npm - mcp-proxy - Versions diffs - 5.6.0 → 5.7.0 - Mend

mcp-proxy 5.6.0 → 5.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/README.md +1 -0
package/dist/bin/mcp-proxy.d.ts +1 -2
package/dist/bin/mcp-proxy.js +56 -91
package/dist/bin/mcp-proxy.js.map +1 -1
package/dist/index.d.ts +2 -0
package/dist/index.js +66 -61
package/dist/index.js.map +1 -1
package/dist/{stdio-Cm2W-uxV.js → stdio-AohZZTMh.js} +520 -492
package/dist/stdio-AohZZTMh.js.map +1 -0
package/jsr.json +1 -1
package/package.json +9 -9
package/src/bin/mcp-proxy.ts +6 -0
package/src/fixtures/slow-stdio-server.ts +91 -0
package/src/proxyServer.test.ts +148 -0
package/src/proxyServer.ts +43 -10
package/dist/stdio-Cm2W-uxV.js.map +0 -1

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","names":["codeVerifier","tokens","_a","_b","_a","error","transport: SSEClientTransport \| StreamableHTTPClientTransport"],"sources":["../node_modules/.pnpm/eventsource-parser@3.0.3/node_modules/eventsource-parser/dist/index.js","../node_modules/.pnpm/eventsource@3.0.7/node_modules/eventsource/dist/index.js","../node_modules/.pnpm/pkce-challenge@5.0.0/node_modules/pkce-challenge/dist/index.node.js","../node_modules/.pnpm/@modelcontextprotocol+sdk@1.17.3/node_modules/@modelcontextprotocol/sdk/dist/esm/shared/auth.js","../node_modules/.pnpm/@modelcontextprotocol+sdk@1.17.3/node_modules/@modelcontextprotocol/sdk/dist/esm/shared/auth-utils.js","../node_modules/.pnpm/@modelcontextprotocol+sdk@1.17.3/node_modules/@modelcontextprotocol/sdk/dist/esm/server/auth/errors.js","../node_modules/.pnpm/@modelcontextprotocol+sdk@1.17.3/node_modules/@modelcontextprotocol/sdk/dist/esm/client/auth.js","../node_modules/.pnpm/@modelcontextprotocol+sdk@1.17.3/node_modules/@modelcontextprotocol/sdk/dist/esm/client/sse.js","../node_modules/.pnpm/eventsource-parser@3.0.3/node_modules/eventsource-parser/dist/stream.js","../node_modules/.pnpm/@modelcontextprotocol+sdk@1.17.3/node_modules/@modelcontextprotocol/sdk/dist/esm/client/streamableHttp.js","../node_modules/.pnpm/@modelcontextprotocol+sdk@1.17.3/node_modules/@modelcontextprotocol/sdk/dist/esm/server/stdio.js","../src/startStdioServer.ts","../src/tapTransport.ts"],"sourcesContent":["class ParseError extends Error {\n constructor(message, options) {\n super(message), this.name = \"ParseError\", this.type = options.type, this.field = options.field, this.value = options.value, this.line = options.line;\n }\n}\nfunction noop(_arg) {\n}\nfunction createParser(callbacks) {\n if (typeof callbacks == \"function\")\n throw new TypeError(\n \"`callbacks` must be an object, got a function instead. Did you mean `{onEvent: fn}`?\"\n );\n const { onEvent = noop, onError = noop, onRetry = noop, onComment } = callbacks;\n let incompleteLine = \"\", isFirstChunk = !0, id, data = \"\", eventType = \"\";\n function feed(newChunk) {\n const chunk = isFirstChunk ? newChunk.replace(/^\\xEF\\xBB\\xBF/, \"\") : newChunk, [complete, incomplete] = splitLines(`${incompleteLine}${chunk}`);\n for (const line of complete)\n parseLine(line);\n incompleteLine = incomplete, isFirstChunk = !1;\n }\n function parseLine(line) {\n if (line === \"\") {\n dispatchEvent();\n return;\n }\n if (line.startsWith(\":\")) {\n onComment && onComment(line.slice(line.startsWith(\": \") ? 2 : 1));\n return;\n }\n const fieldSeparatorIndex = line.indexOf(\":\");\n if (fieldSeparatorIndex !== -1) {\n const field = line.slice(0, fieldSeparatorIndex), offset = line[fieldSeparatorIndex + 1] === \" \" ? 2 : 1, value = line.slice(fieldSeparatorIndex + offset);\n processField(field, value, line);\n return;\n }\n processField(line, \"\", line);\n }\n function processField(field, value, line) {\n switch (field) {\n case \"event\":\n eventType = value;\n break;\n case \"data\":\n data = `${data}${value}\n`;\n break;\n case \"id\":\n id = value.includes(\"\\0\") ? void 0 : value;\n break;\n case \"retry\":\n /^\\d+$/.test(value) ? onRetry(parseInt(value, 10)) : onError(\n new ParseError(`Invalid \\`retry\\` value: \"${value}\"`, {\n type: \"invalid-retry\",\n value,\n line\n })\n );\n break;\n default:\n onError(\n new ParseError(\n `Unknown field \"${field.length > 20 ? `${field.slice(0, 20)}\\u2026` : field}\"`,\n { type: \"unknown-field\", field, value, line }\n )\n );\n break;\n }\n }\n function dispatchEvent() {\n data.length > 0 && onEvent({\n id,\n event: eventType \|\| void 0,\n // If the data buffer's last character is a U+000A LINE FEED (LF) character,\n // then remove the last character from the data buffer.\n data: data.endsWith(`\n`) ? data.slice(0, -1) : data\n }), id = void 0, data = \"\", eventType = \"\";\n }\n function reset(options = {}) {\n incompleteLine && options.consume && parseLine(incompleteLine), isFirstChunk = !0, id = void 0, data = \"\", eventType = \"\", incompleteLine = \"\";\n }\n return { feed, reset };\n}\nfunction splitLines(chunk) {\n const lines = [];\n let incompleteLine = \"\", searchIndex = 0;\n for (; searchIndex < chunk.length; ) {\n const crIndex = chunk.indexOf(\"\\r\", searchIndex), lfIndex = chunk.indexOf(`\n`, searchIndex);\n let lineEnd = -1;\n if (crIndex !== -1 && lfIndex !== -1 ? lineEnd = Math.min(crIndex, lfIndex) : crIndex !== -1 ? lineEnd = crIndex : lfIndex !== -1 && (lineEnd = lfIndex), lineEnd === -1) {\n incompleteLine = chunk.slice(searchIndex);\n break;\n } else {\n const line = chunk.slice(searchIndex, lineEnd);\n lines.push(line), searchIndex = lineEnd + 1, chunk[searchIndex - 1] === \"\\r\" && chunk[searchIndex] === `\n` && searchIndex++;\n }\n }\n return [lines, incompleteLine];\n}\nexport {\n ParseError,\n createParser\n};\n//# sourceMappingURL=index.js.map\n","import { createParser } from \"eventsource-parser\";\nclass ErrorEvent extends Event {\n /*\n Constructs a new `ErrorEvent` instance. This is typically not called directly,\n * but rather emitted by the `EventSource` object when an error occurs.\n \n @param type - The type of the event (should be \"error\")\n * @param errorEventInitDict - Optional properties to include in the error event\n /\n constructor(type, errorEventInitDict) {\n var _a, _b;\n super(type), this.code = (_a = errorEventInitDict == null ? void 0 : errorEventInitDict.code) != null ? _a : void 0, this.message = (_b = errorEventInitDict == null ? void 0 : errorEventInitDict.message) != null ? _b : void 0;\n }\n /\n Node.js \"hides\" the `message` and `code` properties of the `ErrorEvent` instance,\n * when it is `console.log`'ed. This makes it harder to debug errors. To ease debugging,\n * we explicitly include the properties in the `inspect` method.\n \n This is automatically called by Node.js when you `console.log` an instance of this class.\n \n @param _depth - The current depth\n * @param options - The options passed to `util.inspect`\n * @param inspect - The inspect function to use (prevents having to import it from `util`)\n * @returns A string representation of the error\n /\n [Symbol.for(\"nodejs.util.inspect.custom\")](_depth, options, inspect) {\n return inspect(inspectableError(this), options);\n }\n /\n Deno \"hides\" the `message` and `code` properties of the `ErrorEvent` instance,\n * when it is `console.log`'ed. This makes it harder to debug errors. To ease debugging,\n * we explicitly include the properties in the `inspect` method.\n \n This is automatically called by Deno when you `console.log` an instance of this class.\n \n @param inspect - The inspect function to use (prevents having to import it from `util`)\n * @param options - The options passed to `Deno.inspect`\n * @returns A string representation of the error\n /\n [Symbol.for(\"Deno.customInspect\")](inspect, options) {\n return inspect(inspectableError(this), options);\n }\n}\nfunction syntaxError(message) {\n const DomException = globalThis.DOMException;\n return typeof DomException == \"function\" ? new DomException(message, \"SyntaxError\") : new SyntaxError(message);\n}\nfunction flattenError(err) {\n return err instanceof Error ? \"errors\" in err && Array.isArray(err.errors) ? err.errors.map(flattenError).join(\", \") : \"cause\" in err && err.cause instanceof Error ? `${err}: ${flattenError(err.cause)}` : err.message : `${err}`;\n}\nfunction inspectableError(err) {\n return {\n type: err.type,\n message: err.message,\n code: err.code,\n defaultPrevented: err.defaultPrevented,\n cancelable: err.cancelable,\n timeStamp: err.timeStamp\n };\n}\nvar __typeError = (msg) => {\n throw TypeError(msg);\n}, __accessCheck = (obj, member, msg) => member.has(obj) \|\| __typeError(\"Cannot \" + msg), __privateGet = (obj, member, getter) => (__accessCheck(obj, member, \"read from private field\"), getter ? getter.call(obj) : member.get(obj)), __privateAdd = (obj, member, value) => member.has(obj) ? __typeError(\"Cannot add the same private member more than once\") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value), __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, \"write to private field\"), member.set(obj, value), value), __privateMethod = (obj, member, method) => (__accessCheck(obj, member, \"access private method\"), method), _readyState, _url, _redirectUrl, _withCredentials, _fetch, _reconnectInterval, _reconnectTimer, _lastEventId, _controller, _parser, _onError, _onMessage, _onOpen, _EventSource_instances, connect_fn, _onFetchResponse, _onFetchError, getRequestOptions_fn, _onEvent, _onRetryChange, failConnection_fn, scheduleReconnect_fn, _reconnect;\nclass EventSource extends EventTarget {\n constructor(url, eventSourceInitDict) {\n var _a, _b;\n super(), __privateAdd(this, _EventSource_instances), this.CONNECTING = 0, this.OPEN = 1, this.CLOSED = 2, __privateAdd(this, _readyState), __privateAdd(this, _url), __privateAdd(this, _redirectUrl), __privateAdd(this, _withCredentials), __privateAdd(this, _fetch), __privateAdd(this, _reconnectInterval), __privateAdd(this, _reconnectTimer), __privateAdd(this, _lastEventId, null), __privateAdd(this, _controller), __privateAdd(this, _parser), __privateAdd(this, _onError, null), __privateAdd(this, _onMessage, null), __privateAdd(this, _onOpen, null), __privateAdd(this, _onFetchResponse, async (response) => {\n var _a2;\n __privateGet(this, _parser).reset();\n const { body, redirected, status, headers } = response;\n if (status === 204) {\n __privateMethod(this, _EventSource_instances, failConnection_fn).call(this, \"Server sent HTTP 204, not reconnecting\", 204), this.close();\n return;\n }\n if (redirected ? __privateSet(this, _redirectUrl, new URL(response.url)) : __privateSet(this, _redirectUrl, void 0), status !== 200) {\n __privateMethod(this, _EventSource_instances, failConnection_fn).call(this, `Non-200 status code (${status})`, status);\n return;\n }\n if (!(headers.get(\"content-type\") \|\| \"\").startsWith(\"text/event-stream\")) {\n __privateMethod(this, _EventSource_instances, failConnection_fn).call(this, 'Invalid content type, expected \"text/event-stream\"', status);\n return;\n }\n if (__privateGet(this, _readyState) === this.CLOSED)\n return;\n __privateSet(this, _readyState, this.OPEN);\n const openEvent = new Event(\"open\");\n if ((_a2 = __privateGet(this, _onOpen)) == null \|\| _a2.call(this, openEvent), this.dispatchEvent(openEvent), typeof body != \"object\" \|\| !body \|\| !(\"getReader\" in body)) {\n __privateMethod(this, _EventSource_instances, failConnection_fn).call(this, \"Invalid response body, expected a web ReadableStream\", status), this.close();\n return;\n }\n const decoder = new TextDecoder(), reader = body.getReader();\n let open = !0;\n do {\n const { done, value } = await reader.read();\n value && __privateGet(this, _parser).feed(decoder.decode(value, { stream: !done })), done && (open = !1, __privateGet(this, _parser).reset(), __privateMethod(this, _EventSource_instances, scheduleReconnect_fn).call(this));\n } while (open);\n }), __privateAdd(this, _onFetchError, (err) => {\n __privateSet(this, _controller, void 0), !(err.name === \"AbortError\" \|\| err.type === \"aborted\") && __privateMethod(this, _EventSource_instances, scheduleReconnect_fn).call(this, flattenError(err));\n }), __privateAdd(this, _onEvent, (event) => {\n typeof event.id == \"string\" && __privateSet(this, _lastEventId, event.id);\n const messageEvent = new MessageEvent(event.event \|\| \"message\", {\n data: event.data,\n origin: __privateGet(this, _redirectUrl) ? __privateGet(this, _redirectUrl).origin : __privateGet(this, _url).origin,\n lastEventId: event.id \|\| \"\"\n });\n __privateGet(this, _onMessage) && (!event.event \|\| event.event === \"message\") && __privateGet(this, _onMessage).call(this, messageEvent), this.dispatchEvent(messageEvent);\n }), __privateAdd(this, _onRetryChange, (value) => {\n __privateSet(this, _reconnectInterval, value);\n }), __privateAdd(this, _reconnect, () => {\n __privateSet(this, _reconnectTimer, void 0), __privateGet(this, _readyState) === this.CONNECTING && __privateMethod(this, _EventSource_instances, connect_fn).call(this);\n });\n try {\n if (url instanceof URL)\n __privateSet(this, _url, url);\n else if (typeof url == \"string\")\n __privateSet(this, _url, new URL(url, getBaseURL()));\n else\n throw new Error(\"Invalid URL\");\n } catch {\n throw syntaxError(\"An invalid or illegal string was specified\");\n }\n __privateSet(this, _parser, createParser({\n onEvent: __privateGet(this, _onEvent),\n onRetry: __privateGet(this, _onRetryChange)\n })), __privateSet(this, _readyState, this.CONNECTING), __privateSet(this, _reconnectInterval, 3e3), __privateSet(this, _fetch, (_a = eventSourceInitDict == null ? void 0 : eventSourceInitDict.fetch) != null ? _a : globalThis.fetch), __privateSet(this, _withCredentials, (_b = eventSourceInitDict == null ? void 0 : eventSourceInitDict.withCredentials) != null ? _b : !1), __privateMethod(this, _EventSource_instances, connect_fn).call(this);\n }\n /\n Returns the state of this EventSource object's connection. It can have the values described below.\n \n [MDN Reference](https://developer.mozilla.org/docs/Web/API/EventSource/readyState)\n \n Note: typed as `number` instead of `0 \| 1 \| 2` for compatibility with the `EventSource` interface,\n * defined in the TypeScript `dom` library.\n \n @public\n /\n get readyState() {\n return __privateGet(this, _readyState);\n }\n /\n Returns the URL providing the event stream.\n \n [MDN Reference](https://developer.mozilla.org/docs/Web/API/EventSource/url)\n \n @public\n /\n get url() {\n return __privateGet(this, _url).href;\n }\n /\n Returns true if the credentials mode for connection requests to the URL providing the event stream is set to \"include\", and false otherwise.\n \n [MDN Reference](https://developer.mozilla.org/docs/Web/API/EventSource/withCredentials)\n /\n get withCredentials() {\n return __privateGet(this, _withCredentials);\n }\n /* [MDN Reference](https://developer.mozilla.org/docs/Web/API/EventSource/error_event) /\n get onerror() {\n return __privateGet(this, _onError);\n }\n set onerror(value) {\n __privateSet(this, _onError, value);\n }\n /* [MDN Reference](https://developer.mozilla.org/docs/Web/API/EventSource/message_event) /\n get onmessage() {\n return __privateGet(this, _onMessage);\n }\n set onmessage(value) {\n __privateSet(this, _onMessage, value);\n }\n /* [MDN Reference](https://developer.mozilla.org/docs/Web/API/EventSource/open_event) /\n get onopen() {\n return __privateGet(this, _onOpen);\n }\n set onopen(value) {\n __privateSet(this, _onOpen, value);\n }\n addEventListener(type, listener, options) {\n const listen = listener;\n super.addEventListener(type, listen, options);\n }\n removeEventListener(type, listener, options) {\n const listen = listener;\n super.removeEventListener(type, listen, options);\n }\n /\n Aborts any instances of the fetch algorithm started for this EventSource object, and sets the readyState attribute to CLOSED.\n \n [MDN Reference](https://developer.mozilla.org/docs/Web/API/EventSource/close)\n \n @public\n /\n close() {\n __privateGet(this, _reconnectTimer) && clearTimeout(__privateGet(this, _reconnectTimer)), __privateGet(this, _readyState) !== this.CLOSED && (__privateGet(this, _controller) && __privateGet(this, _controller).abort(), __privateSet(this, _readyState, this.CLOSED), __privateSet(this, _controller, void 0));\n }\n}\n_readyState = / @__PURE__ / new WeakMap(), _url = / @__PURE__ / new WeakMap(), _redirectUrl = / @__PURE__ / new WeakMap(), _withCredentials = / @__PURE__ / new WeakMap(), _fetch = / @__PURE__ / new WeakMap(), _reconnectInterval = / @__PURE__ / new WeakMap(), _reconnectTimer = / @__PURE__ / new WeakMap(), _lastEventId = / @__PURE__ / new WeakMap(), _controller = / @__PURE__ / new WeakMap(), _parser = / @__PURE__ / new WeakMap(), _onError = / @__PURE__ / new WeakMap(), _onMessage = / @__PURE__ / new WeakMap(), _onOpen = / @__PURE__ / new WeakMap(), _EventSource_instances = / @__PURE__ / new WeakSet(), /\n Connect to the given URL and start receiving events\n\n @internal\n/\nconnect_fn = function() {\n __privateSet(this, _readyState, this.CONNECTING), __privateSet(this, _controller, new AbortController()), __privateGet(this, _fetch)(__privateGet(this, _url), __privateMethod(this, _EventSource_instances, getRequestOptions_fn).call(this)).then(__privateGet(this, _onFetchResponse)).catch(__privateGet(this, _onFetchError));\n}, _onFetchResponse = / @__PURE__ / new WeakMap(), _onFetchError = / @__PURE__ / new WeakMap(), /\n Get request options for the `fetch()` request\n\n @returns The request options\n* @internal\n/\ngetRequestOptions_fn = function() {\n var _a;\n const init = {\n // [spec] Let `corsAttributeState` be `Anonymous`…\n // [spec] …will have their mode set to \"cors\"…\n mode: \"cors\",\n redirect: \"follow\",\n headers: { Accept: \"text/event-stream\", ...__privateGet(this, _lastEventId) ? { \"Last-Event-ID\": __privateGet(this, _lastEventId) } : void 0 },\n cache: \"no-store\",\n signal: (_a = __privateGet(this, _controller)) == null ? void 0 : _a.signal\n };\n return \"window\" in globalThis && (init.credentials = this.withCredentials ? \"include\" : \"same-origin\"), init;\n}, _onEvent = / @__PURE__ / new WeakMap(), _onRetryChange = / @__PURE__ / new WeakMap(), /\n Handles the process referred to in the EventSource specification as \"failing a connection\".\n\n @param error - The error causing the connection to fail\n* @param code - The HTTP status code, if available\n* @internal\n/\nfailConnection_fn = function(message, code) {\n var _a;\n __privateGet(this, _readyState) !== this.CLOSED && __privateSet(this, _readyState, this.CLOSED);\n const errorEvent = new ErrorEvent(\"error\", { code, message });\n (_a = __privateGet(this, _onError)) == null \|\| _a.call(this, errorEvent), this.dispatchEvent(errorEvent);\n}, /\n Schedules a reconnection attempt against the EventSource endpoint.\n\n @param message - The error causing the connection to fail\n* @param code - The HTTP status code, if available\n* @internal\n/\nscheduleReconnect_fn = function(message, code) {\n var _a;\n if (__privateGet(this, _readyState) === this.CLOSED)\n return;\n __privateSet(this, _readyState, this.CONNECTING);\n const errorEvent = new ErrorEvent(\"error\", { code, message });\n (_a = __privateGet(this, _onError)) == null \|\| _a.call(this, errorEvent), this.dispatchEvent(errorEvent), __privateSet(this, _reconnectTimer, setTimeout(__privateGet(this, _reconnect), __privateGet(this, _reconnectInterval)));\n}, _reconnect = / @__PURE__ / new WeakMap(), /\n ReadyState representing an EventSource currently trying to connect\n\n @public\n/\nEventSource.CONNECTING = 0, /\n ReadyState representing an EventSource connection that is open (eg connected)\n\n @public\n/\nEventSource.OPEN = 1, /\n ReadyState representing an EventSource connection that is closed (eg disconnected)\n\n @public\n/\nEventSource.CLOSED = 2;\nfunction getBaseURL() {\n const doc = \"document\" in globalThis ? globalThis.document : void 0;\n return doc && typeof doc == \"object\" && \"baseURI\" in doc && typeof doc.baseURI == \"string\" ? doc.baseURI : void 0;\n}\nexport {\n ErrorEvent,\n EventSource\n};\n//# sourceMappingURL=index.js.map\n","let crypto;\ncrypto =\n globalThis.crypto?.webcrypto ?? // Node.js [18-16] REPL\n globalThis.crypto ?? // Node.js >18\n import(\"node:crypto\").then(m => m.webcrypto); // Node.js <18 Non-REPL\n/\n Creates an array of length `size` of random bytes\n * @param size\n * @returns Array of random ints (0 to 255)\n /\nasync function getRandomValues(size) {\n return (await crypto).getRandomValues(new Uint8Array(size));\n}\n/* Generate cryptographically strong random string\n * @param size The desired length of the string\n * @returns The random string\n /\nasync function random(size) {\n const mask = \"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~\";\n let result = \"\";\n const randomUints = await getRandomValues(size);\n for (let i = 0; i < size; i++) {\n // cap the value of the randomIndex to mask.length - 1\n const randomIndex = randomUints[i] % mask.length;\n result += mask[randomIndex];\n }\n return result;\n}\n/* Generate a PKCE challenge verifier\n * @param length Length of the verifier\n * @returns A random verifier `length` characters long\n /\nasync function generateVerifier(length) {\n return await random(length);\n}\n/* Generate a PKCE code challenge from a code verifier\n * @param code_verifier\n * @returns The base64 url encoded code challenge\n /\nexport async function generateChallenge(code_verifier) {\n const buffer = await (await crypto).subtle.digest(\"SHA-256\", new TextEncoder().encode(code_verifier));\n // Generate base64url string\n // btoa is deprecated in Node.js but is used here for web browser compatibility\n // (which has no good replacement yet, see also https://github.com/whatwg/html/issues/6811)\n return btoa(String.fromCharCode(...new Uint8Array(buffer)))\n .replace(/\\//g, '_')\n .replace(/\\+/g, '-')\n .replace(/=/g, '');\n}\n/* Generate a PKCE challenge pair\n * @param length Length of the verifer (between 43-128). Defaults to 43.\n * @returns PKCE challenge pair\n /\nexport default async function pkceChallenge(length) {\n if (!length)\n length = 43;\n if (length < 43 \|\| length > 128) {\n throw `Expected a length between 43 and 128. Received ${length}.`;\n }\n const verifier = await generateVerifier(length);\n const challenge = await generateChallenge(verifier);\n return {\n code_verifier: verifier,\n code_challenge: challenge,\n };\n}\n/* Verify that a code_verifier produces the expected code challenge\n * @param code_verifier\n * @param expectedChallenge The code challenge to verify\n * @returns True if challenges are equal. False otherwise.\n /\nexport async function verifyChallenge(code_verifier, expectedChallenge) {\n const actualChallenge = await generateChallenge(code_verifier);\n return actualChallenge === expectedChallenge;\n}\n","import { z } from \"zod\";\n/\n RFC 9728 OAuth Protected Resource Metadata\n /\nexport const OAuthProtectedResourceMetadataSchema = z\n .object({\n resource: z.string().url(),\n authorization_servers: z.array(z.string().url()).optional(),\n jwks_uri: z.string().url().optional(),\n scopes_supported: z.array(z.string()).optional(),\n bearer_methods_supported: z.array(z.string()).optional(),\n resource_signing_alg_values_supported: z.array(z.string()).optional(),\n resource_name: z.string().optional(),\n resource_documentation: z.string().optional(),\n resource_policy_uri: z.string().url().optional(),\n resource_tos_uri: z.string().url().optional(),\n tls_client_certificate_bound_access_tokens: z.boolean().optional(),\n authorization_details_types_supported: z.array(z.string()).optional(),\n dpop_signing_alg_values_supported: z.array(z.string()).optional(),\n dpop_bound_access_tokens_required: z.boolean().optional(),\n})\n .passthrough();\n/\n RFC 8414 OAuth 2.0 Authorization Server Metadata\n /\nexport const OAuthMetadataSchema = z\n .object({\n issuer: z.string(),\n authorization_endpoint: z.string(),\n token_endpoint: z.string(),\n registration_endpoint: z.string().optional(),\n scopes_supported: z.array(z.string()).optional(),\n response_types_supported: z.array(z.string()),\n response_modes_supported: z.array(z.string()).optional(),\n grant_types_supported: z.array(z.string()).optional(),\n token_endpoint_auth_methods_supported: z.array(z.string()).optional(),\n token_endpoint_auth_signing_alg_values_supported: z\n .array(z.string())\n .optional(),\n service_documentation: z.string().optional(),\n revocation_endpoint: z.string().optional(),\n revocation_endpoint_auth_methods_supported: z.array(z.string()).optional(),\n revocation_endpoint_auth_signing_alg_values_supported: z\n .array(z.string())\n .optional(),\n introspection_endpoint: z.string().optional(),\n introspection_endpoint_auth_methods_supported: z\n .array(z.string())\n .optional(),\n introspection_endpoint_auth_signing_alg_values_supported: z\n .array(z.string())\n .optional(),\n code_challenge_methods_supported: z.array(z.string()).optional(),\n})\n .passthrough();\n/\n OpenID Connect Discovery 1.0 Provider Metadata\n * see: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata\n /\nexport const OpenIdProviderMetadataSchema = z\n .object({\n issuer: z.string(),\n authorization_endpoint: z.string(),\n token_endpoint: z.string(),\n userinfo_endpoint: z.string().optional(),\n jwks_uri: z.string(),\n registration_endpoint: z.string().optional(),\n scopes_supported: z.array(z.string()).optional(),\n response_types_supported: z.array(z.string()),\n response_modes_supported: z.array(z.string()).optional(),\n grant_types_supported: z.array(z.string()).optional(),\n acr_values_supported: z.array(z.string()).optional(),\n subject_types_supported: z.array(z.string()),\n id_token_signing_alg_values_supported: z.array(z.string()),\n id_token_encryption_alg_values_supported: z.array(z.string()).optional(),\n id_token_encryption_enc_values_supported: z.array(z.string()).optional(),\n userinfo_signing_alg_values_supported: z.array(z.string()).optional(),\n userinfo_encryption_alg_values_supported: z.array(z.string()).optional(),\n userinfo_encryption_enc_values_supported: z.array(z.string()).optional(),\n request_object_signing_alg_values_supported: z.array(z.string()).optional(),\n request_object_encryption_alg_values_supported: z\n .array(z.string())\n .optional(),\n request_object_encryption_enc_values_supported: z\n .array(z.string())\n .optional(),\n token_endpoint_auth_methods_supported: z.array(z.string()).optional(),\n token_endpoint_auth_signing_alg_values_supported: z\n .array(z.string())\n .optional(),\n display_values_supported: z.array(z.string()).optional(),\n claim_types_supported: z.array(z.string()).optional(),\n claims_supported: z.array(z.string()).optional(),\n service_documentation: z.string().optional(),\n claims_locales_supported: z.array(z.string()).optional(),\n ui_locales_supported: z.array(z.string()).optional(),\n claims_parameter_supported: z.boolean().optional(),\n request_parameter_supported: z.boolean().optional(),\n request_uri_parameter_supported: z.boolean().optional(),\n require_request_uri_registration: z.boolean().optional(),\n op_policy_uri: z.string().optional(),\n op_tos_uri: z.string().optional(),\n})\n .passthrough();\n/\n OpenID Connect Discovery metadata that may include OAuth 2.0 fields\n * This schema represents the real-world scenario where OIDC providers\n * return a mix of OpenID Connect and OAuth 2.0 metadata fields\n /\nexport const OpenIdProviderDiscoveryMetadataSchema = OpenIdProviderMetadataSchema.merge(OAuthMetadataSchema.pick({\n code_challenge_methods_supported: true,\n}));\n/\n OAuth 2.1 token response\n /\nexport const OAuthTokensSchema = z\n .object({\n access_token: z.string(),\n id_token: z.string().optional(), // Optional for OAuth 2.1, but necessary in OpenID Connect\n token_type: z.string(),\n expires_in: z.number().optional(),\n scope: z.string().optional(),\n refresh_token: z.string().optional(),\n})\n .strip();\n/\n OAuth 2.1 error response\n /\nexport const OAuthErrorResponseSchema = z\n .object({\n error: z.string(),\n error_description: z.string().optional(),\n error_uri: z.string().optional(),\n});\n/\n RFC 7591 OAuth 2.0 Dynamic Client Registration metadata\n /\nexport const OAuthClientMetadataSchema = z.object({\n redirect_uris: z.array(z.string()).refine((uris) => uris.every((uri) => URL.canParse(uri)), { message: \"redirect_uris must contain valid URLs\" }),\n token_endpoint_auth_method: z.string().optional(),\n grant_types: z.array(z.string()).optional(),\n response_types: z.array(z.string()).optional(),\n client_name: z.string().optional(),\n client_uri: z.string().optional(),\n logo_uri: z.string().optional(),\n scope: z.string().optional(),\n contacts: z.array(z.string()).optional(),\n tos_uri: z.string().optional(),\n policy_uri: z.string().optional(),\n jwks_uri: z.string().optional(),\n jwks: z.any().optional(),\n software_id: z.string().optional(),\n software_version: z.string().optional(),\n software_statement: z.string().optional(),\n}).strip();\n/\n RFC 7591 OAuth 2.0 Dynamic Client Registration client information\n /\nexport const OAuthClientInformationSchema = z.object({\n client_id: z.string(),\n client_secret: z.string().optional(),\n client_id_issued_at: z.number().optional(),\n client_secret_expires_at: z.number().optional(),\n}).strip();\n/\n RFC 7591 OAuth 2.0 Dynamic Client Registration full response (client information plus metadata)\n /\nexport const OAuthClientInformationFullSchema = OAuthClientMetadataSchema.merge(OAuthClientInformationSchema);\n/\n RFC 7591 OAuth 2.0 Dynamic Client Registration error response\n /\nexport const OAuthClientRegistrationErrorSchema = z.object({\n error: z.string(),\n error_description: z.string().optional(),\n}).strip();\n/\n RFC 7009 OAuth 2.0 Token Revocation request\n /\nexport const OAuthTokenRevocationRequestSchema = z.object({\n token: z.string(),\n token_type_hint: z.string().optional(),\n}).strip();\n//# sourceMappingURL=auth.js.map","/\n Utilities for handling OAuth resource URIs.\n /\n/\n Converts a server URL to a resource URL by removing the fragment.\n * RFC 8707 section 2 states that resource URIs \"MUST NOT include a fragment component\".\n * Keeps everything else unchanged (scheme, domain, port, path, query).\n /\nexport function resourceUrlFromServerUrl(url) {\n const resourceURL = typeof url === \"string\" ? new URL(url) : new URL(url.href);\n resourceURL.hash = ''; // Remove fragment\n return resourceURL;\n}\n/\n Checks if a requested resource URL matches a configured resource URL.\n * A requested resource matches if it has the same scheme, domain, port,\n * and its path starts with the configured resource's path.\n \n @param requestedResource The resource URL being requested\n * @param configuredResource The resource URL that has been configured\n * @returns true if the requested resource matches the configured resource, false otherwise\n /\nexport function checkResourceAllowed({ requestedResource, configuredResource }) {\n const requested = typeof requestedResource === \"string\" ? new URL(requestedResource) : new URL(requestedResource.href);\n const configured = typeof configuredResource === \"string\" ? new URL(configuredResource) : new URL(configuredResource.href);\n // Compare the origin (scheme, domain, and port)\n if (requested.origin !== configured.origin) {\n return false;\n }\n // Handle cases like requested=/foo and configured=/foo/\n if (requested.pathname.length < configured.pathname.length) {\n return false;\n }\n // Check if the requested path starts with the configured path\n // Ensure both paths end with / for proper comparison\n // This ensures that if we have paths like \"/api\" and \"/api/users\",\n // we properly detect that \"/api/users\" is a subpath of \"/api\"\n // By adding a trailing slash if missing, we avoid false positives\n // where paths like \"/api123\" would incorrectly match \"/api\"\n const requestedPath = requested.pathname.endsWith('/') ? requested.pathname : requested.pathname + '/';\n const configuredPath = configured.pathname.endsWith('/') ? configured.pathname : configured.pathname + '/';\n return requestedPath.startsWith(configuredPath);\n}\n//# sourceMappingURL=auth-utils.js.map","/\n Base class for all OAuth errors\n /\nexport class OAuthError extends Error {\n constructor(message, errorUri) {\n super(message);\n this.errorUri = errorUri;\n this.name = this.constructor.name;\n }\n /\n Converts the error to a standard OAuth error response object\n /\n toResponseObject() {\n const response = {\n error: this.errorCode,\n error_description: this.message\n };\n if (this.errorUri) {\n response.error_uri = this.errorUri;\n }\n return response;\n }\n get errorCode() {\n return this.constructor.errorCode;\n }\n}\n/\n Invalid request error - The request is missing a required parameter,\n * includes an invalid parameter value, includes a parameter more than once,\n * or is otherwise malformed.\n /\nexport class InvalidRequestError extends OAuthError {\n}\nInvalidRequestError.errorCode = \"invalid_request\";\n/\n Invalid client error - Client authentication failed (e.g., unknown client, no client\n * authentication included, or unsupported authentication method).\n /\nexport class InvalidClientError extends OAuthError {\n}\nInvalidClientError.errorCode = \"invalid_client\";\n/\n Invalid grant error - The provided authorization grant or refresh token is\n * invalid, expired, revoked, does not match the redirection URI used in the\n * authorization request, or was issued to another client.\n /\nexport class InvalidGrantError extends OAuthError {\n}\nInvalidGrantError.errorCode = \"invalid_grant\";\n/\n Unauthorized client error - The authenticated client is not authorized to use\n * this authorization grant type.\n /\nexport class UnauthorizedClientError extends OAuthError {\n}\nUnauthorizedClientError.errorCode = \"unauthorized_client\";\n/\n Unsupported grant type error - The authorization grant type is not supported\n * by the authorization server.\n /\nexport class UnsupportedGrantTypeError extends OAuthError {\n}\nUnsupportedGrantTypeError.errorCode = \"unsupported_grant_type\";\n/\n Invalid scope error - The requested scope is invalid, unknown, malformed, or\n * exceeds the scope granted by the resource owner.\n /\nexport class InvalidScopeError extends OAuthError {\n}\nInvalidScopeError.errorCode = \"invalid_scope\";\n/\n Access denied error - The resource owner or authorization server denied the request.\n /\nexport class AccessDeniedError extends OAuthError {\n}\nAccessDeniedError.errorCode = \"access_denied\";\n/\n Server error - The authorization server encountered an unexpected condition\n * that prevented it from fulfilling the request.\n /\nexport class ServerError extends OAuthError {\n}\nServerError.errorCode = \"server_error\";\n/\n Temporarily unavailable error - The authorization server is currently unable to\n * handle the request due to a temporary overloading or maintenance of the server.\n /\nexport class TemporarilyUnavailableError extends OAuthError {\n}\nTemporarilyUnavailableError.errorCode = \"temporarily_unavailable\";\n/\n Unsupported response type error - The authorization server does not support\n * obtaining an authorization code using this method.\n /\nexport class UnsupportedResponseTypeError extends OAuthError {\n}\nUnsupportedResponseTypeError.errorCode = \"unsupported_response_type\";\n/\n Unsupported token type error - The authorization server does not support\n * the requested token type.\n /\nexport class UnsupportedTokenTypeError extends OAuthError {\n}\nUnsupportedTokenTypeError.errorCode = \"unsupported_token_type\";\n/\n Invalid token error - The access token provided is expired, revoked, malformed,\n * or invalid for other reasons.\n /\nexport class InvalidTokenError extends OAuthError {\n}\nInvalidTokenError.errorCode = \"invalid_token\";\n/\n Method not allowed error - The HTTP method used is not allowed for this endpoint.\n * (Custom, non-standard error)\n /\nexport class MethodNotAllowedError extends OAuthError {\n}\nMethodNotAllowedError.errorCode = \"method_not_allowed\";\n/\n Too many requests error - Rate limit exceeded.\n * (Custom, non-standard error based on RFC 6585)\n /\nexport class TooManyRequestsError extends OAuthError {\n}\nTooManyRequestsError.errorCode = \"too_many_requests\";\n/\n Invalid client metadata error - The client metadata is invalid.\n * (Custom error for dynamic client registration - RFC 7591)\n /\nexport class InvalidClientMetadataError extends OAuthError {\n}\nInvalidClientMetadataError.errorCode = \"invalid_client_metadata\";\n/\n Insufficient scope error - The request requires higher privileges than provided by the access token.\n /\nexport class InsufficientScopeError extends OAuthError {\n}\nInsufficientScopeError.errorCode = \"insufficient_scope\";\n/\n A utility class for defining one-off error codes\n /\nexport class CustomOAuthError extends OAuthError {\n constructor(customErrorCode, message, errorUri) {\n super(message, errorUri);\n this.customErrorCode = customErrorCode;\n }\n get errorCode() {\n return this.customErrorCode;\n }\n}\n/\n A full list of all OAuthErrors, enabling parsing from error responses\n /\nexport const OAUTH_ERRORS = {\n [InvalidRequestError.errorCode]: InvalidRequestError,\n [InvalidClientError.errorCode]: InvalidClientError,\n [InvalidGrantError.errorCode]: InvalidGrantError,\n [UnauthorizedClientError.errorCode]: UnauthorizedClientError,\n [UnsupportedGrantTypeError.errorCode]: UnsupportedGrantTypeError,\n [InvalidScopeError.errorCode]: InvalidScopeError,\n [AccessDeniedError.errorCode]: AccessDeniedError,\n [ServerError.errorCode]: ServerError,\n [TemporarilyUnavailableError.errorCode]: TemporarilyUnavailableError,\n [UnsupportedResponseTypeError.errorCode]: UnsupportedResponseTypeError,\n [UnsupportedTokenTypeError.errorCode]: UnsupportedTokenTypeError,\n [InvalidTokenError.errorCode]: InvalidTokenError,\n [MethodNotAllowedError.errorCode]: MethodNotAllowedError,\n [TooManyRequestsError.errorCode]: TooManyRequestsError,\n [InvalidClientMetadataError.errorCode]: InvalidClientMetadataError,\n [InsufficientScopeError.errorCode]: InsufficientScopeError,\n};\n//# sourceMappingURL=errors.js.map","import pkceChallenge from \"pkce-challenge\";\nimport { LATEST_PROTOCOL_VERSION } from \"../types.js\";\nimport { OAuthErrorResponseSchema, OpenIdProviderDiscoveryMetadataSchema } from \"../shared/auth.js\";\nimport { OAuthClientInformationFullSchema, OAuthMetadataSchema, OAuthProtectedResourceMetadataSchema, OAuthTokensSchema } from \"../shared/auth.js\";\nimport { checkResourceAllowed, resourceUrlFromServerUrl } from \"../shared/auth-utils.js\";\nimport { InvalidClientError, InvalidGrantError, OAUTH_ERRORS, OAuthError, ServerError, UnauthorizedClientError } from \"../server/auth/errors.js\";\nexport class UnauthorizedError extends Error {\n constructor(message) {\n super(message !== null && message !== void 0 ? message : \"Unauthorized\");\n }\n}\n/\n Determines the best client authentication method to use based on server support and client configuration.\n \n Priority order (highest to lowest):\n * 1. client_secret_basic (if client secret is available)\n * 2. client_secret_post (if client secret is available)\n * 3. none (for public clients)\n \n @param clientInformation - OAuth client information containing credentials\n * @param supportedMethods - Authentication methods supported by the authorization server\n * @returns The selected authentication method\n /\nfunction selectClientAuthMethod(clientInformation, supportedMethods) {\n const hasClientSecret = clientInformation.client_secret !== undefined;\n // If server doesn't specify supported methods, use RFC 6749 defaults\n if (supportedMethods.length === 0) {\n return hasClientSecret ? \"client_secret_post\" : \"none\";\n }\n // Try methods in priority order (most secure first)\n if (hasClientSecret && supportedMethods.includes(\"client_secret_basic\")) {\n return \"client_secret_basic\";\n }\n if (hasClientSecret && supportedMethods.includes(\"client_secret_post\")) {\n return \"client_secret_post\";\n }\n if (supportedMethods.includes(\"none\")) {\n return \"none\";\n }\n // Fallback: use what we have\n return hasClientSecret ? \"client_secret_post\" : \"none\";\n}\n/\n Applies client authentication to the request based on the specified method.\n \n Implements OAuth 2.1 client authentication methods:\n * - client_secret_basic: HTTP Basic authentication (RFC 6749 Section 2.3.1)\n * - client_secret_post: Credentials in request body (RFC 6749 Section 2.3.1)\n * - none: Public client authentication (RFC 6749 Section 2.1)\n \n @param method - The authentication method to use\n * @param clientInformation - OAuth client information containing credentials\n * @param headers - HTTP headers object to modify\n * @param params - URL search parameters to modify\n * @throws {Error} When required credentials are missing\n /\nfunction applyClientAuthentication(method, clientInformation, headers, params) {\n const { client_id, client_secret } = clientInformation;\n switch (method) {\n case \"client_secret_basic\":\n applyBasicAuth(client_id, client_secret, headers);\n return;\n case \"client_secret_post\":\n applyPostAuth(client_id, client_secret, params);\n return;\n case \"none\":\n applyPublicAuth(client_id, params);\n return;\n default:\n throw new Error(`Unsupported client authentication method: ${method}`);\n }\n}\n/\n Applies HTTP Basic authentication (RFC 6749 Section 2.3.1)\n /\nfunction applyBasicAuth(clientId, clientSecret, headers) {\n if (!clientSecret) {\n throw new Error(\"client_secret_basic authentication requires a client_secret\");\n }\n const credentials = btoa(`${clientId}:${clientSecret}`);\n headers.set(\"Authorization\", `Basic ${credentials}`);\n}\n/\n Applies POST body authentication (RFC 6749 Section 2.3.1)\n /\nfunction applyPostAuth(clientId, clientSecret, params) {\n params.set(\"client_id\", clientId);\n if (clientSecret) {\n params.set(\"client_secret\", clientSecret);\n }\n}\n/\n Applies public client authentication (RFC 6749 Section 2.1)\n /\nfunction applyPublicAuth(clientId, params) {\n params.set(\"client_id\", clientId);\n}\n/\n Parses an OAuth error response from a string or Response object.\n \n If the input is a standard OAuth2.0 error response, it will be parsed according to the spec\n * and an instance of the appropriate OAuthError subclass will be returned.\n * If parsing fails, it falls back to a generic ServerError that includes\n * the response status (if available) and original content.\n \n @param input - A Response object or string containing the error response\n * @returns A Promise that resolves to an OAuthError instance\n /\nexport async function parseErrorResponse(input) {\n const statusCode = input instanceof Response ? input.status : undefined;\n const body = input instanceof Response ? await input.text() : input;\n try {\n const result = OAuthErrorResponseSchema.parse(JSON.parse(body));\n const { error, error_description, error_uri } = result;\n const errorClass = OAUTH_ERRORS[error] \|\| ServerError;\n return new errorClass(error_description \|\| '', error_uri);\n }\n catch (error) {\n // Not a valid OAuth error response, but try to inform the user of the raw data anyway\n const errorMessage = `${statusCode ? `HTTP ${statusCode}: ` : ''}Invalid OAuth error response: ${error}. Raw body: ${body}`;\n return new ServerError(errorMessage);\n }\n}\n/\n Orchestrates the full auth flow with a server.\n \n This can be used as a single entry point for all authorization functionality,\n * instead of linking together the other lower-level functions in this module.\n /\nexport async function auth(provider, options) {\n var _a, _b;\n try {\n return await authInternal(provider, options);\n }\n catch (error) {\n // Handle recoverable error types by invalidating credentials and retrying\n if (error instanceof InvalidClientError \|\| error instanceof UnauthorizedClientError) {\n await ((_a = provider.invalidateCredentials) === null \|\| _a === void 0 ? void 0 : _a.call(provider, 'all'));\n return await authInternal(provider, options);\n }\n else if (error instanceof InvalidGrantError) {\n await ((_b = provider.invalidateCredentials) === null \|\| _b === void 0 ? void 0 : _b.call(provider, 'tokens'));\n return await authInternal(provider, options);\n }\n // Throw otherwise\n throw error;\n }\n}\nasync function authInternal(provider, { serverUrl, authorizationCode, scope, resourceMetadataUrl, fetchFn, }) {\n let resourceMetadata;\n let authorizationServerUrl;\n try {\n resourceMetadata = await discoverOAuthProtectedResourceMetadata(serverUrl, { resourceMetadataUrl }, fetchFn);\n if (resourceMetadata.authorization_servers && resourceMetadata.authorization_servers.length > 0) {\n authorizationServerUrl = resourceMetadata.authorization_servers[0];\n }\n }\n catch (_a) {\n // Ignore errors and fall back to /.well-known/oauth-authorization-server\n }\n /\n If we don't get a valid authorization server metadata from protected resource metadata,\n * fallback to the legacy MCP spec's implementation (version 2025-03-26): MCP server acts as the Authorization server.\n /\n if (!authorizationServerUrl) {\n authorizationServerUrl = serverUrl;\n }\n const resource = await selectResourceURL(serverUrl, provider, resourceMetadata);\n const metadata = await discoverAuthorizationServerMetadata(authorizationServerUrl, {\n fetchFn,\n });\n // Handle client registration if needed\n let clientInformation = await Promise.resolve(provider.clientInformation());\n if (!clientInformation) {\n if (authorizationCode !== undefined) {\n throw new Error(\"Existing OAuth client information is required when exchanging an authorization code\");\n }\n if (!provider.saveClientInformation) {\n throw new Error(\"OAuth client information must be saveable for dynamic registration\");\n }\n const fullInformation = await registerClient(authorizationServerUrl, {\n metadata,\n clientMetadata: provider.clientMetadata,\n fetchFn,\n });\n await provider.saveClientInformation(fullInformation);\n clientInformation = fullInformation;\n }\n // Exchange authorization code for tokens\n if (authorizationCode !== undefined) {\n const codeVerifier = await provider.codeVerifier();\n const tokens = await exchangeAuthorization(authorizationServerUrl, {\n metadata,\n clientInformation,\n authorizationCode,\n codeVerifier,\n redirectUri: provider.redirectUrl,\n resource,\n addClientAuthentication: provider.addClientAuthentication,\n fetchFn: fetchFn,\n });\n await provider.saveTokens(tokens);\n return \"AUTHORIZED\";\n }\n const tokens = await provider.tokens();\n // Handle token refresh or new authorization\n if (tokens === null \|\| tokens === void 0 ? void 0 : tokens.refresh_token) {\n try {\n // Attempt to refresh the token\n const newTokens = await refreshAuthorization(authorizationServerUrl, {\n metadata,\n clientInformation,\n refreshToken: tokens.refresh_token,\n resource,\n addClientAuthentication: provider.addClientAuthentication,\n fetchFn,\n });\n await provider.saveTokens(newTokens);\n return \"AUTHORIZED\";\n }\n catch (error) {\n // If this is a ServerError, or an unknown type, log it out and try to continue. Otherwise, escalate so we can fix things and retry.\n if (!(error instanceof OAuthError) \|\| error instanceof ServerError) {\n // Could not refresh OAuth tokens\n }\n else {\n // Refresh failed for another reason, re-throw\n throw error;\n }\n }\n }\n const state = provider.state ? await provider.state() : undefined;\n // Start new authorization flow\n const { authorizationUrl, codeVerifier } = await startAuthorization(authorizationServerUrl, {\n metadata,\n clientInformation,\n state,\n redirectUrl: provider.redirectUrl,\n scope: scope \|\| provider.clientMetadata.scope,\n resource,\n });\n await provider.saveCodeVerifier(codeVerifier);\n await provider.redirectToAuthorization(authorizationUrl);\n return \"REDIRECT\";\n}\nexport async function selectResourceURL(serverUrl, provider, resourceMetadata) {\n const defaultResource = resourceUrlFromServerUrl(serverUrl);\n // If provider has custom validation, delegate to it\n if (provider.validateResourceURL) {\n return await provider.validateResourceURL(defaultResource, resourceMetadata === null \|\| resourceMetadata === void 0 ? void 0 : resourceMetadata.resource);\n }\n // Only include resource parameter when Protected Resource Metadata is present\n if (!resourceMetadata) {\n return undefined;\n }\n // Validate that the metadata's resource is compatible with our request\n if (!checkResourceAllowed({ requestedResource: defaultResource, configuredResource: resourceMetadata.resource })) {\n throw new Error(`Protected resource ${resourceMetadata.resource} does not match expected ${defaultResource} (or origin)`);\n }\n // Prefer the resource from metadata since it's what the server is telling us to request\n return new URL(resourceMetadata.resource);\n}\n/\n Extract resource_metadata from response header.\n /\nexport function extractResourceMetadataUrl(res) {\n const authenticateHeader = res.headers.get(\"WWW-Authenticate\");\n if (!authenticateHeader) {\n return undefined;\n }\n const [type, scheme] = authenticateHeader.split(' ');\n if (type.toLowerCase() !== 'bearer' \|\| !scheme) {\n return undefined;\n }\n const regex = /resource_metadata=\"([^\"])\"/;\n const match = regex.exec(authenticateHeader);\n if (!match) {\n return undefined;\n }\n try {\n return new URL(match[1]);\n }\n catch (_a) {\n return undefined;\n }\n}\n/*\n Looks up RFC 9728 OAuth 2.0 Protected Resource Metadata.\n \n If the server returns a 404 for the well-known endpoint, this function will\n * return `undefined`. Any other errors will be thrown as exceptions.\n /\nexport async function discoverOAuthProtectedResourceMetadata(serverUrl, opts, fetchFn = fetch) {\n const response = await discoverMetadataWithFallback(serverUrl, 'oauth-protected-resource', fetchFn, {\n protocolVersion: opts === null \|\| opts === void 0 ? void 0 : opts.protocolVersion,\n metadataUrl: opts === null \|\| opts === void 0 ? void 0 : opts.resourceMetadataUrl,\n });\n if (!response \|\| response.status === 404) {\n throw new Error(`Resource server does not implement OAuth 2.0 Protected Resource Metadata.`);\n }\n if (!response.ok) {\n throw new Error(`HTTP ${response.status} trying to load well-known OAuth protected resource metadata.`);\n }\n return OAuthProtectedResourceMetadataSchema.parse(await response.json());\n}\n/\n Helper function to handle fetch with CORS retry logic\n /\nasync function fetchWithCorsRetry(url, headers, fetchFn = fetch) {\n try {\n return await fetchFn(url, { headers });\n }\n catch (error) {\n if (error instanceof TypeError) {\n if (headers) {\n // CORS errors come back as TypeError, retry without headers\n return fetchWithCorsRetry(url, undefined, fetchFn);\n }\n else {\n // We're getting CORS errors on retry too, return undefined\n return undefined;\n }\n }\n throw error;\n }\n}\n/\n Constructs the well-known path for auth-related metadata discovery\n /\nfunction buildWellKnownPath(wellKnownPrefix, pathname = '', options = {}) {\n // Strip trailing slash from pathname to avoid double slashes\n if (pathname.endsWith('/')) {\n pathname = pathname.slice(0, -1);\n }\n return options.prependPathname\n ? `${pathname}/.well-known/${wellKnownPrefix}`\n : `/.well-known/${wellKnownPrefix}${pathname}`;\n}\n/\n Tries to discover OAuth metadata at a specific URL\n /\nasync function tryMetadataDiscovery(url, protocolVersion, fetchFn = fetch) {\n const headers = {\n \"MCP-Protocol-Version\": protocolVersion\n };\n return await fetchWithCorsRetry(url, headers, fetchFn);\n}\n/\n Determines if fallback to root discovery should be attempted\n /\nfunction shouldAttemptFallback(response, pathname) {\n return !response \|\| response.status === 404 && pathname !== '/';\n}\n/\n Generic function for discovering OAuth metadata with fallback support\n /\nasync function discoverMetadataWithFallback(serverUrl, wellKnownType, fetchFn, opts) {\n var _a, _b;\n const issuer = new URL(serverUrl);\n const protocolVersion = (_a = opts === null \|\| opts === void 0 ? void 0 : opts.protocolVersion) !== null && _a !== void 0 ? _a : LATEST_PROTOCOL_VERSION;\n let url;\n if (opts === null \|\| opts === void 0 ? void 0 : opts.metadataUrl) {\n url = new URL(opts.metadataUrl);\n }\n else {\n // Try path-aware discovery first\n const wellKnownPath = buildWellKnownPath(wellKnownType, issuer.pathname);\n url = new URL(wellKnownPath, (_b = opts === null \|\| opts === void 0 ? void 0 : opts.metadataServerUrl) !== null && _b !== void 0 ? _b : issuer);\n url.search = issuer.search;\n }\n let response = await tryMetadataDiscovery(url, protocolVersion, fetchFn);\n // If path-aware discovery fails with 404 and we're not already at root, try fallback to root discovery\n if (!(opts === null \|\| opts === void 0 ? void 0 : opts.metadataUrl) && shouldAttemptFallback(response, issuer.pathname)) {\n const rootUrl = new URL(`/.well-known/${wellKnownType}`, issuer);\n response = await tryMetadataDiscovery(rootUrl, protocolVersion, fetchFn);\n }\n return response;\n}\n/\n Looks up RFC 8414 OAuth 2.0 Authorization Server Metadata.\n \n If the server returns a 404 for the well-known endpoint, this function will\n * return `undefined`. Any other errors will be thrown as exceptions.\n \n @deprecated This function is deprecated in favor of `discoverAuthorizationServerMetadata`.\n /\nexport async function discoverOAuthMetadata(issuer, { authorizationServerUrl, protocolVersion, } = {}, fetchFn = fetch) {\n if (typeof issuer === 'string') {\n issuer = new URL(issuer);\n }\n if (!authorizationServerUrl) {\n authorizationServerUrl = issuer;\n }\n if (typeof authorizationServerUrl === 'string') {\n authorizationServerUrl = new URL(authorizationServerUrl);\n }\n protocolVersion !== null && protocolVersion !== void 0 ? protocolVersion : (protocolVersion = LATEST_PROTOCOL_VERSION);\n const response = await discoverMetadataWithFallback(authorizationServerUrl, 'oauth-authorization-server', fetchFn, {\n protocolVersion,\n metadataServerUrl: authorizationServerUrl,\n });\n if (!response \|\| response.status === 404) {\n return undefined;\n }\n if (!response.ok) {\n throw new Error(`HTTP ${response.status} trying to load well-known OAuth metadata`);\n }\n return OAuthMetadataSchema.parse(await response.json());\n}\n/\n Builds a list of discovery URLs to try for authorization server metadata.\n * URLs are returned in priority order:\n * 1. OAuth metadata at the given URL\n * 2. OAuth metadata at root (if URL has path)\n * 3. OIDC metadata endpoints\n /\nexport function buildDiscoveryUrls(authorizationServerUrl) {\n const url = typeof authorizationServerUrl === 'string' ? new URL(authorizationServerUrl) : authorizationServerUrl;\n const hasPath = url.pathname !== '/';\n const urlsToTry = [];\n if (!hasPath) {\n // Root path: https://example.com/.well-known/oauth-authorization-server\n urlsToTry.push({\n url: new URL('/.well-known/oauth-authorization-server', url.origin),\n type: 'oauth'\n });\n // OIDC: https://example.com/.well-known/openid-configuration\n urlsToTry.push({\n url: new URL(`/.well-known/openid-configuration`, url.origin),\n type: 'oidc'\n });\n return urlsToTry;\n }\n // Strip trailing slash from pathname to avoid double slashes\n let pathname = url.pathname;\n if (pathname.endsWith('/')) {\n pathname = pathname.slice(0, -1);\n }\n // 1. OAuth metadata at the given URL\n // Insert well-known before the path: https://example.com/.well-known/oauth-authorization-server/tenant1\n urlsToTry.push({\n url: new URL(`/.well-known/oauth-authorization-server${pathname}`, url.origin),\n type: 'oauth'\n });\n // Root path: https://example.com/.well-known/oauth-authorization-server\n urlsToTry.push({\n url: new URL('/.well-known/oauth-authorization-server', url.origin),\n type: 'oauth'\n });\n // 3. OIDC metadata endpoints\n // RFC 8414 style: Insert /.well-known/openid-configuration before the path\n urlsToTry.push({\n url: new URL(`/.well-known/openid-configuration${pathname}`, url.origin),\n type: 'oidc'\n });\n // OIDC Discovery 1.0 style: Append /.well-known/openid-configuration after the path\n urlsToTry.push({\n url: new URL(`${pathname}/.well-known/openid-configuration`, url.origin),\n type: 'oidc'\n });\n return urlsToTry;\n}\n/\n Discovers authorization server metadata with support for RFC 8414 OAuth 2.0 Authorization Server Metadata\n * and OpenID Connect Discovery 1.0 specifications.\n \n This function implements a fallback strategy for authorization server discovery:\n * 1. Attempts RFC 8414 OAuth metadata discovery first\n * 2. If OAuth discovery fails, falls back to OpenID Connect Discovery\n \n @param authorizationServerUrl - The authorization server URL obtained from the MCP Server's\n * protected resource metadata, or the MCP server's URL if the\n * metadata was not found.\n * @param options - Configuration options\n * @param options.fetchFn - Optional fetch function for making HTTP requests, defaults to global fetch\n * @param options.protocolVersion - MCP protocol version to use, defaults to LATEST_PROTOCOL_VERSION\n * @returns Promise resolving to authorization server metadata, or undefined if discovery fails\n /\nexport async function discoverAuthorizationServerMetadata(authorizationServerUrl, { fetchFn = fetch, protocolVersion = LATEST_PROTOCOL_VERSION, } = {}) {\n var _a;\n const headers = { 'MCP-Protocol-Version': protocolVersion };\n // Get the list of URLs to try\n const urlsToTry = buildDiscoveryUrls(authorizationServerUrl);\n // Try each URL in order\n for (const { url: endpointUrl, type } of urlsToTry) {\n const response = await fetchWithCorsRetry(endpointUrl, headers, fetchFn);\n if (!response) {\n /\n CORS error occurred - don't throw as the endpoint may not allow CORS,\n * continue trying other possible endpoints\n /\n continue;\n }\n if (!response.ok) {\n // Continue looking for any 4xx response code.\n if (response.status >= 400 && response.status < 500) {\n continue; // Try next URL\n }\n throw new Error(`HTTP ${response.status} trying to load ${type === 'oauth' ? 'OAuth' : 'OpenID provider'} metadata from ${endpointUrl}`);\n }\n // Parse and validate based on type\n if (type === 'oauth') {\n return OAuthMetadataSchema.parse(await response.json());\n }\n else {\n const metadata = OpenIdProviderDiscoveryMetadataSchema.parse(await response.json());\n // MCP spec requires OIDC providers to support S256 PKCE\n if (!((_a = metadata.code_challenge_methods_supported) === null \|\| _a === void 0 ? void 0 : _a.includes('S256'))) {\n throw new Error(`Incompatible OIDC provider at ${endpointUrl}: does not support S256 code challenge method required by MCP specification`);\n }\n return metadata;\n }\n }\n return undefined;\n}\n/\n Begins the authorization flow with the given server, by generating a PKCE challenge and constructing the authorization URL.\n /\nexport async function startAuthorization(authorizationServerUrl, { metadata, clientInformation, redirectUrl, scope, state, resource, }) {\n const responseType = \"code\";\n const codeChallengeMethod = \"S256\";\n let authorizationUrl;\n if (metadata) {\n authorizationUrl = new URL(metadata.authorization_endpoint);\n if (!metadata.response_types_supported.includes(responseType)) {\n throw new Error(`Incompatible auth server: does not support response type ${responseType}`);\n }\n if (!metadata.code_challenge_methods_supported \|\|\n !metadata.code_challenge_methods_supported.includes(codeChallengeMethod)) {\n throw new Error(`Incompatible auth server: does not support code challenge method ${codeChallengeMethod}`);\n }\n }\n else {\n authorizationUrl = new URL(\"/authorize\", authorizationServerUrl);\n }\n // Generate PKCE challenge\n const challenge = await pkceChallenge();\n const codeVerifier = challenge.code_verifier;\n const codeChallenge = challenge.code_challenge;\n authorizationUrl.searchParams.set(\"response_type\", responseType);\n authorizationUrl.searchParams.set(\"client_id\", clientInformation.client_id);\n authorizationUrl.searchParams.set(\"code_challenge\", codeChallenge);\n authorizationUrl.searchParams.set(\"code_challenge_method\", codeChallengeMethod);\n authorizationUrl.searchParams.set(\"redirect_uri\", String(redirectUrl));\n if (state) {\n authorizationUrl.searchParams.set(\"state\", state);\n }\n if (scope) {\n authorizationUrl.searchParams.set(\"scope\", scope);\n }\n if (scope === null \|\| scope === void 0 ? void 0 : scope.includes(\"offline_access\")) {\n // if the request includes the OIDC-only \"offline_access\" scope,\n // we need to set the prompt to \"consent\" to ensure the user is prompted to grant offline access\n // https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess\n authorizationUrl.searchParams.append(\"prompt\", \"consent\");\n }\n if (resource) {\n authorizationUrl.searchParams.set(\"resource\", resource.href);\n }\n return { authorizationUrl, codeVerifier };\n}\n/\n Exchanges an authorization code for an access token with the given server.\n \n Supports multiple client authentication methods as specified in OAuth 2.1:\n * - Automatically selects the best authentication method based on server support\n * - Falls back to appropriate defaults when server metadata is unavailable\n \n @param authorizationServerUrl - The authorization server's base URL\n * @param options - Configuration object containing client info, auth code, etc.\n * @returns Promise resolving to OAuth tokens\n * @throws {Error} When token exchange fails or authentication is invalid\n /\nexport async function exchangeAuthorization(authorizationServerUrl, { metadata, clientInformation, authorizationCode, codeVerifier, redirectUri, resource, addClientAuthentication, fetchFn, }) {\n var _a;\n const grantType = \"authorization_code\";\n const tokenUrl = (metadata === null \|\| metadata === void 0 ? void 0 : metadata.token_endpoint)\n ? new URL(metadata.token_endpoint)\n : new URL(\"/token\", authorizationServerUrl);\n if ((metadata === null \|\| metadata === void 0 ? void 0 : metadata.grant_types_supported) &&\n !metadata.grant_types_supported.includes(grantType)) {\n throw new Error(`Incompatible auth server: does not support grant type ${grantType}`);\n }\n // Exchange code for tokens\n const headers = new Headers({\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n \"Accept\": \"application/json\",\n });\n const params = new URLSearchParams({\n grant_type: grantType,\n code: authorizationCode,\n code_verifier: codeVerifier,\n redirect_uri: String(redirectUri),\n });\n if (addClientAuthentication) {\n addClientAuthentication(headers, params, authorizationServerUrl, metadata);\n }\n else {\n // Determine and apply client authentication method\n const supportedMethods = (_a = metadata === null \|\| metadata === void 0 ? void 0 : metadata.token_endpoint_auth_methods_supported) !== null && _a !== void 0 ? _a : [];\n const authMethod = selectClientAuthMethod(clientInformation, supportedMethods);\n applyClientAuthentication(authMethod, clientInformation, headers, params);\n }\n if (resource) {\n params.set(\"resource\", resource.href);\n }\n const response = await (fetchFn !== null && fetchFn !== void 0 ? fetchFn : fetch)(tokenUrl, {\n method: \"POST\",\n headers,\n body: params,\n });\n if (!response.ok) {\n throw await parseErrorResponse(response);\n }\n return OAuthTokensSchema.parse(await response.json());\n}\n/\n Exchange a refresh token for an updated access token.\n \n Supports multiple client authentication methods as specified in OAuth 2.1:\n * - Automatically selects the best authentication method based on server support\n * - Preserves the original refresh token if a new one is not returned\n \n @param authorizationServerUrl - The authorization server's base URL\n * @param options - Configuration object containing client info, refresh token, etc.\n * @returns Promise resolving to OAuth tokens (preserves original refresh_token if not replaced)\n * @throws {Error} When token refresh fails or authentication is invalid\n /\nexport async function refreshAuthorization(authorizationServerUrl, { metadata, clientInformation, refreshToken, resource, addClientAuthentication, fetchFn, }) {\n var _a;\n const grantType = \"refresh_token\";\n let tokenUrl;\n if (metadata) {\n tokenUrl = new URL(metadata.token_endpoint);\n if (metadata.grant_types_supported &&\n !metadata.grant_types_supported.includes(grantType)) {\n throw new Error(`Incompatible auth server: does not support grant type ${grantType}`);\n }\n }\n else {\n tokenUrl = new URL(\"/token\", authorizationServerUrl);\n }\n // Exchange refresh token\n const headers = new Headers({\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n });\n const params = new URLSearchParams({\n grant_type: grantType,\n refresh_token: refreshToken,\n });\n if (addClientAuthentication) {\n addClientAuthentication(headers, params, authorizationServerUrl, metadata);\n }\n else {\n // Determine and apply client authentication method\n const supportedMethods = (_a = metadata === null \|\| metadata === void 0 ? void 0 : metadata.token_endpoint_auth_methods_supported) !== null && _a !== void 0 ? _a : [];\n const authMethod = selectClientAuthMethod(clientInformation, supportedMethods);\n applyClientAuthentication(authMethod, clientInformation, headers, params);\n }\n if (resource) {\n params.set(\"resource\", resource.href);\n }\n const response = await (fetchFn !== null && fetchFn !== void 0 ? fetchFn : fetch)(tokenUrl, {\n method: \"POST\",\n headers,\n body: params,\n });\n if (!response.ok) {\n throw await parseErrorResponse(response);\n }\n return OAuthTokensSchema.parse({ refresh_token: refreshToken, ...(await response.json()) });\n}\n/\n Performs OAuth 2.0 Dynamic Client Registration according to RFC 7591.\n /\nexport async function registerClient(authorizationServerUrl, { metadata, clientMetadata, fetchFn, }) {\n let registrationUrl;\n if (metadata) {\n if (!metadata.registration_endpoint) {\n throw new Error(\"Incompatible auth server: does not support dynamic client registration\");\n }\n registrationUrl = new URL(metadata.registration_endpoint);\n }\n else {\n registrationUrl = new URL(\"/register\", authorizationServerUrl);\n }\n const response = await (fetchFn !== null && fetchFn !== void 0 ? fetchFn : fetch)(registrationUrl, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify(clientMetadata),\n });\n if (!response.ok) {\n throw await parseErrorResponse(response);\n }\n return OAuthClientInformationFullSchema.parse(await response.json());\n}\n//# sourceMappingURL=auth.js.map","import { EventSource } from \"eventsource\";\nimport { JSONRPCMessageSchema } from \"../types.js\";\nimport { auth, extractResourceMetadataUrl, UnauthorizedError } from \"./auth.js\";\nexport class SseError extends Error {\n constructor(code, message, event) {\n super(`SSE error: ${message}`);\n this.code = code;\n this.event = event;\n }\n}\n/\n Client transport for SSE: this will connect to a server using Server-Sent Events for receiving\n * messages and make separate POST requests for sending messages.\n /\nexport class SSEClientTransport {\n constructor(url, opts) {\n this._url = url;\n this._resourceMetadataUrl = undefined;\n this._eventSourceInit = opts === null \|\| opts === void 0 ? void 0 : opts.eventSourceInit;\n this._requestInit = opts === null \|\| opts === void 0 ? void 0 : opts.requestInit;\n this._authProvider = opts === null \|\| opts === void 0 ? void 0 : opts.authProvider;\n this._fetch = opts === null \|\| opts === void 0 ? void 0 : opts.fetch;\n }\n async _authThenStart() {\n var _a;\n if (!this._authProvider) {\n throw new UnauthorizedError(\"No auth provider\");\n }\n let result;\n try {\n result = await auth(this._authProvider, { serverUrl: this._url, resourceMetadataUrl: this._resourceMetadataUrl, fetchFn: this._fetch });\n }\n catch (error) {\n (_a = this.onerror) === null \|\| _a === void 0 ? void 0 : _a.call(this, error);\n throw error;\n }\n if (result !== \"AUTHORIZED\") {\n throw new UnauthorizedError();\n }\n return await this._startOrAuth();\n }\n async _commonHeaders() {\n var _a;\n const headers = {};\n if (this._authProvider) {\n const tokens = await this._authProvider.tokens();\n if (tokens) {\n headers[\"Authorization\"] = `Bearer ${tokens.access_token}`;\n }\n }\n if (this._protocolVersion) {\n headers[\"mcp-protocol-version\"] = this._protocolVersion;\n }\n return new Headers({ ...headers, ...(_a = this._requestInit) === null \|\| _a === void 0 ? void 0 : _a.headers });\n }\n _startOrAuth() {\n var _a, _b, _c;\n const fetchImpl = ((_c = (_b = (_a = this === null \|\| this === void 0 ? void 0 : this._eventSourceInit) === null \|\| _a === void 0 ? void 0 : _a.fetch) !== null && _b !== void 0 ? _b : this._fetch) !== null && _c !== void 0 ? _c : fetch);\n return new Promise((resolve, reject) => {\n this._eventSource = new EventSource(this._url.href, {\n ...this._eventSourceInit,\n fetch: async (url, init) => {\n const headers = await this._commonHeaders();\n headers.set(\"Accept\", \"text/event-stream\");\n const response = await fetchImpl(url, {\n ...init,\n headers,\n });\n if (response.status === 401 && response.headers.has('www-authenticate')) {\n this._resourceMetadataUrl = extractResourceMetadataUrl(response);\n }\n return response;\n },\n });\n this._abortController = new AbortController();\n this._eventSource.onerror = (event) => {\n var _a;\n if (event.code === 401 && this._authProvider) {\n this._authThenStart().then(resolve, reject);\n return;\n }\n const error = new SseError(event.code, event.message, event);\n reject(error);\n (_a = this.onerror) === null \|\| _a === void 0 ? void 0 : _a.call(this, error);\n };\n this._eventSource.onopen = () => {\n // The connection is open, but we need to wait for the endpoint to be received.\n };\n this._eventSource.addEventListener(\"endpoint\", (event) => {\n var _a;\n const messageEvent = event;\n try {\n this._endpoint = new URL(messageEvent.data, this._url);\n if (this._endpoint.origin !== this._url.origin) {\n throw new Error(`Endpoint origin does not match connection origin: ${this._endpoint.origin}`);\n }\n }\n catch (error) {\n reject(error);\n (_a = this.onerror) === null \|\| _a === void 0 ? void 0 : _a.call(this, error);\n void this.close();\n return;\n }\n resolve();\n });\n this._eventSource.onmessage = (event) => {\n var _a, _b;\n const messageEvent = event;\n let message;\n try {\n message = JSONRPCMessageSchema.parse(JSON.parse(messageEvent.data));\n }\n catch (error) {\n (_a = this.onerror) === null \|\| _a === void 0 ? void 0 : _a.call(this, error);\n return;\n }\n (_b = this.onmessage) === null \|\| _b === void 0 ? void 0 : _b.call(this, message);\n };\n });\n }\n async start() {\n if (this._eventSource) {\n throw new Error(\"SSEClientTransport already started! If using Client class, note that connect() calls start() automatically.\");\n }\n return await this._startOrAuth();\n }\n /\n Call this method after the user has finished authorizing via their user agent and is redirected back to the MCP client application. This will exchange the authorization code for an access token, enabling the next connection attempt to successfully auth.\n /\n async finishAuth(authorizationCode) {\n if (!this._authProvider) {\n throw new UnauthorizedError(\"No auth provider\");\n }\n const result = await auth(this._authProvider, { serverUrl: this._url, authorizationCode, resourceMetadataUrl: this._resourceMetadataUrl, fetchFn: this._fetch });\n if (result !== \"AUTHORIZED\") {\n throw new UnauthorizedError(\"Failed to authorize\");\n }\n }\n async close() {\n var _a, _b, _c;\n (_a = this._abortController) === null \|\| _a === void 0 ? void 0 : _a.abort();\n (_b = this._eventSource) === null \|\| _b === void 0 ? void 0 : _b.close();\n (_c = this.onclose) === null \|\| _c === void 0 ? void 0 : _c.call(this);\n }\n async send(message) {\n var _a, _b, _c;\n if (!this._endpoint) {\n throw new Error(\"Not connected\");\n }\n try {\n const headers = await this._commonHeaders();\n headers.set(\"content-type\", \"application/json\");\n const init = {\n ...this._requestInit,\n method: \"POST\",\n headers,\n body: JSON.stringify(message),\n signal: (_a = this._abortController) === null \|\| _a === void 0 ? void 0 : _a.signal,\n };\n const response = await ((_b = this._fetch) !== null && _b !== void 0 ? _b : fetch)(this._endpoint, init);\n if (!response.ok) {\n if (response.status === 401 && this._authProvider) {\n this._resourceMetadataUrl = extractResourceMetadataUrl(response);\n const result = await auth(this._authProvider, { serverUrl: this._url, resourceMetadataUrl: this._resourceMetadataUrl, fetchFn: this._fetch });\n if (result !== \"AUTHORIZED\") {\n throw new UnauthorizedError();\n }\n // Purposely _not_ awaited, so we don't call onerror twice\n return this.send(message);\n }\n const text = await response.text().catch(() => null);\n throw new Error(`Error POSTing to endpoint (HTTP ${response.status}): ${text}`);\n }\n }\n catch (error) {\n (_c = this.onerror) === null \|\| _c === void 0 ? void 0 : _c.call(this, error);\n throw error;\n }\n }\n setProtocolVersion(version) {\n this._protocolVersion = version;\n }\n}\n//# sourceMappingURL=sse.js.map","import { createParser } from \"./index.js\";\nimport { ParseError } from \"./index.js\";\nclass EventSourceParserStream extends TransformStream {\n constructor({ onError, onRetry, onComment } = {}) {\n let parser;\n super({\n start(controller) {\n parser = createParser({\n onEvent: (event) => {\n controller.enqueue(event);\n },\n onError(error) {\n onError === \"terminate\" ? controller.error(error) : typeof onError == \"function\" && onError(error);\n },\n onRetry,\n onComment\n });\n },\n transform(chunk) {\n parser.feed(chunk);\n }\n });\n }\n}\nexport {\n EventSourceParserStream,\n ParseError\n};\n//# sourceMappingURL=stream.js.map\n","import { isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, JSONRPCMessageSchema } from \"../types.js\";\nimport { auth, extractResourceMetadataUrl, UnauthorizedError } from \"./auth.js\";\nimport { EventSourceParserStream } from \"eventsource-parser/stream\";\n// Default reconnection options for StreamableHTTP connections\nconst DEFAULT_STREAMABLE_HTTP_RECONNECTION_OPTIONS = {\n initialReconnectionDelay: 1000,\n maxReconnectionDelay: 30000,\n reconnectionDelayGrowFactor: 1.5,\n maxRetries: 2,\n};\nexport class StreamableHTTPError extends Error {\n constructor(code, message) {\n super(`Streamable HTTP error: ${message}`);\n this.code = code;\n }\n}\n/\n Client transport for Streamable HTTP: this implements the MCP Streamable HTTP transport specification.\n * It will connect to a server using HTTP POST for sending messages and HTTP GET with Server-Sent Events\n * for receiving messages.\n /\nexport class StreamableHTTPClientTransport {\n constructor(url, opts) {\n var _a;\n this._url = url;\n this._resourceMetadataUrl = undefined;\n this._requestInit = opts === null \|\| opts === void 0 ? void 0 : opts.requestInit;\n this._authProvider = opts === null \|\| opts === void 0 ? void 0 : opts.authProvider;\n this._fetch = opts === null \|\| opts === void 0 ? void 0 : opts.fetch;\n this._sessionId = opts === null \|\| opts === void 0 ? void 0 : opts.sessionId;\n this._reconnectionOptions = (_a = opts === null \|\| opts === void 0 ? void 0 : opts.reconnectionOptions) !== null && _a !== void 0 ? _a : DEFAULT_STREAMABLE_HTTP_RECONNECTION_OPTIONS;\n }\n async _authThenStart() {\n var _a;\n if (!this._authProvider) {\n throw new UnauthorizedError(\"No auth provider\");\n }\n let result;\n try {\n result = await auth(this._authProvider, { serverUrl: this._url, resourceMetadataUrl: this._resourceMetadataUrl, fetchFn: this._fetch });\n }\n catch (error) {\n (_a = this.onerror) === null \|\| _a === void 0 ? void 0 : _a.call(this, error);\n throw error;\n }\n if (result !== \"AUTHORIZED\") {\n throw new UnauthorizedError();\n }\n return await this._startOrAuthSse({ resumptionToken: undefined });\n }\n async _commonHeaders() {\n var _a;\n const headers = {};\n if (this._authProvider) {\n const tokens = await this._authProvider.tokens();\n if (tokens) {\n headers[\"Authorization\"] = `Bearer ${tokens.access_token}`;\n }\n }\n if (this._sessionId) {\n headers[\"mcp-session-id\"] = this._sessionId;\n }\n if (this._protocolVersion) {\n headers[\"mcp-protocol-version\"] = this._protocolVersion;\n }\n const extraHeaders = this._normalizeHeaders((_a = this._requestInit) === null \|\| _a === void 0 ? void 0 : _a.headers);\n return new Headers({\n ...headers,\n ...extraHeaders,\n });\n }\n async _startOrAuthSse(options) {\n var _a, _b, _c;\n const { resumptionToken } = options;\n try {\n // Try to open an initial SSE stream with GET to listen for server messages\n // This is optional according to the spec - server may not support it\n const headers = await this._commonHeaders();\n headers.set(\"Accept\", \"text/event-stream\");\n // Include Last-Event-ID header for resumable streams if provided\n if (resumptionToken) {\n headers.set(\"last-event-id\", resumptionToken);\n }\n const response = await ((_a = this._fetch) !== null && _a !== void 0 ? _a : fetch)(this._url, {\n method: \"GET\",\n headers,\n signal: (_b = this._abortController) === null \|\| _b === void 0 ? void 0 : _b.signal,\n });\n if (!response.ok) {\n if (response.status === 401 && this._authProvider) {\n // Need to authenticate\n return await this._authThenStart();\n }\n // 405 indicates that the server does not offer an SSE stream at GET endpoint\n // This is an expected case that should not trigger an error\n if (response.status === 405) {\n return;\n }\n throw new StreamableHTTPError(response.status, `Failed to open SSE stream: ${response.statusText}`);\n }\n this._handleSseStream(response.body, options, true);\n }\n catch (error) {\n (_c = this.onerror) === null \|\| _c === void 0 ? void 0 : _c.call(this, error);\n throw error;\n }\n }\n /\n Calculates the next reconnection delay using backoff algorithm\n \n @param attempt Current reconnection attempt count for the specific stream\n * @returns Time to wait in milliseconds before next reconnection attempt\n /\n _getNextReconnectionDelay(attempt) {\n // Access default values directly, ensuring they're never undefined\n const initialDelay = this._reconnectionOptions.initialReconnectionDelay;\n const growFactor = this._reconnectionOptions.reconnectionDelayGrowFactor;\n const maxDelay = this._reconnectionOptions.maxReconnectionDelay;\n // Cap at maximum delay\n return Math.min(initialDelay Math.pow(growFactor, attempt), maxDelay);\n }\n _normalizeHeaders(headers) {\n if (!headers)\n return {};\n if (headers instanceof Headers) {\n return Object.fromEntries(headers.entries());\n }\n if (Array.isArray(headers)) {\n return Object.fromEntries(headers);\n }\n return { ...headers };\n }\n /*\n Schedule a reconnection attempt with exponential backoff\n \n @param lastEventId The ID of the last received event for resumability\n * @param attemptCount Current reconnection attempt count for this specific stream\n /\n _scheduleReconnection(options, attemptCount = 0) {\n var _a;\n // Use provided options or default options\n const maxRetries = this._reconnectionOptions.maxRetries;\n // Check if we've exceeded maximum retry attempts\n if (maxRetries > 0 && attemptCount >= maxRetries) {\n (_a = this.onerror) === null \|\| _a === void 0 ? void 0 : _a.call(this, new Error(`Maximum reconnection attempts (${maxRetries}) exceeded.`));\n return;\n }\n // Calculate next delay based on current attempt count\n const delay = this._getNextReconnectionDelay(attemptCount);\n // Schedule the reconnection\n setTimeout(() => {\n // Use the last event ID to resume where we left off\n this._startOrAuthSse(options).catch(error => {\n var _a;\n (_a = this.onerror) === null \|\| _a === void 0 ? void 0 : _a.call(this, new Error(`Failed to reconnect SSE stream: ${error instanceof Error ? error.message : String(error)}`));\n // Schedule another attempt if this one failed, incrementing the attempt counter\n this._scheduleReconnection(options, attemptCount + 1);\n });\n }, delay);\n }\n _handleSseStream(stream, options, isReconnectable) {\n if (!stream) {\n return;\n }\n const { onresumptiontoken, replayMessageId } = options;\n let lastEventId;\n const processStream = async () => {\n var _a, _b, _c, _d;\n // this is the closest we can get to trying to catch network errors\n // if something happens reader will throw\n try {\n // Create a pipeline: binary stream -> text decoder -> SSE parser\n const reader = stream\n .pipeThrough(new TextDecoderStream())\n .pipeThrough(new EventSourceParserStream())\n .getReader();\n while (true) {\n const { value: event, done } = await reader.read();\n if (done) {\n break;\n }\n // Update last event ID if provided\n if (event.id) {\n lastEventId = event.id;\n onresumptiontoken === null \|\| onresumptiontoken === void 0 ? void 0 : onresumptiontoken(event.id);\n }\n if (!event.event \|\| event.event === \"message\") {\n try {\n const message = JSONRPCMessageSchema.parse(JSON.parse(event.data));\n if (replayMessageId !== undefined && isJSONRPCResponse(message)) {\n message.id = replayMessageId;\n }\n (_a = this.onmessage) === null \|\| _a === void 0 ? void 0 : _a.call(this, message);\n }\n catch (error) {\n (_b = this.onerror) === null \|\| _b === void 0 ? void 0 : _b.call(this, error);\n }\n }\n }\n }\n catch (error) {\n // Handle stream errors - likely a network disconnect\n (_c = this.onerror) === null \|\| _c === void 0 ? void 0 : _c.call(this, new Error(`SSE stream disconnected: ${error}`));\n // Attempt to reconnect if the stream disconnects unexpectedly and we aren't closing\n if (isReconnectable &&\n this._abortController &&\n !this._abortController.signal.aborted) {\n // Use the exponential backoff reconnection strategy\n try {\n this._scheduleReconnection({\n resumptionToken: lastEventId,\n onresumptiontoken,\n replayMessageId\n }, 0);\n }\n catch (error) {\n (_d = this.onerror) === null \|\| _d === void 0 ? void 0 : _d.call(this, new Error(`Failed to reconnect: ${error instanceof Error ? error.message : String(error)}`));\n }\n }\n }\n };\n processStream();\n }\n async start() {\n if (this._abortController) {\n throw new Error(\"StreamableHTTPClientTransport already started! If using Client class, note that connect() calls start() automatically.\");\n }\n this._abortController = new AbortController();\n }\n /\n Call this method after the user has finished authorizing via their user agent and is redirected back to the MCP client application. This will exchange the authorization code for an access token, enabling the next connection attempt to successfully auth.\n /\n async finishAuth(authorizationCode) {\n if (!this._authProvider) {\n throw new UnauthorizedError(\"No auth provider\");\n }\n const result = await auth(this._authProvider, { serverUrl: this._url, authorizationCode, resourceMetadataUrl: this._resourceMetadataUrl, fetchFn: this._fetch });\n if (result !== \"AUTHORIZED\") {\n throw new UnauthorizedError(\"Failed to authorize\");\n }\n }\n async close() {\n var _a, _b;\n // Abort any pending requests\n (_a = this._abortController) === null \|\| _a === void 0 ? void 0 : _a.abort();\n (_b = this.onclose) === null \|\| _b === void 0 ? void 0 : _b.call(this);\n }\n async send(message, options) {\n var _a, _b, _c, _d;\n try {\n const { resumptionToken, onresumptiontoken } = options \|\| {};\n if (resumptionToken) {\n // If we have at last event ID, we need to reconnect the SSE stream\n this._startOrAuthSse({ resumptionToken, replayMessageId: isJSONRPCRequest(message) ? message.id : undefined }).catch(err => { var _a; return (_a = this.onerror) === null \|\| _a === void 0 ? void 0 : _a.call(this, err); });\n return;\n }\n const headers = await this._commonHeaders();\n headers.set(\"content-type\", \"application/json\");\n headers.set(\"accept\", \"application/json, text/event-stream\");\n const init = {\n ...this._requestInit,\n method: \"POST\",\n headers,\n body: JSON.stringify(message),\n signal: (_a = this._abortController) === null \|\| _a === void 0 ? void 0 : _a.signal,\n };\n const response = await ((_b = this._fetch) !== null && _b !== void 0 ? _b : fetch)(this._url, init);\n // Handle session ID received during initialization\n const sessionId = response.headers.get(\"mcp-session-id\");\n if (sessionId) {\n this._sessionId = sessionId;\n }\n if (!response.ok) {\n if (response.status === 401 && this._authProvider) {\n this._resourceMetadataUrl = extractResourceMetadataUrl(response);\n const result = await auth(this._authProvider, { serverUrl: this._url, resourceMetadataUrl: this._resourceMetadataUrl, fetchFn: this._fetch });\n if (result !== \"AUTHORIZED\") {\n throw new UnauthorizedError();\n }\n // Purposely _not_ awaited, so we don't call onerror twice\n return this.send(message);\n }\n const text = await response.text().catch(() => null);\n throw new Error(`Error POSTing to endpoint (HTTP ${response.status}): ${text}`);\n }\n // If the response is 202 Accepted, there's no body to process\n if (response.status === 202) {\n // if the accepted notification is initialized, we start the SSE stream\n // if it's supported by the server\n if (isInitializedNotification(message)) {\n // Start without a lastEventId since this is a fresh connection\n this._startOrAuthSse({ resumptionToken: undefined }).catch(err => { var _a; return (_a = this.onerror) === null \|\| _a === void 0 ? void 0 : _a.call(this, err); });\n }\n return;\n }\n // Get original message(s) for detecting request IDs\n const messages = Array.isArray(message) ? message : [message];\n const hasRequests = messages.filter(msg => \"method\" in msg && \"id\" in msg && msg.id !== undefined).length > 0;\n // Check the response type\n const contentType = response.headers.get(\"content-type\");\n if (hasRequests) {\n if (contentType === null \|\| contentType === void 0 ? void 0 : contentType.includes(\"text/event-stream\")) {\n // Handle SSE stream responses for requests\n // We use the same handler as standalone streams, which now supports\n // reconnection with the last event ID\n this._handleSseStream(response.body, { onresumptiontoken }, false);\n }\n else if (contentType === null \|\| contentType === void 0 ? void 0 : contentType.includes(\"application/json\")) {\n // For non-streaming servers, we might get direct JSON responses\n const data = await response.json();\n const responseMessages = Array.isArray(data)\n ? data.map(msg => JSONRPCMessageSchema.parse(msg))\n : [JSONRPCMessageSchema.parse(data)];\n for (const msg of responseMessages) {\n (_c = this.onmessage) === null \|\| _c === void 0 ? void 0 : _c.call(this, msg);\n }\n }\n else {\n throw new StreamableHTTPError(-1, `Unexpected content type: ${contentType}`);\n }\n }\n }\n catch (error) {\n (_d = this.onerror) === null \|\| _d === void 0 ? void 0 : _d.call(this, error);\n throw error;\n }\n }\n get sessionId() {\n return this._sessionId;\n }\n /\n Terminates the current session by sending a DELETE request to the server.\n \n Clients that no longer need a particular session\n * (e.g., because the user is leaving the client application) SHOULD send an\n * HTTP DELETE to the MCP endpoint with the Mcp-Session-Id header to explicitly\n * terminate the session.\n \n The server MAY respond with HTTP 405 Method Not Allowed, indicating that\n * the server does not allow clients to terminate sessions.\n /\n async terminateSession() {\n var _a, _b, _c;\n if (!this._sessionId) {\n return; // No session to terminate\n }\n try {\n const headers = await this._commonHeaders();\n const init = {\n ...this._requestInit,\n method: \"DELETE\",\n headers,\n signal: (_a = this._abortController) === null \|\| _a === void 0 ? void 0 : _a.signal,\n };\n const response = await ((_b = this._fetch) !== null && _b !== void 0 ? _b : fetch)(this._url, init);\n // We specifically handle 405 as a valid response according to the spec,\n // meaning the server does not support explicit session termination\n if (!response.ok && response.status !== 405) {\n throw new StreamableHTTPError(response.status, `Failed to terminate session: ${response.statusText}`);\n }\n this._sessionId = undefined;\n }\n catch (error) {\n (_c = this.onerror) === null \|\| _c === void 0 ? void 0 : _c.call(this, error);\n throw error;\n }\n }\n setProtocolVersion(version) {\n this._protocolVersion = version;\n }\n get protocolVersion() {\n return this._protocolVersion;\n }\n}\n//# sourceMappingURL=streamableHttp.js.map","import process from \"node:process\";\nimport { ReadBuffer, serializeMessage } from \"../shared/stdio.js\";\n/\n Server transport for stdio: this communicates with a MCP client by reading from the current process' stdin and writing to stdout.\n \n This transport is only available in Node.js environments.\n /\nexport class StdioServerTransport {\n constructor(_stdin = process.stdin, _stdout = process.stdout) {\n this._stdin = _stdin;\n this._stdout = _stdout;\n this._readBuffer = new ReadBuffer();\n this._started = false;\n // Arrow functions to bind `this` properly, while maintaining function identity.\n this._ondata = (chunk) => {\n this._readBuffer.append(chunk);\n this.processReadBuffer();\n };\n this._onerror = (error) => {\n var _a;\n (_a = this.onerror) === null \|\| _a === void 0 ? void 0 : _a.call(this, error);\n };\n }\n /\n Starts listening for messages on stdin.\n */\n async start() {\n if (this._started) {\n throw new Error(\"StdioServerTransport already started! If using Server class, note that connect() calls start() automatically.\");\n }\n this._started = true;\n this._stdin.on(\"data\", this._ondata);\n this._stdin.on(\"error\", this._onerror);\n }\n processReadBuffer() {\n var _a, _b;\n while (true) {\n try {\n const message = this._readBuffer.readMessage();\n if (message === null) {\n break;\n }\n (_a = this.onmessage) === null \|\| _a === void 0 ? void 0 : _a.call(this, message);\n }\n catch (error) {\n (_b = this.onerror) === null \|\| _b === void 0 ? void 0 : _b.call(this, error);\n }\n }\n }\n async close() {\n var _a;\n // Remove our event listeners first\n this._stdin.off(\"data\", this._ondata);\n this._stdin.off(\"error\", this._onerror);\n // Check if we were the only data listener\n const remainingDataListeners = this._stdin.listenerCount('data');\n if (remainingDataListeners === 0) {\n // Only pause stdin if we were the only listener\n // This prevents interfering with other parts of the application that might be using stdin\n this._stdin.pause();\n }\n // Clear the buffer and notify closure\n this._readBuffer.clear();\n (_a = this.onclose) === null \|\| _a === void 0 ? void 0 : _a.call(this);\n }\n send(message) {\n return new Promise((resolve) => {\n const json = serializeMessage(message);\n if (this._stdout.write(json)) {\n resolve();\n }\n else {\n this._stdout.once(\"drain\", resolve);\n }\n });\n }\n}\n//# sourceMappingURL=stdio.js.map","import { Client } from \"@modelcontextprotocol/sdk/client/index.js\";\nimport { SSEClientTransportOptions } from \"@modelcontextprotocol/sdk/client/sse.js\";\nimport { SSEClientTransport } from \"@modelcontextprotocol/sdk/client/sse.js\";\nimport { StreamableHTTPClientTransportOptions } from \"@modelcontextprotocol/sdk/client/streamableHttp.js\";\nimport { StreamableHTTPClientTransport } from \"@modelcontextprotocol/sdk/client/streamableHttp.js\";\nimport { Server } from \"@modelcontextprotocol/sdk/server/index.js\";\nimport { StdioServerTransport } from \"@modelcontextprotocol/sdk/server/stdio.js\";\n\nimport { proxyServer } from \"./proxyServer.js\";\n\nexport enum ServerType {\n HTTPStream = \"HTTPStream\",\n SSE = \"SSE\",\n}\n\nexport const startStdioServer = async ({\n initStdioServer,\n initStreamClient,\n serverType,\n transportOptions = {},\n url,\n}: {\n initStdioServer?: () => Promise<Server>;\n initStreamClient?: () => Promise<Client>;\n serverType: ServerType;\n transportOptions?:\n \| SSEClientTransportOptions\n \| StreamableHTTPClientTransportOptions;\n url: string;\n}): Promise<Server> => {\n let transport: SSEClientTransport \| StreamableHTTPClientTransport;\n switch (serverType) {\n case ServerType.SSE:\n transport = new SSEClientTransport(new URL(url), transportOptions);\n break;\n default:\n transport = new StreamableHTTPClientTransport(\n new URL(url),\n transportOptions,\n );\n }\n const streamClient = initStreamClient\n ? await initStreamClient()\n : new Client(\n {\n name: \"mcp-proxy\",\n version: \"1.0.0\",\n },\n {\n capabilities: {},\n },\n );\n\n await streamClient.connect(transport);\n\n const serverVersion = streamClient.getServerVersion() as {\n name: string;\n version: string;\n };\n\n const serverCapabilities = streamClient.getServerCapabilities() as {\n capabilities: Record<string, unknown>;\n };\n\n const stdioServer = initStdioServer\n ? await initStdioServer()\n : new Server(serverVersion, {\n capabilities: serverCapabilities,\n });\n\n const stdioTransport = new StdioServerTransport();\n\n await stdioServer.connect(stdioTransport);\n\n await proxyServer({\n client: streamClient,\n server: stdioServer,\n serverCapabilities,\n });\n\n return stdioServer;\n};\n","import { Transport } from \"@modelcontextprotocol/sdk/shared/transport.js\";\nimport { JSONRPCMessage } from \"@modelcontextprotocol/sdk/types.js\";\n\ntype TransportEvent =\n \| {\n error: Error;\n type: \"onerror\";\n }\n \| {\n message: JSONRPCMessage;\n type: \"onmessage\";\n }\n \| {\n message: JSONRPCMessage;\n type: \"send\";\n }\n \| {\n type: \"close\";\n }\n \| {\n type: \"onclose\";\n }\n \| {\n type: \"start\";\n };\n\nexport const tapTransport = (\n transport: Transport,\n eventHandler: (event: TransportEvent) => void,\n): Transport => {\n const originalClose = transport.close.bind(transport);\n const originalOnClose = transport.onclose?.bind(transport);\n const originalOnError = transport.onerror?.bind(transport);\n const originalOnMessage = transport.onmessage?.bind(transport);\n const originalSend = transport.send.bind(transport);\n const originalStart = transport.start.bind(transport);\n\n transport.close = async () => {\n eventHandler({\n type: \"close\",\n });\n\n return originalClose?.();\n };\n\n transport.onclose = async () => {\n eventHandler({\n type: \"onclose\",\n });\n\n return originalOnClose?.();\n };\n\n transport.onerror = async (error: Error) => {\n eventHandler({\n error,\n type: \"onerror\",\n });\n\n return originalOnError?.(error);\n };\n\n transport.onmessage = async (message: JSONRPCMessage) => {\n eventHandler({\n message,\n type: \"onmessage\",\n });\n\n return originalOnMessage?.(message);\n };\n\n transport.send = async (message: JSONRPCMessage) => {\n eventHandler({\n message,\n type: \"send\",\n });\n\n return originalSend?.(message);\n };\n\n transport.start = async () => {\n eventHandler({\n type: \"start\",\n });\n\n return originalStart?.();\n };\n\n return transport;\n};\n"],"x_google_ignoreList":[0,1,2,3,4,5,6,7,8,9,10],"mappings":";;;;AAAA,IAAM,aAAN,cAAyB,MAAM;CAC7B,YAAY,SAAS,SAAS;AAC5B,QAAM,UAAU,KAAK,OAAO,cAAc,KAAK,OAAO,QAAQ,MAAM,KAAK,QAAQ,QAAQ,OAAO,KAAK,QAAQ,QAAQ,OAAO,KAAK,OAAO,QAAQ;;;AAGpJ,SAAS,KAAK,MAAM;AAEpB,SAAS,aAAa,WAAW;AAC/B,KAAI,OAAO,aAAa,WACtB,OAAM,IAAI,UACR;CAEJ,MAAM,EAAE,UAAU,MAAM,UAAU,MAAM,UAAU,MAAM,cAAc;CACtE,IAAI,iBAAiB,IAAI,eAAe,CAAC,GAAG,IAAI,OAAO,IAAI,YAAY;CACvE,SAAS,KAAK,UAAU;EACtB,MAAM,QAAQ,eAAe,SAAS,QAAQ,iBAAiB,MAAM,UAAU,CAAC,UAAU,cAAc,WAAW,GAAG,iBAAiB;AACvI,OAAK,MAAM,QAAQ,SACjB,WAAU;AACZ,mBAAiB,YAAY,eAAe,CAAC;;CAE/C,SAAS,UAAU,MAAM;AACvB,MAAI,SAAS,IAAI;AACf;AACA;;AAEF,MAAI,KAAK,WAAW,MAAM;AACxB,gBAAa,UAAU,KAAK,MAAM,KAAK,WAAW,QAAQ,IAAI;AAC9D;;EAEF,MAAM,sBAAsB,KAAK,QAAQ;AACzC,MAAI,wBAAwB,IAAI;GAC9B,MAAM,QAAQ,KAAK,MAAM,GAAG,sBAAsB,SAAS,KAAK,sBAAsB,OAAO,MAAM,IAAI,GAAG,QAAQ,KAAK,MAAM,sBAAsB;AACnJ,gBAAa,OAAO,OAAO;AAC3B;;AAEF,eAAa,MAAM,IAAI;;CAEzB,SAAS,aAAa,OAAO,OAAO,MAAM;AACxC,UAAQ,OAAR;GACE,KAAK;AACH,gBAAY;AACZ;GACF,KAAK;AACH,WAAO,GAAG,OAAO,MAAM;;AAEvB;GACF,KAAK;AACH,SAAK,MAAM,SAAS,QAAQ,KAAK,IAAI;AACrC;GACF,KAAK;AACH,YAAQ,KAAK,SAAS,QAAQ,SAAS,OAAO,OAAO,QACnD,IAAI,WAAW,6BAA6B,MAAM,IAAI;KACpD,MAAM;KACN;KACA;;AAGJ;GACF;AACE,YACE,IAAI,WACF,kBAAkB,MAAM,SAAS,KAAK,GAAG,MAAM,MAAM,GAAG,IAAI,UAAU,MAAM,IAC5E;KAAE,MAAM;KAAiB;KAAO;KAAO;;AAG3C;;;CAGN,SAAS,gBAAgB;AACvB,OAAK,SAAS,KAAK,QAAQ;GACzB;GACA,OAAO,aAAa,KAAK;GAGzB,MAAM,KAAK,SAAS;KACrB,KAAK,MAAM,GAAG,MAAM;MACjB,KAAK,KAAK,GAAG,OAAO,IAAI,YAAY;;CAE1C,SAAS,MAAM,UAAU,IAAI;AAC3B,oBAAkB,QAAQ,WAAW,UAAU,iBAAiB,eAAe,CAAC,GAAG,KAAK,KAAK,GAAG,OAAO,IAAI,YAAY,IAAI,iBAAiB;;AAE9I,QAAO;EAAE;EAAM;;;AAEjB,SAAS,WAAW,OAAO;CACzB,MAAM,QAAQ;CACd,IAAI,iBAAiB,IAAI,cAAc;AACvC,QAAO,cAAc,MAAM,SAAU;EACnC,MAAM,UAAU,MAAM,QAAQ,MAAM,cAAc,UAAU,MAAM,QAAQ;GAC3E;EACC,IAAI,UAAU;AACd,MAAI,YAAY,MAAM,YAAY,KAAK,UAAU,KAAK,IAAI,SAAS,WAAW,YAAY,KAAK,UAAU,UAAU,YAAY,OAAO,UAAU,UAAU,YAAY,IAAI;AACxK,oBAAiB,MAAM,MAAM;AAC7B;SACK;GACL,MAAM,OAAO,MAAM,MAAM,aAAa;AACtC,SAAM,KAAK,OAAO,cAAc,UAAU,GAAG,MAAM,cAAc,OAAO,QAAQ,MAAM,iBAAiB;KACxG;;;AAGH,QAAO,CAAC,OAAO;;;;;AClGjB,IAAM,aAAN,cAAyB,MAAM;;;;;;;;CAQ7B,YAAY,MAAM,oBAAoB;EACpC,IAAI,IAAI;AACR,QAAM,OAAO,KAAK,QAAQ,KAAK,sBAAsB,OAAO,KAAK,IAAI,mBAAmB,SAAS,OAAO,KAAK,KAAK,GAAG,KAAK,WAAW,KAAK,sBAAsB,OAAO,KAAK,IAAI,mBAAmB,YAAY,OAAO,KAAK,KAAK;;;;;;;;;;;;;;CAclO,CAAC,OAAO,IAAI,+BAA+B,QAAQ,SAAS,SAAS;AACnE,SAAO,QAAQ,iBAAiB,OAAO;;;;;;;;;;;;;CAazC,CAAC,OAAO,IAAI,uBAAuB,SAAS,SAAS;AACnD,SAAO,QAAQ,iBAAiB,OAAO;;;AAG3C,SAAS,YAAY,SAAS;CAC5B,MAAM,eAAe,WAAW;AAChC,QAAO,OAAO,gBAAgB,aAAa,IAAI,aAAa,SAAS,iBAAiB,IAAI,YAAY;;AAExG,SAAS,aAAa,KAAK;AACzB,QAAO,eAAe,QAAQ,YAAY,OAAO,MAAM,QAAQ,IAAI,UAAU,IAAI,OAAO,IAAI,cAAc,KAAK,QAAQ,WAAW,OAAO,IAAI,iBAAiB,QAAQ,GAAG,IAAI,IAAI,aAAa,IAAI,WAAW,IAAI,UAAU,GAAG;;AAEhO,SAAS,iBAAiB,KAAK;AAC7B,QAAO;EACL,MAAM,IAAI;EACV,SAAS,IAAI;EACb,MAAM,IAAI;EACV,kBAAkB,IAAI;EACtB,YAAY,IAAI;EAChB,WAAW,IAAI;;;AAGnB,IAAI,eAAe,QAAQ;AACzB,OAAM,UAAU;GACf,iBAAiB,KAAK,QAAQ,QAAQ,OAAO,IAAI,QAAQ,YAAY,YAAY,MAAM,gBAAgB,KAAK,QAAQ,YAAY,cAAc,KAAK,QAAQ,4BAA4B,SAAS,OAAO,KAAK,OAAO,OAAO,IAAI,OAAO,gBAAgB,KAAK,QAAQ,UAAU,OAAO,IAAI,OAAO,YAAY,uDAAuD,kBAAkB,UAAU,OAAO,IAAI,OAAO,OAAO,IAAI,KAAK,QAAQ,gBAAgB,KAAK,QAAQ,OAAO,YAAY,cAAc,KAAK,QAAQ,2BAA2B,OAAO,IAAI,KAAK,QAAQ,QAAQ,mBAAmB,KAAK,QAAQ,YAAY,cAAc,KAAK,QAAQ,0BAA0B,SAAS,aAAa,MAAM,cAAc,kBAAkB,QAAQ,oBAAoB,iBAAiB,cAAc,aAAa,SAAS,UAAU,YAAY,SAAS,wBAAwB,YAAY,kBAAkB,eAAe,sBAAsB,UAAU,gBAAgB,mBAAmB,sBAAsB;AAC39B,IAAM,cAAN,cAA0B,YAAY;CACpC,YAAY,KAAK,qBAAqB;EACpC,IAAI,IAAI;AACR,WAAS,aAAa,MAAM,yBAAyB,KAAK,aAAa,GAAG,KAAK,OAAO,GAAG,KAAK,SAAS,GAAG,aAAa,MAAM,cAAc,aAAa,MAAM,OAAO,aAAa,MAAM,eAAe,aAAa,MAAM,mBAAmB,aAAa,MAAM,SAAS,aAAa,MAAM,qBAAqB,aAAa,MAAM,kBAAkB,aAAa,MAAM,cAAc,OAAO,aAAa,MAAM,cAAc,aAAa,MAAM,UAAU,aAAa,MAAM,UAAU,OAAO,aAAa,MAAM,YAAY,OAAO,aAAa,MAAM,SAAS,OAAO,aAAa,MAAM,kBAAkB,OAAO,aAAa;GAChmB,IAAI;AACJ,gBAAa,MAAM,SAAS;GAC5B,MAAM,EAAE,MAAM,YAAY,QAAQ,YAAY;AAC9C,OAAI,WAAW,KAAK;AAClB,oBAAgB,MAAM,wBAAwB,mBAAmB,KAAK,MAAM,0CAA0C,MAAM,KAAK;AACjI;;AAEF,OAAI,aAAa,aAAa,MAAM,cAAc,IAAI,IAAI,SAAS,QAAQ,aAAa,MAAM,cAAc,KAAK,IAAI,WAAW,KAAK;AACnI,oBAAgB,MAAM,wBAAwB,mBAAmB,KAAK,MAAM,wBAAwB,OAAO,IAAI;AAC/G;;AAEF,OAAI,EAAE,QAAQ,IAAI,mBAAmB,IAAI,WAAW,sBAAsB;AACxE,oBAAgB,MAAM,wBAAwB,mBAAmB,KAAK,MAAM,wDAAsD;AAClI;;AAEF,OAAI,aAAa,MAAM,iBAAiB,KAAK,OAC3C;AACF,gBAAa,MAAM,aAAa,KAAK;GACrC,MAAM,YAAY,IAAI,MAAM;AAC5B,QAAK,MAAM,aAAa,MAAM,aAAa,QAAQ,IAAI,KAAK,MAAM,YAAY,KAAK,cAAc,YAAY,OAAO,QAAQ,YAAY,CAAC,QAAQ,EAAE,eAAe,OAAO;AACvK,oBAAgB,MAAM,wBAAwB,mBAAmB,KAAK,MAAM,wDAAwD,SAAS,KAAK;AAClJ;;GAEF,MAAM,UAAU,IAAI,eAAe,SAAS,KAAK;GACjD,IAAI,OAAO,CAAC;AACZ,MAAG;IACD,MAAM,EAAE,MAAM,UAAU,MAAM,OAAO;AACrC,aAAS,aAAa,MAAM,SAAS,KAAK,QAAQ,OAAO,OAAO,EAAE,QAAQ,CAAC,UAAU,SAAS,OAAO,CAAC,GAAG,aAAa,MAAM,SAAS,SAAS,gBAAgB,MAAM,wBAAwB,sBAAsB,KAAK;YAChN;MACP,aAAa,MAAM,gBAAgB,QAAQ;AAC7C,gBAAa,MAAM,aAAa,KAAK,IAAI,EAAE,IAAI,SAAS,gBAAgB,IAAI,SAAS,cAAc,gBAAgB,MAAM,wBAAwB,sBAAsB,KAAK,MAAM,aAAa;MAC7L,aAAa,MAAM,WAAW,UAAU;AAC1C,UAAO,MAAM,MAAM,YAAY,aAAa,MAAM,cAAc,MAAM;GACtE,MAAM,eAAe,IAAI,aAAa,MAAM,SAAS,WAAW;IAC9D,MAAM,MAAM;IACZ,QAAQ,aAAa,MAAM,gBAAgB,aAAa,MAAM,cAAc,SAAS,aAAa,MAAM,MAAM;IAC9G,aAAa,MAAM,MAAM;;AAE3B,gBAAa,MAAM,gBAAgB,CAAC,MAAM,SAAS,MAAM,UAAU,cAAc,aAAa,MAAM,YAAY,KAAK,MAAM,eAAe,KAAK,cAAc;MAC3J,aAAa,MAAM,iBAAiB,UAAU;AAChD,gBAAa,MAAM,oBAAoB;MACrC,aAAa,MAAM,kBAAkB;AACvC,gBAAa,MAAM,iBAAiB,KAAK,IAAI,aAAa,MAAM,iBAAiB,KAAK,cAAc,gBAAgB,MAAM,wBAAwB,YAAY,KAAK;;AAErK,MAAI;AACF,OAAI,eAAe,IACjB,cAAa,MAAM,MAAM;YAClB,OAAO,OAAO,SACrB,cAAa,MAAM,MAAM,IAAI,IAAI,KAAK;OAEtC,OAAM,IAAI,MAAM;UACZ;AACN,SAAM,YAAY;;AAEpB,eAAa,MAAM,SAAS,aAAa;GACvC,SAAS,aAAa,MAAM;GAC5B,SAAS,aAAa,MAAM;OACzB,aAAa,MAAM,aAAa,KAAK,aAAa,aAAa,MAAM,oBAAoB,MAAM,aAAa,MAAM,SAAS,KAAK,uBAAuB,OAAO,KAAK,IAAI,oBAAoB,UAAU,OAAO,KAAK,WAAW,QAAQ,aAAa,MAAM,mBAAmB,KAAK,uBAAuB,OAAO,KAAK,IAAI,oBAAoB,oBAAoB,OAAO,KAAK,CAAC,IAAI,gBAAgB,MAAM,wBAAwB,YAAY,KAAK;;;;;;;;;;;;CAYrb,IAAI,aAAa;AACf,SAAO,aAAa,MAAM;;;;;;;;;CAS5B,IAAI,MAAM;AACR,SAAO,aAAa,MAAM,MAAM;;;;;;;CAOlC,IAAI,kBAAkB;AACpB,SAAO,aAAa,MAAM;;;CAG5B,IAAI,UAAU;AACZ,SAAO,aAAa,MAAM;;CAE5B,IAAI,QAAQ,OAAO;AACjB,eAAa,MAAM,UAAU;;;CAG/B,IAAI,YAAY;AACd,SAAO,aAAa,MAAM;;CAE5B,IAAI,UAAU,OAAO;AACnB,eAAa,MAAM,YAAY;;;CAGjC,IAAI,SAAS;AACX,SAAO,aAAa,MAAM;;CAE5B,IAAI,OAAO,OAAO;AAChB,eAAa,MAAM,SAAS;;CAE9B,iBAAiB,MAAM,UAAU,SAAS;EACxC,MAAM,SAAS;AACf,QAAM,iBAAiB,MAAM,QAAQ;;CAEvC,oBAAoB,MAAM,UAAU,SAAS;EAC3C,MAAM,SAAS;AACf,QAAM,oBAAoB,MAAM,QAAQ;;;;;;;;;CAS1C,QAAQ;AACN,eAAa,MAAM,oBAAoB,aAAa,aAAa,MAAM,mBAAmB,aAAa,MAAM,iBAAiB,KAAK,WAAW,aAAa,MAAM,gBAAgB,aAAa,MAAM,aAAa,SAAS,aAAa,MAAM,aAAa,KAAK,SAAS,aAAa,MAAM,aAAa,KAAK;;;AAGjT,8BAA8B,IAAI,WAAW,uBAAuB,IAAI,WAAW,+BAA+B,IAAI,WAAW,mCAAmC,IAAI,WAAW,yBAAyB,IAAI,WAAW,qCAAqC,IAAI,WAAW,kCAAkC,IAAI,WAAW,+BAA+B,IAAI,WAAW,8BAA8B,IAAI,WAAW,0BAA0B,IAAI,WAAW,2BAA2B,IAAI,WAAW,6BAA6B,IAAI,WAAW,0BAA0B,IAAI,WAAW,yCAAyC,IAAI,WAKhnB,aAAa,WAAW;AACtB,cAAa,MAAM,aAAa,KAAK,aAAa,aAAa,MAAM,aAAa,IAAI,oBAAoB,aAAa,MAAM,QAAQ,aAAa,MAAM,OAAO,gBAAgB,MAAM,wBAAwB,sBAAsB,KAAK,OAAO,KAAK,aAAa,MAAM,mBAAmB,MAAM,aAAa,MAAM;GAClT,mCAAmC,IAAI,WAAW,gCAAgC,IAAI,WAMzF,uBAAuB,WAAW;CAChC,IAAI;CACJ,MAAM,OAAO;EAGX,MAAM;EACN,UAAU;EACV,SAAS;GAAE,QAAQ;GAAqB,GAAG,aAAa,MAAM,gBAAgB,EAAE,iBAAiB,aAAa,MAAM,kBAAkB,KAAK;;EAC3I,OAAO;EACP,SAAS,KAAK,aAAa,MAAM,iBAAiB,OAAO,KAAK,IAAI,GAAG;;AAEvE,QAAO,YAAY,eAAe,KAAK,cAAc,KAAK,kBAAkB,YAAY,gBAAgB;GACvG,2BAA2B,IAAI,WAAW,iCAAiC,IAAI,WAOlF,oBAAoB,SAAS,SAAS,MAAM;CAC1C,IAAI;AACJ,cAAa,MAAM,iBAAiB,KAAK,UAAU,aAAa,MAAM,aAAa,KAAK;CACxF,MAAM,aAAa,IAAI,WAAW,SAAS;EAAE;EAAM;;AACnD,EAAC,KAAK,aAAa,MAAM,cAAc,QAAQ,GAAG,KAAK,MAAM,aAAa,KAAK,cAAc;GAQ/F,uBAAuB,SAAS,SAAS,MAAM;CAC7C,IAAI;AACJ,KAAI,aAAa,MAAM,iBAAiB,KAAK,OAC3C;AACF,cAAa,MAAM,aAAa,KAAK;CACrC,MAAM,aAAa,IAAI,WAAW,SAAS;EAAE;EAAM;;AACnD,EAAC,KAAK,aAAa,MAAM,cAAc,QAAQ,GAAG,KAAK,MAAM,aAAa,KAAK,cAAc,aAAa,aAAa,MAAM,iBAAiB,WAAW,aAAa,MAAM,aAAa,aAAa,MAAM;GAC3M,6BAA6B,IAAI,WAKpC,YAAY,aAAa,GAKzB,YAAY,OAAO,GAKnB,YAAY,SAAS;AACrB,SAAS,aAAa;CACpB,MAAM,MAAM,cAAc,aAAa,WAAW,WAAW,KAAK;AAClE,QAAO,OAAO,OAAO,OAAO,YAAY,aAAa,OAAO,OAAO,IAAI,WAAW,WAAW,IAAI,UAAU,KAAK;;;;;AC1QlH,IAAI;AACJ,SACI,WAAW,QAAQ,aACf,WAAW,UACX,OAAO,eAAe,MAAK,MAAK,EAAE;;;;;;AAM1C,eAAe,gBAAgB,MAAM;AACjC,SAAQ,MAAM,QAAQ,gBAAgB,IAAI,WAAW;;;;;;AAMzD,eAAe,OAAO,MAAM;CACxB,MAAM,OAAO;CACb,IAAI,SAAS;CACb,MAAM,cAAc,MAAM,gBAAgB;AAC1C,MAAK,IAAI,IAAI,GAAG,IAAI,MAAM,KAAK;EAE3B,MAAM,cAAc,YAAY,KAAK;AACrC,YAAU,KAAK;;AAEnB,QAAO;;;;;;AAMX,eAAe,iBAAiB,QAAQ;AACpC,QAAO,MAAM,OAAO;;;;;;AAMxB,eAAsB,kBAAkB,eAAe;CACnD,MAAM,SAAS,OAAO,MAAM,QAAQ,OAAO,OAAO,WAAW,IAAI,cAAc,OAAO;AAItF,QAAO,KAAK,OAAO,aAAa,GAAG,IAAI,WAAW,UAC7C,QAAQ,OAAO,KACf,QAAQ,OAAO,KACf,QAAQ,MAAM;;;;;;AAMvB,eAA8B,cAAc,QAAQ;AAChD,KAAI,CAAC,OACD,UAAS;AACb,KAAI,SAAS,MAAM,SAAS,IACxB,OAAM,kDAAkD,OAAO;CAEnE,MAAM,WAAW,MAAM,iBAAiB;CACxC,MAAM,YAAY,MAAM,kBAAkB;AAC1C,QAAO;EACH,eAAe;EACf,gBAAgB;;;;;;;;;AC3DxB,MAAa,kDACD;CACR,uBAAqB;CACrB,8CAA0C,OAAO;CACjD,uBAAqB,MAAM;CAC3B,0CAAsC;CACtC,kDAA8C;CAC9C,+DAA2D;CAC3D,4BAA0B;CAC1B,qCAAmC;CACnC,kCAAgC,MAAM;CACtC,+BAA6B,MAAM;CACnC,0DAAwD;CACxD,+DAA2D;CAC3D,2DAAuD;CACvD,iDAA+C;GAE9C;;;;AAIL,MAAa,iCACD;CACR;CACA;CACA;CACA,oCAAkC;CAClC,0CAAsC;CACtC;CACA,kDAA8C;CAC9C,+CAA2C;CAC3C,+DAA2D;CAC3D,0EAEK;CACL,oCAAkC;CAClC,kCAAgC;CAChC,oEAAgE;CAChE,+EAEK;CACL,qCAAmC;CACnC,uEAEK;CACL,kFAEK;CACL,0DAAsD;GAErD;;;;;AAKL,MAAa,0CACD;CACR;CACA;CACA;CACA,gCAA8B;CAC9B;CACA,oCAAkC;CAClC,0CAAsC;CACtC;CACA,kDAA8C;CAC9C,+CAA2C;CAC3C,8CAA0C;CAC1C;CACA;CACA,kEAA8D;CAC9D,kEAA8D;CAC9D,+DAA2D;CAC3D,kEAA8D;CAC9D,kEAA8D;CAC9D,qEAAiE;CACjE,wEAEK;CACL,wEAEK;CACL,+DAA2D;CAC3D,0EAEK;CACL,kDAA8C;CAC9C,+CAA2C;CAC3C,0CAAsC;CACtC,oCAAkC;CAClC,kDAA8C;CAC9C,8CAA0C;CAC1C,0CAAwC;CACxC,2CAAyC;CACzC,+CAA6C;CAC7C,gDAA8C;CAC9C,4BAA0B;CAC1B,yBAAuB;GAEtB;;;;;;AAML,MAAa,wCAAwC,6BAA6B,MAAM,oBAAoB,KAAK,EAC7G,kCAAkC;;;;AAKtC,MAAa,+BACD;CACR;CACA,uBAAqB;CACrB;CACA,yBAAuB;CACvB,oBAAkB;CAClB,4BAA0B;GAEzB;;;;AAIL,MAAa,sCACD;CACR;CACA,gCAA8B;CAC9B,wBAAsB;;;;;AAK1B,MAAa,uCAAqC;CAC9C,uCAAmC,QAAQ,SAAS,KAAK,OAAO,QAAQ,IAAI,SAAS,OAAO,EAAE,SAAS;CACvG,yCAAuC;CACvC,qCAAiC;CACjC,wCAAoC;CACpC,0BAAwB;CACxB,yBAAuB;CACvB,uBAAqB;CACrB,oBAAkB;CAClB,kCAA8B;CAC9B,sBAAoB;CACpB,yBAAuB;CACvB,uBAAqB;CACrB,gBAAc;CACd,0BAAwB;CACxB,+BAA6B;CAC7B,iCAA+B;GAChC;;;;AAIH,MAAa,0CAAwC;CACjD;CACA,4BAA0B;CAC1B,kCAAgC;CAChC,uCAAqC;GACtC;;;;AAIH,MAAa,mCAAmC,0BAA0B,MAAM;;;;AAIhF,MAAa,gDAA8C;CACvD;CACA,gCAA8B;GAC/B;;;;AAIH,MAAa,+CAA6C;CACtD;CACA,8BAA4B;GAC7B;;;;;;;;;;;;AC7KH,SAAgB,yBAAyB,KAAK;CAC1C,MAAM,cAAc,OAAO,QAAQ,WAAW,IAAI,IAAI,OAAO,IAAI,IAAI,IAAI;AACzE,aAAY,OAAO;AACnB,QAAO;;;;;;;;;;;AAWX,SAAgB,qBAAqB,EAAE,mBAAmB,sBAAsB;CAC5E,MAAM,YAAY,OAAO,sBAAsB,WAAW,IAAI,IAAI,qBAAqB,IAAI,IAAI,kBAAkB;CACjH,MAAM,aAAa,OAAO,uBAAuB,WAAW,IAAI,IAAI,sBAAsB,IAAI,IAAI,mBAAmB;AAErH,KAAI,UAAU,WAAW,WAAW,OAChC,QAAO;AAGX,KAAI,UAAU,SAAS,SAAS,WAAW,SAAS,OAChD,QAAO;CAQX,MAAM,gBAAgB,UAAU,SAAS,SAAS,OAAO,UAAU,WAAW,UAAU,WAAW;CACnG,MAAM,iBAAiB,WAAW,SAAS,SAAS,OAAO,WAAW,WAAW,WAAW,WAAW;AACvG,QAAO,cAAc,WAAW;;;;;;;;ACtCpC,IAAa,aAAb,cAAgC,MAAM;CAClC,YAAY,SAAS,UAAU;AAC3B,QAAM;AACN,OAAK,WAAW;AAChB,OAAK,OAAO,KAAK,YAAY;;;;;CAKjC,mBAAmB;EACf,MAAM,WAAW;GACb,OAAO,KAAK;GACZ,mBAAmB,KAAK;;AAE5B,MAAI,KAAK,SACL,UAAS,YAAY,KAAK;AAE9B,SAAO;;CAEX,IAAI,YAAY;AACZ,SAAO,KAAK,YAAY;;;;;;;;AAQhC,IAAa,sBAAb,cAAyC,WAAW;AAEpD,oBAAoB,YAAY;;;;;AAKhC,IAAa,qBAAb,cAAwC,WAAW;AAEnD,mBAAmB,YAAY;;;;;;AAM/B,IAAa,oBAAb,cAAuC,WAAW;AAElD,kBAAkB,YAAY;;;;;AAK9B,IAAa,0BAAb,cAA6C,WAAW;AAExD,wBAAwB,YAAY;;;;;AAKpC,IAAa,4BAAb,cAA+C,WAAW;AAE1D,0BAA0B,YAAY;;;;;AAKtC,IAAa,oBAAb,cAAuC,WAAW;AAElD,kBAAkB,YAAY;;;;AAI9B,IAAa,oBAAb,cAAuC,WAAW;AAElD,kBAAkB,YAAY;;;;;AAK9B,IAAa,cAAb,cAAiC,WAAW;AAE5C,YAAY,YAAY;;;;;AAKxB,IAAa,8BAAb,cAAiD,WAAW;AAE5D,4BAA4B,YAAY;;;;;AAKxC,IAAa,+BAAb,cAAkD,WAAW;AAE7D,6BAA6B,YAAY;;;;;AAKzC,IAAa,4BAAb,cAA+C,WAAW;AAE1D,0BAA0B,YAAY;;;;;AAKtC,IAAa,oBAAb,cAAuC,WAAW;AAElD,kBAAkB,YAAY;;;;;AAK9B,IAAa,wBAAb,cAA2C,WAAW;AAEtD,sBAAsB,YAAY;;;;;AAKlC,IAAa,uBAAb,cAA0C,WAAW;AAErD,qBAAqB,YAAY;;;;;AAKjC,IAAa,6BAAb,cAAgD,WAAW;AAE3D,2BAA2B,YAAY;;;;AAIvC,IAAa,yBAAb,cAA4C,WAAW;AAEvD,uBAAuB,YAAY;;;;AAgBnC,MAAa,eAAe;EACvB,oBAAoB,YAAY;EAChC,mBAAmB,YAAY;EAC/B,kBAAkB,YAAY;EAC9B,wBAAwB,YAAY;EACpC,0BAA0B,YAAY;EACtC,kBAAkB,YAAY;EAC9B,kBAAkB,YAAY;EAC9B,YAAY,YAAY;EACxB,4BAA4B,YAAY;EACxC,6BAA6B,YAAY;EACzC,0BAA0B,YAAY;EACtC,kBAAkB,YAAY;EAC9B,sBAAsB,YAAY;EAClC,qBAAqB,YAAY;EACjC,2BAA2B,YAAY;EACvC,uBAAuB,YAAY;;;;;ACnKxC,IAAa,oBAAb,cAAuC,MAAM;CACzC,YAAY,SAAS;AACjB,QAAM,YAAY,QAAQ,YAAY,KAAK,IAAI,UAAU;;;;;;;;;;;;;;;AAejE,SAAS,uBAAuB,mBAAmB,kBAAkB;CACjE,MAAM,kBAAkB,kBAAkB,kBAAkB;AAE5D,KAAI,iBAAiB,WAAW,EAC5B,QAAO,kBAAkB,uBAAuB;AAGpD,KAAI,mBAAmB,iBAAiB,SAAS,uBAC7C,QAAO;AAEX,KAAI,mBAAmB,iBAAiB,SAAS,sBAC7C,QAAO;AAEX,KAAI,iBAAiB,SAAS,QAC1B,QAAO;AAGX,QAAO,kBAAkB,uBAAuB;;;;;;;;;;;;;;;;AAgBpD,SAAS,0BAA0B,QAAQ,mBAAmB,SAAS,QAAQ;CAC3E,MAAM,EAAE,WAAW,kBAAkB;AACrC,SAAQ,QAAR;EACI,KAAK;AACD,kBAAe,WAAW,eAAe;AACzC;EACJ,KAAK;AACD,iBAAc,WAAW,eAAe;AACxC;EACJ,KAAK;AACD,mBAAgB,WAAW;AAC3B;EACJ,QACI,OAAM,IAAI,MAAM,6CAA6C;;;;;;AAMzE,SAAS,eAAe,UAAU,cAAc,SAAS;AACrD,KAAI,CAAC,aACD,OAAM,IAAI,MAAM;CAEpB,MAAM,cAAc,KAAK,GAAG,SAAS,GAAG;AACxC,SAAQ,IAAI,iBAAiB,SAAS;;;;;AAK1C,SAAS,cAAc,UAAU,cAAc,QAAQ;AACnD,QAAO,IAAI,aAAa;AACxB,KAAI,aACA,QAAO,IAAI,iBAAiB;;;;;AAMpC,SAAS,gBAAgB,UAAU,QAAQ;AACvC,QAAO,IAAI,aAAa;;;;;;;;;;;;;AAa5B,eAAsB,mBAAmB,OAAO;CAC5C,MAAM,aAAa,iBAAiB,WAAW,MAAM,SAAS;CAC9D,MAAM,OAAO,iBAAiB,WAAW,MAAM,MAAM,SAAS;AAC9D,KAAI;EACA,MAAM,SAAS,yBAAyB,MAAM,KAAK,MAAM;EACzD,MAAM,EAAE,OAAO,mBAAmB,cAAc;EAChD,MAAM,aAAa,aAAa,UAAU;AAC1C,SAAO,IAAI,WAAW,qBAAqB,IAAI;UAE5C,OAAO;EAEV,MAAM,eAAe,GAAG,aAAa,QAAQ,WAAW,MAAM,GAAG,gCAAgC,MAAM,cAAc;AACrH,SAAO,IAAI,YAAY;;;;;;;;;AAS/B,eAAsB,KAAK,UAAU,SAAS;CAC1C,IAAI,IAAI;AACR,KAAI;AACA,SAAO,MAAM,aAAa,UAAU;UAEjC,OAAO;AAEV,MAAI,iBAAiB,sBAAsB,iBAAiB,yBAAyB;AACjF,WAAQ,KAAK,SAAS,2BAA2B,QAAQ,OAAO,KAAK,IAAI,KAAK,IAAI,GAAG,KAAK,UAAU;AACpG,UAAO,MAAM,aAAa,UAAU;aAE/B,iBAAiB,mBAAmB;AACzC,WAAQ,KAAK,SAAS,2BAA2B,QAAQ,OAAO,KAAK,IAAI,KAAK,IAAI,GAAG,KAAK,UAAU;AACpG,UAAO,MAAM,aAAa,UAAU;;AAGxC,QAAM;;;AAGd,eAAe,aAAa,UAAU,EAAE,WAAW,mBAAmB,OAAO,qBAAqB,WAAY;CAC1G,IAAI;CACJ,IAAI;AACJ,KAAI;AACA,qBAAmB,MAAM,uCAAuC,WAAW,EAAE,uBAAuB;AACpG,MAAI,iBAAiB,yBAAyB,iBAAiB,sBAAsB,SAAS,EAC1F,0BAAyB,iBAAiB,sBAAsB;UAGjE,IAAI;;;;;AAOX,KAAI,CAAC,uBACD,0BAAyB;CAE7B,MAAM,WAAW,MAAM,kBAAkB,WAAW,UAAU;CAC9D,MAAM,WAAW,MAAM,oCAAoC,wBAAwB,EAC/E;CAGJ,IAAI,oBAAoB,MAAM,QAAQ,QAAQ,SAAS;AACvD,KAAI,CAAC,mBAAmB;AACpB,MAAI,sBAAsB,OACtB,OAAM,IAAI,MAAM;AAEpB,MAAI,CAAC,SAAS,sBACV,OAAM,IAAI,MAAM;EAEpB,MAAM,kBAAkB,MAAM,eAAe,wBAAwB;GACjE;GACA,gBAAgB,SAAS;GACzB;;AAEJ,QAAM,SAAS,sBAAsB;AACrC,sBAAoB;;AAGxB,KAAI,sBAAsB,QAAW;EACjC,MAAMA,iBAAe,MAAM,SAAS;EACpC,MAAMC,WAAS,MAAM,sBAAsB,wBAAwB;GAC/D;GACA;GACA;GACA;GACA,aAAa,SAAS;GACtB;GACA,yBAAyB,SAAS;GACzB;;AAEb,QAAM,SAAS,WAAWA;AAC1B,SAAO;;CAEX,MAAM,SAAS,MAAM,SAAS;AAE9B,KAAI,WAAW,QAAQ,WAAW,KAAK,IAAI,KAAK,IAAI,OAAO,cACvD,KAAI;EAEA,MAAM,YAAY,MAAM,qBAAqB,wBAAwB;GACjE;GACA;GACA,cAAc,OAAO;GACrB;GACA,yBAAyB,SAAS;GAClC;;AAEJ,QAAM,SAAS,WAAW;AAC1B,SAAO;UAEJ,OAAO;AAEV,MAAI,EAAE,iBAAiB,eAAe,iBAAiB,aAAa,OAKhE,OAAM;;CAIlB,MAAM,QAAQ,SAAS,QAAQ,MAAM,SAAS,UAAU;CAExD,MAAM,EAAE,kBAAkB,iBAAiB,MAAM,mBAAmB,wBAAwB;EACxF;EACA;EACA;EACA,aAAa,SAAS;EACtB,OAAO,SAAS,SAAS,eAAe;EACxC;;AAEJ,OAAM,SAAS,iBAAiB;AAChC,OAAM,SAAS,wBAAwB;AACvC,QAAO;;AAEX,eAAsB,kBAAkB,WAAW,UAAU,kBAAkB;CAC3E,MAAM,kBAAkB,yBAAyB;AAEjD,KAAI,SAAS,oBACT,QAAO,MAAM,SAAS,oBAAoB,iBAAiB,qBAAqB,QAAQ,qBAAqB,KAAK,IAAI,KAAK,IAAI,iBAAiB;AAGpJ,KAAI,CAAC,iBACD,QAAO;AAGX,KAAI,CAAC,qBAAqB;EAAE,mBAAmB;EAAiB,oBAAoB,iBAAiB;IACjG,OAAM,IAAI,MAAM,sBAAsB,iBAAiB,SAAS,2BAA2B,gBAAgB;AAG/G,QAAO,IAAI,IAAI,iBAAiB;;;;;AAKpC,SAAgB,2BAA2B,KAAK;CAC5C,MAAM,qBAAqB,IAAI,QAAQ,IAAI;AAC3C,KAAI,CAAC,mBACD,QAAO;CAEX,MAAM,CAAC,MAAM,UAAU,mBAAmB,MAAM;AAChD,KAAI,KAAK,kBAAkB,YAAY,CAAC,OACpC,QAAO;CAEX,MAAM,QAAQ;CACd,MAAM,QAAQ,MAAM,KAAK;AACzB,KAAI,CAAC,MACD,QAAO;AAEX,KAAI;AACA,SAAO,IAAI,IAAI,MAAM;UAElB,IAAI;AACP,SAAO;;;;;;;;;AASf,eAAsB,uCAAuC,WAAW,MAAM,UAAU,OAAO;CAC3F,MAAM,WAAW,MAAM,6BAA6B,WAAW,4BAA4B,SAAS;EAChG,iBAAiB,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK;EAClE,aAAa,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK;;AAElE,KAAI,CAAC,YAAY,SAAS,WAAW,IACjC,OAAM,IAAI,MAAM;AAEpB,KAAI,CAAC,SAAS,GACV,OAAM,IAAI,MAAM,QAAQ,SAAS,OAAO;AAE5C,QAAO,qCAAqC,MAAM,MAAM,SAAS;;;;;AAKrE,eAAe,mBAAmB,KAAK,SAAS,UAAU,OAAO;AAC7D,KAAI;AACA,SAAO,MAAM,QAAQ,KAAK,EAAE;UAEzB,OAAO;AACV,MAAI,iBAAiB,UACjB,KAAI,QAEA,QAAO,mBAAmB,KAAK,QAAW;MAI1C,QAAO;AAGf,QAAM;;;;;;AAMd,SAAS,mBAAmB,iBAAiB,WAAW,IAAI,UAAU,IAAI;AAEtE,KAAI,SAAS,SAAS,KAClB,YAAW,SAAS,MAAM,GAAG;AAEjC,QAAO,QAAQ,kBACT,GAAG,SAAS,eAAe,oBAC3B,gBAAgB,kBAAkB;;;;;AAK5C,eAAe,qBAAqB,KAAK,iBAAiB,UAAU,OAAO;CACvE,MAAM,UAAU,EACZ,wBAAwB;AAE5B,QAAO,MAAM,mBAAmB,KAAK,SAAS;;;;;AAKlD,SAAS,sBAAsB,UAAU,UAAU;AAC/C,QAAO,CAAC,YAAY,SAAS,WAAW,OAAO,aAAa;;;;;AAKhE,eAAe,6BAA6B,WAAW,eAAe,SAAS,MAAM;CACjF,IAAI,IAAI;CACR,MAAM,SAAS,IAAI,IAAI;CACvB,MAAM,mBAAmB,KAAK,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK,qBAAqB,QAAQ,OAAO,KAAK,IAAI,KAAK;CACjI,IAAI;AACJ,KAAI,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK,YACjD,OAAM,IAAI,IAAI,KAAK;MAElB;EAED,MAAM,gBAAgB,mBAAmB,eAAe,OAAO;AAC/D,QAAM,IAAI,IAAI,gBAAgB,KAAK,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK,uBAAuB,QAAQ,OAAO,KAAK,IAAI,KAAK;AACxI,MAAI,SAAS,OAAO;;CAExB,IAAI,WAAW,MAAM,qBAAqB,KAAK,iBAAiB;AAEhE,KAAI,EAAE,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK,gBAAgB,sBAAsB,UAAU,OAAO,WAAW;EACrH,MAAM,UAAU,IAAI,IAAI,gBAAgB,iBAAiB;AACzD,aAAW,MAAM,qBAAqB,SAAS,iBAAiB;;AAEpE,QAAO;;;;;;;;;AAwCX,SAAgB,mBAAmB,wBAAwB;CACvD,MAAM,MAAM,OAAO,2BAA2B,WAAW,IAAI,IAAI,0BAA0B;CAC3F,MAAM,UAAU,IAAI,aAAa;CACjC,MAAM,YAAY;AAClB,KAAI,CAAC,SAAS;AAEV,YAAU,KAAK;GACX,KAAK,IAAI,IAAI,2CAA2C,IAAI;GAC5D,MAAM;;AAGV,YAAU,KAAK;GACX,KAAK,IAAI,IAAI,qCAAqC,IAAI;GACtD,MAAM;;AAEV,SAAO;;CAGX,IAAI,WAAW,IAAI;AACnB,KAAI,SAAS,SAAS,KAClB,YAAW,SAAS,MAAM,GAAG;AAIjC,WAAU,KAAK;EACX,KAAK,IAAI,IAAI,0CAA0C,YAAY,IAAI;EACvE,MAAM;;AAGV,WAAU,KAAK;EACX,KAAK,IAAI,IAAI,2CAA2C,IAAI;EAC5D,MAAM;;AAIV,WAAU,KAAK;EACX,KAAK,IAAI,IAAI,oCAAoC,YAAY,IAAI;EACjE,MAAM;;AAGV,WAAU,KAAK;EACX,KAAK,IAAI,IAAI,GAAG,SAAS,oCAAoC,IAAI;EACjE,MAAM;;AAEV,QAAO;;;;;;;;;;;;;;;;;;AAkBX,eAAsB,oCAAoC,wBAAwB,EAAE,UAAU,OAAO,kBAAkB,4BAA6B,IAAI;CACpJ,IAAI;CACJ,MAAM,UAAU,EAAE,wBAAwB;CAE1C,MAAM,YAAY,mBAAmB;AAErC,MAAK,MAAM,EAAE,KAAK,aAAa,UAAU,WAAW;EAChD,MAAM,WAAW,MAAM,mBAAmB,aAAa,SAAS;AAChE,MAAI,CAAC;;;;;AAKD;AAEJ,MAAI,CAAC,SAAS,IAAI;AAEd,OAAI,SAAS,UAAU,OAAO,SAAS,SAAS,IAC5C;AAEJ,SAAM,IAAI,MAAM,QAAQ,SAAS,OAAO,kBAAkB,SAAS,UAAU,UAAU,kBAAkB,iBAAiB;;AAG9H,MAAI,SAAS,QACT,QAAO,oBAAoB,MAAM,MAAM,SAAS;OAE/C;GACD,MAAM,WAAW,sCAAsC,MAAM,MAAM,SAAS;AAE5E,OAAI,GAAG,KAAK,SAAS,sCAAsC,QAAQ,OAAO,KAAK,IAAI,KAAK,IAAI,GAAG,SAAS,SACpG,OAAM,IAAI,MAAM,iCAAiC,YAAY;AAEjE,UAAO;;;AAGf,QAAO;;;;;AAKX,eAAsB,mBAAmB,wBAAwB,EAAE,UAAU,mBAAmB,aAAa,OAAO,OAAO,YAAa;CACpI,MAAM,eAAe;CACrB,MAAM,sBAAsB;CAC5B,IAAI;AACJ,KAAI,UAAU;AACV,qBAAmB,IAAI,IAAI,SAAS;AACpC,MAAI,CAAC,SAAS,yBAAyB,SAAS,cAC5C,OAAM,IAAI,MAAM,4DAA4D;AAEhF,MAAI,CAAC,SAAS,oCACV,CAAC,SAAS,iCAAiC,SAAS,qBACpD,OAAM,IAAI,MAAM,oEAAoE;OAIxF,oBAAmB,IAAI,IAAI,cAAc;CAG7C,MAAM,YAAY,MAAM;CACxB,MAAM,eAAe,UAAU;CAC/B,MAAM,gBAAgB,UAAU;AAChC,kBAAiB,aAAa,IAAI,iBAAiB;AACnD,kBAAiB,aAAa,IAAI,aAAa,kBAAkB;AACjE,kBAAiB,aAAa,IAAI,kBAAkB;AACpD,kBAAiB,aAAa,IAAI,yBAAyB;AAC3D,kBAAiB,aAAa,IAAI,gBAAgB,OAAO;AACzD,KAAI,MACA,kBAAiB,aAAa,IAAI,SAAS;AAE/C,KAAI,MACA,kBAAiB,aAAa,IAAI,SAAS;AAE/C,KAAI,UAAU,QAAQ,UAAU,KAAK,IAAI,KAAK,IAAI,MAAM,SAAS,kBAI7D,kBAAiB,aAAa,OAAO,UAAU;AAEnD,KAAI,SACA,kBAAiB,aAAa,IAAI,YAAY,SAAS;AAE3D,QAAO;EAAE;EAAkB;;;;;;;;;;;;;;;AAc/B,eAAsB,sBAAsB,wBAAwB,EAAE,UAAU,mBAAmB,mBAAmB,cAAc,aAAa,UAAU,yBAAyB,WAAY;CAC5L,IAAI;CACJ,MAAM,YAAY;CAClB,MAAM,YAAY,aAAa,QAAQ,aAAa,KAAK,IAAI,KAAK,IAAI,SAAS,kBACzE,IAAI,IAAI,SAAS,kBACjB,IAAI,IAAI,UAAU;AACxB,MAAK,aAAa,QAAQ,aAAa,KAAK,IAAI,KAAK,IAAI,SAAS,0BAC9D,CAAC,SAAS,sBAAsB,SAAS,WACzC,OAAM,IAAI,MAAM,yDAAyD;CAG7E,MAAM,UAAU,IAAI,QAAQ;EACxB,gBAAgB;EAChB,UAAU;;CAEd,MAAM,SAAS,IAAI,gBAAgB;EAC/B,YAAY;EACZ,MAAM;EACN,eAAe;EACf,cAAc,OAAO;;AAEzB,KAAI,wBACA,yBAAwB,SAAS,QAAQ,wBAAwB;MAEhE;EAED,MAAM,oBAAoB,KAAK,aAAa,QAAQ,aAAa,KAAK,IAAI,KAAK,IAAI,SAAS,2CAA2C,QAAQ,OAAO,KAAK,IAAI,KAAK;EACpK,MAAM,aAAa,uBAAuB,mBAAmB;AAC7D,4BAA0B,YAAY,mBAAmB,SAAS;;AAEtE,KAAI,SACA,QAAO,IAAI,YAAY,SAAS;CAEpC,MAAM,WAAW,OAAO,YAAY,QAAQ,YAAY,KAAK,IAAI,UAAU,OAAO,UAAU;EACxF,QAAQ;EACR;EACA,MAAM;;AAEV,KAAI,CAAC,SAAS,GACV,OAAM,MAAM,mBAAmB;AAEnC,QAAO,kBAAkB,MAAM,MAAM,SAAS;;;;;;;;;;;;;;AAclD,eAAsB,qBAAqB,wBAAwB,EAAE,UAAU,mBAAmB,cAAc,UAAU,yBAAyB,WAAY;CAC3J,IAAI;CACJ,MAAM,YAAY;CAClB,IAAI;AACJ,KAAI,UAAU;AACV,aAAW,IAAI,IAAI,SAAS;AAC5B,MAAI,SAAS,yBACT,CAAC,SAAS,sBAAsB,SAAS,WACzC,OAAM,IAAI,MAAM,yDAAyD;OAI7E,YAAW,IAAI,IAAI,UAAU;CAGjC,MAAM,UAAU,IAAI,QAAQ,EACxB,gBAAgB;CAEpB,MAAM,SAAS,IAAI,gBAAgB;EAC/B,YAAY;EACZ,eAAe;;AAEnB,KAAI,wBACA,yBAAwB,SAAS,QAAQ,wBAAwB;MAEhE;EAED,MAAM,oBAAoB,KAAK,aAAa,QAAQ,aAAa,KAAK,IAAI,KAAK,IAAI,SAAS,2CAA2C,QAAQ,OAAO,KAAK,IAAI,KAAK;EACpK,MAAM,aAAa,uBAAuB,mBAAmB;AAC7D,4BAA0B,YAAY,mBAAmB,SAAS;;AAEtE,KAAI,SACA,QAAO,IAAI,YAAY,SAAS;CAEpC,MAAM,WAAW,OAAO,YAAY,QAAQ,YAAY,KAAK,IAAI,UAAU,OAAO,UAAU;EACxF,QAAQ;EACR;EACA,MAAM;;AAEV,KAAI,CAAC,SAAS,GACV,OAAM,MAAM,mBAAmB;AAEnC,QAAO,kBAAkB,MAAM;EAAE,eAAe;EAAc,GAAI,MAAM,SAAS;;;;;;AAKrF,eAAsB,eAAe,wBAAwB,EAAE,UAAU,gBAAgB,WAAY;CACjG,IAAI;AACJ,KAAI,UAAU;AACV,MAAI,CAAC,SAAS,sBACV,OAAM,IAAI,MAAM;AAEpB,oBAAkB,IAAI,IAAI,SAAS;OAGnC,mBAAkB,IAAI,IAAI,aAAa;CAE3C,MAAM,WAAW,OAAO,YAAY,QAAQ,YAAY,KAAK,IAAI,UAAU,OAAO,iBAAiB;EAC/F,QAAQ;EACR,SAAS,EACL,gBAAgB;EAEpB,MAAM,KAAK,UAAU;;AAEzB,KAAI,CAAC,SAAS,GACV,OAAM,MAAM,mBAAmB;AAEnC,QAAO,iCAAiC,MAAM,MAAM,SAAS;;;;;ACrrBjE,IAAa,WAAb,cAA8B,MAAM;CAChC,YAAY,MAAM,SAAS,OAAO;AAC9B,QAAM,cAAc;AACpB,OAAK,OAAO;AACZ,OAAK,QAAQ;;;;;;;AAOrB,IAAa,qBAAb,MAAgC;CAC5B,YAAY,KAAK,MAAM;AACnB,OAAK,OAAO;AACZ,OAAK,uBAAuB;AAC5B,OAAK,mBAAmB,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK;AACzE,OAAK,eAAe,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK;AACrE,OAAK,gBAAgB,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK;AACtE,OAAK,SAAS,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK;;CAEnE,MAAM,iBAAiB;EACnB,IAAI;AACJ,MAAI,CAAC,KAAK,cACN,OAAM,IAAI,kBAAkB;EAEhC,IAAI;AACJ,MAAI;AACA,YAAS,MAAM,KAAK,KAAK,eAAe;IAAE,WAAW,KAAK;IAAM,qBAAqB,KAAK;IAAsB,SAAS,KAAK;;WAE3H,OAAO;AACV,IAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM;AACvE,SAAM;;AAEV,MAAI,WAAW,aACX,OAAM,IAAI;AAEd,SAAO,MAAM,KAAK;;CAEtB,MAAM,iBAAiB;EACnB,IAAI;EACJ,MAAM,UAAU;AAChB,MAAI,KAAK,eAAe;GACpB,MAAM,SAAS,MAAM,KAAK,cAAc;AACxC,OAAI,OACA,SAAQ,mBAAmB,UAAU,OAAO;;AAGpD,MAAI,KAAK,iBACL,SAAQ,0BAA0B,KAAK;AAE3C,SAAO,IAAI,QAAQ;GAAE,GAAG;GAAS,IAAI,KAAK,KAAK,kBAAkB,QAAQ,OAAO,KAAK,IAAI,KAAK,IAAI,GAAG;;;CAEzG,eAAe;EACX,IAAI,IAAI,IAAI;EACZ,MAAM,aAAc,MAAM,MAAM,KAAK,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK,sBAAsB,QAAQ,OAAO,KAAK,IAAI,KAAK,IAAI,GAAG,WAAW,QAAQ,OAAO,KAAK,IAAI,KAAK,KAAK,YAAY,QAAQ,OAAO,KAAK,IAAI,KAAK;AACtO,SAAO,IAAI,SAAS,SAAS,WAAW;AACpC,QAAK,eAAe,IAAI,YAAY,KAAK,KAAK,MAAM;IAChD,GAAG,KAAK;IACR,OAAO,OAAO,KAAK,SAAS;KACxB,MAAM,UAAU,MAAM,KAAK;AAC3B,aAAQ,IAAI,UAAU;KACtB,MAAM,WAAW,MAAM,UAAU,KAAK;MAClC,GAAG;MACH;;AAEJ,SAAI,SAAS,WAAW,OAAO,SAAS,QAAQ,IAAI,oBAChD,MAAK,uBAAuB,2BAA2B;AAE3D,YAAO;;;AAGf,QAAK,mBAAmB,IAAI;AAC5B,QAAK,aAAa,WAAW,UAAU;IACnC,IAAIC;AACJ,QAAI,MAAM,SAAS,OAAO,KAAK,eAAe;AAC1C,UAAK,iBAAiB,KAAK,SAAS;AACpC;;IAEJ,MAAM,QAAQ,IAAI,SAAS,MAAM,MAAM,MAAM,SAAS;AACtD,WAAO;AACP,KAAC,OAAK,KAAK,aAAa,QAAQA,SAAO,KAAK,KAAaA,KAAG,KAAK,MAAM;;AAE3E,QAAK,aAAa,eAAe;AAGjC,QAAK,aAAa,iBAAiB,aAAa,UAAU;IACtD,IAAIA;IACJ,MAAM,eAAe;AACrB,QAAI;AACA,UAAK,YAAY,IAAI,IAAI,aAAa,MAAM,KAAK;AACjD,SAAI,KAAK,UAAU,WAAW,KAAK,KAAK,OACpC,OAAM,IAAI,MAAM,qDAAqD,KAAK,UAAU;aAGrF,OAAO;AACV,YAAO;AACP,MAAC,OAAK,KAAK,aAAa,QAAQA,SAAO,KAAK,KAAaA,KAAG,KAAK,MAAM;AACvE,KAAK,KAAK;AACV;;AAEJ;;AAEJ,QAAK,aAAa,aAAa,UAAU;IACrC,IAAIA,MAAIC;IACR,MAAM,eAAe;IACrB,IAAI;AACJ,QAAI;AACA,eAAU,qBAAqB,MAAM,KAAK,MAAM,aAAa;aAE1D,OAAO;AACV,MAAC,OAAK,KAAK,aAAa,QAAQD,SAAO,KAAK,KAAaA,KAAG,KAAK,MAAM;AACvE;;AAEJ,KAAC,OAAK,KAAK,eAAe,QAAQC,SAAO,KAAK,KAAaA,KAAG,KAAK,MAAM;;;;CAIrF,MAAM,QAAQ;AACV,MAAI,KAAK,aACL,OAAM,IAAI,MAAM;AAEpB,SAAO,MAAM,KAAK;;;;;CAKtB,MAAM,WAAW,mBAAmB;AAChC,MAAI,CAAC,KAAK,cACN,OAAM,IAAI,kBAAkB;EAEhC,MAAM,SAAS,MAAM,KAAK,KAAK,eAAe;GAAE,WAAW,KAAK;GAAM;GAAmB,qBAAqB,KAAK;GAAsB,SAAS,KAAK;;AACvJ,MAAI,WAAW,aACX,OAAM,IAAI,kBAAkB;;CAGpC,MAAM,QAAQ;EACV,IAAI,IAAI,IAAI;AACZ,GAAC,KAAK,KAAK,sBAAsB,QAAQ,OAAO,KAAK,KAAa,GAAG;AACrE,GAAC,KAAK,KAAK,kBAAkB,QAAQ,OAAO,KAAK,KAAa,GAAG;AACjE,GAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK;;CAErE,MAAM,KAAK,SAAS;EAChB,IAAI,IAAI,IAAI;AACZ,MAAI,CAAC,KAAK,UACN,OAAM,IAAI,MAAM;AAEpB,MAAI;GACA,MAAM,UAAU,MAAM,KAAK;AAC3B,WAAQ,IAAI,gBAAgB;GAC5B,MAAM,OAAO;IACT,GAAG,KAAK;IACR,QAAQ;IACR;IACA,MAAM,KAAK,UAAU;IACrB,SAAS,KAAK,KAAK,sBAAsB,QAAQ,OAAO,KAAK,IAAI,KAAK,IAAI,GAAG;;GAEjF,MAAM,WAAW,QAAQ,KAAK,KAAK,YAAY,QAAQ,OAAO,KAAK,IAAI,KAAK,OAAO,KAAK,WAAW;AACnG,OAAI,CAAC,SAAS,IAAI;AACd,QAAI,SAAS,WAAW,OAAO,KAAK,eAAe;AAC/C,UAAK,uBAAuB,2BAA2B;KACvD,MAAM,SAAS,MAAM,KAAK,KAAK,eAAe;MAAE,WAAW,KAAK;MAAM,qBAAqB,KAAK;MAAsB,SAAS,KAAK;;AACpI,SAAI,WAAW,aACX,OAAM,IAAI;AAGd,YAAO,KAAK,KAAK;;IAErB,MAAM,OAAO,MAAM,SAAS,OAAO,YAAY;AAC/C,UAAM,IAAI,MAAM,mCAAmC,SAAS,OAAO,KAAK;;WAGzE,OAAO;AACV,IAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM;AACvE,SAAM;;;CAGd,mBAAmB,SAAS;AACxB,OAAK,mBAAmB;;;;;;AClLhC,IAAM,0BAAN,cAAsC,gBAAgB;CACpD,YAAY,EAAE,SAAS,SAAS,cAAc,IAAI;EAChD,IAAI;AACJ,QAAM;GACJ,MAAM,YAAY;AAChB,aAAS,aAAa;KACpB,UAAU,UAAU;AAClB,iBAAW,QAAQ;;KAErB,QAAQ,OAAO;AACb,kBAAY,cAAc,WAAW,MAAM,SAAS,OAAO,WAAW,cAAc,QAAQ;;KAE9F;KACA;;;GAGJ,UAAU,OAAO;AACf,WAAO,KAAK;;;;;;;;ACfpB,MAAM,+CAA+C;CACjD,0BAA0B;CAC1B,sBAAsB;CACtB,6BAA6B;CAC7B,YAAY;;AAEhB,IAAa,sBAAb,cAAyC,MAAM;CAC3C,YAAY,MAAM,SAAS;AACvB,QAAM,0BAA0B;AAChC,OAAK,OAAO;;;;;;;;AAQpB,IAAa,gCAAb,MAA2C;CACvC,YAAY,KAAK,MAAM;EACnB,IAAI;AACJ,OAAK,OAAO;AACZ,OAAK,uBAAuB;AAC5B,OAAK,eAAe,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK;AACrE,OAAK,gBAAgB,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK;AACtE,OAAK,SAAS,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK;AAC/D,OAAK,aAAa,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK;AACnE,OAAK,wBAAwB,KAAK,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK,yBAAyB,QAAQ,OAAO,KAAK,IAAI,KAAK;;CAE7I,MAAM,iBAAiB;EACnB,IAAI;AACJ,MAAI,CAAC,KAAK,cACN,OAAM,IAAI,kBAAkB;EAEhC,IAAI;AACJ,MAAI;AACA,YAAS,MAAM,KAAK,KAAK,eAAe;IAAE,WAAW,KAAK;IAAM,qBAAqB,KAAK;IAAsB,SAAS,KAAK;;WAE3H,OAAO;AACV,IAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM;AACvE,SAAM;;AAEV,MAAI,WAAW,aACX,OAAM,IAAI;AAEd,SAAO,MAAM,KAAK,gBAAgB,EAAE,iBAAiB;;CAEzD,MAAM,iBAAiB;EACnB,IAAI;EACJ,MAAM,UAAU;AAChB,MAAI,KAAK,eAAe;GACpB,MAAM,SAAS,MAAM,KAAK,cAAc;AACxC,OAAI,OACA,SAAQ,mBAAmB,UAAU,OAAO;;AAGpD,MAAI,KAAK,WACL,SAAQ,oBAAoB,KAAK;AAErC,MAAI,KAAK,iBACL,SAAQ,0BAA0B,KAAK;EAE3C,MAAM,eAAe,KAAK,mBAAmB,KAAK,KAAK,kBAAkB,QAAQ,OAAO,KAAK,IAAI,KAAK,IAAI,GAAG;AAC7G,SAAO,IAAI,QAAQ;GACf,GAAG;GACH,GAAG;;;CAGX,MAAM,gBAAgB,SAAS;EAC3B,IAAI,IAAI,IAAI;EACZ,MAAM,EAAE,oBAAoB;AAC5B,MAAI;GAGA,MAAM,UAAU,MAAM,KAAK;AAC3B,WAAQ,IAAI,UAAU;AAEtB,OAAI,gBACA,SAAQ,IAAI,iBAAiB;GAEjC,MAAM,WAAW,QAAQ,KAAK,KAAK,YAAY,QAAQ,OAAO,KAAK,IAAI,KAAK,OAAO,KAAK,MAAM;IAC1F,QAAQ;IACR;IACA,SAAS,KAAK,KAAK,sBAAsB,QAAQ,OAAO,KAAK,IAAI,KAAK,IAAI,GAAG;;AAEjF,OAAI,CAAC,SAAS,IAAI;AACd,QAAI,SAAS,WAAW,OAAO,KAAK,cAEhC,QAAO,MAAM,KAAK;AAItB,QAAI,SAAS,WAAW,IACpB;AAEJ,UAAM,IAAI,oBAAoB,SAAS,QAAQ,8BAA8B,SAAS;;AAE1F,QAAK,iBAAiB,SAAS,MAAM,SAAS;WAE3C,OAAO;AACV,IAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM;AACvE,SAAM;;;;;;;;;CASd,0BAA0B,SAAS;EAE/B,MAAM,eAAe,KAAK,qBAAqB;EAC/C,MAAM,aAAa,KAAK,qBAAqB;EAC7C,MAAM,WAAW,KAAK,qBAAqB;AAE3C,SAAO,KAAK,IAAI,eAAe,KAAK,IAAI,YAAY,UAAU;;CAElE,kBAAkB,SAAS;AACvB,MAAI,CAAC,QACD,QAAO;AACX,MAAI,mBAAmB,QACnB,QAAO,OAAO,YAAY,QAAQ;AAEtC,MAAI,MAAM,QAAQ,SACd,QAAO,OAAO,YAAY;AAE9B,SAAO,EAAE,GAAG;;;;;;;;CAQhB,sBAAsB,SAAS,eAAe,GAAG;EAC7C,IAAI;EAEJ,MAAM,aAAa,KAAK,qBAAqB;AAE7C,MAAI,aAAa,KAAK,gBAAgB,YAAY;AAC9C,IAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,sBAAM,IAAI,MAAM,kCAAkC,WAAW;AAC9H;;EAGJ,MAAM,QAAQ,KAAK,0BAA0B;AAE7C,mBAAiB;AAEb,QAAK,gBAAgB,SAAS,OAAM,UAAS;IACzC,IAAIC;AACJ,KAAC,OAAK,KAAK,aAAa,QAAQA,SAAO,KAAK,KAAaA,KAAG,KAAK,sBAAM,IAAI,MAAM,mCAAmC,iBAAiB,QAAQ,MAAM,UAAU,OAAO;AAEpK,SAAK,sBAAsB,SAAS,eAAe;;KAExD;;CAEP,iBAAiB,QAAQ,SAAS,iBAAiB;AAC/C,MAAI,CAAC,OACD;EAEJ,MAAM,EAAE,mBAAmB,oBAAoB;EAC/C,IAAI;EACJ,MAAM,gBAAgB,YAAY;GAC9B,IAAI,IAAI,IAAI,IAAI;AAGhB,OAAI;IAEA,MAAM,SAAS,OACV,YAAY,IAAI,qBAChB,YAAY,IAAI,2BAChB;AACL,WAAO,MAAM;KACT,MAAM,EAAE,OAAO,OAAO,SAAS,MAAM,OAAO;AAC5C,SAAI,KACA;AAGJ,SAAI,MAAM,IAAI;AACV,oBAAc,MAAM;AACpB,4BAAsB,QAAQ,sBAAsB,KAAK,KAAa,kBAAkB,MAAM;;AAElG,SAAI,CAAC,MAAM,SAAS,MAAM,UAAU,UAChC,KAAI;MACA,MAAM,UAAU,qBAAqB,MAAM,KAAK,MAAM,MAAM;AAC5D,UAAI,oBAAoB,UAAa,kBAAkB,SACnD,SAAQ,KAAK;AAEjB,OAAC,KAAK,KAAK,eAAe,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM;cAEtE,OAAO;AACV,OAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM;;;YAKhF,OAAO;AAEV,KAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,sBAAM,IAAI,MAAM,4BAA4B;AAE7G,QAAI,mBACA,KAAK,oBACL,CAAC,KAAK,iBAAiB,OAAO,QAE9B,KAAI;AACA,UAAK,sBAAsB;MACvB,iBAAiB;MACjB;MACA;QACD;aAEAC,SAAO;AACV,MAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,sBAAM,IAAI,MAAM,wBAAwBA,mBAAiB,QAAQA,QAAM,UAAU,OAAOA;;;;AAKzK;;CAEJ,MAAM,QAAQ;AACV,MAAI,KAAK,iBACL,OAAM,IAAI,MAAM;AAEpB,OAAK,mBAAmB,IAAI;;;;;CAKhC,MAAM,WAAW,mBAAmB;AAChC,MAAI,CAAC,KAAK,cACN,OAAM,IAAI,kBAAkB;EAEhC,MAAM,SAAS,MAAM,KAAK,KAAK,eAAe;GAAE,WAAW,KAAK;GAAM;GAAmB,qBAAqB,KAAK;GAAsB,SAAS,KAAK;;AACvJ,MAAI,WAAW,aACX,OAAM,IAAI,kBAAkB;;CAGpC,MAAM,QAAQ;EACV,IAAI,IAAI;AAER,GAAC,KAAK,KAAK,sBAAsB,QAAQ,OAAO,KAAK,KAAa,GAAG;AACrE,GAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK;;CAErE,MAAM,KAAK,SAAS,SAAS;EACzB,IAAI,IAAI,IAAI,IAAI;AAChB,MAAI;GACA,MAAM,EAAE,iBAAiB,sBAAsB,WAAW;AAC1D,OAAI,iBAAiB;AAEjB,SAAK,gBAAgB;KAAE;KAAiB,iBAAiB,iBAAiB,WAAW,QAAQ,KAAK;OAAa,OAAM,QAAO;KAAE,IAAID;AAAI,aAAQ,OAAK,KAAK,aAAa,QAAQA,SAAO,KAAK,IAAI,KAAK,IAAIA,KAAG,KAAK,MAAM;;AACpN;;GAEJ,MAAM,UAAU,MAAM,KAAK;AAC3B,WAAQ,IAAI,gBAAgB;AAC5B,WAAQ,IAAI,UAAU;GACtB,MAAM,OAAO;IACT,GAAG,KAAK;IACR,QAAQ;IACR;IACA,MAAM,KAAK,UAAU;IACrB,SAAS,KAAK,KAAK,sBAAsB,QAAQ,OAAO,KAAK,IAAI,KAAK,IAAI,GAAG;;GAEjF,MAAM,WAAW,QAAQ,KAAK,KAAK,YAAY,QAAQ,OAAO,KAAK,IAAI,KAAK,OAAO,KAAK,MAAM;GAE9F,MAAM,YAAY,SAAS,QAAQ,IAAI;AACvC,OAAI,UACA,MAAK,aAAa;AAEtB,OAAI,CAAC,SAAS,IAAI;AACd,QAAI,SAAS,WAAW,OAAO,KAAK,eAAe;AAC/C,UAAK,uBAAuB,2BAA2B;KACvD,MAAM,SAAS,MAAM,KAAK,KAAK,eAAe;MAAE,WAAW,KAAK;MAAM,qBAAqB,KAAK;MAAsB,SAAS,KAAK;;AACpI,SAAI,WAAW,aACX,OAAM,IAAI;AAGd,YAAO,KAAK,KAAK;;IAErB,MAAM,OAAO,MAAM,SAAS,OAAO,YAAY;AAC/C,UAAM,IAAI,MAAM,mCAAmC,SAAS,OAAO,KAAK;;AAG5E,OAAI,SAAS,WAAW,KAAK;AAGzB,QAAI,0BAA0B,SAE1B,MAAK,gBAAgB,EAAE,iBAAiB,UAAa,OAAM,QAAO;KAAE,IAAIA;AAAI,aAAQ,OAAK,KAAK,aAAa,QAAQA,SAAO,KAAK,IAAI,KAAK,IAAIA,KAAG,KAAK,MAAM;;AAE9J;;GAGJ,MAAM,WAAW,MAAM,QAAQ,WAAW,UAAU,CAAC;GACrD,MAAM,cAAc,SAAS,QAAO,QAAO,YAAY,OAAO,QAAQ,OAAO,IAAI,OAAO,QAAW,SAAS;GAE5G,MAAM,cAAc,SAAS,QAAQ,IAAI;AACzC,OAAI,YACA,KAAI,gBAAgB,QAAQ,gBAAgB,KAAK,IAAI,KAAK,IAAI,YAAY,SAAS,qBAI/E,MAAK,iBAAiB,SAAS,MAAM,EAAE,qBAAqB;YAEvD,gBAAgB,QAAQ,gBAAgB,KAAK,IAAI,KAAK,IAAI,YAAY,SAAS,qBAAqB;IAEzG,MAAM,OAAO,MAAM,SAAS;IAC5B,MAAM,mBAAmB,MAAM,QAAQ,QACjC,KAAK,KAAI,QAAO,qBAAqB,MAAM,QAC3C,CAAC,qBAAqB,MAAM;AAClC,SAAK,MAAM,OAAO,iBACd,EAAC,KAAK,KAAK,eAAe,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM;SAI7E,OAAM,IAAI,oBAAoB,IAAI,4BAA4B;WAInE,OAAO;AACV,IAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM;AACvE,SAAM;;;CAGd,IAAI,YAAY;AACZ,SAAO,KAAK;;;;;;;;;;;;;CAahB,MAAM,mBAAmB;EACrB,IAAI,IAAI,IAAI;AACZ,MAAI,CAAC,KAAK,WACN;AAEJ,MAAI;GACA,MAAM,UAAU,MAAM,KAAK;GAC3B,MAAM,OAAO;IACT,GAAG,KAAK;IACR,QAAQ;IACR;IACA,SAAS,KAAK,KAAK,sBAAsB,QAAQ,OAAO,KAAK,IAAI,KAAK,IAAI,GAAG;;GAEjF,MAAM,WAAW,QAAQ,KAAK,KAAK,YAAY,QAAQ,OAAO,KAAK,IAAI,KAAK,OAAO,KAAK,MAAM;AAG9F,OAAI,CAAC,SAAS,MAAM,SAAS,WAAW,IACpC,OAAM,IAAI,oBAAoB,SAAS,QAAQ,gCAAgC,SAAS;AAE5F,QAAK,aAAa;WAEf,OAAO;AACV,IAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM;AACvE,SAAM;;;CAGd,mBAAmB,SAAS;AACxB,OAAK,mBAAmB;;CAE5B,IAAI,kBAAkB;AAClB,SAAO,KAAK;;;;;;;;;;;AC5WpB,IAAa,uBAAb,MAAkC;CAC9B,YAAY,SAAS,QAAQ,OAAO,UAAU,QAAQ,QAAQ;AAC1D,OAAK,SAAS;AACd,OAAK,UAAU;AACf,OAAK,cAAc,IAAI;AACvB,OAAK,WAAW;AAEhB,OAAK,WAAW,UAAU;AACtB,QAAK,YAAY,OAAO;AACxB,QAAK;;AAET,OAAK,YAAY,UAAU;GACvB,IAAI;AACJ,IAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM;;;;;;CAM/E,MAAM,QAAQ;AACV,MAAI,KAAK,SACL,OAAM,IAAI,MAAM;AAEpB,OAAK,WAAW;AAChB,OAAK,OAAO,GAAG,QAAQ,KAAK;AAC5B,OAAK,OAAO,GAAG,SAAS,KAAK;;CAEjC,oBAAoB;EAChB,IAAI,IAAI;AACR,SAAO,KACH,KAAI;GACA,MAAM,UAAU,KAAK,YAAY;AACjC,OAAI,YAAY,KACZ;AAEJ,IAAC,KAAK,KAAK,eAAe,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM;WAEtE,OAAO;AACV,IAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM;;;CAInF,MAAM,QAAQ;EACV,IAAI;AAEJ,OAAK,OAAO,IAAI,QAAQ,KAAK;AAC7B,OAAK,OAAO,IAAI,SAAS,KAAK;EAE9B,MAAM,yBAAyB,KAAK,OAAO,cAAc;AACzD,MAAI,2BAA2B,EAG3B,MAAK,OAAO;AAGhB,OAAK,YAAY;AACjB,GAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK;;CAErE,KAAK,SAAS;AACV,SAAO,IAAI,SAAS,YAAY;GAC5B,MAAM,OAAO,iBAAiB;AAC9B,OAAI,KAAK,QAAQ,MAAM,MACnB;OAGA,MAAK,QAAQ,KAAK,SAAS;;;;;;;AC9D3C,IAAY,oDAAL;AACL;AACA;;;AAGF,MAAa,mBAAmB,OAAO,EACrC,iBACA,kBACA,YACA,mBAAmB,IACnB,UASqB;CACrB,IAAIE;AACJ,SAAQ,YAAR;EACE,KAAK,WAAW;AACd,eAAY,IAAI,mBAAmB,IAAI,IAAI,MAAM;AACjD;EACF,QACE,aAAY,IAAI,8BACd,IAAI,IAAI,MACR;;CAGN,MAAM,eAAe,mBACjB,MAAM,qBACN,IAAI,OACF;EACE,MAAM;EACN,SAAS;IAEX,EACE,cAAc;AAItB,OAAM,aAAa,QAAQ;CAE3B,MAAM,gBAAgB,aAAa;CAKnC,MAAM,qBAAqB,aAAa;CAIxC,MAAM,cAAc,kBAChB,MAAM,oBACN,IAAI,OAAO,eAAe,EACxB,cAAc;CAGpB,MAAM,iBAAiB,IAAI;AAE3B,OAAM,YAAY,QAAQ;AAE1B,OAAM,YAAY;EAChB,QAAQ;EACR,QAAQ;EACR;;AAGF,QAAO;;;;;ACtDT,MAAa,gBACX,WACA,iBACc;CACd,MAAM,gBAAgB,UAAU,MAAM,KAAK;CAC3C,MAAM,kBAAkB,UAAU,SAAS,KAAK;CAChD,MAAM,kBAAkB,UAAU,SAAS,KAAK;CAChD,MAAM,oBAAoB,UAAU,WAAW,KAAK;CACpD,MAAM,eAAe,UAAU,KAAK,KAAK;CACzC,MAAM,gBAAgB,UAAU,MAAM,KAAK;AAE3C,WAAU,QAAQ,YAAY;AAC5B,eAAa,EACX,MAAM;AAGR,SAAO;;AAGT,WAAU,UAAU,YAAY;AAC9B,eAAa,EACX,MAAM;AAGR,SAAO;;AAGT,WAAU,UAAU,OAAO,UAAiB;AAC1C,eAAa;GACX;GACA,MAAM;;AAGR,SAAO,kBAAkB;;AAG3B,WAAU,YAAY,OAAO,YAA4B;AACvD,eAAa;GACX;GACA,MAAM;;AAGR,SAAO,oBAAoB;;AAG7B,WAAU,OAAO,OAAO,YAA4B;AAClD,eAAa;GACX;GACA,MAAM;;AAGR,SAAO,eAAe;;AAGxB,WAAU,QAAQ,YAAY;AAC5B,eAAa,EACX,MAAM;AAGR,SAAO;;AAGT,QAAO"}
1	+ {"version":3,"file":"index.js","names":["z.string","z.NEVER","z\n .object","z.array","z.boolean","z\n .array","z.number","z.object","z.any","codeVerifier","tokens","_a","_b","_a","error","transport: SSEClientTransport \| StreamableHTTPClientTransport"],"sources":["../node_modules/.pnpm/eventsource-parser@3.0.6/node_modules/eventsource-parser/dist/index.js","../node_modules/.pnpm/eventsource@3.0.7/node_modules/eventsource/dist/index.js","../node_modules/.pnpm/pkce-challenge@5.0.0/node_modules/pkce-challenge/dist/index.node.js","../node_modules/.pnpm/@modelcontextprotocol+sdk@1.18.1/node_modules/@modelcontextprotocol/sdk/dist/esm/shared/auth.js","../node_modules/.pnpm/@modelcontextprotocol+sdk@1.18.1/node_modules/@modelcontextprotocol/sdk/dist/esm/shared/auth-utils.js","../node_modules/.pnpm/@modelcontextprotocol+sdk@1.18.1/node_modules/@modelcontextprotocol/sdk/dist/esm/server/auth/errors.js","../node_modules/.pnpm/@modelcontextprotocol+sdk@1.18.1/node_modules/@modelcontextprotocol/sdk/dist/esm/client/auth.js","../node_modules/.pnpm/@modelcontextprotocol+sdk@1.18.1/node_modules/@modelcontextprotocol/sdk/dist/esm/client/sse.js","../node_modules/.pnpm/eventsource-parser@3.0.6/node_modules/eventsource-parser/dist/stream.js","../node_modules/.pnpm/@modelcontextprotocol+sdk@1.18.1/node_modules/@modelcontextprotocol/sdk/dist/esm/client/streamableHttp.js","../node_modules/.pnpm/@modelcontextprotocol+sdk@1.18.1/node_modules/@modelcontextprotocol/sdk/dist/esm/server/stdio.js","../src/startStdioServer.ts","../src/tapTransport.ts"],"sourcesContent":["class ParseError extends Error {\n constructor(message, options) {\n super(message), this.name = \"ParseError\", this.type = options.type, this.field = options.field, this.value = options.value, this.line = options.line;\n }\n}\nfunction noop(_arg) {\n}\nfunction createParser(callbacks) {\n if (typeof callbacks == \"function\")\n throw new TypeError(\n \"`callbacks` must be an object, got a function instead. Did you mean `{onEvent: fn}`?\"\n );\n const { onEvent = noop, onError = noop, onRetry = noop, onComment } = callbacks;\n let incompleteLine = \"\", isFirstChunk = !0, id, data = \"\", eventType = \"\";\n function feed(newChunk) {\n const chunk = isFirstChunk ? newChunk.replace(/^\\xEF\\xBB\\xBF/, \"\") : newChunk, [complete, incomplete] = splitLines(`${incompleteLine}${chunk}`);\n for (const line of complete)\n parseLine(line);\n incompleteLine = incomplete, isFirstChunk = !1;\n }\n function parseLine(line) {\n if (line === \"\") {\n dispatchEvent();\n return;\n }\n if (line.startsWith(\":\")) {\n onComment && onComment(line.slice(line.startsWith(\": \") ? 2 : 1));\n return;\n }\n const fieldSeparatorIndex = line.indexOf(\":\");\n if (fieldSeparatorIndex !== -1) {\n const field = line.slice(0, fieldSeparatorIndex), offset = line[fieldSeparatorIndex + 1] === \" \" ? 2 : 1, value = line.slice(fieldSeparatorIndex + offset);\n processField(field, value, line);\n return;\n }\n processField(line, \"\", line);\n }\n function processField(field, value, line) {\n switch (field) {\n case \"event\":\n eventType = value;\n break;\n case \"data\":\n data = `${data}${value}\n`;\n break;\n case \"id\":\n id = value.includes(\"\\0\") ? void 0 : value;\n break;\n case \"retry\":\n /^\\d+$/.test(value) ? onRetry(parseInt(value, 10)) : onError(\n new ParseError(`Invalid \\`retry\\` value: \"${value}\"`, {\n type: \"invalid-retry\",\n value,\n line\n })\n );\n break;\n default:\n onError(\n new ParseError(\n `Unknown field \"${field.length > 20 ? `${field.slice(0, 20)}\\u2026` : field}\"`,\n { type: \"unknown-field\", field, value, line }\n )\n );\n break;\n }\n }\n function dispatchEvent() {\n data.length > 0 && onEvent({\n id,\n event: eventType \|\| void 0,\n // If the data buffer's last character is a U+000A LINE FEED (LF) character,\n // then remove the last character from the data buffer.\n data: data.endsWith(`\n`) ? data.slice(0, -1) : data\n }), id = void 0, data = \"\", eventType = \"\";\n }\n function reset(options = {}) {\n incompleteLine && options.consume && parseLine(incompleteLine), isFirstChunk = !0, id = void 0, data = \"\", eventType = \"\", incompleteLine = \"\";\n }\n return { feed, reset };\n}\nfunction splitLines(chunk) {\n const lines = [];\n let incompleteLine = \"\", searchIndex = 0;\n for (; searchIndex < chunk.length; ) {\n const crIndex = chunk.indexOf(\"\\r\", searchIndex), lfIndex = chunk.indexOf(`\n`, searchIndex);\n let lineEnd = -1;\n if (crIndex !== -1 && lfIndex !== -1 ? lineEnd = Math.min(crIndex, lfIndex) : crIndex !== -1 ? crIndex === chunk.length - 1 ? lineEnd = -1 : lineEnd = crIndex : lfIndex !== -1 && (lineEnd = lfIndex), lineEnd === -1) {\n incompleteLine = chunk.slice(searchIndex);\n break;\n } else {\n const line = chunk.slice(searchIndex, lineEnd);\n lines.push(line), searchIndex = lineEnd + 1, chunk[searchIndex - 1] === \"\\r\" && chunk[searchIndex] === `\n` && searchIndex++;\n }\n }\n return [lines, incompleteLine];\n}\nexport {\n ParseError,\n createParser\n};\n//# sourceMappingURL=index.js.map\n","import { createParser } from \"eventsource-parser\";\nclass ErrorEvent extends Event {\n /*\n Constructs a new `ErrorEvent` instance. This is typically not called directly,\n * but rather emitted by the `EventSource` object when an error occurs.\n \n @param type - The type of the event (should be \"error\")\n * @param errorEventInitDict - Optional properties to include in the error event\n /\n constructor(type, errorEventInitDict) {\n var _a, _b;\n super(type), this.code = (_a = errorEventInitDict == null ? void 0 : errorEventInitDict.code) != null ? _a : void 0, this.message = (_b = errorEventInitDict == null ? void 0 : errorEventInitDict.message) != null ? _b : void 0;\n }\n /\n Node.js \"hides\" the `message` and `code` properties of the `ErrorEvent` instance,\n * when it is `console.log`'ed. This makes it harder to debug errors. To ease debugging,\n * we explicitly include the properties in the `inspect` method.\n \n This is automatically called by Node.js when you `console.log` an instance of this class.\n \n @param _depth - The current depth\n * @param options - The options passed to `util.inspect`\n * @param inspect - The inspect function to use (prevents having to import it from `util`)\n * @returns A string representation of the error\n /\n [Symbol.for(\"nodejs.util.inspect.custom\")](_depth, options, inspect) {\n return inspect(inspectableError(this), options);\n }\n /\n Deno \"hides\" the `message` and `code` properties of the `ErrorEvent` instance,\n * when it is `console.log`'ed. This makes it harder to debug errors. To ease debugging,\n * we explicitly include the properties in the `inspect` method.\n \n This is automatically called by Deno when you `console.log` an instance of this class.\n \n @param inspect - The inspect function to use (prevents having to import it from `util`)\n * @param options - The options passed to `Deno.inspect`\n * @returns A string representation of the error\n /\n [Symbol.for(\"Deno.customInspect\")](inspect, options) {\n return inspect(inspectableError(this), options);\n }\n}\nfunction syntaxError(message) {\n const DomException = globalThis.DOMException;\n return typeof DomException == \"function\" ? new DomException(message, \"SyntaxError\") : new SyntaxError(message);\n}\nfunction flattenError(err) {\n return err instanceof Error ? \"errors\" in err && Array.isArray(err.errors) ? err.errors.map(flattenError).join(\", \") : \"cause\" in err && err.cause instanceof Error ? `${err}: ${flattenError(err.cause)}` : err.message : `${err}`;\n}\nfunction inspectableError(err) {\n return {\n type: err.type,\n message: err.message,\n code: err.code,\n defaultPrevented: err.defaultPrevented,\n cancelable: err.cancelable,\n timeStamp: err.timeStamp\n };\n}\nvar __typeError = (msg) => {\n throw TypeError(msg);\n}, __accessCheck = (obj, member, msg) => member.has(obj) \|\| __typeError(\"Cannot \" + msg), __privateGet = (obj, member, getter) => (__accessCheck(obj, member, \"read from private field\"), getter ? getter.call(obj) : member.get(obj)), __privateAdd = (obj, member, value) => member.has(obj) ? __typeError(\"Cannot add the same private member more than once\") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value), __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, \"write to private field\"), member.set(obj, value), value), __privateMethod = (obj, member, method) => (__accessCheck(obj, member, \"access private method\"), method), _readyState, _url, _redirectUrl, _withCredentials, _fetch, _reconnectInterval, _reconnectTimer, _lastEventId, _controller, _parser, _onError, _onMessage, _onOpen, _EventSource_instances, connect_fn, _onFetchResponse, _onFetchError, getRequestOptions_fn, _onEvent, _onRetryChange, failConnection_fn, scheduleReconnect_fn, _reconnect;\nclass EventSource extends EventTarget {\n constructor(url, eventSourceInitDict) {\n var _a, _b;\n super(), __privateAdd(this, _EventSource_instances), this.CONNECTING = 0, this.OPEN = 1, this.CLOSED = 2, __privateAdd(this, _readyState), __privateAdd(this, _url), __privateAdd(this, _redirectUrl), __privateAdd(this, _withCredentials), __privateAdd(this, _fetch), __privateAdd(this, _reconnectInterval), __privateAdd(this, _reconnectTimer), __privateAdd(this, _lastEventId, null), __privateAdd(this, _controller), __privateAdd(this, _parser), __privateAdd(this, _onError, null), __privateAdd(this, _onMessage, null), __privateAdd(this, _onOpen, null), __privateAdd(this, _onFetchResponse, async (response) => {\n var _a2;\n __privateGet(this, _parser).reset();\n const { body, redirected, status, headers } = response;\n if (status === 204) {\n __privateMethod(this, _EventSource_instances, failConnection_fn).call(this, \"Server sent HTTP 204, not reconnecting\", 204), this.close();\n return;\n }\n if (redirected ? __privateSet(this, _redirectUrl, new URL(response.url)) : __privateSet(this, _redirectUrl, void 0), status !== 200) {\n __privateMethod(this, _EventSource_instances, failConnection_fn).call(this, `Non-200 status code (${status})`, status);\n return;\n }\n if (!(headers.get(\"content-type\") \|\| \"\").startsWith(\"text/event-stream\")) {\n __privateMethod(this, _EventSource_instances, failConnection_fn).call(this, 'Invalid content type, expected \"text/event-stream\"', status);\n return;\n }\n if (__privateGet(this, _readyState) === this.CLOSED)\n return;\n __privateSet(this, _readyState, this.OPEN);\n const openEvent = new Event(\"open\");\n if ((_a2 = __privateGet(this, _onOpen)) == null \|\| _a2.call(this, openEvent), this.dispatchEvent(openEvent), typeof body != \"object\" \|\| !body \|\| !(\"getReader\" in body)) {\n __privateMethod(this, _EventSource_instances, failConnection_fn).call(this, \"Invalid response body, expected a web ReadableStream\", status), this.close();\n return;\n }\n const decoder = new TextDecoder(), reader = body.getReader();\n let open = !0;\n do {\n const { done, value } = await reader.read();\n value && __privateGet(this, _parser).feed(decoder.decode(value, { stream: !done })), done && (open = !1, __privateGet(this, _parser).reset(), __privateMethod(this, _EventSource_instances, scheduleReconnect_fn).call(this));\n } while (open);\n }), __privateAdd(this, _onFetchError, (err) => {\n __privateSet(this, _controller, void 0), !(err.name === \"AbortError\" \|\| err.type === \"aborted\") && __privateMethod(this, _EventSource_instances, scheduleReconnect_fn).call(this, flattenError(err));\n }), __privateAdd(this, _onEvent, (event) => {\n typeof event.id == \"string\" && __privateSet(this, _lastEventId, event.id);\n const messageEvent = new MessageEvent(event.event \|\| \"message\", {\n data: event.data,\n origin: __privateGet(this, _redirectUrl) ? __privateGet(this, _redirectUrl).origin : __privateGet(this, _url).origin,\n lastEventId: event.id \|\| \"\"\n });\n __privateGet(this, _onMessage) && (!event.event \|\| event.event === \"message\") && __privateGet(this, _onMessage).call(this, messageEvent), this.dispatchEvent(messageEvent);\n }), __privateAdd(this, _onRetryChange, (value) => {\n __privateSet(this, _reconnectInterval, value);\n }), __privateAdd(this, _reconnect, () => {\n __privateSet(this, _reconnectTimer, void 0), __privateGet(this, _readyState) === this.CONNECTING && __privateMethod(this, _EventSource_instances, connect_fn).call(this);\n });\n try {\n if (url instanceof URL)\n __privateSet(this, _url, url);\n else if (typeof url == \"string\")\n __privateSet(this, _url, new URL(url, getBaseURL()));\n else\n throw new Error(\"Invalid URL\");\n } catch {\n throw syntaxError(\"An invalid or illegal string was specified\");\n }\n __privateSet(this, _parser, createParser({\n onEvent: __privateGet(this, _onEvent),\n onRetry: __privateGet(this, _onRetryChange)\n })), __privateSet(this, _readyState, this.CONNECTING), __privateSet(this, _reconnectInterval, 3e3), __privateSet(this, _fetch, (_a = eventSourceInitDict == null ? void 0 : eventSourceInitDict.fetch) != null ? _a : globalThis.fetch), __privateSet(this, _withCredentials, (_b = eventSourceInitDict == null ? void 0 : eventSourceInitDict.withCredentials) != null ? _b : !1), __privateMethod(this, _EventSource_instances, connect_fn).call(this);\n }\n /\n Returns the state of this EventSource object's connection. It can have the values described below.\n \n [MDN Reference](https://developer.mozilla.org/docs/Web/API/EventSource/readyState)\n \n Note: typed as `number` instead of `0 \| 1 \| 2` for compatibility with the `EventSource` interface,\n * defined in the TypeScript `dom` library.\n \n @public\n /\n get readyState() {\n return __privateGet(this, _readyState);\n }\n /\n Returns the URL providing the event stream.\n \n [MDN Reference](https://developer.mozilla.org/docs/Web/API/EventSource/url)\n \n @public\n /\n get url() {\n return __privateGet(this, _url).href;\n }\n /\n Returns true if the credentials mode for connection requests to the URL providing the event stream is set to \"include\", and false otherwise.\n \n [MDN Reference](https://developer.mozilla.org/docs/Web/API/EventSource/withCredentials)\n /\n get withCredentials() {\n return __privateGet(this, _withCredentials);\n }\n /* [MDN Reference](https://developer.mozilla.org/docs/Web/API/EventSource/error_event) /\n get onerror() {\n return __privateGet(this, _onError);\n }\n set onerror(value) {\n __privateSet(this, _onError, value);\n }\n /* [MDN Reference](https://developer.mozilla.org/docs/Web/API/EventSource/message_event) /\n get onmessage() {\n return __privateGet(this, _onMessage);\n }\n set onmessage(value) {\n __privateSet(this, _onMessage, value);\n }\n /* [MDN Reference](https://developer.mozilla.org/docs/Web/API/EventSource/open_event) /\n get onopen() {\n return __privateGet(this, _onOpen);\n }\n set onopen(value) {\n __privateSet(this, _onOpen, value);\n }\n addEventListener(type, listener, options) {\n const listen = listener;\n super.addEventListener(type, listen, options);\n }\n removeEventListener(type, listener, options) {\n const listen = listener;\n super.removeEventListener(type, listen, options);\n }\n /\n Aborts any instances of the fetch algorithm started for this EventSource object, and sets the readyState attribute to CLOSED.\n \n [MDN Reference](https://developer.mozilla.org/docs/Web/API/EventSource/close)\n \n @public\n /\n close() {\n __privateGet(this, _reconnectTimer) && clearTimeout(__privateGet(this, _reconnectTimer)), __privateGet(this, _readyState) !== this.CLOSED && (__privateGet(this, _controller) && __privateGet(this, _controller).abort(), __privateSet(this, _readyState, this.CLOSED), __privateSet(this, _controller, void 0));\n }\n}\n_readyState = / @__PURE__ / new WeakMap(), _url = / @__PURE__ / new WeakMap(), _redirectUrl = / @__PURE__ / new WeakMap(), _withCredentials = / @__PURE__ / new WeakMap(), _fetch = / @__PURE__ / new WeakMap(), _reconnectInterval = / @__PURE__ / new WeakMap(), _reconnectTimer = / @__PURE__ / new WeakMap(), _lastEventId = / @__PURE__ / new WeakMap(), _controller = / @__PURE__ / new WeakMap(), _parser = / @__PURE__ / new WeakMap(), _onError = / @__PURE__ / new WeakMap(), _onMessage = / @__PURE__ / new WeakMap(), _onOpen = / @__PURE__ / new WeakMap(), _EventSource_instances = / @__PURE__ / new WeakSet(), /\n Connect to the given URL and start receiving events\n\n @internal\n/\nconnect_fn = function() {\n __privateSet(this, _readyState, this.CONNECTING), __privateSet(this, _controller, new AbortController()), __privateGet(this, _fetch)(__privateGet(this, _url), __privateMethod(this, _EventSource_instances, getRequestOptions_fn).call(this)).then(__privateGet(this, _onFetchResponse)).catch(__privateGet(this, _onFetchError));\n}, _onFetchResponse = / @__PURE__ / new WeakMap(), _onFetchError = / @__PURE__ / new WeakMap(), /\n Get request options for the `fetch()` request\n\n @returns The request options\n* @internal\n/\ngetRequestOptions_fn = function() {\n var _a;\n const init = {\n // [spec] Let `corsAttributeState` be `Anonymous`…\n // [spec] …will have their mode set to \"cors\"…\n mode: \"cors\",\n redirect: \"follow\",\n headers: { Accept: \"text/event-stream\", ...__privateGet(this, _lastEventId) ? { \"Last-Event-ID\": __privateGet(this, _lastEventId) } : void 0 },\n cache: \"no-store\",\n signal: (_a = __privateGet(this, _controller)) == null ? void 0 : _a.signal\n };\n return \"window\" in globalThis && (init.credentials = this.withCredentials ? \"include\" : \"same-origin\"), init;\n}, _onEvent = / @__PURE__ / new WeakMap(), _onRetryChange = / @__PURE__ / new WeakMap(), /\n Handles the process referred to in the EventSource specification as \"failing a connection\".\n\n @param error - The error causing the connection to fail\n* @param code - The HTTP status code, if available\n* @internal\n/\nfailConnection_fn = function(message, code) {\n var _a;\n __privateGet(this, _readyState) !== this.CLOSED && __privateSet(this, _readyState, this.CLOSED);\n const errorEvent = new ErrorEvent(\"error\", { code, message });\n (_a = __privateGet(this, _onError)) == null \|\| _a.call(this, errorEvent), this.dispatchEvent(errorEvent);\n}, /\n Schedules a reconnection attempt against the EventSource endpoint.\n\n @param message - The error causing the connection to fail\n* @param code - The HTTP status code, if available\n* @internal\n/\nscheduleReconnect_fn = function(message, code) {\n var _a;\n if (__privateGet(this, _readyState) === this.CLOSED)\n return;\n __privateSet(this, _readyState, this.CONNECTING);\n const errorEvent = new ErrorEvent(\"error\", { code, message });\n (_a = __privateGet(this, _onError)) == null \|\| _a.call(this, errorEvent), this.dispatchEvent(errorEvent), __privateSet(this, _reconnectTimer, setTimeout(__privateGet(this, _reconnect), __privateGet(this, _reconnectInterval)));\n}, _reconnect = / @__PURE__ / new WeakMap(), /\n ReadyState representing an EventSource currently trying to connect\n\n @public\n/\nEventSource.CONNECTING = 0, /\n ReadyState representing an EventSource connection that is open (eg connected)\n\n @public\n/\nEventSource.OPEN = 1, /\n ReadyState representing an EventSource connection that is closed (eg disconnected)\n\n @public\n/\nEventSource.CLOSED = 2;\nfunction getBaseURL() {\n const doc = \"document\" in globalThis ? globalThis.document : void 0;\n return doc && typeof doc == \"object\" && \"baseURI\" in doc && typeof doc.baseURI == \"string\" ? doc.baseURI : void 0;\n}\nexport {\n ErrorEvent,\n EventSource\n};\n//# sourceMappingURL=index.js.map\n","let crypto;\ncrypto =\n globalThis.crypto?.webcrypto ?? // Node.js [18-16] REPL\n globalThis.crypto ?? // Node.js >18\n import(\"node:crypto\").then(m => m.webcrypto); // Node.js <18 Non-REPL\n/\n Creates an array of length `size` of random bytes\n * @param size\n * @returns Array of random ints (0 to 255)\n /\nasync function getRandomValues(size) {\n return (await crypto).getRandomValues(new Uint8Array(size));\n}\n/* Generate cryptographically strong random string\n * @param size The desired length of the string\n * @returns The random string\n /\nasync function random(size) {\n const mask = \"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~\";\n let result = \"\";\n const randomUints = await getRandomValues(size);\n for (let i = 0; i < size; i++) {\n // cap the value of the randomIndex to mask.length - 1\n const randomIndex = randomUints[i] % mask.length;\n result += mask[randomIndex];\n }\n return result;\n}\n/* Generate a PKCE challenge verifier\n * @param length Length of the verifier\n * @returns A random verifier `length` characters long\n /\nasync function generateVerifier(length) {\n return await random(length);\n}\n/* Generate a PKCE code challenge from a code verifier\n * @param code_verifier\n * @returns The base64 url encoded code challenge\n /\nexport async function generateChallenge(code_verifier) {\n const buffer = await (await crypto).subtle.digest(\"SHA-256\", new TextEncoder().encode(code_verifier));\n // Generate base64url string\n // btoa is deprecated in Node.js but is used here for web browser compatibility\n // (which has no good replacement yet, see also https://github.com/whatwg/html/issues/6811)\n return btoa(String.fromCharCode(...new Uint8Array(buffer)))\n .replace(/\\//g, '_')\n .replace(/\\+/g, '-')\n .replace(/=/g, '');\n}\n/* Generate a PKCE challenge pair\n * @param length Length of the verifer (between 43-128). Defaults to 43.\n * @returns PKCE challenge pair\n /\nexport default async function pkceChallenge(length) {\n if (!length)\n length = 43;\n if (length < 43 \|\| length > 128) {\n throw `Expected a length between 43 and 128. Received ${length}.`;\n }\n const verifier = await generateVerifier(length);\n const challenge = await generateChallenge(verifier);\n return {\n code_verifier: verifier,\n code_challenge: challenge,\n };\n}\n/* Verify that a code_verifier produces the expected code challenge\n * @param code_verifier\n * @param expectedChallenge The code challenge to verify\n * @returns True if challenges are equal. False otherwise.\n /\nexport async function verifyChallenge(code_verifier, expectedChallenge) {\n const actualChallenge = await generateChallenge(code_verifier);\n return actualChallenge === expectedChallenge;\n}\n","import { z } from \"zod\";\n/\n Reusable URL validation that disallows javascript: scheme\n /\nexport const SafeUrlSchema = z.string().url()\n .superRefine((val, ctx) => {\n if (!URL.canParse(val)) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: \"URL must be parseable\",\n fatal: true,\n });\n return z.NEVER;\n }\n}).refine((url) => {\n const u = new URL(url);\n return u.protocol !== 'javascript:' && u.protocol !== 'data:' && u.protocol !== 'vbscript:';\n}, { message: \"URL cannot use javascript:, data:, or vbscript: scheme\" });\n/\n RFC 9728 OAuth Protected Resource Metadata\n /\nexport const OAuthProtectedResourceMetadataSchema = z\n .object({\n resource: z.string().url(),\n authorization_servers: z.array(SafeUrlSchema).optional(),\n jwks_uri: z.string().url().optional(),\n scopes_supported: z.array(z.string()).optional(),\n bearer_methods_supported: z.array(z.string()).optional(),\n resource_signing_alg_values_supported: z.array(z.string()).optional(),\n resource_name: z.string().optional(),\n resource_documentation: z.string().optional(),\n resource_policy_uri: z.string().url().optional(),\n resource_tos_uri: z.string().url().optional(),\n tls_client_certificate_bound_access_tokens: z.boolean().optional(),\n authorization_details_types_supported: z.array(z.string()).optional(),\n dpop_signing_alg_values_supported: z.array(z.string()).optional(),\n dpop_bound_access_tokens_required: z.boolean().optional(),\n})\n .passthrough();\n/\n RFC 8414 OAuth 2.0 Authorization Server Metadata\n /\nexport const OAuthMetadataSchema = z\n .object({\n issuer: z.string(),\n authorization_endpoint: SafeUrlSchema,\n token_endpoint: SafeUrlSchema,\n registration_endpoint: SafeUrlSchema.optional(),\n scopes_supported: z.array(z.string()).optional(),\n response_types_supported: z.array(z.string()),\n response_modes_supported: z.array(z.string()).optional(),\n grant_types_supported: z.array(z.string()).optional(),\n token_endpoint_auth_methods_supported: z.array(z.string()).optional(),\n token_endpoint_auth_signing_alg_values_supported: z\n .array(z.string())\n .optional(),\n service_documentation: SafeUrlSchema.optional(),\n revocation_endpoint: SafeUrlSchema.optional(),\n revocation_endpoint_auth_methods_supported: z.array(z.string()).optional(),\n revocation_endpoint_auth_signing_alg_values_supported: z\n .array(z.string())\n .optional(),\n introspection_endpoint: z.string().optional(),\n introspection_endpoint_auth_methods_supported: z\n .array(z.string())\n .optional(),\n introspection_endpoint_auth_signing_alg_values_supported: z\n .array(z.string())\n .optional(),\n code_challenge_methods_supported: z.array(z.string()).optional(),\n})\n .passthrough();\n/\n OpenID Connect Discovery 1.0 Provider Metadata\n * see: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata\n /\nexport const OpenIdProviderMetadataSchema = z\n .object({\n issuer: z.string(),\n authorization_endpoint: SafeUrlSchema,\n token_endpoint: SafeUrlSchema,\n userinfo_endpoint: SafeUrlSchema.optional(),\n jwks_uri: SafeUrlSchema,\n registration_endpoint: SafeUrlSchema.optional(),\n scopes_supported: z.array(z.string()).optional(),\n response_types_supported: z.array(z.string()),\n response_modes_supported: z.array(z.string()).optional(),\n grant_types_supported: z.array(z.string()).optional(),\n acr_values_supported: z.array(z.string()).optional(),\n subject_types_supported: z.array(z.string()),\n id_token_signing_alg_values_supported: z.array(z.string()),\n id_token_encryption_alg_values_supported: z.array(z.string()).optional(),\n id_token_encryption_enc_values_supported: z.array(z.string()).optional(),\n userinfo_signing_alg_values_supported: z.array(z.string()).optional(),\n userinfo_encryption_alg_values_supported: z.array(z.string()).optional(),\n userinfo_encryption_enc_values_supported: z.array(z.string()).optional(),\n request_object_signing_alg_values_supported: z.array(z.string()).optional(),\n request_object_encryption_alg_values_supported: z\n .array(z.string())\n .optional(),\n request_object_encryption_enc_values_supported: z\n .array(z.string())\n .optional(),\n token_endpoint_auth_methods_supported: z.array(z.string()).optional(),\n token_endpoint_auth_signing_alg_values_supported: z\n .array(z.string())\n .optional(),\n display_values_supported: z.array(z.string()).optional(),\n claim_types_supported: z.array(z.string()).optional(),\n claims_supported: z.array(z.string()).optional(),\n service_documentation: z.string().optional(),\n claims_locales_supported: z.array(z.string()).optional(),\n ui_locales_supported: z.array(z.string()).optional(),\n claims_parameter_supported: z.boolean().optional(),\n request_parameter_supported: z.boolean().optional(),\n request_uri_parameter_supported: z.boolean().optional(),\n require_request_uri_registration: z.boolean().optional(),\n op_policy_uri: SafeUrlSchema.optional(),\n op_tos_uri: SafeUrlSchema.optional(),\n})\n .passthrough();\n/\n OpenID Connect Discovery metadata that may include OAuth 2.0 fields\n * This schema represents the real-world scenario where OIDC providers\n * return a mix of OpenID Connect and OAuth 2.0 metadata fields\n /\nexport const OpenIdProviderDiscoveryMetadataSchema = OpenIdProviderMetadataSchema.merge(OAuthMetadataSchema.pick({\n code_challenge_methods_supported: true,\n}));\n/\n OAuth 2.1 token response\n /\nexport const OAuthTokensSchema = z\n .object({\n access_token: z.string(),\n id_token: z.string().optional(), // Optional for OAuth 2.1, but necessary in OpenID Connect\n token_type: z.string(),\n expires_in: z.number().optional(),\n scope: z.string().optional(),\n refresh_token: z.string().optional(),\n})\n .strip();\n/\n OAuth 2.1 error response\n /\nexport const OAuthErrorResponseSchema = z\n .object({\n error: z.string(),\n error_description: z.string().optional(),\n error_uri: z.string().optional(),\n});\n/\n RFC 7591 OAuth 2.0 Dynamic Client Registration metadata\n /\nexport const OAuthClientMetadataSchema = z.object({\n redirect_uris: z.array(SafeUrlSchema),\n token_endpoint_auth_method: z.string().optional(),\n grant_types: z.array(z.string()).optional(),\n response_types: z.array(z.string()).optional(),\n client_name: z.string().optional(),\n client_uri: SafeUrlSchema.optional(),\n logo_uri: SafeUrlSchema.optional(),\n scope: z.string().optional(),\n contacts: z.array(z.string()).optional(),\n tos_uri: SafeUrlSchema.optional(),\n policy_uri: z.string().optional(),\n jwks_uri: SafeUrlSchema.optional(),\n jwks: z.any().optional(),\n software_id: z.string().optional(),\n software_version: z.string().optional(),\n software_statement: z.string().optional(),\n}).strip();\n/\n RFC 7591 OAuth 2.0 Dynamic Client Registration client information\n /\nexport const OAuthClientInformationSchema = z.object({\n client_id: z.string(),\n client_secret: z.string().optional(),\n client_id_issued_at: z.number().optional(),\n client_secret_expires_at: z.number().optional(),\n}).strip();\n/\n RFC 7591 OAuth 2.0 Dynamic Client Registration full response (client information plus metadata)\n /\nexport const OAuthClientInformationFullSchema = OAuthClientMetadataSchema.merge(OAuthClientInformationSchema);\n/\n RFC 7591 OAuth 2.0 Dynamic Client Registration error response\n /\nexport const OAuthClientRegistrationErrorSchema = z.object({\n error: z.string(),\n error_description: z.string().optional(),\n}).strip();\n/\n RFC 7009 OAuth 2.0 Token Revocation request\n /\nexport const OAuthTokenRevocationRequestSchema = z.object({\n token: z.string(),\n token_type_hint: z.string().optional(),\n}).strip();\n//# sourceMappingURL=auth.js.map","/\n Utilities for handling OAuth resource URIs.\n /\n/\n Converts a server URL to a resource URL by removing the fragment.\n * RFC 8707 section 2 states that resource URIs \"MUST NOT include a fragment component\".\n * Keeps everything else unchanged (scheme, domain, port, path, query).\n /\nexport function resourceUrlFromServerUrl(url) {\n const resourceURL = typeof url === \"string\" ? new URL(url) : new URL(url.href);\n resourceURL.hash = ''; // Remove fragment\n return resourceURL;\n}\n/\n Checks if a requested resource URL matches a configured resource URL.\n * A requested resource matches if it has the same scheme, domain, port,\n * and its path starts with the configured resource's path.\n \n @param requestedResource The resource URL being requested\n * @param configuredResource The resource URL that has been configured\n * @returns true if the requested resource matches the configured resource, false otherwise\n /\nexport function checkResourceAllowed({ requestedResource, configuredResource }) {\n const requested = typeof requestedResource === \"string\" ? new URL(requestedResource) : new URL(requestedResource.href);\n const configured = typeof configuredResource === \"string\" ? new URL(configuredResource) : new URL(configuredResource.href);\n // Compare the origin (scheme, domain, and port)\n if (requested.origin !== configured.origin) {\n return false;\n }\n // Handle cases like requested=/foo and configured=/foo/\n if (requested.pathname.length < configured.pathname.length) {\n return false;\n }\n // Check if the requested path starts with the configured path\n // Ensure both paths end with / for proper comparison\n // This ensures that if we have paths like \"/api\" and \"/api/users\",\n // we properly detect that \"/api/users\" is a subpath of \"/api\"\n // By adding a trailing slash if missing, we avoid false positives\n // where paths like \"/api123\" would incorrectly match \"/api\"\n const requestedPath = requested.pathname.endsWith('/') ? requested.pathname : requested.pathname + '/';\n const configuredPath = configured.pathname.endsWith('/') ? configured.pathname : configured.pathname + '/';\n return requestedPath.startsWith(configuredPath);\n}\n//# sourceMappingURL=auth-utils.js.map","/\n Base class for all OAuth errors\n /\nexport class OAuthError extends Error {\n constructor(message, errorUri) {\n super(message);\n this.errorUri = errorUri;\n this.name = this.constructor.name;\n }\n /\n Converts the error to a standard OAuth error response object\n /\n toResponseObject() {\n const response = {\n error: this.errorCode,\n error_description: this.message\n };\n if (this.errorUri) {\n response.error_uri = this.errorUri;\n }\n return response;\n }\n get errorCode() {\n return this.constructor.errorCode;\n }\n}\n/\n Invalid request error - The request is missing a required parameter,\n * includes an invalid parameter value, includes a parameter more than once,\n * or is otherwise malformed.\n /\nexport class InvalidRequestError extends OAuthError {\n}\nInvalidRequestError.errorCode = \"invalid_request\";\n/\n Invalid client error - Client authentication failed (e.g., unknown client, no client\n * authentication included, or unsupported authentication method).\n /\nexport class InvalidClientError extends OAuthError {\n}\nInvalidClientError.errorCode = \"invalid_client\";\n/\n Invalid grant error - The provided authorization grant or refresh token is\n * invalid, expired, revoked, does not match the redirection URI used in the\n * authorization request, or was issued to another client.\n /\nexport class InvalidGrantError extends OAuthError {\n}\nInvalidGrantError.errorCode = \"invalid_grant\";\n/\n Unauthorized client error - The authenticated client is not authorized to use\n * this authorization grant type.\n /\nexport class UnauthorizedClientError extends OAuthError {\n}\nUnauthorizedClientError.errorCode = \"unauthorized_client\";\n/\n Unsupported grant type error - The authorization grant type is not supported\n * by the authorization server.\n /\nexport class UnsupportedGrantTypeError extends OAuthError {\n}\nUnsupportedGrantTypeError.errorCode = \"unsupported_grant_type\";\n/\n Invalid scope error - The requested scope is invalid, unknown, malformed, or\n * exceeds the scope granted by the resource owner.\n /\nexport class InvalidScopeError extends OAuthError {\n}\nInvalidScopeError.errorCode = \"invalid_scope\";\n/\n Access denied error - The resource owner or authorization server denied the request.\n /\nexport class AccessDeniedError extends OAuthError {\n}\nAccessDeniedError.errorCode = \"access_denied\";\n/\n Server error - The authorization server encountered an unexpected condition\n * that prevented it from fulfilling the request.\n /\nexport class ServerError extends OAuthError {\n}\nServerError.errorCode = \"server_error\";\n/\n Temporarily unavailable error - The authorization server is currently unable to\n * handle the request due to a temporary overloading or maintenance of the server.\n /\nexport class TemporarilyUnavailableError extends OAuthError {\n}\nTemporarilyUnavailableError.errorCode = \"temporarily_unavailable\";\n/\n Unsupported response type error - The authorization server does not support\n * obtaining an authorization code using this method.\n /\nexport class UnsupportedResponseTypeError extends OAuthError {\n}\nUnsupportedResponseTypeError.errorCode = \"unsupported_response_type\";\n/\n Unsupported token type error - The authorization server does not support\n * the requested token type.\n /\nexport class UnsupportedTokenTypeError extends OAuthError {\n}\nUnsupportedTokenTypeError.errorCode = \"unsupported_token_type\";\n/\n Invalid token error - The access token provided is expired, revoked, malformed,\n * or invalid for other reasons.\n /\nexport class InvalidTokenError extends OAuthError {\n}\nInvalidTokenError.errorCode = \"invalid_token\";\n/\n Method not allowed error - The HTTP method used is not allowed for this endpoint.\n * (Custom, non-standard error)\n /\nexport class MethodNotAllowedError extends OAuthError {\n}\nMethodNotAllowedError.errorCode = \"method_not_allowed\";\n/\n Too many requests error - Rate limit exceeded.\n * (Custom, non-standard error based on RFC 6585)\n /\nexport class TooManyRequestsError extends OAuthError {\n}\nTooManyRequestsError.errorCode = \"too_many_requests\";\n/\n Invalid client metadata error - The client metadata is invalid.\n * (Custom error for dynamic client registration - RFC 7591)\n /\nexport class InvalidClientMetadataError extends OAuthError {\n}\nInvalidClientMetadataError.errorCode = \"invalid_client_metadata\";\n/\n Insufficient scope error - The request requires higher privileges than provided by the access token.\n /\nexport class InsufficientScopeError extends OAuthError {\n}\nInsufficientScopeError.errorCode = \"insufficient_scope\";\n/\n A utility class for defining one-off error codes\n /\nexport class CustomOAuthError extends OAuthError {\n constructor(customErrorCode, message, errorUri) {\n super(message, errorUri);\n this.customErrorCode = customErrorCode;\n }\n get errorCode() {\n return this.customErrorCode;\n }\n}\n/\n A full list of all OAuthErrors, enabling parsing from error responses\n /\nexport const OAUTH_ERRORS = {\n [InvalidRequestError.errorCode]: InvalidRequestError,\n [InvalidClientError.errorCode]: InvalidClientError,\n [InvalidGrantError.errorCode]: InvalidGrantError,\n [UnauthorizedClientError.errorCode]: UnauthorizedClientError,\n [UnsupportedGrantTypeError.errorCode]: UnsupportedGrantTypeError,\n [InvalidScopeError.errorCode]: InvalidScopeError,\n [AccessDeniedError.errorCode]: AccessDeniedError,\n [ServerError.errorCode]: ServerError,\n [TemporarilyUnavailableError.errorCode]: TemporarilyUnavailableError,\n [UnsupportedResponseTypeError.errorCode]: UnsupportedResponseTypeError,\n [UnsupportedTokenTypeError.errorCode]: UnsupportedTokenTypeError,\n [InvalidTokenError.errorCode]: InvalidTokenError,\n [MethodNotAllowedError.errorCode]: MethodNotAllowedError,\n [TooManyRequestsError.errorCode]: TooManyRequestsError,\n [InvalidClientMetadataError.errorCode]: InvalidClientMetadataError,\n [InsufficientScopeError.errorCode]: InsufficientScopeError,\n};\n//# sourceMappingURL=errors.js.map","import pkceChallenge from \"pkce-challenge\";\nimport { LATEST_PROTOCOL_VERSION } from \"../types.js\";\nimport { OAuthErrorResponseSchema, OpenIdProviderDiscoveryMetadataSchema } from \"../shared/auth.js\";\nimport { OAuthClientInformationFullSchema, OAuthMetadataSchema, OAuthProtectedResourceMetadataSchema, OAuthTokensSchema } from \"../shared/auth.js\";\nimport { checkResourceAllowed, resourceUrlFromServerUrl } from \"../shared/auth-utils.js\";\nimport { InvalidClientError, InvalidGrantError, OAUTH_ERRORS, OAuthError, ServerError, UnauthorizedClientError } from \"../server/auth/errors.js\";\nexport class UnauthorizedError extends Error {\n constructor(message) {\n super(message !== null && message !== void 0 ? message : \"Unauthorized\");\n }\n}\n/\n Determines the best client authentication method to use based on server support and client configuration.\n \n Priority order (highest to lowest):\n * 1. client_secret_basic (if client secret is available)\n * 2. client_secret_post (if client secret is available)\n * 3. none (for public clients)\n \n @param clientInformation - OAuth client information containing credentials\n * @param supportedMethods - Authentication methods supported by the authorization server\n * @returns The selected authentication method\n /\nfunction selectClientAuthMethod(clientInformation, supportedMethods) {\n const hasClientSecret = clientInformation.client_secret !== undefined;\n // If server doesn't specify supported methods, use RFC 6749 defaults\n if (supportedMethods.length === 0) {\n return hasClientSecret ? \"client_secret_post\" : \"none\";\n }\n // Try methods in priority order (most secure first)\n if (hasClientSecret && supportedMethods.includes(\"client_secret_basic\")) {\n return \"client_secret_basic\";\n }\n if (hasClientSecret && supportedMethods.includes(\"client_secret_post\")) {\n return \"client_secret_post\";\n }\n if (supportedMethods.includes(\"none\")) {\n return \"none\";\n }\n // Fallback: use what we have\n return hasClientSecret ? \"client_secret_post\" : \"none\";\n}\n/\n Applies client authentication to the request based on the specified method.\n \n Implements OAuth 2.1 client authentication methods:\n * - client_secret_basic: HTTP Basic authentication (RFC 6749 Section 2.3.1)\n * - client_secret_post: Credentials in request body (RFC 6749 Section 2.3.1)\n * - none: Public client authentication (RFC 6749 Section 2.1)\n \n @param method - The authentication method to use\n * @param clientInformation - OAuth client information containing credentials\n * @param headers - HTTP headers object to modify\n * @param params - URL search parameters to modify\n * @throws {Error} When required credentials are missing\n /\nfunction applyClientAuthentication(method, clientInformation, headers, params) {\n const { client_id, client_secret } = clientInformation;\n switch (method) {\n case \"client_secret_basic\":\n applyBasicAuth(client_id, client_secret, headers);\n return;\n case \"client_secret_post\":\n applyPostAuth(client_id, client_secret, params);\n return;\n case \"none\":\n applyPublicAuth(client_id, params);\n return;\n default:\n throw new Error(`Unsupported client authentication method: ${method}`);\n }\n}\n/\n Applies HTTP Basic authentication (RFC 6749 Section 2.3.1)\n /\nfunction applyBasicAuth(clientId, clientSecret, headers) {\n if (!clientSecret) {\n throw new Error(\"client_secret_basic authentication requires a client_secret\");\n }\n const credentials = btoa(`${clientId}:${clientSecret}`);\n headers.set(\"Authorization\", `Basic ${credentials}`);\n}\n/\n Applies POST body authentication (RFC 6749 Section 2.3.1)\n /\nfunction applyPostAuth(clientId, clientSecret, params) {\n params.set(\"client_id\", clientId);\n if (clientSecret) {\n params.set(\"client_secret\", clientSecret);\n }\n}\n/\n Applies public client authentication (RFC 6749 Section 2.1)\n /\nfunction applyPublicAuth(clientId, params) {\n params.set(\"client_id\", clientId);\n}\n/\n Parses an OAuth error response from a string or Response object.\n \n If the input is a standard OAuth2.0 error response, it will be parsed according to the spec\n * and an instance of the appropriate OAuthError subclass will be returned.\n * If parsing fails, it falls back to a generic ServerError that includes\n * the response status (if available) and original content.\n \n @param input - A Response object or string containing the error response\n * @returns A Promise that resolves to an OAuthError instance\n /\nexport async function parseErrorResponse(input) {\n const statusCode = input instanceof Response ? input.status : undefined;\n const body = input instanceof Response ? await input.text() : input;\n try {\n const result = OAuthErrorResponseSchema.parse(JSON.parse(body));\n const { error, error_description, error_uri } = result;\n const errorClass = OAUTH_ERRORS[error] \|\| ServerError;\n return new errorClass(error_description \|\| '', error_uri);\n }\n catch (error) {\n // Not a valid OAuth error response, but try to inform the user of the raw data anyway\n const errorMessage = `${statusCode ? `HTTP ${statusCode}: ` : ''}Invalid OAuth error response: ${error}. Raw body: ${body}`;\n return new ServerError(errorMessage);\n }\n}\n/\n Orchestrates the full auth flow with a server.\n \n This can be used as a single entry point for all authorization functionality,\n * instead of linking together the other lower-level functions in this module.\n /\nexport async function auth(provider, options) {\n var _a, _b;\n try {\n return await authInternal(provider, options);\n }\n catch (error) {\n // Handle recoverable error types by invalidating credentials and retrying\n if (error instanceof InvalidClientError \|\| error instanceof UnauthorizedClientError) {\n await ((_a = provider.invalidateCredentials) === null \|\| _a === void 0 ? void 0 : _a.call(provider, 'all'));\n return await authInternal(provider, options);\n }\n else if (error instanceof InvalidGrantError) {\n await ((_b = provider.invalidateCredentials) === null \|\| _b === void 0 ? void 0 : _b.call(provider, 'tokens'));\n return await authInternal(provider, options);\n }\n // Throw otherwise\n throw error;\n }\n}\nasync function authInternal(provider, { serverUrl, authorizationCode, scope, resourceMetadataUrl, fetchFn, }) {\n let resourceMetadata;\n let authorizationServerUrl;\n try {\n resourceMetadata = await discoverOAuthProtectedResourceMetadata(serverUrl, { resourceMetadataUrl }, fetchFn);\n if (resourceMetadata.authorization_servers && resourceMetadata.authorization_servers.length > 0) {\n authorizationServerUrl = resourceMetadata.authorization_servers[0];\n }\n }\n catch (_a) {\n // Ignore errors and fall back to /.well-known/oauth-authorization-server\n }\n /\n If we don't get a valid authorization server metadata from protected resource metadata,\n * fallback to the legacy MCP spec's implementation (version 2025-03-26): MCP server acts as the Authorization server.\n /\n if (!authorizationServerUrl) {\n authorizationServerUrl = serverUrl;\n }\n const resource = await selectResourceURL(serverUrl, provider, resourceMetadata);\n const metadata = await discoverAuthorizationServerMetadata(authorizationServerUrl, {\n fetchFn,\n });\n // Handle client registration if needed\n let clientInformation = await Promise.resolve(provider.clientInformation());\n if (!clientInformation) {\n if (authorizationCode !== undefined) {\n throw new Error(\"Existing OAuth client information is required when exchanging an authorization code\");\n }\n if (!provider.saveClientInformation) {\n throw new Error(\"OAuth client information must be saveable for dynamic registration\");\n }\n const fullInformation = await registerClient(authorizationServerUrl, {\n metadata,\n clientMetadata: provider.clientMetadata,\n fetchFn,\n });\n await provider.saveClientInformation(fullInformation);\n clientInformation = fullInformation;\n }\n // Exchange authorization code for tokens\n if (authorizationCode !== undefined) {\n const codeVerifier = await provider.codeVerifier();\n const tokens = await exchangeAuthorization(authorizationServerUrl, {\n metadata,\n clientInformation,\n authorizationCode,\n codeVerifier,\n redirectUri: provider.redirectUrl,\n resource,\n addClientAuthentication: provider.addClientAuthentication,\n fetchFn: fetchFn,\n });\n await provider.saveTokens(tokens);\n return \"AUTHORIZED\";\n }\n const tokens = await provider.tokens();\n // Handle token refresh or new authorization\n if (tokens === null \|\| tokens === void 0 ? void 0 : tokens.refresh_token) {\n try {\n // Attempt to refresh the token\n const newTokens = await refreshAuthorization(authorizationServerUrl, {\n metadata,\n clientInformation,\n refreshToken: tokens.refresh_token,\n resource,\n addClientAuthentication: provider.addClientAuthentication,\n fetchFn,\n });\n await provider.saveTokens(newTokens);\n return \"AUTHORIZED\";\n }\n catch (error) {\n // If this is a ServerError, or an unknown type, log it out and try to continue. Otherwise, escalate so we can fix things and retry.\n if (!(error instanceof OAuthError) \|\| error instanceof ServerError) {\n // Could not refresh OAuth tokens\n }\n else {\n // Refresh failed for another reason, re-throw\n throw error;\n }\n }\n }\n const state = provider.state ? await provider.state() : undefined;\n // Start new authorization flow\n const { authorizationUrl, codeVerifier } = await startAuthorization(authorizationServerUrl, {\n metadata,\n clientInformation,\n state,\n redirectUrl: provider.redirectUrl,\n scope: scope \|\| provider.clientMetadata.scope,\n resource,\n });\n await provider.saveCodeVerifier(codeVerifier);\n await provider.redirectToAuthorization(authorizationUrl);\n return \"REDIRECT\";\n}\nexport async function selectResourceURL(serverUrl, provider, resourceMetadata) {\n const defaultResource = resourceUrlFromServerUrl(serverUrl);\n // If provider has custom validation, delegate to it\n if (provider.validateResourceURL) {\n return await provider.validateResourceURL(defaultResource, resourceMetadata === null \|\| resourceMetadata === void 0 ? void 0 : resourceMetadata.resource);\n }\n // Only include resource parameter when Protected Resource Metadata is present\n if (!resourceMetadata) {\n return undefined;\n }\n // Validate that the metadata's resource is compatible with our request\n if (!checkResourceAllowed({ requestedResource: defaultResource, configuredResource: resourceMetadata.resource })) {\n throw new Error(`Protected resource ${resourceMetadata.resource} does not match expected ${defaultResource} (or origin)`);\n }\n // Prefer the resource from metadata since it's what the server is telling us to request\n return new URL(resourceMetadata.resource);\n}\n/\n Extract resource_metadata from response header.\n /\nexport function extractResourceMetadataUrl(res) {\n const authenticateHeader = res.headers.get(\"WWW-Authenticate\");\n if (!authenticateHeader) {\n return undefined;\n }\n const [type, scheme] = authenticateHeader.split(' ');\n if (type.toLowerCase() !== 'bearer' \|\| !scheme) {\n return undefined;\n }\n const regex = /resource_metadata=\"([^\"])\"/;\n const match = regex.exec(authenticateHeader);\n if (!match) {\n return undefined;\n }\n try {\n return new URL(match[1]);\n }\n catch (_a) {\n return undefined;\n }\n}\n/*\n Looks up RFC 9728 OAuth 2.0 Protected Resource Metadata.\n \n If the server returns a 404 for the well-known endpoint, this function will\n * return `undefined`. Any other errors will be thrown as exceptions.\n /\nexport async function discoverOAuthProtectedResourceMetadata(serverUrl, opts, fetchFn = fetch) {\n const response = await discoverMetadataWithFallback(serverUrl, 'oauth-protected-resource', fetchFn, {\n protocolVersion: opts === null \|\| opts === void 0 ? void 0 : opts.protocolVersion,\n metadataUrl: opts === null \|\| opts === void 0 ? void 0 : opts.resourceMetadataUrl,\n });\n if (!response \|\| response.status === 404) {\n throw new Error(`Resource server does not implement OAuth 2.0 Protected Resource Metadata.`);\n }\n if (!response.ok) {\n throw new Error(`HTTP ${response.status} trying to load well-known OAuth protected resource metadata.`);\n }\n return OAuthProtectedResourceMetadataSchema.parse(await response.json());\n}\n/\n Helper function to handle fetch with CORS retry logic\n /\nasync function fetchWithCorsRetry(url, headers, fetchFn = fetch) {\n try {\n return await fetchFn(url, { headers });\n }\n catch (error) {\n if (error instanceof TypeError) {\n if (headers) {\n // CORS errors come back as TypeError, retry without headers\n return fetchWithCorsRetry(url, undefined, fetchFn);\n }\n else {\n // We're getting CORS errors on retry too, return undefined\n return undefined;\n }\n }\n throw error;\n }\n}\n/\n Constructs the well-known path for auth-related metadata discovery\n /\nfunction buildWellKnownPath(wellKnownPrefix, pathname = '', options = {}) {\n // Strip trailing slash from pathname to avoid double slashes\n if (pathname.endsWith('/')) {\n pathname = pathname.slice(0, -1);\n }\n return options.prependPathname\n ? `${pathname}/.well-known/${wellKnownPrefix}`\n : `/.well-known/${wellKnownPrefix}${pathname}`;\n}\n/\n Tries to discover OAuth metadata at a specific URL\n /\nasync function tryMetadataDiscovery(url, protocolVersion, fetchFn = fetch) {\n const headers = {\n \"MCP-Protocol-Version\": protocolVersion\n };\n return await fetchWithCorsRetry(url, headers, fetchFn);\n}\n/\n Determines if fallback to root discovery should be attempted\n /\nfunction shouldAttemptFallback(response, pathname) {\n return !response \|\| (response.status >= 400 && response.status < 500) && pathname !== '/';\n}\n/\n Generic function for discovering OAuth metadata with fallback support\n /\nasync function discoverMetadataWithFallback(serverUrl, wellKnownType, fetchFn, opts) {\n var _a, _b;\n const issuer = new URL(serverUrl);\n const protocolVersion = (_a = opts === null \|\| opts === void 0 ? void 0 : opts.protocolVersion) !== null && _a !== void 0 ? _a : LATEST_PROTOCOL_VERSION;\n let url;\n if (opts === null \|\| opts === void 0 ? void 0 : opts.metadataUrl) {\n url = new URL(opts.metadataUrl);\n }\n else {\n // Try path-aware discovery first\n const wellKnownPath = buildWellKnownPath(wellKnownType, issuer.pathname);\n url = new URL(wellKnownPath, (_b = opts === null \|\| opts === void 0 ? void 0 : opts.metadataServerUrl) !== null && _b !== void 0 ? _b : issuer);\n url.search = issuer.search;\n }\n let response = await tryMetadataDiscovery(url, protocolVersion, fetchFn);\n // If path-aware discovery fails with 404 and we're not already at root, try fallback to root discovery\n if (!(opts === null \|\| opts === void 0 ? void 0 : opts.metadataUrl) && shouldAttemptFallback(response, issuer.pathname)) {\n const rootUrl = new URL(`/.well-known/${wellKnownType}`, issuer);\n response = await tryMetadataDiscovery(rootUrl, protocolVersion, fetchFn);\n }\n return response;\n}\n/\n Looks up RFC 8414 OAuth 2.0 Authorization Server Metadata.\n \n If the server returns a 404 for the well-known endpoint, this function will\n * return `undefined`. Any other errors will be thrown as exceptions.\n \n @deprecated This function is deprecated in favor of `discoverAuthorizationServerMetadata`.\n /\nexport async function discoverOAuthMetadata(issuer, { authorizationServerUrl, protocolVersion, } = {}, fetchFn = fetch) {\n if (typeof issuer === 'string') {\n issuer = new URL(issuer);\n }\n if (!authorizationServerUrl) {\n authorizationServerUrl = issuer;\n }\n if (typeof authorizationServerUrl === 'string') {\n authorizationServerUrl = new URL(authorizationServerUrl);\n }\n protocolVersion !== null && protocolVersion !== void 0 ? protocolVersion : (protocolVersion = LATEST_PROTOCOL_VERSION);\n const response = await discoverMetadataWithFallback(authorizationServerUrl, 'oauth-authorization-server', fetchFn, {\n protocolVersion,\n metadataServerUrl: authorizationServerUrl,\n });\n if (!response \|\| response.status === 404) {\n return undefined;\n }\n if (!response.ok) {\n throw new Error(`HTTP ${response.status} trying to load well-known OAuth metadata`);\n }\n return OAuthMetadataSchema.parse(await response.json());\n}\n/\n Builds a list of discovery URLs to try for authorization server metadata.\n * URLs are returned in priority order:\n * 1. OAuth metadata at the given URL\n * 2. OAuth metadata at root (if URL has path)\n * 3. OIDC metadata endpoints\n /\nexport function buildDiscoveryUrls(authorizationServerUrl) {\n const url = typeof authorizationServerUrl === 'string' ? new URL(authorizationServerUrl) : authorizationServerUrl;\n const hasPath = url.pathname !== '/';\n const urlsToTry = [];\n if (!hasPath) {\n // Root path: https://example.com/.well-known/oauth-authorization-server\n urlsToTry.push({\n url: new URL('/.well-known/oauth-authorization-server', url.origin),\n type: 'oauth'\n });\n // OIDC: https://example.com/.well-known/openid-configuration\n urlsToTry.push({\n url: new URL(`/.well-known/openid-configuration`, url.origin),\n type: 'oidc'\n });\n return urlsToTry;\n }\n // Strip trailing slash from pathname to avoid double slashes\n let pathname = url.pathname;\n if (pathname.endsWith('/')) {\n pathname = pathname.slice(0, -1);\n }\n // 1. OAuth metadata at the given URL\n // Insert well-known before the path: https://example.com/.well-known/oauth-authorization-server/tenant1\n urlsToTry.push({\n url: new URL(`/.well-known/oauth-authorization-server${pathname}`, url.origin),\n type: 'oauth'\n });\n // Root path: https://example.com/.well-known/oauth-authorization-server\n urlsToTry.push({\n url: new URL('/.well-known/oauth-authorization-server', url.origin),\n type: 'oauth'\n });\n // 3. OIDC metadata endpoints\n // RFC 8414 style: Insert /.well-known/openid-configuration before the path\n urlsToTry.push({\n url: new URL(`/.well-known/openid-configuration${pathname}`, url.origin),\n type: 'oidc'\n });\n // OIDC Discovery 1.0 style: Append /.well-known/openid-configuration after the path\n urlsToTry.push({\n url: new URL(`${pathname}/.well-known/openid-configuration`, url.origin),\n type: 'oidc'\n });\n return urlsToTry;\n}\n/\n Discovers authorization server metadata with support for RFC 8414 OAuth 2.0 Authorization Server Metadata\n * and OpenID Connect Discovery 1.0 specifications.\n \n This function implements a fallback strategy for authorization server discovery:\n * 1. Attempts RFC 8414 OAuth metadata discovery first\n * 2. If OAuth discovery fails, falls back to OpenID Connect Discovery\n \n @param authorizationServerUrl - The authorization server URL obtained from the MCP Server's\n * protected resource metadata, or the MCP server's URL if the\n * metadata was not found.\n * @param options - Configuration options\n * @param options.fetchFn - Optional fetch function for making HTTP requests, defaults to global fetch\n * @param options.protocolVersion - MCP protocol version to use, defaults to LATEST_PROTOCOL_VERSION\n * @returns Promise resolving to authorization server metadata, or undefined if discovery fails\n /\nexport async function discoverAuthorizationServerMetadata(authorizationServerUrl, { fetchFn = fetch, protocolVersion = LATEST_PROTOCOL_VERSION, } = {}) {\n var _a;\n const headers = { 'MCP-Protocol-Version': protocolVersion };\n // Get the list of URLs to try\n const urlsToTry = buildDiscoveryUrls(authorizationServerUrl);\n // Try each URL in order\n for (const { url: endpointUrl, type } of urlsToTry) {\n const response = await fetchWithCorsRetry(endpointUrl, headers, fetchFn);\n if (!response) {\n /\n CORS error occurred - don't throw as the endpoint may not allow CORS,\n * continue trying other possible endpoints\n /\n continue;\n }\n if (!response.ok) {\n // Continue looking for any 4xx response code.\n if (response.status >= 400 && response.status < 500) {\n continue; // Try next URL\n }\n throw new Error(`HTTP ${response.status} trying to load ${type === 'oauth' ? 'OAuth' : 'OpenID provider'} metadata from ${endpointUrl}`);\n }\n // Parse and validate based on type\n if (type === 'oauth') {\n return OAuthMetadataSchema.parse(await response.json());\n }\n else {\n const metadata = OpenIdProviderDiscoveryMetadataSchema.parse(await response.json());\n // MCP spec requires OIDC providers to support S256 PKCE\n if (!((_a = metadata.code_challenge_methods_supported) === null \|\| _a === void 0 ? void 0 : _a.includes('S256'))) {\n throw new Error(`Incompatible OIDC provider at ${endpointUrl}: does not support S256 code challenge method required by MCP specification`);\n }\n return metadata;\n }\n }\n return undefined;\n}\n/\n Begins the authorization flow with the given server, by generating a PKCE challenge and constructing the authorization URL.\n /\nexport async function startAuthorization(authorizationServerUrl, { metadata, clientInformation, redirectUrl, scope, state, resource, }) {\n const responseType = \"code\";\n const codeChallengeMethod = \"S256\";\n let authorizationUrl;\n if (metadata) {\n authorizationUrl = new URL(metadata.authorization_endpoint);\n if (!metadata.response_types_supported.includes(responseType)) {\n throw new Error(`Incompatible auth server: does not support response type ${responseType}`);\n }\n if (!metadata.code_challenge_methods_supported \|\|\n !metadata.code_challenge_methods_supported.includes(codeChallengeMethod)) {\n throw new Error(`Incompatible auth server: does not support code challenge method ${codeChallengeMethod}`);\n }\n }\n else {\n authorizationUrl = new URL(\"/authorize\", authorizationServerUrl);\n }\n // Generate PKCE challenge\n const challenge = await pkceChallenge();\n const codeVerifier = challenge.code_verifier;\n const codeChallenge = challenge.code_challenge;\n authorizationUrl.searchParams.set(\"response_type\", responseType);\n authorizationUrl.searchParams.set(\"client_id\", clientInformation.client_id);\n authorizationUrl.searchParams.set(\"code_challenge\", codeChallenge);\n authorizationUrl.searchParams.set(\"code_challenge_method\", codeChallengeMethod);\n authorizationUrl.searchParams.set(\"redirect_uri\", String(redirectUrl));\n if (state) {\n authorizationUrl.searchParams.set(\"state\", state);\n }\n if (scope) {\n authorizationUrl.searchParams.set(\"scope\", scope);\n }\n if (scope === null \|\| scope === void 0 ? void 0 : scope.includes(\"offline_access\")) {\n // if the request includes the OIDC-only \"offline_access\" scope,\n // we need to set the prompt to \"consent\" to ensure the user is prompted to grant offline access\n // https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess\n authorizationUrl.searchParams.append(\"prompt\", \"consent\");\n }\n if (resource) {\n authorizationUrl.searchParams.set(\"resource\", resource.href);\n }\n return { authorizationUrl, codeVerifier };\n}\n/\n Exchanges an authorization code for an access token with the given server.\n \n Supports multiple client authentication methods as specified in OAuth 2.1:\n * - Automatically selects the best authentication method based on server support\n * - Falls back to appropriate defaults when server metadata is unavailable\n \n @param authorizationServerUrl - The authorization server's base URL\n * @param options - Configuration object containing client info, auth code, etc.\n * @returns Promise resolving to OAuth tokens\n * @throws {Error} When token exchange fails or authentication is invalid\n /\nexport async function exchangeAuthorization(authorizationServerUrl, { metadata, clientInformation, authorizationCode, codeVerifier, redirectUri, resource, addClientAuthentication, fetchFn, }) {\n var _a;\n const grantType = \"authorization_code\";\n const tokenUrl = (metadata === null \|\| metadata === void 0 ? void 0 : metadata.token_endpoint)\n ? new URL(metadata.token_endpoint)\n : new URL(\"/token\", authorizationServerUrl);\n if ((metadata === null \|\| metadata === void 0 ? void 0 : metadata.grant_types_supported) &&\n !metadata.grant_types_supported.includes(grantType)) {\n throw new Error(`Incompatible auth server: does not support grant type ${grantType}`);\n }\n // Exchange code for tokens\n const headers = new Headers({\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n \"Accept\": \"application/json\",\n });\n const params = new URLSearchParams({\n grant_type: grantType,\n code: authorizationCode,\n code_verifier: codeVerifier,\n redirect_uri: String(redirectUri),\n });\n if (addClientAuthentication) {\n addClientAuthentication(headers, params, authorizationServerUrl, metadata);\n }\n else {\n // Determine and apply client authentication method\n const supportedMethods = (_a = metadata === null \|\| metadata === void 0 ? void 0 : metadata.token_endpoint_auth_methods_supported) !== null && _a !== void 0 ? _a : [];\n const authMethod = selectClientAuthMethod(clientInformation, supportedMethods);\n applyClientAuthentication(authMethod, clientInformation, headers, params);\n }\n if (resource) {\n params.set(\"resource\", resource.href);\n }\n const response = await (fetchFn !== null && fetchFn !== void 0 ? fetchFn : fetch)(tokenUrl, {\n method: \"POST\",\n headers,\n body: params,\n });\n if (!response.ok) {\n throw await parseErrorResponse(response);\n }\n return OAuthTokensSchema.parse(await response.json());\n}\n/\n Exchange a refresh token for an updated access token.\n \n Supports multiple client authentication methods as specified in OAuth 2.1:\n * - Automatically selects the best authentication method based on server support\n * - Preserves the original refresh token if a new one is not returned\n \n @param authorizationServerUrl - The authorization server's base URL\n * @param options - Configuration object containing client info, refresh token, etc.\n * @returns Promise resolving to OAuth tokens (preserves original refresh_token if not replaced)\n * @throws {Error} When token refresh fails or authentication is invalid\n /\nexport async function refreshAuthorization(authorizationServerUrl, { metadata, clientInformation, refreshToken, resource, addClientAuthentication, fetchFn, }) {\n var _a;\n const grantType = \"refresh_token\";\n let tokenUrl;\n if (metadata) {\n tokenUrl = new URL(metadata.token_endpoint);\n if (metadata.grant_types_supported &&\n !metadata.grant_types_supported.includes(grantType)) {\n throw new Error(`Incompatible auth server: does not support grant type ${grantType}`);\n }\n }\n else {\n tokenUrl = new URL(\"/token\", authorizationServerUrl);\n }\n // Exchange refresh token\n const headers = new Headers({\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n });\n const params = new URLSearchParams({\n grant_type: grantType,\n refresh_token: refreshToken,\n });\n if (addClientAuthentication) {\n addClientAuthentication(headers, params, authorizationServerUrl, metadata);\n }\n else {\n // Determine and apply client authentication method\n const supportedMethods = (_a = metadata === null \|\| metadata === void 0 ? void 0 : metadata.token_endpoint_auth_methods_supported) !== null && _a !== void 0 ? _a : [];\n const authMethod = selectClientAuthMethod(clientInformation, supportedMethods);\n applyClientAuthentication(authMethod, clientInformation, headers, params);\n }\n if (resource) {\n params.set(\"resource\", resource.href);\n }\n const response = await (fetchFn !== null && fetchFn !== void 0 ? fetchFn : fetch)(tokenUrl, {\n method: \"POST\",\n headers,\n body: params,\n });\n if (!response.ok) {\n throw await parseErrorResponse(response);\n }\n return OAuthTokensSchema.parse({ refresh_token: refreshToken, ...(await response.json()) });\n}\n/\n Performs OAuth 2.0 Dynamic Client Registration according to RFC 7591.\n /\nexport async function registerClient(authorizationServerUrl, { metadata, clientMetadata, fetchFn, }) {\n let registrationUrl;\n if (metadata) {\n if (!metadata.registration_endpoint) {\n throw new Error(\"Incompatible auth server: does not support dynamic client registration\");\n }\n registrationUrl = new URL(metadata.registration_endpoint);\n }\n else {\n registrationUrl = new URL(\"/register\", authorizationServerUrl);\n }\n const response = await (fetchFn !== null && fetchFn !== void 0 ? fetchFn : fetch)(registrationUrl, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify(clientMetadata),\n });\n if (!response.ok) {\n throw await parseErrorResponse(response);\n }\n return OAuthClientInformationFullSchema.parse(await response.json());\n}\n//# sourceMappingURL=auth.js.map","import { EventSource } from \"eventsource\";\nimport { JSONRPCMessageSchema } from \"../types.js\";\nimport { auth, extractResourceMetadataUrl, UnauthorizedError } from \"./auth.js\";\nexport class SseError extends Error {\n constructor(code, message, event) {\n super(`SSE error: ${message}`);\n this.code = code;\n this.event = event;\n }\n}\n/\n Client transport for SSE: this will connect to a server using Server-Sent Events for receiving\n * messages and make separate POST requests for sending messages.\n /\nexport class SSEClientTransport {\n constructor(url, opts) {\n this._url = url;\n this._resourceMetadataUrl = undefined;\n this._eventSourceInit = opts === null \|\| opts === void 0 ? void 0 : opts.eventSourceInit;\n this._requestInit = opts === null \|\| opts === void 0 ? void 0 : opts.requestInit;\n this._authProvider = opts === null \|\| opts === void 0 ? void 0 : opts.authProvider;\n this._fetch = opts === null \|\| opts === void 0 ? void 0 : opts.fetch;\n }\n async _authThenStart() {\n var _a;\n if (!this._authProvider) {\n throw new UnauthorizedError(\"No auth provider\");\n }\n let result;\n try {\n result = await auth(this._authProvider, { serverUrl: this._url, resourceMetadataUrl: this._resourceMetadataUrl, fetchFn: this._fetch });\n }\n catch (error) {\n (_a = this.onerror) === null \|\| _a === void 0 ? void 0 : _a.call(this, error);\n throw error;\n }\n if (result !== \"AUTHORIZED\") {\n throw new UnauthorizedError();\n }\n return await this._startOrAuth();\n }\n async _commonHeaders() {\n var _a;\n const headers = {};\n if (this._authProvider) {\n const tokens = await this._authProvider.tokens();\n if (tokens) {\n headers[\"Authorization\"] = `Bearer ${tokens.access_token}`;\n }\n }\n if (this._protocolVersion) {\n headers[\"mcp-protocol-version\"] = this._protocolVersion;\n }\n return new Headers({ ...headers, ...(_a = this._requestInit) === null \|\| _a === void 0 ? void 0 : _a.headers });\n }\n _startOrAuth() {\n var _a, _b, _c;\n const fetchImpl = ((_c = (_b = (_a = this === null \|\| this === void 0 ? void 0 : this._eventSourceInit) === null \|\| _a === void 0 ? void 0 : _a.fetch) !== null && _b !== void 0 ? _b : this._fetch) !== null && _c !== void 0 ? _c : fetch);\n return new Promise((resolve, reject) => {\n this._eventSource = new EventSource(this._url.href, {\n ...this._eventSourceInit,\n fetch: async (url, init) => {\n const headers = await this._commonHeaders();\n headers.set(\"Accept\", \"text/event-stream\");\n const response = await fetchImpl(url, {\n ...init,\n headers,\n });\n if (response.status === 401 && response.headers.has('www-authenticate')) {\n this._resourceMetadataUrl = extractResourceMetadataUrl(response);\n }\n return response;\n },\n });\n this._abortController = new AbortController();\n this._eventSource.onerror = (event) => {\n var _a;\n if (event.code === 401 && this._authProvider) {\n this._authThenStart().then(resolve, reject);\n return;\n }\n const error = new SseError(event.code, event.message, event);\n reject(error);\n (_a = this.onerror) === null \|\| _a === void 0 ? void 0 : _a.call(this, error);\n };\n this._eventSource.onopen = () => {\n // The connection is open, but we need to wait for the endpoint to be received.\n };\n this._eventSource.addEventListener(\"endpoint\", (event) => {\n var _a;\n const messageEvent = event;\n try {\n this._endpoint = new URL(messageEvent.data, this._url);\n if (this._endpoint.origin !== this._url.origin) {\n throw new Error(`Endpoint origin does not match connection origin: ${this._endpoint.origin}`);\n }\n }\n catch (error) {\n reject(error);\n (_a = this.onerror) === null \|\| _a === void 0 ? void 0 : _a.call(this, error);\n void this.close();\n return;\n }\n resolve();\n });\n this._eventSource.onmessage = (event) => {\n var _a, _b;\n const messageEvent = event;\n let message;\n try {\n message = JSONRPCMessageSchema.parse(JSON.parse(messageEvent.data));\n }\n catch (error) {\n (_a = this.onerror) === null \|\| _a === void 0 ? void 0 : _a.call(this, error);\n return;\n }\n (_b = this.onmessage) === null \|\| _b === void 0 ? void 0 : _b.call(this, message);\n };\n });\n }\n async start() {\n if (this._eventSource) {\n throw new Error(\"SSEClientTransport already started! If using Client class, note that connect() calls start() automatically.\");\n }\n return await this._startOrAuth();\n }\n /\n Call this method after the user has finished authorizing via their user agent and is redirected back to the MCP client application. This will exchange the authorization code for an access token, enabling the next connection attempt to successfully auth.\n /\n async finishAuth(authorizationCode) {\n if (!this._authProvider) {\n throw new UnauthorizedError(\"No auth provider\");\n }\n const result = await auth(this._authProvider, { serverUrl: this._url, authorizationCode, resourceMetadataUrl: this._resourceMetadataUrl, fetchFn: this._fetch });\n if (result !== \"AUTHORIZED\") {\n throw new UnauthorizedError(\"Failed to authorize\");\n }\n }\n async close() {\n var _a, _b, _c;\n (_a = this._abortController) === null \|\| _a === void 0 ? void 0 : _a.abort();\n (_b = this._eventSource) === null \|\| _b === void 0 ? void 0 : _b.close();\n (_c = this.onclose) === null \|\| _c === void 0 ? void 0 : _c.call(this);\n }\n async send(message) {\n var _a, _b, _c;\n if (!this._endpoint) {\n throw new Error(\"Not connected\");\n }\n try {\n const headers = await this._commonHeaders();\n headers.set(\"content-type\", \"application/json\");\n const init = {\n ...this._requestInit,\n method: \"POST\",\n headers,\n body: JSON.stringify(message),\n signal: (_a = this._abortController) === null \|\| _a === void 0 ? void 0 : _a.signal,\n };\n const response = await ((_b = this._fetch) !== null && _b !== void 0 ? _b : fetch)(this._endpoint, init);\n if (!response.ok) {\n if (response.status === 401 && this._authProvider) {\n this._resourceMetadataUrl = extractResourceMetadataUrl(response);\n const result = await auth(this._authProvider, { serverUrl: this._url, resourceMetadataUrl: this._resourceMetadataUrl, fetchFn: this._fetch });\n if (result !== \"AUTHORIZED\") {\n throw new UnauthorizedError();\n }\n // Purposely _not_ awaited, so we don't call onerror twice\n return this.send(message);\n }\n const text = await response.text().catch(() => null);\n throw new Error(`Error POSTing to endpoint (HTTP ${response.status}): ${text}`);\n }\n }\n catch (error) {\n (_c = this.onerror) === null \|\| _c === void 0 ? void 0 : _c.call(this, error);\n throw error;\n }\n }\n setProtocolVersion(version) {\n this._protocolVersion = version;\n }\n}\n//# sourceMappingURL=sse.js.map","import { createParser } from \"./index.js\";\nimport { ParseError } from \"./index.js\";\nclass EventSourceParserStream extends TransformStream {\n constructor({ onError, onRetry, onComment } = {}) {\n let parser;\n super({\n start(controller) {\n parser = createParser({\n onEvent: (event) => {\n controller.enqueue(event);\n },\n onError(error) {\n onError === \"terminate\" ? controller.error(error) : typeof onError == \"function\" && onError(error);\n },\n onRetry,\n onComment\n });\n },\n transform(chunk) {\n parser.feed(chunk);\n }\n });\n }\n}\nexport {\n EventSourceParserStream,\n ParseError\n};\n//# sourceMappingURL=stream.js.map\n","import { isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, JSONRPCMessageSchema } from \"../types.js\";\nimport { auth, extractResourceMetadataUrl, UnauthorizedError } from \"./auth.js\";\nimport { EventSourceParserStream } from \"eventsource-parser/stream\";\n// Default reconnection options for StreamableHTTP connections\nconst DEFAULT_STREAMABLE_HTTP_RECONNECTION_OPTIONS = {\n initialReconnectionDelay: 1000,\n maxReconnectionDelay: 30000,\n reconnectionDelayGrowFactor: 1.5,\n maxRetries: 2,\n};\nexport class StreamableHTTPError extends Error {\n constructor(code, message) {\n super(`Streamable HTTP error: ${message}`);\n this.code = code;\n }\n}\n/\n Client transport for Streamable HTTP: this implements the MCP Streamable HTTP transport specification.\n * It will connect to a server using HTTP POST for sending messages and HTTP GET with Server-Sent Events\n * for receiving messages.\n /\nexport class StreamableHTTPClientTransport {\n constructor(url, opts) {\n var _a;\n this._url = url;\n this._resourceMetadataUrl = undefined;\n this._requestInit = opts === null \|\| opts === void 0 ? void 0 : opts.requestInit;\n this._authProvider = opts === null \|\| opts === void 0 ? void 0 : opts.authProvider;\n this._fetch = opts === null \|\| opts === void 0 ? void 0 : opts.fetch;\n this._sessionId = opts === null \|\| opts === void 0 ? void 0 : opts.sessionId;\n this._reconnectionOptions = (_a = opts === null \|\| opts === void 0 ? void 0 : opts.reconnectionOptions) !== null && _a !== void 0 ? _a : DEFAULT_STREAMABLE_HTTP_RECONNECTION_OPTIONS;\n }\n async _authThenStart() {\n var _a;\n if (!this._authProvider) {\n throw new UnauthorizedError(\"No auth provider\");\n }\n let result;\n try {\n result = await auth(this._authProvider, { serverUrl: this._url, resourceMetadataUrl: this._resourceMetadataUrl, fetchFn: this._fetch });\n }\n catch (error) {\n (_a = this.onerror) === null \|\| _a === void 0 ? void 0 : _a.call(this, error);\n throw error;\n }\n if (result !== \"AUTHORIZED\") {\n throw new UnauthorizedError();\n }\n return await this._startOrAuthSse({ resumptionToken: undefined });\n }\n async _commonHeaders() {\n var _a;\n const headers = {};\n if (this._authProvider) {\n const tokens = await this._authProvider.tokens();\n if (tokens) {\n headers[\"Authorization\"] = `Bearer ${tokens.access_token}`;\n }\n }\n if (this._sessionId) {\n headers[\"mcp-session-id\"] = this._sessionId;\n }\n if (this._protocolVersion) {\n headers[\"mcp-protocol-version\"] = this._protocolVersion;\n }\n const extraHeaders = this._normalizeHeaders((_a = this._requestInit) === null \|\| _a === void 0 ? void 0 : _a.headers);\n return new Headers({\n ...headers,\n ...extraHeaders,\n });\n }\n async _startOrAuthSse(options) {\n var _a, _b, _c;\n const { resumptionToken } = options;\n try {\n // Try to open an initial SSE stream with GET to listen for server messages\n // This is optional according to the spec - server may not support it\n const headers = await this._commonHeaders();\n headers.set(\"Accept\", \"text/event-stream\");\n // Include Last-Event-ID header for resumable streams if provided\n if (resumptionToken) {\n headers.set(\"last-event-id\", resumptionToken);\n }\n const response = await ((_a = this._fetch) !== null && _a !== void 0 ? _a : fetch)(this._url, {\n method: \"GET\",\n headers,\n signal: (_b = this._abortController) === null \|\| _b === void 0 ? void 0 : _b.signal,\n });\n if (!response.ok) {\n if (response.status === 401 && this._authProvider) {\n // Need to authenticate\n return await this._authThenStart();\n }\n // 405 indicates that the server does not offer an SSE stream at GET endpoint\n // This is an expected case that should not trigger an error\n if (response.status === 405) {\n return;\n }\n throw new StreamableHTTPError(response.status, `Failed to open SSE stream: ${response.statusText}`);\n }\n this._handleSseStream(response.body, options, true);\n }\n catch (error) {\n (_c = this.onerror) === null \|\| _c === void 0 ? void 0 : _c.call(this, error);\n throw error;\n }\n }\n /\n Calculates the next reconnection delay using backoff algorithm\n \n @param attempt Current reconnection attempt count for the specific stream\n * @returns Time to wait in milliseconds before next reconnection attempt\n /\n _getNextReconnectionDelay(attempt) {\n // Access default values directly, ensuring they're never undefined\n const initialDelay = this._reconnectionOptions.initialReconnectionDelay;\n const growFactor = this._reconnectionOptions.reconnectionDelayGrowFactor;\n const maxDelay = this._reconnectionOptions.maxReconnectionDelay;\n // Cap at maximum delay\n return Math.min(initialDelay Math.pow(growFactor, attempt), maxDelay);\n }\n _normalizeHeaders(headers) {\n if (!headers)\n return {};\n if (headers instanceof Headers) {\n return Object.fromEntries(headers.entries());\n }\n if (Array.isArray(headers)) {\n return Object.fromEntries(headers);\n }\n return { ...headers };\n }\n /*\n Schedule a reconnection attempt with exponential backoff\n \n @param lastEventId The ID of the last received event for resumability\n * @param attemptCount Current reconnection attempt count for this specific stream\n /\n _scheduleReconnection(options, attemptCount = 0) {\n var _a;\n // Use provided options or default options\n const maxRetries = this._reconnectionOptions.maxRetries;\n // Check if we've exceeded maximum retry attempts\n if (maxRetries > 0 && attemptCount >= maxRetries) {\n (_a = this.onerror) === null \|\| _a === void 0 ? void 0 : _a.call(this, new Error(`Maximum reconnection attempts (${maxRetries}) exceeded.`));\n return;\n }\n // Calculate next delay based on current attempt count\n const delay = this._getNextReconnectionDelay(attemptCount);\n // Schedule the reconnection\n setTimeout(() => {\n // Use the last event ID to resume where we left off\n this._startOrAuthSse(options).catch(error => {\n var _a;\n (_a = this.onerror) === null \|\| _a === void 0 ? void 0 : _a.call(this, new Error(`Failed to reconnect SSE stream: ${error instanceof Error ? error.message : String(error)}`));\n // Schedule another attempt if this one failed, incrementing the attempt counter\n this._scheduleReconnection(options, attemptCount + 1);\n });\n }, delay);\n }\n _handleSseStream(stream, options, isReconnectable) {\n if (!stream) {\n return;\n }\n const { onresumptiontoken, replayMessageId } = options;\n let lastEventId;\n const processStream = async () => {\n var _a, _b, _c, _d;\n // this is the closest we can get to trying to catch network errors\n // if something happens reader will throw\n try {\n // Create a pipeline: binary stream -> text decoder -> SSE parser\n const reader = stream\n .pipeThrough(new TextDecoderStream())\n .pipeThrough(new EventSourceParserStream())\n .getReader();\n while (true) {\n const { value: event, done } = await reader.read();\n if (done) {\n break;\n }\n // Update last event ID if provided\n if (event.id) {\n lastEventId = event.id;\n onresumptiontoken === null \|\| onresumptiontoken === void 0 ? void 0 : onresumptiontoken(event.id);\n }\n if (!event.event \|\| event.event === \"message\") {\n try {\n const message = JSONRPCMessageSchema.parse(JSON.parse(event.data));\n if (replayMessageId !== undefined && isJSONRPCResponse(message)) {\n message.id = replayMessageId;\n }\n (_a = this.onmessage) === null \|\| _a === void 0 ? void 0 : _a.call(this, message);\n }\n catch (error) {\n (_b = this.onerror) === null \|\| _b === void 0 ? void 0 : _b.call(this, error);\n }\n }\n }\n }\n catch (error) {\n // Handle stream errors - likely a network disconnect\n (_c = this.onerror) === null \|\| _c === void 0 ? void 0 : _c.call(this, new Error(`SSE stream disconnected: ${error}`));\n // Attempt to reconnect if the stream disconnects unexpectedly and we aren't closing\n if (isReconnectable &&\n this._abortController &&\n !this._abortController.signal.aborted) {\n // Use the exponential backoff reconnection strategy\n try {\n this._scheduleReconnection({\n resumptionToken: lastEventId,\n onresumptiontoken,\n replayMessageId\n }, 0);\n }\n catch (error) {\n (_d = this.onerror) === null \|\| _d === void 0 ? void 0 : _d.call(this, new Error(`Failed to reconnect: ${error instanceof Error ? error.message : String(error)}`));\n }\n }\n }\n };\n processStream();\n }\n async start() {\n if (this._abortController) {\n throw new Error(\"StreamableHTTPClientTransport already started! If using Client class, note that connect() calls start() automatically.\");\n }\n this._abortController = new AbortController();\n }\n /\n Call this method after the user has finished authorizing via their user agent and is redirected back to the MCP client application. This will exchange the authorization code for an access token, enabling the next connection attempt to successfully auth.\n /\n async finishAuth(authorizationCode) {\n if (!this._authProvider) {\n throw new UnauthorizedError(\"No auth provider\");\n }\n const result = await auth(this._authProvider, { serverUrl: this._url, authorizationCode, resourceMetadataUrl: this._resourceMetadataUrl, fetchFn: this._fetch });\n if (result !== \"AUTHORIZED\") {\n throw new UnauthorizedError(\"Failed to authorize\");\n }\n }\n async close() {\n var _a, _b;\n // Abort any pending requests\n (_a = this._abortController) === null \|\| _a === void 0 ? void 0 : _a.abort();\n (_b = this.onclose) === null \|\| _b === void 0 ? void 0 : _b.call(this);\n }\n async send(message, options) {\n var _a, _b, _c, _d;\n try {\n const { resumptionToken, onresumptiontoken } = options \|\| {};\n if (resumptionToken) {\n // If we have at last event ID, we need to reconnect the SSE stream\n this._startOrAuthSse({ resumptionToken, replayMessageId: isJSONRPCRequest(message) ? message.id : undefined }).catch(err => { var _a; return (_a = this.onerror) === null \|\| _a === void 0 ? void 0 : _a.call(this, err); });\n return;\n }\n const headers = await this._commonHeaders();\n headers.set(\"content-type\", \"application/json\");\n headers.set(\"accept\", \"application/json, text/event-stream\");\n const init = {\n ...this._requestInit,\n method: \"POST\",\n headers,\n body: JSON.stringify(message),\n signal: (_a = this._abortController) === null \|\| _a === void 0 ? void 0 : _a.signal,\n };\n const response = await ((_b = this._fetch) !== null && _b !== void 0 ? _b : fetch)(this._url, init);\n // Handle session ID received during initialization\n const sessionId = response.headers.get(\"mcp-session-id\");\n if (sessionId) {\n this._sessionId = sessionId;\n }\n if (!response.ok) {\n if (response.status === 401 && this._authProvider) {\n this._resourceMetadataUrl = extractResourceMetadataUrl(response);\n const result = await auth(this._authProvider, { serverUrl: this._url, resourceMetadataUrl: this._resourceMetadataUrl, fetchFn: this._fetch });\n if (result !== \"AUTHORIZED\") {\n throw new UnauthorizedError();\n }\n // Purposely _not_ awaited, so we don't call onerror twice\n return this.send(message);\n }\n const text = await response.text().catch(() => null);\n throw new Error(`Error POSTing to endpoint (HTTP ${response.status}): ${text}`);\n }\n // If the response is 202 Accepted, there's no body to process\n if (response.status === 202) {\n // if the accepted notification is initialized, we start the SSE stream\n // if it's supported by the server\n if (isInitializedNotification(message)) {\n // Start without a lastEventId since this is a fresh connection\n this._startOrAuthSse({ resumptionToken: undefined }).catch(err => { var _a; return (_a = this.onerror) === null \|\| _a === void 0 ? void 0 : _a.call(this, err); });\n }\n return;\n }\n // Get original message(s) for detecting request IDs\n const messages = Array.isArray(message) ? message : [message];\n const hasRequests = messages.filter(msg => \"method\" in msg && \"id\" in msg && msg.id !== undefined).length > 0;\n // Check the response type\n const contentType = response.headers.get(\"content-type\");\n if (hasRequests) {\n if (contentType === null \|\| contentType === void 0 ? void 0 : contentType.includes(\"text/event-stream\")) {\n // Handle SSE stream responses for requests\n // We use the same handler as standalone streams, which now supports\n // reconnection with the last event ID\n this._handleSseStream(response.body, { onresumptiontoken }, false);\n }\n else if (contentType === null \|\| contentType === void 0 ? void 0 : contentType.includes(\"application/json\")) {\n // For non-streaming servers, we might get direct JSON responses\n const data = await response.json();\n const responseMessages = Array.isArray(data)\n ? data.map(msg => JSONRPCMessageSchema.parse(msg))\n : [JSONRPCMessageSchema.parse(data)];\n for (const msg of responseMessages) {\n (_c = this.onmessage) === null \|\| _c === void 0 ? void 0 : _c.call(this, msg);\n }\n }\n else {\n throw new StreamableHTTPError(-1, `Unexpected content type: ${contentType}`);\n }\n }\n }\n catch (error) {\n (_d = this.onerror) === null \|\| _d === void 0 ? void 0 : _d.call(this, error);\n throw error;\n }\n }\n get sessionId() {\n return this._sessionId;\n }\n /\n Terminates the current session by sending a DELETE request to the server.\n \n Clients that no longer need a particular session\n * (e.g., because the user is leaving the client application) SHOULD send an\n * HTTP DELETE to the MCP endpoint with the Mcp-Session-Id header to explicitly\n * terminate the session.\n \n The server MAY respond with HTTP 405 Method Not Allowed, indicating that\n * the server does not allow clients to terminate sessions.\n /\n async terminateSession() {\n var _a, _b, _c;\n if (!this._sessionId) {\n return; // No session to terminate\n }\n try {\n const headers = await this._commonHeaders();\n const init = {\n ...this._requestInit,\n method: \"DELETE\",\n headers,\n signal: (_a = this._abortController) === null \|\| _a === void 0 ? void 0 : _a.signal,\n };\n const response = await ((_b = this._fetch) !== null && _b !== void 0 ? _b : fetch)(this._url, init);\n // We specifically handle 405 as a valid response according to the spec,\n // meaning the server does not support explicit session termination\n if (!response.ok && response.status !== 405) {\n throw new StreamableHTTPError(response.status, `Failed to terminate session: ${response.statusText}`);\n }\n this._sessionId = undefined;\n }\n catch (error) {\n (_c = this.onerror) === null \|\| _c === void 0 ? void 0 : _c.call(this, error);\n throw error;\n }\n }\n setProtocolVersion(version) {\n this._protocolVersion = version;\n }\n get protocolVersion() {\n return this._protocolVersion;\n }\n}\n//# sourceMappingURL=streamableHttp.js.map","import process from \"node:process\";\nimport { ReadBuffer, serializeMessage } from \"../shared/stdio.js\";\n/\n Server transport for stdio: this communicates with a MCP client by reading from the current process' stdin and writing to stdout.\n \n This transport is only available in Node.js environments.\n /\nexport class StdioServerTransport {\n constructor(_stdin = process.stdin, _stdout = process.stdout) {\n this._stdin = _stdin;\n this._stdout = _stdout;\n this._readBuffer = new ReadBuffer();\n this._started = false;\n // Arrow functions to bind `this` properly, while maintaining function identity.\n this._ondata = (chunk) => {\n this._readBuffer.append(chunk);\n this.processReadBuffer();\n };\n this._onerror = (error) => {\n var _a;\n (_a = this.onerror) === null \|\| _a === void 0 ? void 0 : _a.call(this, error);\n };\n }\n /\n Starts listening for messages on stdin.\n */\n async start() {\n if (this._started) {\n throw new Error(\"StdioServerTransport already started! If using Server class, note that connect() calls start() automatically.\");\n }\n this._started = true;\n this._stdin.on(\"data\", this._ondata);\n this._stdin.on(\"error\", this._onerror);\n }\n processReadBuffer() {\n var _a, _b;\n while (true) {\n try {\n const message = this._readBuffer.readMessage();\n if (message === null) {\n break;\n }\n (_a = this.onmessage) === null \|\| _a === void 0 ? void 0 : _a.call(this, message);\n }\n catch (error) {\n (_b = this.onerror) === null \|\| _b === void 0 ? void 0 : _b.call(this, error);\n }\n }\n }\n async close() {\n var _a;\n // Remove our event listeners first\n this._stdin.off(\"data\", this._ondata);\n this._stdin.off(\"error\", this._onerror);\n // Check if we were the only data listener\n const remainingDataListeners = this._stdin.listenerCount('data');\n if (remainingDataListeners === 0) {\n // Only pause stdin if we were the only listener\n // This prevents interfering with other parts of the application that might be using stdin\n this._stdin.pause();\n }\n // Clear the buffer and notify closure\n this._readBuffer.clear();\n (_a = this.onclose) === null \|\| _a === void 0 ? void 0 : _a.call(this);\n }\n send(message) {\n return new Promise((resolve) => {\n const json = serializeMessage(message);\n if (this._stdout.write(json)) {\n resolve();\n }\n else {\n this._stdout.once(\"drain\", resolve);\n }\n });\n }\n}\n//# sourceMappingURL=stdio.js.map","import { Client } from \"@modelcontextprotocol/sdk/client/index.js\";\nimport { SSEClientTransportOptions } from \"@modelcontextprotocol/sdk/client/sse.js\";\nimport { SSEClientTransport } from \"@modelcontextprotocol/sdk/client/sse.js\";\nimport { StreamableHTTPClientTransportOptions } from \"@modelcontextprotocol/sdk/client/streamableHttp.js\";\nimport { StreamableHTTPClientTransport } from \"@modelcontextprotocol/sdk/client/streamableHttp.js\";\nimport { Server } from \"@modelcontextprotocol/sdk/server/index.js\";\nimport { StdioServerTransport } from \"@modelcontextprotocol/sdk/server/stdio.js\";\n\nimport { proxyServer } from \"./proxyServer.js\";\n\nexport enum ServerType {\n HTTPStream = \"HTTPStream\",\n SSE = \"SSE\",\n}\n\nexport const startStdioServer = async ({\n initStdioServer,\n initStreamClient,\n serverType,\n transportOptions = {},\n url,\n}: {\n initStdioServer?: () => Promise<Server>;\n initStreamClient?: () => Promise<Client>;\n serverType: ServerType;\n transportOptions?:\n \| SSEClientTransportOptions\n \| StreamableHTTPClientTransportOptions;\n url: string;\n}): Promise<Server> => {\n let transport: SSEClientTransport \| StreamableHTTPClientTransport;\n switch (serverType) {\n case ServerType.SSE:\n transport = new SSEClientTransport(new URL(url), transportOptions);\n break;\n default:\n transport = new StreamableHTTPClientTransport(\n new URL(url),\n transportOptions,\n );\n }\n const streamClient = initStreamClient\n ? await initStreamClient()\n : new Client(\n {\n name: \"mcp-proxy\",\n version: \"1.0.0\",\n },\n {\n capabilities: {},\n },\n );\n\n await streamClient.connect(transport);\n\n const serverVersion = streamClient.getServerVersion() as {\n name: string;\n version: string;\n };\n\n const serverCapabilities = streamClient.getServerCapabilities() as {\n capabilities: Record<string, unknown>;\n };\n\n const stdioServer = initStdioServer\n ? await initStdioServer()\n : new Server(serverVersion, {\n capabilities: serverCapabilities,\n });\n\n const stdioTransport = new StdioServerTransport();\n\n await stdioServer.connect(stdioTransport);\n\n await proxyServer({\n client: streamClient,\n server: stdioServer,\n serverCapabilities,\n });\n\n return stdioServer;\n};\n","import { Transport } from \"@modelcontextprotocol/sdk/shared/transport.js\";\nimport { JSONRPCMessage } from \"@modelcontextprotocol/sdk/types.js\";\n\ntype TransportEvent =\n \| {\n error: Error;\n type: \"onerror\";\n }\n \| {\n message: JSONRPCMessage;\n type: \"onmessage\";\n }\n \| {\n message: JSONRPCMessage;\n type: \"send\";\n }\n \| {\n type: \"close\";\n }\n \| {\n type: \"onclose\";\n }\n \| {\n type: \"start\";\n };\n\nexport const tapTransport = (\n transport: Transport,\n eventHandler: (event: TransportEvent) => void,\n): Transport => {\n const originalClose = transport.close.bind(transport);\n const originalOnClose = transport.onclose?.bind(transport);\n const originalOnError = transport.onerror?.bind(transport);\n const originalOnMessage = transport.onmessage?.bind(transport);\n const originalSend = transport.send.bind(transport);\n const originalStart = transport.start.bind(transport);\n\n transport.close = async () => {\n eventHandler({\n type: \"close\",\n });\n\n return originalClose?.();\n };\n\n transport.onclose = async () => {\n eventHandler({\n type: \"onclose\",\n });\n\n return originalOnClose?.();\n };\n\n transport.onerror = async (error: Error) => {\n eventHandler({\n error,\n type: \"onerror\",\n });\n\n return originalOnError?.(error);\n };\n\n transport.onmessage = async (message: JSONRPCMessage) => {\n eventHandler({\n message,\n type: \"onmessage\",\n });\n\n return originalOnMessage?.(message);\n };\n\n transport.send = async (message: JSONRPCMessage) => {\n eventHandler({\n message,\n type: \"send\",\n });\n\n return originalSend?.(message);\n };\n\n transport.start = async () => {\n eventHandler({\n type: \"start\",\n });\n\n return originalStart?.();\n };\n\n return transport;\n};\n"],"x_google_ignoreList":[0,1,2,3,4,5,6,7,8,9,10],"mappings":";;;;AAAA,IAAM,aAAN,cAAyB,MAAM;CAC7B,YAAY,SAAS,SAAS;AAC5B,QAAM,QAAQ,EAAE,KAAK,OAAO,cAAc,KAAK,OAAO,QAAQ,MAAM,KAAK,QAAQ,QAAQ,OAAO,KAAK,QAAQ,QAAQ,OAAO,KAAK,OAAO,QAAQ;;;AAGpJ,SAAS,KAAK,MAAM;AAEpB,SAAS,aAAa,WAAW;AAC/B,KAAI,OAAO,aAAa,WACtB,OAAM,IAAI,UACR,uFACD;CACH,MAAM,EAAE,UAAU,MAAM,UAAU,MAAM,UAAU,MAAM,cAAc;CACtE,IAAI,iBAAiB,IAAI,eAAe,CAAC,GAAG,IAAI,OAAO,IAAI,YAAY;CACvE,SAAS,KAAK,UAAU;EACtB,MAAM,QAAQ,eAAe,SAAS,QAAQ,iBAAiB,GAAG,GAAG,UAAU,CAAC,UAAU,cAAc,WAAW,GAAG,iBAAiB,QAAQ;AAC/I,OAAK,MAAM,QAAQ,SACjB,WAAU,KAAK;AACjB,mBAAiB,YAAY,eAAe,CAAC;;CAE/C,SAAS,UAAU,MAAM;AACvB,MAAI,SAAS,IAAI;AACf,kBAAe;AACf;;AAEF,MAAI,KAAK,WAAW,IAAI,EAAE;AACxB,gBAAa,UAAU,KAAK,MAAM,KAAK,WAAW,KAAK,GAAG,IAAI,EAAE,CAAC;AACjE;;EAEF,MAAM,sBAAsB,KAAK,QAAQ,IAAI;AAC7C,MAAI,wBAAwB,IAAI;GAC9B,MAAM,QAAQ,KAAK,MAAM,GAAG,oBAAoB,EAAE,SAAS,KAAK,sBAAsB,OAAO,MAAM,IAAI,GAAG,QAAQ,KAAK,MAAM,sBAAsB,OAAO;AAC1J,gBAAa,OAAO,OAAO,KAAK;AAChC;;AAEF,eAAa,MAAM,IAAI,KAAK;;CAE9B,SAAS,aAAa,OAAO,OAAO,MAAM;AACxC,UAAQ,OAAR;GACE,KAAK;AACH,gBAAY;AACZ;GACF,KAAK;AACH,WAAO,GAAG,OAAO,MAAM;;AAEvB;GACF,KAAK;AACH,SAAK,MAAM,SAAS,KAAK,GAAG,KAAK,IAAI;AACrC;GACF,KAAK;AACH,YAAQ,KAAK,MAAM,GAAG,QAAQ,SAAS,OAAO,GAAG,CAAC,GAAG,QACnD,IAAI,WAAW,6BAA6B,MAAM,IAAI;KACpD,MAAM;KACN;KACA;KACD,CAAC,CACH;AACD;GACF;AACE,YACE,IAAI,WACF,kBAAkB,MAAM,SAAS,KAAK,GAAG,MAAM,MAAM,GAAG,GAAG,CAAC,UAAU,MAAM,IAC5E;KAAE,MAAM;KAAiB;KAAO;KAAO;KAAM,CAC9C,CACF;AACD;;;CAGN,SAAS,gBAAgB;AACvB,OAAK,SAAS,KAAK,QAAQ;GACzB;GACA,OAAO,aAAa,KAAK;GAGzB,MAAM,KAAK,SAAS;EACxB,GAAG,KAAK,MAAM,GAAG,GAAG,GAAG;GACpB,CAAC,EAAE,KAAK,KAAK,GAAG,OAAO,IAAI,YAAY;;CAE1C,SAAS,MAAM,UAAU,EAAE,EAAE;AAC3B,oBAAkB,QAAQ,WAAW,UAAU,eAAe,EAAE,eAAe,CAAC,GAAG,KAAK,KAAK,GAAG,OAAO,IAAI,YAAY,IAAI,iBAAiB;;AAE9I,QAAO;EAAE;EAAM;EAAO;;AAExB,SAAS,WAAW,OAAO;CACzB,MAAM,QAAQ,EAAE;CAChB,IAAI,iBAAiB,IAAI,cAAc;AACvC,QAAO,cAAc,MAAM,SAAU;EACnC,MAAM,UAAU,MAAM,QAAQ,MAAM,YAAY,EAAE,UAAU,MAAM,QAAQ;GAC3E,YAAY;EACX,IAAI,UAAU;AACd,MAAI,YAAY,MAAM,YAAY,KAAK,UAAU,KAAK,IAAI,SAAS,QAAQ,GAAG,YAAY,KAAK,YAAY,MAAM,SAAS,IAAI,UAAU,KAAK,UAAU,UAAU,YAAY,OAAO,UAAU,UAAU,YAAY,IAAI;AACtN,oBAAiB,MAAM,MAAM,YAAY;AACzC;SACK;GACL,MAAM,OAAO,MAAM,MAAM,aAAa,QAAQ;AAC9C,SAAM,KAAK,KAAK,EAAE,cAAc,UAAU,GAAG,MAAM,cAAc,OAAO,QAAQ,MAAM,iBAAiB;KACxG;;;AAGH,QAAO,CAAC,OAAO,eAAe;;;;;AClGhC,IAAM,aAAN,cAAyB,MAAM;;;;;;;;CAQ7B,YAAY,MAAM,oBAAoB;EACpC,IAAI,IAAI;AACR,QAAM,KAAK,EAAE,KAAK,QAAQ,KAAK,sBAAsB,OAAO,KAAK,IAAI,mBAAmB,SAAS,OAAO,KAAK,KAAK,GAAG,KAAK,WAAW,KAAK,sBAAsB,OAAO,KAAK,IAAI,mBAAmB,YAAY,OAAO,KAAK,KAAK;;;;;;;;;;;;;;CAclO,CAAC,OAAO,IAAI,6BAA6B,EAAE,QAAQ,SAAS,SAAS;AACnE,SAAO,QAAQ,iBAAiB,KAAK,EAAE,QAAQ;;;;;;;;;;;;;CAajD,CAAC,OAAO,IAAI,qBAAqB,EAAE,SAAS,SAAS;AACnD,SAAO,QAAQ,iBAAiB,KAAK,EAAE,QAAQ;;;AAGnD,SAAS,YAAY,SAAS;CAC5B,MAAM,eAAe,WAAW;AAChC,QAAO,OAAO,gBAAgB,aAAa,IAAI,aAAa,SAAS,cAAc,GAAG,IAAI,YAAY,QAAQ;;AAEhH,SAAS,aAAa,KAAK;AACzB,QAAO,eAAe,QAAQ,YAAY,OAAO,MAAM,QAAQ,IAAI,OAAO,GAAG,IAAI,OAAO,IAAI,aAAa,CAAC,KAAK,KAAK,GAAG,WAAW,OAAO,IAAI,iBAAiB,QAAQ,GAAG,IAAI,IAAI,aAAa,IAAI,MAAM,KAAK,IAAI,UAAU,GAAG;;AAEhO,SAAS,iBAAiB,KAAK;AAC7B,QAAO;EACL,MAAM,IAAI;EACV,SAAS,IAAI;EACb,MAAM,IAAI;EACV,kBAAkB,IAAI;EACtB,YAAY,IAAI;EAChB,WAAW,IAAI;EAChB;;AAEH,IAAI,eAAe,QAAQ;AACzB,OAAM,UAAU,IAAI;GACnB,iBAAiB,KAAK,QAAQ,QAAQ,OAAO,IAAI,IAAI,IAAI,YAAY,YAAY,IAAI,EAAE,gBAAgB,KAAK,QAAQ,YAAY,cAAc,KAAK,QAAQ,0BAA0B,EAAE,SAAS,OAAO,KAAK,IAAI,GAAG,OAAO,IAAI,IAAI,GAAG,gBAAgB,KAAK,QAAQ,UAAU,OAAO,IAAI,IAAI,GAAG,YAAY,oDAAoD,GAAG,kBAAkB,UAAU,OAAO,IAAI,IAAI,GAAG,OAAO,IAAI,KAAK,MAAM,EAAE,gBAAgB,KAAK,QAAQ,OAAO,YAAY,cAAc,KAAK,QAAQ,yBAAyB,EAAE,OAAO,IAAI,KAAK,MAAM,EAAE,QAAQ,mBAAmB,KAAK,QAAQ,YAAY,cAAc,KAAK,QAAQ,wBAAwB,EAAE,SAAS,aAAa,MAAM,cAAc,kBAAkB,QAAQ,oBAAoB,iBAAiB,cAAc,aAAa,SAAS,UAAU,YAAY,SAAS,wBAAwB,YAAY,kBAAkB,eAAe,sBAAsB,UAAU,gBAAgB,mBAAmB,sBAAsB;AAC39B,IAAM,cAAN,cAA0B,YAAY;CACpC,YAAY,KAAK,qBAAqB;EACpC,IAAI,IAAI;AACR,SAAO,EAAE,aAAa,MAAM,uBAAuB,EAAE,KAAK,aAAa,GAAG,KAAK,OAAO,GAAG,KAAK,SAAS,GAAG,aAAa,MAAM,YAAY,EAAE,aAAa,MAAM,KAAK,EAAE,aAAa,MAAM,aAAa,EAAE,aAAa,MAAM,iBAAiB,EAAE,aAAa,MAAM,OAAO,EAAE,aAAa,MAAM,mBAAmB,EAAE,aAAa,MAAM,gBAAgB,EAAE,aAAa,MAAM,cAAc,KAAK,EAAE,aAAa,MAAM,YAAY,EAAE,aAAa,MAAM,QAAQ,EAAE,aAAa,MAAM,UAAU,KAAK,EAAE,aAAa,MAAM,YAAY,KAAK,EAAE,aAAa,MAAM,SAAS,KAAK,EAAE,aAAa,MAAM,kBAAkB,OAAO,aAAa;GAChmB,IAAI;AACJ,gBAAa,MAAM,QAAQ,CAAC,OAAO;GACnC,MAAM,EAAE,MAAM,YAAY,QAAQ,YAAY;AAC9C,OAAI,WAAW,KAAK;AAClB,oBAAgB,MAAM,wBAAwB,kBAAkB,CAAC,KAAK,MAAM,0CAA0C,IAAI,EAAE,KAAK,OAAO;AACxI;;AAEF,OAAI,aAAa,aAAa,MAAM,cAAc,IAAI,IAAI,SAAS,IAAI,CAAC,GAAG,aAAa,MAAM,cAAc,KAAK,EAAE,EAAE,WAAW,KAAK;AACnI,oBAAgB,MAAM,wBAAwB,kBAAkB,CAAC,KAAK,MAAM,wBAAwB,OAAO,IAAI,OAAO;AACtH;;AAEF,OAAI,EAAE,QAAQ,IAAI,eAAe,IAAI,IAAI,WAAW,oBAAoB,EAAE;AACxE,oBAAgB,MAAM,wBAAwB,kBAAkB,CAAC,KAAK,MAAM,wDAAsD,OAAO;AACzI;;AAEF,OAAI,aAAa,MAAM,YAAY,KAAK,KAAK,OAC3C;AACF,gBAAa,MAAM,aAAa,KAAK,KAAK;GAC1C,MAAM,YAAY,IAAI,MAAM,OAAO;AACnC,QAAK,MAAM,aAAa,MAAM,QAAQ,KAAK,QAAQ,IAAI,KAAK,MAAM,UAAU,EAAE,KAAK,cAAc,UAAU,EAAE,OAAO,QAAQ,YAAY,CAAC,QAAQ,EAAE,eAAe,OAAO;AACvK,oBAAgB,MAAM,wBAAwB,kBAAkB,CAAC,KAAK,MAAM,wDAAwD,OAAO,EAAE,KAAK,OAAO;AACzJ;;GAEF,MAAM,UAAU,IAAI,aAAa,EAAE,SAAS,KAAK,WAAW;GAC5D,IAAI,OAAO,CAAC;AACZ,MAAG;IACD,MAAM,EAAE,MAAM,UAAU,MAAM,OAAO,MAAM;AAC3C,aAAS,aAAa,MAAM,QAAQ,CAAC,KAAK,QAAQ,OAAO,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,EAAE,SAAS,OAAO,CAAC,GAAG,aAAa,MAAM,QAAQ,CAAC,OAAO,EAAE,gBAAgB,MAAM,wBAAwB,qBAAqB,CAAC,KAAK,KAAK;YACrN;IACT,EAAE,aAAa,MAAM,gBAAgB,QAAQ;AAC7C,gBAAa,MAAM,aAAa,KAAK,EAAE,EAAE,EAAE,IAAI,SAAS,gBAAgB,IAAI,SAAS,cAAc,gBAAgB,MAAM,wBAAwB,qBAAqB,CAAC,KAAK,MAAM,aAAa,IAAI,CAAC;IACpM,EAAE,aAAa,MAAM,WAAW,UAAU;AAC1C,UAAO,MAAM,MAAM,YAAY,aAAa,MAAM,cAAc,MAAM,GAAG;GACzE,MAAM,eAAe,IAAI,aAAa,MAAM,SAAS,WAAW;IAC9D,MAAM,MAAM;IACZ,QAAQ,aAAa,MAAM,aAAa,GAAG,aAAa,MAAM,aAAa,CAAC,SAAS,aAAa,MAAM,KAAK,CAAC;IAC9G,aAAa,MAAM,MAAM;IAC1B,CAAC;AACF,gBAAa,MAAM,WAAW,KAAK,CAAC,MAAM,SAAS,MAAM,UAAU,cAAc,aAAa,MAAM,WAAW,CAAC,KAAK,MAAM,aAAa,EAAE,KAAK,cAAc,aAAa;IAC1K,EAAE,aAAa,MAAM,iBAAiB,UAAU;AAChD,gBAAa,MAAM,oBAAoB,MAAM;IAC7C,EAAE,aAAa,MAAM,kBAAkB;AACvC,gBAAa,MAAM,iBAAiB,KAAK,EAAE,EAAE,aAAa,MAAM,YAAY,KAAK,KAAK,cAAc,gBAAgB,MAAM,wBAAwB,WAAW,CAAC,KAAK,KAAK;IACxK;AACF,MAAI;AACF,OAAI,eAAe,IACjB,cAAa,MAAM,MAAM,IAAI;YACtB,OAAO,OAAO,SACrB,cAAa,MAAM,MAAM,IAAI,IAAI,KAAK,YAAY,CAAC,CAAC;OAEpD,OAAM,IAAI,MAAM,cAAc;UAC1B;AACN,SAAM,YAAY,6CAA6C;;AAEjE,eAAa,MAAM,SAAS,aAAa;GACvC,SAAS,aAAa,MAAM,SAAS;GACrC,SAAS,aAAa,MAAM,eAAe;GAC5C,CAAC,CAAC,EAAE,aAAa,MAAM,aAAa,KAAK,WAAW,EAAE,aAAa,MAAM,oBAAoB,IAAI,EAAE,aAAa,MAAM,SAAS,KAAK,uBAAuB,OAAO,KAAK,IAAI,oBAAoB,UAAU,OAAO,KAAK,WAAW,MAAM,EAAE,aAAa,MAAM,mBAAmB,KAAK,uBAAuB,OAAO,KAAK,IAAI,oBAAoB,oBAAoB,OAAO,KAAK,CAAC,EAAE,EAAE,gBAAgB,MAAM,wBAAwB,WAAW,CAAC,KAAK,KAAK;;;;;;;;;;;;CAY1b,IAAI,aAAa;AACf,SAAO,aAAa,MAAM,YAAY;;;;;;;;;CASxC,IAAI,MAAM;AACR,SAAO,aAAa,MAAM,KAAK,CAAC;;;;;;;CAOlC,IAAI,kBAAkB;AACpB,SAAO,aAAa,MAAM,iBAAiB;;;CAG7C,IAAI,UAAU;AACZ,SAAO,aAAa,MAAM,SAAS;;CAErC,IAAI,QAAQ,OAAO;AACjB,eAAa,MAAM,UAAU,MAAM;;;CAGrC,IAAI,YAAY;AACd,SAAO,aAAa,MAAM,WAAW;;CAEvC,IAAI,UAAU,OAAO;AACnB,eAAa,MAAM,YAAY,MAAM;;;CAGvC,IAAI,SAAS;AACX,SAAO,aAAa,MAAM,QAAQ;;CAEpC,IAAI,OAAO,OAAO;AAChB,eAAa,MAAM,SAAS,MAAM;;CAEpC,iBAAiB,MAAM,UAAU,SAAS;EACxC,MAAM,SAAS;AACf,QAAM,iBAAiB,MAAM,QAAQ,QAAQ;;CAE/C,oBAAoB,MAAM,UAAU,SAAS;EAC3C,MAAM,SAAS;AACf,QAAM,oBAAoB,MAAM,QAAQ,QAAQ;;;;;;;;;CASlD,QAAQ;AACN,eAAa,MAAM,gBAAgB,IAAI,aAAa,aAAa,MAAM,gBAAgB,CAAC,EAAE,aAAa,MAAM,YAAY,KAAK,KAAK,WAAW,aAAa,MAAM,YAAY,IAAI,aAAa,MAAM,YAAY,CAAC,OAAO,EAAE,aAAa,MAAM,aAAa,KAAK,OAAO,EAAE,aAAa,MAAM,aAAa,KAAK,EAAE;;;AAGnT,8BAA8B,IAAI,SAAS,EAAE,uBAAuB,IAAI,SAAS,EAAE,+BAA+B,IAAI,SAAS,EAAE,mCAAmC,IAAI,SAAS,EAAE,yBAAyB,IAAI,SAAS,EAAE,qCAAqC,IAAI,SAAS,EAAE,kCAAkC,IAAI,SAAS,EAAE,+BAA+B,IAAI,SAAS,EAAE,8BAA8B,IAAI,SAAS,EAAE,0BAA0B,IAAI,SAAS,EAAE,2BAA2B,IAAI,SAAS,EAAE,6BAA6B,IAAI,SAAS,EAAE,0BAA0B,IAAI,SAAS,EAAE,yCAAyC,IAAI,SAAS,EAKznB,aAAa,WAAW;AACtB,cAAa,MAAM,aAAa,KAAK,WAAW,EAAE,aAAa,MAAM,aAAa,IAAI,iBAAiB,CAAC,EAAE,aAAa,MAAM,OAAO,CAAC,aAAa,MAAM,KAAK,EAAE,gBAAgB,MAAM,wBAAwB,qBAAqB,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK,aAAa,MAAM,iBAAiB,CAAC,CAAC,MAAM,aAAa,MAAM,cAAc,CAAC;GACjU,mCAAmC,IAAI,SAAS,EAAE,gCAAgC,IAAI,SAAS,EAMlG,uBAAuB,WAAW;CAChC,IAAI;CACJ,MAAM,OAAO;EAGX,MAAM;EACN,UAAU;EACV,SAAS;GAAE,QAAQ;GAAqB,GAAG,aAAa,MAAM,aAAa,GAAG,EAAE,iBAAiB,aAAa,MAAM,aAAa,EAAE,GAAG,KAAK;GAAG;EAC9I,OAAO;EACP,SAAS,KAAK,aAAa,MAAM,YAAY,KAAK,OAAO,KAAK,IAAI,GAAG;EACtE;AACD,QAAO,YAAY,eAAe,KAAK,cAAc,KAAK,kBAAkB,YAAY,gBAAgB;GACvG,2BAA2B,IAAI,SAAS,EAAE,iCAAiC,IAAI,SAAS,EAO3F,oBAAoB,SAAS,SAAS,MAAM;CAC1C,IAAI;AACJ,cAAa,MAAM,YAAY,KAAK,KAAK,UAAU,aAAa,MAAM,aAAa,KAAK,OAAO;CAC/F,MAAM,aAAa,IAAI,WAAW,SAAS;EAAE;EAAM;EAAS,CAAC;AAC7D,EAAC,KAAK,aAAa,MAAM,SAAS,KAAK,QAAQ,GAAG,KAAK,MAAM,WAAW,EAAE,KAAK,cAAc,WAAW;GAQ1G,uBAAuB,SAAS,SAAS,MAAM;CAC7C,IAAI;AACJ,KAAI,aAAa,MAAM,YAAY,KAAK,KAAK,OAC3C;AACF,cAAa,MAAM,aAAa,KAAK,WAAW;CAChD,MAAM,aAAa,IAAI,WAAW,SAAS;EAAE;EAAM;EAAS,CAAC;AAC7D,EAAC,KAAK,aAAa,MAAM,SAAS,KAAK,QAAQ,GAAG,KAAK,MAAM,WAAW,EAAE,KAAK,cAAc,WAAW,EAAE,aAAa,MAAM,iBAAiB,WAAW,aAAa,MAAM,WAAW,EAAE,aAAa,MAAM,mBAAmB,CAAC,CAAC;GAChO,6BAA6B,IAAI,SAAS,EAK7C,YAAY,aAAa,GAKzB,YAAY,OAAO,GAKnB,YAAY,SAAS;AACrB,SAAS,aAAa;CACpB,MAAM,MAAM,cAAc,aAAa,WAAW,WAAW,KAAK;AAClE,QAAO,OAAO,OAAO,OAAO,YAAY,aAAa,OAAO,OAAO,IAAI,WAAW,WAAW,IAAI,UAAU,KAAK;;;;;AC1QlH,IAAI;AACJ,SACI,WAAW,QAAQ,aACf,WAAW,UACX,OAAO,eAAe,MAAK,MAAK,EAAE,UAAU;;;;;;AAMpD,eAAe,gBAAgB,MAAM;AACjC,SAAQ,MAAM,QAAQ,gBAAgB,IAAI,WAAW,KAAK,CAAC;;;;;;AAM/D,eAAe,OAAO,MAAM;CACxB,MAAM,OAAO;CACb,IAAI,SAAS;CACb,MAAM,cAAc,MAAM,gBAAgB,KAAK;AAC/C,MAAK,IAAI,IAAI,GAAG,IAAI,MAAM,KAAK;EAE3B,MAAM,cAAc,YAAY,KAAK;AACrC,YAAU,KAAK;;AAEnB,QAAO;;;;;;AAMX,eAAe,iBAAiB,QAAQ;AACpC,QAAO,MAAM,OAAO,OAAO;;;;;;AAM/B,eAAsB,kBAAkB,eAAe;CACnD,MAAM,SAAS,OAAO,MAAM,QAAQ,OAAO,OAAO,WAAW,IAAI,aAAa,CAAC,OAAO,cAAc,CAAC;AAIrG,QAAO,KAAK,OAAO,aAAa,GAAG,IAAI,WAAW,OAAO,CAAC,CAAC,CACtD,QAAQ,OAAO,IAAI,CACnB,QAAQ,OAAO,IAAI,CACnB,QAAQ,MAAM,GAAG;;;;;;AAM1B,eAA8B,cAAc,QAAQ;AAChD,KAAI,CAAC,OACD,UAAS;AACb,KAAI,SAAS,MAAM,SAAS,IACxB,OAAM,kDAAkD,OAAO;CAEnE,MAAM,WAAW,MAAM,iBAAiB,OAAO;CAC/C,MAAM,YAAY,MAAM,kBAAkB,SAAS;AACnD,QAAO;EACH,eAAe;EACf,gBAAgB;EACnB;;;;;;;;AC5DL,MAAa,gBAAgBA,YAAU,CAAC,KAAK,CACxC,aAAa,KAAK,QAAQ;AAC3B,KAAI,CAAC,IAAI,SAAS,IAAI,EAAE;AACpB,MAAI,SAAS;GACT,mBAAqB;GACrB,SAAS;GACT,OAAO;GACV,CAAC;AACF,SAAOC;;EAEb,CAAC,QAAQ,QAAQ;CACf,MAAM,IAAI,IAAI,IAAI,IAAI;AACtB,QAAO,EAAE,aAAa,iBAAiB,EAAE,aAAa,WAAW,EAAE,aAAa;GACjF,EAAE,SAAS,0DAA0D,CAAC;;;;AAIzE,MAAa,uCAAuCC,WACxC;CACR,UAAUF,YAAU,CAAC,KAAK;CAC1B,uBAAuBG,UAAQ,cAAc,CAAC,UAAU;CACxD,UAAUH,YAAU,CAAC,KAAK,CAAC,UAAU;CACrC,kBAAkBG,UAAQH,YAAU,CAAC,CAAC,UAAU;CAChD,0BAA0BG,UAAQH,YAAU,CAAC,CAAC,UAAU;CACxD,uCAAuCG,UAAQH,YAAU,CAAC,CAAC,UAAU;CACrE,eAAeA,YAAU,CAAC,UAAU;CACpC,wBAAwBA,YAAU,CAAC,UAAU;CAC7C,qBAAqBA,YAAU,CAAC,KAAK,CAAC,UAAU;CAChD,kBAAkBA,YAAU,CAAC,KAAK,CAAC,UAAU;CAC7C,4CAA4CI,aAAW,CAAC,UAAU;CAClE,uCAAuCD,UAAQH,YAAU,CAAC,CAAC,UAAU;CACrE,mCAAmCG,UAAQH,YAAU,CAAC,CAAC,UAAU;CACjE,mCAAmCI,aAAW,CAAC,UAAU;CAC5D,CAAC,CACG,aAAa;;;;AAIlB,MAAa,sBAAsBF,WACvB;CACR,QAAQF,YAAU;CAClB,wBAAwB;CACxB,gBAAgB;CAChB,uBAAuB,cAAc,UAAU;CAC/C,kBAAkBG,UAAQH,YAAU,CAAC,CAAC,UAAU;CAChD,0BAA0BG,UAAQH,YAAU,CAAC;CAC7C,0BAA0BG,UAAQH,YAAU,CAAC,CAAC,UAAU;CACxD,uBAAuBG,UAAQH,YAAU,CAAC,CAAC,UAAU;CACrD,uCAAuCG,UAAQH,YAAU,CAAC,CAAC,UAAU;CACrE,kDAAkDK,UACvCL,YAAU,CAAC,CACjB,UAAU;CACf,uBAAuB,cAAc,UAAU;CAC/C,qBAAqB,cAAc,UAAU;CAC7C,4CAA4CG,UAAQH,YAAU,CAAC,CAAC,UAAU;CAC1E,uDAAuDK,UAC5CL,YAAU,CAAC,CACjB,UAAU;CACf,wBAAwBA,YAAU,CAAC,UAAU;CAC7C,+CAA+CK,UACpCL,YAAU,CAAC,CACjB,UAAU;CACf,0DAA0DK,UAC/CL,YAAU,CAAC,CACjB,UAAU;CACf,kCAAkCG,UAAQH,YAAU,CAAC,CAAC,UAAU;CACnE,CAAC,CACG,aAAa;;;;;AAKlB,MAAa,+BAA+BE,WAChC;CACR,QAAQF,YAAU;CAClB,wBAAwB;CACxB,gBAAgB;CAChB,mBAAmB,cAAc,UAAU;CAC3C,UAAU;CACV,uBAAuB,cAAc,UAAU;CAC/C,kBAAkBG,UAAQH,YAAU,CAAC,CAAC,UAAU;CAChD,0BAA0BG,UAAQH,YAAU,CAAC;CAC7C,0BAA0BG,UAAQH,YAAU,CAAC,CAAC,UAAU;CACxD,uBAAuBG,UAAQH,YAAU,CAAC,CAAC,UAAU;CACrD,sBAAsBG,UAAQH,YAAU,CAAC,CAAC,UAAU;CACpD,yBAAyBG,UAAQH,YAAU,CAAC;CAC5C,uCAAuCG,UAAQH,YAAU,CAAC;CAC1D,0CAA0CG,UAAQH,YAAU,CAAC,CAAC,UAAU;CACxE,0CAA0CG,UAAQH,YAAU,CAAC,CAAC,UAAU;CACxE,uCAAuCG,UAAQH,YAAU,CAAC,CAAC,UAAU;CACrE,0CAA0CG,UAAQH,YAAU,CAAC,CAAC,UAAU;CACxE,0CAA0CG,UAAQH,YAAU,CAAC,CAAC,UAAU;CACxE,6CAA6CG,UAAQH,YAAU,CAAC,CAAC,UAAU;CAC3E,gDAAgDK,UACrCL,YAAU,CAAC,CACjB,UAAU;CACf,gDAAgDK,UACrCL,YAAU,CAAC,CACjB,UAAU;CACf,uCAAuCG,UAAQH,YAAU,CAAC,CAAC,UAAU;CACrE,kDAAkDK,UACvCL,YAAU,CAAC,CACjB,UAAU;CACf,0BAA0BG,UAAQH,YAAU,CAAC,CAAC,UAAU;CACxD,uBAAuBG,UAAQH,YAAU,CAAC,CAAC,UAAU;CACrD,kBAAkBG,UAAQH,YAAU,CAAC,CAAC,UAAU;CAChD,uBAAuBA,YAAU,CAAC,UAAU;CAC5C,0BAA0BG,UAAQH,YAAU,CAAC,CAAC,UAAU;CACxD,sBAAsBG,UAAQH,YAAU,CAAC,CAAC,UAAU;CACpD,4BAA4BI,aAAW,CAAC,UAAU;CAClD,6BAA6BA,aAAW,CAAC,UAAU;CACnD,iCAAiCA,aAAW,CAAC,UAAU;CACvD,kCAAkCA,aAAW,CAAC,UAAU;CACxD,eAAe,cAAc,UAAU;CACvC,YAAY,cAAc,UAAU;CACvC,CAAC,CACG,aAAa;;;;;;AAMlB,MAAa,wCAAwC,6BAA6B,MAAM,oBAAoB,KAAK,EAC7G,kCAAkC,MACrC,CAAC,CAAC;;;;AAIH,MAAa,oBAAoBF,WACrB;CACR,cAAcF,YAAU;CACxB,UAAUA,YAAU,CAAC,UAAU;CAC/B,YAAYA,YAAU;CACtB,YAAYM,YAAU,CAAC,UAAU;CACjC,OAAON,YAAU,CAAC,UAAU;CAC5B,eAAeA,YAAU,CAAC,UAAU;CACvC,CAAC,CACG,OAAO;;;;AAIZ,MAAa,2BAA2BE,WAC5B;CACR,OAAOF,YAAU;CACjB,mBAAmBA,YAAU,CAAC,UAAU;CACxC,WAAWA,YAAU,CAAC,UAAU;CACnC,CAAC;;;;AAIF,MAAa,4BAA4BO,WAAS;CAC9C,eAAeJ,UAAQ,cAAc;CACrC,4BAA4BH,YAAU,CAAC,UAAU;CACjD,aAAaG,UAAQH,YAAU,CAAC,CAAC,UAAU;CAC3C,gBAAgBG,UAAQH,YAAU,CAAC,CAAC,UAAU;CAC9C,aAAaA,YAAU,CAAC,UAAU;CAClC,YAAY,cAAc,UAAU;CACpC,UAAU,cAAc,UAAU;CAClC,OAAOA,YAAU,CAAC,UAAU;CAC5B,UAAUG,UAAQH,YAAU,CAAC,CAAC,UAAU;CACxC,SAAS,cAAc,UAAU;CACjC,YAAYA,YAAU,CAAC,UAAU;CACjC,UAAU,cAAc,UAAU;CAClC,MAAMQ,SAAO,CAAC,UAAU;CACxB,aAAaR,YAAU,CAAC,UAAU;CAClC,kBAAkBA,YAAU,CAAC,UAAU;CACvC,oBAAoBA,YAAU,CAAC,UAAU;CAC5C,CAAC,CAAC,OAAO;;;;AAIV,MAAa,+BAA+BO,WAAS;CACjD,WAAWP,YAAU;CACrB,eAAeA,YAAU,CAAC,UAAU;CACpC,qBAAqBM,YAAU,CAAC,UAAU;CAC1C,0BAA0BA,YAAU,CAAC,UAAU;CAClD,CAAC,CAAC,OAAO;;;;AAIV,MAAa,mCAAmC,0BAA0B,MAAM,6BAA6B;;;;AAI7G,MAAa,qCAAqCC,WAAS;CACvD,OAAOP,YAAU;CACjB,mBAAmBA,YAAU,CAAC,UAAU;CAC3C,CAAC,CAAC,OAAO;;;;AAIV,MAAa,oCAAoCO,WAAS;CACtD,OAAOP,YAAU;CACjB,iBAAiBA,YAAU,CAAC,UAAU;CACzC,CAAC,CAAC,OAAO;;;;;;;;;;;;AC9LV,SAAgB,yBAAyB,KAAK;CAC1C,MAAM,cAAc,OAAO,QAAQ,WAAW,IAAI,IAAI,IAAI,GAAG,IAAI,IAAI,IAAI,KAAK;AAC9E,aAAY,OAAO;AACnB,QAAO;;;;;;;;;;;AAWX,SAAgB,qBAAqB,EAAE,mBAAmB,sBAAsB;CAC5E,MAAM,YAAY,OAAO,sBAAsB,WAAW,IAAI,IAAI,kBAAkB,GAAG,IAAI,IAAI,kBAAkB,KAAK;CACtH,MAAM,aAAa,OAAO,uBAAuB,WAAW,IAAI,IAAI,mBAAmB,GAAG,IAAI,IAAI,mBAAmB,KAAK;AAE1H,KAAI,UAAU,WAAW,WAAW,OAChC,QAAO;AAGX,KAAI,UAAU,SAAS,SAAS,WAAW,SAAS,OAChD,QAAO;CAQX,MAAM,gBAAgB,UAAU,SAAS,SAAS,IAAI,GAAG,UAAU,WAAW,UAAU,WAAW;CACnG,MAAM,iBAAiB,WAAW,SAAS,SAAS,IAAI,GAAG,WAAW,WAAW,WAAW,WAAW;AACvG,QAAO,cAAc,WAAW,eAAe;;;;;;;;ACtCnD,IAAa,aAAb,cAAgC,MAAM;CAClC,YAAY,SAAS,UAAU;AAC3B,QAAM,QAAQ;AACd,OAAK,WAAW;AAChB,OAAK,OAAO,KAAK,YAAY;;;;;CAKjC,mBAAmB;EACf,MAAM,WAAW;GACb,OAAO,KAAK;GACZ,mBAAmB,KAAK;GAC3B;AACD,MAAI,KAAK,SACL,UAAS,YAAY,KAAK;AAE9B,SAAO;;CAEX,IAAI,YAAY;AACZ,SAAO,KAAK,YAAY;;;;;;;;AAQhC,IAAa,sBAAb,cAAyC,WAAW;AAEpD,oBAAoB,YAAY;;;;;AAKhC,IAAa,qBAAb,cAAwC,WAAW;AAEnD,mBAAmB,YAAY;;;;;;AAM/B,IAAa,oBAAb,cAAuC,WAAW;AAElD,kBAAkB,YAAY;;;;;AAK9B,IAAa,0BAAb,cAA6C,WAAW;AAExD,wBAAwB,YAAY;;;;;AAKpC,IAAa,4BAAb,cAA+C,WAAW;AAE1D,0BAA0B,YAAY;;;;;AAKtC,IAAa,oBAAb,cAAuC,WAAW;AAElD,kBAAkB,YAAY;;;;AAI9B,IAAa,oBAAb,cAAuC,WAAW;AAElD,kBAAkB,YAAY;;;;;AAK9B,IAAa,cAAb,cAAiC,WAAW;AAE5C,YAAY,YAAY;;;;;AAKxB,IAAa,8BAAb,cAAiD,WAAW;AAE5D,4BAA4B,YAAY;;;;;AAKxC,IAAa,+BAAb,cAAkD,WAAW;AAE7D,6BAA6B,YAAY;;;;;AAKzC,IAAa,4BAAb,cAA+C,WAAW;AAE1D,0BAA0B,YAAY;;;;;AAKtC,IAAa,oBAAb,cAAuC,WAAW;AAElD,kBAAkB,YAAY;;;;;AAK9B,IAAa,wBAAb,cAA2C,WAAW;AAEtD,sBAAsB,YAAY;;;;;AAKlC,IAAa,uBAAb,cAA0C,WAAW;AAErD,qBAAqB,YAAY;;;;;AAKjC,IAAa,6BAAb,cAAgD,WAAW;AAE3D,2BAA2B,YAAY;;;;AAIvC,IAAa,yBAAb,cAA4C,WAAW;AAEvD,uBAAuB,YAAY;;;;AAgBnC,MAAa,eAAe;EACvB,oBAAoB,YAAY;EAChC,mBAAmB,YAAY;EAC/B,kBAAkB,YAAY;EAC9B,wBAAwB,YAAY;EACpC,0BAA0B,YAAY;EACtC,kBAAkB,YAAY;EAC9B,kBAAkB,YAAY;EAC9B,YAAY,YAAY;EACxB,4BAA4B,YAAY;EACxC,6BAA6B,YAAY;EACzC,0BAA0B,YAAY;EACtC,kBAAkB,YAAY;EAC9B,sBAAsB,YAAY;EAClC,qBAAqB,YAAY;EACjC,2BAA2B,YAAY;EACvC,uBAAuB,YAAY;CACvC;;;;ACpKD,IAAa,oBAAb,cAAuC,MAAM;CACzC,YAAY,SAAS;AACjB,QAAM,YAAY,QAAQ,YAAY,KAAK,IAAI,UAAU,eAAe;;;;;;;;;;;;;;;AAehF,SAAS,uBAAuB,mBAAmB,kBAAkB;CACjE,MAAM,kBAAkB,kBAAkB,kBAAkB;AAE5D,KAAI,iBAAiB,WAAW,EAC5B,QAAO,kBAAkB,uBAAuB;AAGpD,KAAI,mBAAmB,iBAAiB,SAAS,sBAAsB,CACnE,QAAO;AAEX,KAAI,mBAAmB,iBAAiB,SAAS,qBAAqB,CAClE,QAAO;AAEX,KAAI,iBAAiB,SAAS,OAAO,CACjC,QAAO;AAGX,QAAO,kBAAkB,uBAAuB;;;;;;;;;;;;;;;;AAgBpD,SAAS,0BAA0B,QAAQ,mBAAmB,SAAS,QAAQ;CAC3E,MAAM,EAAE,WAAW,kBAAkB;AACrC,SAAQ,QAAR;EACI,KAAK;AACD,kBAAe,WAAW,eAAe,QAAQ;AACjD;EACJ,KAAK;AACD,iBAAc,WAAW,eAAe,OAAO;AAC/C;EACJ,KAAK;AACD,mBAAgB,WAAW,OAAO;AAClC;EACJ,QACI,OAAM,IAAI,MAAM,6CAA6C,SAAS;;;;;;AAMlF,SAAS,eAAe,UAAU,cAAc,SAAS;AACrD,KAAI,CAAC,aACD,OAAM,IAAI,MAAM,8DAA8D;CAElF,MAAM,cAAc,KAAK,GAAG,SAAS,GAAG,eAAe;AACvD,SAAQ,IAAI,iBAAiB,SAAS,cAAc;;;;;AAKxD,SAAS,cAAc,UAAU,cAAc,QAAQ;AACnD,QAAO,IAAI,aAAa,SAAS;AACjC,KAAI,aACA,QAAO,IAAI,iBAAiB,aAAa;;;;;AAMjD,SAAS,gBAAgB,UAAU,QAAQ;AACvC,QAAO,IAAI,aAAa,SAAS;;;;;;;;;;;;;AAarC,eAAsB,mBAAmB,OAAO;CAC5C,MAAM,aAAa,iBAAiB,WAAW,MAAM,SAAS;CAC9D,MAAM,OAAO,iBAAiB,WAAW,MAAM,MAAM,MAAM,GAAG;AAC9D,KAAI;EAEA,MAAM,EAAE,OAAO,mBAAmB,cADnB,yBAAyB,MAAM,KAAK,MAAM,KAAK,CAAC;AAG/D,SAAO,KADY,aAAa,UAAU,aACpB,qBAAqB,IAAI,UAAU;UAEtD,OAAO;EAEV,MAAM,eAAe,GAAG,aAAa,QAAQ,WAAW,MAAM,GAAG,gCAAgC,MAAM,cAAc;AACrH,SAAO,IAAI,YAAY,aAAa;;;;;;;;;AAS5C,eAAsB,KAAK,UAAU,SAAS;CAC1C,IAAI,IAAI;AACR,KAAI;AACA,SAAO,MAAM,aAAa,UAAU,QAAQ;UAEzC,OAAO;AAEV,MAAI,iBAAiB,sBAAsB,iBAAiB,yBAAyB;AACjF,WAAQ,KAAK,SAAS,2BAA2B,QAAQ,OAAO,KAAK,IAAI,KAAK,IAAI,GAAG,KAAK,UAAU,MAAM;AAC1G,UAAO,MAAM,aAAa,UAAU,QAAQ;aAEvC,iBAAiB,mBAAmB;AACzC,WAAQ,KAAK,SAAS,2BAA2B,QAAQ,OAAO,KAAK,IAAI,KAAK,IAAI,GAAG,KAAK,UAAU,SAAS;AAC7G,UAAO,MAAM,aAAa,UAAU,QAAQ;;AAGhD,QAAM;;;AAGd,eAAe,aAAa,UAAU,EAAE,WAAW,mBAAmB,OAAO,qBAAqB,WAAY;CAC1G,IAAI;CACJ,IAAI;AACJ,KAAI;AACA,qBAAmB,MAAM,uCAAuC,WAAW,EAAE,qBAAqB,EAAE,QAAQ;AAC5G,MAAI,iBAAiB,yBAAyB,iBAAiB,sBAAsB,SAAS,EAC1F,0BAAyB,iBAAiB,sBAAsB;UAGjE,IAAI;;;;;AAOX,KAAI,CAAC,uBACD,0BAAyB;CAE7B,MAAM,WAAW,MAAM,kBAAkB,WAAW,UAAU,iBAAiB;CAC/E,MAAM,WAAW,MAAM,oCAAoC,wBAAwB,EAC/E,SACH,CAAC;CAEF,IAAI,oBAAoB,MAAM,QAAQ,QAAQ,SAAS,mBAAmB,CAAC;AAC3E,KAAI,CAAC,mBAAmB;AACpB,MAAI,sBAAsB,OACtB,OAAM,IAAI,MAAM,sFAAsF;AAE1G,MAAI,CAAC,SAAS,sBACV,OAAM,IAAI,MAAM,qEAAqE;EAEzF,MAAM,kBAAkB,MAAM,eAAe,wBAAwB;GACjE;GACA,gBAAgB,SAAS;GACzB;GACH,CAAC;AACF,QAAM,SAAS,sBAAsB,gBAAgB;AACrD,sBAAoB;;AAGxB,KAAI,sBAAsB,QAAW;EACjC,MAAMS,iBAAe,MAAM,SAAS,cAAc;EAClD,MAAMC,WAAS,MAAM,sBAAsB,wBAAwB;GAC/D;GACA;GACA;GACA;GACA,aAAa,SAAS;GACtB;GACA,yBAAyB,SAAS;GACzB;GACZ,CAAC;AACF,QAAM,SAAS,WAAWA,SAAO;AACjC,SAAO;;CAEX,MAAM,SAAS,MAAM,SAAS,QAAQ;AAEtC,KAAI,WAAW,QAAQ,WAAW,KAAK,IAAI,KAAK,IAAI,OAAO,cACvD,KAAI;EAEA,MAAM,YAAY,MAAM,qBAAqB,wBAAwB;GACjE;GACA;GACA,cAAc,OAAO;GACrB;GACA,yBAAyB,SAAS;GAClC;GACH,CAAC;AACF,QAAM,SAAS,WAAW,UAAU;AACpC,SAAO;UAEJ,OAAO;AAEV,MAAI,EAAE,iBAAiB,eAAe,iBAAiB,aAAa,OAKhE,OAAM;;CAIlB,MAAM,QAAQ,SAAS,QAAQ,MAAM,SAAS,OAAO,GAAG;CAExD,MAAM,EAAE,kBAAkB,iBAAiB,MAAM,mBAAmB,wBAAwB;EACxF;EACA;EACA;EACA,aAAa,SAAS;EACtB,OAAO,SAAS,SAAS,eAAe;EACxC;EACH,CAAC;AACF,OAAM,SAAS,iBAAiB,aAAa;AAC7C,OAAM,SAAS,wBAAwB,iBAAiB;AACxD,QAAO;;AAEX,eAAsB,kBAAkB,WAAW,UAAU,kBAAkB;CAC3E,MAAM,kBAAkB,yBAAyB,UAAU;AAE3D,KAAI,SAAS,oBACT,QAAO,MAAM,SAAS,oBAAoB,iBAAiB,qBAAqB,QAAQ,qBAAqB,KAAK,IAAI,KAAK,IAAI,iBAAiB,SAAS;AAG7J,KAAI,CAAC,iBACD;AAGJ,KAAI,CAAC,qBAAqB;EAAE,mBAAmB;EAAiB,oBAAoB,iBAAiB;EAAU,CAAC,CAC5G,OAAM,IAAI,MAAM,sBAAsB,iBAAiB,SAAS,2BAA2B,gBAAgB,cAAc;AAG7H,QAAO,IAAI,IAAI,iBAAiB,SAAS;;;;;AAK7C,SAAgB,2BAA2B,KAAK;CAC5C,MAAM,qBAAqB,IAAI,QAAQ,IAAI,mBAAmB;AAC9D,KAAI,CAAC,mBACD;CAEJ,MAAM,CAAC,MAAM,UAAU,mBAAmB,MAAM,IAAI;AACpD,KAAI,KAAK,aAAa,KAAK,YAAY,CAAC,OACpC;CAGJ,MAAM,QADQ,8BACM,KAAK,mBAAmB;AAC5C,KAAI,CAAC,MACD;AAEJ,KAAI;AACA,SAAO,IAAI,IAAI,MAAM,GAAG;UAErB,IAAI;AACP;;;;;;;;;AASR,eAAsB,uCAAuC,WAAW,MAAM,UAAU,OAAO;CAC3F,MAAM,WAAW,MAAM,6BAA6B,WAAW,4BAA4B,SAAS;EAChG,iBAAiB,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK;EAClE,aAAa,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK;EACjE,CAAC;AACF,KAAI,CAAC,YAAY,SAAS,WAAW,IACjC,OAAM,IAAI,MAAM,4EAA4E;AAEhG,KAAI,CAAC,SAAS,GACV,OAAM,IAAI,MAAM,QAAQ,SAAS,OAAO,+DAA+D;AAE3G,QAAO,qCAAqC,MAAM,MAAM,SAAS,MAAM,CAAC;;;;;AAK5E,eAAe,mBAAmB,KAAK,SAAS,UAAU,OAAO;AAC7D,KAAI;AACA,SAAO,MAAM,QAAQ,KAAK,EAAE,SAAS,CAAC;UAEnC,OAAO;AACV,MAAI,iBAAiB,UACjB,KAAI,QAEA,QAAO,mBAAmB,KAAK,QAAW,QAAQ;MAIlD;AAGR,QAAM;;;;;;AAMd,SAAS,mBAAmB,iBAAiB,WAAW,IAAI,UAAU,EAAE,EAAE;AAEtE,KAAI,SAAS,SAAS,IAAI,CACtB,YAAW,SAAS,MAAM,GAAG,GAAG;AAEpC,QAAO,QAAQ,kBACT,GAAG,SAAS,eAAe,oBAC3B,gBAAgB,kBAAkB;;;;;AAK5C,eAAe,qBAAqB,KAAK,iBAAiB,UAAU,OAAO;AAIvE,QAAO,MAAM,mBAAmB,KAHhB,EACZ,wBAAwB,iBAC3B,EAC6C,QAAQ;;;;;AAK1D,SAAS,sBAAsB,UAAU,UAAU;AAC/C,QAAO,CAAC,YAAa,SAAS,UAAU,OAAO,SAAS,SAAS,OAAQ,aAAa;;;;;AAK1F,eAAe,6BAA6B,WAAW,eAAe,SAAS,MAAM;CACjF,IAAI,IAAI;CACR,MAAM,SAAS,IAAI,IAAI,UAAU;CACjC,MAAM,mBAAmB,KAAK,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK,qBAAqB,QAAQ,OAAO,KAAK,IAAI,KAAK;CACjI,IAAI;AACJ,KAAI,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK,YACjD,OAAM,IAAI,IAAI,KAAK,YAAY;MAE9B;EAED,MAAM,gBAAgB,mBAAmB,eAAe,OAAO,SAAS;AACxE,QAAM,IAAI,IAAI,gBAAgB,KAAK,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK,uBAAuB,QAAQ,OAAO,KAAK,IAAI,KAAK,OAAO;AAC/I,MAAI,SAAS,OAAO;;CAExB,IAAI,WAAW,MAAM,qBAAqB,KAAK,iBAAiB,QAAQ;AAExE,KAAI,EAAE,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK,gBAAgB,sBAAsB,UAAU,OAAO,SAAS,EAAE;EACrH,MAAM,UAAU,IAAI,IAAI,gBAAgB,iBAAiB,OAAO;AAChE,aAAW,MAAM,qBAAqB,SAAS,iBAAiB,QAAQ;;AAE5E,QAAO;;;;;;;;;AAwCX,SAAgB,mBAAmB,wBAAwB;CACvD,MAAM,MAAM,OAAO,2BAA2B,WAAW,IAAI,IAAI,uBAAuB,GAAG;CAC3F,MAAM,UAAU,IAAI,aAAa;CACjC,MAAM,YAAY,EAAE;AACpB,KAAI,CAAC,SAAS;AAEV,YAAU,KAAK;GACX,KAAK,IAAI,IAAI,2CAA2C,IAAI,OAAO;GACnE,MAAM;GACT,CAAC;AAEF,YAAU,KAAK;GACX,KAAK,IAAI,IAAI,qCAAqC,IAAI,OAAO;GAC7D,MAAM;GACT,CAAC;AACF,SAAO;;CAGX,IAAI,WAAW,IAAI;AACnB,KAAI,SAAS,SAAS,IAAI,CACtB,YAAW,SAAS,MAAM,GAAG,GAAG;AAIpC,WAAU,KAAK;EACX,KAAK,IAAI,IAAI,0CAA0C,YAAY,IAAI,OAAO;EAC9E,MAAM;EACT,CAAC;AAEF,WAAU,KAAK;EACX,KAAK,IAAI,IAAI,2CAA2C,IAAI,OAAO;EACnE,MAAM;EACT,CAAC;AAGF,WAAU,KAAK;EACX,KAAK,IAAI,IAAI,oCAAoC,YAAY,IAAI,OAAO;EACxE,MAAM;EACT,CAAC;AAEF,WAAU,KAAK;EACX,KAAK,IAAI,IAAI,GAAG,SAAS,oCAAoC,IAAI,OAAO;EACxE,MAAM;EACT,CAAC;AACF,QAAO;;;;;;;;;;;;;;;;;;AAkBX,eAAsB,oCAAoC,wBAAwB,EAAE,UAAU,OAAO,kBAAkB,4BAA6B,EAAE,EAAE;CACpJ,IAAI;CACJ,MAAM,UAAU,EAAE,wBAAwB,iBAAiB;CAE3D,MAAM,YAAY,mBAAmB,uBAAuB;AAE5D,MAAK,MAAM,EAAE,KAAK,aAAa,UAAU,WAAW;EAChD,MAAM,WAAW,MAAM,mBAAmB,aAAa,SAAS,QAAQ;AACxE,MAAI,CAAC;;;;;AAKD;AAEJ,MAAI,CAAC,SAAS,IAAI;AAEd,OAAI,SAAS,UAAU,OAAO,SAAS,SAAS,IAC5C;AAEJ,SAAM,IAAI,MAAM,QAAQ,SAAS,OAAO,kBAAkB,SAAS,UAAU,UAAU,kBAAkB,iBAAiB,cAAc;;AAG5I,MAAI,SAAS,QACT,QAAO,oBAAoB,MAAM,MAAM,SAAS,MAAM,CAAC;OAEtD;GACD,MAAM,WAAW,sCAAsC,MAAM,MAAM,SAAS,MAAM,CAAC;AAEnF,OAAI,GAAG,KAAK,SAAS,sCAAsC,QAAQ,OAAO,KAAK,IAAI,KAAK,IAAI,GAAG,SAAS,OAAO,EAC3G,OAAM,IAAI,MAAM,iCAAiC,YAAY,6EAA6E;AAE9I,UAAO;;;;;;;AAQnB,eAAsB,mBAAmB,wBAAwB,EAAE,UAAU,mBAAmB,aAAa,OAAO,OAAO,YAAa;CACpI,MAAM,eAAe;CACrB,MAAM,sBAAsB;CAC5B,IAAI;AACJ,KAAI,UAAU;AACV,qBAAmB,IAAI,IAAI,SAAS,uBAAuB;AAC3D,MAAI,CAAC,SAAS,yBAAyB,SAAS,aAAa,CACzD,OAAM,IAAI,MAAM,4DAA4D,eAAe;AAE/F,MAAI,CAAC,SAAS,oCACV,CAAC,SAAS,iCAAiC,SAAS,oBAAoB,CACxE,OAAM,IAAI,MAAM,oEAAoE,sBAAsB;OAI9G,oBAAmB,IAAI,IAAI,cAAc,uBAAuB;CAGpE,MAAM,YAAY,MAAM,eAAe;CACvC,MAAM,eAAe,UAAU;CAC/B,MAAM,gBAAgB,UAAU;AAChC,kBAAiB,aAAa,IAAI,iBAAiB,aAAa;AAChE,kBAAiB,aAAa,IAAI,aAAa,kBAAkB,UAAU;AAC3E,kBAAiB,aAAa,IAAI,kBAAkB,cAAc;AAClE,kBAAiB,aAAa,IAAI,yBAAyB,oBAAoB;AAC/E,kBAAiB,aAAa,IAAI,gBAAgB,OAAO,YAAY,CAAC;AACtE,KAAI,MACA,kBAAiB,aAAa,IAAI,SAAS,MAAM;AAErD,KAAI,MACA,kBAAiB,aAAa,IAAI,SAAS,MAAM;AAErD,KAAI,UAAU,QAAQ,UAAU,KAAK,IAAI,KAAK,IAAI,MAAM,SAAS,iBAAiB,CAI9E,kBAAiB,aAAa,OAAO,UAAU,UAAU;AAE7D,KAAI,SACA,kBAAiB,aAAa,IAAI,YAAY,SAAS,KAAK;AAEhE,QAAO;EAAE;EAAkB;EAAc;;;;;;;;;;;;;;AAc7C,eAAsB,sBAAsB,wBAAwB,EAAE,UAAU,mBAAmB,mBAAmB,cAAc,aAAa,UAAU,yBAAyB,WAAY;CAC5L,IAAI;CACJ,MAAM,YAAY;CAClB,MAAM,YAAY,aAAa,QAAQ,aAAa,KAAK,IAAI,KAAK,IAAI,SAAS,kBACzE,IAAI,IAAI,SAAS,eAAe,GAChC,IAAI,IAAI,UAAU,uBAAuB;AAC/C,MAAK,aAAa,QAAQ,aAAa,KAAK,IAAI,KAAK,IAAI,SAAS,0BAC9D,CAAC,SAAS,sBAAsB,SAAS,UAAU,CACnD,OAAM,IAAI,MAAM,yDAAyD,YAAY;CAGzF,MAAM,UAAU,IAAI,QAAQ;EACxB,gBAAgB;EAChB,UAAU;EACb,CAAC;CACF,MAAM,SAAS,IAAI,gBAAgB;EAC/B,YAAY;EACZ,MAAM;EACN,eAAe;EACf,cAAc,OAAO,YAAY;EACpC,CAAC;AACF,KAAI,wBACA,yBAAwB,SAAS,QAAQ,wBAAwB,SAAS;MAEzE;EAED,MAAM,oBAAoB,KAAK,aAAa,QAAQ,aAAa,KAAK,IAAI,KAAK,IAAI,SAAS,2CAA2C,QAAQ,OAAO,KAAK,IAAI,KAAK,EAAE;EACtK,MAAM,aAAa,uBAAuB,mBAAmB,iBAAiB;AAC9E,4BAA0B,YAAY,mBAAmB,SAAS,OAAO;;AAE7E,KAAI,SACA,QAAO,IAAI,YAAY,SAAS,KAAK;CAEzC,MAAM,WAAW,OAAO,YAAY,QAAQ,YAAY,KAAK,IAAI,UAAU,OAAO,UAAU;EACxF,QAAQ;EACR;EACA,MAAM;EACT,CAAC;AACF,KAAI,CAAC,SAAS,GACV,OAAM,MAAM,mBAAmB,SAAS;AAE5C,QAAO,kBAAkB,MAAM,MAAM,SAAS,MAAM,CAAC;;;;;;;;;;;;;;AAczD,eAAsB,qBAAqB,wBAAwB,EAAE,UAAU,mBAAmB,cAAc,UAAU,yBAAyB,WAAY;CAC3J,IAAI;CACJ,MAAM,YAAY;CAClB,IAAI;AACJ,KAAI,UAAU;AACV,aAAW,IAAI,IAAI,SAAS,eAAe;AAC3C,MAAI,SAAS,yBACT,CAAC,SAAS,sBAAsB,SAAS,UAAU,CACnD,OAAM,IAAI,MAAM,yDAAyD,YAAY;OAIzF,YAAW,IAAI,IAAI,UAAU,uBAAuB;CAGxD,MAAM,UAAU,IAAI,QAAQ,EACxB,gBAAgB,qCACnB,CAAC;CACF,MAAM,SAAS,IAAI,gBAAgB;EAC/B,YAAY;EACZ,eAAe;EAClB,CAAC;AACF,KAAI,wBACA,yBAAwB,SAAS,QAAQ,wBAAwB,SAAS;MAEzE;EAED,MAAM,oBAAoB,KAAK,aAAa,QAAQ,aAAa,KAAK,IAAI,KAAK,IAAI,SAAS,2CAA2C,QAAQ,OAAO,KAAK,IAAI,KAAK,EAAE;EACtK,MAAM,aAAa,uBAAuB,mBAAmB,iBAAiB;AAC9E,4BAA0B,YAAY,mBAAmB,SAAS,OAAO;;AAE7E,KAAI,SACA,QAAO,IAAI,YAAY,SAAS,KAAK;CAEzC,MAAM,WAAW,OAAO,YAAY,QAAQ,YAAY,KAAK,IAAI,UAAU,OAAO,UAAU;EACxF,QAAQ;EACR;EACA,MAAM;EACT,CAAC;AACF,KAAI,CAAC,SAAS,GACV,OAAM,MAAM,mBAAmB,SAAS;AAE5C,QAAO,kBAAkB,MAAM;EAAE,eAAe;EAAc,GAAI,MAAM,SAAS,MAAM;EAAG,CAAC;;;;;AAK/F,eAAsB,eAAe,wBAAwB,EAAE,UAAU,gBAAgB,WAAY;CACjG,IAAI;AACJ,KAAI,UAAU;AACV,MAAI,CAAC,SAAS,sBACV,OAAM,IAAI,MAAM,yEAAyE;AAE7F,oBAAkB,IAAI,IAAI,SAAS,sBAAsB;OAGzD,mBAAkB,IAAI,IAAI,aAAa,uBAAuB;CAElE,MAAM,WAAW,OAAO,YAAY,QAAQ,YAAY,KAAK,IAAI,UAAU,OAAO,iBAAiB;EAC/F,QAAQ;EACR,SAAS,EACL,gBAAgB,oBACnB;EACD,MAAM,KAAK,UAAU,eAAe;EACvC,CAAC;AACF,KAAI,CAAC,SAAS,GACV,OAAM,MAAM,mBAAmB,SAAS;AAE5C,QAAO,iCAAiC,MAAM,MAAM,SAAS,MAAM,CAAC;;;;;ACrrBxE,IAAa,WAAb,cAA8B,MAAM;CAChC,YAAY,MAAM,SAAS,OAAO;AAC9B,QAAM,cAAc,UAAU;AAC9B,OAAK,OAAO;AACZ,OAAK,QAAQ;;;;;;;AAOrB,IAAa,qBAAb,MAAgC;CAC5B,YAAY,KAAK,MAAM;AACnB,OAAK,OAAO;AACZ,OAAK,uBAAuB;AAC5B,OAAK,mBAAmB,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK;AACzE,OAAK,eAAe,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK;AACrE,OAAK,gBAAgB,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK;AACtE,OAAK,SAAS,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK;;CAEnE,MAAM,iBAAiB;EACnB,IAAI;AACJ,MAAI,CAAC,KAAK,cACN,OAAM,IAAI,kBAAkB,mBAAmB;EAEnD,IAAI;AACJ,MAAI;AACA,YAAS,MAAM,KAAK,KAAK,eAAe;IAAE,WAAW,KAAK;IAAM,qBAAqB,KAAK;IAAsB,SAAS,KAAK;IAAQ,CAAC;WAEpI,OAAO;AACV,IAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM,MAAM;AAC7E,SAAM;;AAEV,MAAI,WAAW,aACX,OAAM,IAAI,mBAAmB;AAEjC,SAAO,MAAM,KAAK,cAAc;;CAEpC,MAAM,iBAAiB;EACnB,IAAI;EACJ,MAAM,UAAU,EAAE;AAClB,MAAI,KAAK,eAAe;GACpB,MAAM,SAAS,MAAM,KAAK,cAAc,QAAQ;AAChD,OAAI,OACA,SAAQ,mBAAmB,UAAU,OAAO;;AAGpD,MAAI,KAAK,iBACL,SAAQ,0BAA0B,KAAK;AAE3C,SAAO,IAAI,QAAQ;GAAE,GAAG;GAAS,IAAI,KAAK,KAAK,kBAAkB,QAAQ,OAAO,KAAK,IAAI,KAAK,IAAI,GAAG;GAAS,CAAC;;CAEnH,eAAe;EACX,IAAI,IAAI,IAAI;EACZ,MAAM,aAAc,MAAM,MAAM,KAAK,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK,sBAAsB,QAAQ,OAAO,KAAK,IAAI,KAAK,IAAI,GAAG,WAAW,QAAQ,OAAO,KAAK,IAAI,KAAK,KAAK,YAAY,QAAQ,OAAO,KAAK,IAAI,KAAK;AACtO,SAAO,IAAI,SAAS,SAAS,WAAW;AACpC,QAAK,eAAe,IAAI,YAAY,KAAK,KAAK,MAAM;IAChD,GAAG,KAAK;IACR,OAAO,OAAO,KAAK,SAAS;KACxB,MAAM,UAAU,MAAM,KAAK,gBAAgB;AAC3C,aAAQ,IAAI,UAAU,oBAAoB;KAC1C,MAAM,WAAW,MAAM,UAAU,KAAK;MAClC,GAAG;MACH;MACH,CAAC;AACF,SAAI,SAAS,WAAW,OAAO,SAAS,QAAQ,IAAI,mBAAmB,CACnE,MAAK,uBAAuB,2BAA2B,SAAS;AAEpE,YAAO;;IAEd,CAAC;AACF,QAAK,mBAAmB,IAAI,iBAAiB;AAC7C,QAAK,aAAa,WAAW,UAAU;IACnC,IAAIC;AACJ,QAAI,MAAM,SAAS,OAAO,KAAK,eAAe;AAC1C,UAAK,gBAAgB,CAAC,KAAK,SAAS,OAAO;AAC3C;;IAEJ,MAAM,QAAQ,IAAI,SAAS,MAAM,MAAM,MAAM,SAAS,MAAM;AAC5D,WAAO,MAAM;AACb,KAAC,OAAK,KAAK,aAAa,QAAQA,SAAO,KAAK,KAAaA,KAAG,KAAK,MAAM,MAAM;;AAEjF,QAAK,aAAa,eAAe;AAGjC,QAAK,aAAa,iBAAiB,aAAa,UAAU;IACtD,IAAIA;IACJ,MAAM,eAAe;AACrB,QAAI;AACA,UAAK,YAAY,IAAI,IAAI,aAAa,MAAM,KAAK,KAAK;AACtD,SAAI,KAAK,UAAU,WAAW,KAAK,KAAK,OACpC,OAAM,IAAI,MAAM,qDAAqD,KAAK,UAAU,SAAS;aAG9F,OAAO;AACV,YAAO,MAAM;AACb,MAAC,OAAK,KAAK,aAAa,QAAQA,SAAO,KAAK,KAAaA,KAAG,KAAK,MAAM,MAAM;AAC7E,KAAK,KAAK,OAAO;AACjB;;AAEJ,aAAS;KACX;AACF,QAAK,aAAa,aAAa,UAAU;IACrC,IAAIA,MAAIC;IACR,MAAM,eAAe;IACrB,IAAI;AACJ,QAAI;AACA,eAAU,qBAAqB,MAAM,KAAK,MAAM,aAAa,KAAK,CAAC;aAEhE,OAAO;AACV,MAAC,OAAK,KAAK,aAAa,QAAQD,SAAO,KAAK,KAAaA,KAAG,KAAK,MAAM,MAAM;AAC7E;;AAEJ,KAAC,OAAK,KAAK,eAAe,QAAQC,SAAO,KAAK,KAAaA,KAAG,KAAK,MAAM,QAAQ;;IAEvF;;CAEN,MAAM,QAAQ;AACV,MAAI,KAAK,aACL,OAAM,IAAI,MAAM,8GAA8G;AAElI,SAAO,MAAM,KAAK,cAAc;;;;;CAKpC,MAAM,WAAW,mBAAmB;AAChC,MAAI,CAAC,KAAK,cACN,OAAM,IAAI,kBAAkB,mBAAmB;AAGnD,MADe,MAAM,KAAK,KAAK,eAAe;GAAE,WAAW,KAAK;GAAM;GAAmB,qBAAqB,KAAK;GAAsB,SAAS,KAAK;GAAQ,CAAC,KACjJ,aACX,OAAM,IAAI,kBAAkB,sBAAsB;;CAG1D,MAAM,QAAQ;EACV,IAAI,IAAI,IAAI;AACZ,GAAC,KAAK,KAAK,sBAAsB,QAAQ,OAAO,KAAK,KAAa,GAAG,OAAO;AAC5E,GAAC,KAAK,KAAK,kBAAkB,QAAQ,OAAO,KAAK,KAAa,GAAG,OAAO;AACxE,GAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,KAAK;;CAE1E,MAAM,KAAK,SAAS;EAChB,IAAI,IAAI,IAAI;AACZ,MAAI,CAAC,KAAK,UACN,OAAM,IAAI,MAAM,gBAAgB;AAEpC,MAAI;GACA,MAAM,UAAU,MAAM,KAAK,gBAAgB;AAC3C,WAAQ,IAAI,gBAAgB,mBAAmB;GAC/C,MAAM,OAAO;IACT,GAAG,KAAK;IACR,QAAQ;IACR;IACA,MAAM,KAAK,UAAU,QAAQ;IAC7B,SAAS,KAAK,KAAK,sBAAsB,QAAQ,OAAO,KAAK,IAAI,KAAK,IAAI,GAAG;IAChF;GACD,MAAM,WAAW,QAAQ,KAAK,KAAK,YAAY,QAAQ,OAAO,KAAK,IAAI,KAAK,OAAO,KAAK,WAAW,KAAK;AACxG,OAAI,CAAC,SAAS,IAAI;AACd,QAAI,SAAS,WAAW,OAAO,KAAK,eAAe;AAC/C,UAAK,uBAAuB,2BAA2B,SAAS;AAEhE,SADe,MAAM,KAAK,KAAK,eAAe;MAAE,WAAW,KAAK;MAAM,qBAAqB,KAAK;MAAsB,SAAS,KAAK;MAAQ,CAAC,KAC9H,aACX,OAAM,IAAI,mBAAmB;AAGjC,YAAO,KAAK,KAAK,QAAQ;;IAE7B,MAAM,OAAO,MAAM,SAAS,MAAM,CAAC,YAAY,KAAK;AACpD,UAAM,IAAI,MAAM,mCAAmC,SAAS,OAAO,KAAK,OAAO;;WAGhF,OAAO;AACV,IAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM,MAAM;AAC7E,SAAM;;;CAGd,mBAAmB,SAAS;AACxB,OAAK,mBAAmB;;;;;;AClLhC,IAAM,0BAAN,cAAsC,gBAAgB;CACpD,YAAY,EAAE,SAAS,SAAS,cAAc,EAAE,EAAE;EAChD,IAAI;AACJ,QAAM;GACJ,MAAM,YAAY;AAChB,aAAS,aAAa;KACpB,UAAU,UAAU;AAClB,iBAAW,QAAQ,MAAM;;KAE3B,QAAQ,OAAO;AACb,kBAAY,cAAc,WAAW,MAAM,MAAM,GAAG,OAAO,WAAW,cAAc,QAAQ,MAAM;;KAEpG;KACA;KACD,CAAC;;GAEJ,UAAU,OAAO;AACf,WAAO,KAAK,MAAM;;GAErB,CAAC;;;;;;ACjBN,MAAM,+CAA+C;CACjD,0BAA0B;CAC1B,sBAAsB;CACtB,6BAA6B;CAC7B,YAAY;CACf;AACD,IAAa,sBAAb,cAAyC,MAAM;CAC3C,YAAY,MAAM,SAAS;AACvB,QAAM,0BAA0B,UAAU;AAC1C,OAAK,OAAO;;;;;;;;AAQpB,IAAa,gCAAb,MAA2C;CACvC,YAAY,KAAK,MAAM;EACnB,IAAI;AACJ,OAAK,OAAO;AACZ,OAAK,uBAAuB;AAC5B,OAAK,eAAe,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK;AACrE,OAAK,gBAAgB,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK;AACtE,OAAK,SAAS,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK;AAC/D,OAAK,aAAa,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK;AACnE,OAAK,wBAAwB,KAAK,SAAS,QAAQ,SAAS,KAAK,IAAI,KAAK,IAAI,KAAK,yBAAyB,QAAQ,OAAO,KAAK,IAAI,KAAK;;CAE7I,MAAM,iBAAiB;EACnB,IAAI;AACJ,MAAI,CAAC,KAAK,cACN,OAAM,IAAI,kBAAkB,mBAAmB;EAEnD,IAAI;AACJ,MAAI;AACA,YAAS,MAAM,KAAK,KAAK,eAAe;IAAE,WAAW,KAAK;IAAM,qBAAqB,KAAK;IAAsB,SAAS,KAAK;IAAQ,CAAC;WAEpI,OAAO;AACV,IAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM,MAAM;AAC7E,SAAM;;AAEV,MAAI,WAAW,aACX,OAAM,IAAI,mBAAmB;AAEjC,SAAO,MAAM,KAAK,gBAAgB,EAAE,iBAAiB,QAAW,CAAC;;CAErE,MAAM,iBAAiB;EACnB,IAAI;EACJ,MAAM,UAAU,EAAE;AAClB,MAAI,KAAK,eAAe;GACpB,MAAM,SAAS,MAAM,KAAK,cAAc,QAAQ;AAChD,OAAI,OACA,SAAQ,mBAAmB,UAAU,OAAO;;AAGpD,MAAI,KAAK,WACL,SAAQ,oBAAoB,KAAK;AAErC,MAAI,KAAK,iBACL,SAAQ,0BAA0B,KAAK;EAE3C,MAAM,eAAe,KAAK,mBAAmB,KAAK,KAAK,kBAAkB,QAAQ,OAAO,KAAK,IAAI,KAAK,IAAI,GAAG,QAAQ;AACrH,SAAO,IAAI,QAAQ;GACf,GAAG;GACH,GAAG;GACN,CAAC;;CAEN,MAAM,gBAAgB,SAAS;EAC3B,IAAI,IAAI,IAAI;EACZ,MAAM,EAAE,oBAAoB;AAC5B,MAAI;GAGA,MAAM,UAAU,MAAM,KAAK,gBAAgB;AAC3C,WAAQ,IAAI,UAAU,oBAAoB;AAE1C,OAAI,gBACA,SAAQ,IAAI,iBAAiB,gBAAgB;GAEjD,MAAM,WAAW,QAAQ,KAAK,KAAK,YAAY,QAAQ,OAAO,KAAK,IAAI,KAAK,OAAO,KAAK,MAAM;IAC1F,QAAQ;IACR;IACA,SAAS,KAAK,KAAK,sBAAsB,QAAQ,OAAO,KAAK,IAAI,KAAK,IAAI,GAAG;IAChF,CAAC;AACF,OAAI,CAAC,SAAS,IAAI;AACd,QAAI,SAAS,WAAW,OAAO,KAAK,cAEhC,QAAO,MAAM,KAAK,gBAAgB;AAItC,QAAI,SAAS,WAAW,IACpB;AAEJ,UAAM,IAAI,oBAAoB,SAAS,QAAQ,8BAA8B,SAAS,aAAa;;AAEvG,QAAK,iBAAiB,SAAS,MAAM,SAAS,KAAK;WAEhD,OAAO;AACV,IAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM,MAAM;AAC7E,SAAM;;;;;;;;;CASd,0BAA0B,SAAS;EAE/B,MAAM,eAAe,KAAK,qBAAqB;EAC/C,MAAM,aAAa,KAAK,qBAAqB;EAC7C,MAAM,WAAW,KAAK,qBAAqB;AAE3C,SAAO,KAAK,IAAI,eAAe,KAAK,IAAI,YAAY,QAAQ,EAAE,SAAS;;CAE3E,kBAAkB,SAAS;AACvB,MAAI,CAAC,QACD,QAAO,EAAE;AACb,MAAI,mBAAmB,QACnB,QAAO,OAAO,YAAY,QAAQ,SAAS,CAAC;AAEhD,MAAI,MAAM,QAAQ,QAAQ,CACtB,QAAO,OAAO,YAAY,QAAQ;AAEtC,SAAO,EAAE,GAAG,SAAS;;;;;;;;CAQzB,sBAAsB,SAAS,eAAe,GAAG;EAC7C,IAAI;EAEJ,MAAM,aAAa,KAAK,qBAAqB;AAE7C,MAAI,aAAa,KAAK,gBAAgB,YAAY;AAC9C,IAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,sBAAM,IAAI,MAAM,kCAAkC,WAAW,aAAa,CAAC;AAC5I;;EAGJ,MAAM,QAAQ,KAAK,0BAA0B,aAAa;AAE1D,mBAAiB;AAEb,QAAK,gBAAgB,QAAQ,CAAC,OAAM,UAAS;IACzC,IAAIC;AACJ,KAAC,OAAK,KAAK,aAAa,QAAQA,SAAO,KAAK,KAAaA,KAAG,KAAK,sBAAM,IAAI,MAAM,mCAAmC,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM,GAAG,CAAC;AAE9K,SAAK,sBAAsB,SAAS,eAAe,EAAE;KACvD;KACH,MAAM;;CAEb,iBAAiB,QAAQ,SAAS,iBAAiB;AAC/C,MAAI,CAAC,OACD;EAEJ,MAAM,EAAE,mBAAmB,oBAAoB;EAC/C,IAAI;EACJ,MAAM,gBAAgB,YAAY;GAC9B,IAAI,IAAI,IAAI,IAAI;AAGhB,OAAI;IAEA,MAAM,SAAS,OACV,YAAY,IAAI,mBAAmB,CAAC,CACpC,YAAY,IAAI,yBAAyB,CAAC,CAC1C,WAAW;AAChB,WAAO,MAAM;KACT,MAAM,EAAE,OAAO,OAAO,SAAS,MAAM,OAAO,MAAM;AAClD,SAAI,KACA;AAGJ,SAAI,MAAM,IAAI;AACV,oBAAc,MAAM;AACpB,4BAAsB,QAAQ,sBAAsB,KAAK,KAAa,kBAAkB,MAAM,GAAG;;AAErG,SAAI,CAAC,MAAM,SAAS,MAAM,UAAU,UAChC,KAAI;MACA,MAAM,UAAU,qBAAqB,MAAM,KAAK,MAAM,MAAM,KAAK,CAAC;AAClE,UAAI,oBAAoB,UAAa,kBAAkB,QAAQ,CAC3D,SAAQ,KAAK;AAEjB,OAAC,KAAK,KAAK,eAAe,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM,QAAQ;cAE9E,OAAO;AACV,OAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM,MAAM;;;YAKtF,OAAO;AAEV,KAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,sBAAM,IAAI,MAAM,4BAA4B,QAAQ,CAAC;AAEtH,QAAI,mBACA,KAAK,oBACL,CAAC,KAAK,iBAAiB,OAAO,QAE9B,KAAI;AACA,UAAK,sBAAsB;MACvB,iBAAiB;MACjB;MACA;MACH,EAAE,EAAE;aAEFC,SAAO;AACV,MAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,sBAAM,IAAI,MAAM,wBAAwBA,mBAAiB,QAAQA,QAAM,UAAU,OAAOA,QAAM,GAAG,CAAC;;;;AAKnL,iBAAe;;CAEnB,MAAM,QAAQ;AACV,MAAI,KAAK,iBACL,OAAM,IAAI,MAAM,yHAAyH;AAE7I,OAAK,mBAAmB,IAAI,iBAAiB;;;;;CAKjD,MAAM,WAAW,mBAAmB;AAChC,MAAI,CAAC,KAAK,cACN,OAAM,IAAI,kBAAkB,mBAAmB;AAGnD,MADe,MAAM,KAAK,KAAK,eAAe;GAAE,WAAW,KAAK;GAAM;GAAmB,qBAAqB,KAAK;GAAsB,SAAS,KAAK;GAAQ,CAAC,KACjJ,aACX,OAAM,IAAI,kBAAkB,sBAAsB;;CAG1D,MAAM,QAAQ;EACV,IAAI,IAAI;AAER,GAAC,KAAK,KAAK,sBAAsB,QAAQ,OAAO,KAAK,KAAa,GAAG,OAAO;AAC5E,GAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,KAAK;;CAE1E,MAAM,KAAK,SAAS,SAAS;EACzB,IAAI,IAAI,IAAI,IAAI;AAChB,MAAI;GACA,MAAM,EAAE,iBAAiB,sBAAsB,WAAW,EAAE;AAC5D,OAAI,iBAAiB;AAEjB,SAAK,gBAAgB;KAAE;KAAiB,iBAAiB,iBAAiB,QAAQ,GAAG,QAAQ,KAAK;KAAW,CAAC,CAAC,OAAM,QAAO;KAAE,IAAID;AAAI,aAAQ,OAAK,KAAK,aAAa,QAAQA,SAAO,KAAK,IAAI,KAAK,IAAIA,KAAG,KAAK,MAAM,IAAI;MAAI;AAC5N;;GAEJ,MAAM,UAAU,MAAM,KAAK,gBAAgB;AAC3C,WAAQ,IAAI,gBAAgB,mBAAmB;AAC/C,WAAQ,IAAI,UAAU,sCAAsC;GAC5D,MAAM,OAAO;IACT,GAAG,KAAK;IACR,QAAQ;IACR;IACA,MAAM,KAAK,UAAU,QAAQ;IAC7B,SAAS,KAAK,KAAK,sBAAsB,QAAQ,OAAO,KAAK,IAAI,KAAK,IAAI,GAAG;IAChF;GACD,MAAM,WAAW,QAAQ,KAAK,KAAK,YAAY,QAAQ,OAAO,KAAK,IAAI,KAAK,OAAO,KAAK,MAAM,KAAK;GAEnG,MAAM,YAAY,SAAS,QAAQ,IAAI,iBAAiB;AACxD,OAAI,UACA,MAAK,aAAa;AAEtB,OAAI,CAAC,SAAS,IAAI;AACd,QAAI,SAAS,WAAW,OAAO,KAAK,eAAe;AAC/C,UAAK,uBAAuB,2BAA2B,SAAS;AAEhE,SADe,MAAM,KAAK,KAAK,eAAe;MAAE,WAAW,KAAK;MAAM,qBAAqB,KAAK;MAAsB,SAAS,KAAK;MAAQ,CAAC,KAC9H,aACX,OAAM,IAAI,mBAAmB;AAGjC,YAAO,KAAK,KAAK,QAAQ;;IAE7B,MAAM,OAAO,MAAM,SAAS,MAAM,CAAC,YAAY,KAAK;AACpD,UAAM,IAAI,MAAM,mCAAmC,SAAS,OAAO,KAAK,OAAO;;AAGnF,OAAI,SAAS,WAAW,KAAK;AAGzB,QAAI,0BAA0B,QAAQ,CAElC,MAAK,gBAAgB,EAAE,iBAAiB,QAAW,CAAC,CAAC,OAAM,QAAO;KAAE,IAAIA;AAAI,aAAQ,OAAK,KAAK,aAAa,QAAQA,SAAO,KAAK,IAAI,KAAK,IAAIA,KAAG,KAAK,MAAM,IAAI;MAAI;AAEtK;;GAIJ,MAAM,eADW,MAAM,QAAQ,QAAQ,GAAG,UAAU,CAAC,QAAQ,EAChC,QAAO,QAAO,YAAY,OAAO,QAAQ,OAAO,IAAI,OAAO,OAAU,CAAC,SAAS;GAE5G,MAAM,cAAc,SAAS,QAAQ,IAAI,eAAe;AACxD,OAAI,YACA,KAAI,gBAAgB,QAAQ,gBAAgB,KAAK,IAAI,KAAK,IAAI,YAAY,SAAS,oBAAoB,CAInG,MAAK,iBAAiB,SAAS,MAAM,EAAE,mBAAmB,EAAE,MAAM;YAE7D,gBAAgB,QAAQ,gBAAgB,KAAK,IAAI,KAAK,IAAI,YAAY,SAAS,mBAAmB,EAAE;IAEzG,MAAM,OAAO,MAAM,SAAS,MAAM;IAClC,MAAM,mBAAmB,MAAM,QAAQ,KAAK,GACtC,KAAK,KAAI,QAAO,qBAAqB,MAAM,IAAI,CAAC,GAChD,CAAC,qBAAqB,MAAM,KAAK,CAAC;AACxC,SAAK,MAAM,OAAO,iBACd,EAAC,KAAK,KAAK,eAAe,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM,IAAI;SAIjF,OAAM,IAAI,oBAAoB,IAAI,4BAA4B,cAAc;WAIjF,OAAO;AACV,IAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM,MAAM;AAC7E,SAAM;;;CAGd,IAAI,YAAY;AACZ,SAAO,KAAK;;;;;;;;;;;;;CAahB,MAAM,mBAAmB;EACrB,IAAI,IAAI,IAAI;AACZ,MAAI,CAAC,KAAK,WACN;AAEJ,MAAI;GACA,MAAM,UAAU,MAAM,KAAK,gBAAgB;GAC3C,MAAM,OAAO;IACT,GAAG,KAAK;IACR,QAAQ;IACR;IACA,SAAS,KAAK,KAAK,sBAAsB,QAAQ,OAAO,KAAK,IAAI,KAAK,IAAI,GAAG;IAChF;GACD,MAAM,WAAW,QAAQ,KAAK,KAAK,YAAY,QAAQ,OAAO,KAAK,IAAI,KAAK,OAAO,KAAK,MAAM,KAAK;AAGnG,OAAI,CAAC,SAAS,MAAM,SAAS,WAAW,IACpC,OAAM,IAAI,oBAAoB,SAAS,QAAQ,gCAAgC,SAAS,aAAa;AAEzG,QAAK,aAAa;WAEf,OAAO;AACV,IAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM,MAAM;AAC7E,SAAM;;;CAGd,mBAAmB,SAAS;AACxB,OAAK,mBAAmB;;CAE5B,IAAI,kBAAkB;AAClB,SAAO,KAAK;;;;;;;;;;;AC5WpB,IAAa,uBAAb,MAAkC;CAC9B,YAAY,SAAS,QAAQ,OAAO,UAAU,QAAQ,QAAQ;AAC1D,OAAK,SAAS;AACd,OAAK,UAAU;AACf,OAAK,cAAc,IAAI,YAAY;AACnC,OAAK,WAAW;AAEhB,OAAK,WAAW,UAAU;AACtB,QAAK,YAAY,OAAO,MAAM;AAC9B,QAAK,mBAAmB;;AAE5B,OAAK,YAAY,UAAU;GACvB,IAAI;AACJ,IAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM,MAAM;;;;;;CAMrF,MAAM,QAAQ;AACV,MAAI,KAAK,SACL,OAAM,IAAI,MAAM,gHAAgH;AAEpI,OAAK,WAAW;AAChB,OAAK,OAAO,GAAG,QAAQ,KAAK,QAAQ;AACpC,OAAK,OAAO,GAAG,SAAS,KAAK,SAAS;;CAE1C,oBAAoB;EAChB,IAAI,IAAI;AACR,SAAO,KACH,KAAI;GACA,MAAM,UAAU,KAAK,YAAY,aAAa;AAC9C,OAAI,YAAY,KACZ;AAEJ,IAAC,KAAK,KAAK,eAAe,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM,QAAQ;WAE9E,OAAO;AACV,IAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,MAAM,MAAM;;;CAIzF,MAAM,QAAQ;EACV,IAAI;AAEJ,OAAK,OAAO,IAAI,QAAQ,KAAK,QAAQ;AACrC,OAAK,OAAO,IAAI,SAAS,KAAK,SAAS;AAGvC,MAD+B,KAAK,OAAO,cAAc,OAAO,KACjC,EAG3B,MAAK,OAAO,OAAO;AAGvB,OAAK,YAAY,OAAO;AACxB,GAAC,KAAK,KAAK,aAAa,QAAQ,OAAO,KAAK,KAAa,GAAG,KAAK,KAAK;;CAE1E,KAAK,SAAS;AACV,SAAO,IAAI,SAAS,YAAY;GAC5B,MAAM,OAAO,iBAAiB,QAAQ;AACtC,OAAI,KAAK,QAAQ,MAAM,KAAK,CACxB,UAAS;OAGT,MAAK,QAAQ,KAAK,SAAS,QAAQ;IAEzC;;;;;;AChEV,IAAY,oDAAL;AACL;AACA;;;AAGF,MAAa,mBAAmB,OAAO,EACrC,iBACA,kBACA,YACA,mBAAmB,EAAE,EACrB,UASqB;CACrB,IAAIE;AACJ,SAAQ,YAAR;EACE,KAAK,WAAW;AACd,eAAY,IAAI,mBAAmB,IAAI,IAAI,IAAI,EAAE,iBAAiB;AAClE;EACF,QACE,aAAY,IAAI,8BACd,IAAI,IAAI,IAAI,EACZ,iBACD;;CAEL,MAAM,eAAe,mBACjB,MAAM,kBAAkB,GACxB,IAAI,OACF;EACE,MAAM;EACN,SAAS;EACV,EACD,EACE,cAAc,EAAE,EACjB,CACF;AAEL,OAAM,aAAa,QAAQ,UAAU;CAErC,MAAM,gBAAgB,aAAa,kBAAkB;CAKrD,MAAM,qBAAqB,aAAa,uBAAuB;CAI/D,MAAM,cAAc,kBAChB,MAAM,iBAAiB,GACvB,IAAI,OAAO,eAAe,EACxB,cAAc,oBACf,CAAC;CAEN,MAAM,iBAAiB,IAAI,sBAAsB;AAEjD,OAAM,YAAY,QAAQ,eAAe;AAEzC,OAAM,YAAY;EAChB,QAAQ;EACR,QAAQ;EACR;EACD,CAAC;AAEF,QAAO;;;;;ACtDT,MAAa,gBACX,WACA,iBACc;CACd,MAAM,gBAAgB,UAAU,MAAM,KAAK,UAAU;CACrD,MAAM,kBAAkB,UAAU,SAAS,KAAK,UAAU;CAC1D,MAAM,kBAAkB,UAAU,SAAS,KAAK,UAAU;CAC1D,MAAM,oBAAoB,UAAU,WAAW,KAAK,UAAU;CAC9D,MAAM,eAAe,UAAU,KAAK,KAAK,UAAU;CACnD,MAAM,gBAAgB,UAAU,MAAM,KAAK,UAAU;AAErD,WAAU,QAAQ,YAAY;AAC5B,eAAa,EACX,MAAM,SACP,CAAC;AAEF,SAAO,iBAAiB;;AAG1B,WAAU,UAAU,YAAY;AAC9B,eAAa,EACX,MAAM,WACP,CAAC;AAEF,SAAO,mBAAmB;;AAG5B,WAAU,UAAU,OAAO,UAAiB;AAC1C,eAAa;GACX;GACA,MAAM;GACP,CAAC;AAEF,SAAO,kBAAkB,MAAM;;AAGjC,WAAU,YAAY,OAAO,YAA4B;AACvD,eAAa;GACX;GACA,MAAM;GACP,CAAC;AAEF,SAAO,oBAAoB,QAAQ;;AAGrC,WAAU,OAAO,OAAO,YAA4B;AAClD,eAAa;GACX;GACA,MAAM;GACP,CAAC;AAEF,SAAO,eAAe,QAAQ;;AAGhC,WAAU,QAAQ,YAAY;AAC5B,eAAa,EACX,MAAM,SACP,CAAC;AAEF,SAAO,iBAAiB;;AAG1B,QAAO"}