openchrome-mcp 1.9.7 → 1.10.0

package/README.md

@@ -409,6 +409,48 @@ Tier 3 launches a real headed Chrome window with a genuine user-agent (`Chrome/.
 
 ---
 
+## FAQ: Comparison with Other Browser MCPs
+
+Common questions from users evaluating OpenChrome against Chrome DevTools MCP, Firefox DevTools MCP, and similar tools (see [#612](https://github.com/shaun0927/openchrome/issues/612)).
+
+### Can multiple MCP clients share tabs safely?
+
+**Yes — tabs cannot clobber each other across clients.**
+
+OpenChrome identifies every tab by its CDP `targetId` — a stable, browser-assigned string — not by a visible 1/2/3 index. On top of stable IDs, two layers of isolation are specifically designed for multi-client scenarios:
+
+- **`workerId`** — logical tab groups per client or parallel lane. A new tab under one `workerId` is invisible to another and never replaces one.
+- **`profileDirectory`** — launches a fully separate Chrome instance bound to that profile, giving OS-level cookie / storage / extension isolation.
+
+If client A opens five tabs and client B opens five tabs, all ten `tabId`s are distinct and stable; a new tab from A can never displace B's tab #3.
+
+### How do I handle sites that require interactive login (password, 2FA, CAPTCHA)?
+
+Two mechanisms, used together in practice:
+
+**1. Persistent-profile headless — log in once, automate forever.**
+Point OpenChrome at a persistent `userDataDir` (+ optional `profileDirectory`) and cookies / `localStorage` / IndexedDB survive across runs. After the first login, subsequent **headless** runs stay logged in until the site invalidates the session.
+
+**2. Headed fallback for the initial login or WAF-blocked sites.**
+When a human action is genuinely required (first-time login, 2FA, CAPTCHA, WebAuthn) or when a Tier-1/Tier-2 headless attempt is blocked by a CDN/WAF, OpenChrome lazy-launches a separate headed Chrome on a different debug port. Cookies are sync'd from the real Chrome profile before launch, and the headed page is registered back into the same logical session so the surrounding workflow continues seamlessly.
+
+**Typical pattern:** bootstrap the login once via the headed path → the persistent profile carries the cookies → all subsequent automation runs headless without a window.
+
+### Does OpenChrome steal focus with popup windows?
+
+**No — the "recurring popup interruptions" problem does not occur in OpenChrome.**
+
+The headed-browser focus-stealing pattern that users encounter with some MCP servers (cross-Space jumps on macOS, un-minimizable popups, per-tool-call window raises) comes from designs where the MCP drives a user-visible browser and creates OS windows as it works. OpenChrome is architected differently:
+
+- **Default mode is headless** — no window exists, so there is nothing to take focus.
+- **`tabs_create` opens a tab, not an OS window.** New tabs are created via CDP inside the already-running Chrome, and OpenChrome never calls `page.bringToFront()` anywhere in the codebase.
+- **The headed fallback is lazy and reused.** When it is needed, it launches **once** per server lifetime; every later navigation/tab runs inside that same instance. At worst you see one focus grab the very first time the fallback activates — not one per action, never one per tab.
+- **The headed fallback is optional.** If persistent-profile headless is sufficient for your sites, you will never see a browser window.
+
+The only scenario in which a window appears at all is the first time the Tier-3 headed fallback activates in a given session.
+
+---
+
 ## Benchmarks
 
 Measure token efficiency and parallel performance:
@@ -514,6 +556,12 @@ openchrome serve \
 
 ---
 
+## Authentication
+
+OpenChrome supports per-tenant API keys, JWT/OAuth, a legacy shared token, and an unauthenticated mode. See **[docs/auth.md](docs/auth.md)** for the full guide including quickstart, scope table, key rotation, revocation, and troubleshooting.
+
+---
+
 ## Under the Hood: 8-Layer Reliability
 
 OpenChrome has **49 distinct reliability mechanisms** across 8 defense layers — ensuring no single failure can hang the MCP server.

package/config/audit-redaction.json

@@ -0,0 +1,48 @@
+{
+  "$schema": "./audit-redaction.schema.json",
+  "description": "Per-tool redaction rules applied to audit log entries. Each rule identifies a sensitive field by a JSON-path-like key and describes how the value should be recorded: 'redact' replaces with [REDACTED], 'hash' stores sha256:<hex>, 'truncate' keeps the first N bytes and appends a hash of the full value.",
+  "defaultSensitiveFieldNames": [
+    "password",
+    "passwd",
+    "pwd",
+    "secret",
+    "token",
+    "authorization",
+    "auth",
+    "api_key",
+    "apikey",
+    "access_key",
+    "refresh_token",
+    "id_token",
+    "session_token",
+    "cookie",
+    "set-cookie",
+    "credit_card",
+    "ssn",
+    "private_key"
+  ],
+  "tools": {
+    "cookies": [
+      { "path": "value", "mode": "hash" }
+    ],
+    "cookies.set": [
+      { "path": "value", "mode": "hash" },
+      { "path": "cookies[*].value", "mode": "hash" }
+    ],
+    "fill_form": [
+      { "path": "fields[*].value", "mode": "redactIfSensitiveName" }
+    ],
+    "form_input": [
+      { "path": "value", "mode": "redact" }
+    ],
+    "type": [
+      { "path": "text", "mode": "truncate", "maxBytes": 200 }
+    ],
+    "javascript_tool": [
+      { "path": "code", "mode": "truncate", "maxBytes": 200 }
+    ],
+    "storage": [
+      { "path": "value", "mode": "truncate", "maxBytes": 200 }
+    ]
+  }
+}

package/dist/auth/api-key-store.d.ts

@@ -0,0 +1,28 @@
+import type { ApiKey, ApiKeyCreateInput, ApiKeyCreateResult } from './api-key-types';
+declare function defaultStorePath(): string;
+export declare class ApiKeyStore {
+    private readonly storePath;
+    private readonly lockPath;
+    private readonly index;
+    private decoyHash;
+    private lastReadSize;
+    private lastReadIno;
+    private pendingSync;
+    private constructor();
+    static open(storePath?: string): Promise<ApiKeyStore>;
+    private applyLines;
+    private doSyncFromDisk;
+    private syncFromDisk;
+    private syncInsideLock;
+    private withLock;
+    private appendRecord;
+    private rewriteAll;
+    create(input: ApiKeyCreateInput): Promise<ApiKeyCreateResult>;
+    list(): Promise<ApiKey[]>;
+    revoke(keyId: string): Promise<boolean>;
+    rotate(keyId: string): Promise<ApiKeyCreateResult>;
+    verify(plaintext: string): Promise<ApiKey | null>;
+    touchLastUsed(keyId: string): Promise<void>;
+}
+export { defaultStorePath };
+//# sourceMappingURL=api-key-store.d.ts.map

package/dist/auth/api-key-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key-store.d.ts","sourceRoot":"","sources":["../../src/auth/api-key-store.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EACV,MAAM,EACN,iBAAiB,EACjB,kBAAkB,EAEnB,MAAM,iBAAiB,CAAC;AA+CzB,iBAAS,gBAAgB,IAAI,MAAM,CAElC;AAwBD,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAkC;IAGxD,OAAO,CAAC,SAAS,CAAc;IAM/B,OAAO,CAAC,YAAY,CAAa;IACjC,OAAO,CAAC,WAAW,CAAa;IAGhC,OAAO,CAAC,WAAW,CAA8B;IAEjD,OAAO;WAKM,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAgD3D,OAAO,CAAC,UAAU;YAuBJ,cAAc;YA2Dd,YAAY;YAmBZ,cAAc;YAmBd,QAAQ;YAmBR,YAAY;YAgCZ,UAAU;IAUlB,MAAM,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAiC7D,IAAI,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAKzB,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAavC,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAgBlD,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAiCjD,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAgBlD;AAED,OAAO,EAAE,gBAAgB,EAAE,CAAC"}

package/dist/auth/api-key-store.js

@@ -0,0 +1,489 @@
+"use strict";
+// Tenant-scoped API key store.
+// Append-only JSONL log at ~/.openchrome/auth/api-keys.jsonl, replayed into an
+// in-memory Map on load. Hashes with argon2id; plaintext is never persisted and
+// is returned only once from create()/rotate(). See issue #9 / PR1.
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApiKeyStore = void 0;
+exports.defaultStorePath = defaultStorePath;
+const crypto = __importStar(require("crypto"));
+const fs = __importStar(require("fs"));
+const os = __importStar(require("os"));
+const path = __importStar(require("path"));
+const write_file_atomic_1 = __importDefault(require("write-file-atomic"));
+const lockfile = __importStar(require("proper-lockfile"));
+const argon2 = __importStar(require("argon2"));
+const KEY_PREFIX = 'oc_live_';
+const RANDOM_BYTES = 24; // ~32 base62 chars
+const ARGON2_OPTS = {
+    type: argon2.argon2id,
+    memoryCost: 19456, // 19 MiB
+    timeCost: 2,
+    parallelism: 1,
+};
+// Base62 alphabet: 0-9 A-Z a-z (no padding, URL-safe).
+const BASE62_ALPHABET = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
+function base62Encode(buf) {
+    // Convert bytes -> bigint -> base62 digits, preserving a fixed output length
+    // derived from input size so differently sized buffers map to stable widths.
+    if (buf.length === 0)
+        return '';
+    let num = 0n;
+    for (const byte of buf) {
+        num = (num << 8n) | BigInt(byte);
+    }
+    let out = '';
+    while (num > 0n) {
+        const rem = Number(num % 62n);
+        out = BASE62_ALPHABET[rem] + out;
+        num = num / 62n;
+    }
+    // Pad with leading zero digits to keep output length deterministic.
+    // 1 byte ~ log62(256) ~ 1.344 chars -> ceil(n * 1.344)
+    const targetLen = Math.ceil(buf.length * Math.log(256) / Math.log(62));
+    if (out.length < targetLen) {
+        out = BASE62_ALPHABET[0].repeat(targetLen - out.length) + out;
+    }
+    return out;
+}
+function computeKeyId(plaintext) {
+    const digest = crypto.createHash('sha256').update(plaintext).digest();
+    // First 10 chars of base62(sha256(plaintext)). Safe to log.
+    return 'k_' + base62Encode(digest).slice(0, 10);
+}
+function defaultStoreDir() {
+    return path.join(os.homedir(), '.openchrome', 'auth');
+}
+function defaultStorePath() {
+    return path.join(defaultStoreDir(), 'api-keys.jsonl');
+}
+function cloneRecord(r) {
+    return {
+        keyId: r.keyId,
+        keyHash: r.keyHash,
+        tenantId: r.tenantId,
+        scopes: [...r.scopes],
+        createdAt: r.createdAt,
+        expiresAt: r.expiresAt,
+        revokedAt: r.revokedAt,
+        lastUsedAt: r.lastUsedAt,
+        description: r.description,
+    };
+}
+function isExpired(r, now) {
+    return typeof r.expiresAt === 'number' && r.expiresAt < now;
+}
+function isRevoked(r) {
+    return typeof r.revokedAt === 'number';
+}
+class ApiKeyStore {
+    storePath;
+    lockPath;
+    index = new Map();
+    // Precomputed decoy hash so verify(unknown) performs argon2.verify with
+    // indistinguishable timing vs verify(known). Initialised in open().
+    decoyHash = '';
+    // Byte offset up to which the JSONL has already been replayed into `index`,
+    // plus the inode observed at that time. verify()/list()/revoke() call
+    // syncFromDisk() to incrementally apply lines appended by peer processes so
+    // a long-lived store sees cross-process create/revoke in multi-process
+    // deployments (fixes issue #9 PR1 Codex P1 review).
+    lastReadSize = 0;
+    lastReadIno = 0;
+    // Coalesce concurrent syncFromDisk() callers so we don't issue redundant
+    // reads when verify() is called in a burst.
+    pendingSync = null;
+    constructor(storePath) {
+        this.storePath = storePath;
+        this.lockPath = storePath + '.lock';
+    }
+    static async open(storePath) {
+        const envOverride = process.env.OPENCHROME_API_KEY_STORE_PATH;
+        const finalPath = storePath ?? (envOverride && envOverride.length > 0 ? envOverride : defaultStorePath());
+        const dir = path.dirname(finalPath);
+        // mkdir returns the first path it had to create, or undefined if the
+        // directory tree already existed. Only chmod when WE created the dir —
+        // otherwise a caller passing a custom path inside a shared parent
+        // (e.g. `/tmp/api-keys.jsonl`) would have that parent's permissions
+        // silently rewritten (Codex P2 on a9e73c8).
+        const dirCreated = await fs.promises.mkdir(dir, {
+            recursive: true,
+            mode: 0o700,
+        });
+        if (dirCreated && process.platform !== 'win32') {
+            try {
+                await fs.promises.chmod(dir, 0o700);
+            }
+            catch {
+                // best-effort
+            }
+        }
+        // Ensure the store file exists with 0600 so proper-lockfile and appends
+        // work. Only force-chmod if WE just created the file — don't mutate the
+        // mode of a pre-existing caller-owned file.
+        let fileCreated = false;
+        try {
+            await fs.promises.access(finalPath);
+        }
+        catch {
+            await fs.promises.writeFile(finalPath, '', { mode: 0o600 });
+            fileCreated = true;
+        }
+        if (fileCreated && process.platform !== 'win32') {
+            try {
+                await fs.promises.chmod(finalPath, 0o600);
+            }
+            catch {
+                // best-effort
+            }
+        }
+        const store = new ApiKeyStore(finalPath);
+        await store.syncFromDisk();
+        // Pre-hash a throwaway value. Using a random secret each open prevents any
+        // adversarial timing signal from a fixed decoy across processes.
+        const decoySecret = crypto.randomBytes(32).toString('hex');
+        store.decoyHash = await argon2.hash(decoySecret, ARGON2_OPTS);
+        return store;
+    }
+    applyLines(text) {
+        for (const line of text.split('\n')) {
+            if (!line.trim())
+                continue;
+            let parsed;
+            try {
+                parsed = JSON.parse(line);
+            }
+            catch (err) {
+                console.error('[api-key-store] skipping malformed JSONL line:', err);
+                continue;
+            }
+            if (!parsed || typeof parsed.keyId !== 'string')
+                continue;
+            // Latest record wins; revokedAt sticks (do not clear on later records).
+            const prior = this.index.get(parsed.keyId);
+            if (prior && prior.revokedAt && !parsed.revokedAt) {
+                parsed.revokedAt = prior.revokedAt;
+            }
+            this.index.set(parsed.keyId, parsed);
+        }
+    }
+    // The actual stat+read body. Never touches `pendingSync` — callers own
+    // the coalescing decision. Tolerates torn peer appends by consuming only
+    // up to the last newline; a partial trailing record is deferred.
+    async doSyncFromDisk() {
+        let stat;
+        try {
+            stat = await fs.promises.stat(this.storePath);
+        }
+        catch {
+            // File is gone: drop cached state so we don't keep answering for
+            // keys that no longer exist on disk.
+            this.index.clear();
+            this.lastReadSize = 0;
+            this.lastReadIno = 0;
+            return;
+        }
+        // File replaced (rotated) or truncated: re-replay from scratch.
+        if ((this.lastReadIno !== 0 && stat.ino !== this.lastReadIno) ||
+            stat.size < this.lastReadSize) {
+            this.index.clear();
+            this.lastReadSize = 0;
+        }
+        this.lastReadIno = stat.ino;
+        if (stat.size === this.lastReadSize)
+            return;
+        const toRead = stat.size - this.lastReadSize;
+        const fd = await fs.promises.open(this.storePath, 'r');
+        try {
+            const buf = Buffer.allocUnsafe(toRead);
+            // fd.read can return fewer bytes than requested if the file was
+            // truncated/replaced between stat() and read(). Only decode the
+            // prefix that was actually filled — the tail of `allocUnsafe` is
+            // uninitialized memory and must never be interpreted as content
+            // (Codex P1 on a7e216b).
+            const { bytesRead } = await fd.read(buf, 0, toRead, this.lastReadSize);
+            if (bytesRead <= 0)
+                return;
+            if (bytesRead < toRead) {
+                // Short read: the file was truncated or replaced between our stat()
+                // and read(). Cached state may no longer reflect disk, so drop it;
+                // the next syncFromDisk will re-replay from offset 0 (or via the
+                // inode-change branch if the file was rotated).
+                this.index.clear();
+                this.lastReadSize = 0;
+                this.lastReadIno = 0;
+                return;
+            }
+            const text = buf.subarray(0, bytesRead).toString('utf8');
+            const lastNewline = text.lastIndexOf('\n');
+            if (lastNewline < 0)
+                return;
+            const complete = text.slice(0, lastNewline + 1);
+            this.applyLines(complete);
+            this.lastReadSize += Buffer.byteLength(complete, 'utf8');
+        }
+        finally {
+            await fd.close();
+        }
+    }
+    // Coalesced sync for unlocked read paths (verify, list, rotate-precheck).
+    // Concurrent callers share a single in-flight sync to avoid redundant
+    // stat+read under burst traffic. NOT safe for writers inside the cross-
+    // process lock — use syncInsideLock() there.
+    async syncFromDisk() {
+        if (this.pendingSync)
+            return this.pendingSync;
+        this.pendingSync = (async () => {
+            try {
+                await this.doSyncFromDisk();
+            }
+            finally {
+                this.pendingSync = null;
+            }
+        })();
+        return this.pendingSync;
+    }
+    // Writer sync: runs INSIDE the cross-process file lock. Must not reuse
+    // an in-flight `pendingSync` because that promise's `stat` may have been
+    // taken BEFORE a peer append landed — sharing it would hand the writer a
+    // stale EOF, appendRecord would then jump lastReadSize past those peer
+    // bytes, and this process would skip them forever. Instead, drain any
+    // in-flight sync (to avoid clobbering its lastReadSize mutation) and
+    // then run a guaranteed-fresh stat+read ourselves (Codex P1 on 0538a8c).
+    async syncInsideLock() {
+        while (this.pendingSync) {
+            try {
+                await this.pendingSync;
+            }
+            catch {
+                // Broken sync: retry until the flag clears (doSyncFromDisk's own
+                // errors will re-surface when we run our own fresh sync below).
+            }
+        }
+        this.pendingSync = (async () => {
+            try {
+                await this.doSyncFromDisk();
+            }
+            finally {
+                this.pendingSync = null;
+            }
+        })();
+        return this.pendingSync;
+    }
+    async withLock(fn) {
+        // proper-lockfile requires the target file to exist.
+        try {
+            await fs.promises.access(this.storePath);
+        }
+        catch {
+            await fs.promises.writeFile(this.storePath, '', { mode: 0o600 });
+        }
+        const release = await lockfile.lock(this.storePath, {
+            lockfilePath: this.lockPath,
+            retries: { retries: 10, minTimeout: 25, maxTimeout: 200 },
+            stale: 5000,
+        });
+        try {
+            return await fn();
+        }
+        finally {
+            await release();
+        }
+    }
+    async appendRecord(record) {
+        let line = JSON.stringify(record) + '\n';
+        try {
+            const st = await fs.promises.stat(this.storePath);
+            if (st.size > 0) {
+                const fh = await fs.promises.open(this.storePath, 'r');
+                try {
+                    const tail = Buffer.alloc(1);
+                    const { bytesRead } = await fh.read(tail, 0, 1, st.size - 1);
+                    if (bytesRead === 1 && tail[0] !== 0x0a) {
+                        line = '\n' + line;
+                    }
+                }
+                finally {
+                    await fh.close();
+                }
+            }
+        }
+        catch {
+            // Best-effort: if stat/read fails we still append the record and let the
+            // next sync reconcile from disk.
+        }
+        await fs.promises.appendFile(this.storePath, line, { mode: 0o600 });
+        // Advance the read cursor so the next syncFromDisk() doesn't re-parse
+        // our own append. Best-effort: on stat failure, the next sync reconciles.
+        try {
+            const st = await fs.promises.stat(this.storePath);
+            this.lastReadSize = st.size;
+            this.lastReadIno = st.ino;
+        }
+        catch {
+            // fallthrough — next sync will detect the change
+        }
+    }
+    async rewriteAll(records) {
+        const data = records.map((r) => JSON.stringify(r)).join('\n') + (records.length ? '\n' : '');
+        await new Promise((resolve, reject) => {
+            (0, write_file_atomic_1.default)(this.storePath, data, { mode: 0o600 }, (err) => {
+                if (err)
+                    reject(err);
+                else
+                    resolve();
+            });
+        });
+    }
+    async create(input) {
+        if (!input.tenantId || typeof input.tenantId !== 'string') {
+            throw new Error('tenantId is required');
+        }
+        if (!Array.isArray(input.scopes) || input.scopes.length === 0) {
+            throw new Error('at least one scope is required');
+        }
+        const random = base62Encode(crypto.randomBytes(RANDOM_BYTES)).slice(0, 32);
+        const plaintext = `${KEY_PREFIX}${input.tenantId}_${random}`;
+        const keyId = computeKeyId(plaintext);
+        const keyHash = await argon2.hash(plaintext, ARGON2_OPTS);
+        const record = {
+            keyId,
+            keyHash,
+            tenantId: input.tenantId,
+            scopes: [...input.scopes],
+            createdAt: Date.now(),
+            expiresAt: input.expiresAt,
+            description: input.description ?? '',
+        };
+        await this.withLock(async () => {
+            // Guaranteed-fresh sync inside the cross-process lock: MUST NOT reuse
+            // a pre-lock coalesced pendingSync whose stat may predate a peer
+            // append, which would leave this process blind to those bytes after
+            // appendRecord advances the cursor to EOF (Codex P1 on commits
+            // 64af728 + 0538a8c).
+            await this.syncInsideLock();
+            await this.appendRecord(record);
+            this.index.set(keyId, record);
+        });
+        return { record: cloneRecord(record), plaintext };
+    }
+    async list() {
+        await this.syncFromDisk();
+        return Array.from(this.index.values()).map(cloneRecord);
+    }
+    async revoke(keyId) {
+        return this.withLock(async () => {
+            await this.syncInsideLock();
+            const existing = this.index.get(keyId);
+            if (!existing)
+                return false;
+            if (existing.revokedAt)
+                return true; // idempotent
+            const updated = { ...existing, revokedAt: Date.now() };
+            await this.appendRecord(updated);
+            this.index.set(keyId, updated);
+            return true;
+        });
+    }
+    async rotate(keyId) {
+        await this.syncFromDisk();
+        const prior = this.index.get(keyId);
+        if (!prior) {
+            throw new Error(`unknown keyId: ${keyId}`);
+        }
+        // Revoke old (best-effort idempotent) then create new with same tenant+scopes.
+        await this.revoke(keyId);
+        return this.create({
+            tenantId: prior.tenantId,
+            scopes: [...prior.scopes],
+            description: prior.description,
+            expiresAt: prior.expiresAt,
+        });
+    }
+    async verify(plaintext) {
+        // Pull in any records appended by peer processes (create/revoke) before
+        // we consult the in-memory index. Without this, a long-lived instance
+        // would keep honouring revoked keys or reject freshly created ones until
+        // process restart.
+        await this.syncFromDisk();
+        // Constant-ish time: always perform exactly one argon2.verify regardless of
+        // miss/hit, against either the real hash or the decoy.
+        const now = Date.now();
+        let candidateHash = this.decoyHash;
+        let candidate = null;
+        if (typeof plaintext === 'string' && plaintext.startsWith(KEY_PREFIX)) {
+            const keyId = computeKeyId(plaintext);
+            const found = this.index.get(keyId) ?? null;
+            if (found && !isRevoked(found) && !isExpired(found, now)) {
+                candidate = found;
+                candidateHash = found.keyHash;
+            }
+        }
+        let ok = false;
+        try {
+            ok = await argon2.verify(candidateHash, plaintext ?? '');
+        }
+        catch {
+            ok = false;
+        }
+        if (ok && candidate) {
+            return cloneRecord(candidate);
+        }
+        return null;
+    }
+    async touchLastUsed(keyId) {
+        // Sync INSIDE the lock so a peer revoke that lands between any pre-lock
+        // sync and our lock acquisition is observed before we build `merged`.
+        // Syncing outside the lock would leave `current.revokedAt` absent, and
+        // appending `{ ...current, lastUsedAt }` plus the subsequent cursor
+        // advance to EOF would clobber the peer revoke in this instance's view
+        // (Codex P1 on commit 64af728).
+        await this.withLock(async () => {
+            await this.syncInsideLock();
+            const current = this.index.get(keyId);
+            if (!current)
+                return;
+            const merged = { ...current, lastUsedAt: Date.now() };
+            await this.appendRecord(merged);
+            this.index.set(keyId, merged);
+        });
+    }
+}
+exports.ApiKeyStore = ApiKeyStore;
+//# sourceMappingURL=api-key-store.js.map

package/dist/auth/api-key-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key-store.js","sourceRoot":"","sources":["../../src/auth/api-key-store.ts"],"names":[],"mappings":";AAAA,+BAA+B;AAC/B,+EAA+E;AAC/E,gFAAgF;AAChF,oEAAoE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyc3D,4CAAgB;AAvczB,+CAAiC;AACjC,uCAAyB;AACzB,uCAAyB;AACzB,2CAA6B;AAC7B,0EAAgD;AAChD,0DAA4C;AAC5C,+CAAiC;AAQjC,MAAM,UAAU,GAAG,UAAU,CAAC;AAC9B,MAAM,YAAY,GAAG,EAAE,CAAC,CAAC,mBAAmB;AAC5C,MAAM,WAAW,GAAmB;IAClC,IAAI,EAAE,MAAM,CAAC,QAAQ;IACrB,UAAU,EAAE,KAAK,EAAE,SAAS;IAC5B,QAAQ,EAAE,CAAC;IACX,WAAW,EAAE,CAAC;CACf,CAAC;AAEF,uDAAuD;AACvD,MAAM,eAAe,GAAG,gEAAgE,CAAC;AAEzF,SAAS,YAAY,CAAC,GAAW;IAC/B,6EAA6E;IAC7E,6EAA6E;IAC7E,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAChC,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,MAAM,IAAI,IAAI,GAAG,EAAE,CAAC;QACvB,GAAG,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;IACD,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,OAAO,GAAG,GAAG,EAAE,EAAE,CAAC;QAChB,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC;QAC9B,GAAG,GAAG,eAAe,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;QACjC,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;IAClB,CAAC;IACD,oEAAoE;IACpE,uDAAuD;IACvD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IACvE,IAAI,GAAG,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,GAAG,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC;IAChE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,YAAY,CAAC,SAAiB;IACrC,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,CAAC;IACtE,4DAA4D;IAC5D,OAAO,IAAI,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAClD,CAAC;AAED,SAAS,eAAe;IACtB,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,gBAAgB;IACvB,OAAO,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,gBAAgB,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,WAAW,CAAC,CAAS;IAC5B,OAAO;QACL,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;QACrB,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,WAAW,EAAE,CAAC,CAAC,WAAW;KAC3B,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,CAAS,EAAE,GAAW;IACvC,OAAO,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,GAAG,GAAG,CAAC;AAC9D,CAAC;AAED,SAAS,SAAS,CAAC,CAAS;IAC1B,OAAO,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,CAAC;AACzC,CAAC;AAED,MAAa,WAAW;IACL,SAAS,CAAS;IAClB,QAAQ,CAAS;IACjB,KAAK,GAAwB,IAAI,GAAG,EAAE,CAAC;IACxD,wEAAwE;IACxE,oEAAoE;IAC5D,SAAS,GAAW,EAAE,CAAC;IAC/B,4EAA4E;IAC5E,sEAAsE;IACtE,4EAA4E;IAC5E,uEAAuE;IACvE,oDAAoD;IAC5C,YAAY,GAAW,CAAC,CAAC;IACzB,WAAW,GAAW,CAAC,CAAC;IAChC,yEAAyE;IACzE,4CAA4C;IACpC,WAAW,GAAyB,IAAI,CAAC;IAEjD,YAAoB,SAAiB;QACnC,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,QAAQ,GAAG,SAAS,GAAG,OAAO,CAAC;IACtC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAkB;QAClC,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;QAC9D,MAAM,SAAS,GAAG,SAAS,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,gBAAgB,EAAE,CAAC,CAAC;QAC1G,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACpC,qEAAqE;QACrE,uEAAuE;QACvE,kEAAkE;QAClE,oEAAoE;QACpE,4CAA4C;QAC5C,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,EAAE;YAC9C,SAAS,EAAE,IAAI;YACf,IAAI,EAAE,KAAK;SACZ,CAAC,CAAC;QACH,IAAI,UAAU,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YAC/C,IAAI,CAAC;gBACH,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YACtC,CAAC;YAAC,MAAM,CAAC;gBACP,cAAc;YAChB,CAAC;QACH,CAAC;QAED,wEAAwE;QACxE,wEAAwE;QACxE,4CAA4C;QAC5C,IAAI,WAAW,GAAG,KAAK,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACtC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YAC5D,WAAW,GAAG,IAAI,CAAC;QACrB,CAAC;QACD,IAAI,WAAW,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YAChD,IAAI,CAAC;gBACH,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YAC5C,CAAC;YAAC,MAAM,CAAC;gBACP,cAAc;YAChB,CAAC;QACH,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC,SAAS,CAAC,CAAC;QACzC,MAAM,KAAK,CAAC,YAAY,EAAE,CAAC;QAC3B,2EAA2E;QAC3E,iEAAiE;QACjE,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC3D,KAAK,CAAC,SAAS,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QAC9D,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,UAAU,CAAC,IAAY;QAC7B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACpC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;gBAAE,SAAS;YAC3B,IAAI,MAAc,CAAC;YACnB,IAAI,CAAC;gBACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAW,CAAC;YACtC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,gDAAgD,EAAE,GAAG,CAAC,CAAC;gBACrE,SAAS;YACX,CAAC;YACD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ;gBAAE,SAAS;YAC1D,wEAAwE;YACxE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC3C,IAAI,KAAK,IAAI,KAAK,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBAClD,MAAM,CAAC,SAAS,GAAG,KAAK,CAAC,SAAS,CAAC;YACrC,CAAC;YACD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,yEAAyE;IACzE,iEAAiE;IACzD,KAAK,CAAC,cAAc;QAC1B,IAAI,IAAc,CAAC;QACnB,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAChD,CAAC;QAAC,MAAM,CAAC;YACP,iEAAiE;YACjE,qCAAqC;YACrC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YACnB,IAAI,CAAC,YAAY,GAAG,CAAC,CAAC;YACtB,IAAI,CAAC,WAAW,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QACD,gEAAgE;QAChE,IACE,CAAC,IAAI,CAAC,WAAW,KAAK,CAAC,IAAI,IAAI,CAAC,GAAG,KAAK,IAAI,CAAC,WAAW,CAAC;YACzD,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,YAAY,EAC7B,CAAC;YACD,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YACnB,IAAI,CAAC,YAAY,GAAG,CAAC,CAAC;QACxB,CAAC;QACD,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC;QAC5B,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,YAAY;YAAE,OAAO;QAE5C,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC;QAC7C,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;QACvD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YACvC,gEAAgE;YAChE,gEAAgE;YAChE,iEAAiE;YACjE,gEAAgE;YAChE,yBAAyB;YACzB,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;YACvE,IAAI,SAAS,IAAI,CAAC;gBAAE,OAAO;YAC3B,IAAI,SAAS,GAAG,MAAM,EAAE,CAAC;gBACvB,oEAAoE;gBACpE,mEAAmE;gBACnE,iEAAiE;gBACjE,gDAAgD;gBAChD,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;gBACnB,IAAI,CAAC,YAAY,GAAG,CAAC,CAAC;gBACtB,IAAI,CAAC,WAAW,GAAG,CAAC,CAAC;gBACrB,OAAO;YACT,CAAC;YACD,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YACzD,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;YAC3C,IAAI,WAAW,GAAG,CAAC;gBAAE,OAAO;YAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,WAAW,GAAG,CAAC,CAAC,CAAC;YAChD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YAC1B,IAAI,CAAC,YAAY,IAAI,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC3D,CAAC;gBAAS,CAAC;YACT,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC;QACnB,CAAC;IACH,CAAC;IAED,0EAA0E;IAC1E,sEAAsE;IACtE,wEAAwE;IACxE,6CAA6C;IACrC,KAAK,CAAC,YAAY;QACxB,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC,WAAW,CAAC;QAC9C,IAAI,CAAC,WAAW,GAAG,CAAC,KAAK,IAAI,EAAE;YAC7B,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAC9B,CAAC;oBAAS,CAAC;gBACT,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YAC1B,CAAC;QACH,CAAC,CAAC,EAAE,CAAC;QACL,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,uEAAuE;IACvE,yEAAyE;IACzE,yEAAyE;IACzE,uEAAuE;IACvE,sEAAsE;IACtE,qEAAqE;IACrE,yEAAyE;IACjE,KAAK,CAAC,cAAc;QAC1B,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC;YACxB,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,WAAW,CAAC;YACzB,CAAC;YAAC,MAAM,CAAC;gBACP,iEAAiE;gBACjE,gEAAgE;YAClE,CAAC;QACH,CAAC;QACD,IAAI,CAAC,WAAW,GAAG,CAAC,KAAK,IAAI,EAAE;YAC7B,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAC9B,CAAC;oBAAS,CAAC;gBACT,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YAC1B,CAAC;QACH,CAAC,CAAC,EAAE,CAAC;QACL,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAEO,KAAK,CAAC,QAAQ,CAAI,EAAoB;QAC5C,qDAAqD;QACrD,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC3C,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACnE,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE;YAClD,YAAY,EAAE,IAAI,CAAC,QAAQ;YAC3B,OAAO,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE;YACzD,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;QACH,IAAI,CAAC;YACH,OAAO,MAAM,EAAE,EAAE,CAAC;QACpB,CAAC;gBAAS,CAAC;YACT,MAAM,OAAO,EAAE,CAAC;QAClB,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,MAAc;QACvC,IAAI,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAClD,IAAI,EAAE,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;gBAChB,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;gBACvD,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAC7B,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC;oBAC7D,IAAI,SAAS,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;wBACxC,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC;oBACrB,CAAC;gBACH,CAAC;wBAAS,CAAC;oBACT,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC;gBACnB,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,yEAAyE;YACzE,iCAAiC;QACnC,CAAC;QACD,MAAM,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACpE,sEAAsE;QACtE,0EAA0E;QAC1E,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAClD,IAAI,CAAC,YAAY,GAAG,EAAE,CAAC,IAAI,CAAC;YAC5B,IAAI,CAAC,WAAW,GAAG,EAAE,CAAC,GAAG,CAAC;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,iDAAiD;QACnD,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,OAAiB;QACxC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC7F,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,IAAA,2BAAe,EAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,GAAG,EAAE,EAAE;gBAC7D,IAAI,GAAG;oBAAE,MAAM,CAAC,GAAG,CAAC,CAAC;;oBAChB,OAAO,EAAE,CAAC;YACjB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAwB;QACnC,IAAI,CAAC,KAAK,CAAC,QAAQ,IAAI,OAAO,KAAK,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9D,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QACD,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC3E,MAAM,SAAS,GAAG,GAAG,UAAU,GAAG,KAAK,CAAC,QAAQ,IAAI,MAAM,EAAE,CAAC;QAC7D,MAAM,KAAK,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QAC1D,MAAM,MAAM,GAAW;YACrB,KAAK;YACL,OAAO;YACP,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,MAAM,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,CAAY;YACpC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,EAAE;SACrC,CAAC;QACF,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE;YAC7B,sEAAsE;YACtE,iEAAiE;YACjE,oEAAoE;YACpE,+DAA+D;YAC/D,sBAAsB;YACtB,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAC5B,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAChC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;QACH,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,EAAE,SAAS,EAAE,CAAC;IACpD,CAAC;IAED,KAAK,CAAC,IAAI;QACR,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAC1D,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa;QACxB,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE;YAC9B,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACvC,IAAI,CAAC,QAAQ;gBAAE,OAAO,KAAK,CAAC;YAC5B,IAAI,QAAQ,CAAC,SAAS;gBAAE,OAAO,IAAI,CAAC,CAAC,aAAa;YAClD,MAAM,OAAO,GAAW,EAAE,GAAG,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC/D,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;YACjC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa;QACxB,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC1B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACpC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,kBAAkB,KAAK,EAAE,CAAC,CAAC;QAC7C,CAAC;QACD,+EAA+E;QAC/E,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACzB,OAAO,IAAI,CAAC,MAAM,CAAC;YACjB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,MAAM,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC;YACzB,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,SAAS,EAAE,KAAK,CAAC,SAAS;SAC3B,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,SAAiB;QAC5B,wEAAwE;QACxE,sEAAsE;QACtE,yEAAyE;QACzE,mBAAmB;QACnB,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC1B,4EAA4E;QAC5E,uDAAuD;QACvD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC;QACnC,IAAI,SAAS,GAAkB,IAAI,CAAC;QAEpC,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACtE,MAAM,KAAK,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;YACtC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC;YAC5C,IAAI,KAAK,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE,CAAC;gBACzD,SAAS,GAAG,KAAK,CAAC;gBAClB,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC;YAChC,CAAC;QACH,CAAC;QAED,IAAI,EAAE,GAAG,KAAK,CAAC;QACf,IAAI,CAAC;YACH,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,aAAa,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;QAC3D,CAAC;QAAC,MAAM,CAAC;YACP,EAAE,GAAG,KAAK,CAAC;QACb,CAAC;QACD,IAAI,EAAE,IAAI,SAAS,EAAE,CAAC;YACpB,OAAO,WAAW,CAAC,SAAS,CAAC,CAAC;QAChC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,KAAa;QAC/B,wEAAwE;QACxE,sEAAsE;QACtE,uEAAuE;QACvE,oEAAoE;QACpE,uEAAuE;QACvE,gCAAgC;QAChC,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE;YAC7B,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACtC,IAAI,CAAC,OAAO;gBAAE,OAAO;YACrB,MAAM,MAAM,GAAW,EAAE,GAAG,OAAO,EAAE,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC9D,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAChC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAhXD,kCAgXC"}