === \"number\" ? args.first : 0,\n max: typeof args.max === \"number\" ? args.max : 20,\n };\n if (typeof args.email === \"string\") {\n criteria.email = Email.fromString(args.email);\n }\n if (typeof args.username === \"string\") {\n criteria.username = Username.fromString(args.username);\n }\n if (typeof args.search === \"string\") {\n criteria.search = args.search;\n }\n return criteria;\n}\n\nfunction searchUsersTool(deps: UserToolDeps): ToolDefinition {\n return {\n name: \"keycloak_user_search\",\n title: \"Search users\",\n description: \"Search realm users by email, username or free text.\",\n level: ToolLevel.Read,\n inputSchema: {\n email: z.string().optional(),\n username: z.string().optional(),\n search: z.string().optional(),\n first: z.number().int().min(0).optional(),\n max: z.number().int().min(1).max(500).optional(),\n },\n annotations: {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler(args) {\n const users = await new SearchUsersUseCase(deps.userRepository).execute(\n buildCriteria(args),\n );\n return textResult(JSON.stringify(users.map(serializeUser), null, 2));\n },\n };\n}\n\nfunction getUserTool(deps: UserToolDeps): ToolDefinition {\n return {\n name: \"keycloak_user_get\",\n title: \"Get user\",\n description: \"Fetch a single user by id.\",\n level: ToolLevel.Read,\n inputSchema: { id: z.string() },\n annotations: {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler(args) {\n const user = await new GetUserUseCase(deps.userRepository).execute(\n UserId.fromString(String(args.id)),\n );\n return textResult(\n user === null\n ? \"User not found.\"\n : JSON.stringify(serializeUser(user), null, 2),\n );\n },\n };\n}\n\nfunction createUserTool(deps: UserToolDeps): ToolDefinition {\n return {\n name: \"keycloak_user_create\",\n title: \"Create user\",\n description: \"Create a realm user.\",\n level: ToolLevel.Write,\n inputSchema: {\n username: z.string(),\n email: z.string().optional(),\n enabled: z.boolean().optional(),\n emailVerified: z.boolean().optional(),\n },\n annotations: {\n readOnlyHint: false,\n destructiveHint: false,\n idempotentHint: false,\n },\n async handler(args) {\n const user: NewUser = {\n username: Username.fromString(String(args.username)),\n ...(typeof args.email === \"string\"\n ? { email: Email.fromString(args.email) }\n : {}),\n enabled: args.enabled !== false,\n emailVerified: args.emailVerified === true,\n };\n await new CreateUserUseCase(deps.userRepository).execute(user);\n return textResult(`User \"${user.username.toString()}\" created.`);\n },\n };\n}\n\nfunction setUserEnabledTool(deps: UserToolDeps): ToolDefinition {\n return {\n name: \"keycloak_user_set_enabled\",\n title: \"Enable or disable user\",\n description: \"Enable or disable a user account.\",\n level: ToolLevel.Write,\n inputSchema: { id: z.string(), enabled: z.boolean() },\n annotations: {\n readOnlyHint: false,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler(args) {\n const enabled = args.enabled === true;\n await new SetUserEnabledUseCase(deps.userRepository).execute({\n id: UserId.fromString(String(args.id)),\n enabled,\n });\n return textResult(\n `User ${String(args.id)} ${enabled ? \"enabled\" : \"disabled\"}.`,\n );\n },\n };\n}\n\nfunction sendActionEmailTool(deps: UserToolDeps): ToolDefinition {\n return {\n name: \"keycloak_user_send_action_email\",\n title: \"Send action email\",\n description:\n \"Send a required-actions email (e.g. VERIFY_EMAIL, UPDATE_PASSWORD).\",\n level: ToolLevel.Write,\n inputSchema: { id: z.string(), actions: z.array(z.string()) },\n annotations: {\n readOnlyHint: false,\n destructiveHint: false,\n idempotentHint: false,\n },\n async handler(args) {\n const raw = Array.isArray(args.actions) ? args.actions : [];\n const actions = raw.map((action) =>\n ActionEmailType.fromString(String(action)),\n );\n await new SendActionEmailUseCase(deps.userRepository).execute({\n id: UserId.fromString(String(args.id)),\n actions,\n });\n return textResult(\"Action email sent.\");\n },\n };\n}\n\nfunction resetUserPasswordTool(deps: UserToolDeps): ToolDefinition {\n return {\n name: \"keycloak_user_reset_password\",\n title: \"Reset user password\",\n description: \"Set a new password for a user. Requires confirmation.\",\n level: ToolLevel.Destructive,\n inputSchema: {\n id: z.string(),\n password: z.string(),\n temporary: z.boolean().optional(),\n confirm: z.boolean().optional(),\n },\n annotations: {\n readOnlyHint: false,\n destructiveHint: true,\n idempotentHint: false,\n },\n async handler(args) {\n const confirmer = deps.confirmers.create(args.confirm === true);\n const result = await new ResetUserPasswordUseCase(\n deps.userRepository,\n confirmer,\n ).execute({\n id: UserId.fromString(String(args.id)),\n password: Password.fromString(String(args.password)),\n temporary: args.temporary === true,\n });\n return textResult(\n result.reset\n ? \"Password reset.\"\n : `Not reset: ${result.reason ?? \"unknown reason\"}`,\n );\n },\n };\n}\n\nfunction logoutUserTool(deps: UserToolDeps): ToolDefinition {\n return {\n name: \"keycloak_user_logout\",\n title: \"Log out user\",\n description: \"Revoke all of a user's sessions. Requires confirmation.\",\n level: ToolLevel.Destructive,\n inputSchema: { id: z.string(), confirm: z.boolean().optional() },\n annotations: {\n readOnlyHint: false,\n destructiveHint: true,\n idempotentHint: false,\n },\n async handler(args) {\n const confirmer = deps.confirmers.create(args.confirm === true);\n const result = await new LogoutUserUseCase(\n deps.userRepository,\n confirmer,\n ).execute({ id: UserId.fromString(String(args.id)) });\n return textResult(\n result.loggedOut\n ? \"User logged out.\"\n : `Not logged out: ${result.reason ?? \"unknown reason\"}`,\n );\n },\n };\n}\n\nfunction deleteUserTool(deps: UserToolDeps): ToolDefinition {\n return {\n name: \"keycloak_user_delete\",\n title: \"Delete user\",\n description:\n \"Permanently delete a user. Requires confirmation; the username must \" +\n \"match the target id.\",\n level: ToolLevel.Destructive,\n inputSchema: {\n id: z.string(),\n username: z.string(),\n confirm: z.boolean().optional(),\n },\n annotations: {\n readOnlyHint: false,\n destructiveHint: true,\n idempotentHint: false,\n },\n async handler(args) {\n const confirmer = deps.confirmers.create(args.confirm === true);\n const result = await new DeleteUserUseCase(\n deps.userRepository,\n confirmer,\n ).execute({\n id: UserId.fromString(String(args.id)),\n username: Username.fromString(String(args.username)),\n });\n if (!result.deleted) {\n return textResult(`Not deleted: ${result.reason ?? \"unknown reason\"}`);\n }\n return textResult(`User \"${String(args.username)}\" deleted.`);\n },\n };\n}\n\nfunction updateUserTool(deps: UserToolDeps): ToolDefinition {\n return {\n name: \"keycloak_user_update\",\n title: \"Update user\",\n description: \"Update a user's email, name or enabled flag.\",\n level: ToolLevel.Write,\n inputSchema: {\n id: z.string(),\n email: z.string().optional(),\n firstName: z.string().optional(),\n lastName: z.string().optional(),\n enabled: z.boolean().optional(),\n },\n annotations: {\n readOnlyHint: false,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler(args) {\n const changes: {\n email?: Email;\n firstName?: string;\n lastName?: string;\n enabled?: boolean;\n } = {};\n if (typeof args.email === \"string\") {\n changes.email = Email.fromString(args.email);\n }\n if (typeof args.firstName === \"string\") {\n changes.firstName = args.firstName;\n }\n if (typeof args.lastName === \"string\") {\n changes.lastName = args.lastName;\n }\n if (typeof args.enabled === \"boolean\") {\n changes.enabled = args.enabled;\n }\n await new UpdateUserUseCase(deps.userRepository).execute({\n id: UserId.fromString(String(args.id)),\n changes: changes satisfies UserUpdate,\n });\n return textResult(`User ${String(args.id)} updated.`);\n },\n };\n}\n\nfunction listUserSessionsTool(deps: UserToolDeps): ToolDefinition {\n return {\n name: \"keycloak_user_sessions_list\",\n title: \"List user sessions\",\n description: \"List a user's active sessions.\",\n level: ToolLevel.Read,\n inputSchema: { id: z.string() },\n annotations: {\n readOnlyHint: true,\n destructiveHint: false,\n idempotentHint: true,\n },\n async handler(args) {\n const sessions = await new ListUserSessionsUseCase(\n deps.userRepository,\n ).execute(UserId.fromString(String(args.id)));\n return textResult(JSON.stringify(sessions, null, 2));\n },\n };\n}\n\nexport function buildUserTools(deps: UserToolDeps): ToolDefinition[] {\n return [\n searchUsersTool(deps),\n getUserTool(deps),\n listUserSessionsTool(deps),\n createUserTool(deps),\n updateUserTool(deps),\n setUserEnabledTool(deps),\n sendActionEmailTool(deps),\n resetUserPasswordTool(deps),\n logoutUserTool(deps),\n deleteUserTool(deps),\n ];\n}\n","import type { UserRepository } from \"../../domain/ports/user-repository.js\";\nimport type { NewUser } from \"../../domain/user/new-user.js\";\n\nexport class CreateUserUseCase {\n constructor(private readonly users: UserRepository) {}\n\n execute(user: NewUser): Promise<void> {\n return this.users.create(user);\n }\n}\n","import { DestructiveOperation } from \"../../domain/policy/destructive-operation.js\";\nimport type { Confirmer } from \"../../domain/ports/confirmer.js\";\nimport type { UserRepository } from \"../../domain/ports/user-repository.js\";\nimport type { UserId } from \"../../domain/shared/user-id.js\";\nimport type { Username } from \"../../domain/shared/username.js\";\n\nexport interface DeleteUserInput {\n readonly id: UserId;\n /** Must match the stored user; guards against deleting the wrong id. */\n readonly username: Username;\n}\n\nexport interface DeleteUserResult {\n readonly deleted: boolean;\n readonly reason?: string;\n}\n\nexport class DeleteUserUseCase {\n constructor(\n private readonly users: UserRepository,\n private readonly confirmer: Confirmer,\n ) {}\n\n async execute(input: DeleteUserInput): Promise<DeleteUserResult> {\n const user = await this.users.findById(input.id);\n if (user === null) {\n return { deleted: false, reason: \"User not found\" };\n }\n if (!user.username.equals(input.username)) {\n return {\n deleted: false,\n reason: \"Username does not match the target user\",\n };\n }\n\n const sessions = await this.users.countActiveSessions(input.id);\n const email = user.email === null ? \"\" : ` (${user.email.toString()})`;\n const operation = DestructiveOperation.of(\n `Delete user ${user.username.toString()}`,\n `Permanently deletes the account${email} and revokes ${sessions} active ` +\n `session(s). This is irreversible.`,\n );\n\n if (!(await this.confirmer.confirm(operation))) {\n return { deleted: false, reason: \"Operation not confirmed\" };\n }\n\n await this.users.delete(input.id);\n return { deleted: true };\n }\n}\n","import type { UserRepository } from \"../../domain/ports/user-repository.js\";\nimport type { UserId } from \"../../domain/shared/user-id.js\";\nimport type { User } from \"../../domain/user/user.js\";\n\nexport class GetUserUseCase {\n constructor(private readonly users: UserRepository) {}\n\n execute(id: UserId): Promise<User | null> {\n return this.users.findById(id);\n }\n}\n","import type { UserRepository } from \"../../domain/ports/user-repository.js\";\nimport type { UserId } from \"../../domain/shared/user-id.js\";\nimport type { UserSession } from \"../../domain/user/user-session.js\";\n\nexport class ListUserSessionsUseCase {\n constructor(private readonly users: UserRepository) {}\n\n execute(id: UserId): Promise<UserSession[]> {\n return this.users.listSessions(id);\n }\n}\n","import { DestructiveOperation } from \"../../domain/policy/destructive-operation.js\";\nimport type { Confirmer } from \"../../domain/ports/confirmer.js\";\nimport type { UserRepository } from \"../../domain/ports/user-repository.js\";\nimport type { UserId } from \"../../domain/shared/user-id.js\";\n\nexport interface LogoutUserInput {\n readonly id: UserId;\n}\n\nexport interface LogoutUserResult {\n readonly loggedOut: boolean;\n readonly reason?: string;\n}\n\nexport class LogoutUserUseCase {\n constructor(\n private readonly users: UserRepository,\n private readonly confirmer: Confirmer,\n ) {}\n\n async execute(input: LogoutUserInput): Promise<LogoutUserResult> {\n const user = await this.users.findById(input.id);\n if (user === null) {\n return { loggedOut: false, reason: \"User not found\" };\n }\n\n const sessions = await this.users.countActiveSessions(input.id);\n const operation = DestructiveOperation.of(\n `Log out ${user.username.toString()}`,\n `Revokes ${String(sessions)} active session(s); the user must sign in again.`,\n );\n if (!(await this.confirmer.confirm(operation))) {\n return { loggedOut: false, reason: \"Operation not confirmed\" };\n }\n\n await this.users.logout(input.id);\n return { loggedOut: true };\n }\n}\n","import { DestructiveOperation } from \"../../domain/policy/destructive-operation.js\";\nimport type { Confirmer } from \"../../domain/ports/confirmer.js\";\nimport type { UserRepository } from \"../../domain/ports/user-repository.js\";\nimport type { Password } from \"../../domain/shared/password.js\";\nimport type { UserId } from \"../../domain/shared/user-id.js\";\n\nexport interface ResetUserPasswordInput {\n readonly id: UserId;\n readonly password: Password;\n readonly temporary: boolean;\n}\n\nexport interface ResetUserPasswordResult {\n readonly reset: boolean;\n readonly reason?: string;\n}\n\nexport class ResetUserPasswordUseCase {\n constructor(\n private readonly users: UserRepository,\n private readonly confirmer: Confirmer,\n ) {}\n\n async execute(\n input: ResetUserPasswordInput,\n ): Promise<ResetUserPasswordResult> {\n const user = await this.users.findById(input.id);\n if (user === null) {\n return { reset: false, reason: \"User not found\" };\n }\n\n const operation = DestructiveOperation.of(\n `Reset password for ${user.username.toString()}`,\n `The current password stops working immediately${\n input.temporary ? \" and the user must set a new one at next login\" : \"\"\n }.`,\n );\n if (!(await this.confirmer.confirm(operation))) {\n return { reset: false, reason: \"Operation not confirmed\" };\n }\n\n await this.users.resetPassword(input.id, input.password, input.temporary);\n return { reset: true };\n }\n}\n","import type { UserRepository } from \"../../domain/ports/user-repository.js\";\nimport type { User } from \"../../domain/user/user.js\";\nimport type { UserSearchCriteria } from \"../../domain/user/user-search-criteria.js\";\n\nexport class SearchUsersUseCase {\n constructor(private readonly users: UserRepository) {}\n\n execute(criteria: UserSearchCriteria): Promise<User[]> {\n return this.users.search(criteria);\n }\n}\n","import type { UserRepository } from \"../../domain/ports/user-repository.js\";\nimport type { ActionEmailType } from \"../../domain/shared/action-email-type.js\";\nimport type { UserId } from \"../../domain/shared/user-id.js\";\n\nexport interface SendActionEmailInput {\n readonly id: UserId;\n readonly actions: ActionEmailType[];\n}\n\nexport class SendActionEmailUseCase {\n constructor(private readonly users: UserRepository) {}\n\n execute(input: SendActionEmailInput): Promise<void> {\n return this.users.sendActionsEmail(input.id, input.actions);\n }\n}\n","import type { UserRepository } from \"../../domain/ports/user-repository.js\";\nimport type { UserId } from \"../../domain/shared/user-id.js\";\n\nexport interface SetUserEnabledInput {\n readonly id: UserId;\n readonly enabled: boolean;\n}\n\nexport class SetUserEnabledUseCase {\n constructor(private readonly users: UserRepository) {}\n\n execute(input: SetUserEnabledInput): Promise<void> {\n return this.users.setEnabled(input.id, input.enabled);\n }\n}\n","import type { UserRepository } from \"../../domain/ports/user-repository.js\";\nimport type { UserId } from \"../../domain/shared/user-id.js\";\nimport type { UserUpdate } from \"../../domain/user/user-update.js\";\n\nexport interface UpdateUserInput {\n readonly id: UserId;\n readonly changes: UserUpdate;\n}\n\nexport class UpdateUserUseCase {\n constructor(private readonly users: UserRepository) {}\n\n execute(input: UpdateUserInput): Promise<void> {\n return this.users.update(input.id, input.changes);\n }\n}\n","const ACTIONS = [\n \"VERIFY_EMAIL\",\n \"UPDATE_PASSWORD\",\n \"UPDATE_PROFILE\",\n \"CONFIGURE_TOTP\",\n] as const;\n\nexport type ActionEmailValue = (typeof ACTIONS)[number];\n\nexport class ActionEmailType {\n private constructor(private readonly value: ActionEmailValue) {}\n\n static fromString(value: string): ActionEmailType {\n const match = ACTIONS.find((action) => action === value);\n if (match === undefined) {\n throw new Error(`Unknown action email type: ${value}`);\n }\n return new ActionEmailType(match);\n }\n\n toString(): string {\n return this.value;\n }\n}\n","import { ensureNonBlank } from \"./guards.js\";\n\nexport class Password {\n private constructor(private readonly value: string) {}\n\n static fromString(value: string): Password {\n return new Password(ensureNonBlank(value, \"Password\"));\n }\n\n reveal(): string {\n return this.value;\n }\n\n /** Prevents accidental leakage through logging / serialization. */\n toString(): string {\n return \"[redacted]\";\n }\n\n toJSON(): string {\n return \"[redacted]\";\n }\n}\n"],"mappings":";;;AAAA,SAAS,4BAA4B;;;ACArC,SAAS,SAAS;AAElB,IAAM,aAAa,EAAE,OAAO;AAAA,EAC1B,mBAAmB,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACnC,gBAAgB,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAChC,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,gBAAgB,EAAE,OAAO,EAAE,SAAS;AACtC,CAAC;AAED,IAAM,aAAa,EAAE,mBAAmB,aAAa;AAAA,EACnD,EAAE,OAAO;AAAA,IACP,WAAW,EAAE,QAAQ,iBAAiB;AAAA,IACtC,cAAc,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC9B,kBAAkB,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACpC,CAAC;AAAA,EACD,EAAE,OAAO;AAAA,IACP,WAAW,EAAE,QAAQ,UAAU;AAAA,IAC/B,mBAAmB,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACnC,mBAAmB,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACnC,gBAAgB,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,QAAQ,QAAQ;AAAA,EACpD,CAAC;AACH,CAAC;AAED,IAAM,SAAS,EAAE,aAAa,YAAY,UAAU;AAmBpD,SAAS,YAAY,KAAmC;AACtD,MAAI,QAAQ,QAAW;AACrB,WAAO,CAAC;AAAA,EACV;AACA,SAAO,IACJ,MAAM,GAAG,EACT,IAAI,CAAC,UAAU,MAAM,KAAK,CAAC,EAC3B,OAAO,CAAC,UAAU,MAAM,SAAS,CAAC;AACvC;AAEA,SAAS,aAAa,QAA4C;AAChE,MAAI,OAAO,cAAc,mBAAmB;AAC1C,WAAO;AAAA,MACL,MAAM;AAAA,MACN,UAAU,OAAO;AAAA,MACjB,cAAc,OAAO;AAAA,IACvB;AAAA,EACF;AACA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,UAAU,OAAO;AAAA,IACjB,UAAU,OAAO;AAAA,IACjB,YAAY,OAAO;AAAA,EACrB;AACF;AAEO,SAAS,WAAW,KAAoD;AAC7E,QAAM,SAAS,OAAO,UAAU,GAAG;AACnC,MAAI,CAAC,OAAO,SAAS;AACnB,UAAM,UAAU,OAAO,MAAM,OAC1B,IAAI,CAAC,UAAU,GAAG,MAAM,KAAK,KAAK,GAAG,KAAK,QAAQ,KAAK,MAAM,OAAO,EAAE,EACtE,KAAK,IAAI;AACZ,UAAM,IAAI,MAAM,0BAA0B,OAAO,EAAE;AAAA,EACrD;AACA,QAAM,SAAS,OAAO;AACtB,SAAO;AAAA,IACL,SAAS,OAAO;AAAA,IAChB,OAAO,OAAO;AAAA,IACd,UAAU,OAAO,cAAc;AAAA,IAC/B,eAAe,YAAY,OAAO,cAAc;AAAA,IAChD,MAAM,aAAa,MAAM;AAAA,EAC3B;AACF;;;ACpFA,SAAS,iBAAiB;;;ACA1B,IAAM,eACJ;AAEK,SAAS,eAAe,OAAe,OAAuB;AACnE,QAAM,UAAU,MAAM,KAAK;AAC3B,MAAI,QAAQ,WAAW,GAAG;AACxB,UAAM,IAAI,MAAM,GAAG,KAAK,kBAAkB;AAAA,EAC5C;AACA,SAAO;AACT;AAEO,SAAS,WAAW,OAAe,OAAuB;AAC/D,QAAM,UAAU,MAAM,KAAK;AAC3B,MAAI,CAAC,aAAa,KAAK,OAAO,GAAG;AAC/B,UAAM,IAAI,MAAM,GAAG,KAAK,uBAAuB;AAAA,EACjD;AACA,SAAO;AACT;;;ACfO,IAAM,YAAN,MAAM,WAAU;AAAA,EACb,YAA6B,OAAe;AAAf;AAAA,EAAgB;AAAA,EAAhB;AAAA,EAErC,OAAO,WAAW,OAA0B;AAC1C,WAAO,IAAI,WAAU,eAAe,OAAO,WAAW,CAAC;AAAA,EACzD;AAAA,EAEA,WAAmB;AACjB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,OAAO,OAA2B;AAChC,WAAO,KAAK,UAAU,MAAM;AAAA,EAC9B;AACF;;;ACbO,IAAM,oBAAN,MAAM,mBAAkB;AAAA,EACrB,YAA6B,SAA+B;AAA/B;AAAA,EAAgC;AAAA,EAAhC;AAAA,EAErC,OAAO,GAAG,SAAkD;AAC1D,WAAO,IAAI,mBAAkB,OAAO;AAAA,EACtC;AAAA,EAEA,cAAc,OAAwB;AACpC,QAAI,KAAK,QAAQ,WAAW,GAAG;AAC7B;AAAA,IACF;AACA,QAAI,CAAC,KAAK,QAAQ,KAAK,CAAC,cAAc,UAAU,OAAO,KAAK,CAAC,GAAG;AAC9D,YAAM,IAAI,MAAM,UAAU,MAAM,SAAS,CAAC,kBAAkB;AAAA,IAC9D;AAAA,EACF;AACF;;;ACfO,IAAM,mBAAN,MAAM,kBAAiB;AAAA,EACpB,YAA6B,UAAmB;AAAnB;AAAA,EAAoB;AAAA,EAApB;AAAA,EAErC,OAAO,GAAG,UAAqC;AAC7C,WAAO,IAAI,kBAAiB,QAAQ;AAAA,EACtC;AAAA,EAEA,UAAU,OAA2B;AACnC,WAAO,KAAK,YAAY;AAAA,EAC1B;AACF;;;ACTA,IAAM,uBAAuB;AAQtB,IAAM,uBAAN,MAAoD;AAAA,EAIzD,YACmB,YACA,OACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EALX,SAA6B;AAAA,EAC7B,WAAwC;AAAA,EAOhD,WAAiC;AAC/B,UAAM,UAAU,KAAK;AACrB,QACE,YAAY,QACZ,CAAC,QAAQ,iBAAiB,sBAAsB,KAAK,MAAM,IAAI,CAAC,GAChE;AACA,aAAO,QAAQ,QAAQ,OAAO;AAAA,IAChC;AACA,SAAK,aAAa,KAAK,QAAQ;AAC/B,WAAO,KAAK;AAAA,EACd;AAAA,EAEQ,UAAgC;AACtC,WAAO,KAAK,WAAW,EACpB,KAAK,CAAC,UAAU;AACf,WAAK,SAAS;AACd,WAAK,WAAW;AAChB,aAAO;AAAA,IACT,CAAC,EACA,MAAM,CAAC,UAAmB;AACzB,WAAK,WAAW;AAChB,YAAM;AAAA,IACR,CAAC;AAAA,EACL;AACF;;;AC3CO,IAAM,cAAN,MAAM,aAAY;AAAA,EACf,YACW,OACA,WACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOnB,OAAO,MAAM,OAAe,WAAgC;AAC1D,WAAO,IAAI,aAAY,eAAe,OAAO,aAAa,GAAG,SAAS;AAAA,EACxE;AAAA,EAEA,WAAmB;AACjB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,iBAAiB,aAAqB,KAAsB;AAC1D,WAAO,KAAK,YAAY,OAAO;AAAA,EACjC;AACF;;;ACbO,SAAS,SAAS,SAAiB,OAAuB;AAC/D,SAAO,GAAG,OAAO,WAAW,KAAK;AACnC;AAEA,eAAsB,aACpB,SACA,KACA,MACA,OACsB;AACtB,QAAM,WAAW,MAAM,QAAQ,KAAK;AAAA,IAClC,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,IAC/D,MAAM,IAAI,gBAAgB,IAAI,EAAE,SAAS;AAAA,EAC3C,CAAC;AAED,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,IAAI;AAAA,MACR,gDAAgD,OAAO,SAAS,MAAM,CAAC;AAAA,IACzE;AAAA,EACF;AAEA,QAAM,OAAQ,MAAM,SAAS,KAAK;AAClC,QAAM,YAAY,MAAM,IAAI,IAAI,KAAK,aAAa;AAClD,SAAO,YAAY,MAAM,KAAK,cAAc,SAAS;AACvD;;;ACvBO,SAAS,gCACd,QACA,SACA,OACe;AACf,QAAM,MAAM,SAAS,OAAO,SAAS,OAAO,KAAK;AACjD,SAAO,IAAI;AAAA,IACT,MACE;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,QACE,YAAY;AAAA,QACZ,WAAW,OAAO;AAAA,QAClB,eAAe,OAAO;AAAA,MACxB;AAAA,MACA;AAAA,IACF;AAAA,IACF;AAAA,EACF;AACF;;;ACpBO,SAAS,uBACd,QACA,SACA,OACe;AACf,QAAM,MAAM,SAAS,OAAO,SAAS,OAAO,KAAK;AACjD,SAAO,IAAI;AAAA,IACT,MACE;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,QACE,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,UAAU,OAAO;AAAA,QACjB,UAAU,OAAO;AAAA,MACnB;AAAA,MACA;AAAA,IACF;AAAA,IACF;AAAA,EACF;AACF;;;AC/BO,IAAM,cAAqB;AAAA,EAChC,KAAK,MAAM,KAAK,IAAI;AACtB;;;ACJO,IAAM,gBAAN,cAA4B,MAAM;AAAA,EACvC,YACW,QACT,SACA;AACA,UAAM,OAAO;AAHJ;AAIT,SAAK,OAAO;AAAA,EACd;AAAA,EALW;AAMb;AAEA,SAAS,cAAc,MAA8B;AACnD,MAAI,OAAO,SAAS,YAAY,SAAS,MAAM;AAC7C,WAAO;AAAA,EACT;AACA,QAAM,SAAS;AACf,QAAM,YACJ,OAAO,gBAAgB,OAAO,qBAAqB,OAAO;AAC5D,SAAO,OAAO,cAAc,WAAW,YAAY;AACrD;AAEO,SAAS,wBACd,QACA,MACe;AACf,QAAM,SAAS,cAAc,IAAI;AACjC,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,IAAI,cAAc,KAAK,uBAAuB;AAAA,IACvD,KAAK;AACH,aAAO,IAAI;AAAA,QACT;AAAA,QACA;AAAA,MACF;AAAA,IACF,KAAK;AACH,aAAO,IAAI,cAAc,KAAK,oBAAoB;AAAA,IACpD,KAAK;AACH,aAAO,IAAI;AAAA,QACT;AAAA,QACA,WAAW,OACP,aAAa,MAAM,KACnB;AAAA,MACN;AAAA,IACF;AACE,aAAO,IAAI;AAAA,QACT;AAAA,QACA,WAAW,OACP,4BAA4B,MAAM,KAClC,iCAAiC,OAAO,MAAM,CAAC;AAAA,MACrD;AAAA,EACJ;AACF;;;ACzCA,IAAM,oBAAoB;AAEnB,IAAM,sBAAN,MAA0B;AAAA,EAC/B,YACmB,QACA,QACA,SACjB;AAHiB;AACA;AACA;AAAA,EAChB;AAAA,EAHgB;AAAA,EACA;AAAA,EACA;AAAA,EAGnB,MAAM,QACJ,MACA,QAAgC,CAAC,GACrB;AACZ,UAAM,WAAW,MAAM,KAAK,KAAK,OAAO,MAAM,KAAK;AACnD,WAAQ,MAAM,SAAS,KAAK;AAAA,EAC9B;AAAA,EAEA,MAAM,KAAK,MAAc,MAA+B;AACtD,UAAM,KAAK,KAAK,QAAQ,MAAM,CAAC,GAAG,IAAI;AAAA,EACxC;AAAA,EAEA,MAAM,SAAY,MAAc,MAA4B;AAC1D,UAAM,WAAW,MAAM,KAAK,KAAK,QAAQ,MAAM,CAAC,GAAG,IAAI;AACvD,WAAQ,MAAM,SAAS,KAAK;AAAA,EAC9B;AAAA,EAEA,MAAM,IAAI,MAAc,MAA+B;AACrD,UAAM,KAAK,KAAK,OAAO,MAAM,CAAC,GAAG,IAAI;AAAA,EACvC;AAAA,EAEA,MAAM,OAAO,MAAc,MAA+B;AACxD,UAAM,KAAK,KAAK,UAAU,MAAM,CAAC,GAAG,IAAI;AAAA,EAC1C;AAAA;AAAA,EAGA,MAAM,KACJ,MACA,QAAgC,CAAC,GACjC,WAAW,mBACG;AACd,UAAM,MAAW,CAAC;AAClB,QAAI,QAAQ;AACZ,eAAS;AACP,YAAM,OAAO,MAAM,KAAK,QAAa,MAAM;AAAA,QACzC,GAAG;AAAA,QACH,OAAO,OAAO,KAAK;AAAA,QACnB,KAAK,OAAO,QAAQ;AAAA,MACtB,CAAC;AACD,UAAI,KAAK,GAAG,IAAI;AAChB,UAAI,KAAK,SAAS,UAAU;AAC1B;AAAA,MACF;AACA,eAAS;AAAA,IACX;AACA,WAAO;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,aAAgB,WAA+B;AACnD,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MACA,GAAG,KAAK,OAAO,OAAO,SAAS,SAAS;AAAA,IAC1C;AACA,WAAQ,MAAM,SAAS,KAAK;AAAA,EAC9B;AAAA,EAEQ,IAAI,MAAc,OAAuC;AAC/D,UAAM,OAAO,GAAG,KAAK,OAAO,OAAO,iBAAiB,KAAK,OAAO,KAAK,GAAG,IAAI;AAC5E,UAAM,SAAS,IAAI,gBAAgB,KAAK,EAAE,SAAS;AACnD,WAAO,OAAO,WAAW,IAAI,OAAO,GAAG,IAAI,IAAI,MAAM;AAAA,EACvD;AAAA,EAEQ,KACN,QACA,MACA,OACA,MACmB;AACnB,WAAO,KAAK,QAAQ,QAAQ,KAAK,IAAI,MAAM,KAAK,GAAG,IAAI;AAAA,EACzD;AAAA,EAEA,MAAc,QACZ,QACA,KACA,MACA,UAAU,GACS;AACnB,UAAM,QAAQ,MAAM,KAAK,OAAO,SAAS;AACzC,UAAM,UAAkC;AAAA,MACtC,eAAe,UAAU,MAAM,SAAS,CAAC;AAAA,IAC3C;AACA,UAAM,OAAoB,EAAE,QAAQ,QAAQ;AAC5C,QAAI,SAAS,QAAW;AACtB,cAAQ,cAAc,IAAI;AAC1B,WAAK,OAAO,KAAK,UAAU,IAAI;AAAA,IACjC;AAEA,UAAM,WAAW,MAAM,KAAK,QAAQ,KAAK,IAAI;AAE7C,QAAI,SAAS,WAAW,OAAO,YAAY,GAAG;AAC5C,aAAO,KAAK,QAAQ,QAAQ,KAAK,MAAM,UAAU,CAAC;AAAA,IACpD;AACA,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,wBAAwB,SAAS,QAAQ,MAAM,SAAS,QAAQ,CAAC;AAAA,IACzE;AACA,WAAO;AAAA,EACT;AACF;AAEA,eAAe,SAAS,UAAsC;AAC5D,MAAI;AACF,WAAO,MAAM,SAAS,KAAK;AAAA,EAC7B,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;ACzHO,IAAM,WAAN,MAAM,UAAS;AAAA,EACZ,YAA6B,OAAe;AAAf;AAAA,EAAgB;AAAA,EAAhB;AAAA,EAErC,OAAO,WAAW,OAAyB;AACzC,WAAO,IAAI,UAAS,eAAe,OAAO,UAAU,CAAC;AAAA,EACvD;AAAA,EAEA,WAAmB;AACjB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,OAAO,OAA0B;AAC/B,WAAO,KAAK,UAAU,MAAM;AAAA,EAC9B;AACF;;;ACfO,IAAM,eAAN,MAAM,cAAa;AAAA,EAChB,YAA6B,OAAe;AAAf;AAAA,EAAgB;AAAA,EAAhB;AAAA,EAErC,OAAO,WAAW,OAA6B;AAC7C,WAAO,IAAI,cAAa,eAAe,OAAO,cAAc,CAAC;AAAA,EAC/D;AAAA;AAAA,EAGA,SAAiB;AACf,WAAO,KAAK;AAAA,EACd;AAAA;AAAA,EAGA,SAAiB;AACf,WAAO;AAAA,EACT;AAAA,EAEA,WAAmB;AACjB,WAAO,KAAK,OAAO;AAAA,EACrB;AACF;;;ACnBO,IAAM,aAAN,MAAM,YAAW;AAAA,EACd,YAA6B,OAAe;AAAf;AAAA,EAAgB;AAAA,EAAhB;AAAA,EAErC,OAAO,WAAW,OAA2B;AAC3C,WAAO,IAAI,YAAW,WAAW,OAAO,YAAY,CAAC;AAAA,EACvD;AAAA,EAEA,WAAmB;AACjB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,OAAO,OAA4B;AACjC,WAAO,KAAK,UAAU,MAAM;AAAA,EAC9B;AACF;;;ACCA,SAAS,UAAU,KAAuC;AACxD,SAAO;AAAA,IACL,MAAM,WAAW,WAAW,IAAI,EAAE;AAAA,IAClC,UAAU,SAAS,WAAW,IAAI,QAAQ;AAAA,IAC1C,SAAS,IAAI,WAAW;AAAA,IACxB,cAAc,IAAI,gBAAgB;AAAA,EACpC;AACF;AAEO,IAAM,2BAAN,MAA2D;AAAA,EAChE,YAA6B,QAA6B;AAA7B;AAAA,EAA8B;AAAA,EAA9B;AAAA,EAE7B,MAAM,OAAiC;AACrC,UAAM,MAAM,MAAM,KAAK,OAAO,QAA6B,UAAU;AACrE,WAAO,IAAI,IAAI,SAAS;AAAA,EAC1B;AAAA,EAEA,MAAM,eAAe,UAAmD;AACtE,UAAM,MAAM,MAAM,KAAK,OAAO,QAA6B,YAAY;AAAA,MACrE,UAAU,SAAS,SAAS;AAAA,IAC9B,CAAC;AACD,UAAM,QAAQ,IAAI,CAAC;AACnB,WAAO,UAAU,SAAY,OAAO,UAAU,KAAK;AAAA,EACrD;AAAA,EAEA,MAAM,UAAU,MAAyC;AACvD,UAAM,MAAM,MAAM,KAAK,OAAO;AAAA,MAC5B,YAAY,KAAK,SAAS,CAAC;AAAA,IAC7B;AACA,WAAO,aAAa,WAAW,IAAI,KAAK;AAAA,EAC1C;AAAA,EAEA,MAAM,iBAAiB,MAAyC;AAC9D,UAAM,MAAM,MAAM,KAAK,OAAO;AAAA,MAC5B,YAAY,KAAK,SAAS,CAAC;AAAA,IAC7B;AACA,WAAO,aAAa,WAAW,IAAI,KAAK;AAAA,EAC1C;AACF;;;ACpCO,IAAM,mCAAN,MAA2E;AAAA,EAChF,YAA6B,QAA6B;AAA7B;AAAA,EAA8B;AAAA,EAA9B;AAAA,EAE7B,MAAM,YAAiC;AACrC,UAAM,MAAM,MAAM,KAAK,OAAO;AAAA,MAC5B;AAAA,IACF;AACA,WAAO,IAAI,IAAI,CAAC,UAAU;AAAA,MACxB,IAAI,KAAK,MAAM;AAAA,MACf,OAAO,KAAK,SAAS;AAAA,MACrB,SAAS,KAAK,WAAW;AAAA,IAC3B,EAAE;AAAA,EACJ;AAAA,EAEA,MAAM,sBAAiD;AACrD,UAAM,MAAM,MAAM,KAAK,OAAO;AAAA,MAC5B;AAAA,IACF;AACA,WAAO,IAAI,IAAI,CAAC,YAAY;AAAA,MAC1B,OAAO,OAAO,SAAS;AAAA,MACvB,MAAM,OAAO,QAAQ;AAAA,MACrB,SAAS,OAAO,WAAW;AAAA,MAC3B,eAAe,OAAO,iBAAiB;AAAA,IACzC,EAAE;AAAA,EACJ;AAAA,EAEA,MAAM,yBACJ,OACA,SACe;AACf,UAAM,UAAU,MAAM,KAAK,OAAO;AAAA,MAChC,oCAAoC,mBAAmB,KAAK,CAAC;AAAA,IAC/D;AACA,UAAM,KAAK,OAAO;AAAA,MAChB,oCAAoC,mBAAmB,KAAK,CAAC;AAAA,MAC7D,EAAE,GAAG,SAAS,QAAQ;AAAA,IACxB;AAAA,EACF;AACF;;;AC9CA,SAAS,QAAQ,KAAqC;AACpD,SAAO;AAAA,IACL,IAAI,IAAI,MAAM,IAAI,OAAO;AAAA,IACzB,MAAM,IAAI,QAAQ;AAAA,IAClB,MAAM,IAAI,QAAQ;AAAA,EACpB;AACF;AAEO,IAAM,kCAAN,MAAyE;AAAA,EAC9E,YAA6B,QAA6B;AAA7B;AAAA,EAA8B;AAAA,EAA9B;AAAA,EAErB,KAAK,YAAgC;AAC3C,WAAO,YAAY,WAAW,SAAS,CAAC;AAAA,EAC1C;AAAA,EAEA,MAAM,UAAU,YAA+C;AAC7D,UAAM,MAAM,MAAM,KAAK,OAAO;AAAA,MAC5B,GAAG,KAAK,KAAK,UAAU,CAAC;AAAA,IAC1B;AACA,WAAO,IAAI,IAAI,OAAO;AAAA,EACxB;AAAA,EAEA,MAAM,SAAS,YAA+C;AAC5D,UAAM,MAAM,MAAM,KAAK,OAAO;AAAA,MAC5B,GAAG,KAAK,KAAK,UAAU,CAAC;AAAA,IAC1B;AACA,WAAO,IAAI,IAAI,OAAO;AAAA,EACxB;AAAA,EAEA,MAAM,YAAY,YAA+C;AAC/D,UAAM,MAAM,MAAM,KAAK,OAAO;AAAA,MAC5B,GAAG,KAAK,KAAK,UAAU,CAAC;AAAA,IAC1B;AACA,WAAO,IAAI,IAAI,OAAO;AAAA,EACxB;AACF;;;AC7CO,IAAM,gBAAN,MAAM,eAAc;AAAA,EACjB,YAA6B,OAAe;AAAf;AAAA,EAAgB;AAAA,EAAhB;AAAA,EAErC,OAAO,WAAW,OAA8B;AAC9C,WAAO,IAAI,eAAc,WAAW,OAAO,eAAe,CAAC;AAAA,EAC7D;AAAA,EAEA,WAAmB;AACjB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,OAAO,OAA+B;AACpC,WAAO,KAAK,UAAU,MAAM;AAAA,EAC9B;AACF;;;ACdO,IAAM,kBAAN,MAAM,iBAAgB;AAAA,EACnB,YAA6B,OAAe;AAAf;AAAA,EAAgB;AAAA,EAAhB;AAAA,EAErC,OAAO,WAAW,OAAgC;AAChD,WAAO,IAAI,iBAAgB,eAAe,OAAO,iBAAiB,CAAC;AAAA,EACrE;AAAA,EAEA,WAAmB;AACjB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,OAAO,OAAiC;AACtC,WAAO,KAAK,UAAU,MAAM;AAAA,EAC9B;AACF;;;ACOA,SAAS,QAAQ,KAAuC;AACtD,SAAO;AAAA,IACL,IAAI,cAAc,WAAW,IAAI,EAAE;AAAA,IACnC,MAAM,gBAAgB,WAAW,IAAI,IAAI;AAAA,IACzC,UAAU,IAAI,YAAY;AAAA,EAC5B;AACF;AAEA,SAAS,SAAS,KAAqC;AACrD,SAAO;AAAA,IACL,IAAI,IAAI;AAAA,IACR,MAAM,IAAI;AAAA,IACV,UAAU,IAAI,YAAY;AAAA,IAC1B,MAAM,IAAI,kBAAkB;AAAA,EAC9B;AACF;AAEO,IAAM,gCAAN,MAAqE;AAAA,EAC1E,YAA6B,QAA6B;AAA7B;AAAA,EAA8B;AAAA,EAA9B;AAAA,EAE7B,MAAM,aAAqC;AACzC,UAAM,MACJ,MAAM,KAAK,OAAO,QAA+B,gBAAgB;AACnE,WAAO,IAAI,IAAI,OAAO;AAAA,EACxB;AAAA,EAEA,MAAM,gBAAgB,MAAoD;AACxE,UAAM,SAAS,MAAM,KAAK,WAAW;AACrC,WAAO,OAAO,KAAK,CAAC,UAAU,MAAM,KAAK,OAAO,IAAI,CAAC,KAAK;AAAA,EAC5D;AAAA,EAEA,MAAM,cAAc,YAAgD;AAClE,UAAM,MAAM,MAAM,KAAK,OAAO;AAAA,MAC5B,YAAY,WAAW,SAAS,CAAC;AAAA,IACnC;AACA,WAAO,IAAI,IAAI,OAAO;AAAA,EACxB;AAAA,EAEA,mBACE,YACA,SACe;AACf,WAAO,KAAK,OAAO;AAAA,MACjB,YAAY,WAAW,SAAS,CAAC,0BAA0B,QAAQ,SAAS,CAAC;AAAA,IAC/E;AAAA,EACF;AAAA,EAEA,mBACE,YACA,SACe;AACf,WAAO,KAAK,OAAO;AAAA,MACjB,YAAY,WAAW,SAAS,CAAC,0BAA0B,QAAQ,SAAS,CAAC;AAAA,IAC/E;AAAA,EACF;AAAA,EAEA,MAAM,YAAY,YAAmD;AACnE,UAAM,MAAM,MAAM,KAAK,OAAO;AAAA,MAC5B,YAAY,WAAW,SAAS,CAAC;AAAA,IACnC;AACA,WAAO,IAAI,IAAI,QAAQ;AAAA,EACzB;AACF;;;AC/DA,SAAS,aAAa,KAAqC;AACzD,SAAO;AAAA,IACL,MAAM,IAAI,QAAQ;AAAA,IAClB,MAAM,IAAI,QAAQ;AAAA,IAClB,QAAQ,IAAI,UAAU;AAAA,IACtB,WAAW,IAAI,aAAa;AAAA,EAC9B;AACF;AAEA,SAAS,aAAa,KAAqC;AACzD,SAAO;AAAA,IACL,MAAM,IAAI,QAAQ;AAAA,IAClB,eAAe,IAAI,iBAAiB;AAAA,IACpC,cAAc,IAAI,gBAAgB;AAAA,IAClC,cAAc,IAAI,gBAAgB;AAAA,EACpC;AACF;AAEA,SAAS,SAAS,OAA2C;AAC3D,QAAM,SAAiC,EAAE,KAAK,OAAO,MAAM,GAAG,EAAE;AAChE,MAAI,MAAM,SAAS,QAAW;AAC5B,WAAO,OAAO,MAAM;AAAA,EACtB;AACA,MAAI,MAAM,SAAS,QAAW;AAC5B,WAAO,OAAO,MAAM;AAAA,EACtB;AACA,SAAO;AACT;AAEO,IAAM,mBAAN,MAA2C;AAAA,EAChD,YAA6B,QAA6B;AAA7B;AAAA,EAA8B;AAAA,EAA9B;AAAA,EAE7B,MAAM,YAAY,OAA0C;AAC1D,UAAM,MAAM,MAAM,KAAK,OAAO;AAAA,MAC5B;AAAA,MACA,SAAS,KAAK;AAAA,IAChB;AACA,WAAO,IAAI,IAAI,YAAY;AAAA,EAC7B;AAAA,EAEA,MAAM,YAAY,OAA0C;AAC1D,UAAM,MAAM,MAAM,KAAK,OAAO;AAAA,MAC5B;AAAA,MACA;AAAA,QACE,KAAK,OAAO,MAAM,GAAG;AAAA,MACvB;AAAA,IACF;AACA,WAAO,IAAI,IAAI,YAAY;AAAA,EAC7B;AACF;;;ACrEO,IAAM,cAAN,MAAM,aAAY;AAAA,EACf,YAA6B,OAAe;AAAf;AAAA,EAAgB;AAAA,EAAhB;AAAA,EAErC,OAAO,WAAW,OAA4B;AAC5C,WAAO,IAAI,aAAY,WAAW,OAAO,aAAa,CAAC;AAAA,EACzD;AAAA,EAEA,WAAmB;AACjB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,OAAO,OAA6B;AAClC,WAAO,KAAK,UAAU,MAAM;AAAA,EAC9B;AACF;;;ACNA,IAAM,gBAAgB;AAetB,SAAS,WAAW,KAA4C;AAC9D,SAAO;AAAA,IACL,IAAI,YAAY,WAAW,IAAI,EAAE;AAAA,IACjC,MAAM,IAAI,QAAQ;AAAA,IAClB,YAAY,IAAI,cAAc;AAAA,EAChC;AACF;AAEO,IAAM,+BAAN,MAAmE;AAAA,EACxE,YAA6B,QAA6B;AAA7B;AAAA,EAA8B;AAAA,EAA9B;AAAA,EAE7B,MAAM,OAAsC;AAC1C,UAAM,MAAM,MAAM,KAAK,OAAO,QAA6B,eAAe;AAAA,MACxE,MAAM;AAAA,IACR,CAAC;AACD,WAAO,IAAI,IAAI,UAAU;AAAA,EAC3B;AAAA,EAEA,MAAM,KAAK,IAAqD;AAC9D,QAAI;AACF,YAAM,MAAM,MAAM,KAAK,OAAO;AAAA,QAC5B,eAAe,GAAG,SAAS,CAAC;AAAA,MAC9B;AACA,aAAO,WAAW,GAAG;AAAA,IACvB,SAAS,OAAO;AACd,UAAI,iBAAiB,iBAAiB,MAAM,WAAW,KAAK;AAC1D,eAAO;AAAA,MACT;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAM,KAAK,IAAiB,MAAqC;AAC/D,UAAM,SACJ,SAAS,SAAS,oBAAoB;AACxC,UAAM,MAAM,MAAM,KAAK,OAAO;AAAA,MAC5B,iBAAiB,GAAG,SAAS,CAAC,gBAAgB,MAAM;AAAA,IACtD;AACA,WAAO;AAAA,MACL,QAAQ,IAAI,UAAU;AAAA,MACtB,OAAO,IAAI,SAAS;AAAA,MACpB,SAAS,IAAI,WAAW;AAAA,MACxB,SAAS,IAAI,WAAW;AAAA,IAC1B;AAAA,EACF;AACF;;;ACpEO,IAAM,UAAN,MAAM,SAAQ;AAAA,EACX,YAA6B,OAAe;AAAf;AAAA,EAAgB;AAAA,EAAhB;AAAA,EAErC,OAAO,WAAW,OAAwB;AACxC,WAAO,IAAI,SAAQ,WAAW,OAAO,SAAS,CAAC;AAAA,EACjD;AAAA,EAEA,WAAmB;AACjB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,OAAO,OAAyB;AAC9B,WAAO,KAAK,UAAU,MAAM;AAAA,EAC9B;AACF;;;ACdO,IAAM,YAAN,MAAM,WAAU;AAAA,EACb,YAA6B,OAAe;AAAf;AAAA,EAAgB;AAAA,EAAhB;AAAA,EAErC,OAAO,WAAW,OAA0B;AAC1C,WAAO,IAAI,WAAU,eAAe,OAAO,WAAW,CAAC;AAAA,EACzD;AAAA,EAEA,WAAmB;AACjB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,OAAO,OAA2B;AAChC,WAAO,KAAK,UAAU,MAAM;AAAA,EAC9B;AACF;;;AChBA,IAAM,gBAAgB;AAEf,IAAM,QAAN,MAAM,OAAM;AAAA,EACT,YAA6B,OAAe;AAAf;AAAA,EAAgB;AAAA,EAAhB;AAAA,EAErC,OAAO,WAAW,OAAsB;AACtC,UAAM,UAAU,MAAM,KAAK,EAAE,YAAY;AACzC,QAAI,CAAC,cAAc,KAAK,OAAO,GAAG;AAChC,YAAM,IAAI,MAAM,0BAA0B,KAAK,EAAE;AAAA,IACnD;AACA,WAAO,IAAI,OAAM,OAAO;AAAA,EAC1B;AAAA,EAEA,WAAmB;AACjB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,OAAO,OAAuB;AAC5B,WAAO,KAAK,UAAU,MAAM;AAAA,EAC9B;AACF;;;AClBO,IAAM,SAAN,MAAM,QAAO;AAAA,EACV,YAA6B,OAAe;AAAf;AAAA,EAAgB;AAAA,EAAhB;AAAA,EAErC,OAAO,WAAW,OAAuB;AACvC,WAAO,IAAI,QAAO,WAAW,OAAO,QAAQ,CAAC;AAAA,EAC/C;AAAA,EAEA,WAAmB;AACjB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,OAAO,OAAwB;AAC7B,WAAO,KAAK,UAAU,MAAM;AAAA,EAC9B;AACF;;;ACdO,IAAM,WAAN,MAAM,UAAS;AAAA,EACZ,YAA6B,OAAe;AAAf;AAAA,EAAgB;AAAA,EAAhB;AAAA,EAErC,OAAO,WAAW,OAAyB;AACzC,UAAM,UAAU,eAAe,OAAO,UAAU;AAChD,QAAI,KAAK,KAAK,OAAO,GAAG;AACtB,YAAM,IAAI,MAAM,oCAAoC;AAAA,IACtD;AACA,WAAO,IAAI,UAAS,OAAO;AAAA,EAC7B;AAAA,EAEA,WAAmB;AACjB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,OAAO,OAA0B;AAC/B,WAAO,KAAK,UAAU,MAAM;AAAA,EAC9B;AACF;;;ACQO,SAAS,OAAO,KAAyB;AAC9C,SAAO;AAAA,IACL,IAAI,OAAO,WAAW,IAAI,EAAE;AAAA,IAC5B,UAAU,SAAS,WAAW,IAAI,QAAQ;AAAA,IAC1C,OACE,IAAI,UAAU,UAAa,IAAI,UAAU,KACrC,OACA,MAAM,WAAW,IAAI,KAAK;AAAA,IAChC,SAAS,IAAI,WAAW;AAAA,EAC1B;AACF;AAEO,IAAM,yBAAN,MAAuD;AAAA,EAC5D,YAA6B,QAA6B;AAA7B;AAAA,EAA8B;AAAA,EAA9B;AAAA,EAE7B,OAAO,UAA+C;AACpD,UAAM,QAAgC;AAAA,MACpC,OAAO,OAAO,SAAS,KAAK;AAAA,MAC5B,KAAK,OAAO,SAAS,GAAG;AAAA,IAC1B;AACA,QAAI,SAAS,UAAU,QAAW;AAChC,YAAM,QAAQ,SAAS,MAAM,SAAS;AAAA,IACxC;AACA,QAAI,SAAS,aAAa,QAAW;AACnC,YAAM,WAAW,SAAS,SAAS,SAAS;AAAA,IAC9C;AACA,QAAI,SAAS,WAAW,QAAW;AACjC,YAAM,SAAS,SAAS;AAAA,IAC1B;AACA,WAAO,KAAK,OACT,QAAwB,UAAU,KAAK,EACvC,KAAK,CAAC,QAAQ,IAAI,IAAI,MAAM,CAAC;AAAA,EAClC;AAAA,EAEA,MAAM,SAAS,IAAkC;AAC/C,QAAI;AACF,YAAM,MAAM,MAAM,KAAK,OAAO;AAAA,QAC5B,UAAU,GAAG,SAAS,CAAC;AAAA,MACzB;AACA,aAAO,OAAO,GAAG;AAAA,IACnB,SAAS,OAAO;AACd,UAAI,iBAAiB,iBAAiB,MAAM,WAAW,KAAK;AAC1D,eAAO;AAAA,MACT;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,OAAO,MAA8B;AACnC,WAAO,KAAK,OAAO,KAAK,UAAU;AAAA,MAChC,UAAU,KAAK,SAAS,SAAS;AAAA,MACjC,GAAI,KAAK,UAAU,SAAY,CAAC,IAAI,EAAE,OAAO,KAAK,MAAM,SAAS,EAAE;AAAA,MACnE,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA,IACtB,CAAC;AAAA,EACH;AAAA,EAEA,OAAO,IAAY,SAAoC;AACrD,UAAM,OAAgC,CAAC;AACvC,QAAI,QAAQ,UAAU,QAAW;AAC/B,WAAK,QAAQ,QAAQ,MAAM,SAAS;AAAA,IACtC;AACA,QAAI,QAAQ,cAAc,QAAW;AACnC,WAAK,YAAY,QAAQ;AAAA,IAC3B;AACA,QAAI,QAAQ,aAAa,QAAW;AAClC,WAAK,WAAW,QAAQ;AAAA,IAC1B;AACA,QAAI,QAAQ,YAAY,QAAW;AACjC,WAAK,UAAU,QAAQ;AAAA,IACzB;AACA,WAAO,KAAK,OAAO,IAAI,UAAU,GAAG,SAAS,CAAC,IAAI,IAAI;AAAA,EACxD;AAAA,EAEA,WAAW,IAAY,SAAiC;AACtD,WAAO,KAAK,OAAO,IAAI,UAAU,GAAG,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC;AAAA,EAC/D;AAAA,EAEA,cACE,IACA,UACA,WACe;AACf,WAAO,KAAK,OAAO,IAAI,UAAU,GAAG,SAAS,CAAC,mBAAmB;AAAA,MAC/D,MAAM;AAAA,MACN,OAAO,SAAS,OAAO;AAAA,MACvB;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,iBAAiB,IAAY,SAA2C;AACtE,WAAO,KAAK,OAAO;AAAA,MACjB,UAAU,GAAG,SAAS,CAAC;AAAA,MACvB,QAAQ,IAAI,CAAC,WAAW,OAAO,SAAS,CAAC;AAAA,IAC3C;AAAA,EACF;AAAA,EAEA,OAAO,IAA2B;AAChC,WAAO,KAAK,OAAO,KAAK,UAAU,GAAG,SAAS,CAAC,SAAS;AAAA,EAC1D;AAAA,EAEA,OAAO,IAA2B;AAChC,WAAO,KAAK,OAAO,OAAO,UAAU,GAAG,SAAS,CAAC,EAAE;AAAA,EACrD;AAAA,EAEA,MAAM,aAAa,IAAoC;AACrD,UAAM,MAAM,MAAM,KAAK,OAAO;AAAA,MAC5B,UAAU,GAAG,SAAS,CAAC;AAAA,IACzB;AACA,WAAO,IAAI,IAAI,CAAC,aAAa;AAAA,MAC3B,IAAI,QAAQ,MAAM;AAAA,MAClB,WAAW,QAAQ,aAAa;AAAA,MAChC,OAAO,QAAQ,SAAS;AAAA,MACxB,YAAY,QAAQ,cAAc;AAAA,IACpC,EAAE;AAAA,EACJ;AAAA,EAEA,MAAM,oBAAoB,IAA6B;AACrD,YAAQ,MAAM,KAAK,aAAa,EAAE,GAAG;AAAA,EACvC;AACF;;;ACpIA,SAAS,QAAQ,KAA2B;AAC1C,SAAO;AAAA,IACL,IAAI,QAAQ,WAAW,IAAI,EAAE;AAAA,IAC7B,MAAM,UAAU,WAAW,IAAI,IAAI;AAAA,IACnC,MAAM,IAAI,QAAQ,IAAI,IAAI,IAAI;AAAA,EAChC;AACF;AAEO,IAAM,0BAAN,MAAyD;AAAA,EAC9D,YAA6B,QAA6B;AAA7B;AAAA,EAA8B;AAAA,EAA9B;AAAA,EAE7B,MAAM,OAAyB;AAC7B,UAAM,MAAM,MAAM,KAAK,OAAO,QAAyB,SAAS;AAChE,WAAO,IAAI,IAAI,OAAO;AAAA,EACxB;AAAA,EAEA,OAAO,MAAgC;AACrC,WAAO,KAAK,OAAO,KAAK,WAAW,EAAE,MAAM,KAAK,SAAS,EAAE,CAAC;AAAA,EAC9D;AAAA,EAEA,OAAO,IAA4B;AACjC,WAAO,KAAK,OAAO,OAAO,WAAW,GAAG,SAAS,CAAC,EAAE;AAAA,EACtD;AAAA,EAEA,UAAU,SAAkB,QAA+B;AACzD,WAAO,KAAK,OAAO;AAAA,MACjB,UAAU,OAAO,SAAS,CAAC,WAAW,QAAQ,SAAS,CAAC;AAAA,IAC1D;AAAA,EACF;AAAA,EAEA,aAAa,SAAkB,QAA+B;AAC5D,WAAO,KAAK,OAAO;AAAA,MACjB,UAAU,OAAO,SAAS,CAAC,WAAW,QAAQ,SAAS,CAAC;AAAA,IAC1D;AAAA,EACF;AAAA,EAEA,gBAAgB,SAAkB,MAA2B;AAC3D,WAAO,KAAK,OAAO;AAAA,MACjB,WAAW,QAAQ,SAAS,CAAC;AAAA,MAC7B,CAAC,EAAE,IAAI,KAAK,IAAI,MAAM,KAAK,KAAK,SAAS,EAAE,CAAC;AAAA,IAC9C;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,SAAmC;AAC/C,UAAM,MAAM,MAAM,KAAK,OAAO,QAE5B,WAAW,QAAQ,SAAS,CAAC,UAAU;AACzC,WAAO,IAAI,IAAI,MAAM;AAAA,EACvB;AAAA,EAEA,MAAM,WAAW,QAAkC;AACjD,UAAM,MAAM,MAAM,KAAK,OAAO,QAE5B,UAAU,OAAO,SAAS,CAAC,SAAS;AACtC,WAAO,IAAI,IAAI,OAAO;AAAA,EACxB;AACF;;;ACtEO,IAAM,WAAN,MAAM,UAAS;AAAA,EACZ,YAA6B,OAAe;AAAf;AAAA,EAAgB;AAAA,EAAhB;AAAA,EAErC,OAAO,WAAW,OAAyB;AACzC,WAAO,IAAI,UAAS,eAAe,OAAO,UAAU,CAAC;AAAA,EACvD;AAAA,EAEA,WAAmB;AACjB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,OAAO,OAA0B;AAC/B,WAAO,KAAK,UAAU,MAAM;AAAA,EAC9B;AACF;;;ACOA,SAAS,MAAM,KAAoC;AACjD,SAAO;AAAA,IACL,OAAO,SAAS,WAAW,IAAI,KAAK;AAAA,IACpC,YAAY,IAAI,cAAc;AAAA,IAC9B,SAAS,IAAI,WAAW;AAAA,IACxB,aAAa,IAAI,eAAe;AAAA,EAClC;AACF;AAEO,IAAM,qCAAN,MAA+E;AAAA,EACpF,YAA6B,QAA6B;AAA7B;AAAA,EAA8B;AAAA,EAA9B;AAAA,EAE7B,MAAM,OAAoC;AACxC,UAAM,MAAM,MAAM,KAAK,OAAO;AAAA,MAC5B;AAAA,IACF;AACA,WAAO,IAAI,IAAI,KAAK;AAAA,EACtB;AAAA,EAEA,MAAM,KAAK,OAAmD;AAC5D,QAAI;AACF,YAAM,MAAM,MAAM,KAAK,OAAO;AAAA,QAC5B,gCAAgC,MAAM,SAAS,CAAC;AAAA,MAClD;AACA,aAAO,MAAM,GAAG;AAAA,IAClB,SAAS,OAAO;AACd,UAAI,iBAAiB,iBAAiB,MAAM,WAAW,KAAK;AAC1D,eAAO;AAAA,MACT;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,OAAO,KAAyC;AAC9C,WAAO,KAAK,OAAO,KAAK,gCAAgC;AAAA,MACtD,OAAO,IAAI,MAAM,SAAS;AAAA,MAC1B,YAAY,IAAI;AAAA,MAChB,SAAS,IAAI;AAAA,MACb,QAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AAAA,EAEA,OAAO,OAAgC;AACrC,WAAO,KAAK,OAAO;AAAA,MACjB,gCAAgC,MAAM,SAAS,CAAC;AAAA,IAClD;AAAA,EACF;AAAA,EAEA,MAAM,YAAY,OAAuC;AACvD,UAAM,MAAM,MAAM,KAAK,OAAO;AAAA,MAC5B,gCAAgC,MAAM,SAAS,CAAC;AAAA,IAClD;AACA,WAAO,IAAI,IAAI,CAAC,YAAY;AAAA,MAC1B,IAAI,OAAO;AAAA,MACX,MAAM,OAAO;AAAA,MACb,MAAM,OAAO,0BAA0B;AAAA,IACzC,EAAE;AAAA,EACJ;AACF;;;AC9EO,IAAM,oBAAN,MAA6C;AAAA,EAClD,YAA6B,QAA6B;AAA7B;AAAA,EAA8B;AAAA,EAA9B;AAAA,EAE7B,iBAAmD;AACjD,WAAO,KAAK,OAAO,QAAiC,EAAE;AAAA,EACxD;AAAA,EAEA,aAA+C;AAC7C,WAAO,KAAK,OAAO,aAAsC,aAAa;AAAA,EACxE;AACF;;;ACXO,IAAM,WAAN,MAAM,UAAS;AAAA,EACZ,YAA6B,OAAe;AAAf;AAAA,EAAgB;AAAA,EAAhB;AAAA,EAErC,OAAO,WAAW,OAAyB;AACzC,WAAO,IAAI,UAAS,eAAe,OAAO,UAAU,CAAC;AAAA,EACvD;AAAA,EAEA,WAAmB;AACjB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,OAAO,OAA0B;AAC/B,WAAO,KAAK,UAAU,MAAM;AAAA,EAC9B;AACF;;;ACHA,SAAS,OAAO,KAAyB;AACvC,SAAO;AAAA,IACL,IAAI,IAAI;AAAA,IACR,MAAM,SAAS,WAAW,IAAI,IAAI;AAAA,IAClC,aAAa,IAAI,eAAe;AAAA,EAClC;AACF;AAEA,SAAS,iBAAiB,MAA0C;AAClE,SAAO,EAAE,IAAI,KAAK,IAAI,MAAM,KAAK,KAAK,SAAS,EAAE;AACnD;AAEO,IAAM,yBAAN,MAAuD;AAAA,EAC5D,YAA6B,QAA6B;AAA7B;AAAA,EAA8B;AAAA,EAA9B;AAAA,EAE7B,MAAM,iBAAkC;AACtC,UAAM,MAAM,MAAM,KAAK,OAAO,QAAwB,QAAQ;AAC9D,WAAO,IAAI,IAAI,MAAM;AAAA,EACvB;AAAA,EAEA,MAAM,cAAc,MAAsC;AACxD,QAAI;AACF,YAAM,MAAM,MAAM,KAAK,OAAO;AAAA,QAC5B,UAAU,mBAAmB,KAAK,SAAS,CAAC,CAAC;AAAA,MAC/C;AACA,aAAO,OAAO,GAAG;AAAA,IACnB,SAAS,OAAO;AACd,UAAI,iBAAiB,iBAAiB,MAAM,WAAW,KAAK;AAC1D,eAAO;AAAA,MACT;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAM,mBAAmB,QAAiC;AACxD,UAAM,MAAM,MAAM,KAAK,OAAO;AAAA,MAC5B,UAAU,OAAO,SAAS,CAAC;AAAA,IAC7B;AACA,WAAO,IAAI,IAAI,MAAM;AAAA,EACvB;AAAA,EAEA,gBAAgB,QAAgB,MAA2B;AACzD,WAAO,KAAK,OAAO,KAAK,UAAU,OAAO,SAAS,CAAC,wBAAwB;AAAA,MACzE,iBAAiB,IAAI;AAAA,IACvB,CAAC;AAAA,EACH;AAAA,EAEA,gBAAgB,QAAgB,MAA2B;AACzD,WAAO,KAAK,OAAO;AAAA,MACjB,UAAU,OAAO,SAAS,CAAC;AAAA,MAC3B,CAAC,iBAAiB,IAAI,CAAC;AAAA,IACzB;AAAA,EACF;AACF;;;AClEA,SAAS,KAAAA,UAAS;;;ACGX,IAAM,uBAAN,MAA2B;AAAA,EAChC,YAA6B,gBAA0C;AAA1C;AAAA,EAA2C;AAAA,EAA3C;AAAA,EAE7B,UAA+B;AAC7B,WAAO,KAAK,eAAe,UAAU;AAAA,EACvC;AACF;;;ACNO,IAAM,6BAAN,MAAiC;AAAA,EACtC,YAA6B,gBAA0C;AAA1C;AAAA,EAA2C;AAAA,EAA3C;AAAA,EAE7B,UAAqC;AACnC,WAAO,KAAK,eAAe,oBAAoB;AAAA,EACjD;AACF;;;ACFO,IAAM,kCAAN,MAAsC;AAAA,EAC3C,YAA6B,gBAA0C;AAA1C;AAAA,EAA2C;AAAA,EAA3C;AAAA,EAE7B,QAAQ,OAAqD;AAC3D,WAAO,KAAK,eAAe;AAAA,MACzB,MAAM;AAAA,MACN,MAAM;AAAA,IACR;AAAA,EACF;AACF;;;ACSO,SAAS,WAAW,MAA8B;AACvD,SAAO,EAAE,SAAS,CAAC,EAAE,MAAM,QAAQ,KAAK,CAAC,EAAE;AAC7C;;;AJdA,SAAS,cAAc,MAAoC;AACzD,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,CAAC;AAAA,IACd,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,UAAU;AACd,YAAM,QAAQ,MAAM,IAAI;AAAA,QACtB,KAAK;AAAA,MACP,EAAE,QAAQ;AACV,aAAO,WAAW,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAAA,IAClD;AAAA,EACF;AACF;AAEA,SAAS,wBAAwB,MAAoC;AACnE,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,CAAC;AAAA,IACd,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,UAAU;AACd,YAAM,UAAU,MAAM,IAAI;AAAA,QACxB,KAAK;AAAA,MACP,EAAE,QAAQ;AACV,aAAO,WAAW,KAAK,UAAU,SAAS,MAAM,CAAC,CAAC;AAAA,IACpD;AAAA,EACF;AACF;AAEA,SAAS,6BAA6B,MAAoC;AACxE,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,EAAE,OAAOC,GAAE,OAAO,GAAG,SAASA,GAAE,QAAQ,EAAE;AAAA,IACvD,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,UAAU,KAAK,YAAY;AACjC,YAAM,IAAI;AAAA,QACR,KAAK;AAAA,MACP,EAAE,QAAQ,EAAE,OAAO,OAAO,KAAK,KAAK,GAAG,QAAQ,CAAC;AAChD,aAAO;AAAA,QACL,mBAAmB,OAAO,KAAK,KAAK,CAAC,IACnC,UAAU,YAAY,UACxB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,eAAe,MAAsC;AACnE,SAAO;AAAA,IACL,cAAc,IAAI;AAAA,IAClB,wBAAwB,IAAI;AAAA,IAC5B,6BAA6B,IAAI;AAAA,EACnC;AACF;;;AKvFA,SAAS,KAAAC,UAAS;;;ACKX,IAAM,8BAAN,MAAkC;AAAA,EACvC,YACmB,SACA,OACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,MAAM,QAAQ,UAAkD;AAC9D,UAAM,SAAS,MAAM,KAAK,QAAQ,eAAe,QAAQ;AACzD,QAAI,WAAW,MAAM;AACnB,aAAO;AAAA,IACT;AACA,WAAO,KAAK,MAAM,YAAY,OAAO,IAAI;AAAA,EAC3C;AACF;;;ACbO,IAAM,2BAAN,MAA+B;AAAA,EACpC,YACmB,SACA,OACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,MAAM,QAAQ,UAAkD;AAC9D,UAAM,SAAS,MAAM,KAAK,QAAQ,eAAe,QAAQ;AACzD,QAAI,WAAW,MAAM;AACnB,aAAO;AAAA,IACT;AACA,WAAO,KAAK,MAAM,SAAS,OAAO,IAAI;AAAA,EACxC;AACF;;;ACbO,IAAM,4BAAN,MAAgC;AAAA,EACrC,YACmB,SACA,OACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,MAAM,QAAQ,UAAkD;AAC9D,UAAM,SAAS,MAAM,KAAK,QAAQ,eAAe,QAAQ;AACzD,QAAI,WAAW,MAAM;AACnB,aAAO;AAAA,IACT;AACA,WAAO,KAAK,MAAM,UAAU,OAAO,IAAI;AAAA,EACzC;AACF;;;AHCA,SAAS,SACP,MACA,OACA,aACA,KACgB;AAChB,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,aAAa,EAAE,UAAUC,GAAE,OAAO,EAAE;AAAA,IACpC,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,UAAU,MAAM,IAAI,SAAS,WAAW,OAAO,KAAK,QAAQ,CAAC,CAAC;AACpE,aAAO;AAAA,QACL,YAAY,OACR,sBACA,KAAK,UAAU,SAAS,MAAM,CAAC;AAAA,MACrC;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,gBAAgB,MAAuC;AACrE,SAAO;AAAA,IACL;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA,CAAC,aACC,IAAI;AAAA,QACF,KAAK;AAAA,QACL,KAAK;AAAA,MACP,EAAE,QAAQ,QAAQ;AAAA,IACtB;AAAA,IACA;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA,CAAC,aACC,IAAI;AAAA,QACF,KAAK;AAAA,QACL,KAAK;AAAA,MACP,EAAE,QAAQ,QAAQ;AAAA,IACtB;AAAA,IACA;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA,CAAC,aACC,IAAI;AAAA,QACF,KAAK;AAAA,QACL,KAAK;AAAA,MACP,EAAE,QAAQ,QAAQ;AAAA,IACtB;AAAA,EACF;AACF;;;AIhFA,SAAS,KAAAC,UAAS;;;ACeX,IAAM,2BAAN,MAA+B;AAAA,EACpC,YACmB,SACA,QACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,MAAM,QACJ,OACkC;AAClC,UAAM,SAAS,MAAM,KAAK,QAAQ,eAAe,MAAM,QAAQ;AAC/D,QAAI,WAAW,MAAM;AACnB,aAAO,EAAE,UAAU,OAAO,QAAQ,mBAAmB;AAAA,IACvD;AACA,UAAM,QAAQ,MAAM,KAAK,OAAO,gBAAgB,MAAM,KAAK;AAC3D,QAAI,UAAU,MAAM;AAClB,aAAO,EAAE,UAAU,OAAO,QAAQ,kBAAkB;AAAA,IACtD;AACA,UAAM,KAAK,OAAO,mBAAmB,OAAO,MAAM,MAAM,EAAE;AAC1D,WAAO,EAAE,UAAU,KAAK;AAAA,EAC1B;AACF;;;AC9BO,IAAM,gCAAN,MAAoC;AAAA,EACzC,YACmB,SACA,QACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,MAAM,QAAQ,UAAmD;AAC/D,UAAM,SAAS,MAAM,KAAK,QAAQ,eAAe,QAAQ;AACzD,QAAI,WAAW,MAAM;AACnB,aAAO;AAAA,IACT;AACA,WAAO,KAAK,OAAO,cAAc,OAAO,IAAI;AAAA,EAC9C;AACF;;;ACbO,IAAM,2BAAN,MAA+B;AAAA,EACpC,YACmB,SACA,QACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,MAAM,QAAQ,UAAsD;AAClE,UAAM,SAAS,MAAM,KAAK,QAAQ,eAAe,QAAQ;AACzD,QAAI,WAAW,MAAM;AACnB,aAAO;AAAA,IACT;AACA,WAAO,KAAK,OAAO,YAAY,OAAO,IAAI;AAAA,EAC5C;AACF;;;ACfO,IAAM,0BAAN,MAA8B;AAAA,EACnC,YAA6B,QAA+B;AAA/B;AAAA,EAAgC;AAAA,EAAhC;AAAA,EAE7B,UAAkC;AAChC,WAAO,KAAK,OAAO,WAAW;AAAA,EAChC;AACF;;;ACHO,IAAM,uBAAN,MAAM,sBAAqB;AAAA,EACxB,YACW,SACA,QACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,OAAO,GAAG,SAAiB,QAAsC;AAC/D,WAAO,IAAI;AAAA,MACT,eAAe,SAAS,SAAS;AAAA,MACjC,eAAe,QAAQ,QAAQ;AAAA,IACjC;AAAA,EACF;AAAA,EAEA,WAAmB;AACjB,WAAO,GAAG,KAAK,OAAO;AAAA;AAAA,EAAO,KAAK,MAAM;AAAA,EAC1C;AACF;;;ACLO,IAAM,2BAAN,MAA+B;AAAA,EACpC,YACmB,SACA,QACA,WACjB;AAHiB;AACA;AACA;AAAA,EAChB;AAAA,EAHgB;AAAA,EACA;AAAA,EACA;AAAA,EAGnB,MAAM,QACJ,OACkC;AAClC,UAAM,SAAS,MAAM,KAAK,QAAQ,eAAe,MAAM,QAAQ;AAC/D,QAAI,WAAW,MAAM;AACnB,aAAO,EAAE,SAAS,OAAO,QAAQ,mBAAmB;AAAA,IACtD;AACA,UAAM,QAAQ,MAAM,KAAK,OAAO,gBAAgB,MAAM,KAAK;AAC3D,QAAI,UAAU,MAAM;AAClB,aAAO,EAAE,SAAS,OAAO,QAAQ,kBAAkB;AAAA,IACrD;AAEA,UAAM,YAAY,qBAAqB;AAAA,MACrC,wBAAwB,MAAM,MAAM,SAAS,CAAC,gBAAgB,MAAM,SAAS,SAAS,CAAC;AAAA,MACvF;AAAA,IAEF;AACA,QAAI,CAAE,MAAM,KAAK,UAAU,QAAQ,SAAS,GAAI;AAC9C,aAAO,EAAE,SAAS,OAAO,QAAQ,0BAA0B;AAAA,IAC7D;AAEA,UAAM,KAAK,OAAO,mBAAmB,OAAO,MAAM,MAAM,EAAE;AAC1D,WAAO,EAAE,SAAS,KAAK;AAAA,EACzB;AACF;;;AN1BA,SAAS,eAAe,OAA6C;AACnE,SAAO;AAAA,IACL,IAAI,MAAM,GAAG,SAAS;AAAA,IACtB,MAAM,MAAM,KAAK,SAAS;AAAA,IAC1B,UAAU,MAAM;AAAA,EAClB;AACF;AAEA,SAAS,eAAe,MAA2C;AACjE,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,CAAC;AAAA,IACd,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,UAAU;AACd,YAAM,SAAS,MAAM,IAAI;AAAA,QACvB,KAAK;AAAA,MACP,EAAE,QAAQ;AACV,aAAO,WAAW,KAAK,UAAU,OAAO,IAAI,cAAc,GAAG,MAAM,CAAC,CAAC;AAAA,IACvE;AAAA,EACF;AACF;AAEA,SAAS,kBAAkB,MAA2C;AACpE,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,EAAE,UAAUC,GAAE,OAAO,EAAE;AAAA,IACpC,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,SAAS,MAAM,IAAI;AAAA,QACvB,KAAK;AAAA,QACL,KAAK;AAAA,MACP,EAAE,QAAQ,SAAS,WAAW,OAAO,KAAK,QAAQ,CAAC,CAAC;AACpD,aAAO;AAAA,QACL,WAAW,OACP,sBACA,KAAK,UAAU,OAAO,IAAI,cAAc,GAAG,MAAM,CAAC;AAAA,MACxD;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,gBAAgB,MAA2C;AAClE,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,EAAE,UAAUA,GAAE,OAAO,EAAE;AAAA,IACpC,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,UAAU,MAAM,IAAI;AAAA,QACxB,KAAK;AAAA,QACL,KAAK;AAAA,MACP,EAAE,QAAQ,SAAS,WAAW,OAAO,KAAK,QAAQ,CAAC,CAAC;AACpD,aAAO;AAAA,QACL,YAAY,OACR,sBACA,KAAK,UAAU,SAAS,MAAM,CAAC;AAAA,MACrC;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,gBAAgB,MAA2C;AAClE,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,EAAE,UAAUA,GAAE,OAAO,GAAG,OAAOA,GAAE,OAAO,EAAE;AAAA,IACvD,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,SAAS,MAAM,IAAI;AAAA,QACvB,KAAK;AAAA,QACL,KAAK;AAAA,MACP,EAAE,QAAQ;AAAA,QACR,UAAU,SAAS,WAAW,OAAO,KAAK,QAAQ,CAAC;AAAA,QACnD,OAAO,gBAAgB,WAAW,OAAO,KAAK,KAAK,CAAC;AAAA,MACtD,CAAC;AACD,aAAO;AAAA,QACL,OAAO,WACH,UAAU,OAAO,KAAK,KAAK,CAAC,gBAC5B,iBAAiB,OAAO,UAAU,gBAAgB;AAAA,MACxD;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,kBAAkB,MAA2C;AACpE,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aACE;AAAA,IACF;AAAA,IACA,aAAa;AAAA,MACX,UAAUA,GAAE,OAAO;AAAA,MACnB,OAAOA,GAAE,OAAO;AAAA,MAChB,SAASA,GAAE,QAAQ,EAAE,SAAS;AAAA,IAChC;AAAA,IACA,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,YAAY,KAAK,WAAW,OAAO,KAAK,YAAY,IAAI;AAC9D,YAAM,SAAS,MAAM,IAAI;AAAA,QACvB,KAAK;AAAA,QACL,KAAK;AAAA,QACL;AAAA,MACF,EAAE,QAAQ;AAAA,QACR,UAAU,SAAS,WAAW,OAAO,KAAK,QAAQ,CAAC;AAAA,QACnD,OAAO,gBAAgB,WAAW,OAAO,KAAK,KAAK,CAAC;AAAA,MACtD,CAAC;AACD,aAAO;AAAA,QACL,OAAO,UACH,UAAU,OAAO,KAAK,KAAK,CAAC,eAC5B,gBAAgB,OAAO,UAAU,gBAAgB;AAAA,MACvD;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,sBACd,MACkB;AAClB,SAAO;AAAA,IACL,eAAe,IAAI;AAAA,IACnB,kBAAkB,IAAI;AAAA,IACtB,gBAAgB,IAAI;AAAA,IACpB,gBAAgB,IAAI;AAAA,IACpB,kBAAkB,IAAI;AAAA,EACxB;AACF;;;AOlLA,SAAS,KAAAC,UAAS;;;ACIX,IAAM,yBAAN,MAA6B;AAAA,EAClC,YAA6B,SAA2B;AAA3B;AAAA,EAA4B;AAAA,EAA5B;AAAA,EAE7B,MAAM,QAAQ,UAAkD;AAC9D,UAAM,SAAS,MAAM,KAAK,QAAQ,eAAe,QAAQ;AACzD,QAAI,WAAW,MAAM;AACnB,aAAO;AAAA,IACT;AACA,WAAO,KAAK,QAAQ,UAAU,OAAO,IAAI;AAAA,EAC3C;AACF;;;ACVO,IAAM,mBAAN,MAAuB;AAAA,EAC5B,YAA6B,SAA2B;AAA3B;AAAA,EAA4B;AAAA,EAA5B;AAAA,EAE7B,QAAQ,UAAmD;AACzD,WAAO,KAAK,QAAQ,eAAe,QAAQ;AAAA,EAC7C;AACF;;;ACPO,IAAM,qBAAN,MAAyB;AAAA,EAC9B,YAA6B,SAA2B;AAA3B;AAAA,EAA4B;AAAA,EAA5B;AAAA,EAE7B,UAAoC;AAClC,WAAO,KAAK,QAAQ,KAAK;AAAA,EAC3B;AACF;;;ACGO,IAAM,gCAAN,MAAoC;AAAA,EACzC,YACmB,SACA,WACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,MAAM,QAAQ,UAA2D;AACvE,UAAM,SAAS,MAAM,KAAK,QAAQ,eAAe,QAAQ;AACzD,QAAI,WAAW,MAAM;AACnB,aAAO,EAAE,aAAa,OAAO,QAAQ,mBAAmB;AAAA,IAC1D;AAEA,UAAM,YAAY,qBAAqB;AAAA,MACrC,gCAAgC,SAAS,SAAS,CAAC;AAAA,MACnD;AAAA,IAEF;AACA,QAAI,CAAE,MAAM,KAAK,UAAU,QAAQ,SAAS,GAAI;AAC9C,aAAO,EAAE,aAAa,OAAO,QAAQ,0BAA0B;AAAA,IACjE;AAEA,UAAM,SAAS,MAAM,KAAK,QAAQ,iBAAiB,OAAO,IAAI;AAC9D,WAAO,EAAE,aAAa,MAAM,OAAO;AAAA,EACrC;AACF;;;AJlBA,SAAS,gBAAgB,QAAgD;AACvE,SAAO;AAAA,IACL,MAAM,OAAO,KAAK,SAAS;AAAA,IAC3B,UAAU,OAAO,SAAS,SAAS;AAAA,IACnC,SAAS,OAAO;AAAA,IAChB,cAAc,OAAO;AAAA,EACvB;AACF;AAEA,SAAS,gBAAgB,MAAsC;AAC7D,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,CAAC;AAAA,IACd,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,UAAU;AACd,YAAM,UAAU,MAAM,IAAI;AAAA,QACxB,KAAK;AAAA,MACP,EAAE,QAAQ;AACV,aAAO,WAAW,KAAK,UAAU,QAAQ,IAAI,eAAe,GAAG,MAAM,CAAC,CAAC;AAAA,IACzE;AAAA,EACF;AACF;AAEA,SAAS,cAAc,MAAsC;AAC3D,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,EAAE,UAAUC,GAAE,OAAO,EAAE;AAAA,IACpC,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,SAAS,MAAM,IAAI,iBAAiB,KAAK,gBAAgB,EAAE;AAAA,QAC/D,SAAS,WAAW,OAAO,KAAK,QAAQ,CAAC;AAAA,MAC3C;AACA,aAAO;AAAA,QACL,WAAW,OACP,sBACA,KAAK,UAAU,gBAAgB,MAAM,GAAG,MAAM,CAAC;AAAA,MACrD;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,oBAAoB,MAAsC;AACjE,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aACE;AAAA,IACF;AAAA,IACA,aAAa,EAAE,UAAUA,GAAE,OAAO,GAAG,QAAQA,GAAE,QAAQ,EAAE,SAAS,EAAE;AAAA,IACpE,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,SAAS,MAAM,IAAI;AAAA,QACvB,KAAK;AAAA,MACP,EAAE,QAAQ,SAAS,WAAW,OAAO,KAAK,QAAQ,CAAC,CAAC;AACpD,UAAI,WAAW,MAAM;AACnB,eAAO,WAAW,mBAAmB;AAAA,MACvC;AACA,aAAO;AAAA,QACL,KAAK,WAAW,OAAO,OAAO,OAAO,IAAI,OAAO,OAAO;AAAA,MACzD;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,2BAA2B,MAAsC;AACxE,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aACE;AAAA,IAEF;AAAA,IACA,aAAa,EAAE,UAAUA,GAAE,OAAO,GAAG,SAASA,GAAE,QAAQ,EAAE,SAAS,EAAE;AAAA,IACrE,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,YAAY,KAAK,WAAW,OAAO,KAAK,YAAY,IAAI;AAC9D,YAAM,SAAS,MAAM,IAAI;AAAA,QACvB,KAAK;AAAA,QACL;AAAA,MACF,EAAE,QAAQ,SAAS,WAAW,OAAO,KAAK,QAAQ,CAAC,CAAC;AACpD,UAAI,CAAC,OAAO,eAAe,OAAO,WAAW,QAAW;AACtD,eAAO;AAAA,UACL,oBAAoB,OAAO,UAAU,gBAAgB;AAAA,QACvD;AAAA,MACF;AACA,aAAO,WAAW,eAAe,OAAO,OAAO,OAAO,CAAC,EAAE;AAAA,IAC3D;AAAA,EACF;AACF;AAEO,SAAS,iBAAiB,MAAwC;AACvE,SAAO;AAAA,IACL,gBAAgB,IAAI;AAAA,IACpB,cAAc,IAAI;AAAA,IAClB,oBAAoB,IAAI;AAAA,IACxB,2BAA2B,IAAI;AAAA,EACjC;AACF;;;AKlHO,IAAM,uBAAN,MAAgD;AAAA,EACrD,YAA6B,QAAqB;AAArB;AAAA,EAAsB;AAAA,EAAtB;AAAA,EAE7B,MAAM,QAAQ,WAAmD;AAC/D,UAAM,WAAW,MAAM,KAAK,OAAO;AAAA,MACjC,SAAS,UAAU,SAAS;AAAA,MAC5B,iBAAiB;AAAA,QACf,MAAM;AAAA,QACN,YAAY;AAAA,UACV,SAAS;AAAA,YACP,MAAM;AAAA,YACN,OAAO;AAAA,YACP,aAAa;AAAA,UACf;AAAA,QACF;AAAA,QACA,UAAU,CAAC,SAAS;AAAA,MACtB;AAAA,IACF,CAAC;AACD,WAAO,SAAS,WAAW,YAAY,SAAS,SAAS,YAAY;AAAA,EACvE;AACF;;;ACrCO,IAAM,iBAAN,MAA0C;AAAA,EAC/C,YAA6B,UAAmB;AAAnB;AAAA,EAAoB;AAAA,EAApB;AAAA,EAE7B,UAA4B;AAC1B,WAAO,QAAQ,QAAQ,KAAK,QAAQ;AAAA,EACtC;AACF;;;ACMO,IAAM,sBAAN,MAAsD;AAAA,EAC3D,YAA6B,QAAmB;AAAnB;AAAA,EAAoB;AAAA,EAApB;AAAA,EAE7B,OAAO,iBAAqC;AAC1C,UAAM,eAAe,KAAK,OAAO,OAAO,sBAAsB;AAC9D,QAAI,cAAc,gBAAgB,QAAW;AAC3C,aAAO,IAAI;AAAA,QACT,CAAC,YACC,KAAK,OAAO,OAAO;AAAA,UACjB;AAAA,QAGF;AAAA,MACJ;AAAA,IACF;AACA,WAAO,IAAI,eAAe,eAAe;AAAA,EAC3C;AACF;;;ACnCA,SAAS,KAAAC,UAAS;;;ACGX,IAAM,wBAAN,MAA4B;AAAA,EACjC,YAA6B,QAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA,EAE7B,QAAQ,OAA0C;AAChD,WAAO,KAAK,OAAO,YAAY,KAAK;AAAA,EACtC;AACF;;;ACNO,IAAM,wBAAN,MAA4B;AAAA,EACjC,YAA6B,QAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA,EAE7B,QAAQ,OAA0C;AAChD,WAAO,KAAK,OAAO,YAAY,KAAK;AAAA,EACtC;AACF;;;ACPO,IAAM,wBAAN,MAA4B;AAAA,EACjC,YAA6B,OAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA,EAE7B,UAA4C;AAC1C,WAAO,KAAK,MAAM,eAAe;AAAA,EACnC;AACF;;;ACNO,IAAM,uBAAN,MAA2B;AAAA,EAChC,YAA6B,OAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA,EAE7B,UAA4C;AAC1C,WAAO,KAAK,MAAM,WAAW;AAAA,EAC/B;AACF;;;AJSA,IAAM,eAAe;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,mBAAmB;AAAA,EACvB,cAAc;AAAA,EACd,iBAAiB;AAAA,EACjB,gBAAgB;AAClB;AAEA,SAAS,KACP,QACA,MACyB;AACzB,QAAM,MAA+B,CAAC;AACtC,aAAW,OAAO,MAAM;AACtB,QAAI,OAAO,QAAQ;AACjB,UAAI,GAAG,IAAI,OAAO,GAAG;AAAA,IACvB;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,cAAc,MAAwD;AAC7E,QAAM,aAAa,KAAK;AACxB,QAAM,UACJ,OAAO,eAAe,YACtB,eAAe,QACf,aAAa,aACR,WAAuC,UACxC;AACN,SAAO,EAAE,iBAAiB,QAAQ;AACpC;AAEA,SAAS,WAAW,MAA2C;AAC7D,QAAM,QAAuD;AAAA,IAC3D,KAAK,OAAO,KAAK,QAAQ,WAAW,KAAK,MAAM;AAAA,EACjD;AACA,MAAI,OAAO,KAAK,SAAS,UAAU;AACjC,UAAM,OAAO,KAAK;AAAA,EACpB;AACA,MAAI,OAAO,KAAK,SAAS,UAAU;AACjC,UAAM,OAAO,KAAK;AAAA,EACpB;AACA,SAAO;AACT;AAEA,SAAS,gBAAgB,MAA0C;AACjE,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa;AAAA,MACX,KAAKC,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,MAC/C,MAAMA,GAAE,OAAO,EAAE,SAAS;AAAA,MAC1B,MAAMA,GAAE,OAAO,EAAE,SAAS;AAAA,IAC5B;AAAA,IACA,aAAa;AAAA,IACb,MAAM,QAAQ,MAAM;AAClB,YAAM,SAAS,MAAM,IAAI,sBAAsB,KAAK,QAAQ,EAAE;AAAA,QAC5D,WAAW,IAAI;AAAA,MACjB;AACA,aAAO,WAAW,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAAA,IACnD;AAAA,EACF;AACF;AAEA,SAAS,gBAAgB,MAA0C;AACjE,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,EAAE,KAAKA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS,EAAE;AAAA,IAChE,aAAa;AAAA,IACb,MAAM,QAAQ,MAAM;AAClB,YAAM,SAAS,MAAM,IAAI,sBAAsB,KAAK,QAAQ,EAAE;AAAA,QAC5D,WAAW,IAAI;AAAA,MACjB;AACA,aAAO,WAAW,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAAA,IACnD;AAAA,EACF;AACF;AAEA,SAAS,gBAAgB,MAA0C;AACjE,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,CAAC;AAAA,IACd,aAAa;AAAA,IACb,MAAM,UAAU;AACd,YAAM,SAAS,MAAM,IAAI,sBAAsB,KAAK,SAAS,EAAE,QAAQ;AACvE,aAAO,WAAW,KAAK,UAAU,KAAK,QAAQ,YAAY,GAAG,MAAM,CAAC,CAAC;AAAA,IACvE;AAAA,EACF;AACF;AAEA,SAAS,eAAe,MAA0C;AAChE,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,CAAC;AAAA,IACd,aAAa;AAAA,IACb,MAAM,UAAU;AACd,YAAM,OAAO,MAAM,IAAI,qBAAqB,KAAK,SAAS,EAAE,QAAQ;AACpE,aAAO,WAAW,KAAK,UAAU,cAAc,IAAI,GAAG,MAAM,CAAC,CAAC;AAAA,IAChE;AAAA,EACF;AACF;AAEO,SAAS,qBACd,MACkB;AAClB,SAAO;AAAA,IACL,gBAAgB,IAAI;AAAA,IACpB,gBAAgB,IAAI;AAAA,IACpB,gBAAgB,IAAI;AAAA,IACpB,eAAe,IAAI;AAAA,EACrB;AACF;;;AKvJA,SAAS,KAAAC,UAAS;;;ACIX,IAAM,+BAAN,MAAmC;AAAA,EACxC,YAA6B,YAAkC;AAAlC;AAAA,EAAmC;AAAA,EAAnC;AAAA,EAE7B,QAAQ,IAAqD;AAC3D,WAAO,KAAK,WAAW,KAAK,EAAE;AAAA,EAChC;AACF;;;ACPO,IAAM,iCAAN,MAAqC;AAAA,EAC1C,YAA6B,YAAkC;AAAlC;AAAA,EAAmC;AAAA,EAAnC;AAAA,EAE7B,UAAyC;AACvC,WAAO,KAAK,WAAW,KAAK;AAAA,EAC9B;AACF;;;ACGO,IAAM,wBAAN,MAA4B;AAAA,EACjC,YAA6B,YAAkC;AAAlC;AAAA,EAAmC;AAAA,EAAnC;AAAA,EAE7B,QAAQ,OAAiD;AACvD,WAAO,KAAK,WAAW,KAAK,MAAM,IAAI,MAAM,IAAI;AAAA,EAClD;AACF;;;AHHA,SAAS,kBACP,UACyB;AACzB,SAAO;AAAA,IACL,IAAI,SAAS,GAAG,SAAS;AAAA,IACzB,MAAM,SAAS;AAAA,IACf,YAAY,SAAS;AAAA,EACvB;AACF;AAEA,SAAS,mBAAmB,MAA0C;AACpE,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,CAAC;AAAA,IACd,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,UAAU;AACd,YAAM,YAAY,MAAM,IAAI;AAAA,QAC1B,KAAK;AAAA,MACP,EAAE,QAAQ;AACV,aAAO;AAAA,QACL,KAAK,UAAU,UAAU,IAAI,iBAAiB,GAAG,MAAM,CAAC;AAAA,MAC1D;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,kBAAkB,MAA0C;AACnE,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,EAAE,IAAIC,GAAE,OAAO,EAAE;AAAA,IAC9B,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,WAAW,MAAM,IAAI;AAAA,QACzB,KAAK;AAAA,MACP,EAAE,QAAQ,YAAY,WAAW,OAAO,KAAK,EAAE,CAAC,CAAC;AACjD,aAAO;AAAA,QACL,aAAa,OACT,mCACA,KAAK,UAAU,kBAAkB,QAAQ,GAAG,MAAM,CAAC;AAAA,MACzD;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,mBAAmB,MAA0C;AACpE,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aACE;AAAA,IACF;AAAA,IACA,aAAa;AAAA,MACX,IAAIA,GAAE,OAAO;AAAA,MACb,MAAMA,GAAE,KAAK,CAAC,QAAQ,SAAS,CAAC,EAAE,SAAS;AAAA,IAC7C;AAAA,IACA,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,OAAO,KAAK,SAAS,SAAS,SAAS;AAC7C,YAAM,SAAS,MAAM,IAAI;AAAA,QACvB,KAAK;AAAA,MACP,EAAE,QAAQ,EAAE,IAAI,YAAY,WAAW,OAAO,KAAK,EAAE,CAAC,GAAG,KAAK,CAAC;AAC/D,aAAO,WAAW,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAAA,IACnD;AAAA,EACF;AACF;AAEO,SAAS,qBACd,MACkB;AAClB,SAAO;AAAA,IACL,mBAAmB,IAAI;AAAA,IACvB,kBAAkB,IAAI;AAAA,IACtB,mBAAmB,IAAI;AAAA,EACzB;AACF;;;AI3GA,SAAS,KAAAC,UAAS;;;ACSX,IAAM,wBAAN,MAA4B;AAAA,EACjC,YAA6B,QAAyB;AAAzB;AAAA,EAA0B;AAAA,EAA1B;AAAA,EAE7B,QAAQ,OAA2C;AACjD,WAAO,KAAK,OAAO,UAAU,MAAM,SAAS,MAAM,MAAM;AAAA,EAC1D;AACF;;;ACAO,IAAM,yBAAN,MAA6B;AAAA,EAClC,YACmB,OACA,QACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,MAAM,QAAQ,OAA6D;AACzE,UAAM,OAAO,MAAM,KAAK,MAAM,cAAc,MAAM,IAAI;AACtD,QAAI,SAAS,MAAM;AACjB,aAAO,EAAE,UAAU,OAAO,QAAQ,iBAAiB;AAAA,IACrD;AACA,UAAM,KAAK,OAAO,gBAAgB,MAAM,SAAS,IAAI;AACrD,WAAO,EAAE,UAAU,KAAK;AAAA,EAC1B;AACF;;;AC1BO,IAAM,qBAAN,MAAyB;AAAA,EAC9B,YAA6B,QAAyB;AAAzB;AAAA,EAA0B;AAAA,EAA1B;AAAA,EAE7B,QAAQ,MAAgC;AACtC,WAAO,KAAK,OAAO,OAAO,IAAI;AAAA,EAChC;AACF;;;ACCO,IAAM,qBAAN,MAAyB;AAAA,EAC9B,YACmB,QACA,WACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,MAAM,QAAQ,IAAyC;AACrD,UAAM,YAAY,qBAAqB;AAAA,MACrC,gBAAgB,GAAG,SAAS,CAAC;AAAA,MAC7B;AAAA,IAEF;AACA,QAAI,CAAE,MAAM,KAAK,UAAU,QAAQ,SAAS,GAAI;AAC9C,aAAO,EAAE,SAAS,OAAO,QAAQ,0BAA0B;AAAA,IAC7D;AACA,UAAM,KAAK,OAAO,OAAO,EAAE;AAC3B,WAAO,EAAE,SAAS,KAAK;AAAA,EACzB;AACF;;;ACxBO,IAAM,0BAAN,MAA8B;AAAA,EACnC,YAA6B,QAAyB;AAAzB;AAAA,EAA0B;AAAA,EAA1B;AAAA,EAE7B,QAAQ,SAAmC;AACzC,WAAO,KAAK,OAAO,QAAQ,OAAO;AAAA,EACpC;AACF;;;ACPO,IAAM,oBAAN,MAAwB;AAAA,EAC7B,YAA6B,QAAyB;AAAzB;AAAA,EAA0B;AAAA,EAA1B;AAAA,EAE7B,UAA4B;AAC1B,WAAO,KAAK,OAAO,KAAK;AAAA,EAC1B;AACF;;;ACLO,IAAM,wBAAN,MAA4B;AAAA,EACjC,YAA6B,QAAyB;AAAzB;AAAA,EAA0B;AAAA,EAA1B;AAAA,EAE7B,QAAQ,QAAkC;AACxC,WAAO,KAAK,OAAO,WAAW,MAAM;AAAA,EACtC;AACF;;;ACMO,IAAM,2BAAN,MAA+B;AAAA,EACpC,YACmB,QACA,WACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,MAAM,QACJ,OACkC;AAClC,UAAM,YAAY,qBAAqB;AAAA,MACrC,eAAe,MAAM,OAAO,SAAS,CAAC,eAAe,MAAM,QAAQ,SAAS,CAAC;AAAA,MAC7E;AAAA,IACF;AACA,QAAI,CAAE,MAAM,KAAK,UAAU,QAAQ,SAAS,GAAI;AAC9C,aAAO,EAAE,SAAS,OAAO,QAAQ,0BAA0B;AAAA,IAC7D;AACA,UAAM,KAAK,OAAO,aAAa,MAAM,SAAS,MAAM,MAAM;AAC1D,WAAO,EAAE,SAAS,KAAK;AAAA,EACzB;AACF;;;ARPA,SAAS,eAAe,OAAuC;AAC7D,SAAO;AAAA,IACL,IAAI,MAAM,GAAG,SAAS;AAAA,IACtB,MAAM,MAAM,KAAK,SAAS;AAAA,IAC1B,MAAM,MAAM;AAAA,EACd;AACF;AAEA,SAAS,cAAc,MAAqC;AAC1D,SAAO;AAAA,IACL,IAAI,KAAK,GAAG,SAAS;AAAA,IACrB,UAAU,KAAK,SAAS,SAAS;AAAA,IACjC,OAAO,KAAK,OAAO,SAAS,KAAK;AAAA,IACjC,SAAS,KAAK;AAAA,EAChB;AACF;AAEA,SAAS,eAAe,MAAqC;AAC3D,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,CAAC;AAAA,IACd,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,UAAU;AACd,YAAM,SAAS,MAAM,IAAI;AAAA,QACvB,KAAK;AAAA,MACP,EAAE,QAAQ;AACV,aAAO,WAAW,KAAK,UAAU,OAAO,IAAI,cAAc,GAAG,MAAM,CAAC,CAAC;AAAA,IACvE;AAAA,EACF;AACF;AAEA,SAAS,gBAAgB,MAAqC;AAC5D,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,EAAE,MAAMC,GAAE,OAAO,EAAE;AAAA,IAChC,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,IAAI,mBAAmB,KAAK,eAAe,EAAE;AAAA,QACjD,UAAU,WAAW,OAAO,KAAK,IAAI,CAAC;AAAA,MACxC;AACA,aAAO,WAAW,UAAU,OAAO,KAAK,IAAI,CAAC,YAAY;AAAA,IAC3D;AAAA,EACF;AACF;AAEA,SAAS,mBAAmB,MAAqC;AAC/D,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,EAAE,SAASA,GAAE,OAAO,GAAG,QAAQA,GAAE,OAAO,EAAE;AAAA,IACvD,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,IAAI,sBAAsB,KAAK,eAAe,EAAE,QAAQ;AAAA,QAC5D,SAAS,QAAQ,WAAW,OAAO,KAAK,OAAO,CAAC;AAAA,QAChD,QAAQ,OAAO,WAAW,OAAO,KAAK,MAAM,CAAC;AAAA,MAC/C,CAAC;AACD,aAAO,WAAW,sBAAsB;AAAA,IAC1C;AAAA,EACF;AACF;AAEA,SAAS,sBAAsB,MAAqC;AAClE,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa;AAAA,MACX,SAASA,GAAE,OAAO;AAAA,MAClB,QAAQA,GAAE,OAAO;AAAA,MACjB,SAASA,GAAE,QAAQ,EAAE,SAAS;AAAA,IAChC;AAAA,IACA,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,YAAY,KAAK,WAAW,OAAO,KAAK,YAAY,IAAI;AAC9D,YAAM,SAAS,MAAM,IAAI;AAAA,QACvB,KAAK;AAAA,QACL;AAAA,MACF,EAAE,QAAQ;AAAA,QACR,SAAS,QAAQ,WAAW,OAAO,KAAK,OAAO,CAAC;AAAA,QAChD,QAAQ,OAAO,WAAW,OAAO,KAAK,MAAM,CAAC;AAAA,MAC/C,CAAC;AACD,aAAO;AAAA,QACL,OAAO,UACH,6BACA,gBAAgB,OAAO,UAAU,gBAAgB;AAAA,MACvD;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,gBAAgB,MAAqC;AAC5D,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,EAAE,IAAIA,GAAE,OAAO,GAAG,SAASA,GAAE,QAAQ,EAAE,SAAS,EAAE;AAAA,IAC/D,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,YAAY,KAAK,WAAW,OAAO,KAAK,YAAY,IAAI;AAC9D,YAAM,SAAS,MAAM,IAAI;AAAA,QACvB,KAAK;AAAA,QACL;AAAA,MACF,EAAE,QAAQ,QAAQ,WAAW,OAAO,KAAK,EAAE,CAAC,CAAC;AAC7C,aAAO;AAAA,QACL,OAAO,UACH,mBACA,gBAAgB,OAAO,UAAU,gBAAgB;AAAA,MACvD;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,oBAAoB,MAAqC;AAChE,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,EAAE,SAASA,GAAE,OAAO,GAAG,MAAMA,GAAE,OAAO,EAAE;AAAA,IACrD,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,SAAS,MAAM,IAAI;AAAA,QACvB,KAAK;AAAA,QACL,KAAK;AAAA,MACP,EAAE,QAAQ;AAAA,QACR,SAAS,QAAQ,WAAW,OAAO,KAAK,OAAO,CAAC;AAAA,QAChD,MAAM,SAAS,WAAW,OAAO,KAAK,IAAI,CAAC;AAAA,MAC7C,CAAC;AACD,aAAO;AAAA,QACL,OAAO,WACH,SAAS,OAAO,KAAK,IAAI,CAAC,yBAC1B,iBAAiB,OAAO,UAAU,gBAAgB;AAAA,MACxD;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,qBAAqB,MAAqC;AACjE,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,EAAE,SAASA,GAAE,OAAO,EAAE;AAAA,IACnC,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,UAAU,MAAM,IAAI;AAAA,QACxB,KAAK;AAAA,MACP,EAAE,QAAQ,QAAQ,WAAW,OAAO,KAAK,OAAO,CAAC,CAAC;AAClD,aAAO,WAAW,KAAK,UAAU,QAAQ,IAAI,aAAa,GAAG,MAAM,CAAC,CAAC;AAAA,IACvE;AAAA,EACF;AACF;AAEA,SAAS,mBAAmB,MAAqC;AAC/D,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,EAAE,QAAQA,GAAE,OAAO,EAAE;AAAA,IAClC,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,SAAS,MAAM,IAAI;AAAA,QACvB,KAAK;AAAA,MACP,EAAE,QAAQ,OAAO,WAAW,OAAO,KAAK,MAAM,CAAC,CAAC;AAChD,aAAO,WAAW,KAAK,UAAU,OAAO,IAAI,cAAc,GAAG,MAAM,CAAC,CAAC;AAAA,IACvE;AAAA,EACF;AACF;AAEO,SAAS,gBAAgB,MAAuC;AACrE,SAAO;AAAA,IACL,eAAe,IAAI;AAAA,IACnB,qBAAqB,IAAI;AAAA,IACzB,mBAAmB,IAAI;AAAA,IACvB,gBAAgB,IAAI;AAAA,IACpB,mBAAmB,IAAI;AAAA,IACvB,oBAAoB,IAAI;AAAA,IACxB,sBAAsB,IAAI;AAAA,IAC1B,gBAAgB,IAAI;AAAA,EACtB;AACF;;;AS5PA,SAAS,KAAAC,UAAS;;;ACGX,IAAM,gCAAN,MAAoC;AAAA,EACzC,YAA6B,MAAkC;AAAlC;AAAA,EAAmC;AAAA,EAAnC;AAAA,EAE7B,QAAQ,KAAyC;AAC/C,WAAO,KAAK,KAAK,OAAO,GAAG;AAAA,EAC7B;AACF;;;ACCO,IAAM,gCAAN,MAAoC;AAAA,EACzC,YACmB,MACA,WACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,MAAM,QAAQ,OAAwD;AACpE,UAAM,YAAY,qBAAqB;AAAA,MACrC,4BAA4B,MAAM,SAAS,CAAC;AAAA,MAC5C;AAAA,IAEF;AACA,QAAI,CAAE,MAAM,KAAK,UAAU,QAAQ,SAAS,GAAI;AAC9C,aAAO,EAAE,SAAS,OAAO,QAAQ,0BAA0B;AAAA,IAC7D;AACA,UAAM,KAAK,KAAK,OAAO,KAAK;AAC5B,WAAO,EAAE,SAAS,KAAK;AAAA,EACzB;AACF;;;ACxBO,IAAM,6BAAN,MAAiC;AAAA,EACtC,YAA6B,MAAkC;AAAlC;AAAA,EAAmC;AAAA,EAAnC;AAAA,EAE7B,QAAQ,OAAmD;AACzD,WAAO,KAAK,KAAK,KAAK,KAAK;AAAA,EAC7B;AACF;;;ACPO,IAAM,+BAAN,MAAmC;AAAA,EACxC,YAA6B,MAAkC;AAAlC;AAAA,EAAmC;AAAA,EAAnC;AAAA,EAE7B,UAAuC;AACrC,WAAO,KAAK,KAAK,KAAK;AAAA,EACxB;AACF;;;ACLO,IAAM,wBAAN,MAA4B;AAAA,EACjC,YAA6B,MAAkC;AAAlC;AAAA,EAAmC;AAAA,EAAnC;AAAA,EAE7B,QAAQ,OAAuC;AAC7C,WAAO,KAAK,KAAK,YAAY,KAAK;AAAA,EACpC;AACF;;;ALSA,SAAS,aAAa,KAAgD;AACpE,SAAO;AAAA,IACL,OAAO,IAAI,MAAM,SAAS;AAAA,IAC1B,YAAY,IAAI;AAAA,IAChB,SAAS,IAAI;AAAA,IACb,aAAa,IAAI;AAAA,EACnB;AACF;AAEA,SAAS,WAAW,OAAwC;AAC1D,QAAM,SAAiC,CAAC;AACxC,MAAI,UAAU,QAAQ,OAAO,UAAU,UAAU;AAC/C,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO;AAAA,MAChC;AAAA,IACF,GAAG;AACD,UAAI,OAAO,UAAU,UAAU;AAC7B,eAAO,GAAG,IAAI;AAAA,MAChB;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,aAAa,MAAmC;AACvD,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,CAAC;AAAA,IACd,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,UAAU;AACd,YAAM,OAAO,MAAM,IAAI;AAAA,QACrB,KAAK;AAAA,MACP,EAAE,QAAQ;AACV,aAAO,WAAW,KAAK,UAAU,KAAK,IAAI,YAAY,GAAG,MAAM,CAAC,CAAC;AAAA,IACnE;AAAA,EACF;AACF;AAEA,SAAS,WAAW,MAAmC;AACrD,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,EAAE,OAAOC,GAAE,OAAO,EAAE;AAAA,IACjC,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,MAAM,MAAM,IAAI;AAAA,QACpB,KAAK;AAAA,MACP,EAAE,QAAQ,SAAS,WAAW,OAAO,KAAK,KAAK,CAAC,CAAC;AACjD,aAAO;AAAA,QACL,QAAQ,OACJ,iCACA,KAAK,UAAU,aAAa,GAAG,GAAG,MAAM,CAAC;AAAA,MAC/C;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,mBAAmB,MAAmC;AAC7D,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,EAAE,OAAOA,GAAE,OAAO,EAAE;AAAA,IACjC,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,UAAU,MAAM,IAAI;AAAA,QACxB,KAAK;AAAA,MACP,EAAE,QAAQ,SAAS,WAAW,OAAO,KAAK,KAAK,CAAC,CAAC;AACjD,aAAO,WAAW,KAAK,UAAU,SAAS,MAAM,CAAC,CAAC;AAAA,IACpD;AAAA,EACF;AACF;AAEA,SAAS,cAAc,MAAmC;AACxD,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aACE;AAAA,IAEF;AAAA,IACA,aAAa;AAAA,MACX,OAAOA,GAAE,OAAO;AAAA,MAChB,YAAYA,GAAE,OAAO;AAAA,MACrB,SAASA,GAAE,QAAQ,EAAE,SAAS;AAAA,MAC9B,QAAQA,GAAE,OAAOA,GAAE,OAAO,GAAGA,GAAE,OAAO,CAAC,EAAE,SAAS;AAAA,IACpD;AAAA,IACA,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,IAAI;AAAA,QACR,KAAK;AAAA,MACP,EAAE,QAAQ;AAAA,QACR,OAAO,SAAS,WAAW,OAAO,KAAK,KAAK,CAAC;AAAA,QAC7C,YAAY,OAAO,KAAK,UAAU;AAAA,QAClC,SAAS,KAAK,YAAY;AAAA,QAC1B,QAAQ,WAAW,KAAK,MAAM;AAAA,MAChC,CAAC;AACD,aAAO,WAAW,sBAAsB,OAAO,KAAK,KAAK,CAAC,YAAY;AAAA,IACxE;AAAA,EACF;AACF;AAEA,SAAS,cAAc,MAAmC;AACxD,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,EAAE,OAAOA,GAAE,OAAO,GAAG,SAASA,GAAE,QAAQ,EAAE,SAAS,EAAE;AAAA,IAClE,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,YAAY,KAAK,WAAW,OAAO,KAAK,YAAY,IAAI;AAC9D,YAAM,SAAS,MAAM,IAAI;AAAA,QACvB,KAAK;AAAA,QACL;AAAA,MACF,EAAE,QAAQ,SAAS,WAAW,OAAO,KAAK,KAAK,CAAC,CAAC;AACjD,aAAO;AAAA,QACL,OAAO,UACH,sBAAsB,OAAO,KAAK,KAAK,CAAC,eACxC,gBAAgB,OAAO,UAAU,gBAAgB;AAAA,MACvD;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,cAAc,MAAqC;AACjE,SAAO;AAAA,IACL,aAAa,IAAI;AAAA,IACjB,WAAW,IAAI;AAAA,IACf,mBAAmB,IAAI;AAAA,IACvB,cAAc,IAAI;AAAA,IAClB,cAAc,IAAI;AAAA,EACpB;AACF;;;AMjLA,SAAS,KAAAC,WAAS;;;ACcX,IAAM,wBAAN,MAA4B;AAAA,EACjC,YAA6B,OAAuB;AAAvB;AAAA,EAAwB;AAAA,EAAxB;AAAA,EAE7B,MAAM,QAAQ,OAA2D;AACvE,UAAM,OAAO,MAAM,KAAK,MAAM,cAAc,MAAM,IAAI;AACtD,QAAI,SAAS,MAAM;AACjB,aAAO,EAAE,UAAU,OAAO,QAAQ,iBAAiB;AAAA,IACrD;AACA,UAAM,KAAK,MAAM,gBAAgB,MAAM,QAAQ,IAAI;AACnD,WAAO,EAAE,UAAU,KAAK;AAAA,EAC1B;AACF;;;ACrBO,IAAM,sBAAN,MAA0B;AAAA,EAC/B,YAA6B,OAAuB;AAAvB;AAAA,EAAwB;AAAA,EAAxB;AAAA,EAE7B,QAAQ,QAAiC;AACvC,WAAO,KAAK,MAAM,mBAAmB,MAAM;AAAA,EAC7C;AACF;;;ACPO,IAAM,wBAAN,MAA4B;AAAA,EACjC,YAA6B,OAAuB;AAAvB;AAAA,EAAwB;AAAA,EAAxB;AAAA,EAE7B,UAA2B;AACzB,WAAO,KAAK,MAAM,eAAe;AAAA,EACnC;AACF;;;ACOO,IAAM,0BAAN,MAA8B;AAAA,EACnC,YACmB,OACA,WACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,MAAM,QAAQ,OAA+D;AAC3E,UAAM,OAAO,MAAM,KAAK,MAAM,cAAc,MAAM,IAAI;AACtD,QAAI,SAAS,MAAM;AACjB,aAAO,EAAE,SAAS,OAAO,QAAQ,iBAAiB;AAAA,IACpD;AAEA,UAAM,YAAY,qBAAqB;AAAA,MACrC,eAAe,KAAK,KAAK,SAAS,CAAC,cAAc,MAAM,OAAO,SAAS,CAAC;AAAA,MACxE;AAAA,IACF;AACA,QAAI,CAAE,MAAM,KAAK,UAAU,QAAQ,SAAS,GAAI;AAC9C,aAAO,EAAE,SAAS,OAAO,QAAQ,0BAA0B;AAAA,IAC7D;AAEA,UAAM,KAAK,MAAM,gBAAgB,MAAM,QAAQ,IAAI;AACnD,WAAO,EAAE,SAAS,KAAK;AAAA,EACzB;AACF;;;AJpBA,SAAS,cAAc,MAAqC;AAC1D,SAAO;AAAA,IACL,IAAI,KAAK;AAAA,IACT,MAAM,KAAK,KAAK,SAAS;AAAA,IACzB,aAAa,KAAK;AAAA,EACpB;AACF;AAEA,SAAS,mBAAmB,MAAoC;AAC9D,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,CAAC;AAAA,IACd,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,UAAU;AACd,YAAM,QAAQ,MAAM,IAAI;AAAA,QACtB,KAAK;AAAA,MACP,EAAE,QAAQ;AACV,aAAO,WAAW,KAAK,UAAU,MAAM,IAAI,aAAa,GAAG,MAAM,CAAC,CAAC;AAAA,IACrE;AAAA,EACF;AACF;AAEA,SAAS,iBAAiB,MAAoC;AAC5D,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,EAAE,QAAQC,IAAE,OAAO,EAAE;AAAA,IAClC,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,QAAQ,MAAM,IAAI,oBAAoB,KAAK,cAAc,EAAE;AAAA,QAC/D,OAAO,WAAW,OAAO,KAAK,MAAM,CAAC;AAAA,MACvC;AACA,aAAO,WAAW,KAAK,UAAU,MAAM,IAAI,aAAa,GAAG,MAAM,CAAC,CAAC;AAAA,IACrE;AAAA,EACF;AACF;AAEA,SAAS,mBAAmB,MAAoC;AAC9D,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,EAAE,QAAQA,IAAE,OAAO,GAAG,MAAMA,IAAE,OAAO,EAAE;AAAA,IACpD,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,SAAS,MAAM,IAAI;AAAA,QACvB,KAAK;AAAA,MACP,EAAE,QAAQ;AAAA,QACR,QAAQ,OAAO,WAAW,OAAO,KAAK,MAAM,CAAC;AAAA,QAC7C,MAAM,SAAS,WAAW,OAAO,KAAK,IAAI,CAAC;AAAA,MAC7C,CAAC;AACD,aAAO;AAAA,QACL,OAAO,WACH,SAAS,OAAO,KAAK,IAAI,CAAC,gBAC1B,iBAAiB,OAAO,UAAU,gBAAgB;AAAA,MACxD;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,qBAAqB,MAAoC;AAChE,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa;AAAA,MACX,QAAQA,IAAE,OAAO;AAAA,MACjB,MAAMA,IAAE,OAAO;AAAA,MACf,SAASA,IAAE,QAAQ,EAAE,SAAS;AAAA,IAChC;AAAA,IACA,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,YAAY,KAAK,WAAW,OAAO,KAAK,YAAY,IAAI;AAC9D,YAAM,SAAS,MAAM,IAAI;AAAA,QACvB,KAAK;AAAA,QACL;AAAA,MACF,EAAE,QAAQ;AAAA,QACR,QAAQ,OAAO,WAAW,OAAO,KAAK,MAAM,CAAC;AAAA,QAC7C,MAAM,SAAS,WAAW,OAAO,KAAK,IAAI,CAAC;AAAA,MAC7C,CAAC;AACD,aAAO;AAAA,QACL,OAAO,UACH,SAAS,OAAO,KAAK,IAAI,CAAC,eAC1B,gBAAgB,OAAO,UAAU,gBAAgB;AAAA,MACvD;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,eAAe,MAAsC;AACnE,SAAO;AAAA,IACL,mBAAmB,IAAI;AAAA,IACvB,iBAAiB,IAAI;AAAA,IACrB,mBAAmB,IAAI;AAAA,IACvB,qBAAqB,IAAI;AAAA,EAC3B;AACF;;;AKnIO,SAAS,YACd,aACA,QACkB;AAClB,SAAO,YAAY;AAAA,IACjB,CAAC,eAAe,CAAC,OAAO,UAAU,WAAW,KAAK;AAAA,EACpD;AACF;AAEO,SAAS,cACd,QACA,aACM;AACN,aAAW,cAAc,aAAa;AACpC,WAAO;AAAA,MACL,WAAW;AAAA,MACX;AAAA,QACE,OAAO,WAAW;AAAA,QAClB,aAAa,WAAW;AAAA,QACxB,aAAa,WAAW;AAAA,QACxB,aAAa,WAAW;AAAA,MAC1B;AAAA,MACA,CAAC,SACC,WAAW,QAAQ,IAAI,EAAE,KAAK,CAAC,YAAY,EAAE,GAAG,OAAO,EAAE;AAAA,IAC7D;AAAA,EACF;AACF;;;ACjCA,SAAS,KAAAC,WAAS;;;ACGX,IAAM,oBAAN,MAAwB;AAAA,EAC7B,YAA6B,OAAuB;AAAvB;AAAA,EAAwB;AAAA,EAAxB;AAAA,EAE7B,QAAQ,MAA8B;AACpC,WAAO,KAAK,MAAM,OAAO,IAAI;AAAA,EAC/B;AACF;;;ACQO,IAAM,oBAAN,MAAwB;AAAA,EAC7B,YACmB,OACA,WACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,MAAM,QAAQ,OAAmD;AAC/D,UAAM,OAAO,MAAM,KAAK,MAAM,SAAS,MAAM,EAAE;AAC/C,QAAI,SAAS,MAAM;AACjB,aAAO,EAAE,SAAS,OAAO,QAAQ,iBAAiB;AAAA,IACpD;AACA,QAAI,CAAC,KAAK,SAAS,OAAO,MAAM,QAAQ,GAAG;AACzC,aAAO;AAAA,QACL,SAAS;AAAA,QACT,QAAQ;AAAA,MACV;AAAA,IACF;AAEA,UAAM,WAAW,MAAM,KAAK,MAAM,oBAAoB,MAAM,EAAE;AAC9D,UAAM,QAAQ,KAAK,UAAU,OAAO,KAAK,KAAK,KAAK,MAAM,SAAS,CAAC;AACnE,UAAM,YAAY,qBAAqB;AAAA,MACrC,eAAe,KAAK,SAAS,SAAS,CAAC;AAAA,MACvC,kCAAkC,KAAK,gBAAgB,QAAQ;AAAA,IAEjE;AAEA,QAAI,CAAE,MAAM,KAAK,UAAU,QAAQ,SAAS,GAAI;AAC9C,aAAO,EAAE,SAAS,OAAO,QAAQ,0BAA0B;AAAA,IAC7D;AAEA,UAAM,KAAK,MAAM,OAAO,MAAM,EAAE;AAChC,WAAO,EAAE,SAAS,KAAK;AAAA,EACzB;AACF;;;AC9CO,IAAM,iBAAN,MAAqB;AAAA,EAC1B,YAA6B,OAAuB;AAAvB;AAAA,EAAwB;AAAA,EAAxB;AAAA,EAE7B,QAAQ,IAAkC;AACxC,WAAO,KAAK,MAAM,SAAS,EAAE;AAAA,EAC/B;AACF;;;ACNO,IAAM,0BAAN,MAA8B;AAAA,EACnC,YAA6B,OAAuB;AAAvB;AAAA,EAAwB;AAAA,EAAxB;AAAA,EAE7B,QAAQ,IAAoC;AAC1C,WAAO,KAAK,MAAM,aAAa,EAAE;AAAA,EACnC;AACF;;;ACIO,IAAM,oBAAN,MAAwB;AAAA,EAC7B,YACmB,OACA,WACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,MAAM,QAAQ,OAAmD;AAC/D,UAAM,OAAO,MAAM,KAAK,MAAM,SAAS,MAAM,EAAE;AAC/C,QAAI,SAAS,MAAM;AACjB,aAAO,EAAE,WAAW,OAAO,QAAQ,iBAAiB;AAAA,IACtD;AAEA,UAAM,WAAW,MAAM,KAAK,MAAM,oBAAoB,MAAM,EAAE;AAC9D,UAAM,YAAY,qBAAqB;AAAA,MACrC,WAAW,KAAK,SAAS,SAAS,CAAC;AAAA,MACnC,WAAW,OAAO,QAAQ,CAAC;AAAA,IAC7B;AACA,QAAI,CAAE,MAAM,KAAK,UAAU,QAAQ,SAAS,GAAI;AAC9C,aAAO,EAAE,WAAW,OAAO,QAAQ,0BAA0B;AAAA,IAC/D;AAEA,UAAM,KAAK,MAAM,OAAO,MAAM,EAAE;AAChC,WAAO,EAAE,WAAW,KAAK;AAAA,EAC3B;AACF;;;ACrBO,IAAM,2BAAN,MAA+B;AAAA,EACpC,YACmB,OACA,WACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,MAAM,QACJ,OACkC;AAClC,UAAM,OAAO,MAAM,KAAK,MAAM,SAAS,MAAM,EAAE;AAC/C,QAAI,SAAS,MAAM;AACjB,aAAO,EAAE,OAAO,OAAO,QAAQ,iBAAiB;AAAA,IAClD;AAEA,UAAM,YAAY,qBAAqB;AAAA,MACrC,sBAAsB,KAAK,SAAS,SAAS,CAAC;AAAA,MAC9C,iDACE,MAAM,YAAY,mDAAmD,EACvE;AAAA,IACF;AACA,QAAI,CAAE,MAAM,KAAK,UAAU,QAAQ,SAAS,GAAI;AAC9C,aAAO,EAAE,OAAO,OAAO,QAAQ,0BAA0B;AAAA,IAC3D;AAEA,UAAM,KAAK,MAAM,cAAc,MAAM,IAAI,MAAM,UAAU,MAAM,SAAS;AACxE,WAAO,EAAE,OAAO,KAAK;AAAA,EACvB;AACF;;;ACxCO,IAAM,qBAAN,MAAyB;AAAA,EAC9B,YAA6B,OAAuB;AAAvB;AAAA,EAAwB;AAAA,EAAxB;AAAA,EAE7B,QAAQ,UAA+C;AACrD,WAAO,KAAK,MAAM,OAAO,QAAQ;AAAA,EACnC;AACF;;;ACDO,IAAM,yBAAN,MAA6B;AAAA,EAClC,YAA6B,OAAuB;AAAvB;AAAA,EAAwB;AAAA,EAAxB;AAAA,EAE7B,QAAQ,OAA4C;AAClD,WAAO,KAAK,MAAM,iBAAiB,MAAM,IAAI,MAAM,OAAO;AAAA,EAC5D;AACF;;;ACPO,IAAM,wBAAN,MAA4B;AAAA,EACjC,YAA6B,OAAuB;AAAvB;AAAA,EAAwB;AAAA,EAAxB;AAAA,EAE7B,QAAQ,OAA2C;AACjD,WAAO,KAAK,MAAM,WAAW,MAAM,IAAI,MAAM,OAAO;AAAA,EACtD;AACF;;;ACLO,IAAM,oBAAN,MAAwB;AAAA,EAC7B,YAA6B,OAAuB;AAAvB;AAAA,EAAwB;AAAA,EAAxB;AAAA,EAE7B,QAAQ,OAAuC;AAC7C,WAAO,KAAK,MAAM,OAAO,MAAM,IAAI,MAAM,OAAO;AAAA,EAClD;AACF;;;ACfA,IAAM,UAAU;AAAA,EACd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAIO,IAAM,kBAAN,MAAM,iBAAgB;AAAA,EACnB,YAA6B,OAAyB;AAAzB;AAAA,EAA0B;AAAA,EAA1B;AAAA,EAErC,OAAO,WAAW,OAAgC;AAChD,UAAM,QAAQ,QAAQ,KAAK,CAAC,WAAW,WAAW,KAAK;AACvD,QAAI,UAAU,QAAW;AACvB,YAAM,IAAI,MAAM,8BAA8B,KAAK,EAAE;AAAA,IACvD;AACA,WAAO,IAAI,iBAAgB,KAAK;AAAA,EAClC;AAAA,EAEA,WAAmB;AACjB,WAAO,KAAK;AAAA,EACd;AACF;;;ACrBO,IAAM,WAAN,MAAM,UAAS;AAAA,EACZ,YAA6B,OAAe;AAAf;AAAA,EAAgB;AAAA,EAAhB;AAAA,EAErC,OAAO,WAAW,OAAyB;AACzC,WAAO,IAAI,UAAS,eAAe,OAAO,UAAU,CAAC;AAAA,EACvD;AAAA,EAEA,SAAiB;AACf,WAAO,KAAK;AAAA,EACd;AAAA;AAAA,EAGA,WAAmB;AACjB,WAAO;AAAA,EACT;AAAA,EAEA,SAAiB;AACf,WAAO;AAAA,EACT;AACF;;;AZUA,SAASC,eAAc,MAAqC;AAC1D,SAAO;AAAA,IACL,IAAI,KAAK,GAAG,SAAS;AAAA,IACrB,UAAU,KAAK,SAAS,SAAS;AAAA,IACjC,OAAO,KAAK,OAAO,SAAS,KAAK;AAAA,IACjC,SAAS,KAAK;AAAA,EAChB;AACF;AAEA,SAAS,cAAc,MAAmD;AACxE,QAAM,WAMF;AAAA,IACF,OAAO,OAAO,KAAK,UAAU,WAAW,KAAK,QAAQ;AAAA,IACrD,KAAK,OAAO,KAAK,QAAQ,WAAW,KAAK,MAAM;AAAA,EACjD;AACA,MAAI,OAAO,KAAK,UAAU,UAAU;AAClC,aAAS,QAAQ,MAAM,WAAW,KAAK,KAAK;AAAA,EAC9C;AACA,MAAI,OAAO,KAAK,aAAa,UAAU;AACrC,aAAS,WAAW,SAAS,WAAW,KAAK,QAAQ;AAAA,EACvD;AACA,MAAI,OAAO,KAAK,WAAW,UAAU;AACnC,aAAS,SAAS,KAAK;AAAA,EACzB;AACA,SAAO;AACT;AAEA,SAAS,gBAAgB,MAAoC;AAC3D,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa;AAAA,MACX,OAAOC,IAAE,OAAO,EAAE,SAAS;AAAA,MAC3B,UAAUA,IAAE,OAAO,EAAE,SAAS;AAAA,MAC9B,QAAQA,IAAE,OAAO,EAAE,SAAS;AAAA,MAC5B,OAAOA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,MACxC,KAAKA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,IACjD;AAAA,IACA,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,QAAQ,MAAM,IAAI,mBAAmB,KAAK,cAAc,EAAE;AAAA,QAC9D,cAAc,IAAI;AAAA,MACpB;AACA,aAAO,WAAW,KAAK,UAAU,MAAM,IAAID,cAAa,GAAG,MAAM,CAAC,CAAC;AAAA,IACrE;AAAA,EACF;AACF;AAEA,SAAS,YAAY,MAAoC;AACvD,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,EAAE,IAAIC,IAAE,OAAO,EAAE;AAAA,IAC9B,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,OAAO,MAAM,IAAI,eAAe,KAAK,cAAc,EAAE;AAAA,QACzD,OAAO,WAAW,OAAO,KAAK,EAAE,CAAC;AAAA,MACnC;AACA,aAAO;AAAA,QACL,SAAS,OACL,oBACA,KAAK,UAAUD,eAAc,IAAI,GAAG,MAAM,CAAC;AAAA,MACjD;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,eAAe,MAAoC;AAC1D,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa;AAAA,MACX,UAAUC,IAAE,OAAO;AAAA,MACnB,OAAOA,IAAE,OAAO,EAAE,SAAS;AAAA,MAC3B,SAASA,IAAE,QAAQ,EAAE,SAAS;AAAA,MAC9B,eAAeA,IAAE,QAAQ,EAAE,SAAS;AAAA,IACtC;AAAA,IACA,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,OAAgB;AAAA,QACpB,UAAU,SAAS,WAAW,OAAO,KAAK,QAAQ,CAAC;AAAA,QACnD,GAAI,OAAO,KAAK,UAAU,WACtB,EAAE,OAAO,MAAM,WAAW,KAAK,KAAK,EAAE,IACtC,CAAC;AAAA,QACL,SAAS,KAAK,YAAY;AAAA,QAC1B,eAAe,KAAK,kBAAkB;AAAA,MACxC;AACA,YAAM,IAAI,kBAAkB,KAAK,cAAc,EAAE,QAAQ,IAAI;AAC7D,aAAO,WAAW,SAAS,KAAK,SAAS,SAAS,CAAC,YAAY;AAAA,IACjE;AAAA,EACF;AACF;AAEA,SAAS,mBAAmB,MAAoC;AAC9D,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,EAAE,IAAIA,IAAE,OAAO,GAAG,SAASA,IAAE,QAAQ,EAAE;AAAA,IACpD,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,UAAU,KAAK,YAAY;AACjC,YAAM,IAAI,sBAAsB,KAAK,cAAc,EAAE,QAAQ;AAAA,QAC3D,IAAI,OAAO,WAAW,OAAO,KAAK,EAAE,CAAC;AAAA,QACrC;AAAA,MACF,CAAC;AACD,aAAO;AAAA,QACL,QAAQ,OAAO,KAAK,EAAE,CAAC,IAAI,UAAU,YAAY,UAAU;AAAA,MAC7D;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,oBAAoB,MAAoC;AAC/D,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aACE;AAAA,IACF;AAAA,IACA,aAAa,EAAE,IAAIA,IAAE,OAAO,GAAG,SAASA,IAAE,MAAMA,IAAE,OAAO,CAAC,EAAE;AAAA,IAC5D,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,MAAM,MAAM,QAAQ,KAAK,OAAO,IAAI,KAAK,UAAU,CAAC;AAC1D,YAAM,UAAU,IAAI;AAAA,QAAI,CAAC,WACvB,gBAAgB,WAAW,OAAO,MAAM,CAAC;AAAA,MAC3C;AACA,YAAM,IAAI,uBAAuB,KAAK,cAAc,EAAE,QAAQ;AAAA,QAC5D,IAAI,OAAO,WAAW,OAAO,KAAK,EAAE,CAAC;AAAA,QACrC;AAAA,MACF,CAAC;AACD,aAAO,WAAW,oBAAoB;AAAA,IACxC;AAAA,EACF;AACF;AAEA,SAAS,sBAAsB,MAAoC;AACjE,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa;AAAA,MACX,IAAIA,IAAE,OAAO;AAAA,MACb,UAAUA,IAAE,OAAO;AAAA,MACnB,WAAWA,IAAE,QAAQ,EAAE,SAAS;AAAA,MAChC,SAASA,IAAE,QAAQ,EAAE,SAAS;AAAA,IAChC;AAAA,IACA,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,YAAY,KAAK,WAAW,OAAO,KAAK,YAAY,IAAI;AAC9D,YAAM,SAAS,MAAM,IAAI;AAAA,QACvB,KAAK;AAAA,QACL;AAAA,MACF,EAAE,QAAQ;AAAA,QACR,IAAI,OAAO,WAAW,OAAO,KAAK,EAAE,CAAC;AAAA,QACrC,UAAU,SAAS,WAAW,OAAO,KAAK,QAAQ,CAAC;AAAA,QACnD,WAAW,KAAK,cAAc;AAAA,MAChC,CAAC;AACD,aAAO;AAAA,QACL,OAAO,QACH,oBACA,cAAc,OAAO,UAAU,gBAAgB;AAAA,MACrD;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,eAAe,MAAoC;AAC1D,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,EAAE,IAAIA,IAAE,OAAO,GAAG,SAASA,IAAE,QAAQ,EAAE,SAAS,EAAE;AAAA,IAC/D,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,YAAY,KAAK,WAAW,OAAO,KAAK,YAAY,IAAI;AAC9D,YAAM,SAAS,MAAM,IAAI;AAAA,QACvB,KAAK;AAAA,QACL;AAAA,MACF,EAAE,QAAQ,EAAE,IAAI,OAAO,WAAW,OAAO,KAAK,EAAE,CAAC,EAAE,CAAC;AACpD,aAAO;AAAA,QACL,OAAO,YACH,qBACA,mBAAmB,OAAO,UAAU,gBAAgB;AAAA,MAC1D;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,eAAe,MAAoC;AAC1D,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aACE;AAAA,IAEF;AAAA,IACA,aAAa;AAAA,MACX,IAAIA,IAAE,OAAO;AAAA,MACb,UAAUA,IAAE,OAAO;AAAA,MACnB,SAASA,IAAE,QAAQ,EAAE,SAAS;AAAA,IAChC;AAAA,IACA,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,YAAY,KAAK,WAAW,OAAO,KAAK,YAAY,IAAI;AAC9D,YAAM,SAAS,MAAM,IAAI;AAAA,QACvB,KAAK;AAAA,QACL;AAAA,MACF,EAAE,QAAQ;AAAA,QACR,IAAI,OAAO,WAAW,OAAO,KAAK,EAAE,CAAC;AAAA,QACrC,UAAU,SAAS,WAAW,OAAO,KAAK,QAAQ,CAAC;AAAA,MACrD,CAAC;AACD,UAAI,CAAC,OAAO,SAAS;AACnB,eAAO,WAAW,gBAAgB,OAAO,UAAU,gBAAgB,EAAE;AAAA,MACvE;AACA,aAAO,WAAW,SAAS,OAAO,KAAK,QAAQ,CAAC,YAAY;AAAA,IAC9D;AAAA,EACF;AACF;AAEA,SAAS,eAAe,MAAoC;AAC1D,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa;AAAA,MACX,IAAIA,IAAE,OAAO;AAAA,MACb,OAAOA,IAAE,OAAO,EAAE,SAAS;AAAA,MAC3B,WAAWA,IAAE,OAAO,EAAE,SAAS;AAAA,MAC/B,UAAUA,IAAE,OAAO,EAAE,SAAS;AAAA,MAC9B,SAASA,IAAE,QAAQ,EAAE,SAAS;AAAA,IAChC;AAAA,IACA,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,UAKF,CAAC;AACL,UAAI,OAAO,KAAK,UAAU,UAAU;AAClC,gBAAQ,QAAQ,MAAM,WAAW,KAAK,KAAK;AAAA,MAC7C;AACA,UAAI,OAAO,KAAK,cAAc,UAAU;AACtC,gBAAQ,YAAY,KAAK;AAAA,MAC3B;AACA,UAAI,OAAO,KAAK,aAAa,UAAU;AACrC,gBAAQ,WAAW,KAAK;AAAA,MAC1B;AACA,UAAI,OAAO,KAAK,YAAY,WAAW;AACrC,gBAAQ,UAAU,KAAK;AAAA,MACzB;AACA,YAAM,IAAI,kBAAkB,KAAK,cAAc,EAAE,QAAQ;AAAA,QACvD,IAAI,OAAO,WAAW,OAAO,KAAK,EAAE,CAAC;AAAA,QACrC;AAAA,MACF,CAAC;AACD,aAAO,WAAW,QAAQ,OAAO,KAAK,EAAE,CAAC,WAAW;AAAA,IACtD;AAAA,EACF;AACF;AAEA,SAAS,qBAAqB,MAAoC;AAChE,SAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb;AAAA,IACA,aAAa,EAAE,IAAIA,IAAE,OAAO,EAAE;AAAA,IAC9B,aAAa;AAAA,MACX,cAAc;AAAA,MACd,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ,MAAM;AAClB,YAAM,WAAW,MAAM,IAAI;AAAA,QACzB,KAAK;AAAA,MACP,EAAE,QAAQ,OAAO,WAAW,OAAO,KAAK,EAAE,CAAC,CAAC;AAC5C,aAAO,WAAW,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAAA,IACrD;AAAA,EACF;AACF;AAEO,SAAS,eAAe,MAAsC;AACnE,SAAO;AAAA,IACL,gBAAgB,IAAI;AAAA,IACpB,YAAY,IAAI;AAAA,IAChB,qBAAqB,IAAI;AAAA,IACzB,eAAe,IAAI;AAAA,IACnB,eAAe,IAAI;AAAA,IACnB,mBAAmB,IAAI;AAAA,IACvB,oBAAoB,IAAI;AAAA,IACxB,sBAAsB,IAAI;AAAA,IAC1B,eAAe,IAAI;AAAA,IACnB,eAAe,IAAI;AAAA,EACrB;AACF;;;A3FlVA,IAAM,YAAqB,CAAC,KAAK,SAAS,MAAM,KAAK,IAAI;AAEzD,SAAS,oBAAoB,QAAkC;AAC7D,MAAI,OAAO,KAAK,SAAS,mBAAmB;AAC1C,WAAO;AAAA,MACL;AAAA,QACE,SAAS,OAAO;AAAA,QAChB,OAAO,OAAO;AAAA,QACd,UAAU,OAAO,KAAK;AAAA,QACtB,cAAc,OAAO,KAAK;AAAA,MAC5B;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACA,SAAO;AAAA,IACL;AAAA,MACE,SAAS,OAAO;AAAA,MAChB,OAAO,OAAO,KAAK;AAAA,MACnB,UAAU,OAAO,KAAK;AAAA,MACtB,UAAU,OAAO,KAAK;AAAA,IACxB;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAEO,SAAS,aAAa,QAA8B;AACzD,oBAAkB;AAAA,IAChB,OAAO,cAAc,IAAI,CAAC,UAAU,UAAU,WAAW,KAAK,CAAC;AAAA,EACjE,EAAE,cAAc,UAAU,WAAW,OAAO,KAAK,CAAC;AAElD,QAAM,SAAS,IAAI,UAAU;AAAA,IAC3B,MAAM;AAAA,IACN,SAAS;AAAA,EACX,CAAC;AAED,QAAM,SAAS,oBAAoB,MAAM;AACzC,QAAM,SAAS,IAAI;AAAA,IACjB,EAAE,SAAS,OAAO,SAAS,OAAO,OAAO,MAAM;AAAA,IAC/C;AAAA,IACA;AAAA,EACF;AACA,QAAM,iBAAiB,IAAI,uBAAuB,MAAM;AACxD,QAAM,iBAAiB,IAAI,uBAAuB,MAAM;AACxD,QAAM,mBAAmB,IAAI,yBAAyB,MAAM;AAC5D,QAAM,wBAAwB,IAAI,8BAA8B,MAAM;AACtE,QAAM,kBAAkB,IAAI,wBAAwB,MAAM;AAC1D,QAAM,WAAW,IAAI,iBAAiB,MAAM;AAC5C,QAAM,YAAY,IAAI,kBAAkB,MAAM;AAC9C,QAAM,6BAA6B,IAAI;AAAA,IACrC;AAAA,EACF;AACA,QAAM,uBAAuB,IAAI,6BAA6B,MAAM;AACpE,QAAM,2BAA2B,IAAI,iCAAiC,MAAM;AAC5E,QAAM,0BAA0B,IAAI,gCAAgC,MAAM;AAC1E,QAAM,aAAa,IAAI,oBAAoB,MAAM;AAEjD,QAAM,QAAQ;AAAA,IACZ;AAAA,MACE,GAAG,eAAe,EAAE,gBAAgB,WAAW,CAAC;AAAA,MAChD,GAAG,eAAe,EAAE,gBAAgB,WAAW,CAAC;AAAA,MAChD,GAAG,iBAAiB,EAAE,kBAAkB,WAAW,CAAC;AAAA,MACpD,GAAG,sBAAsB;AAAA,QACvB;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAAA,MACD,GAAG,gBAAgB,EAAE,iBAAiB,gBAAgB,WAAW,CAAC;AAAA,MAClE,GAAG,cAAc,EAAE,4BAA4B,WAAW,CAAC;AAAA,MAC3D,GAAG,qBAAqB,EAAE,qBAAqB,CAAC;AAAA,MAChD,GAAG,eAAe,EAAE,yBAAyB,CAAC;AAAA,MAC9C,GAAG,gBAAgB,EAAE,kBAAkB,wBAAwB,CAAC;AAAA,MAChE,GAAG,qBAAqB,EAAE,UAAU,UAAU,CAAC;AAAA,IACjD;AAAA,IACA,iBAAiB,GAAG,OAAO,QAAQ;AAAA,EACrC;AACA,gBAAc,QAAQ,KAAK;AAE3B,SAAO;AACT;;;AFlHA,eAAe,OAAsB;AACnC,QAAM,SAAS,WAAW,QAAQ,GAAG;AACrC,QAAM,SAAS,aAAa,MAAM;AAClC,QAAM,OAAO,QAAQ,IAAI,qBAAqB,CAAC;AACjD;AAEA,KAAK,EAAE,MAAM,CAAC,UAAmB;AAC/B,UAAQ,MAAM,KAAK;AACnB,UAAQ,WAAW;AACrB,CAAC;","names":["z","z","z","z","z","z","z","z","z","z","z","z","z","z","z","z","z","z","z","serializeUser","z"]}
|