oauth.do 0.1.14 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +231 -6
  3. package/bin/duckdb-auth +71 -0
  4. package/dist/cli.js +125 -276
  5. package/dist/cli.js.map +1 -1
  6. package/dist/hono.d.ts +137 -0
  7. package/dist/hono.js +198 -0
  8. package/dist/hono.js.map +1 -0
  9. package/dist/index.d.ts +6 -90
  10. package/dist/index.js +77 -24
  11. package/dist/index.js.map +1 -1
  12. package/dist/node.d.ts +2 -1
  13. package/dist/node.js +151 -101
  14. package/dist/node.js.map +1 -1
  15. package/dist/react.d.ts +200 -0
  16. package/dist/react.js +67 -0
  17. package/dist/react.js.map +1 -0
  18. package/dist/types-export.d.ts +90 -0
  19. package/dist/types-export.js +3 -0
  20. package/dist/types-export.js.map +1 -0
  21. package/package.json +79 -9
package/dist/node.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/storage.ts","../src/config.ts","../src/auth.ts","../src/device.ts","../src/github-device.ts","../src/index.ts","../src/login.ts"],"names":["getEnv","data","createSecureStorage","expiresAt","newData"],"mappings":";;;;;;;;;;;AAAA,IAAA,eAAA,GAAA,EAAA;AAAA,QAAA,CAAA,eAAA,EAAA;AAAA,EAAA,qBAAA,EAAA,MAAA,qBAAA;AAAA,EAAA,gBAAA,EAAA,MAAA,gBAAA;AAAA,EAAA,oBAAA,EAAA,MAAA,oBAAA;AAAA,EAAA,wBAAA,EAAA,MAAA,wBAAA;AAAA,EAAA,kBAAA,EAAA,MAAA,kBAAA;AAAA,EAAA,sBAAA,EAAA,MAAA,sBAAA;AAAA,EAAA,mBAAA,EAAA,MAAA;AAAA,CAAA,CAAA;AASA,SAAS,MAAA,GAAkB;AAC1B,EAAA,OAAO,OAAO,YAAY,WAAA,IACzB,OAAA,CAAQ,YAAY,IAAA,IACpB,OAAA,CAAQ,SAAS,IAAA,IAAQ,IAAA;AAC3B;AAKA,SAASA,QAAO,GAAA,EAAiC;AAChD,EAAA,IAAI,OAAO,OAAA,KAAY,WAAA,IAAe,OAAA,CAAQ,GAAA,GAAM,GAAG,CAAA,EAAG,OAAO,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA;AAChF,EAAA,OAAO,MAAA;AACR;AA4dO,SAAS,oBAAoB,WAAA,EAAoC;AAEvE,EAAA,IAAI,QAAO,EAAG;AACb,IAAA,OAAO,IAAI,uBAAuB,WAAW,CAAA;AAAA,EAC9C;AAGA,EAAA,IAAI,OAAO,iBAAiB,WAAA,EAAa;AACxC,IAAA,OAAO,IAAI,wBAAA,EAAyB;AAAA,EACrC;AAGA,EAAA,OAAO,IAAI,kBAAA,EAAmB;AAC/B;AA9fA,IAGM,kBACA,gBAAA,CAAA,CA2BO,oBAAA,CAAA,CAwHA,sBAAA,CAAA,CAiJA,gBAAA,CAAA,CAgEA,oBAmBA,wBAAA,CAAA,CA6BA;AAxZb,IAAA,YAAA,GAAA,KAAA,CAAA;AAAA,EAAA,gBAAA,GAAA;AAGA,IAAM,gBAAA,GAAmB,UAAA;AACzB,IAAM,gBAAA,GAAmB,cAAA;AA2BlB,IAAM,uBAAN,MAAmD;AAAA,MACjD,MAAA,GAAyC,IAAA;AAAA,MACzC,WAAA,GAAc,KAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAMtB,MAAc,SAAA,GAAqD;AAClE,QAAA,IAAI,KAAK,WAAA,EAAa;AACrB,UAAA,OAAO,IAAA,CAAK,MAAA;AAAA,QACb;AAEA,QAAA,IAAA,CAAK,WAAA,GAAc,IAAA;AAEnB,QAAA,IAAI;AAEH,UAAA,MAAM,QAAA,GAAW,MAAM,OAAO,QAAQ,CAAA;AAEtC,UAAA,MAAM,YAAA,GAAgB,SAAiB,OAAA,IAAW,QAAA;AAClD,UAAA,IAAA,CAAK,MAAA,GAAS,YAAA;AAGd,UAAA,IAAI,OAAO,IAAA,CAAK,MAAA,CAAO,WAAA,KAAgB,UAAA,EAAY;AAClD,YAAA,IAAIA,OAAAA,CAAO,OAAO,CAAA,EAAG;AACpB,cAAA,OAAA,CAAQ,KAAK,yDAAA,EAA2D,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,MAAM,CAAC,CAAA;AAAA,YACjG;AACA,YAAA,IAAA,CAAK,MAAA,GAAS,IAAA;AACd,YAAA,OAAO,IAAA;AAAA,UACR;AAEA,UAAA,OAAO,IAAA,CAAK,MAAA;AAAA,QACb,SAAS,KAAA,EAAO;AAGf,UAAA,IAAIA,OAAAA,CAAO,OAAO,CAAA,EAAG;AACpB,YAAA,OAAA,CAAQ,IAAA,CAAK,mCAAmC,KAAK,CAAA;AAAA,UACtD;AACA,UAAA,OAAO,IAAA;AAAA,QACR;AAAA,MACD;AAAA,MAEA,MAAM,QAAA,GAAmC;AACxC,QAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,SAAA,EAAU;AACpC,QAAA,IAAI,CAAC,MAAA,EAAQ;AACZ,UAAA,OAAO,IAAA;AAAA,QACR;AAEA,QAAA,IAAI;AACH,UAAA,MAAM,KAAA,GAAQ,MAAM,MAAA,CAAO,WAAA,CAAY,kBAAkB,gBAAgB,CAAA;AACzE,UAAA,OAAO,KAAA;AAAA,QACR,SAAS,KAAA,EAAO;AACf,UAAA,IAAIA,OAAAA,CAAO,OAAO,CAAA,EAAG;AACpB,YAAA,OAAA,CAAQ,IAAA,CAAK,sCAAsC,KAAK,CAAA;AAAA,UACzD;AACA,UAAA,OAAO,IAAA;AAAA,QACR;AAAA,MACD;AAAA,MAEA,MAAM,SAAS,KAAA,EAA8B;AAC5C,QAAA,IAAI;AACH,UAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,SAAA,EAAU;AACpC,UAAA,IAAI,CAAC,MAAA,EAAQ;AACZ,YAAA,MAAM,IAAI,MAAM,gCAAgC,CAAA;AAAA,UACjD;AAEA,UAAA,MAAM,MAAA,CAAO,WAAA,CAAY,gBAAA,EAAkB,gBAAA,EAAkB,KAAK,CAAA;AAAA,QACnE,SAAS,KAAA,EAAY;AAEpB,UAAA,IAAI,OAAO,IAAA,KAAS,kBAAA,IAAsB,OAAO,OAAA,EAAS,QAAA,CAAS,oBAAoB,CAAA,EAAG;AACzF,YAAA,MAAM,IAAI,MAAM,yDAAyD,CAAA;AAAA,UAC1E;AACA,UAAA,MAAM,IAAI,KAAA,CAAM,CAAA,kCAAA,EAAqC,KAAK,CAAA,CAAE,CAAA;AAAA,QAC7D;AAAA,MACD;AAAA,MAEA,MAAM,WAAA,GAA6B;AAClC,QAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,SAAA,EAAU;AACpC,QAAA,IAAI,CAAC,MAAA,EAAQ;AACZ,UAAA;AAAA,QACD;AAEA,QAAA,IAAI;AACH,UAAA,MAAM,MAAA,CAAO,cAAA,CAAe,gBAAA,EAAkB,gBAAgB,CAAA;AAAA,QAC/D,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACD;AAAA;AAAA;AAAA;AAAA,MAKA,MAAM,WAAA,GAAgC;AACrC,QAAA,IAAI;AACH,UAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,SAAA,EAAU;AACpC,UAAA,IAAI,CAAC,MAAA,EAAQ;AACZ,YAAA,OAAO,KAAA;AAAA,UACR;AAIA,UAAA,MAAM,MAAA,CAAO,WAAA,CAAY,gBAAA,EAAkB,UAAU,CAAA;AACrD,UAAA,OAAO,IAAA;AAAA,QACR,SAAS,KAAA,EAAO;AACf,UAAA,IAAIA,OAAAA,CAAO,OAAO,CAAA,EAAG;AACpB,YAAA,OAAA,CAAQ,IAAA,CAAK,2BAA2B,KAAK,CAAA;AAAA,UAC9C;AACA,UAAA,OAAO,KAAA;AAAA,QACR;AAAA,MACD;AAAA,KACD;AAUO,IAAM,yBAAN,MAAqD;AAAA,MACnD,SAAA,GAA2B,IAAA;AAAA,MAC3B,SAAA,GAA2B,IAAA;AAAA,MAC3B,WAAA,GAAc,KAAA;AAAA,MACd,UAAA;AAAA,MAER,YAAY,UAAA,EAAqB;AAChC,QAAA,IAAA,CAAK,UAAA,GAAa,UAAA;AAAA,MACnB;AAAA,MAEA,MAAc,IAAA,GAAyB;AACtC,QAAA,IAAI,IAAA,CAAK,WAAA,EAAa,OAAO,IAAA,CAAK,SAAA,KAAc,IAAA;AAChD,QAAA,IAAA,CAAK,WAAA,GAAc,IAAA;AAEnB,QAAA,IAAI,CAAC,MAAA,EAAO,EAAG,OAAO,KAAA;AAEtB,QAAA,IAAI;AACH,UAAA,MAAM,EAAA,GAAK,MAAM,OAAO,IAAI,CAAA;AAC5B,UAAA,MAAM,IAAA,GAAO,MAAM,OAAO,MAAM,CAAA;AAGhC,UAAA,IAAI,KAAK,UAAA,EAAY;AAEpB,YAAA,MAAM,eAAe,IAAA,CAAK,UAAA,CAAW,UAAA,CAAW,IAAI,IACjD,IAAA,CAAK,IAAA,CAAK,EAAA,CAAG,OAAA,IAAW,IAAA,CAAK,UAAA,CAAW,MAAM,CAAC,CAAC,IAChD,IAAA,CAAK,UAAA;AAER,YAAA,IAAA,CAAK,SAAA,GAAY,YAAA;AACjB,YAAA,IAAA,CAAK,SAAA,GAAY,IAAA,CAAK,OAAA,CAAQ,YAAY,CAAA;AAAA,UAC3C,CAAA,MAAO;AAEN,YAAA,IAAA,CAAK,YAAY,IAAA,CAAK,IAAA,CAAK,EAAA,CAAG,OAAA,IAAW,WAAW,CAAA;AACpD,YAAA,IAAA,CAAK,SAAA,GAAY,IAAA,CAAK,IAAA,CAAK,IAAA,CAAK,WAAW,OAAO,CAAA;AAAA,UACnD;AACA,UAAA,OAAO,IAAA;AAAA,QACR,CAAA,CAAA,MAAQ;AACP,UAAA,OAAO,KAAA;AAAA,QACR;AAAA,MACD;AAAA,MAEA,MAAM,QAAA,GAAmC;AAExC,QAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,YAAA,EAAa;AACrC,QAAA,IAAI,IAAA,EAAM;AACT,UAAA,OAAO,IAAA,CAAK,WAAA;AAAA,QACb;AAGA,QAAA,IAAI,CAAE,MAAM,IAAA,CAAK,IAAA,MAAW,CAAC,IAAA,CAAK,WAAW,OAAO,IAAA;AAEpD,QAAA,IAAI;AACH,UAAA,MAAM,EAAA,GAAK,MAAM,OAAO,aAAa,CAAA;AACrC,UAAA,MAAM,KAAA,GAAQ,MAAM,EAAA,CAAG,IAAA,CAAK,KAAK,SAAS,CAAA;AAC1C,UAAA,MAAM,IAAA,GAAO,MAAM,IAAA,GAAO,GAAA;AAE1B,UAAA,IAAI,IAAA,KAAS,GAAA,IAASA,OAAAA,CAAO,OAAO,CAAA,EAAG;AACtC,YAAA,OAAA,CAAQ,IAAA;AAAA,cACP,iDAAiD,IAAA,CAAK,QAAA,CAAS,CAAC,CAAC,CAAA,gCAAA,EAChC,KAAK,SAAS,CAAA;AAAA,aAChD;AAAA,UACD;AAEA,UAAA,MAAM,UAAU,MAAM,EAAA,CAAG,QAAA,CAAS,IAAA,CAAK,WAAW,OAAO,CAAA;AACzD,UAAA,MAAM,OAAA,GAAU,QAAQ,IAAA,EAAK;AAG7B,UAAA,IAAI,OAAA,CAAQ,UAAA,CAAW,GAAG,CAAA,EAAG;AAC5B,YAAA,MAAMC,KAAAA,GAAO,IAAA,CAAK,KAAA,CAAM,OAAO,CAAA;AAC/B,YAAA,OAAOA,KAAAA,CAAK,WAAA;AAAA,UACb;AAEA,UAAA,OAAO,OAAA;AAAA,QACR,CAAA,CAAA,MAAQ;AACP,UAAA,OAAO,IAAA;AAAA,QACR;AAAA,MACD;AAAA,MAEA,MAAM,SAAS,KAAA,EAA8B;AAE5C,QAAA,MAAM,KAAK,YAAA,CAAa,EAAE,aAAa,KAAA,CAAM,IAAA,IAAQ,CAAA;AAAA,MACtD;AAAA,MAEA,MAAM,YAAA,GAAgD;AACrD,QAAA,IAAI,CAAE,MAAM,IAAA,CAAK,IAAA,MAAW,CAAC,IAAA,CAAK,WAAW,OAAO,IAAA;AAEpD,QAAA,IAAI;AACH,UAAA,MAAM,EAAA,GAAK,MAAM,OAAO,aAAa,CAAA;AACrC,UAAA,MAAM,UAAU,MAAM,EAAA,CAAG,QAAA,CAAS,IAAA,CAAK,WAAW,OAAO,CAAA;AACzD,UAAA,MAAM,OAAA,GAAU,QAAQ,IAAA,EAAK;AAG7B,UAAA,IAAI,OAAA,CAAQ,UAAA,CAAW,GAAG,CAAA,EAAG;AAC5B,YAAA,OAAO,IAAA,CAAK,MAAM,OAAO,CAAA;AAAA,UAC1B;AAGA,UAAA,OAAO,EAAE,aAAa,OAAA,EAAQ;AAAA,QAC/B,CAAA,CAAA,MAAQ;AACP,UAAA,OAAO,IAAA;AAAA,QACR;AAAA,MACD;AAAA,MAEA,MAAM,aAAa,IAAA,EAAsC;AACxD,QAAA,IAAI,CAAE,MAAM,IAAA,CAAK,IAAA,EAAK,IAAM,CAAC,IAAA,CAAK,SAAA,IAAa,CAAC,IAAA,CAAK,SAAA,EAAW;AAC/D,UAAA,MAAM,IAAI,MAAM,4BAA4B,CAAA;AAAA,QAC7C;AAEA,QAAA,IAAI;AACH,UAAA,MAAM,EAAA,GAAK,MAAM,OAAO,aAAa,CAAA;AACrC,UAAA,MAAM,EAAA,CAAG,MAAM,IAAA,CAAK,SAAA,EAAW,EAAE,SAAA,EAAW,IAAA,EAAM,IAAA,EAAM,GAAA,EAAO,CAAA;AAC/D,UAAA,MAAM,EAAA,CAAG,SAAA,CAAU,IAAA,CAAK,SAAA,EAAW,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA,EAAG,EAAE,QAAA,EAAU,OAAA,EAAS,IAAA,EAAM,KAAO,CAAA;AAC3F,UAAA,MAAM,EAAA,CAAG,KAAA,CAAM,IAAA,CAAK,SAAA,EAAW,GAAK,CAAA;AAAA,QACrC,SAAS,KAAA,EAAO;AACf,UAAA,OAAA,CAAQ,KAAA,CAAM,8BAA8B,KAAK,CAAA;AACjD,UAAA,MAAM,KAAA;AAAA,QACP;AAAA,MACD;AAAA,MAEA,MAAM,WAAA,GAA6B;AAClC,QAAA,IAAI,CAAE,MAAM,IAAA,CAAK,MAAK,IAAM,CAAC,KAAK,SAAA,EAAW;AAE7C,QAAA,IAAI;AACH,UAAA,MAAM,EAAA,GAAK,MAAM,OAAO,aAAa,CAAA;AACrC,UAAA,MAAM,EAAA,CAAG,MAAA,CAAO,IAAA,CAAK,SAAS,CAAA;AAAA,QAC/B,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACD;AAAA;AAAA;AAAA;AAAA,MAKA,MAAM,cAAA,GAAkF;AACvF,QAAA,MAAM,KAAK,IAAA,EAAK;AAChB,QAAA,OAAO,EAAE,IAAA,EAAM,MAAA,EAAQ,QAAQ,IAAA,EAAM,IAAA,EAAM,KAAK,SAAA,EAAU;AAAA,MAC3D;AAAA,KACD;AASO,IAAM,mBAAN,MAA+C;AAAA,MAC7C,SAAA,GAA2B,IAAA;AAAA,MAC3B,SAAA,GAA2B,IAAA;AAAA,MAC3B,WAAA,GAAc,KAAA;AAAA,MAEtB,MAAc,IAAA,GAAyB;AACtC,QAAA,IAAI,IAAA,CAAK,WAAA,EAAa,OAAO,IAAA,CAAK,SAAA,KAAc,IAAA;AAChD,QAAA,IAAA,CAAK,WAAA,GAAc,IAAA;AAEnB,QAAA,IAAI,CAAC,MAAA,EAAO,EAAG,OAAO,KAAA;AAEtB,QAAA,IAAI;AACH,UAAA,MAAM,EAAA,GAAK,MAAM,OAAO,IAAI,CAAA;AAC5B,UAAA,MAAM,IAAA,GAAO,MAAM,OAAO,MAAM,CAAA;AAChC,UAAA,IAAA,CAAK,YAAY,IAAA,CAAK,IAAA,CAAK,EAAA,CAAG,OAAA,IAAW,WAAW,CAAA;AACpD,UAAA,IAAA,CAAK,SAAA,GAAY,IAAA,CAAK,IAAA,CAAK,IAAA,CAAK,WAAW,OAAO,CAAA;AAClD,UAAA,OAAO,IAAA;AAAA,QACR,CAAA,CAAA,MAAQ;AACP,UAAA,OAAO,KAAA;AAAA,QACR;AAAA,MACD;AAAA,MAEA,MAAM,QAAA,GAAmC;AACxC,QAAA,IAAI,CAAE,MAAM,IAAA,CAAK,IAAA,MAAW,CAAC,IAAA,CAAK,WAAW,OAAO,IAAA;AAEpD,QAAA,IAAI;AACH,UAAA,MAAM,EAAA,GAAK,MAAM,OAAO,aAAa,CAAA;AACrC,UAAA,MAAM,QAAQ,MAAM,EAAA,CAAG,QAAA,CAAS,IAAA,CAAK,WAAW,OAAO,CAAA;AACvD,UAAA,OAAO,MAAM,IAAA,EAAK;AAAA,QACnB,CAAA,CAAA,MAAQ;AACP,UAAA,OAAO,IAAA;AAAA,QACR;AAAA,MACD;AAAA,MAEA,MAAM,SAAS,KAAA,EAA8B;AAC5C,QAAA,IAAI,CAAE,MAAM,IAAA,CAAK,IAAA,EAAK,IAAM,CAAC,IAAA,CAAK,SAAA,IAAa,CAAC,IAAA,CAAK,SAAA,EAAW;AAC/D,UAAA,MAAM,IAAI,MAAM,4BAA4B,CAAA;AAAA,QAC7C;AAEA,QAAA,IAAI;AACH,UAAA,MAAM,EAAA,GAAK,MAAM,OAAO,aAAa,CAAA;AACrC,UAAA,MAAM,GAAG,KAAA,CAAM,IAAA,CAAK,WAAW,EAAE,SAAA,EAAW,MAAM,CAAA;AAClD,UAAA,MAAM,EAAA,CAAG,SAAA,CAAU,IAAA,CAAK,SAAA,EAAW,OAAO,OAAO,CAAA;AAAA,QAClD,SAAS,KAAA,EAAO;AACf,UAAA,OAAA,CAAQ,KAAA,CAAM,yBAAyB,KAAK,CAAA;AAC5C,UAAA,MAAM,KAAA;AAAA,QACP;AAAA,MACD;AAAA,MAEA,MAAM,WAAA,GAA6B;AAClC,QAAA,IAAI,CAAE,MAAM,IAAA,CAAK,MAAK,IAAM,CAAC,KAAK,SAAA,EAAW;AAE7C,QAAA,IAAI;AACH,UAAA,MAAM,EAAA,GAAK,MAAM,OAAO,aAAa,CAAA;AACrC,UAAA,MAAM,EAAA,CAAG,MAAA,CAAO,IAAA,CAAK,SAAS,CAAA;AAAA,QAC/B,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACD;AAAA,KACD;AAKO,IAAM,qBAAN,MAAiD;AAAA,MAC/C,KAAA,GAAuB,IAAA;AAAA,MAE/B,MAAM,QAAA,GAAmC;AACxC,QAAA,OAAO,IAAA,CAAK,KAAA;AAAA,MACb;AAAA,MAEA,MAAM,SAAS,KAAA,EAA8B;AAC5C,QAAA,IAAA,CAAK,KAAA,GAAQ,KAAA;AAAA,MACd;AAAA,MAEA,MAAM,WAAA,GAA6B;AAClC,QAAA,IAAA,CAAK,KAAA,GAAQ,IAAA;AAAA,MACd;AAAA,KACD;AAKO,IAAM,2BAAN,MAAuD;AAAA,MACrD,GAAA,GAAM,gBAAA;AAAA,MAEd,MAAM,QAAA,GAAmC;AACxC,QAAA,IAAI,OAAO,iBAAiB,WAAA,EAAa;AACxC,UAAA,OAAO,IAAA;AAAA,QACR;AACA,QAAA,OAAO,YAAA,CAAa,OAAA,CAAQ,IAAA,CAAK,GAAG,CAAA;AAAA,MACrC;AAAA,MAEA,MAAM,SAAS,KAAA,EAA8B;AAC5C,QAAA,IAAI,OAAO,iBAAiB,WAAA,EAAa;AACxC,UAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,QAChD;AACA,QAAA,YAAA,CAAa,OAAA,CAAQ,IAAA,CAAK,GAAA,EAAK,KAAK,CAAA;AAAA,MACrC;AAAA,MAEA,MAAM,WAAA,GAA6B;AAClC,QAAA,IAAI,OAAO,iBAAiB,WAAA,EAAa;AACxC,UAAA;AAAA,QACD;AACA,QAAA,YAAA,CAAa,UAAA,CAAW,KAAK,GAAG,CAAA;AAAA,MACjC;AAAA,KACD;AAMO,IAAM,wBAAN,MAAoD;AAAA,MAClD,eAAA;AAAA,MACA,WAAA;AAAA,MACA,gBAAA,GAAwC,IAAA;AAAA,MAEhD,WAAA,GAAc;AACb,QAAA,IAAA,CAAK,eAAA,GAAkB,IAAI,oBAAA,EAAqB;AAChD,QAAA,IAAA,CAAK,WAAA,GAAc,IAAI,sBAAA,EAAuB;AAAA,MAC/C;AAAA;AAAA;AAAA;AAAA,MAKA,MAAc,mBAAA,GAA6C;AAC1D,QAAA,IAAI,KAAK,gBAAA,EAAkB;AAC1B,UAAA,OAAO,IAAA,CAAK,gBAAA;AAAA,QACb;AAGA,QAAA,IAAI,MAAM,IAAA,CAAK,eAAA,CAAgB,WAAA,EAAY,EAAG;AAC7C,UAAA,IAAA,CAAK,mBAAmB,IAAA,CAAK,eAAA;AAC7B,UAAA,OAAO,IAAA,CAAK,gBAAA;AAAA,QACb;AAGA,QAAA,IAAA,CAAK,mBAAmB,IAAA,CAAK,WAAA;AAC7B,QAAA,OAAO,IAAA,CAAK,gBAAA;AAAA,MACb;AAAA,MAEA,MAAM,QAAA,GAAmC;AAExC,QAAA,MAAM,aAAA,GAAgB,MAAM,IAAA,CAAK,eAAA,CAAgB,QAAA,EAAS;AAC1D,QAAA,IAAI,aAAA,EAAe;AAClB,UAAA,OAAO,aAAA;AAAA,QACR;AAGA,QAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,WAAA,CAAY,QAAA,EAAS;AAClD,QAAA,IAAI,SAAA,EAAW;AAEd,UAAA,IAAI,MAAM,IAAA,CAAK,eAAA,CAAgB,WAAA,EAAY,EAAG;AAC7C,YAAA,IAAI;AACH,cAAA,MAAM,IAAA,CAAK,eAAA,CAAgB,QAAA,CAAS,SAAS,CAAA;AAC7C,cAAA,MAAM,IAAA,CAAK,YAAY,WAAA,EAAY;AACnC,cAAA,IAAID,OAAAA,CAAO,OAAO,CAAA,EAAG;AACpB,gBAAA,OAAA,CAAQ,IAAI,sCAAsC,CAAA;AAAA,cACnD;AAAA,YACD,CAAA,CAAA,MAAQ;AAAA,YAER;AAAA,UACD;AACA,UAAA,OAAO,SAAA;AAAA,QACR;AAEA,QAAA,OAAO,IAAA;AAAA,MACR;AAAA,MAEA,MAAM,SAAS,KAAA,EAA8B;AAC5C,QAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,mBAAA,EAAoB;AAC/C,QAAA,MAAM,OAAA,CAAQ,SAAS,KAAK,CAAA;AAAA,MAC7B;AAAA,MAEA,MAAM,WAAA,GAA6B;AAElC,QAAA,MAAM,OAAA,CAAQ,GAAA,CAAI,CAAC,IAAA,CAAK,eAAA,CAAgB,WAAA,EAAY,EAAG,IAAA,CAAK,WAAA,CAAY,WAAA,EAAa,CAAC,CAAA;AAAA,MACvF;AAAA;AAAA;AAAA;AAAA,MAKA,MAAM,cAAA,GAA0E;AAC/E,QAAA,IAAI,MAAM,IAAA,CAAK,eAAA,CAAgB,WAAA,EAAY,EAAG;AAC7C,UAAA,OAAO,EAAE,IAAA,EAAM,UAAA,EAAY,MAAA,EAAQ,IAAA,EAAK;AAAA,QACzC;AACA,QAAA,OAAO,EAAE,IAAA,EAAM,MAAA,EAAQ,MAAA,EAAQ,IAAA,EAAK;AAAA,MACrC;AAAA,KACD;AAAA,EAAA;AAAA,CAAA,CAAA;;;AC/dA,SAAS,OAAO,GAAA,EAAiC;AAEhD,EAAA,IAAK,UAAA,CAAmB,GAAG,CAAA,EAAG,OAAQ,WAAmB,GAAG,CAAA;AAE5D,EAAA,IAAI,OAAO,OAAA,KAAY,WAAA,IAAe,OAAA,CAAQ,GAAA,GAAM,GAAG,CAAA,EAAG,OAAO,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA;AAChF,EAAA,OAAO,MAAA;AACR;AAMA,IAAI,YAAA,GAA8F;AAAA,EACjG,QAAQ,MAAA,CAAO,eAAe,CAAA,IAAK,MAAA,CAAO,SAAS,CAAA,IAAK,iBAAA;AAAA,EACxD,QAAA,EAAU,MAAA,CAAO,iBAAiB,CAAA,IAAK,mCAAA;AAAA,EACvC,aAAA,EAAe,MAAA,CAAO,sBAAsB,CAAA,IAAK,gBAAA;AAAA,EACjD,OAAO,UAAA,CAAW,KAAA;AAAA,EAClB,WAAA,EAAa,OAAO,oBAAoB;AACzC,CAAA;AAKO,SAAS,UAAU,MAAA,EAA2B;AACpD,EAAA,YAAA,GAAe;AAAA,IACd,GAAG,YAAA;AAAA,IACH,GAAG;AAAA,GACJ;AACD;AAKO,SAAS,SAAA,GAA2F;AAC1G,EAAA,OAAO,YAAA;AACR;;;AChCA,eAAe,cAAc,KAAA,EAAwC;AACpE,EAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AACnB,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,OAAO,KAAA;AACtC,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,OAAQ,KAAA,CAAc,QAAQ,UAAA,EAAY;AAC1E,IAAA,OAAO,MAAO,MAAc,GAAA,EAAI;AAAA,EACjC;AACA,EAAA,OAAO,IAAA;AACR;AAKA,SAASA,QAAO,GAAA,EAAiC;AAEhD,EAAA,IAAK,UAAA,CAAmB,GAAG,CAAA,EAAG,OAAQ,WAAmB,GAAG,CAAA;AAE5D,EAAA,IAAI,OAAO,OAAA,KAAY,WAAA,IAAe,OAAA,CAAQ,GAAA,GAAM,GAAG,CAAA,EAAG,OAAO,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA;AAChF,EAAA,OAAO,MAAA;AACR;AASA,eAAsB,QAAQ,KAAA,EAAqC;AAClE,EAAA,MAAM,SAAS,SAAA,EAAU;AACzB,EAAA,MAAM,SAAA,GAAY,KAAA,IAASA,OAAAA,CAAO,UAAU,CAAA,IAAK,EAAA;AAEjD,EAAA,IAAI,CAAC,SAAA,EAAW;AACf,IAAA,OAAO,EAAE,MAAM,IAAA,EAAK;AAAA,EACrB;AAEA,EAAA,IAAI;AACH,IAAA,MAAM,WAAW,MAAM,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,GAAA,CAAA,EAAO;AAAA,MAC1D,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACR,eAAA,EAAiB,UAAU,SAAS,CAAA,CAAA;AAAA,QACpC,cAAA,EAAgB;AAAA;AACjB,KACA,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACjB,MAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC5B,QAAA,OAAO,EAAE,MAAM,IAAA,EAAK;AAAA,MACrB;AACA,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,uBAAA,EAA0B,QAAA,CAAS,UAAU,CAAA,CAAE,CAAA;AAAA,IAChE;AAEA,IAAA,MAAM,IAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK;AAClC,IAAA,OAAO,EAAE,IAAA,EAAM,KAAA,EAAO,SAAA,EAAU;AAAA,EACjC,SAAS,KAAA,EAAO;AACf,IAAA,OAAA,CAAQ,KAAA,CAAM,eAAe,KAAK,CAAA;AAClC,IAAA,OAAO,EAAE,MAAM,IAAA,EAAK;AAAA,EACrB;AACD;AASA,eAAsB,MAAM,WAAA,EAIJ;AACvB,EAAA,MAAM,SAAS,SAAA,EAAU;AAEzB,EAAA,IAAI;AACH,IAAA,MAAM,WAAW,MAAM,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,MAAA,CAAA,EAAU;AAAA,MAC7D,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACR,cAAA,EAAgB;AAAA,OACjB;AAAA,MACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,WAAW;AAAA,KAChC,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACjB,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,cAAA,EAAiB,QAAA,CAAS,UAAU,CAAA,CAAE,CAAA;AAAA,IACvD;AAEA,IAAA,MAAM,IAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK;AAClC,IAAA,OAAO,EAAE,IAAA,EAAM,IAAA,CAAK,IAAA,EAAM,KAAA,EAAO,KAAK,KAAA,EAAM;AAAA,EAC7C,SAAS,KAAA,EAAO;AACf,IAAA,OAAA,CAAQ,KAAA,CAAM,gBAAgB,KAAK,CAAA;AACnC,IAAA,MAAM,KAAA;AAAA,EACP;AACD;AAQA,eAAsB,OAAO,KAAA,EAA+B;AAC3D,EAAA,MAAM,SAAS,SAAA,EAAU;AACzB,EAAA,MAAM,SAAA,GAAY,KAAA,IAASA,OAAAA,CAAO,UAAU,CAAA,IAAK,EAAA;AAEjD,EAAA,IAAI,CAAC,SAAA,EAAW;AACf,IAAA;AAAA,EACD;AAEA,EAAA,IAAI;AACH,IAAA,MAAM,WAAW,MAAM,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,OAAA,CAAA,EAAW;AAAA,MAC9D,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACR,eAAA,EAAiB,UAAU,SAAS,CAAA,CAAA;AAAA,QACpC,cAAA,EAAgB;AAAA;AACjB,KACA,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACjB,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,gBAAA,EAAmB,QAAA,CAAS,UAAU,CAAA,CAAE,CAAA;AAAA,IACtD;AAAA,EACD,SAAS,KAAA,EAAO;AACf,IAAA,OAAA,CAAQ,KAAA,CAAM,iBAAiB,KAAK,CAAA;AAAA,EACrC;AACD;AAaA,eAAsB,QAAA,GAAmC;AAExD,EAAA,MAAM,UAAA,GAAaA,QAAO,gBAAgB,CAAA;AAC1C,EAAA,IAAI,YAAY,OAAO,UAAA;AACvB,EAAA,MAAM,OAAA,GAAUA,QAAO,UAAU,CAAA;AACjC,EAAA,IAAI,SAAS,OAAO,OAAA;AAIpB,EAAA,IAAI;AAEH,IAAA,MAAM,EAAE,GAAA,EAAI,GAAI,MAAM,OAAO,oBAAoB,CAAA;AAEjD,IAAA,MAAM,YAAA,GAAe,MAAM,aAAA,CAAe,GAAA,CAAY,cAAc,CAAA;AACpE,IAAA,IAAI,cAAc,OAAO,YAAA;AAEzB,IAAA,MAAM,OAAA,GAAU,MAAM,aAAA,CAAe,GAAA,CAAY,QAAQ,CAAA;AACzD,IAAA,IAAI,SAAS,OAAO,OAAA;AAAA,EACrB,CAAA,CAAA,MAAQ;AAAA,EAER;AAGA,EAAA,IAAI;AACH,IAAA,MAAM,EAAE,mBAAA,EAAAE,oBAAAA,EAAoB,GAAI,MAAM,OAAA,CAAA,OAAA,EAAA,CAAA,IAAA,CAAA,OAAA,YAAA,EAAA,EAAA,eAAA,CAAA,CAAA;AACtC,IAAA,MAAM,SAAS,SAAA,EAAU;AACzB,IAAA,MAAM,OAAA,GAAUA,oBAAAA,CAAoB,MAAA,CAAO,WAAW,CAAA;AACtD,IAAA,OAAO,MAAM,QAAQ,QAAA,EAAS;AAAA,EAC/B,CAAA,CAAA,MAAQ;AAEP,IAAA,OAAO,IAAA;AAAA,EACR;AACD;AAKA,eAAsB,gBAAgB,KAAA,EAAkC;AACvE,EAAA,MAAM,MAAA,GAAS,MAAM,OAAA,CAAQ,KAAK,CAAA;AAClC,EAAA,OAAO,OAAO,IAAA,KAAS,IAAA;AACxB;AAgBO,SAAS,IAAA,GAAqB;AACpC,EAAA,OAAO,QAAA;AACR;AAQA,eAAsB,mBAAmB,YAAA,EAA8C;AACtF,EAAA,MAAM,SAAS,SAAA,EAAU;AAEzB,EAAA,IAAI,CAAC,OAAO,QAAA,EAAU;AACrB,IAAA,MAAM,IAAI,MAAM,yCAAyC,CAAA;AAAA,EAC1D;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,MAAA,CAAO,KAAA,CAAM,mDAAA,EAAqD;AAAA,IACxF,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACR,cAAA,EAAgB;AAAA,KACjB;AAAA,IACA,IAAA,EAAM,IAAI,eAAA,CAAgB;AAAA,MACzB,UAAA,EAAY,eAAA;AAAA,MACZ,aAAA,EAAe,YAAA;AAAA,MACf,WAAW,MAAA,CAAO;AAAA,KAClB,EAAE,QAAA;AAAS,GACZ,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACjB,IAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,sBAAA,EAAyB,SAAS,MAAM,CAAA,GAAA,EAAM,SAAS,CAAA,CAAE,CAAA;AAAA,EAC1E;AAEA,EAAA,OAAQ,MAAM,SAAS,IAAA,EAAK;AAC7B;AAiDO,SAAS,aAAa,OAAA,EAOlB;AACV,EAAA,MAAM,SAAS,SAAA,EAAU;AACzB,EAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,QAAA,IAAY,MAAA,CAAO,QAAA;AAC5C,EAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,UAAA,IAAc,MAAA,CAAO,aAAA;AAEhD,EAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB;AAAA,IAClC,SAAA,EAAW,QAAA;AAAA,IACX,cAAc,OAAA,CAAQ,WAAA;AAAA,IACtB,aAAA,EAAe,QAAQ,YAAA,IAAgB,MAAA;AAAA,IACvC,KAAA,EAAO,QAAQ,KAAA,IAAS;AAAA,GACxB,CAAA;AAED,EAAA,IAAI,QAAQ,KAAA,EAAO;AAClB,IAAA,MAAA,CAAO,GAAA,CAAI,OAAA,EAAS,OAAA,CAAQ,KAAK,CAAA;AAAA,EAClC;AAEA,EAAA,OAAO,CAAA,QAAA,EAAW,UAAU,CAAA,WAAA,EAAc,MAAA,CAAO,UAAU,CAAA,CAAA;AAC5D;;;AC/RA,eAAsB,eAAA,CAAgB,OAAA,GAA6B,EAAC,EAAyC;AAC5G,EAAA,MAAM,SAAS,SAAA,EAAU;AAEzB,EAAA,IAAI,CAAC,OAAO,QAAA,EAAU;AACrB,IAAA,MAAM,IAAI,MAAM,uGAAuG,CAAA;AAAA,EACxH;AAEA,EAAA,IAAI;AACH,IAAA,MAAM,GAAA,GAAM,uDAAA;AACZ,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,MAChC,WAAW,MAAA,CAAO,QAAA;AAAA,MAClB,KAAA,EAAO;AAAA,KACP,CAAA;AAGD,IAAA,IAAI,QAAQ,QAAA,EAAU;AACrB,MAAA,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,OAAA,CAAQ,QAAQ,CAAA;AAAA,IACtC;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,MAAA,CAAO,KAAA,CAAM,GAAA,EAAK;AAAA,MACxC,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACR,cAAA,EAAgB;AAAA,OACjB;AAAA,MACA,IAAA,EAAM,KAAK,QAAA;AAAS,KACpB,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACjB,MAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,6BAAA,EAAgC,SAAS,UAAU,CAAA,GAAA,EAAM,SAAS,CAAA,CAAE,CAAA;AAAA,IACrF;AAEA,IAAA,MAAM,IAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK;AAClC,IAAA,OAAO,IAAA;AAAA,EACR,SAAS,KAAA,EAAO;AACf,IAAA,OAAA,CAAQ,KAAA,CAAM,+BAA+B,KAAK,CAAA;AAClD,IAAA,MAAM,KAAA;AAAA,EACP;AACD;AAUA,eAAsB,aAAA,CACrB,UAAA,EACA,QAAA,GAAmB,CAAA,EACnB,YAAoB,GAAA,EACK;AACzB,EAAA,MAAM,SAAS,SAAA,EAAU;AAEzB,EAAA,IAAI,CAAC,OAAO,QAAA,EAAU;AACrB,IAAA,MAAM,IAAI,MAAM,yCAAyC,CAAA;AAAA,EAC1D;AAEA,EAAA,MAAM,SAAA,GAAY,KAAK,GAAA,EAAI;AAC3B,EAAA,MAAM,UAAU,SAAA,GAAY,GAAA;AAC5B,EAAA,IAAI,kBAAkB,QAAA,GAAW,GAAA;AAEjC,EAAA,OAAO,IAAA,EAAM;AAEZ,IAAA,IAAI,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA,GAAY,OAAA,EAAS;AACrC,MAAA,MAAM,IAAI,MAAM,iDAAiD,CAAA;AAAA,IAClE;AAGA,IAAA,MAAM,IAAI,OAAA,CAAQ,CAAC,YAAY,UAAA,CAAW,OAAA,EAAS,eAAe,CAAC,CAAA;AAEnE,IAAA,IAAI;AACH,MAAA,MAAM,QAAA,GAAW,MAAM,MAAA,CAAO,KAAA,CAAM,mDAAA,EAAqD;AAAA,QACxF,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACR,cAAA,EAAgB;AAAA,SACjB;AAAA,QACA,IAAA,EAAM,IAAI,eAAA,CAAgB;AAAA,UACzB,UAAA,EAAY,8CAAA;AAAA,UACZ,WAAA,EAAa,UAAA;AAAA,UACb,WAAW,MAAA,CAAO;AAAA,SAClB,EAAE,QAAA;AAAS,OACZ,CAAA;AAED,MAAA,IAAI,SAAS,EAAA,EAAI;AAChB,QAAA,MAAM,IAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK;AAClC,QAAA,OAAO,IAAA;AAAA,MACR;AAGA,MAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,EAAK,CAAE,MAAM,OAAO,EAAE,KAAA,EAAO,SAAA,EAAU,CAAE,CAAA;AAC3E,MAAA,MAAM,KAAA,GAAS,UAAU,KAAA,IAAS,SAAA;AAElC,MAAA,QAAQ,KAAA;AAAO,QACd,KAAK,uBAAA;AAEJ,UAAA;AAAA,QAED,KAAK,WAAA;AAEJ,UAAA,eAAA,IAAmB,GAAA;AACnB,UAAA;AAAA,QAED,KAAK,eAAA;AACJ,UAAA,MAAM,IAAI,MAAM,uBAAuB,CAAA;AAAA,QAExC,KAAK,eAAA;AACJ,UAAA,MAAM,IAAI,MAAM,qBAAqB,CAAA;AAAA,QAEtC;AACC,UAAA,MAAM,IAAI,KAAA,CAAM,CAAA,sBAAA,EAAyB,KAAK,CAAA,CAAE,CAAA;AAAA;AAClD,IACD,SAAS,KAAA,EAAO;AAEf,MAAA,IAAI,iBAAiB,KAAA,EAAO;AAC3B,QAAA,MAAM,KAAA;AAAA,MACP;AAEA,MAAA;AAAA,IACD;AAAA,EACD;AACD;;;ACpEA,eAAsB,sBACrB,OAAA,EACoC;AACpC,EAAA,MAAM,EAAE,QAAA,EAAU,KAAA,GAAQ,sBAAA,EAAuB,GAAI,OAAA;AACrD,EAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,KAAA,IAAS,UAAA,CAAW,KAAA;AAE9C,EAAA,IAAI,CAAC,QAAA,EAAU;AACd,IAAA,MAAM,IAAI,MAAM,uDAAuD,CAAA;AAAA,EACxE;AAEA,EAAA,IAAI;AACH,IAAA,MAAM,GAAA,GAAM,sCAAA;AACZ,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,MAChC,SAAA,EAAW,QAAA;AAAA,MACX;AAAA,KACA,CAAA;AAED,IAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,GAAA,EAAK;AAAA,MACrC,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACR,cAAA,EAAgB,mCAAA;AAAA,QAChB,QAAA,EAAU;AAAA,OACX;AAAA,MACA;AAAA,KACA,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACjB,MAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,oCAAA,EAAuC,SAAS,UAAU,CAAA,GAAA,EAAM,SAAS,CAAA,CAAE,CAAA;AAAA,IAC5F;AAEA,IAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AAQjC,IAAA,OAAO;AAAA,MACN,YAAY,IAAA,CAAK,WAAA;AAAA,MACjB,UAAU,IAAA,CAAK,SAAA;AAAA,MACf,iBAAiB,IAAA,CAAK,gBAAA;AAAA,MACtB,WAAW,IAAA,CAAK,UAAA;AAAA,MAChB,UAAU,IAAA,CAAK;AAAA,KAChB;AAAA,EACD,SAAS,KAAA,EAAO;AACf,IAAA,OAAA,CAAQ,KAAA,CAAM,sCAAsC,KAAK,CAAA;AACzD,IAAA,MAAM,KAAA;AAAA,EACP;AACD;AAwBA,eAAsB,oBAAA,CACrB,YACA,OAAA,EAC+B;AAC/B,EAAA,MAAM,EAAE,QAAA,EAAU,QAAA,GAAW,CAAA,EAAG,SAAA,GAAY,KAAI,GAAI,OAAA;AACpD,EAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,KAAA,IAAS,UAAA,CAAW,KAAA;AAE9C,EAAA,IAAI,CAAC,QAAA,EAAU;AACd,IAAA,MAAM,IAAI,MAAM,gDAAgD,CAAA;AAAA,EACjE;AAEA,EAAA,MAAM,SAAA,GAAY,KAAK,GAAA,EAAI;AAC3B,EAAA,MAAM,UAAU,SAAA,GAAY,GAAA;AAC5B,EAAA,IAAI,kBAAkB,QAAA,GAAW,GAAA;AAEjC,EAAA,OAAO,IAAA,EAAM;AAEZ,IAAA,IAAI,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA,GAAY,OAAA,EAAS;AACrC,MAAA,MAAM,IAAI,MAAM,wDAAwD,CAAA;AAAA,IACzE;AAGA,IAAA,MAAM,IAAI,OAAA,CAAQ,CAAC,YAAY,UAAA,CAAW,OAAA,EAAS,eAAe,CAAC,CAAA;AAEnE,IAAA,IAAI;AACH,MAAA,MAAM,GAAA,GAAM,6CAAA;AACZ,MAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,QAChC,SAAA,EAAW,QAAA;AAAA,QACX,WAAA,EAAa,UAAA;AAAA,QACb,UAAA,EAAY;AAAA,OACZ,CAAA;AAED,MAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,GAAA,EAAK;AAAA,QACrC,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACR,cAAA,EAAgB,mCAAA;AAAA,UAChB,QAAA,EAAU;AAAA,SACX;AAAA,QACA;AAAA,OACA,CAAA;AAED,MAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AAKjC,MAAA,IAAI,kBAAkB,IAAA,EAAM;AAC3B,QAAA,OAAO;AAAA,UACN,aAAa,IAAA,CAAK,YAAA;AAAA,UAClB,WAAW,IAAA,CAAK,UAAA;AAAA,UAChB,OAAO,IAAA,CAAK;AAAA,SACb;AAAA,MACD;AAGA,MAAA,MAAM,KAAA,GAAS,KAAK,KAAA,IAAS,SAAA;AAE7B,MAAA,QAAQ,KAAA;AAAO,QACd,KAAK,uBAAA;AAEJ,UAAA;AAAA,QAED,KAAK,WAAA;AAEJ,UAAA,eAAA,IAAmB,GAAA;AACnB,UAAA;AAAA,QAED,KAAK,eAAA;AACJ,UAAA,MAAM,IAAI,MAAM,uBAAuB,CAAA;AAAA,QAExC,KAAK,eAAA;AACJ,UAAA,MAAM,IAAI,MAAM,qBAAqB,CAAA;AAAA,QAEtC;AACC,UAAA,MAAM,IAAI,KAAA,CAAM,CAAA,6BAAA,EAAgC,KAAK,CAAA,CAAE,CAAA;AAAA;AACzD,IACD,SAAS,KAAA,EAAO;AAEf,MAAA,IAAI,iBAAiB,KAAA,EAAO;AAC3B,QAAA,MAAM,KAAA;AAAA,MACP;AAEA,MAAA;AAAA,IACD;AAAA,EACD;AACD;AAiBA,eAAsB,aAAA,CACrB,WAAA,EACA,OAAA,GAAoC,EAAC,EACf;AACtB,EAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,KAAA,IAAS,UAAA,CAAW,KAAA;AAE9C,EAAA,IAAI,CAAC,WAAA,EAAa;AACjB,IAAA,MAAM,IAAI,MAAM,iCAAiC,CAAA;AAAA,EAClD;AAEA,EAAA,IAAI;AACH,IAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,6BAAA,EAA+B;AAAA,MAC/D,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACR,eAAA,EAAiB,UAAU,WAAW,CAAA,CAAA;AAAA,QACtC,QAAA,EAAU,6BAAA;AAAA,QACV,sBAAA,EAAwB;AAAA;AACzB,KACA,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACjB,MAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,0BAAA,EAA6B,SAAS,UAAU,CAAA,GAAA,EAAM,SAAS,CAAA,CAAE,CAAA;AAAA,IAClF;AAEA,IAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AAQjC,IAAA,OAAO;AAAA,MACN,IAAI,IAAA,CAAK,EAAA;AAAA,MACT,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,WAAW,IAAA,CAAK;AAAA,KACjB;AAAA,EACD,SAAS,KAAA,EAAO;AACf,IAAA,OAAA,CAAQ,KAAA,CAAM,4BAA4B,KAAK,CAAA;AAC/C,IAAA,MAAM,KAAA;AAAA,EACP;AACD;;;AC1QA,YAAA,EAAA;;;ACtBA,YAAA,EAAA;AA8BA,IAAM,iBAAA,GAAoB,IAAI,EAAA,GAAK,GAAA;AAKnC,SAAS,eAAe,SAAA,EAA6B;AACpD,EAAA,IAAI,CAAC,WAAW,OAAO,KAAA;AACvB,EAAA,OAAO,IAAA,CAAK,GAAA,EAAI,IAAK,SAAA,GAAY,iBAAA;AAClC;AAOA,eAAsB,cAAA,CAAe,OAAA,GAAwB,EAAC,EAAyB;AACtF,EAAA,MAAM,SAAS,SAAA,EAAU;AACzB,EAAA,MAAM,EAAE,WAAA,GAAc,IAAA,EAAM,KAAA,GAAQ,OAAA,CAAQ,GAAA,EAAK,QAAA,EAAU,OAAA,GAAU,mBAAA,CAAoB,MAAA,CAAO,WAAW,CAAA,EAAE,GAAI,OAAA;AAGjH,EAAA,MAAM,YAAY,OAAA,CAAQ,YAAA,GAAe,MAAM,OAAA,CAAQ,cAAa,GAAI,IAAA;AACxE,EAAA,MAAM,aAAA,GAAgB,SAAA,EAAW,WAAA,IAAgB,MAAM,QAAQ,QAAA,EAAS;AAExE,EAAA,IAAI,aAAA,EAAe;AAElB,IAAA,IAAI,SAAA,IAAa,cAAA,CAAe,SAAA,CAAU,SAAS,CAAA,EAAG;AAErD,MAAA,IAAI,UAAU,YAAA,EAAc;AAC3B,QAAA,IAAI;AACH,UAAA,MAAM,SAAA,GAAY,MAAM,kBAAA,CAAmB,SAAA,CAAU,YAAY,CAAA;AAGjE,UAAA,MAAMC,UAAAA,GAAY,UAAU,UAAA,GACzB,IAAA,CAAK,KAAI,GAAI,SAAA,CAAU,aAAa,GAAA,GACpC,KAAA,CAAA;AAGH,UAAA,MAAMC,QAAAA,GAA2B;AAAA,YAChC,aAAa,SAAA,CAAU,YAAA;AAAA,YACvB,YAAA,EAAc,SAAA,CAAU,aAAA,IAAiB,SAAA,CAAU,YAAA;AAAA,YACnD,SAAA,EAAAD;AAAA,WACD;AAEA,UAAA,IAAI,QAAQ,YAAA,EAAc;AACzB,YAAA,MAAM,OAAA,CAAQ,aAAaC,QAAO,CAAA;AAAA,UACnC,CAAA,MAAO;AACN,YAAA,MAAM,OAAA,CAAQ,QAAA,CAAS,SAAA,CAAU,YAAY,CAAA;AAAA,UAC9C;AAEA,UAAA,OAAO,EAAE,KAAA,EAAO,SAAA,CAAU,YAAA,EAAc,YAAY,KAAA,EAAM;AAAA,QAC3D,SAAS,KAAA,EAAO;AAEf,UAAA,OAAA,CAAQ,IAAA,CAAK,yBAAyB,KAAK,CAAA;AAAA,QAE5C;AAAA,MACD;AAAA,IACD,CAAA,MAAO;AAEN,MAAA,MAAM,EAAE,IAAA,EAAK,GAAI,MAAM,QAAQ,aAAa,CAAA;AAC5C,MAAA,IAAI,IAAA,EAAM;AACT,QAAA,OAAO,EAAE,KAAA,EAAO,aAAA,EAAe,UAAA,EAAY,KAAA,EAAM;AAAA,MAClD;AAEA,MAAA,IAAI,WAAW,YAAA,EAAc;AAC5B,QAAA,IAAI;AACH,UAAA,MAAM,SAAA,GAAY,MAAM,kBAAA,CAAmB,SAAA,CAAU,YAAY,CAAA;AACjE,UAAA,MAAMD,UAAAA,GAAY,UAAU,UAAA,GACzB,IAAA,CAAK,KAAI,GAAI,SAAA,CAAU,aAAa,GAAA,GACpC,KAAA,CAAA;AAEH,UAAA,MAAMC,QAAAA,GAA2B;AAAA,YAChC,aAAa,SAAA,CAAU,YAAA;AAAA,YACvB,YAAA,EAAc,SAAA,CAAU,aAAA,IAAiB,SAAA,CAAU,YAAA;AAAA,YACnD,SAAA,EAAAD;AAAA,WACD;AAEA,UAAA,IAAI,QAAQ,YAAA,EAAc;AACzB,YAAA,MAAM,OAAA,CAAQ,aAAaC,QAAO,CAAA;AAAA,UACnC,CAAA,MAAO;AACN,YAAA,MAAM,OAAA,CAAQ,QAAA,CAAS,SAAA,CAAU,YAAY,CAAA;AAAA,UAC9C;AAEA,UAAA,OAAO,EAAE,KAAA,EAAO,SAAA,CAAU,YAAA,EAAc,YAAY,KAAA,EAAM;AAAA,QAC3D,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACD;AAAA,IACD;AAAA,EACD;AAGA,EAAA,KAAA,CAAM,mBAAmB,CAAA;AAEzB,EAAA,MAAM,YAAA,GAAe,MAAM,eAAA,CAAgB,EAAE,UAAU,CAAA;AAEvD,EAAA,KAAA,CAAM,CAAA,kBAAA,CAAoB,CAAA;AAC1B,EAAA,KAAA,CAAM,CAAA,YAAA,EAAe,YAAA,CAAa,gBAAgB,CAAA,CAAE,CAAA;AACpD,EAAA,KAAA,CAAM,CAAA,iBAAA,EAAoB,YAAA,CAAa,SAAS,CAAA,CAAE,CAAA;AAClD,EAAA,KAAA,CAAM;AAAA,WAAA,EAAgB,aAAa,yBAAyB;AAAA,CAAI,CAAA;AAGhE,EAAA,IAAI,WAAA,EAAa;AAChB,IAAA,IAAI;AACH,MAAA,MAAM,IAAA,GAAO,MAAM,OAAO,MAAM,CAAA;AAChC,MAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,YAAA,CAAa,yBAAyB,CAAA;AACzD,MAAA,KAAA,CAAM,gCAAgC,CAAA;AAAA,IACvC,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACD;AAEA,EAAA,KAAA,CAAM,gCAAgC,CAAA;AAEtC,EAAA,MAAM,gBAAgB,MAAM,aAAA;AAAA,IAC3B,YAAA,CAAa,WAAA;AAAA,IACb,YAAA,CAAa,QAAA;AAAA,IACb,YAAA,CAAa;AAAA,GACd;AAGA,EAAA,MAAM,SAAA,GAAY,cAAc,UAAA,GAC7B,IAAA,CAAK,KAAI,GAAI,aAAA,CAAc,aAAa,GAAA,GACxC,MAAA;AAGH,EAAA,MAAM,OAAA,GAA2B;AAAA,IAChC,aAAa,aAAA,CAAc,YAAA;AAAA,IAC3B,cAAc,aAAA,CAAc,aAAA;AAAA,IAC5B;AAAA,GACD;AAEA,EAAA,IAAI,QAAQ,YAAA,EAAc;AACzB,IAAA,MAAM,OAAA,CAAQ,aAAa,OAAO,CAAA;AAAA,EACnC,CAAA,MAAO;AACN,IAAA,MAAM,OAAA,CAAQ,QAAA,CAAS,aAAA,CAAc,YAAY,CAAA;AAAA,EAClD;AAEA,EAAA,KAAA,CAAM,qBAAqB,CAAA;AAE3B,EAAA,OAAO,EAAE,KAAA,EAAO,aAAA,CAAc,YAAA,EAAc,YAAY,IAAA,EAAK;AAC9D;AAKA,eAAsB,UAAA,CAAW,OAAA,GAAwB,EAAC,EAAyB;AAClF,EAAA,MAAM,SAAS,SAAA,EAAU;AACzB,EAAA,MAAM,EAAE,OAAA,GAAU,mBAAA,CAAoB,MAAA,CAAO,WAAW,GAAE,GAAI,OAAA;AAC9D,EAAA,MAAM,QAAQ,WAAA,EAAY;AAC1B,EAAA,OAAO,eAAe,OAAO,CAAA;AAC9B;AAKA,eAAsB,eAAA,CAAgB,OAAA,GAAwB,EAAC,EAAkB;AAChF,EAAA,MAAM,SAAS,SAAA,EAAU;AACzB,EAAA,MAAM,EAAE,QAAQ,OAAA,CAAQ,GAAA,EAAK,UAAU,mBAAA,CAAoB,MAAA,CAAO,WAAW,CAAA,EAAE,GAAI,OAAA;AACnF,EAAA,MAAM,QAAQ,WAAA,EAAY;AAC1B,EAAA,KAAA,CAAM,2BAA2B,CAAA;AAClC","file":"node.js","sourcesContent":["import type { TokenStorage, StoredTokenData } from './types.js'\n\n// Keychain service and account identifiers\nconst KEYCHAIN_SERVICE = 'oauth.do'\nconst KEYCHAIN_ACCOUNT = 'access_token'\n\n/**\n * Check if we're running in a Node.js environment\n */\nfunction isNode(): boolean {\n\treturn typeof process !== 'undefined' &&\n\t\tprocess.versions != null &&\n\t\tprocess.versions.node != null\n}\n\n/**\n * Safe environment variable access\n */\nfunction getEnv(key: string): string | undefined {\n\tif (typeof process !== 'undefined' && process.env?.[key]) return process.env[key]\n\treturn undefined\n}\n\n/**\n * Keychain-based token storage using OS credential manager\n * - macOS: Keychain\n * - Windows: Credential Manager\n * - Linux: Secret Service (libsecret)\n *\n * This is the most secure option for CLI token storage.\n */\nexport class KeychainTokenStorage implements TokenStorage {\n\tprivate keytar: typeof import('keytar') | null = null\n\tprivate initialized = false\n\n\t/**\n\t * Lazily load keytar module\n\t * Returns null if keytar is not available (e.g., missing native dependencies)\n\t */\n\tprivate async getKeytar(): Promise<typeof import('keytar') | null> {\n\t\tif (this.initialized) {\n\t\t\treturn this.keytar\n\t\t}\n\n\t\tthis.initialized = true\n\n\t\ttry {\n\t\t\t// Dynamic import to handle cases where keytar native module isn't available\n\t\t\tconst imported = await import('keytar')\n\t\t\t// Handle ESM/CJS interop - keytar is CommonJS, so functions may be on .default\n\t\t\tconst keytarModule = (imported as any).default || imported\n\t\t\tthis.keytar = keytarModule as typeof import('keytar')\n\n\t\t\t// Verify the module loaded correctly by checking for expected function\n\t\t\tif (typeof this.keytar.getPassword !== 'function') {\n\t\t\t\tif (getEnv('DEBUG')) {\n\t\t\t\t\tconsole.warn('Keytar module loaded but getPassword is not a function:', Object.keys(this.keytar))\n\t\t\t\t}\n\t\t\t\tthis.keytar = null\n\t\t\t\treturn null\n\t\t\t}\n\n\t\t\treturn this.keytar\n\t\t} catch (error) {\n\t\t\t// keytar requires native dependencies that may not be available\n\t\t\t// Fall back gracefully\n\t\t\tif (getEnv('DEBUG')) {\n\t\t\t\tconsole.warn('Keychain storage not available:', error)\n\t\t\t}\n\t\t\treturn null\n\t\t}\n\t}\n\n\tasync getToken(): Promise<string | null> {\n\t\tconst keytar = await this.getKeytar()\n\t\tif (!keytar) {\n\t\t\treturn null\n\t\t}\n\n\t\ttry {\n\t\t\tconst token = await keytar.getPassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT)\n\t\t\treturn token\n\t\t} catch (error) {\n\t\t\tif (getEnv('DEBUG')) {\n\t\t\t\tconsole.warn('Failed to get token from keychain:', error)\n\t\t\t}\n\t\t\treturn null\n\t\t}\n\t}\n\n\tasync setToken(token: string): Promise<void> {\n\t\ttry {\n\t\t\tconst keytar = await this.getKeytar()\n\t\t\tif (!keytar) {\n\t\t\t\tthrow new Error('Keychain storage not available')\n\t\t\t}\n\n\t\t\tawait keytar.setPassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT, token)\n\t\t} catch (error: any) {\n\t\t\t// Check if this is a native module error vs an actual keychain error\n\t\t\tif (error?.code === 'MODULE_NOT_FOUND' || error?.message?.includes('Cannot find module')) {\n\t\t\t\tthrow new Error('Keychain storage not available: native module not built')\n\t\t\t}\n\t\t\tthrow new Error(`Failed to save token to keychain: ${error}`)\n\t\t}\n\t}\n\n\tasync removeToken(): Promise<void> {\n\t\tconst keytar = await this.getKeytar()\n\t\tif (!keytar) {\n\t\t\treturn\n\t\t}\n\n\t\ttry {\n\t\t\tawait keytar.deletePassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT)\n\t\t} catch {\n\t\t\t// Ignore errors if credential doesn't exist\n\t\t}\n\t}\n\n\t/**\n\t * Check if keychain storage is available on this system\n\t */\n\tasync isAvailable(): Promise<boolean> {\n\t\ttry {\n\t\t\tconst keytar = await this.getKeytar()\n\t\t\tif (!keytar) {\n\t\t\t\treturn false\n\t\t\t}\n\n\t\t\t// Try a read operation to verify keychain access\n\t\t\t// This will throw if native module is not built\n\t\t\tawait keytar.getPassword(KEYCHAIN_SERVICE, '__test__')\n\t\t\treturn true\n\t\t} catch (error) {\n\t\t\tif (getEnv('DEBUG')) {\n\t\t\t\tconsole.warn('Keychain not available:', error)\n\t\t\t}\n\t\t\treturn false\n\t\t}\n\t}\n}\n\n/**\n * Secure file-based token storage for CLI\n * Stores token in ~/.oauth.do/token with restricted permissions (0600)\n *\n * This is the default storage for Node.js CLI because it doesn't require\n * GUI authorization popups like the keychain does on macOS.\n * Only works in Node.js environment.\n */\nexport class SecureFileTokenStorage implements TokenStorage {\n\tprivate tokenPath: string | null = null\n\tprivate configDir: string | null = null\n\tprivate initialized = false\n\tprivate customPath?: string\n\n\tconstructor(customPath?: string) {\n\t\tthis.customPath = customPath\n\t}\n\n\tprivate async init(): Promise<boolean> {\n\t\tif (this.initialized) return this.tokenPath !== null\n\t\tthis.initialized = true\n\n\t\tif (!isNode()) return false\n\n\t\ttry {\n\t\t\tconst os = await import('os')\n\t\t\tconst path = await import('path')\n\n\t\t\t// Use custom path if provided\n\t\t\tif (this.customPath) {\n\t\t\t\t// Expand ~ to home directory\n\t\t\t\tconst expandedPath = this.customPath.startsWith('~/')\n\t\t\t\t\t? path.join(os.homedir(), this.customPath.slice(2))\n\t\t\t\t\t: this.customPath\n\n\t\t\t\tthis.tokenPath = expandedPath\n\t\t\t\tthis.configDir = path.dirname(expandedPath)\n\t\t\t} else {\n\t\t\t\t// Default path\n\t\t\t\tthis.configDir = path.join(os.homedir(), '.oauth.do')\n\t\t\t\tthis.tokenPath = path.join(this.configDir, 'token')\n\t\t\t}\n\t\t\treturn true\n\t\t} catch {\n\t\t\treturn false\n\t\t}\n\t}\n\n\tasync getToken(): Promise<string | null> {\n\t\t// Try to get from token data first (new format)\n\t\tconst data = await this.getTokenData()\n\t\tif (data) {\n\t\t\treturn data.accessToken\n\t\t}\n\n\t\t// Fall back to legacy plain text format\n\t\tif (!(await this.init()) || !this.tokenPath) return null\n\n\t\ttry {\n\t\t\tconst fs = await import('fs/promises')\n\t\t\tconst stats = await fs.stat(this.tokenPath)\n\t\t\tconst mode = stats.mode & 0o777\n\n\t\t\tif (mode !== 0o600 && getEnv('DEBUG')) {\n\t\t\t\tconsole.warn(\n\t\t\t\t\t`Warning: Token file has insecure permissions (${mode.toString(8)}). ` +\n\t\t\t\t\t\t`Expected 600. Run: chmod 600 ${this.tokenPath}`\n\t\t\t\t)\n\t\t\t}\n\n\t\t\tconst content = await fs.readFile(this.tokenPath, 'utf-8')\n\t\t\tconst trimmed = content.trim()\n\n\t\t\t// Check if it's JSON (new format) or plain token (legacy)\n\t\t\tif (trimmed.startsWith('{')) {\n\t\t\t\tconst data = JSON.parse(trimmed) as StoredTokenData\n\t\t\t\treturn data.accessToken\n\t\t\t}\n\n\t\t\treturn trimmed\n\t\t} catch {\n\t\t\treturn null\n\t\t}\n\t}\n\n\tasync setToken(token: string): Promise<void> {\n\t\t// Store as token data for consistency, trimming whitespace\n\t\tawait this.setTokenData({ accessToken: token.trim() })\n\t}\n\n\tasync getTokenData(): Promise<StoredTokenData | null> {\n\t\tif (!(await this.init()) || !this.tokenPath) return null\n\n\t\ttry {\n\t\t\tconst fs = await import('fs/promises')\n\t\t\tconst content = await fs.readFile(this.tokenPath, 'utf-8')\n\t\t\tconst trimmed = content.trim()\n\n\t\t\t// Check if it's JSON format\n\t\t\tif (trimmed.startsWith('{')) {\n\t\t\t\treturn JSON.parse(trimmed) as StoredTokenData\n\t\t\t}\n\n\t\t\t// Legacy plain text format - convert to token data\n\t\t\treturn { accessToken: trimmed }\n\t\t} catch {\n\t\t\treturn null\n\t\t}\n\t}\n\n\tasync setTokenData(data: StoredTokenData): Promise<void> {\n\t\tif (!(await this.init()) || !this.tokenPath || !this.configDir) {\n\t\t\tthrow new Error('File storage not available')\n\t\t}\n\n\t\ttry {\n\t\t\tconst fs = await import('fs/promises')\n\t\t\tawait fs.mkdir(this.configDir, { recursive: true, mode: 0o700 })\n\t\t\tawait fs.writeFile(this.tokenPath, JSON.stringify(data), { encoding: 'utf-8', mode: 0o600 })\n\t\t\tawait fs.chmod(this.tokenPath, 0o600)\n\t\t} catch (error) {\n\t\t\tconsole.error('Failed to save token data:', error)\n\t\t\tthrow error\n\t\t}\n\t}\n\n\tasync removeToken(): Promise<void> {\n\t\tif (!(await this.init()) || !this.tokenPath) return\n\n\t\ttry {\n\t\t\tconst fs = await import('fs/promises')\n\t\t\tawait fs.unlink(this.tokenPath)\n\t\t} catch {\n\t\t\t// Ignore errors if file doesn't exist\n\t\t}\n\t}\n\n\t/**\n\t * Get information about the storage backend\n\t */\n\tasync getStorageInfo(): Promise<{ type: 'file'; secure: boolean; path: string | null }> {\n\t\tawait this.init()\n\t\treturn { type: 'file', secure: true, path: this.tokenPath }\n\t}\n}\n\n/**\n * File-based token storage for CLI (legacy, less secure)\n * Stores token in ~/.oauth.do/token\n * Only works in Node.js environment.\n *\n * @deprecated Use SecureFileTokenStorage or KeychainTokenStorage instead\n */\nexport class FileTokenStorage implements TokenStorage {\n\tprivate tokenPath: string | null = null\n\tprivate configDir: string | null = null\n\tprivate initialized = false\n\n\tprivate async init(): Promise<boolean> {\n\t\tif (this.initialized) return this.tokenPath !== null\n\t\tthis.initialized = true\n\n\t\tif (!isNode()) return false\n\n\t\ttry {\n\t\t\tconst os = await import('os')\n\t\t\tconst path = await import('path')\n\t\t\tthis.configDir = path.join(os.homedir(), '.oauth.do')\n\t\t\tthis.tokenPath = path.join(this.configDir, 'token')\n\t\t\treturn true\n\t\t} catch {\n\t\t\treturn false\n\t\t}\n\t}\n\n\tasync getToken(): Promise<string | null> {\n\t\tif (!(await this.init()) || !this.tokenPath) return null\n\n\t\ttry {\n\t\t\tconst fs = await import('fs/promises')\n\t\t\tconst token = await fs.readFile(this.tokenPath, 'utf-8')\n\t\t\treturn token.trim()\n\t\t} catch {\n\t\t\treturn null\n\t\t}\n\t}\n\n\tasync setToken(token: string): Promise<void> {\n\t\tif (!(await this.init()) || !this.tokenPath || !this.configDir) {\n\t\t\tthrow new Error('File storage not available')\n\t\t}\n\n\t\ttry {\n\t\t\tconst fs = await import('fs/promises')\n\t\t\tawait fs.mkdir(this.configDir, { recursive: true })\n\t\t\tawait fs.writeFile(this.tokenPath, token, 'utf-8')\n\t\t} catch (error) {\n\t\t\tconsole.error('Failed to save token:', error)\n\t\t\tthrow error\n\t\t}\n\t}\n\n\tasync removeToken(): Promise<void> {\n\t\tif (!(await this.init()) || !this.tokenPath) return\n\n\t\ttry {\n\t\t\tconst fs = await import('fs/promises')\n\t\t\tawait fs.unlink(this.tokenPath)\n\t\t} catch {\n\t\t\t// Ignore errors if file doesn't exist\n\t\t}\n\t}\n}\n\n/**\n * In-memory token storage (for browser or testing)\n */\nexport class MemoryTokenStorage implements TokenStorage {\n\tprivate token: string | null = null\n\n\tasync getToken(): Promise<string | null> {\n\t\treturn this.token\n\t}\n\n\tasync setToken(token: string): Promise<void> {\n\t\tthis.token = token\n\t}\n\n\tasync removeToken(): Promise<void> {\n\t\tthis.token = null\n\t}\n}\n\n/**\n * LocalStorage-based token storage (for browser)\n */\nexport class LocalStorageTokenStorage implements TokenStorage {\n\tprivate key = 'oauth.do:token'\n\n\tasync getToken(): Promise<string | null> {\n\t\tif (typeof localStorage === 'undefined') {\n\t\t\treturn null\n\t\t}\n\t\treturn localStorage.getItem(this.key)\n\t}\n\n\tasync setToken(token: string): Promise<void> {\n\t\tif (typeof localStorage === 'undefined') {\n\t\t\tthrow new Error('localStorage is not available')\n\t\t}\n\t\tlocalStorage.setItem(this.key, token)\n\t}\n\n\tasync removeToken(): Promise<void> {\n\t\tif (typeof localStorage === 'undefined') {\n\t\t\treturn\n\t\t}\n\t\tlocalStorage.removeItem(this.key)\n\t}\n}\n\n/**\n * Composite token storage that tries multiple storage backends\n * Attempts keychain first, then falls back to secure file storage\n */\nexport class CompositeTokenStorage implements TokenStorage {\n\tprivate keychainStorage: KeychainTokenStorage\n\tprivate fileStorage: SecureFileTokenStorage\n\tprivate preferredStorage: TokenStorage | null = null\n\n\tconstructor() {\n\t\tthis.keychainStorage = new KeychainTokenStorage()\n\t\tthis.fileStorage = new SecureFileTokenStorage()\n\t}\n\n\t/**\n\t * Determine the best available storage backend\n\t */\n\tprivate async getPreferredStorage(): Promise<TokenStorage> {\n\t\tif (this.preferredStorage) {\n\t\t\treturn this.preferredStorage\n\t\t}\n\n\t\t// Try keychain first\n\t\tif (await this.keychainStorage.isAvailable()) {\n\t\t\tthis.preferredStorage = this.keychainStorage\n\t\t\treturn this.preferredStorage\n\t\t}\n\n\t\t// Fall back to secure file storage\n\t\tthis.preferredStorage = this.fileStorage\n\t\treturn this.preferredStorage\n\t}\n\n\tasync getToken(): Promise<string | null> {\n\t\t// First, check keychain\n\t\tconst keychainToken = await this.keychainStorage.getToken()\n\t\tif (keychainToken) {\n\t\t\treturn keychainToken\n\t\t}\n\n\t\t// Fall back to file storage (for migration from old installations)\n\t\tconst fileToken = await this.fileStorage.getToken()\n\t\tif (fileToken) {\n\t\t\t// Migrate token to keychain if available\n\t\t\tif (await this.keychainStorage.isAvailable()) {\n\t\t\t\ttry {\n\t\t\t\t\tawait this.keychainStorage.setToken(fileToken)\n\t\t\t\t\tawait this.fileStorage.removeToken()\n\t\t\t\t\tif (getEnv('DEBUG')) {\n\t\t\t\t\t\tconsole.log('Migrated token from file to keychain')\n\t\t\t\t\t}\n\t\t\t\t} catch {\n\t\t\t\t\t// Continue with file token if migration fails\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn fileToken\n\t\t}\n\n\t\treturn null\n\t}\n\n\tasync setToken(token: string): Promise<void> {\n\t\tconst storage = await this.getPreferredStorage()\n\t\tawait storage.setToken(token)\n\t}\n\n\tasync removeToken(): Promise<void> {\n\t\t// Remove from both storages to ensure complete logout\n\t\tawait Promise.all([this.keychainStorage.removeToken(), this.fileStorage.removeToken()])\n\t}\n\n\t/**\n\t * Get information about the current storage backend\n\t */\n\tasync getStorageInfo(): Promise<{ type: 'keychain' | 'file'; secure: boolean }> {\n\t\tif (await this.keychainStorage.isAvailable()) {\n\t\t\treturn { type: 'keychain', secure: true }\n\t\t}\n\t\treturn { type: 'file', secure: true }\n\t}\n}\n\n/**\n * Create the default token storage\n * - Node.js: Uses secure file storage (~/.oauth.do/token with 0600 permissions)\n * - Browser: Uses localStorage\n * - Worker: Uses in-memory storage (tokens should be passed via env bindings)\n *\n * Note: We use file storage by default because keychain storage on macOS\n * requires GUI authorization popups, which breaks automation and agent workflows.\n *\n * @param storagePath - Optional custom path for token storage (e.g., '~/.studio/tokens.json')\n */\nexport function createSecureStorage(storagePath?: string): TokenStorage {\n\t// Node.js - use secure file storage (no keychain popups)\n\tif (isNode()) {\n\t\treturn new SecureFileTokenStorage(storagePath)\n\t}\n\n\t// Browser - use localStorage\n\tif (typeof localStorage !== 'undefined') {\n\t\treturn new LocalStorageTokenStorage()\n\t}\n\n\t// Workers/other - use memory storage\n\treturn new MemoryTokenStorage()\n}\n","import type { OAuthConfig } from './types.js'\n\n/**\n * Safe environment variable access (works in Node, browser, and Workers)\n */\nfunction getEnv(key: string): string | undefined {\n\t// Check globalThis first (Workers)\n\tif ((globalThis as any)[key]) return (globalThis as any)[key]\n\t// Check process.env (Node.js)\n\tif (typeof process !== 'undefined' && process.env?.[key]) return process.env[key]\n\treturn undefined\n}\n\n/**\n * Global OAuth configuration\n * Note: storagePath is optional and may be undefined\n */\nlet globalConfig: Omit<Required<OAuthConfig>, 'storagePath'> & Pick<OAuthConfig, 'storagePath'> = {\n\tapiUrl: getEnv('OAUTH_API_URL') || getEnv('API_URL') || 'https://apis.do',\n\tclientId: getEnv('OAUTH_CLIENT_ID') || 'client_01JQYTRXK9ZPD8JPJTKDCRB656',\n\tauthKitDomain: getEnv('OAUTH_AUTHKIT_DOMAIN') || 'login.oauth.do',\n\tfetch: globalThis.fetch,\n\tstoragePath: getEnv('OAUTH_STORAGE_PATH'),\n}\n\n/**\n * Configure OAuth settings\n */\nexport function configure(config: OAuthConfig): void {\n\tglobalConfig = {\n\t\t...globalConfig,\n\t\t...config,\n\t}\n}\n\n/**\n * Get current configuration\n */\nexport function getConfig(): Omit<Required<OAuthConfig>, 'storagePath'> & Pick<OAuthConfig, 'storagePath'> {\n\treturn globalConfig\n}\n","import { getConfig } from './config.js'\nimport type { User, AuthResult, TokenResponse, StoredTokenData } from './types.js'\n\n/**\n * Resolve a secret that could be a plain string or a secrets store binding\n * Secrets store bindings have a .get() method that returns a Promise<string>\n * @see https://developers.cloudflare.com/workers/configuration/secrets/#secrets-store\n */\nasync function resolveSecret(value: unknown): Promise<string | null> {\n\tif (!value) return null\n\tif (typeof value === 'string') return value\n\tif (typeof value === 'object' && typeof (value as any).get === 'function') {\n\t\treturn await (value as any).get()\n\t}\n\treturn null\n}\n\n/**\n * Safe environment variable access (works in Node, browser, and Workers)\n */\nfunction getEnv(key: string): string | undefined {\n\t// Check globalThis first (Workers)\n\tif ((globalThis as any)[key]) return (globalThis as any)[key]\n\t// Check process.env (Node.js)\n\tif (typeof process !== 'undefined' && process.env?.[key]) return process.env[key]\n\treturn undefined\n}\n\n/**\n * Get current authenticated user\n * Calls GET /me endpoint\n *\n * @param token - Optional authentication token (will use DO_TOKEN env var if not provided)\n * @returns Authentication result with user info or null if not authenticated\n */\nexport async function getUser(token?: string): Promise<AuthResult> {\n\tconst config = getConfig()\n\tconst authToken = token || getEnv('DO_TOKEN') || ''\n\n\tif (!authToken) {\n\t\treturn { user: null }\n\t}\n\n\ttry {\n\t\tconst response = await config.fetch(`${config.apiUrl}/me`, {\n\t\t\tmethod: 'GET',\n\t\t\theaders: {\n\t\t\t\t'Authorization': `Bearer ${authToken}`,\n\t\t\t\t'Content-Type': 'application/json',\n\t\t\t},\n\t\t})\n\n\t\tif (!response.ok) {\n\t\t\tif (response.status === 401) {\n\t\t\t\treturn { user: null }\n\t\t\t}\n\t\t\tthrow new Error(`Authentication failed: ${response.statusText}`)\n\t\t}\n\n\t\tconst user = (await response.json()) as User\n\t\treturn { user, token: authToken }\n\t} catch (error) {\n\t\tconsole.error('Auth error:', error)\n\t\treturn { user: null }\n\t}\n}\n\n/**\n * Initiate login flow\n * Calls POST /login endpoint\n *\n * @param credentials - Login credentials (email, password, etc.)\n * @returns Authentication result with user info and token\n */\nexport async function login(credentials: {\n\temail?: string\n\tpassword?: string\n\t[key: string]: any\n}): Promise<AuthResult> {\n\tconst config = getConfig()\n\n\ttry {\n\t\tconst response = await config.fetch(`${config.apiUrl}/login`, {\n\t\t\tmethod: 'POST',\n\t\t\theaders: {\n\t\t\t\t'Content-Type': 'application/json',\n\t\t\t},\n\t\t\tbody: JSON.stringify(credentials),\n\t\t})\n\n\t\tif (!response.ok) {\n\t\t\tthrow new Error(`Login failed: ${response.statusText}`)\n\t\t}\n\n\t\tconst data = (await response.json()) as { user: User; token: string }\n\t\treturn { user: data.user, token: data.token }\n\t} catch (error) {\n\t\tconsole.error('Login error:', error)\n\t\tthrow error\n\t}\n}\n\n/**\n * Logout current user\n * Calls POST /logout endpoint\n *\n * @param token - Optional authentication token (will use DO_TOKEN env var if not provided)\n */\nexport async function logout(token?: string): Promise<void> {\n\tconst config = getConfig()\n\tconst authToken = token || getEnv('DO_TOKEN') || ''\n\n\tif (!authToken) {\n\t\treturn\n\t}\n\n\ttry {\n\t\tconst response = await config.fetch(`${config.apiUrl}/logout`, {\n\t\t\tmethod: 'POST',\n\t\t\theaders: {\n\t\t\t\t'Authorization': `Bearer ${authToken}`,\n\t\t\t\t'Content-Type': 'application/json',\n\t\t\t},\n\t\t})\n\n\t\tif (!response.ok) {\n\t\t\tconsole.warn(`Logout warning: ${response.statusText}`)\n\t\t}\n\t} catch (error) {\n\t\tconsole.error('Logout error:', error)\n\t}\n}\n\n/**\n * Get token from environment or stored credentials\n *\n * Checks in order:\n * 1. globalThis.DO_ADMIN_TOKEN / DO_TOKEN (Workers legacy)\n * 2. process.env.DO_ADMIN_TOKEN / DO_TOKEN (Node.js)\n * 3. cloudflare:workers env import (Workers 2025+) - supports secrets store bindings\n * 4. Stored token (keychain/secure file)\n *\n * @see https://developers.cloudflare.com/changelog/2025-03-17-importable-env/\n */\nexport async function getToken(): Promise<string | null> {\n\t// Check env vars first (globalThis for Workers legacy, process.env for Node)\n\tconst adminToken = getEnv('DO_ADMIN_TOKEN')\n\tif (adminToken) return adminToken\n\tconst doToken = getEnv('DO_TOKEN')\n\tif (doToken) return doToken\n\n\t// Try cloudflare:workers env import (Workers 2025+)\n\t// Supports both plain strings and secrets store bindings\n\ttry {\n\t\t// @ts-ignore - cloudflare:workers only available in Workers runtime\n\t\tconst { env } = await import('cloudflare:workers')\n\n\t\tconst cfAdminToken = await resolveSecret((env as any).DO_ADMIN_TOKEN)\n\t\tif (cfAdminToken) return cfAdminToken\n\n\t\tconst cfToken = await resolveSecret((env as any).DO_TOKEN)\n\t\tif (cfToken) return cfToken\n\t} catch {\n\t\t// Not in Workers environment or env not available\n\t}\n\n\t// Try stored token (Node.js only - uses keychain/file storage)\n\ttry {\n\t\tconst { createSecureStorage } = await import('./storage.js')\n\t\tconst config = getConfig()\n\t\tconst storage = createSecureStorage(config.storagePath)\n\t\treturn await storage.getToken()\n\t} catch {\n\t\t// Storage not available (browser/worker) - return null\n\t\treturn null\n\t}\n}\n\n/**\n * Check if user is authenticated (has valid token)\n */\nexport async function isAuthenticated(token?: string): Promise<boolean> {\n\tconst result = await getUser(token)\n\treturn result.user !== null\n}\n\n/**\n * Auth provider function type for HTTP clients\n */\nexport type AuthProvider = () => string | null | undefined | Promise<string | null | undefined>\n\n/**\n * Create an auth provider function for HTTP clients (apis.do, rpc.do)\n * Returns a function that resolves to a token string\n *\n * @example\n * import { auth } from 'oauth.do'\n * const getAuth = auth()\n * const token = await getAuth()\n */\nexport function auth(): AuthProvider {\n\treturn getToken\n}\n\n/**\n * Refresh an access token using a refresh token\n *\n * @param refreshToken - The refresh token from the original auth response\n * @returns New token response with fresh access_token (and possibly new refresh_token)\n */\nexport async function refreshAccessToken(refreshToken: string): Promise<TokenResponse> {\n\tconst config = getConfig()\n\n\tif (!config.clientId) {\n\t\tthrow new Error('Client ID is required for token refresh')\n\t}\n\n\tconst response = await config.fetch('https://auth.apis.do/user_management/authenticate', {\n\t\tmethod: 'POST',\n\t\theaders: {\n\t\t\t'Content-Type': 'application/x-www-form-urlencoded',\n\t\t},\n\t\tbody: new URLSearchParams({\n\t\t\tgrant_type: 'refresh_token',\n\t\t\trefresh_token: refreshToken,\n\t\t\tclient_id: config.clientId,\n\t\t}).toString(),\n\t})\n\n\tif (!response.ok) {\n\t\tconst errorText = await response.text()\n\t\tthrow new Error(`Token refresh failed: ${response.status} - ${errorText}`)\n\t}\n\n\treturn (await response.json()) as TokenResponse\n}\n\n/**\n * Get stored token data from storage\n */\nexport async function getStoredTokenData(): Promise<StoredTokenData | null> {\n\ttry {\n\t\tconst { createSecureStorage } = await import('./storage.js')\n\t\tconst config = getConfig()\n\t\tconst storage = createSecureStorage(config.storagePath)\n\t\tif (storage.getTokenData) {\n\t\t\treturn await storage.getTokenData()\n\t\t}\n\t\t// Fall back to just access token\n\t\tconst token = await storage.getToken()\n\t\treturn token ? { accessToken: token } : null\n\t} catch {\n\t\treturn null\n\t}\n}\n\n/**\n * Store token data including refresh token\n */\nexport async function storeTokenData(data: StoredTokenData): Promise<void> {\n\ttry {\n\t\tconst { createSecureStorage } = await import('./storage.js')\n\t\tconst config = getConfig()\n\t\tconst storage = createSecureStorage(config.storagePath)\n\t\tif (storage.setTokenData) {\n\t\t\tawait storage.setTokenData(data)\n\t\t} else {\n\t\t\tawait storage.setToken(data.accessToken)\n\t\t}\n\t} catch (error) {\n\t\tconsole.error('Failed to store token data:', error)\n\t\tthrow error\n\t}\n}\n\n/**\n * Build OAuth authorization URL\n *\n * @example\n * const url = buildAuthUrl({\n * redirectUri: 'https://myapp.com/callback',\n * scope: 'openid profile email',\n * })\n */\nexport function buildAuthUrl(options: {\n\tredirectUri: string\n\tscope?: string\n\tstate?: string\n\tresponseType?: string\n\tclientId?: string\n\tauthDomain?: string\n}): string {\n\tconst config = getConfig()\n\tconst clientId = options.clientId || config.clientId\n\tconst authDomain = options.authDomain || config.authKitDomain\n\n\tconst params = new URLSearchParams({\n\t\tclient_id: clientId,\n\t\tredirect_uri: options.redirectUri,\n\t\tresponse_type: options.responseType || 'code',\n\t\tscope: options.scope || 'openid profile email',\n\t})\n\n\tif (options.state) {\n\t\tparams.set('state', options.state)\n\t}\n\n\treturn `https://${authDomain}/authorize?${params.toString()}`\n}\n","import { getConfig } from './config.js'\nimport type { DeviceAuthorizationResponse, TokenResponse, TokenError } from './types.js'\n\n/**\n * OAuth provider options for direct provider login\n * Bypasses AuthKit login screen and goes directly to the provider\n */\nexport type OAuthProvider = 'GitHubOAuth' | 'GoogleOAuth' | 'MicrosoftOAuth' | 'AppleOAuth'\n\nexport interface DeviceAuthOptions {\n\t/** OAuth provider to use directly (bypasses AuthKit login screen) */\n\tprovider?: OAuthProvider\n}\n\n/**\n * Initiate device authorization flow\n * Following OAuth 2.0 Device Authorization Grant (RFC 8628)\n *\n * @param options - Optional settings including provider for direct OAuth\n * @returns Device authorization response with codes and URIs\n */\nexport async function authorizeDevice(options: DeviceAuthOptions = {}): Promise<DeviceAuthorizationResponse> {\n\tconst config = getConfig()\n\n\tif (!config.clientId) {\n\t\tthrow new Error('Client ID is required for device authorization. Set OAUTH_CLIENT_ID or configure({ clientId: \"...\" })')\n\t}\n\n\ttry {\n\t\tconst url = 'https://auth.apis.do/user_management/authorize/device'\n\t\tconst body = new URLSearchParams({\n\t\t\tclient_id: config.clientId,\n\t\t\tscope: 'openid profile email',\n\t\t})\n\n\t\t// Add provider if specified (bypasses AuthKit login screen)\n\t\tif (options.provider) {\n\t\t\tbody.set('provider', options.provider)\n\t\t}\n\n\t\tconst response = await config.fetch(url, {\n\t\t\tmethod: 'POST',\n\t\t\theaders: {\n\t\t\t\t'Content-Type': 'application/x-www-form-urlencoded',\n\t\t\t},\n\t\t\tbody: body.toString(),\n\t\t})\n\n\t\tif (!response.ok) {\n\t\t\tconst errorText = await response.text()\n\t\t\tthrow new Error(`Device authorization failed: ${response.statusText} - ${errorText}`)\n\t\t}\n\n\t\tconst data = (await response.json()) as DeviceAuthorizationResponse\n\t\treturn data\n\t} catch (error) {\n\t\tconsole.error('Device authorization error:', error)\n\t\tthrow error\n\t}\n}\n\n/**\n * Poll for tokens after device authorization\n *\n * @param deviceCode - Device code from authorization response\n * @param interval - Polling interval in seconds (default: 5)\n * @param expiresIn - Expiration time in seconds (default: 600)\n * @returns Token response with access token and user info\n */\nexport async function pollForTokens(\n\tdeviceCode: string,\n\tinterval: number = 5,\n\texpiresIn: number = 600\n): Promise<TokenResponse> {\n\tconst config = getConfig()\n\n\tif (!config.clientId) {\n\t\tthrow new Error('Client ID is required for token polling')\n\t}\n\n\tconst startTime = Date.now()\n\tconst timeout = expiresIn * 1000\n\tlet currentInterval = interval * 1000\n\n\twhile (true) {\n\t\t// Check if expired\n\t\tif (Date.now() - startTime > timeout) {\n\t\t\tthrow new Error('Device authorization expired. Please try again.')\n\t\t}\n\n\t\t// Wait for interval\n\t\tawait new Promise((resolve) => setTimeout(resolve, currentInterval))\n\n\t\ttry {\n\t\t\tconst response = await config.fetch('https://auth.apis.do/user_management/authenticate', {\n\t\t\t\tmethod: 'POST',\n\t\t\t\theaders: {\n\t\t\t\t\t'Content-Type': 'application/x-www-form-urlencoded',\n\t\t\t\t},\n\t\t\t\tbody: new URLSearchParams({\n\t\t\t\t\tgrant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n\t\t\t\t\tdevice_code: deviceCode,\n\t\t\t\t\tclient_id: config.clientId,\n\t\t\t\t}).toString(),\n\t\t\t})\n\n\t\t\tif (response.ok) {\n\t\t\t\tconst data = (await response.json()) as TokenResponse\n\t\t\t\treturn data\n\t\t\t}\n\n\t\t\t// Handle error responses\n\t\t\tconst errorData = (await response.json().catch(() => ({ error: 'unknown' }))) as { error?: string }\n\t\t\tconst error = (errorData.error || 'unknown') as TokenError\n\n\t\t\tswitch (error) {\n\t\t\t\tcase 'authorization_pending':\n\t\t\t\t\t// Continue polling\n\t\t\t\t\tcontinue\n\n\t\t\t\tcase 'slow_down':\n\t\t\t\t\t// Increase interval by 5 seconds\n\t\t\t\t\tcurrentInterval += 5000\n\t\t\t\t\tcontinue\n\n\t\t\t\tcase 'access_denied':\n\t\t\t\t\tthrow new Error('Access denied by user')\n\n\t\t\t\tcase 'expired_token':\n\t\t\t\t\tthrow new Error('Device code expired')\n\n\t\t\t\tdefault:\n\t\t\t\t\tthrow new Error(`Token polling failed: ${error}`)\n\t\t\t}\n\t\t} catch (error) {\n\t\t\t// If it's our thrown error, re-throw it\n\t\t\tif (error instanceof Error) {\n\t\t\t\tthrow error\n\t\t\t}\n\t\t\t// Otherwise continue polling\n\t\t\tcontinue\n\t\t}\n\t}\n}\n","/**\n * GitHub Device Flow implementation\n * Following OAuth 2.0 Device Authorization Grant (RFC 8628)\n * https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#device-flow\n */\n\nexport interface GitHubDeviceFlowOptions {\n\t/** GitHub OAuth App client ID */\n\tclientId: string\n\t/** OAuth scopes (default: 'user:email read:user') */\n\tscope?: string\n\t/** Custom fetch implementation */\n\tfetch?: typeof fetch\n}\n\nexport interface GitHubDeviceAuthResponse {\n\t/** Device verification code */\n\tdeviceCode: string\n\t/** User verification code to display */\n\tuserCode: string\n\t/** Verification URI for user to visit */\n\tverificationUri: string\n\t/** Expiration time in seconds */\n\texpiresIn: number\n\t/** Polling interval in seconds */\n\tinterval: number\n}\n\nexport interface GitHubTokenResponse {\n\t/** Access token for GitHub API */\n\taccessToken: string\n\t/** Token type (typically 'bearer') */\n\ttokenType: string\n\t/** Granted scopes */\n\tscope: string\n}\n\nexport interface GitHubUser {\n\t/** Numeric GitHub user ID (critical for sqid generation) */\n\tid: number\n\t/** GitHub username */\n\tlogin: string\n\t/** User's email (may be null if not public) */\n\temail: string | null\n\t/** User's display name */\n\tname: string | null\n\t/** Avatar image URL */\n\tavatarUrl: string\n}\n\ntype GitHubTokenError =\n\t| 'authorization_pending'\n\t| 'slow_down'\n\t| 'expired_token'\n\t| 'access_denied'\n\t| 'unknown'\n\n/**\n * Start GitHub Device Flow\n *\n * Initiates device authorization flow by requesting device and user codes.\n *\n * @param options - Client ID, scope, and optional custom fetch\n * @returns Device authorization response with codes and URIs\n *\n * @example\n * ```ts\n * const auth = await startGitHubDeviceFlow({\n * clientId: 'Ov23liABCDEFGHIJKLMN',\n * scope: 'user:email read:user'\n * })\n *\n * console.log(`Visit ${auth.verificationUri} and enter code: ${auth.userCode}`)\n * ```\n */\nexport async function startGitHubDeviceFlow(\n\toptions: GitHubDeviceFlowOptions\n): Promise<GitHubDeviceAuthResponse> {\n\tconst { clientId, scope = 'user:email read:user' } = options\n\tconst fetchImpl = options.fetch || globalThis.fetch\n\n\tif (!clientId) {\n\t\tthrow new Error('GitHub client ID is required for device authorization')\n\t}\n\n\ttry {\n\t\tconst url = 'https://github.com/login/device/code'\n\t\tconst body = new URLSearchParams({\n\t\t\tclient_id: clientId,\n\t\t\tscope,\n\t\t})\n\n\t\tconst response = await fetchImpl(url, {\n\t\t\tmethod: 'POST',\n\t\t\theaders: {\n\t\t\t\t'Content-Type': 'application/x-www-form-urlencoded',\n\t\t\t\t'Accept': 'application/json',\n\t\t\t},\n\t\t\tbody,\n\t\t})\n\n\t\tif (!response.ok) {\n\t\t\tconst errorText = await response.text()\n\t\t\tthrow new Error(`GitHub device authorization failed: ${response.statusText} - ${errorText}`)\n\t\t}\n\n\t\tconst data = await response.json() as {\n\t\t\tdevice_code: string\n\t\t\tuser_code: string\n\t\t\tverification_uri: string\n\t\t\texpires_in: number\n\t\t\tinterval: number\n\t\t}\n\n\t\treturn {\n\t\t\tdeviceCode: data.device_code,\n\t\t\tuserCode: data.user_code,\n\t\t\tverificationUri: data.verification_uri,\n\t\t\texpiresIn: data.expires_in,\n\t\t\tinterval: data.interval,\n\t\t}\n\t} catch (error) {\n\t\tconsole.error('GitHub device authorization error:', error)\n\t\tthrow error\n\t}\n}\n\n/**\n * Poll GitHub Device Flow for access token\n *\n * Polls GitHub's token endpoint until user completes authorization.\n * Handles all error states including authorization_pending, slow_down, etc.\n *\n * @param deviceCode - Device code from startGitHubDeviceFlow\n * @param options - Client ID and optional custom fetch\n * @returns Token response with access token\n *\n * @example\n * ```ts\n * const auth = await startGitHubDeviceFlow({ clientId: '...' })\n * // User completes authorization...\n * const token = await pollGitHubDeviceFlow(auth.deviceCode, {\n * clientId: '...',\n * interval: auth.interval,\n * expiresIn: auth.expiresIn\n * })\n * console.log('Access token:', token.accessToken)\n * ```\n */\nexport async function pollGitHubDeviceFlow(\n\tdeviceCode: string,\n\toptions: GitHubDeviceFlowOptions & { interval?: number; expiresIn?: number }\n): Promise<GitHubTokenResponse> {\n\tconst { clientId, interval = 5, expiresIn = 900 } = options\n\tconst fetchImpl = options.fetch || globalThis.fetch\n\n\tif (!clientId) {\n\t\tthrow new Error('GitHub client ID is required for token polling')\n\t}\n\n\tconst startTime = Date.now()\n\tconst timeout = expiresIn * 1000\n\tlet currentInterval = interval * 1000\n\n\twhile (true) {\n\t\t// Check if expired\n\t\tif (Date.now() - startTime > timeout) {\n\t\t\tthrow new Error('GitHub device authorization expired. Please try again.')\n\t\t}\n\n\t\t// Wait for interval\n\t\tawait new Promise((resolve) => setTimeout(resolve, currentInterval))\n\n\t\ttry {\n\t\t\tconst url = 'https://github.com/login/oauth/access_token'\n\t\t\tconst body = new URLSearchParams({\n\t\t\t\tclient_id: clientId,\n\t\t\t\tdevice_code: deviceCode,\n\t\t\t\tgrant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n\t\t\t})\n\n\t\t\tconst response = await fetchImpl(url, {\n\t\t\t\tmethod: 'POST',\n\t\t\t\theaders: {\n\t\t\t\t\t'Content-Type': 'application/x-www-form-urlencoded',\n\t\t\t\t\t'Accept': 'application/json',\n\t\t\t\t},\n\t\t\t\tbody,\n\t\t\t})\n\n\t\t\tconst data = await response.json() as\n\t\t\t\t| { access_token: string; token_type: string; scope: string }\n\t\t\t\t| { error: string; error_description?: string; error_uri?: string }\n\n\t\t\t// Check for success\n\t\t\tif ('access_token' in data) {\n\t\t\t\treturn {\n\t\t\t\t\taccessToken: data.access_token,\n\t\t\t\t\ttokenType: data.token_type,\n\t\t\t\t\tscope: data.scope,\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// Handle error responses\n\t\t\tconst error = (data.error || 'unknown') as GitHubTokenError\n\n\t\t\tswitch (error) {\n\t\t\t\tcase 'authorization_pending':\n\t\t\t\t\t// Continue polling\n\t\t\t\t\tcontinue\n\n\t\t\t\tcase 'slow_down':\n\t\t\t\t\t// Increase interval by 5 seconds\n\t\t\t\t\tcurrentInterval += 5000\n\t\t\t\t\tcontinue\n\n\t\t\t\tcase 'access_denied':\n\t\t\t\t\tthrow new Error('Access denied by user')\n\n\t\t\t\tcase 'expired_token':\n\t\t\t\t\tthrow new Error('Device code expired')\n\n\t\t\t\tdefault:\n\t\t\t\t\tthrow new Error(`GitHub token polling failed: ${error}`)\n\t\t\t}\n\t\t} catch (error) {\n\t\t\t// If it's our thrown error, re-throw it\n\t\t\tif (error instanceof Error) {\n\t\t\t\tthrow error\n\t\t\t}\n\t\t\t// Otherwise continue polling\n\t\t\tcontinue\n\t\t}\n\t}\n}\n\n/**\n * Get GitHub user information\n *\n * Fetches authenticated user's profile from GitHub API.\n *\n * @param accessToken - GitHub access token\n * @param options - Optional custom fetch implementation\n * @returns GitHub user profile\n *\n * @example\n * ```ts\n * const user = await getGitHubUser(token.accessToken)\n * console.log(`Logged in as ${user.login} (ID: ${user.id})`)\n * ```\n */\nexport async function getGitHubUser(\n\taccessToken: string,\n\toptions: { fetch?: typeof fetch } = {}\n): Promise<GitHubUser> {\n\tconst fetchImpl = options.fetch || globalThis.fetch\n\n\tif (!accessToken) {\n\t\tthrow new Error('GitHub access token is required')\n\t}\n\n\ttry {\n\t\tconst response = await fetchImpl('https://api.github.com/user', {\n\t\t\tmethod: 'GET',\n\t\t\theaders: {\n\t\t\t\t'Authorization': `Bearer ${accessToken}`,\n\t\t\t\t'Accept': 'application/vnd.github+json',\n\t\t\t\t'X-GitHub-Api-Version': '2022-11-28',\n\t\t\t},\n\t\t})\n\n\t\tif (!response.ok) {\n\t\t\tconst errorText = await response.text()\n\t\t\tthrow new Error(`GitHub user fetch failed: ${response.statusText} - ${errorText}`)\n\t\t}\n\n\t\tconst data = await response.json() as {\n\t\t\tid: number\n\t\t\tlogin: string\n\t\t\temail: string | null\n\t\t\tname: string | null\n\t\t\tavatar_url: string\n\t\t}\n\n\t\treturn {\n\t\t\tid: data.id,\n\t\t\tlogin: data.login,\n\t\t\temail: data.email,\n\t\t\tname: data.name,\n\t\t\tavatarUrl: data.avatar_url,\n\t\t}\n\t} catch (error) {\n\t\tconsole.error('GitHub user fetch error:', error)\n\t\tthrow error\n\t}\n}\n","/**\n * oauth.do - OAuth authentication SDK and CLI for .do Platform\n *\n * This is the browser-safe entry point.\n * For CLI utilities that open the browser, import from 'oauth.do/cli'\n *\n * @packageDocumentation\n */\n\n// Browser-safe auth utilities\nexport { auth, getUser, login, logout, getToken, isAuthenticated, buildAuthUrl } from './auth.js'\nexport type { AuthProvider } from './auth.js'\nexport { configure, getConfig } from './config.js'\nexport { authorizeDevice, pollForTokens } from './device.js'\n\n// GitHub Device Flow\nexport {\n\tstartGitHubDeviceFlow,\n\tpollGitHubDeviceFlow,\n\tgetGitHubUser,\n} from './github-device.js'\nexport type {\n\tGitHubDeviceFlowOptions,\n\tGitHubDeviceAuthResponse,\n\tGitHubTokenResponse,\n\tGitHubUser,\n} from './github-device.js'\n\n// Storage utilities (browser-safe - uses dynamic imports for Node.js features)\nexport {\n\tFileTokenStorage,\n\tMemoryTokenStorage,\n\tLocalStorageTokenStorage,\n\tSecureFileTokenStorage,\n\tKeychainTokenStorage,\n\tCompositeTokenStorage,\n\tcreateSecureStorage,\n} from './storage.js'\n\n// Types\nexport type {\n\tOAuthConfig,\n\tUser,\n\tAuthResult,\n\tDeviceAuthorizationResponse,\n\tTokenResponse,\n\tTokenError,\n\tTokenStorage,\n} from './types.js'\n\n// Re-export login types only (not functions - they use 'open' package)\nexport type { LoginOptions, LoginResult, OAuthProvider } from './login.js'\n","/**\n * CLI-centric login utilities\n * Handles device flow with browser auto-launch for CLI apps\n */\n\nimport { authorizeDevice, pollForTokens } from './device.js'\nimport type { OAuthProvider } from './device.js'\nimport { createSecureStorage } from './storage.js'\nimport { refreshAccessToken, getUser } from './auth.js'\nimport type { StoredTokenData } from './types.js'\nimport { getConfig } from './config.js'\n\nexport type { OAuthProvider } from './device.js'\n\nexport interface LoginOptions {\n\t/** Open browser automatically (default: true) */\n\topenBrowser?: boolean\n\t/** Custom print function for output */\n\tprint?: (message: string) => void\n\t/** OAuth provider to use directly (bypasses AuthKit login screen) */\n\tprovider?: OAuthProvider\n\t/** Storage to use (default: createSecureStorage()) */\n\tstorage?: {\n\t\tgetToken: () => Promise<string | null>\n\t\tsetToken: (token: string) => Promise<void>\n\t\tremoveToken: () => Promise<void>\n\t\tgetTokenData?: () => Promise<StoredTokenData | null>\n\t\tsetTokenData?: (data: StoredTokenData) => Promise<void>\n\t}\n}\n\nexport interface LoginResult {\n\ttoken: string\n\tisNewLogin: boolean\n}\n\n// Buffer time before expiration to trigger refresh (5 minutes)\nconst REFRESH_BUFFER_MS = 5 * 60 * 1000\n\n/**\n * Check if token is expired or about to expire\n */\nfunction isTokenExpired(expiresAt?: number): boolean {\n\tif (!expiresAt) return false // Can't determine, assume valid\n\treturn Date.now() >= expiresAt - REFRESH_BUFFER_MS\n}\n\n/**\n * Get existing token or perform device flow login\n * Handles browser launch and token storage automatically\n * Automatically refreshes expired tokens if refresh_token is available\n */\nexport async function ensureLoggedIn(options: LoginOptions = {}): Promise<LoginResult> {\n\tconst config = getConfig()\n\tconst { openBrowser = true, print = console.log, provider, storage = createSecureStorage(config.storagePath) } = options\n\n\t// Check for existing token data\n\tconst tokenData = storage.getTokenData ? await storage.getTokenData() : null\n\tconst existingToken = tokenData?.accessToken || (await storage.getToken())\n\n\tif (existingToken) {\n\t\t// Check if token is expired\n\t\tif (tokenData && isTokenExpired(tokenData.expiresAt)) {\n\t\t\t// Try to refresh\n\t\t\tif (tokenData.refreshToken) {\n\t\t\t\ttry {\n\t\t\t\t\tconst newTokens = await refreshAccessToken(tokenData.refreshToken)\n\n\t\t\t\t\t// Calculate new expiration time\n\t\t\t\t\tconst expiresAt = newTokens.expires_in\n\t\t\t\t\t\t? Date.now() + newTokens.expires_in * 1000\n\t\t\t\t\t\t: undefined\n\n\t\t\t\t\t// Store new token data\n\t\t\t\t\tconst newData: StoredTokenData = {\n\t\t\t\t\t\taccessToken: newTokens.access_token,\n\t\t\t\t\t\trefreshToken: newTokens.refresh_token || tokenData.refreshToken,\n\t\t\t\t\t\texpiresAt,\n\t\t\t\t\t}\n\n\t\t\t\t\tif (storage.setTokenData) {\n\t\t\t\t\t\tawait storage.setTokenData(newData)\n\t\t\t\t\t} else {\n\t\t\t\t\t\tawait storage.setToken(newTokens.access_token)\n\t\t\t\t\t}\n\n\t\t\t\t\treturn { token: newTokens.access_token, isNewLogin: false }\n\t\t\t\t} catch (error) {\n\t\t\t\t\t// Refresh failed - might need to re-login\n\t\t\t\t\tconsole.warn('Token refresh failed:', error)\n\t\t\t\t\t// Fall through to device flow\n\t\t\t\t}\n\t\t\t}\n\t\t} else {\n\t\t\t// Token exists and not expired - validate it\n\t\t\tconst { user } = await getUser(existingToken)\n\t\t\tif (user) {\n\t\t\t\treturn { token: existingToken, isNewLogin: false }\n\t\t\t}\n\t\t\t// Token invalid - try refresh if available\n\t\t\tif (tokenData?.refreshToken) {\n\t\t\t\ttry {\n\t\t\t\t\tconst newTokens = await refreshAccessToken(tokenData.refreshToken)\n\t\t\t\t\tconst expiresAt = newTokens.expires_in\n\t\t\t\t\t\t? Date.now() + newTokens.expires_in * 1000\n\t\t\t\t\t\t: undefined\n\n\t\t\t\t\tconst newData: StoredTokenData = {\n\t\t\t\t\t\taccessToken: newTokens.access_token,\n\t\t\t\t\t\trefreshToken: newTokens.refresh_token || tokenData.refreshToken,\n\t\t\t\t\t\texpiresAt,\n\t\t\t\t\t}\n\n\t\t\t\t\tif (storage.setTokenData) {\n\t\t\t\t\t\tawait storage.setTokenData(newData)\n\t\t\t\t\t} else {\n\t\t\t\t\t\tawait storage.setToken(newTokens.access_token)\n\t\t\t\t\t}\n\n\t\t\t\t\treturn { token: newTokens.access_token, isNewLogin: false }\n\t\t\t\t} catch {\n\t\t\t\t\t// Refresh failed - need to re-login\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\t// No valid token, start device flow\n\tprint('\\nLogging in...\\n')\n\n\tconst authResponse = await authorizeDevice({ provider })\n\n\tprint(`To complete login:`)\n\tprint(` 1. Visit: ${authResponse.verification_uri}`)\n\tprint(` 2. Enter code: ${authResponse.user_code}`)\n\tprint(`\\n Or open: ${authResponse.verification_uri_complete}\\n`)\n\n\t// Auto-launch browser\n\tif (openBrowser) {\n\t\ttry {\n\t\t\tconst open = await import('open')\n\t\t\tawait open.default(authResponse.verification_uri_complete)\n\t\t\tprint('Browser opened automatically\\n')\n\t\t} catch {\n\t\t\t// Silently fail if can't open browser\n\t\t}\n\t}\n\n\tprint('Waiting for authorization...\\n')\n\n\tconst tokenResponse = await pollForTokens(\n\t\tauthResponse.device_code,\n\t\tauthResponse.interval,\n\t\tauthResponse.expires_in\n\t)\n\n\t// Calculate expiration time\n\tconst expiresAt = tokenResponse.expires_in\n\t\t? Date.now() + tokenResponse.expires_in * 1000\n\t\t: undefined\n\n\t// Store full token data including refresh token\n\tconst newData: StoredTokenData = {\n\t\taccessToken: tokenResponse.access_token,\n\t\trefreshToken: tokenResponse.refresh_token,\n\t\texpiresAt,\n\t}\n\n\tif (storage.setTokenData) {\n\t\tawait storage.setTokenData(newData)\n\t} else {\n\t\tawait storage.setToken(tokenResponse.access_token)\n\t}\n\n\tprint('Login successful!\\n')\n\n\treturn { token: tokenResponse.access_token, isNewLogin: true }\n}\n\n/**\n * Force a new login (ignores existing token)\n */\nexport async function forceLogin(options: LoginOptions = {}): Promise<LoginResult> {\n\tconst config = getConfig()\n\tconst { storage = createSecureStorage(config.storagePath) } = options\n\tawait storage.removeToken()\n\treturn ensureLoggedIn(options)\n}\n\n/**\n * Logout and remove stored token\n */\nexport async function ensureLoggedOut(options: LoginOptions = {}): Promise<void> {\n\tconst config = getConfig()\n\tconst { print = console.log, storage = createSecureStorage(config.storagePath) } = options\n\tawait storage.removeToken()\n\tprint('Logged out successfully\\n')\n}\n"]}
1
+ {"version":3,"sources":["../src/utils.ts","../src/storage.ts","../src/config.ts","../src/auth.ts","../src/device.ts","../src/github-device.ts","../src/index.ts","../src/login.ts"],"names":["data","createSecureStorage","REFRESH_BUFFER_MS","isTokenExpired"],"mappings":";;;;;;;;;;;AAUO,SAAS,OAAO,GAAA,EAAiC;AAEvD,EAAA,IAAK,UAAA,CAAmB,GAAG,CAAA,EAAG,OAAQ,WAAmB,GAAG,CAAA;AAE5D,EAAA,IAAI,OAAO,OAAA,KAAY,WAAA,IAAe,OAAA,CAAQ,GAAA,GAAM,GAAG,CAAA,EAAG,OAAO,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA;AAChF,EAAA,OAAO,MAAA;AACR;AAhBA,IAAA,UAAA,GAAA,KAAA,CAAA;AAAA,EAAA,cAAA,GAAA;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACAA,IAAA,eAAA,GAAA,EAAA;AAAA,QAAA,CAAA,eAAA,EAAA;AAAA,EAAA,qBAAA,EAAA,MAAA,qBAAA;AAAA,EAAA,gBAAA,EAAA,MAAA,gBAAA;AAAA,EAAA,oBAAA,EAAA,MAAA,oBAAA;AAAA,EAAA,wBAAA,EAAA,MAAA,wBAAA;AAAA,EAAA,kBAAA,EAAA,MAAA,kBAAA;AAAA,EAAA,sBAAA,EAAA,MAAA,sBAAA;AAAA,EAAA,mBAAA,EAAA,MAAA;AAAA,CAAA,CAAA;AAUA,SAAS,MAAA,GAAkB;AAC1B,EAAA,OAAO,OAAO,YAAY,WAAA,IACzB,OAAA,CAAQ,YAAY,IAAA,IACpB,OAAA,CAAQ,SAAS,IAAA,IAAQ,IAAA;AAC3B;AA4dO,SAAS,oBAAoB,WAAA,EAAoC;AAEvE,EAAA,IAAI,QAAO,EAAG;AACb,IAAA,OAAO,IAAI,uBAAuB,WAAW,CAAA;AAAA,EAC9C;AAGA,EAAA,IAAI,OAAO,iBAAiB,WAAA,EAAa;AACxC,IAAA,OAAO,IAAI,wBAAA,EAAyB;AAAA,EACrC;AAGA,EAAA,OAAO,IAAI,kBAAA,EAAmB;AAC/B;AAvfA,IAIM,kBACA,gBAAA,CAAA,CAmBO,oBAAA,CAAA,CAwHA,sBAAA,CAAA,CAiJA,gBAAA,CAAA,CAgEA,oBAmBA,wBAAA,CAAA,CA6BA;AAjZb,IAAA,YAAA,GAAA,KAAA,CAAA;AAAA,EAAA,gBAAA,GAAA;AACA,IAAA,UAAA,EAAA;AAGA,IAAM,gBAAA,GAAmB,UAAA;AACzB,IAAM,gBAAA,GAAmB,cAAA;AAmBlB,IAAM,uBAAN,MAAmD;AAAA,MACjD,MAAA,GAAyC,IAAA;AAAA,MACzC,WAAA,GAAc,KAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAMtB,MAAc,SAAA,GAAqD;AAClE,QAAA,IAAI,KAAK,WAAA,EAAa;AACrB,UAAA,OAAO,IAAA,CAAK,MAAA;AAAA,QACb;AAEA,QAAA,IAAA,CAAK,WAAA,GAAc,IAAA;AAEnB,QAAA,IAAI;AAEH,UAAA,MAAM,QAAA,GAAW,MAAM,OAAO,QAAQ,CAAA;AAEtC,UAAA,MAAM,YAAA,GAAgB,SAAiB,OAAA,IAAW,QAAA;AAClD,UAAA,IAAA,CAAK,MAAA,GAAS,YAAA;AAGd,UAAA,IAAI,OAAO,IAAA,CAAK,MAAA,CAAO,WAAA,KAAgB,UAAA,EAAY;AAClD,YAAA,IAAI,MAAA,CAAO,OAAO,CAAA,EAAG;AACpB,cAAA,OAAA,CAAQ,KAAK,yDAAA,EAA2D,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,MAAM,CAAC,CAAA;AAAA,YACjG;AACA,YAAA,IAAA,CAAK,MAAA,GAAS,IAAA;AACd,YAAA,OAAO,IAAA;AAAA,UACR;AAEA,UAAA,OAAO,IAAA,CAAK,MAAA;AAAA,QACb,SAAS,KAAA,EAAO;AAGf,UAAA,IAAI,MAAA,CAAO,OAAO,CAAA,EAAG;AACpB,YAAA,OAAA,CAAQ,IAAA,CAAK,mCAAmC,KAAK,CAAA;AAAA,UACtD;AACA,UAAA,OAAO,IAAA;AAAA,QACR;AAAA,MACD;AAAA,MAEA,MAAM,QAAA,GAAmC;AACxC,QAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,SAAA,EAAU;AACpC,QAAA,IAAI,CAAC,MAAA,EAAQ;AACZ,UAAA,OAAO,IAAA;AAAA,QACR;AAEA,QAAA,IAAI;AACH,UAAA,MAAM,KAAA,GAAQ,MAAM,MAAA,CAAO,WAAA,CAAY,kBAAkB,gBAAgB,CAAA;AACzE,UAAA,OAAO,KAAA;AAAA,QACR,SAAS,KAAA,EAAO;AACf,UAAA,IAAI,MAAA,CAAO,OAAO,CAAA,EAAG;AACpB,YAAA,OAAA,CAAQ,IAAA,CAAK,sCAAsC,KAAK,CAAA;AAAA,UACzD;AACA,UAAA,OAAO,IAAA;AAAA,QACR;AAAA,MACD;AAAA,MAEA,MAAM,SAAS,KAAA,EAA8B;AAC5C,QAAA,IAAI;AACH,UAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,SAAA,EAAU;AACpC,UAAA,IAAI,CAAC,MAAA,EAAQ;AACZ,YAAA,MAAM,IAAI,MAAM,gCAAgC,CAAA;AAAA,UACjD;AAEA,UAAA,MAAM,MAAA,CAAO,WAAA,CAAY,gBAAA,EAAkB,gBAAA,EAAkB,KAAK,CAAA;AAAA,QACnE,SAAS,KAAA,EAAY;AAEpB,UAAA,IAAI,OAAO,IAAA,KAAS,kBAAA,IAAsB,OAAO,OAAA,EAAS,QAAA,CAAS,oBAAoB,CAAA,EAAG;AACzF,YAAA,MAAM,IAAI,MAAM,yDAAyD,CAAA;AAAA,UAC1E;AACA,UAAA,MAAM,IAAI,KAAA,CAAM,CAAA,kCAAA,EAAqC,KAAK,CAAA,CAAE,CAAA;AAAA,QAC7D;AAAA,MACD;AAAA,MAEA,MAAM,WAAA,GAA6B;AAClC,QAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,SAAA,EAAU;AACpC,QAAA,IAAI,CAAC,MAAA,EAAQ;AACZ,UAAA;AAAA,QACD;AAEA,QAAA,IAAI;AACH,UAAA,MAAM,MAAA,CAAO,cAAA,CAAe,gBAAA,EAAkB,gBAAgB,CAAA;AAAA,QAC/D,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACD;AAAA;AAAA;AAAA;AAAA,MAKA,MAAM,WAAA,GAAgC;AACrC,QAAA,IAAI;AACH,UAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,SAAA,EAAU;AACpC,UAAA,IAAI,CAAC,MAAA,EAAQ;AACZ,YAAA,OAAO,KAAA;AAAA,UACR;AAIA,UAAA,MAAM,MAAA,CAAO,WAAA,CAAY,gBAAA,EAAkB,UAAU,CAAA;AACrD,UAAA,OAAO,IAAA;AAAA,QACR,SAAS,KAAA,EAAO;AACf,UAAA,IAAI,MAAA,CAAO,OAAO,CAAA,EAAG;AACpB,YAAA,OAAA,CAAQ,IAAA,CAAK,2BAA2B,KAAK,CAAA;AAAA,UAC9C;AACA,UAAA,OAAO,KAAA;AAAA,QACR;AAAA,MACD;AAAA,KACD;AAUO,IAAM,yBAAN,MAAqD;AAAA,MACnD,SAAA,GAA2B,IAAA;AAAA,MAC3B,SAAA,GAA2B,IAAA;AAAA,MAC3B,WAAA,GAAc,KAAA;AAAA,MACd,UAAA;AAAA,MAER,YAAY,UAAA,EAAqB;AAChC,QAAA,IAAA,CAAK,UAAA,GAAa,UAAA;AAAA,MACnB;AAAA,MAEA,MAAc,IAAA,GAAyB;AACtC,QAAA,IAAI,IAAA,CAAK,WAAA,EAAa,OAAO,IAAA,CAAK,SAAA,KAAc,IAAA;AAChD,QAAA,IAAA,CAAK,WAAA,GAAc,IAAA;AAEnB,QAAA,IAAI,CAAC,MAAA,EAAO,EAAG,OAAO,KAAA;AAEtB,QAAA,IAAI;AACH,UAAA,MAAM,EAAA,GAAK,MAAM,OAAO,IAAI,CAAA;AAC5B,UAAA,MAAM,IAAA,GAAO,MAAM,OAAO,MAAM,CAAA;AAGhC,UAAA,IAAI,KAAK,UAAA,EAAY;AAEpB,YAAA,MAAM,eAAe,IAAA,CAAK,UAAA,CAAW,UAAA,CAAW,IAAI,IACjD,IAAA,CAAK,IAAA,CAAK,EAAA,CAAG,OAAA,IAAW,IAAA,CAAK,UAAA,CAAW,MAAM,CAAC,CAAC,IAChD,IAAA,CAAK,UAAA;AAER,YAAA,IAAA,CAAK,SAAA,GAAY,YAAA;AACjB,YAAA,IAAA,CAAK,SAAA,GAAY,IAAA,CAAK,OAAA,CAAQ,YAAY,CAAA;AAAA,UAC3C,CAAA,MAAO;AAEN,YAAA,IAAA,CAAK,YAAY,IAAA,CAAK,IAAA,CAAK,EAAA,CAAG,OAAA,IAAW,WAAW,CAAA;AACpD,YAAA,IAAA,CAAK,SAAA,GAAY,IAAA,CAAK,IAAA,CAAK,IAAA,CAAK,WAAW,OAAO,CAAA;AAAA,UACnD;AACA,UAAA,OAAO,IAAA;AAAA,QACR,CAAA,CAAA,MAAQ;AACP,UAAA,OAAO,KAAA;AAAA,QACR;AAAA,MACD;AAAA,MAEA,MAAM,QAAA,GAAmC;AAExC,QAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,YAAA,EAAa;AACrC,QAAA,IAAI,IAAA,EAAM;AACT,UAAA,OAAO,IAAA,CAAK,WAAA;AAAA,QACb;AAGA,QAAA,IAAI,CAAE,MAAM,IAAA,CAAK,IAAA,MAAW,CAAC,IAAA,CAAK,WAAW,OAAO,IAAA;AAEpD,QAAA,IAAI;AACH,UAAA,MAAM,EAAA,GAAK,MAAM,OAAO,aAAa,CAAA;AACrC,UAAA,MAAM,KAAA,GAAQ,MAAM,EAAA,CAAG,IAAA,CAAK,KAAK,SAAS,CAAA;AAC1C,UAAA,MAAM,IAAA,GAAO,MAAM,IAAA,GAAO,GAAA;AAE1B,UAAA,IAAI,IAAA,KAAS,GAAA,IAAS,MAAA,CAAO,OAAO,CAAA,EAAG;AACtC,YAAA,OAAA,CAAQ,IAAA;AAAA,cACP,iDAAiD,IAAA,CAAK,QAAA,CAAS,CAAC,CAAC,CAAA,gCAAA,EAChC,KAAK,SAAS,CAAA;AAAA,aAChD;AAAA,UACD;AAEA,UAAA,MAAM,UAAU,MAAM,EAAA,CAAG,QAAA,CAAS,IAAA,CAAK,WAAW,OAAO,CAAA;AACzD,UAAA,MAAM,OAAA,GAAU,QAAQ,IAAA,EAAK;AAG7B,UAAA,IAAI,OAAA,CAAQ,UAAA,CAAW,GAAG,CAAA,EAAG;AAC5B,YAAA,MAAMA,KAAAA,GAAO,IAAA,CAAK,KAAA,CAAM,OAAO,CAAA;AAC/B,YAAA,OAAOA,KAAAA,CAAK,WAAA;AAAA,UACb;AAEA,UAAA,OAAO,OAAA;AAAA,QACR,CAAA,CAAA,MAAQ;AACP,UAAA,OAAO,IAAA;AAAA,QACR;AAAA,MACD;AAAA,MAEA,MAAM,SAAS,KAAA,EAA8B;AAE5C,QAAA,MAAM,KAAK,YAAA,CAAa,EAAE,aAAa,KAAA,CAAM,IAAA,IAAQ,CAAA;AAAA,MACtD;AAAA,MAEA,MAAM,YAAA,GAAgD;AACrD,QAAA,IAAI,CAAE,MAAM,IAAA,CAAK,IAAA,MAAW,CAAC,IAAA,CAAK,WAAW,OAAO,IAAA;AAEpD,QAAA,IAAI;AACH,UAAA,MAAM,EAAA,GAAK,MAAM,OAAO,aAAa,CAAA;AACrC,UAAA,MAAM,UAAU,MAAM,EAAA,CAAG,QAAA,CAAS,IAAA,CAAK,WAAW,OAAO,CAAA;AACzD,UAAA,MAAM,OAAA,GAAU,QAAQ,IAAA,EAAK;AAG7B,UAAA,IAAI,OAAA,CAAQ,UAAA,CAAW,GAAG,CAAA,EAAG;AAC5B,YAAA,OAAO,IAAA,CAAK,MAAM,OAAO,CAAA;AAAA,UAC1B;AAGA,UAAA,OAAO,EAAE,aAAa,OAAA,EAAQ;AAAA,QAC/B,CAAA,CAAA,MAAQ;AACP,UAAA,OAAO,IAAA;AAAA,QACR;AAAA,MACD;AAAA,MAEA,MAAM,aAAa,IAAA,EAAsC;AACxD,QAAA,IAAI,CAAE,MAAM,IAAA,CAAK,IAAA,EAAK,IAAM,CAAC,IAAA,CAAK,SAAA,IAAa,CAAC,IAAA,CAAK,SAAA,EAAW;AAC/D,UAAA,MAAM,IAAI,MAAM,4BAA4B,CAAA;AAAA,QAC7C;AAEA,QAAA,IAAI;AACH,UAAA,MAAM,EAAA,GAAK,MAAM,OAAO,aAAa,CAAA;AACrC,UAAA,MAAM,EAAA,CAAG,MAAM,IAAA,CAAK,SAAA,EAAW,EAAE,SAAA,EAAW,IAAA,EAAM,IAAA,EAAM,GAAA,EAAO,CAAA;AAC/D,UAAA,MAAM,EAAA,CAAG,SAAA,CAAU,IAAA,CAAK,SAAA,EAAW,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA,EAAG,EAAE,QAAA,EAAU,OAAA,EAAS,IAAA,EAAM,KAAO,CAAA;AAC3F,UAAA,MAAM,EAAA,CAAG,KAAA,CAAM,IAAA,CAAK,SAAA,EAAW,GAAK,CAAA;AAAA,QACrC,SAAS,KAAA,EAAO;AACf,UAAA,OAAA,CAAQ,KAAA,CAAM,8BAA8B,KAAK,CAAA;AACjD,UAAA,MAAM,KAAA;AAAA,QACP;AAAA,MACD;AAAA,MAEA,MAAM,WAAA,GAA6B;AAClC,QAAA,IAAI,CAAE,MAAM,IAAA,CAAK,MAAK,IAAM,CAAC,KAAK,SAAA,EAAW;AAE7C,QAAA,IAAI;AACH,UAAA,MAAM,EAAA,GAAK,MAAM,OAAO,aAAa,CAAA;AACrC,UAAA,MAAM,EAAA,CAAG,MAAA,CAAO,IAAA,CAAK,SAAS,CAAA;AAAA,QAC/B,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACD;AAAA;AAAA;AAAA;AAAA,MAKA,MAAM,cAAA,GAAkF;AACvF,QAAA,MAAM,KAAK,IAAA,EAAK;AAChB,QAAA,OAAO,EAAE,IAAA,EAAM,MAAA,EAAQ,QAAQ,IAAA,EAAM,IAAA,EAAM,KAAK,SAAA,EAAU;AAAA,MAC3D;AAAA,KACD;AASO,IAAM,mBAAN,MAA+C;AAAA,MAC7C,SAAA,GAA2B,IAAA;AAAA,MAC3B,SAAA,GAA2B,IAAA;AAAA,MAC3B,WAAA,GAAc,KAAA;AAAA,MAEtB,MAAc,IAAA,GAAyB;AACtC,QAAA,IAAI,IAAA,CAAK,WAAA,EAAa,OAAO,IAAA,CAAK,SAAA,KAAc,IAAA;AAChD,QAAA,IAAA,CAAK,WAAA,GAAc,IAAA;AAEnB,QAAA,IAAI,CAAC,MAAA,EAAO,EAAG,OAAO,KAAA;AAEtB,QAAA,IAAI;AACH,UAAA,MAAM,EAAA,GAAK,MAAM,OAAO,IAAI,CAAA;AAC5B,UAAA,MAAM,IAAA,GAAO,MAAM,OAAO,MAAM,CAAA;AAChC,UAAA,IAAA,CAAK,YAAY,IAAA,CAAK,IAAA,CAAK,EAAA,CAAG,OAAA,IAAW,WAAW,CAAA;AACpD,UAAA,IAAA,CAAK,SAAA,GAAY,IAAA,CAAK,IAAA,CAAK,IAAA,CAAK,WAAW,OAAO,CAAA;AAClD,UAAA,OAAO,IAAA;AAAA,QACR,CAAA,CAAA,MAAQ;AACP,UAAA,OAAO,KAAA;AAAA,QACR;AAAA,MACD;AAAA,MAEA,MAAM,QAAA,GAAmC;AACxC,QAAA,IAAI,CAAE,MAAM,IAAA,CAAK,IAAA,MAAW,CAAC,IAAA,CAAK,WAAW,OAAO,IAAA;AAEpD,QAAA,IAAI;AACH,UAAA,MAAM,EAAA,GAAK,MAAM,OAAO,aAAa,CAAA;AACrC,UAAA,MAAM,QAAQ,MAAM,EAAA,CAAG,QAAA,CAAS,IAAA,CAAK,WAAW,OAAO,CAAA;AACvD,UAAA,OAAO,MAAM,IAAA,EAAK;AAAA,QACnB,CAAA,CAAA,MAAQ;AACP,UAAA,OAAO,IAAA;AAAA,QACR;AAAA,MACD;AAAA,MAEA,MAAM,SAAS,KAAA,EAA8B;AAC5C,QAAA,IAAI,CAAE,MAAM,IAAA,CAAK,IAAA,EAAK,IAAM,CAAC,IAAA,CAAK,SAAA,IAAa,CAAC,IAAA,CAAK,SAAA,EAAW;AAC/D,UAAA,MAAM,IAAI,MAAM,4BAA4B,CAAA;AAAA,QAC7C;AAEA,QAAA,IAAI;AACH,UAAA,MAAM,EAAA,GAAK,MAAM,OAAO,aAAa,CAAA;AACrC,UAAA,MAAM,GAAG,KAAA,CAAM,IAAA,CAAK,WAAW,EAAE,SAAA,EAAW,MAAM,CAAA;AAClD,UAAA,MAAM,EAAA,CAAG,SAAA,CAAU,IAAA,CAAK,SAAA,EAAW,OAAO,OAAO,CAAA;AAAA,QAClD,SAAS,KAAA,EAAO;AACf,UAAA,OAAA,CAAQ,KAAA,CAAM,yBAAyB,KAAK,CAAA;AAC5C,UAAA,MAAM,KAAA;AAAA,QACP;AAAA,MACD;AAAA,MAEA,MAAM,WAAA,GAA6B;AAClC,QAAA,IAAI,CAAE,MAAM,IAAA,CAAK,MAAK,IAAM,CAAC,KAAK,SAAA,EAAW;AAE7C,QAAA,IAAI;AACH,UAAA,MAAM,EAAA,GAAK,MAAM,OAAO,aAAa,CAAA;AACrC,UAAA,MAAM,EAAA,CAAG,MAAA,CAAO,IAAA,CAAK,SAAS,CAAA;AAAA,QAC/B,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACD;AAAA,KACD;AAKO,IAAM,qBAAN,MAAiD;AAAA,MAC/C,KAAA,GAAuB,IAAA;AAAA,MAE/B,MAAM,QAAA,GAAmC;AACxC,QAAA,OAAO,IAAA,CAAK,KAAA;AAAA,MACb;AAAA,MAEA,MAAM,SAAS,KAAA,EAA8B;AAC5C,QAAA,IAAA,CAAK,KAAA,GAAQ,KAAA;AAAA,MACd;AAAA,MAEA,MAAM,WAAA,GAA6B;AAClC,QAAA,IAAA,CAAK,KAAA,GAAQ,IAAA;AAAA,MACd;AAAA,KACD;AAKO,IAAM,2BAAN,MAAuD;AAAA,MACrD,GAAA,GAAM,gBAAA;AAAA,MAEd,MAAM,QAAA,GAAmC;AACxC,QAAA,IAAI,OAAO,iBAAiB,WAAA,EAAa;AACxC,UAAA,OAAO,IAAA;AAAA,QACR;AACA,QAAA,OAAO,YAAA,CAAa,OAAA,CAAQ,IAAA,CAAK,GAAG,CAAA;AAAA,MACrC;AAAA,MAEA,MAAM,SAAS,KAAA,EAA8B;AAC5C,QAAA,IAAI,OAAO,iBAAiB,WAAA,EAAa;AACxC,UAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,QAChD;AACA,QAAA,YAAA,CAAa,OAAA,CAAQ,IAAA,CAAK,GAAA,EAAK,KAAK,CAAA;AAAA,MACrC;AAAA,MAEA,MAAM,WAAA,GAA6B;AAClC,QAAA,IAAI,OAAO,iBAAiB,WAAA,EAAa;AACxC,UAAA;AAAA,QACD;AACA,QAAA,YAAA,CAAa,UAAA,CAAW,KAAK,GAAG,CAAA;AAAA,MACjC;AAAA,KACD;AAMO,IAAM,wBAAN,MAAoD;AAAA,MAClD,eAAA;AAAA,MACA,WAAA;AAAA,MACA,gBAAA,GAAwC,IAAA;AAAA,MAEhD,WAAA,GAAc;AACb,QAAA,IAAA,CAAK,eAAA,GAAkB,IAAI,oBAAA,EAAqB;AAChD,QAAA,IAAA,CAAK,WAAA,GAAc,IAAI,sBAAA,EAAuB;AAAA,MAC/C;AAAA;AAAA;AAAA;AAAA,MAKA,MAAc,mBAAA,GAA6C;AAC1D,QAAA,IAAI,KAAK,gBAAA,EAAkB;AAC1B,UAAA,OAAO,IAAA,CAAK,gBAAA;AAAA,QACb;AAGA,QAAA,IAAI,MAAM,IAAA,CAAK,eAAA,CAAgB,WAAA,EAAY,EAAG;AAC7C,UAAA,IAAA,CAAK,mBAAmB,IAAA,CAAK,eAAA;AAC7B,UAAA,OAAO,IAAA,CAAK,gBAAA;AAAA,QACb;AAGA,QAAA,IAAA,CAAK,mBAAmB,IAAA,CAAK,WAAA;AAC7B,QAAA,OAAO,IAAA,CAAK,gBAAA;AAAA,MACb;AAAA,MAEA,MAAM,QAAA,GAAmC;AAExC,QAAA,MAAM,aAAA,GAAgB,MAAM,IAAA,CAAK,eAAA,CAAgB,QAAA,EAAS;AAC1D,QAAA,IAAI,aAAA,EAAe;AAClB,UAAA,OAAO,aAAA;AAAA,QACR;AAGA,QAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,WAAA,CAAY,QAAA,EAAS;AAClD,QAAA,IAAI,SAAA,EAAW;AAEd,UAAA,IAAI,MAAM,IAAA,CAAK,eAAA,CAAgB,WAAA,EAAY,EAAG;AAC7C,YAAA,IAAI;AACH,cAAA,MAAM,IAAA,CAAK,eAAA,CAAgB,QAAA,CAAS,SAAS,CAAA;AAC7C,cAAA,MAAM,IAAA,CAAK,YAAY,WAAA,EAAY;AACnC,cAAA,IAAI,MAAA,CAAO,OAAO,CAAA,EAAG;AACpB,gBAAA,OAAA,CAAQ,IAAI,sCAAsC,CAAA;AAAA,cACnD;AAAA,YACD,CAAA,CAAA,MAAQ;AAAA,YAER;AAAA,UACD;AACA,UAAA,OAAO,SAAA;AAAA,QACR;AAEA,QAAA,OAAO,IAAA;AAAA,MACR;AAAA,MAEA,MAAM,SAAS,KAAA,EAA8B;AAC5C,QAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,mBAAA,EAAoB;AAC/C,QAAA,MAAM,OAAA,CAAQ,SAAS,KAAK,CAAA;AAAA,MAC7B;AAAA,MAEA,MAAM,WAAA,GAA6B;AAElC,QAAA,MAAM,OAAA,CAAQ,GAAA,CAAI,CAAC,IAAA,CAAK,eAAA,CAAgB,WAAA,EAAY,EAAG,IAAA,CAAK,WAAA,CAAY,WAAA,EAAa,CAAC,CAAA;AAAA,MACvF;AAAA;AAAA;AAAA;AAAA,MAKA,MAAM,cAAA,GAA0E;AAC/E,QAAA,IAAI,MAAM,IAAA,CAAK,eAAA,CAAgB,WAAA,EAAY,EAAG;AAC7C,UAAA,OAAO,EAAE,IAAA,EAAM,UAAA,EAAY,MAAA,EAAQ,IAAA,EAAK;AAAA,QACzC;AACA,QAAA,OAAO,EAAE,IAAA,EAAM,MAAA,EAAQ,MAAA,EAAQ,IAAA,EAAK;AAAA,MACrC;AAAA,KACD;AAAA,EAAA;AAAA,CAAA,CAAA;;;AC5dA,UAAA,EAAA;AAMA,IAAI,YAAA,GAA8F;AAAA,EACjG,QAAQ,MAAA,CAAO,eAAe,CAAA,IAAK,MAAA,CAAO,SAAS,CAAA,IAAK,iBAAA;AAAA,EACxD,QAAA,EAAU,MAAA,CAAO,iBAAiB,CAAA,IAAK,mCAAA;AAAA,EACvC,aAAA,EAAe,MAAA,CAAO,sBAAsB,CAAA,IAAK,gBAAA;AAAA,EACjD,OAAO,UAAA,CAAW,KAAA;AAAA,EAClB,WAAA,EAAa,OAAO,oBAAoB;AACzC,CAAA;AAKO,SAAS,UAAU,MAAA,EAA2B;AACpD,EAAA,YAAA,GAAe;AAAA,IACd,GAAG,YAAA;AAAA,IACH,GAAG;AAAA,GACJ;AACD;AAKO,SAAS,SAAA,GAA2F;AAC1G,EAAA,OAAO,YAAA;AACR;;;AC7BA,UAAA,EAAA;AAQA,eAAe,cAAc,KAAA,EAAwC;AACpE,EAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AACnB,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,OAAO,KAAA;AACtC,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,OAAQ,KAAA,CAAc,QAAQ,UAAA,EAAY;AAC1E,IAAA,OAAO,MAAO,MAAc,GAAA,EAAI;AAAA,EACjC;AACA,EAAA,OAAO,IAAA;AACR;AASA,eAAsB,QAAQ,KAAA,EAAqC;AAClE,EAAA,MAAM,SAAS,SAAA,EAAU;AACzB,EAAA,MAAM,SAAA,GAAY,KAAA,IAAS,MAAA,CAAO,UAAU,CAAA,IAAK,EAAA;AAEjD,EAAA,IAAI,CAAC,SAAA,EAAW;AACf,IAAA,OAAO,EAAE,MAAM,IAAA,EAAK;AAAA,EACrB;AAEA,EAAA,IAAI;AACH,IAAA,MAAM,WAAW,MAAM,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,GAAA,CAAA,EAAO;AAAA,MAC1D,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACR,eAAA,EAAiB,UAAU,SAAS,CAAA,CAAA;AAAA,QACpC,cAAA,EAAgB;AAAA;AACjB,KACA,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACjB,MAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC5B,QAAA,OAAO,EAAE,MAAM,IAAA,EAAK;AAAA,MACrB;AACA,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,uBAAA,EAA0B,QAAA,CAAS,UAAU,CAAA,CAAE,CAAA;AAAA,IAChE;AAEA,IAAA,MAAM,IAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK;AAClC,IAAA,OAAO,EAAE,IAAA,EAAM,KAAA,EAAO,SAAA,EAAU;AAAA,EACjC,SAAS,KAAA,EAAO;AACf,IAAA,OAAA,CAAQ,KAAA,CAAM,eAAe,KAAK,CAAA;AAClC,IAAA,OAAO,EAAE,MAAM,IAAA,EAAK;AAAA,EACrB;AACD;AASA,eAAsB,MAAM,WAAA,EAIJ;AACvB,EAAA,MAAM,SAAS,SAAA,EAAU;AAEzB,EAAA,IAAI;AACH,IAAA,MAAM,WAAW,MAAM,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,MAAA,CAAA,EAAU;AAAA,MAC7D,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACR,cAAA,EAAgB;AAAA,OACjB;AAAA,MACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,WAAW;AAAA,KAChC,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACjB,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,cAAA,EAAiB,QAAA,CAAS,UAAU,CAAA,CAAE,CAAA;AAAA,IACvD;AAEA,IAAA,MAAM,IAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK;AAClC,IAAA,OAAO,EAAE,IAAA,EAAM,IAAA,CAAK,IAAA,EAAM,KAAA,EAAO,KAAK,KAAA,EAAM;AAAA,EAC7C,SAAS,KAAA,EAAO;AACf,IAAA,OAAA,CAAQ,KAAA,CAAM,gBAAgB,KAAK,CAAA;AACnC,IAAA,MAAM,KAAA;AAAA,EACP;AACD;AAQA,eAAsB,OAAO,KAAA,EAA+B;AAC3D,EAAA,MAAM,SAAS,SAAA,EAAU;AACzB,EAAA,MAAM,SAAA,GAAY,KAAA,IAAS,MAAA,CAAO,UAAU,CAAA,IAAK,EAAA;AAEjD,EAAA,IAAI,CAAC,SAAA,EAAW;AACf,IAAA;AAAA,EACD;AAEA,EAAA,IAAI;AACH,IAAA,MAAM,WAAW,MAAM,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,OAAA,CAAA,EAAW;AAAA,MAC9D,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACR,eAAA,EAAiB,UAAU,SAAS,CAAA,CAAA;AAAA,QACpC,cAAA,EAAgB;AAAA;AACjB,KACA,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACjB,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,gBAAA,EAAmB,QAAA,CAAS,UAAU,CAAA,CAAE,CAAA;AAAA,IACtD;AAAA,EACD,SAAS,KAAA,EAAO;AACf,IAAA,OAAA,CAAQ,KAAA,CAAM,iBAAiB,KAAK,CAAA;AAAA,EACrC;AACD;AAGA,IAAM,iBAAA,GAAoB,IAAI,EAAA,GAAK,GAAA;AAKnC,SAAS,eAAe,SAAA,EAA6B;AACpD,EAAA,IAAI,CAAC,WAAW,OAAO,KAAA;AACvB,EAAA,OAAO,IAAA,CAAK,GAAA,EAAI,IAAK,SAAA,GAAY,iBAAA;AAClC;AAaA,eAAsB,QAAA,GAAmC;AAExD,EAAA,MAAM,UAAA,GAAa,OAAO,gBAAgB,CAAA;AAC1C,EAAA,IAAI,YAAY,OAAO,UAAA;AACvB,EAAA,MAAM,OAAA,GAAU,OAAO,UAAU,CAAA;AACjC,EAAA,IAAI,SAAS,OAAO,OAAA;AAIpB,EAAA,IAAI;AAEH,IAAA,MAAM,EAAE,GAAA,EAAI,GAAI,MAAM,OAAO,oBAAoB,CAAA;AAEjD,IAAA,MAAM,YAAA,GAAe,MAAM,aAAA,CAAe,GAAA,CAAY,cAAc,CAAA;AACpE,IAAA,IAAI,cAAc,OAAO,YAAA;AAEzB,IAAA,MAAM,OAAA,GAAU,MAAM,aAAA,CAAe,GAAA,CAAY,QAAQ,CAAA;AACzD,IAAA,IAAI,SAAS,OAAO,OAAA;AAAA,EACrB,CAAA,CAAA,MAAQ;AAAA,EAER;AAGA,EAAA,IAAI;AACH,IAAA,MAAM,EAAE,mBAAA,EAAAC,oBAAAA,EAAoB,GAAI,MAAM,OAAA,CAAA,OAAA,EAAA,CAAA,IAAA,CAAA,OAAA,YAAA,EAAA,EAAA,eAAA,CAAA,CAAA;AACtC,IAAA,MAAM,SAAS,SAAA,EAAU;AACzB,IAAA,MAAM,OAAA,GAAUA,oBAAAA,CAAoB,MAAA,CAAO,WAAW,CAAA;AAGtD,IAAA,MAAM,YAAY,OAAA,CAAQ,YAAA,GAAe,MAAM,OAAA,CAAQ,cAAa,GAAI,IAAA;AAExE,IAAA,IAAI,SAAA,EAAW;AAEd,MAAA,IAAI,CAAC,cAAA,CAAe,SAAA,CAAU,SAAS,CAAA,EAAG;AACzC,QAAA,OAAO,SAAA,CAAU,WAAA;AAAA,MAClB;AAGA,MAAA,IAAI,UAAU,YAAA,EAAc;AAC3B,QAAA,IAAI;AACH,UAAA,MAAM,SAAA,GAAY,MAAM,kBAAA,CAAmB,SAAA,CAAU,YAAY,CAAA;AAGjE,UAAA,MAAM,SAAA,GAAY,UAAU,UAAA,GACzB,IAAA,CAAK,KAAI,GAAI,SAAA,CAAU,aAAa,GAAA,GACpC,KAAA,CAAA;AAGH,UAAA,MAAM,OAAA,GAA2B;AAAA,YAChC,aAAa,SAAA,CAAU,YAAA;AAAA,YACvB,YAAA,EAAc,SAAA,CAAU,aAAA,IAAiB,SAAA,CAAU,YAAA;AAAA,YACnD;AAAA,WACD;AAEA,UAAA,IAAI,QAAQ,YAAA,EAAc;AACzB,YAAA,MAAM,OAAA,CAAQ,aAAa,OAAO,CAAA;AAAA,UACnC,CAAA,MAAO;AACN,YAAA,MAAM,OAAA,CAAQ,QAAA,CAAS,SAAA,CAAU,YAAY,CAAA;AAAA,UAC9C;AAEA,UAAA,OAAO,SAAA,CAAU,YAAA;AAAA,QAClB,CAAA,CAAA,MAAQ;AAEP,UAAA,OAAO,IAAA;AAAA,QACR;AAAA,MACD;AAGA,MAAA,OAAO,IAAA;AAAA,IACR;AAGA,IAAA,OAAO,MAAM,QAAQ,QAAA,EAAS;AAAA,EAC/B,CAAA,CAAA,MAAQ;AAEP,IAAA,OAAO,IAAA;AAAA,EACR;AACD;AAKA,eAAsB,gBAAgB,KAAA,EAAkC;AACvE,EAAA,MAAM,MAAA,GAAS,MAAM,OAAA,CAAQ,KAAK,CAAA;AAClC,EAAA,OAAO,OAAO,IAAA,KAAS,IAAA;AACxB;AAgBO,SAAS,IAAA,GAAqB;AACpC,EAAA,OAAO,QAAA;AACR;AAQA,eAAsB,mBAAmB,YAAA,EAA8C;AACtF,EAAA,MAAM,SAAS,SAAA,EAAU;AAEzB,EAAA,IAAI,CAAC,OAAO,QAAA,EAAU;AACrB,IAAA,MAAM,IAAI,MAAM,yCAAyC,CAAA;AAAA,EAC1D;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,MAAA,CAAO,KAAA,CAAM,mDAAA,EAAqD;AAAA,IACxF,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACR,cAAA,EAAgB;AAAA,KACjB;AAAA,IACA,IAAA,EAAM,IAAI,eAAA,CAAgB;AAAA,MACzB,UAAA,EAAY,eAAA;AAAA,MACZ,aAAA,EAAe,YAAA;AAAA,MACf,WAAW,MAAA,CAAO;AAAA,KAClB,EAAE,QAAA;AAAS,GACZ,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACjB,IAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,sBAAA,EAAyB,SAAS,MAAM,CAAA,GAAA,EAAM,SAAS,CAAA,CAAE,CAAA;AAAA,EAC1E;AAEA,EAAA,OAAQ,MAAM,SAAS,IAAA,EAAK;AAC7B;AAiDO,SAAS,aAAa,OAAA,EAOlB;AACV,EAAA,MAAM,SAAS,SAAA,EAAU;AACzB,EAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,QAAA,IAAY,MAAA,CAAO,QAAA;AAC5C,EAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,UAAA,IAAc,MAAA,CAAO,aAAA;AAEhD,EAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB;AAAA,IAClC,SAAA,EAAW,QAAA;AAAA,IACX,cAAc,OAAA,CAAQ,WAAA;AAAA,IACtB,aAAA,EAAe,QAAQ,YAAA,IAAgB,MAAA;AAAA,IACvC,KAAA,EAAO,QAAQ,KAAA,IAAS;AAAA,GACxB,CAAA;AAED,EAAA,IAAI,QAAQ,KAAA,EAAO;AAClB,IAAA,MAAA,CAAO,GAAA,CAAI,OAAA,EAAS,OAAA,CAAQ,KAAK,CAAA;AAAA,EAClC;AAEA,EAAA,OAAO,CAAA,QAAA,EAAW,UAAU,CAAA,WAAA,EAAc,MAAA,CAAO,UAAU,CAAA,CAAA;AAC5D;;;AC7UA,eAAsB,eAAA,CAAgB,OAAA,GAA6B,EAAC,EAAyC;AAC5G,EAAA,MAAM,SAAS,SAAA,EAAU;AAEzB,EAAA,IAAI,CAAC,OAAO,QAAA,EAAU;AACrB,IAAA,MAAM,IAAI,MAAM,uGAAuG,CAAA;AAAA,EACxH;AAEA,EAAA,IAAI;AACH,IAAA,MAAM,GAAA,GAAM,uDAAA;AACZ,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,MAChC,WAAW,MAAA,CAAO,QAAA;AAAA,MAClB,KAAA,EAAO;AAAA,KACP,CAAA;AAGD,IAAA,IAAI,QAAQ,QAAA,EAAU;AACrB,MAAA,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,OAAA,CAAQ,QAAQ,CAAA;AAAA,IACtC;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,MAAA,CAAO,KAAA,CAAM,GAAA,EAAK;AAAA,MACxC,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACR,cAAA,EAAgB;AAAA,OACjB;AAAA,MACA,IAAA,EAAM,KAAK,QAAA;AAAS,KACpB,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACjB,MAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,6BAAA,EAAgC,SAAS,UAAU,CAAA,GAAA,EAAM,SAAS,CAAA,CAAE,CAAA;AAAA,IACrF;AAEA,IAAA,MAAM,IAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK;AAClC,IAAA,OAAO,IAAA;AAAA,EACR,SAAS,KAAA,EAAO;AACf,IAAA,OAAA,CAAQ,KAAA,CAAM,+BAA+B,KAAK,CAAA;AAClD,IAAA,MAAM,KAAA;AAAA,EACP;AACD;AAUA,eAAsB,aAAA,CACrB,UAAA,EACA,QAAA,GAAmB,CAAA,EACnB,YAAoB,GAAA,EACK;AACzB,EAAA,MAAM,SAAS,SAAA,EAAU;AAEzB,EAAA,IAAI,CAAC,OAAO,QAAA,EAAU;AACrB,IAAA,MAAM,IAAI,MAAM,yCAAyC,CAAA;AAAA,EAC1D;AAEA,EAAA,MAAM,SAAA,GAAY,KAAK,GAAA,EAAI;AAC3B,EAAA,MAAM,UAAU,SAAA,GAAY,GAAA;AAC5B,EAAA,IAAI,kBAAkB,QAAA,GAAW,GAAA;AAEjC,EAAA,OAAO,IAAA,EAAM;AAEZ,IAAA,IAAI,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA,GAAY,OAAA,EAAS;AACrC,MAAA,MAAM,IAAI,MAAM,iDAAiD,CAAA;AAAA,IAClE;AAGA,IAAA,MAAM,IAAI,OAAA,CAAQ,CAAC,YAAY,UAAA,CAAW,OAAA,EAAS,eAAe,CAAC,CAAA;AAEnE,IAAA,IAAI;AACH,MAAA,MAAM,QAAA,GAAW,MAAM,MAAA,CAAO,KAAA,CAAM,mDAAA,EAAqD;AAAA,QACxF,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACR,cAAA,EAAgB;AAAA,SACjB;AAAA,QACA,IAAA,EAAM,IAAI,eAAA,CAAgB;AAAA,UACzB,UAAA,EAAY,8CAAA;AAAA,UACZ,WAAA,EAAa,UAAA;AAAA,UACb,WAAW,MAAA,CAAO;AAAA,SAClB,EAAE,QAAA;AAAS,OACZ,CAAA;AAED,MAAA,IAAI,SAAS,EAAA,EAAI;AAChB,QAAA,MAAM,IAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK;AAClC,QAAA,OAAO,IAAA;AAAA,MACR;AAGA,MAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,EAAK,CAAE,MAAM,OAAO,EAAE,KAAA,EAAO,SAAA,EAAU,CAAE,CAAA;AAC3E,MAAA,MAAM,KAAA,GAAS,UAAU,KAAA,IAAS,SAAA;AAElC,MAAA,QAAQ,KAAA;AAAO,QACd,KAAK,uBAAA;AAEJ,UAAA;AAAA,QAED,KAAK,WAAA;AAEJ,UAAA,eAAA,IAAmB,GAAA;AACnB,UAAA;AAAA,QAED,KAAK,eAAA;AACJ,UAAA,MAAM,IAAI,MAAM,uBAAuB,CAAA;AAAA,QAExC,KAAK,eAAA;AACJ,UAAA,MAAM,IAAI,MAAM,qBAAqB,CAAA;AAAA,QAEtC;AACC,UAAA,MAAM,IAAI,KAAA,CAAM,CAAA,sBAAA,EAAyB,KAAK,CAAA,CAAE,CAAA;AAAA;AAClD,IACD,SAAS,KAAA,EAAO;AAEf,MAAA,IAAI,iBAAiB,KAAA,EAAO;AAC3B,QAAA,MAAM,KAAA;AAAA,MACP;AAEA,MAAA;AAAA,IACD;AAAA,EACD;AACD;;;ACpEA,eAAsB,sBACrB,OAAA,EACoC;AACpC,EAAA,MAAM,EAAE,QAAA,EAAU,KAAA,GAAQ,sBAAA,EAAuB,GAAI,OAAA;AACrD,EAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,KAAA,IAAS,UAAA,CAAW,KAAA;AAE9C,EAAA,IAAI,CAAC,QAAA,EAAU;AACd,IAAA,MAAM,IAAI,MAAM,uDAAuD,CAAA;AAAA,EACxE;AAEA,EAAA,IAAI;AACH,IAAA,MAAM,GAAA,GAAM,sCAAA;AACZ,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,MAChC,SAAA,EAAW,QAAA;AAAA,MACX;AAAA,KACA,CAAA;AAED,IAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,GAAA,EAAK;AAAA,MACrC,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACR,cAAA,EAAgB,mCAAA;AAAA,QAChB,QAAA,EAAU;AAAA,OACX;AAAA,MACA;AAAA,KACA,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACjB,MAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,oCAAA,EAAuC,SAAS,UAAU,CAAA,GAAA,EAAM,SAAS,CAAA,CAAE,CAAA;AAAA,IAC5F;AAEA,IAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AAQjC,IAAA,OAAO;AAAA,MACN,YAAY,IAAA,CAAK,WAAA;AAAA,MACjB,UAAU,IAAA,CAAK,SAAA;AAAA,MACf,iBAAiB,IAAA,CAAK,gBAAA;AAAA,MACtB,WAAW,IAAA,CAAK,UAAA;AAAA,MAChB,UAAU,IAAA,CAAK;AAAA,KAChB;AAAA,EACD,SAAS,KAAA,EAAO;AACf,IAAA,OAAA,CAAQ,KAAA,CAAM,sCAAsC,KAAK,CAAA;AACzD,IAAA,MAAM,KAAA;AAAA,EACP;AACD;AAwBA,eAAsB,oBAAA,CACrB,YACA,OAAA,EAC+B;AAC/B,EAAA,MAAM,EAAE,QAAA,EAAU,QAAA,GAAW,CAAA,EAAG,SAAA,GAAY,KAAI,GAAI,OAAA;AACpD,EAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,KAAA,IAAS,UAAA,CAAW,KAAA;AAE9C,EAAA,IAAI,CAAC,QAAA,EAAU;AACd,IAAA,MAAM,IAAI,MAAM,gDAAgD,CAAA;AAAA,EACjE;AAEA,EAAA,MAAM,SAAA,GAAY,KAAK,GAAA,EAAI;AAC3B,EAAA,MAAM,UAAU,SAAA,GAAY,GAAA;AAC5B,EAAA,IAAI,kBAAkB,QAAA,GAAW,GAAA;AAEjC,EAAA,OAAO,IAAA,EAAM;AAEZ,IAAA,IAAI,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA,GAAY,OAAA,EAAS;AACrC,MAAA,MAAM,IAAI,MAAM,wDAAwD,CAAA;AAAA,IACzE;AAGA,IAAA,MAAM,IAAI,OAAA,CAAQ,CAAC,YAAY,UAAA,CAAW,OAAA,EAAS,eAAe,CAAC,CAAA;AAEnE,IAAA,IAAI;AACH,MAAA,MAAM,GAAA,GAAM,6CAAA;AACZ,MAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,QAChC,SAAA,EAAW,QAAA;AAAA,QACX,WAAA,EAAa,UAAA;AAAA,QACb,UAAA,EAAY;AAAA,OACZ,CAAA;AAED,MAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,GAAA,EAAK;AAAA,QACrC,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACR,cAAA,EAAgB,mCAAA;AAAA,UAChB,QAAA,EAAU;AAAA,SACX;AAAA,QACA;AAAA,OACA,CAAA;AAED,MAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AAKjC,MAAA,IAAI,kBAAkB,IAAA,EAAM;AAC3B,QAAA,OAAO;AAAA,UACN,aAAa,IAAA,CAAK,YAAA;AAAA,UAClB,WAAW,IAAA,CAAK,UAAA;AAAA,UAChB,OAAO,IAAA,CAAK;AAAA,SACb;AAAA,MACD;AAGA,MAAA,MAAM,KAAA,GAAS,KAAK,KAAA,IAAS,SAAA;AAE7B,MAAA,QAAQ,KAAA;AAAO,QACd,KAAK,uBAAA;AAEJ,UAAA;AAAA,QAED,KAAK,WAAA;AAEJ,UAAA,eAAA,IAAmB,GAAA;AACnB,UAAA;AAAA,QAED,KAAK,eAAA;AACJ,UAAA,MAAM,IAAI,MAAM,uBAAuB,CAAA;AAAA,QAExC,KAAK,eAAA;AACJ,UAAA,MAAM,IAAI,MAAM,qBAAqB,CAAA;AAAA,QAEtC;AACC,UAAA,MAAM,IAAI,KAAA,CAAM,CAAA,6BAAA,EAAgC,KAAK,CAAA,CAAE,CAAA;AAAA;AACzD,IACD,SAAS,KAAA,EAAO;AAEf,MAAA,IAAI,iBAAiB,KAAA,EAAO;AAC3B,QAAA,MAAM,KAAA;AAAA,MACP;AAEA,MAAA;AAAA,IACD;AAAA,EACD;AACD;AAiBA,eAAsB,aAAA,CACrB,WAAA,EACA,OAAA,GAAoC,EAAC,EACf;AACtB,EAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,KAAA,IAAS,UAAA,CAAW,KAAA;AAE9C,EAAA,IAAI,CAAC,WAAA,EAAa;AACjB,IAAA,MAAM,IAAI,MAAM,iCAAiC,CAAA;AAAA,EAClD;AAEA,EAAA,IAAI;AACH,IAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,6BAAA,EAA+B;AAAA,MAC/D,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACR,eAAA,EAAiB,UAAU,WAAW,CAAA,CAAA;AAAA,QACtC,QAAA,EAAU,6BAAA;AAAA,QACV,sBAAA,EAAwB;AAAA;AACzB,KACA,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACjB,MAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,0BAAA,EAA6B,SAAS,UAAU,CAAA,GAAA,EAAM,SAAS,CAAA,CAAE,CAAA;AAAA,IAClF;AAEA,IAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AAQjC,IAAA,OAAO;AAAA,MACN,IAAI,IAAA,CAAK,EAAA;AAAA,MACT,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,WAAW,IAAA,CAAK;AAAA,KACjB;AAAA,EACD,SAAS,KAAA,EAAO;AACf,IAAA,OAAA,CAAQ,KAAA,CAAM,4BAA4B,KAAK,CAAA;AAC/C,IAAA,MAAM,KAAA;AAAA,EACP;AACD;;;AC1QA,YAAA,EAAA;;;ACtBA,YAAA,EAAA;AA8BA,IAAMC,kBAAAA,GAAoB,IAAI,EAAA,GAAK,GAAA;AAInC,IAAI,eAAA,GAA+C,IAAA;AACnD,IAAI,iBAAA,GAAiD,IAAA;AAKrD,SAASC,gBAAe,SAAA,EAA6B;AACpD,EAAA,IAAI,CAAC,WAAW,OAAO,KAAA;AACvB,EAAA,OAAO,IAAA,CAAK,GAAA,EAAI,IAAK,SAAA,GAAYD,kBAAAA;AAClC;AAKA,eAAe,SAAA,CACd,WACA,OAAA,EACuB;AAEvB,EAAA,IAAI,iBAAA,EAAmB;AACtB,IAAA,OAAO,iBAAA;AAAA,EACR;AAEA,EAAA,iBAAA,GAAA,CAAqB,YAAY;AAChC,IAAA,IAAI;AACH,MAAA,MAAM,SAAA,GAAY,MAAM,kBAAA,CAAmB,SAAA,CAAU,YAAa,CAAA;AAGlE,MAAA,MAAM,SAAA,GAAY,UAAU,UAAA,GAAa,IAAA,CAAK,KAAI,GAAI,SAAA,CAAU,aAAa,GAAA,GAAO,KAAA,CAAA;AAGpF,MAAA,MAAM,OAAA,GAA2B;AAAA,QAChC,aAAa,SAAA,CAAU,YAAA;AAAA,QACvB,YAAA,EAAc,SAAA,CAAU,aAAA,IAAiB,SAAA,CAAU,YAAA;AAAA,QACnD;AAAA,OACD;AAEA,MAAA,IAAI,SAAS,YAAA,EAAc;AAC1B,QAAA,MAAM,OAAA,CAAQ,aAAa,OAAO,CAAA;AAAA,MACnC,CAAA,MAAA,IAAW,SAAS,QAAA,EAAU;AAC7B,QAAA,MAAM,OAAA,CAAQ,QAAA,CAAS,SAAA,CAAU,YAAY,CAAA;AAAA,MAC9C;AAEA,MAAA,OAAO,EAAE,KAAA,EAAO,SAAA,CAAU,YAAA,EAAc,YAAY,KAAA,EAAM;AAAA,IAC3D,CAAA,SAAE;AACD,MAAA,iBAAA,GAAoB,IAAA;AAAA,IACrB;AAAA,EACD,CAAA,GAAG;AAEH,EAAA,OAAO,iBAAA;AACR;AAKA,eAAe,cAAc,OAAA,EAA6C;AAEzE,EAAA,IAAI,eAAA,EAAiB;AACpB,IAAA,OAAO,eAAA;AAAA,EACR;AAEA,EAAA,MAAM,SAAS,SAAA,EAAU;AACzB,EAAA,MAAM;AAAA,IACL,WAAA,GAAc,IAAA;AAAA,IACd,QAAQ,OAAA,CAAQ,GAAA;AAAA,IAChB,QAAA;AAAA,IACA,OAAA,GAAU,mBAAA,CAAoB,MAAA,CAAO,WAAW;AAAA,GACjD,GAAI,OAAA;AAEJ,EAAA,eAAA,GAAA,CAAmB,YAAY;AAC9B,IAAA,IAAI;AACH,MAAA,KAAA,CAAM,mBAAmB,CAAA;AAEzB,MAAA,MAAM,YAAA,GAAe,MAAM,eAAA,CAAgB,EAAE,UAAU,CAAA;AAEvD,MAAA,KAAA,CAAM,CAAA,kBAAA,CAAoB,CAAA;AAC1B,MAAA,KAAA,CAAM,CAAA,YAAA,EAAe,YAAA,CAAa,gBAAgB,CAAA,CAAE,CAAA;AACpD,MAAA,KAAA,CAAM,CAAA,iBAAA,EAAoB,YAAA,CAAa,SAAS,CAAA,CAAE,CAAA;AAClD,MAAA,KAAA,CAAM;AAAA,WAAA,EAAgB,aAAa,yBAAyB;AAAA,CAAI,CAAA;AAGhE,MAAA,IAAI,WAAA,EAAa;AAChB,QAAA,IAAI;AACH,UAAA,MAAM,IAAA,GAAO,MAAM,OAAO,MAAM,CAAA;AAChC,UAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,YAAA,CAAa,yBAAyB,CAAA;AACzD,UAAA,KAAA,CAAM,gCAAgC,CAAA;AAAA,QACvC,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACD;AAEA,MAAA,KAAA,CAAM,gCAAgC,CAAA;AAEtC,MAAA,MAAM,gBAAgB,MAAM,aAAA;AAAA,QAC3B,YAAA,CAAa,WAAA;AAAA,QACb,YAAA,CAAa,QAAA;AAAA,QACb,YAAA,CAAa;AAAA,OACd;AAGA,MAAA,MAAM,SAAA,GAAY,cAAc,UAAA,GAAa,IAAA,CAAK,KAAI,GAAI,aAAA,CAAc,aAAa,GAAA,GAAO,KAAA,CAAA;AAG5F,MAAA,MAAM,OAAA,GAA2B;AAAA,QAChC,aAAa,aAAA,CAAc,YAAA;AAAA,QAC3B,cAAc,aAAA,CAAc,aAAA;AAAA,QAC5B;AAAA,OACD;AAEA,MAAA,IAAI,QAAQ,YAAA,EAAc;AACzB,QAAA,MAAM,OAAA,CAAQ,aAAa,OAAO,CAAA;AAAA,MACnC,CAAA,MAAO;AACN,QAAA,MAAM,OAAA,CAAQ,QAAA,CAAS,aAAA,CAAc,YAAY,CAAA;AAAA,MAClD;AAEA,MAAA,KAAA,CAAM,qBAAqB,CAAA;AAE3B,MAAA,OAAO,EAAE,KAAA,EAAO,aAAA,CAAc,YAAA,EAAc,YAAY,IAAA,EAAK;AAAA,IAC9D,CAAA,SAAE;AACD,MAAA,eAAA,GAAkB,IAAA;AAAA,IACnB;AAAA,EACD,CAAA,GAAG;AAEH,EAAA,OAAO,eAAA;AACR;AASA,eAAsB,cAAA,CAAe,OAAA,GAAwB,EAAC,EAAyB;AACtF,EAAA,MAAM,SAAS,SAAA,EAAU;AACzB,EAAA,MAAM,EAAE,OAAA,GAAU,mBAAA,CAAoB,MAAA,CAAO,WAAW,GAAE,GAAI,OAAA;AAG9D,EAAA,MAAM,YAAY,OAAA,CAAQ,YAAA,GAAe,MAAM,OAAA,CAAQ,cAAa,GAAI,IAAA;AACxE,EAAA,MAAM,aAAA,GAAgB,SAAA,EAAW,WAAA,IAAgB,MAAM,QAAQ,QAAA,EAAS;AAExE,EAAA,IAAI,aAAA,EAAe;AAGlB,IAAA,IAAI,WAAW,SAAA,IAAa,CAACC,eAAAA,CAAe,SAAA,CAAU,SAAS,CAAA,EAAG;AACjE,MAAA,OAAO,EAAE,KAAA,EAAO,aAAA,EAAe,UAAA,EAAY,KAAA,EAAM;AAAA,IAClD;AAGA,IAAA,IAAI,WAAW,YAAA,EAAc;AAC5B,MAAA,IAAI;AACH,QAAA,OAAO,MAAM,SAAA,CAAU,SAAA,EAAW,OAAO,CAAA;AAAA,MAC1C,SAAS,KAAA,EAAO;AAEf,QAAA,OAAA,CAAQ,IAAA,CAAK,yBAAyB,KAAK,CAAA;AAAA,MAE5C;AAAA,IACD;AAGA,IAAA,IAAI,CAAC,SAAA,EAAW,SAAA,IAAa,CAAC,WAAW,YAAA,EAAc;AACtD,MAAA,MAAM,EAAE,IAAA,EAAK,GAAI,MAAM,QAAQ,aAAa,CAAA;AAC5C,MAAA,IAAI,IAAA,EAAM;AACT,QAAA,OAAO,EAAE,KAAA,EAAO,aAAA,EAAe,UAAA,EAAY,KAAA,EAAM;AAAA,MAClD;AAAA,IACD;AAAA,EACD;AAGA,EAAA,OAAO,cAAc,OAAO,CAAA;AAC7B;AAKA,eAAsB,UAAA,CAAW,OAAA,GAAwB,EAAC,EAAyB;AAClF,EAAA,MAAM,SAAS,SAAA,EAAU;AACzB,EAAA,MAAM,EAAE,OAAA,GAAU,mBAAA,CAAoB,MAAA,CAAO,WAAW,GAAE,GAAI,OAAA;AAC9D,EAAA,MAAM,QAAQ,WAAA,EAAY;AAC1B,EAAA,OAAO,eAAe,OAAO,CAAA;AAC9B;AAKA,eAAsB,eAAA,CAAgB,OAAA,GAAwB,EAAC,EAAkB;AAChF,EAAA,MAAM,SAAS,SAAA,EAAU;AACzB,EAAA,MAAM,EAAE,QAAQ,OAAA,CAAQ,GAAA,EAAK,UAAU,mBAAA,CAAoB,MAAA,CAAO,WAAW,CAAA,EAAE,GAAI,OAAA;AACnF,EAAA,MAAM,QAAQ,WAAA,EAAY;AAC1B,EAAA,KAAA,CAAM,2BAA2B,CAAA;AAClC","file":"node.js","sourcesContent":["/**\n * Safe environment variable access (works in Node, browser, and Workers)\n *\n * Checks in order:\n * 1. globalThis (Cloudflare Workers legacy)\n * 2. process.env (Node.js)\n *\n * @param key - The environment variable key to look up\n * @returns The environment variable value or undefined if not found\n */\nexport function getEnv(key: string): string | undefined {\n\t// Check globalThis first (Workers)\n\tif ((globalThis as any)[key]) return (globalThis as any)[key]\n\t// Check process.env (Node.js)\n\tif (typeof process !== 'undefined' && process.env?.[key]) return process.env[key]\n\treturn undefined\n}\n","import type { TokenStorage, StoredTokenData } from './types.js'\nimport { getEnv } from './utils.js'\n\n// Keychain service and account identifiers\nconst KEYCHAIN_SERVICE = 'oauth.do'\nconst KEYCHAIN_ACCOUNT = 'access_token'\n\n/**\n * Check if we're running in a Node.js environment\n */\nfunction isNode(): boolean {\n\treturn typeof process !== 'undefined' &&\n\t\tprocess.versions != null &&\n\t\tprocess.versions.node != null\n}\n\n/**\n * Keychain-based token storage using OS credential manager\n * - macOS: Keychain\n * - Windows: Credential Manager\n * - Linux: Secret Service (libsecret)\n *\n * This is the most secure option for CLI token storage.\n */\nexport class KeychainTokenStorage implements TokenStorage {\n\tprivate keytar: typeof import('keytar') | null = null\n\tprivate initialized = false\n\n\t/**\n\t * Lazily load keytar module\n\t * Returns null if keytar is not available (e.g., missing native dependencies)\n\t */\n\tprivate async getKeytar(): Promise<typeof import('keytar') | null> {\n\t\tif (this.initialized) {\n\t\t\treturn this.keytar\n\t\t}\n\n\t\tthis.initialized = true\n\n\t\ttry {\n\t\t\t// Dynamic import to handle cases where keytar native module isn't available\n\t\t\tconst imported = await import('keytar')\n\t\t\t// Handle ESM/CJS interop - keytar is CommonJS, so functions may be on .default\n\t\t\tconst keytarModule = (imported as any).default || imported\n\t\t\tthis.keytar = keytarModule as typeof import('keytar')\n\n\t\t\t// Verify the module loaded correctly by checking for expected function\n\t\t\tif (typeof this.keytar.getPassword !== 'function') {\n\t\t\t\tif (getEnv('DEBUG')) {\n\t\t\t\t\tconsole.warn('Keytar module loaded but getPassword is not a function:', Object.keys(this.keytar))\n\t\t\t\t}\n\t\t\t\tthis.keytar = null\n\t\t\t\treturn null\n\t\t\t}\n\n\t\t\treturn this.keytar\n\t\t} catch (error) {\n\t\t\t// keytar requires native dependencies that may not be available\n\t\t\t// Fall back gracefully\n\t\t\tif (getEnv('DEBUG')) {\n\t\t\t\tconsole.warn('Keychain storage not available:', error)\n\t\t\t}\n\t\t\treturn null\n\t\t}\n\t}\n\n\tasync getToken(): Promise<string | null> {\n\t\tconst keytar = await this.getKeytar()\n\t\tif (!keytar) {\n\t\t\treturn null\n\t\t}\n\n\t\ttry {\n\t\t\tconst token = await keytar.getPassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT)\n\t\t\treturn token\n\t\t} catch (error) {\n\t\t\tif (getEnv('DEBUG')) {\n\t\t\t\tconsole.warn('Failed to get token from keychain:', error)\n\t\t\t}\n\t\t\treturn null\n\t\t}\n\t}\n\n\tasync setToken(token: string): Promise<void> {\n\t\ttry {\n\t\t\tconst keytar = await this.getKeytar()\n\t\t\tif (!keytar) {\n\t\t\t\tthrow new Error('Keychain storage not available')\n\t\t\t}\n\n\t\t\tawait keytar.setPassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT, token)\n\t\t} catch (error: any) {\n\t\t\t// Check if this is a native module error vs an actual keychain error\n\t\t\tif (error?.code === 'MODULE_NOT_FOUND' || error?.message?.includes('Cannot find module')) {\n\t\t\t\tthrow new Error('Keychain storage not available: native module not built')\n\t\t\t}\n\t\t\tthrow new Error(`Failed to save token to keychain: ${error}`)\n\t\t}\n\t}\n\n\tasync removeToken(): Promise<void> {\n\t\tconst keytar = await this.getKeytar()\n\t\tif (!keytar) {\n\t\t\treturn\n\t\t}\n\n\t\ttry {\n\t\t\tawait keytar.deletePassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT)\n\t\t} catch {\n\t\t\t// Ignore errors if credential doesn't exist\n\t\t}\n\t}\n\n\t/**\n\t * Check if keychain storage is available on this system\n\t */\n\tasync isAvailable(): Promise<boolean> {\n\t\ttry {\n\t\t\tconst keytar = await this.getKeytar()\n\t\t\tif (!keytar) {\n\t\t\t\treturn false\n\t\t\t}\n\n\t\t\t// Try a read operation to verify keychain access\n\t\t\t// This will throw if native module is not built\n\t\t\tawait keytar.getPassword(KEYCHAIN_SERVICE, '__test__')\n\t\t\treturn true\n\t\t} catch (error) {\n\t\t\tif (getEnv('DEBUG')) {\n\t\t\t\tconsole.warn('Keychain not available:', error)\n\t\t\t}\n\t\t\treturn false\n\t\t}\n\t}\n}\n\n/**\n * Secure file-based token storage for CLI\n * Stores token in ~/.oauth.do/token with restricted permissions (0600)\n *\n * This is the default storage for Node.js CLI because it doesn't require\n * GUI authorization popups like the keychain does on macOS.\n * Only works in Node.js environment.\n */\nexport class SecureFileTokenStorage implements TokenStorage {\n\tprivate tokenPath: string | null = null\n\tprivate configDir: string | null = null\n\tprivate initialized = false\n\tprivate customPath?: string\n\n\tconstructor(customPath?: string) {\n\t\tthis.customPath = customPath\n\t}\n\n\tprivate async init(): Promise<boolean> {\n\t\tif (this.initialized) return this.tokenPath !== null\n\t\tthis.initialized = true\n\n\t\tif (!isNode()) return false\n\n\t\ttry {\n\t\t\tconst os = await import('os')\n\t\t\tconst path = await import('path')\n\n\t\t\t// Use custom path if provided\n\t\t\tif (this.customPath) {\n\t\t\t\t// Expand ~ to home directory\n\t\t\t\tconst expandedPath = this.customPath.startsWith('~/')\n\t\t\t\t\t? path.join(os.homedir(), this.customPath.slice(2))\n\t\t\t\t\t: this.customPath\n\n\t\t\t\tthis.tokenPath = expandedPath\n\t\t\t\tthis.configDir = path.dirname(expandedPath)\n\t\t\t} else {\n\t\t\t\t// Default path\n\t\t\t\tthis.configDir = path.join(os.homedir(), '.oauth.do')\n\t\t\t\tthis.tokenPath = path.join(this.configDir, 'token')\n\t\t\t}\n\t\t\treturn true\n\t\t} catch {\n\t\t\treturn false\n\t\t}\n\t}\n\n\tasync getToken(): Promise<string | null> {\n\t\t// Try to get from token data first (new format)\n\t\tconst data = await this.getTokenData()\n\t\tif (data) {\n\t\t\treturn data.accessToken\n\t\t}\n\n\t\t// Fall back to legacy plain text format\n\t\tif (!(await this.init()) || !this.tokenPath) return null\n\n\t\ttry {\n\t\t\tconst fs = await import('fs/promises')\n\t\t\tconst stats = await fs.stat(this.tokenPath)\n\t\t\tconst mode = stats.mode & 0o777\n\n\t\t\tif (mode !== 0o600 && getEnv('DEBUG')) {\n\t\t\t\tconsole.warn(\n\t\t\t\t\t`Warning: Token file has insecure permissions (${mode.toString(8)}). ` +\n\t\t\t\t\t\t`Expected 600. Run: chmod 600 ${this.tokenPath}`\n\t\t\t\t)\n\t\t\t}\n\n\t\t\tconst content = await fs.readFile(this.tokenPath, 'utf-8')\n\t\t\tconst trimmed = content.trim()\n\n\t\t\t// Check if it's JSON (new format) or plain token (legacy)\n\t\t\tif (trimmed.startsWith('{')) {\n\t\t\t\tconst data = JSON.parse(trimmed) as StoredTokenData\n\t\t\t\treturn data.accessToken\n\t\t\t}\n\n\t\t\treturn trimmed\n\t\t} catch {\n\t\t\treturn null\n\t\t}\n\t}\n\n\tasync setToken(token: string): Promise<void> {\n\t\t// Store as token data for consistency, trimming whitespace\n\t\tawait this.setTokenData({ accessToken: token.trim() })\n\t}\n\n\tasync getTokenData(): Promise<StoredTokenData | null> {\n\t\tif (!(await this.init()) || !this.tokenPath) return null\n\n\t\ttry {\n\t\t\tconst fs = await import('fs/promises')\n\t\t\tconst content = await fs.readFile(this.tokenPath, 'utf-8')\n\t\t\tconst trimmed = content.trim()\n\n\t\t\t// Check if it's JSON format\n\t\t\tif (trimmed.startsWith('{')) {\n\t\t\t\treturn JSON.parse(trimmed) as StoredTokenData\n\t\t\t}\n\n\t\t\t// Legacy plain text format - convert to token data\n\t\t\treturn { accessToken: trimmed }\n\t\t} catch {\n\t\t\treturn null\n\t\t}\n\t}\n\n\tasync setTokenData(data: StoredTokenData): Promise<void> {\n\t\tif (!(await this.init()) || !this.tokenPath || !this.configDir) {\n\t\t\tthrow new Error('File storage not available')\n\t\t}\n\n\t\ttry {\n\t\t\tconst fs = await import('fs/promises')\n\t\t\tawait fs.mkdir(this.configDir, { recursive: true, mode: 0o700 })\n\t\t\tawait fs.writeFile(this.tokenPath, JSON.stringify(data), { encoding: 'utf-8', mode: 0o600 })\n\t\t\tawait fs.chmod(this.tokenPath, 0o600)\n\t\t} catch (error) {\n\t\t\tconsole.error('Failed to save token data:', error)\n\t\t\tthrow error\n\t\t}\n\t}\n\n\tasync removeToken(): Promise<void> {\n\t\tif (!(await this.init()) || !this.tokenPath) return\n\n\t\ttry {\n\t\t\tconst fs = await import('fs/promises')\n\t\t\tawait fs.unlink(this.tokenPath)\n\t\t} catch {\n\t\t\t// Ignore errors if file doesn't exist\n\t\t}\n\t}\n\n\t/**\n\t * Get information about the storage backend\n\t */\n\tasync getStorageInfo(): Promise<{ type: 'file'; secure: boolean; path: string | null }> {\n\t\tawait this.init()\n\t\treturn { type: 'file', secure: true, path: this.tokenPath }\n\t}\n}\n\n/**\n * File-based token storage for CLI (legacy, less secure)\n * Stores token in ~/.oauth.do/token\n * Only works in Node.js environment.\n *\n * @deprecated Use SecureFileTokenStorage or KeychainTokenStorage instead\n */\nexport class FileTokenStorage implements TokenStorage {\n\tprivate tokenPath: string | null = null\n\tprivate configDir: string | null = null\n\tprivate initialized = false\n\n\tprivate async init(): Promise<boolean> {\n\t\tif (this.initialized) return this.tokenPath !== null\n\t\tthis.initialized = true\n\n\t\tif (!isNode()) return false\n\n\t\ttry {\n\t\t\tconst os = await import('os')\n\t\t\tconst path = await import('path')\n\t\t\tthis.configDir = path.join(os.homedir(), '.oauth.do')\n\t\t\tthis.tokenPath = path.join(this.configDir, 'token')\n\t\t\treturn true\n\t\t} catch {\n\t\t\treturn false\n\t\t}\n\t}\n\n\tasync getToken(): Promise<string | null> {\n\t\tif (!(await this.init()) || !this.tokenPath) return null\n\n\t\ttry {\n\t\t\tconst fs = await import('fs/promises')\n\t\t\tconst token = await fs.readFile(this.tokenPath, 'utf-8')\n\t\t\treturn token.trim()\n\t\t} catch {\n\t\t\treturn null\n\t\t}\n\t}\n\n\tasync setToken(token: string): Promise<void> {\n\t\tif (!(await this.init()) || !this.tokenPath || !this.configDir) {\n\t\t\tthrow new Error('File storage not available')\n\t\t}\n\n\t\ttry {\n\t\t\tconst fs = await import('fs/promises')\n\t\t\tawait fs.mkdir(this.configDir, { recursive: true })\n\t\t\tawait fs.writeFile(this.tokenPath, token, 'utf-8')\n\t\t} catch (error) {\n\t\t\tconsole.error('Failed to save token:', error)\n\t\t\tthrow error\n\t\t}\n\t}\n\n\tasync removeToken(): Promise<void> {\n\t\tif (!(await this.init()) || !this.tokenPath) return\n\n\t\ttry {\n\t\t\tconst fs = await import('fs/promises')\n\t\t\tawait fs.unlink(this.tokenPath)\n\t\t} catch {\n\t\t\t// Ignore errors if file doesn't exist\n\t\t}\n\t}\n}\n\n/**\n * In-memory token storage (for browser or testing)\n */\nexport class MemoryTokenStorage implements TokenStorage {\n\tprivate token: string | null = null\n\n\tasync getToken(): Promise<string | null> {\n\t\treturn this.token\n\t}\n\n\tasync setToken(token: string): Promise<void> {\n\t\tthis.token = token\n\t}\n\n\tasync removeToken(): Promise<void> {\n\t\tthis.token = null\n\t}\n}\n\n/**\n * LocalStorage-based token storage (for browser)\n */\nexport class LocalStorageTokenStorage implements TokenStorage {\n\tprivate key = 'oauth.do:token'\n\n\tasync getToken(): Promise<string | null> {\n\t\tif (typeof localStorage === 'undefined') {\n\t\t\treturn null\n\t\t}\n\t\treturn localStorage.getItem(this.key)\n\t}\n\n\tasync setToken(token: string): Promise<void> {\n\t\tif (typeof localStorage === 'undefined') {\n\t\t\tthrow new Error('localStorage is not available')\n\t\t}\n\t\tlocalStorage.setItem(this.key, token)\n\t}\n\n\tasync removeToken(): Promise<void> {\n\t\tif (typeof localStorage === 'undefined') {\n\t\t\treturn\n\t\t}\n\t\tlocalStorage.removeItem(this.key)\n\t}\n}\n\n/**\n * Composite token storage that tries multiple storage backends\n * Attempts keychain first, then falls back to secure file storage\n */\nexport class CompositeTokenStorage implements TokenStorage {\n\tprivate keychainStorage: KeychainTokenStorage\n\tprivate fileStorage: SecureFileTokenStorage\n\tprivate preferredStorage: TokenStorage | null = null\n\n\tconstructor() {\n\t\tthis.keychainStorage = new KeychainTokenStorage()\n\t\tthis.fileStorage = new SecureFileTokenStorage()\n\t}\n\n\t/**\n\t * Determine the best available storage backend\n\t */\n\tprivate async getPreferredStorage(): Promise<TokenStorage> {\n\t\tif (this.preferredStorage) {\n\t\t\treturn this.preferredStorage\n\t\t}\n\n\t\t// Try keychain first\n\t\tif (await this.keychainStorage.isAvailable()) {\n\t\t\tthis.preferredStorage = this.keychainStorage\n\t\t\treturn this.preferredStorage\n\t\t}\n\n\t\t// Fall back to secure file storage\n\t\tthis.preferredStorage = this.fileStorage\n\t\treturn this.preferredStorage\n\t}\n\n\tasync getToken(): Promise<string | null> {\n\t\t// First, check keychain\n\t\tconst keychainToken = await this.keychainStorage.getToken()\n\t\tif (keychainToken) {\n\t\t\treturn keychainToken\n\t\t}\n\n\t\t// Fall back to file storage (for migration from old installations)\n\t\tconst fileToken = await this.fileStorage.getToken()\n\t\tif (fileToken) {\n\t\t\t// Migrate token to keychain if available\n\t\t\tif (await this.keychainStorage.isAvailable()) {\n\t\t\t\ttry {\n\t\t\t\t\tawait this.keychainStorage.setToken(fileToken)\n\t\t\t\t\tawait this.fileStorage.removeToken()\n\t\t\t\t\tif (getEnv('DEBUG')) {\n\t\t\t\t\t\tconsole.log('Migrated token from file to keychain')\n\t\t\t\t\t}\n\t\t\t\t} catch {\n\t\t\t\t\t// Continue with file token if migration fails\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn fileToken\n\t\t}\n\n\t\treturn null\n\t}\n\n\tasync setToken(token: string): Promise<void> {\n\t\tconst storage = await this.getPreferredStorage()\n\t\tawait storage.setToken(token)\n\t}\n\n\tasync removeToken(): Promise<void> {\n\t\t// Remove from both storages to ensure complete logout\n\t\tawait Promise.all([this.keychainStorage.removeToken(), this.fileStorage.removeToken()])\n\t}\n\n\t/**\n\t * Get information about the current storage backend\n\t */\n\tasync getStorageInfo(): Promise<{ type: 'keychain' | 'file'; secure: boolean }> {\n\t\tif (await this.keychainStorage.isAvailable()) {\n\t\t\treturn { type: 'keychain', secure: true }\n\t\t}\n\t\treturn { type: 'file', secure: true }\n\t}\n}\n\n/**\n * Create the default token storage\n * - Node.js: Uses secure file storage (~/.oauth.do/token with 0600 permissions)\n * - Browser: Uses localStorage\n * - Worker: Uses in-memory storage (tokens should be passed via env bindings)\n *\n * Note: We use file storage by default because keychain storage on macOS\n * requires GUI authorization popups, which breaks automation and agent workflows.\n *\n * @param storagePath - Optional custom path for token storage (e.g., '~/.studio/tokens.json')\n */\nexport function createSecureStorage(storagePath?: string): TokenStorage {\n\t// Node.js - use secure file storage (no keychain popups)\n\tif (isNode()) {\n\t\treturn new SecureFileTokenStorage(storagePath)\n\t}\n\n\t// Browser - use localStorage\n\tif (typeof localStorage !== 'undefined') {\n\t\treturn new LocalStorageTokenStorage()\n\t}\n\n\t// Workers/other - use memory storage\n\treturn new MemoryTokenStorage()\n}\n","import type { OAuthConfig } from './types.js'\nimport { getEnv } from './utils.js'\n\n/**\n * Global OAuth configuration\n * Note: storagePath is optional and may be undefined\n */\nlet globalConfig: Omit<Required<OAuthConfig>, 'storagePath'> & Pick<OAuthConfig, 'storagePath'> = {\n\tapiUrl: getEnv('OAUTH_API_URL') || getEnv('API_URL') || 'https://apis.do',\n\tclientId: getEnv('OAUTH_CLIENT_ID') || 'client_01JQYTRXK9ZPD8JPJTKDCRB656',\n\tauthKitDomain: getEnv('OAUTH_AUTHKIT_DOMAIN') || 'login.oauth.do',\n\tfetch: globalThis.fetch,\n\tstoragePath: getEnv('OAUTH_STORAGE_PATH'),\n}\n\n/**\n * Configure OAuth settings\n */\nexport function configure(config: OAuthConfig): void {\n\tglobalConfig = {\n\t\t...globalConfig,\n\t\t...config,\n\t}\n}\n\n/**\n * Get current configuration\n */\nexport function getConfig(): Omit<Required<OAuthConfig>, 'storagePath'> & Pick<OAuthConfig, 'storagePath'> {\n\treturn globalConfig\n}\n","import { getConfig } from './config.js'\nimport { getEnv } from './utils.js'\nimport type { User, AuthResult, TokenResponse, StoredTokenData } from './types.js'\n\n/**\n * Resolve a secret that could be a plain string or a secrets store binding\n * Secrets store bindings have a .get() method that returns a Promise<string>\n * @see https://developers.cloudflare.com/workers/configuration/secrets/#secrets-store\n */\nasync function resolveSecret(value: unknown): Promise<string | null> {\n\tif (!value) return null\n\tif (typeof value === 'string') return value\n\tif (typeof value === 'object' && typeof (value as any).get === 'function') {\n\t\treturn await (value as any).get()\n\t}\n\treturn null\n}\n\n/**\n * Get current authenticated user\n * Calls GET /me endpoint\n *\n * @param token - Optional authentication token (will use DO_TOKEN env var if not provided)\n * @returns Authentication result with user info or null if not authenticated\n */\nexport async function getUser(token?: string): Promise<AuthResult> {\n\tconst config = getConfig()\n\tconst authToken = token || getEnv('DO_TOKEN') || ''\n\n\tif (!authToken) {\n\t\treturn { user: null }\n\t}\n\n\ttry {\n\t\tconst response = await config.fetch(`${config.apiUrl}/me`, {\n\t\t\tmethod: 'GET',\n\t\t\theaders: {\n\t\t\t\t'Authorization': `Bearer ${authToken}`,\n\t\t\t\t'Content-Type': 'application/json',\n\t\t\t},\n\t\t})\n\n\t\tif (!response.ok) {\n\t\t\tif (response.status === 401) {\n\t\t\t\treturn { user: null }\n\t\t\t}\n\t\t\tthrow new Error(`Authentication failed: ${response.statusText}`)\n\t\t}\n\n\t\tconst user = (await response.json()) as User\n\t\treturn { user, token: authToken }\n\t} catch (error) {\n\t\tconsole.error('Auth error:', error)\n\t\treturn { user: null }\n\t}\n}\n\n/**\n * Initiate login flow\n * Calls POST /login endpoint\n *\n * @param credentials - Login credentials (email, password, etc.)\n * @returns Authentication result with user info and token\n */\nexport async function login(credentials: {\n\temail?: string\n\tpassword?: string\n\t[key: string]: any\n}): Promise<AuthResult> {\n\tconst config = getConfig()\n\n\ttry {\n\t\tconst response = await config.fetch(`${config.apiUrl}/login`, {\n\t\t\tmethod: 'POST',\n\t\t\theaders: {\n\t\t\t\t'Content-Type': 'application/json',\n\t\t\t},\n\t\t\tbody: JSON.stringify(credentials),\n\t\t})\n\n\t\tif (!response.ok) {\n\t\t\tthrow new Error(`Login failed: ${response.statusText}`)\n\t\t}\n\n\t\tconst data = (await response.json()) as { user: User; token: string }\n\t\treturn { user: data.user, token: data.token }\n\t} catch (error) {\n\t\tconsole.error('Login error:', error)\n\t\tthrow error\n\t}\n}\n\n/**\n * Logout current user\n * Calls POST /logout endpoint\n *\n * @param token - Optional authentication token (will use DO_TOKEN env var if not provided)\n */\nexport async function logout(token?: string): Promise<void> {\n\tconst config = getConfig()\n\tconst authToken = token || getEnv('DO_TOKEN') || ''\n\n\tif (!authToken) {\n\t\treturn\n\t}\n\n\ttry {\n\t\tconst response = await config.fetch(`${config.apiUrl}/logout`, {\n\t\t\tmethod: 'POST',\n\t\t\theaders: {\n\t\t\t\t'Authorization': `Bearer ${authToken}`,\n\t\t\t\t'Content-Type': 'application/json',\n\t\t\t},\n\t\t})\n\n\t\tif (!response.ok) {\n\t\t\tconsole.warn(`Logout warning: ${response.statusText}`)\n\t\t}\n\t} catch (error) {\n\t\tconsole.error('Logout error:', error)\n\t}\n}\n\n// Buffer time before expiration to trigger refresh (5 minutes)\nconst REFRESH_BUFFER_MS = 5 * 60 * 1000\n\n/**\n * Check if token is expired or about to expire\n */\nfunction isTokenExpired(expiresAt?: number): boolean {\n\tif (!expiresAt) return false // Can't determine, assume valid\n\treturn Date.now() >= expiresAt - REFRESH_BUFFER_MS\n}\n\n/**\n * Get token from environment or stored credentials\n *\n * Checks in order:\n * 1. globalThis.DO_ADMIN_TOKEN / DO_TOKEN (Workers legacy)\n * 2. process.env.DO_ADMIN_TOKEN / DO_TOKEN (Node.js)\n * 3. cloudflare:workers env import (Workers 2025+) - supports secrets store bindings\n * 4. Stored token (keychain/secure file) - with automatic refresh if expired\n *\n * @see https://developers.cloudflare.com/changelog/2025-03-17-importable-env/\n */\nexport async function getToken(): Promise<string | null> {\n\t// Check env vars first (globalThis for Workers legacy, process.env for Node)\n\tconst adminToken = getEnv('DO_ADMIN_TOKEN')\n\tif (adminToken) return adminToken\n\tconst doToken = getEnv('DO_TOKEN')\n\tif (doToken) return doToken\n\n\t// Try cloudflare:workers env import (Workers 2025+)\n\t// Supports both plain strings and secrets store bindings\n\ttry {\n\t\t// @ts-ignore - cloudflare:workers only available in Workers runtime\n\t\tconst { env } = await import('cloudflare:workers')\n\n\t\tconst cfAdminToken = await resolveSecret((env as any).DO_ADMIN_TOKEN)\n\t\tif (cfAdminToken) return cfAdminToken\n\n\t\tconst cfToken = await resolveSecret((env as any).DO_TOKEN)\n\t\tif (cfToken) return cfToken\n\t} catch {\n\t\t// Not in Workers environment or env not available\n\t}\n\n\t// Try stored token (Node.js only - uses keychain/file storage)\n\ttry {\n\t\tconst { createSecureStorage } = await import('./storage.js')\n\t\tconst config = getConfig()\n\t\tconst storage = createSecureStorage(config.storagePath)\n\n\t\t// Get full token data if available\n\t\tconst tokenData = storage.getTokenData ? await storage.getTokenData() : null\n\n\t\tif (tokenData) {\n\t\t\t// If token is not expired, return it\n\t\t\tif (!isTokenExpired(tokenData.expiresAt)) {\n\t\t\t\treturn tokenData.accessToken\n\t\t\t}\n\n\t\t\t// Token is expired - try to refresh if we have a refresh token\n\t\t\tif (tokenData.refreshToken) {\n\t\t\t\ttry {\n\t\t\t\t\tconst newTokens = await refreshAccessToken(tokenData.refreshToken)\n\n\t\t\t\t\t// Calculate new expiration time\n\t\t\t\t\tconst expiresAt = newTokens.expires_in\n\t\t\t\t\t\t? Date.now() + newTokens.expires_in * 1000\n\t\t\t\t\t\t: undefined\n\n\t\t\t\t\t// Store new token data\n\t\t\t\t\tconst newData: StoredTokenData = {\n\t\t\t\t\t\taccessToken: newTokens.access_token,\n\t\t\t\t\t\trefreshToken: newTokens.refresh_token || tokenData.refreshToken,\n\t\t\t\t\t\texpiresAt,\n\t\t\t\t\t}\n\n\t\t\t\t\tif (storage.setTokenData) {\n\t\t\t\t\t\tawait storage.setTokenData(newData)\n\t\t\t\t\t} else {\n\t\t\t\t\t\tawait storage.setToken(newTokens.access_token)\n\t\t\t\t\t}\n\n\t\t\t\t\treturn newTokens.access_token\n\t\t\t\t} catch {\n\t\t\t\t\t// Refresh failed - return null (caller should re-authenticate)\n\t\t\t\t\treturn null\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// Expired but no refresh token - return null\n\t\t\treturn null\n\t\t}\n\n\t\t// Fall back to simple token storage (no expiration tracking)\n\t\treturn await storage.getToken()\n\t} catch {\n\t\t// Storage not available (browser/worker) - return null\n\t\treturn null\n\t}\n}\n\n/**\n * Check if user is authenticated (has valid token)\n */\nexport async function isAuthenticated(token?: string): Promise<boolean> {\n\tconst result = await getUser(token)\n\treturn result.user !== null\n}\n\n/**\n * Auth provider function type for HTTP clients\n */\nexport type AuthProvider = () => string | null | undefined | Promise<string | null | undefined>\n\n/**\n * Create an auth provider function for HTTP clients (apis.do, rpc.do)\n * Returns a function that resolves to a token string\n *\n * @example\n * import { auth } from 'oauth.do'\n * const getAuth = auth()\n * const token = await getAuth()\n */\nexport function auth(): AuthProvider {\n\treturn getToken\n}\n\n/**\n * Refresh an access token using a refresh token\n *\n * @param refreshToken - The refresh token from the original auth response\n * @returns New token response with fresh access_token (and possibly new refresh_token)\n */\nexport async function refreshAccessToken(refreshToken: string): Promise<TokenResponse> {\n\tconst config = getConfig()\n\n\tif (!config.clientId) {\n\t\tthrow new Error('Client ID is required for token refresh')\n\t}\n\n\tconst response = await config.fetch('https://auth.apis.do/user_management/authenticate', {\n\t\tmethod: 'POST',\n\t\theaders: {\n\t\t\t'Content-Type': 'application/x-www-form-urlencoded',\n\t\t},\n\t\tbody: new URLSearchParams({\n\t\t\tgrant_type: 'refresh_token',\n\t\t\trefresh_token: refreshToken,\n\t\t\tclient_id: config.clientId,\n\t\t}).toString(),\n\t})\n\n\tif (!response.ok) {\n\t\tconst errorText = await response.text()\n\t\tthrow new Error(`Token refresh failed: ${response.status} - ${errorText}`)\n\t}\n\n\treturn (await response.json()) as TokenResponse\n}\n\n/**\n * Get stored token data from storage\n */\nexport async function getStoredTokenData(): Promise<StoredTokenData | null> {\n\ttry {\n\t\tconst { createSecureStorage } = await import('./storage.js')\n\t\tconst config = getConfig()\n\t\tconst storage = createSecureStorage(config.storagePath)\n\t\tif (storage.getTokenData) {\n\t\t\treturn await storage.getTokenData()\n\t\t}\n\t\t// Fall back to just access token\n\t\tconst token = await storage.getToken()\n\t\treturn token ? { accessToken: token } : null\n\t} catch {\n\t\treturn null\n\t}\n}\n\n/**\n * Store token data including refresh token\n */\nexport async function storeTokenData(data: StoredTokenData): Promise<void> {\n\ttry {\n\t\tconst { createSecureStorage } = await import('./storage.js')\n\t\tconst config = getConfig()\n\t\tconst storage = createSecureStorage(config.storagePath)\n\t\tif (storage.setTokenData) {\n\t\t\tawait storage.setTokenData(data)\n\t\t} else {\n\t\t\tawait storage.setToken(data.accessToken)\n\t\t}\n\t} catch (error) {\n\t\tconsole.error('Failed to store token data:', error)\n\t\tthrow error\n\t}\n}\n\n/**\n * Build OAuth authorization URL\n *\n * @example\n * const url = buildAuthUrl({\n * redirectUri: 'https://myapp.com/callback',\n * scope: 'openid profile email',\n * })\n */\nexport function buildAuthUrl(options: {\n\tredirectUri: string\n\tscope?: string\n\tstate?: string\n\tresponseType?: string\n\tclientId?: string\n\tauthDomain?: string\n}): string {\n\tconst config = getConfig()\n\tconst clientId = options.clientId || config.clientId\n\tconst authDomain = options.authDomain || config.authKitDomain\n\n\tconst params = new URLSearchParams({\n\t\tclient_id: clientId,\n\t\tredirect_uri: options.redirectUri,\n\t\tresponse_type: options.responseType || 'code',\n\t\tscope: options.scope || 'openid profile email',\n\t})\n\n\tif (options.state) {\n\t\tparams.set('state', options.state)\n\t}\n\n\treturn `https://${authDomain}/authorize?${params.toString()}`\n}\n","import { getConfig } from './config.js'\nimport type { DeviceAuthorizationResponse, TokenResponse, TokenError } from './types.js'\n\n/**\n * OAuth provider options for direct provider login\n * Bypasses AuthKit login screen and goes directly to the provider\n */\nexport type OAuthProvider = 'GitHubOAuth' | 'GoogleOAuth' | 'MicrosoftOAuth' | 'AppleOAuth'\n\nexport interface DeviceAuthOptions {\n\t/** OAuth provider to use directly (bypasses AuthKit login screen) */\n\tprovider?: OAuthProvider\n}\n\n/**\n * Initiate device authorization flow\n * Following OAuth 2.0 Device Authorization Grant (RFC 8628)\n *\n * @param options - Optional settings including provider for direct OAuth\n * @returns Device authorization response with codes and URIs\n */\nexport async function authorizeDevice(options: DeviceAuthOptions = {}): Promise<DeviceAuthorizationResponse> {\n\tconst config = getConfig()\n\n\tif (!config.clientId) {\n\t\tthrow new Error('Client ID is required for device authorization. Set OAUTH_CLIENT_ID or configure({ clientId: \"...\" })')\n\t}\n\n\ttry {\n\t\tconst url = 'https://auth.apis.do/user_management/authorize/device'\n\t\tconst body = new URLSearchParams({\n\t\t\tclient_id: config.clientId,\n\t\t\tscope: 'openid profile email',\n\t\t})\n\n\t\t// Add provider if specified (bypasses AuthKit login screen)\n\t\tif (options.provider) {\n\t\t\tbody.set('provider', options.provider)\n\t\t}\n\n\t\tconst response = await config.fetch(url, {\n\t\t\tmethod: 'POST',\n\t\t\theaders: {\n\t\t\t\t'Content-Type': 'application/x-www-form-urlencoded',\n\t\t\t},\n\t\t\tbody: body.toString(),\n\t\t})\n\n\t\tif (!response.ok) {\n\t\t\tconst errorText = await response.text()\n\t\t\tthrow new Error(`Device authorization failed: ${response.statusText} - ${errorText}`)\n\t\t}\n\n\t\tconst data = (await response.json()) as DeviceAuthorizationResponse\n\t\treturn data\n\t} catch (error) {\n\t\tconsole.error('Device authorization error:', error)\n\t\tthrow error\n\t}\n}\n\n/**\n * Poll for tokens after device authorization\n *\n * @param deviceCode - Device code from authorization response\n * @param interval - Polling interval in seconds (default: 5)\n * @param expiresIn - Expiration time in seconds (default: 600)\n * @returns Token response with access token and user info\n */\nexport async function pollForTokens(\n\tdeviceCode: string,\n\tinterval: number = 5,\n\texpiresIn: number = 600\n): Promise<TokenResponse> {\n\tconst config = getConfig()\n\n\tif (!config.clientId) {\n\t\tthrow new Error('Client ID is required for token polling')\n\t}\n\n\tconst startTime = Date.now()\n\tconst timeout = expiresIn * 1000\n\tlet currentInterval = interval * 1000\n\n\twhile (true) {\n\t\t// Check if expired\n\t\tif (Date.now() - startTime > timeout) {\n\t\t\tthrow new Error('Device authorization expired. Please try again.')\n\t\t}\n\n\t\t// Wait for interval\n\t\tawait new Promise((resolve) => setTimeout(resolve, currentInterval))\n\n\t\ttry {\n\t\t\tconst response = await config.fetch('https://auth.apis.do/user_management/authenticate', {\n\t\t\t\tmethod: 'POST',\n\t\t\t\theaders: {\n\t\t\t\t\t'Content-Type': 'application/x-www-form-urlencoded',\n\t\t\t\t},\n\t\t\t\tbody: new URLSearchParams({\n\t\t\t\t\tgrant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n\t\t\t\t\tdevice_code: deviceCode,\n\t\t\t\t\tclient_id: config.clientId,\n\t\t\t\t}).toString(),\n\t\t\t})\n\n\t\t\tif (response.ok) {\n\t\t\t\tconst data = (await response.json()) as TokenResponse\n\t\t\t\treturn data\n\t\t\t}\n\n\t\t\t// Handle error responses\n\t\t\tconst errorData = (await response.json().catch(() => ({ error: 'unknown' }))) as { error?: string }\n\t\t\tconst error = (errorData.error || 'unknown') as TokenError\n\n\t\t\tswitch (error) {\n\t\t\t\tcase 'authorization_pending':\n\t\t\t\t\t// Continue polling\n\t\t\t\t\tcontinue\n\n\t\t\t\tcase 'slow_down':\n\t\t\t\t\t// Increase interval by 5 seconds\n\t\t\t\t\tcurrentInterval += 5000\n\t\t\t\t\tcontinue\n\n\t\t\t\tcase 'access_denied':\n\t\t\t\t\tthrow new Error('Access denied by user')\n\n\t\t\t\tcase 'expired_token':\n\t\t\t\t\tthrow new Error('Device code expired')\n\n\t\t\t\tdefault:\n\t\t\t\t\tthrow new Error(`Token polling failed: ${error}`)\n\t\t\t}\n\t\t} catch (error) {\n\t\t\t// If it's our thrown error, re-throw it\n\t\t\tif (error instanceof Error) {\n\t\t\t\tthrow error\n\t\t\t}\n\t\t\t// Otherwise continue polling\n\t\t\tcontinue\n\t\t}\n\t}\n}\n","/**\n * GitHub Device Flow implementation\n * Following OAuth 2.0 Device Authorization Grant (RFC 8628)\n * https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#device-flow\n */\n\nexport interface GitHubDeviceFlowOptions {\n\t/** GitHub OAuth App client ID */\n\tclientId: string\n\t/** OAuth scopes (default: 'user:email read:user') */\n\tscope?: string\n\t/** Custom fetch implementation */\n\tfetch?: typeof fetch\n}\n\nexport interface GitHubDeviceAuthResponse {\n\t/** Device verification code */\n\tdeviceCode: string\n\t/** User verification code to display */\n\tuserCode: string\n\t/** Verification URI for user to visit */\n\tverificationUri: string\n\t/** Expiration time in seconds */\n\texpiresIn: number\n\t/** Polling interval in seconds */\n\tinterval: number\n}\n\nexport interface GitHubTokenResponse {\n\t/** Access token for GitHub API */\n\taccessToken: string\n\t/** Token type (typically 'bearer') */\n\ttokenType: string\n\t/** Granted scopes */\n\tscope: string\n}\n\nexport interface GitHubUser {\n\t/** Numeric GitHub user ID (critical for sqid generation) */\n\tid: number\n\t/** GitHub username */\n\tlogin: string\n\t/** User's email (may be null if not public) */\n\temail: string | null\n\t/** User's display name */\n\tname: string | null\n\t/** Avatar image URL */\n\tavatarUrl: string\n}\n\ntype GitHubTokenError =\n\t| 'authorization_pending'\n\t| 'slow_down'\n\t| 'expired_token'\n\t| 'access_denied'\n\t| 'unknown'\n\n/**\n * Start GitHub Device Flow\n *\n * Initiates device authorization flow by requesting device and user codes.\n *\n * @param options - Client ID, scope, and optional custom fetch\n * @returns Device authorization response with codes and URIs\n *\n * @example\n * ```ts\n * const auth = await startGitHubDeviceFlow({\n * clientId: 'Ov23liABCDEFGHIJKLMN',\n * scope: 'user:email read:user'\n * })\n *\n * console.log(`Visit ${auth.verificationUri} and enter code: ${auth.userCode}`)\n * ```\n */\nexport async function startGitHubDeviceFlow(\n\toptions: GitHubDeviceFlowOptions\n): Promise<GitHubDeviceAuthResponse> {\n\tconst { clientId, scope = 'user:email read:user' } = options\n\tconst fetchImpl = options.fetch || globalThis.fetch\n\n\tif (!clientId) {\n\t\tthrow new Error('GitHub client ID is required for device authorization')\n\t}\n\n\ttry {\n\t\tconst url = 'https://github.com/login/device/code'\n\t\tconst body = new URLSearchParams({\n\t\t\tclient_id: clientId,\n\t\t\tscope,\n\t\t})\n\n\t\tconst response = await fetchImpl(url, {\n\t\t\tmethod: 'POST',\n\t\t\theaders: {\n\t\t\t\t'Content-Type': 'application/x-www-form-urlencoded',\n\t\t\t\t'Accept': 'application/json',\n\t\t\t},\n\t\t\tbody,\n\t\t})\n\n\t\tif (!response.ok) {\n\t\t\tconst errorText = await response.text()\n\t\t\tthrow new Error(`GitHub device authorization failed: ${response.statusText} - ${errorText}`)\n\t\t}\n\n\t\tconst data = await response.json() as {\n\t\t\tdevice_code: string\n\t\t\tuser_code: string\n\t\t\tverification_uri: string\n\t\t\texpires_in: number\n\t\t\tinterval: number\n\t\t}\n\n\t\treturn {\n\t\t\tdeviceCode: data.device_code,\n\t\t\tuserCode: data.user_code,\n\t\t\tverificationUri: data.verification_uri,\n\t\t\texpiresIn: data.expires_in,\n\t\t\tinterval: data.interval,\n\t\t}\n\t} catch (error) {\n\t\tconsole.error('GitHub device authorization error:', error)\n\t\tthrow error\n\t}\n}\n\n/**\n * Poll GitHub Device Flow for access token\n *\n * Polls GitHub's token endpoint until user completes authorization.\n * Handles all error states including authorization_pending, slow_down, etc.\n *\n * @param deviceCode - Device code from startGitHubDeviceFlow\n * @param options - Client ID and optional custom fetch\n * @returns Token response with access token\n *\n * @example\n * ```ts\n * const auth = await startGitHubDeviceFlow({ clientId: '...' })\n * // User completes authorization...\n * const token = await pollGitHubDeviceFlow(auth.deviceCode, {\n * clientId: '...',\n * interval: auth.interval,\n * expiresIn: auth.expiresIn\n * })\n * console.log('Access token:', token.accessToken)\n * ```\n */\nexport async function pollGitHubDeviceFlow(\n\tdeviceCode: string,\n\toptions: GitHubDeviceFlowOptions & { interval?: number; expiresIn?: number }\n): Promise<GitHubTokenResponse> {\n\tconst { clientId, interval = 5, expiresIn = 900 } = options\n\tconst fetchImpl = options.fetch || globalThis.fetch\n\n\tif (!clientId) {\n\t\tthrow new Error('GitHub client ID is required for token polling')\n\t}\n\n\tconst startTime = Date.now()\n\tconst timeout = expiresIn * 1000\n\tlet currentInterval = interval * 1000\n\n\twhile (true) {\n\t\t// Check if expired\n\t\tif (Date.now() - startTime > timeout) {\n\t\t\tthrow new Error('GitHub device authorization expired. Please try again.')\n\t\t}\n\n\t\t// Wait for interval\n\t\tawait new Promise((resolve) => setTimeout(resolve, currentInterval))\n\n\t\ttry {\n\t\t\tconst url = 'https://github.com/login/oauth/access_token'\n\t\t\tconst body = new URLSearchParams({\n\t\t\t\tclient_id: clientId,\n\t\t\t\tdevice_code: deviceCode,\n\t\t\t\tgrant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n\t\t\t})\n\n\t\t\tconst response = await fetchImpl(url, {\n\t\t\t\tmethod: 'POST',\n\t\t\t\theaders: {\n\t\t\t\t\t'Content-Type': 'application/x-www-form-urlencoded',\n\t\t\t\t\t'Accept': 'application/json',\n\t\t\t\t},\n\t\t\t\tbody,\n\t\t\t})\n\n\t\t\tconst data = await response.json() as\n\t\t\t\t| { access_token: string; token_type: string; scope: string }\n\t\t\t\t| { error: string; error_description?: string; error_uri?: string }\n\n\t\t\t// Check for success\n\t\t\tif ('access_token' in data) {\n\t\t\t\treturn {\n\t\t\t\t\taccessToken: data.access_token,\n\t\t\t\t\ttokenType: data.token_type,\n\t\t\t\t\tscope: data.scope,\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// Handle error responses\n\t\t\tconst error = (data.error || 'unknown') as GitHubTokenError\n\n\t\t\tswitch (error) {\n\t\t\t\tcase 'authorization_pending':\n\t\t\t\t\t// Continue polling\n\t\t\t\t\tcontinue\n\n\t\t\t\tcase 'slow_down':\n\t\t\t\t\t// Increase interval by 5 seconds\n\t\t\t\t\tcurrentInterval += 5000\n\t\t\t\t\tcontinue\n\n\t\t\t\tcase 'access_denied':\n\t\t\t\t\tthrow new Error('Access denied by user')\n\n\t\t\t\tcase 'expired_token':\n\t\t\t\t\tthrow new Error('Device code expired')\n\n\t\t\t\tdefault:\n\t\t\t\t\tthrow new Error(`GitHub token polling failed: ${error}`)\n\t\t\t}\n\t\t} catch (error) {\n\t\t\t// If it's our thrown error, re-throw it\n\t\t\tif (error instanceof Error) {\n\t\t\t\tthrow error\n\t\t\t}\n\t\t\t// Otherwise continue polling\n\t\t\tcontinue\n\t\t}\n\t}\n}\n\n/**\n * Get GitHub user information\n *\n * Fetches authenticated user's profile from GitHub API.\n *\n * @param accessToken - GitHub access token\n * @param options - Optional custom fetch implementation\n * @returns GitHub user profile\n *\n * @example\n * ```ts\n * const user = await getGitHubUser(token.accessToken)\n * console.log(`Logged in as ${user.login} (ID: ${user.id})`)\n * ```\n */\nexport async function getGitHubUser(\n\taccessToken: string,\n\toptions: { fetch?: typeof fetch } = {}\n): Promise<GitHubUser> {\n\tconst fetchImpl = options.fetch || globalThis.fetch\n\n\tif (!accessToken) {\n\t\tthrow new Error('GitHub access token is required')\n\t}\n\n\ttry {\n\t\tconst response = await fetchImpl('https://api.github.com/user', {\n\t\t\tmethod: 'GET',\n\t\t\theaders: {\n\t\t\t\t'Authorization': `Bearer ${accessToken}`,\n\t\t\t\t'Accept': 'application/vnd.github+json',\n\t\t\t\t'X-GitHub-Api-Version': '2022-11-28',\n\t\t\t},\n\t\t})\n\n\t\tif (!response.ok) {\n\t\t\tconst errorText = await response.text()\n\t\t\tthrow new Error(`GitHub user fetch failed: ${response.statusText} - ${errorText}`)\n\t\t}\n\n\t\tconst data = await response.json() as {\n\t\t\tid: number\n\t\t\tlogin: string\n\t\t\temail: string | null\n\t\t\tname: string | null\n\t\t\tavatar_url: string\n\t\t}\n\n\t\treturn {\n\t\t\tid: data.id,\n\t\t\tlogin: data.login,\n\t\t\temail: data.email,\n\t\t\tname: data.name,\n\t\t\tavatarUrl: data.avatar_url,\n\t\t}\n\t} catch (error) {\n\t\tconsole.error('GitHub user fetch error:', error)\n\t\tthrow error\n\t}\n}\n","/**\n * oauth.do - Simple, secure authentication for humans and AI agents\n *\n * This is the browser-safe entry point with universal functions.\n * For Node.js CLI utilities that open the browser, import from 'oauth.do/node'\n *\n * @packageDocumentation\n */\n\n// Browser-safe auth utilities\nexport { auth, getUser, login, logout, getToken, isAuthenticated, buildAuthUrl } from './auth.js'\nexport type { AuthProvider } from './auth.js'\nexport { configure, getConfig } from './config.js'\nexport { authorizeDevice, pollForTokens } from './device.js'\n\n// GitHub Device Flow\nexport {\n\tstartGitHubDeviceFlow,\n\tpollGitHubDeviceFlow,\n\tgetGitHubUser,\n} from './github-device.js'\nexport type {\n\tGitHubDeviceFlowOptions,\n\tGitHubDeviceAuthResponse,\n\tGitHubTokenResponse,\n\tGitHubUser,\n} from './github-device.js'\n\n// Storage utilities (browser-safe - uses dynamic imports for Node.js features)\nexport {\n\tFileTokenStorage,\n\tMemoryTokenStorage,\n\tLocalStorageTokenStorage,\n\tSecureFileTokenStorage,\n\tKeychainTokenStorage,\n\tCompositeTokenStorage,\n\tcreateSecureStorage,\n} from './storage.js'\n\n// Types\nexport type {\n\tOAuthConfig,\n\tUser,\n\tAuthResult,\n\tDeviceAuthorizationResponse,\n\tTokenResponse,\n\tTokenError,\n\tTokenStorage,\n} from './types.js'\n\n// Re-export login types only (not functions - they use 'open' package)\nexport type { LoginOptions, LoginResult, OAuthProvider } from './login.js'\n","/**\n * CLI-centric login utilities\n * Handles device flow with browser auto-launch for CLI apps\n */\n\nimport { authorizeDevice, pollForTokens } from './device.js'\nimport type { OAuthProvider } from './device.js'\nimport { createSecureStorage } from './storage.js'\nimport { refreshAccessToken, getUser } from './auth.js'\nimport type { StoredTokenData } from './types.js'\nimport { getConfig } from './config.js'\n\nexport type { OAuthProvider } from './device.js'\n\nexport interface LoginOptions {\n\t/** Open browser automatically (default: true) */\n\topenBrowser?: boolean\n\t/** Custom print function for output */\n\tprint?: (message: string) => void\n\t/** OAuth provider to use directly (bypasses AuthKit login screen) */\n\tprovider?: OAuthProvider\n\t/** Storage to use (default: createSecureStorage()) */\n\tstorage?: {\n\t\tgetToken: () => Promise<string | null>\n\t\tsetToken: (token: string) => Promise<void>\n\t\tremoveToken: () => Promise<void>\n\t\tgetTokenData?: () => Promise<StoredTokenData | null>\n\t\tsetTokenData?: (data: StoredTokenData) => Promise<void>\n\t}\n}\n\nexport interface LoginResult {\n\ttoken: string\n\tisNewLogin: boolean\n}\n\n// Buffer time before expiration to trigger refresh (5 minutes)\nconst REFRESH_BUFFER_MS = 5 * 60 * 1000\n\n// Singleton promise for login/refresh operations\n// Prevents multiple concurrent login attempts (race condition)\nlet loginInProgress: Promise<LoginResult> | null = null\nlet refreshInProgress: Promise<LoginResult> | null = null\n\n/**\n * Check if token is expired or about to expire\n */\nfunction isTokenExpired(expiresAt?: number): boolean {\n\tif (!expiresAt) return false // Can't determine, assume valid\n\treturn Date.now() >= expiresAt - REFRESH_BUFFER_MS\n}\n\n/**\n * Internal refresh logic with singleton protection\n */\nasync function doRefresh(\n\ttokenData: StoredTokenData,\n\tstorage: LoginOptions['storage']\n): Promise<LoginResult> {\n\t// Check if a refresh is already in progress\n\tif (refreshInProgress) {\n\t\treturn refreshInProgress\n\t}\n\n\trefreshInProgress = (async () => {\n\t\ttry {\n\t\t\tconst newTokens = await refreshAccessToken(tokenData.refreshToken!)\n\n\t\t\t// Calculate new expiration time\n\t\t\tconst expiresAt = newTokens.expires_in ? Date.now() + newTokens.expires_in * 1000 : undefined\n\n\t\t\t// Store new token data\n\t\t\tconst newData: StoredTokenData = {\n\t\t\t\taccessToken: newTokens.access_token,\n\t\t\t\trefreshToken: newTokens.refresh_token || tokenData.refreshToken,\n\t\t\t\texpiresAt,\n\t\t\t}\n\n\t\t\tif (storage?.setTokenData) {\n\t\t\t\tawait storage.setTokenData(newData)\n\t\t\t} else if (storage?.setToken) {\n\t\t\t\tawait storage.setToken(newTokens.access_token)\n\t\t\t}\n\n\t\t\treturn { token: newTokens.access_token, isNewLogin: false }\n\t\t} finally {\n\t\t\trefreshInProgress = null\n\t\t}\n\t})()\n\n\treturn refreshInProgress\n}\n\n/**\n * Internal device flow login with singleton protection\n */\nasync function doDeviceLogin(options: LoginOptions): Promise<LoginResult> {\n\t// Check if a login is already in progress\n\tif (loginInProgress) {\n\t\treturn loginInProgress\n\t}\n\n\tconst config = getConfig()\n\tconst {\n\t\topenBrowser = true,\n\t\tprint = console.log,\n\t\tprovider,\n\t\tstorage = createSecureStorage(config.storagePath),\n\t} = options\n\n\tloginInProgress = (async () => {\n\t\ttry {\n\t\t\tprint('\\nLogging in...\\n')\n\n\t\t\tconst authResponse = await authorizeDevice({ provider })\n\n\t\t\tprint(`To complete login:`)\n\t\t\tprint(` 1. Visit: ${authResponse.verification_uri}`)\n\t\t\tprint(` 2. Enter code: ${authResponse.user_code}`)\n\t\t\tprint(`\\n Or open: ${authResponse.verification_uri_complete}\\n`)\n\n\t\t\t// Auto-launch browser\n\t\t\tif (openBrowser) {\n\t\t\t\ttry {\n\t\t\t\t\tconst open = await import('open')\n\t\t\t\t\tawait open.default(authResponse.verification_uri_complete)\n\t\t\t\t\tprint('Browser opened automatically\\n')\n\t\t\t\t} catch {\n\t\t\t\t\t// Silently fail if can't open browser\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tprint('Waiting for authorization...\\n')\n\n\t\t\tconst tokenResponse = await pollForTokens(\n\t\t\t\tauthResponse.device_code,\n\t\t\t\tauthResponse.interval,\n\t\t\t\tauthResponse.expires_in\n\t\t\t)\n\n\t\t\t// Calculate expiration time\n\t\t\tconst expiresAt = tokenResponse.expires_in ? Date.now() + tokenResponse.expires_in * 1000 : undefined\n\n\t\t\t// Store full token data including refresh token\n\t\t\tconst newData: StoredTokenData = {\n\t\t\t\taccessToken: tokenResponse.access_token,\n\t\t\t\trefreshToken: tokenResponse.refresh_token,\n\t\t\t\texpiresAt,\n\t\t\t}\n\n\t\t\tif (storage.setTokenData) {\n\t\t\t\tawait storage.setTokenData(newData)\n\t\t\t} else {\n\t\t\t\tawait storage.setToken(tokenResponse.access_token)\n\t\t\t}\n\n\t\t\tprint('Login successful!\\n')\n\n\t\t\treturn { token: tokenResponse.access_token, isNewLogin: true }\n\t\t} finally {\n\t\t\tloginInProgress = null\n\t\t}\n\t})()\n\n\treturn loginInProgress\n}\n\n/**\n * Get existing token or perform device flow login\n * Handles browser launch and token storage automatically\n * Automatically refreshes expired tokens if refresh_token is available\n *\n * Uses singleton pattern to prevent multiple concurrent login/refresh attempts\n */\nexport async function ensureLoggedIn(options: LoginOptions = {}): Promise<LoginResult> {\n\tconst config = getConfig()\n\tconst { storage = createSecureStorage(config.storagePath) } = options\n\n\t// Check for existing token data\n\tconst tokenData = storage.getTokenData ? await storage.getTokenData() : null\n\tconst existingToken = tokenData?.accessToken || (await storage.getToken())\n\n\tif (existingToken) {\n\t\t// If we have expiration info and token is not expired, just return it\n\t\t// No need for network validation - this function just provides tokens\n\t\tif (tokenData?.expiresAt && !isTokenExpired(tokenData.expiresAt)) {\n\t\t\treturn { token: existingToken, isNewLogin: false }\n\t\t}\n\n\t\t// Token is expired or no expiration info - try to refresh\n\t\tif (tokenData?.refreshToken) {\n\t\t\ttry {\n\t\t\t\treturn await doRefresh(tokenData, storage)\n\t\t\t} catch (error) {\n\t\t\t\t// Refresh failed - might need to re-login\n\t\t\t\tconsole.warn('Token refresh failed:', error)\n\t\t\t\t// Fall through to device flow\n\t\t\t}\n\t\t}\n\n\t\t// No expiration info and no refresh token - validate with network call\n\t\tif (!tokenData?.expiresAt && !tokenData?.refreshToken) {\n\t\t\tconst { user } = await getUser(existingToken)\n\t\t\tif (user) {\n\t\t\t\treturn { token: existingToken, isNewLogin: false }\n\t\t\t}\n\t\t}\n\t}\n\n\t// No valid token, start device flow (with singleton protection)\n\treturn doDeviceLogin(options)\n}\n\n/**\n * Force a new login (ignores existing token)\n */\nexport async function forceLogin(options: LoginOptions = {}): Promise<LoginResult> {\n\tconst config = getConfig()\n\tconst { storage = createSecureStorage(config.storagePath) } = options\n\tawait storage.removeToken()\n\treturn ensureLoggedIn(options)\n}\n\n/**\n * Logout and remove stored token\n */\nexport async function ensureLoggedOut(options: LoginOptions = {}): Promise<void> {\n\tconst config = getConfig()\n\tconst { print = console.log, storage = createSecureStorage(config.storagePath) } = options\n\tawait storage.removeToken()\n\tprint('Logged out successfully\\n')\n}\n"]}
package/dist/react.d.ts ADDED
@@ -0,0 +1,200 @@
1
+ import { User, Impersonator, AuthenticationMethod } from '@workos-inc/authkit-react';
2
+ export { AuthenticationMethod, Impersonator, User } from '@workos-inc/authkit-react';
3
+ import { ReactNode } from 'react';
4
+
5
+ /**
6
+ * oauth.do/react - React components for authentication
7
+ *
8
+ * Wraps WorkOS AuthKit widgets with oauth.do configuration.
9
+ * Pre-configured with oauth.do WorkOS client ID.
10
+ *
11
+ * @packageDocumentation
12
+ */
13
+
14
+ /**
15
+ * Auth token can be a string or a function that returns a Promise<string>
16
+ */
17
+ type AuthToken = string | (() => Promise<string>);
18
+
19
+ /**
20
+ * Options for switching organization
21
+ */
22
+ interface SwitchToOrganizationOptions {
23
+ organizationId: string;
24
+ signInOpts?: {
25
+ screenHint?: 'sign-in' | 'sign-up';
26
+ loginHint?: string;
27
+ };
28
+ }
29
+ /**
30
+ * Auth state and methods returned by useAuth hook
31
+ */
32
+ interface AuthState {
33
+ isLoading: boolean;
34
+ user: User | null;
35
+ role: string | null;
36
+ roles: string[] | null;
37
+ organizationId: string | null;
38
+ permissions: string[];
39
+ featureFlags: string[];
40
+ impersonator: Impersonator | null;
41
+ authenticationMethod: AuthenticationMethod | null;
42
+ signIn: () => void;
43
+ signUp: () => void;
44
+ getUser: () => User | null;
45
+ getAccessToken: () => Promise<string>;
46
+ signOut: () => void;
47
+ switchToOrganization: (options: SwitchToOrganizationOptions) => Promise<void>;
48
+ getSignInUrl: () => Promise<string>;
49
+ getSignUpUrl: () => Promise<string>;
50
+ }
51
+ interface OAuthDoContextValue {
52
+ clientId: string;
53
+ apiUrl: string;
54
+ authKitDomain: string;
55
+ }
56
+ declare function useOAuthDoConfig(): OAuthDoContextValue;
57
+ interface OAuthDoProviderProps {
58
+ children: ReactNode;
59
+ /** Override the default client ID */
60
+ clientId?: string;
61
+ /** Override the API URL */
62
+ apiUrl?: string;
63
+ /** Override the AuthKit domain */
64
+ authKitDomain?: string;
65
+ }
66
+ /**
67
+ * OAuth.do Provider - wraps your app with authentication context
68
+ *
69
+ * @example
70
+ * ```tsx
71
+ * import { OAuthDoProvider } from 'oauth.do/react'
72
+ *
73
+ * export default function App({ children }) {
74
+ * return (
75
+ * <OAuthDoProvider>
76
+ * {children}
77
+ * </OAuthDoProvider>
78
+ * )
79
+ * }
80
+ * ```
81
+ */
82
+ declare function OAuthDoProvider({ children, clientId, apiUrl, authKitDomain, }: OAuthDoProviderProps): JSX.Element;
83
+ /**
84
+ * useAuth hook - access current user and auth state
85
+ *
86
+ * @example
87
+ * ```tsx
88
+ * import { useAuth } from 'oauth.do/react'
89
+ *
90
+ * function UserGreeting() {
91
+ * const { user, isLoading } = useAuth()
92
+ *
93
+ * if (isLoading) return <span>Loading...</span>
94
+ * if (!user) return <span>Please sign in</span>
95
+ *
96
+ * return <span>Hello, {user.firstName}!</span>
97
+ * }
98
+ * ```
99
+ */
100
+ declare function useAuth(): AuthState;
101
+ interface ApiKeysProps {
102
+ /** Auth token for the widget (from useAuth().getAccessToken or server-generated) */
103
+ authToken: AuthToken;
104
+ }
105
+ /**
106
+ * API Keys Widget - manage API keys for your organization
107
+ *
108
+ * Requires the `widgets:api-keys:manage` permission.
109
+ *
110
+ * @example
111
+ * ```tsx
112
+ * import { ApiKeys, useAuth } from 'oauth.do/react'
113
+ *
114
+ * function ApiKeysPage() {
115
+ * const { user, getAccessToken } = useAuth()
116
+ * if (!user) return <p>Please sign in</p>
117
+ *
118
+ * return <ApiKeys authToken={getAccessToken} />
119
+ * }
120
+ * ```
121
+ */
122
+ declare function ApiKeys({ authToken }: ApiKeysProps): JSX.Element;
123
+ interface UsersManagementProps {
124
+ /** Auth token for the widget */
125
+ authToken: AuthToken;
126
+ }
127
+ /**
128
+ * Users Management Widget - invite, remove, and manage users
129
+ *
130
+ * @example
131
+ * ```tsx
132
+ * import { UsersManagement, useAuth } from 'oauth.do/react'
133
+ *
134
+ * function UsersPage() {
135
+ * const { user, getAccessToken } = useAuth()
136
+ * if (!user) return <p>Please sign in</p>
137
+ *
138
+ * return <UsersManagement authToken={getAccessToken} />
139
+ * }
140
+ * ```
141
+ */
142
+ declare function UsersManagement({ authToken }: UsersManagementProps): JSX.Element;
143
+ interface UserProfileProps {
144
+ /** Auth token for the widget */
145
+ authToken: AuthToken;
146
+ }
147
+ /**
148
+ * User Profile Widget - view and edit user profile
149
+ *
150
+ * @example
151
+ * ```tsx
152
+ * import { UserProfile, useAuth } from 'oauth.do/react'
153
+ *
154
+ * function ProfilePage() {
155
+ * const { user, getAccessToken } = useAuth()
156
+ * if (!user) return <p>Please sign in</p>
157
+ *
158
+ * return <UserProfile authToken={getAccessToken} />
159
+ * }
160
+ * ```
161
+ */
162
+ declare function UserProfile({ authToken }: UserProfileProps): JSX.Element;
163
+ interface SignInButtonProps {
164
+ children?: ReactNode;
165
+ className?: string;
166
+ redirectTo?: string;
167
+ }
168
+ /**
169
+ * Sign In Button - redirects to oauth.do login
170
+ *
171
+ * @example
172
+ * ```tsx
173
+ * import { SignInButton } from 'oauth.do/react'
174
+ *
175
+ * function Header() {
176
+ * return <SignInButton>Sign In</SignInButton>
177
+ * }
178
+ * ```
179
+ */
180
+ declare function SignInButton({ children, className, redirectTo, }: SignInButtonProps): JSX.Element;
181
+ interface SignOutButtonProps {
182
+ children?: ReactNode;
183
+ className?: string;
184
+ redirectTo?: string;
185
+ }
186
+ /**
187
+ * Sign Out Button - clears auth state and optionally redirects
188
+ *
189
+ * @example
190
+ * ```tsx
191
+ * import { SignOutButton } from 'oauth.do/react'
192
+ *
193
+ * function Header() {
194
+ * return <SignOutButton>Sign Out</SignOutButton>
195
+ * }
196
+ * ```
197
+ */
198
+ declare function SignOutButton({ children, className, redirectTo, }: SignOutButtonProps): JSX.Element;
199
+
200
+ export { ApiKeys, type ApiKeysProps, type AuthState, type AuthToken, OAuthDoProvider, type OAuthDoProviderProps, SignInButton, type SignInButtonProps, SignOutButton, type SignOutButtonProps, type SwitchToOrganizationOptions, UserProfile, type UserProfileProps, UsersManagement, type UsersManagementProps, useAuth, useOAuthDoConfig };
package/dist/react.js ADDED
@@ -0,0 +1,67 @@
1
+ import { WorkOsWidgets, ApiKeys as ApiKeys$1, UsersManagement as UsersManagement$1, UserProfile as UserProfile$1 } from '@workos-inc/widgets';
2
+ import { AuthKitProvider, useAuth as useAuth$1 } from '@workos-inc/authkit-react';
3
+ import React, { createContext, useContext } from 'react';
4
+
5
+ var OAUTH_DO_CONFIG = {
6
+ clientId: "client_01JQYTRXK9ZPD8JPJTKDCRB656",
7
+ apiUrl: "https://apis.do",
8
+ authKitDomain: "login.oauth.do"
9
+ };
10
+ var OAuthDoContext = createContext(OAUTH_DO_CONFIG);
11
+ function useOAuthDoConfig() {
12
+ return useContext(OAuthDoContext);
13
+ }
14
+ function OAuthDoProvider({
15
+ children,
16
+ clientId = OAUTH_DO_CONFIG.clientId,
17
+ apiUrl = OAUTH_DO_CONFIG.apiUrl,
18
+ authKitDomain = OAUTH_DO_CONFIG.authKitDomain
19
+ }) {
20
+ const config = { clientId, apiUrl, authKitDomain };
21
+ return /* @__PURE__ */ React.createElement(OAuthDoContext.Provider, { value: config }, /* @__PURE__ */ React.createElement(AuthKitProvider, { clientId }, /* @__PURE__ */ React.createElement(WorkOsWidgets, null, children)));
22
+ }
23
+ function useAuth() {
24
+ return useAuth$1();
25
+ }
26
+ function ApiKeys({ authToken }) {
27
+ return /* @__PURE__ */ React.createElement(ApiKeys$1, { authToken });
28
+ }
29
+ function UsersManagement({ authToken }) {
30
+ return /* @__PURE__ */ React.createElement(UsersManagement$1, { authToken });
31
+ }
32
+ function UserProfile({ authToken }) {
33
+ return /* @__PURE__ */ React.createElement(UserProfile$1, { authToken });
34
+ }
35
+ function SignInButton({
36
+ children = "Sign In",
37
+ className,
38
+ redirectTo = typeof window !== "undefined" ? window.location.href : "/"
39
+ }) {
40
+ const { authKitDomain, clientId } = useOAuthDoConfig();
41
+ const handleClick = () => {
42
+ const url = new URL(`https://${authKitDomain}`);
43
+ url.searchParams.set("client_id", clientId);
44
+ url.searchParams.set("redirect_uri", redirectTo);
45
+ url.searchParams.set("response_type", "code");
46
+ window.location.href = url.toString();
47
+ };
48
+ return /* @__PURE__ */ React.createElement("button", { onClick: handleClick, className }, children);
49
+ }
50
+ function SignOutButton({
51
+ children = "Sign Out",
52
+ className,
53
+ redirectTo = "/"
54
+ }) {
55
+ const { signOut } = useAuth();
56
+ const handleClick = () => {
57
+ signOut();
58
+ if (redirectTo !== "/" && typeof window !== "undefined") {
59
+ window.location.href = redirectTo;
60
+ }
61
+ };
62
+ return /* @__PURE__ */ React.createElement("button", { onClick: handleClick, className }, children);
63
+ }
64
+
65
+ export { ApiKeys, OAuthDoProvider, SignInButton, SignOutButton, UserProfile, UsersManagement, useAuth, useOAuthDoConfig };
66
+ //# sourceMappingURL=react.js.map
67
+ //# sourceMappingURL=react.js.map