openllmprovider 0.1.0

package/dist/resolver-BA7LWSJO.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolver-BA7LWSJO.mjs","names":["log","log"],"sources":["../src/auth/scanners.ts","../src/auth/store.ts","../src/auth/resolver.ts"],"sourcesContent":["import { createLogger } from '../logger.js'\n\nconst log = createLogger('auth:scanners')\n\n// ---------------------------------------------------------------------------\n// Core types\n// ---------------------------------------------------------------------------\n\nexport interface DiskScanResult {\n  providerId: string\n  source: string\n  key?: string\n  credentialType?: 'api' | 'oauth' | 'wellknown'\n  refresh?: string\n  accountId?: string\n  expires?: number\n}\n\nexport interface DiskScanner {\n  name: string\n  scan(ctx: ScanContext): Promise<DiskScanResult[]>\n}\n\nexport interface ScanContext {\n  readFile(path: string): Promise<string | undefined>\n  homedir(): string\n  platform(): string\n  env(name: string): string | undefined\n  exec?(command: string): Promise<string | undefined>\n}\n\n// ---------------------------------------------------------------------------\n// Default ScanContext (Node.js)\n// ---------------------------------------------------------------------------\n\nexport function createNodeScanContext(): ScanContext {\n  return {\n    async readFile(path: string): Promise<string | undefined> {\n      try {\n        const fs = await import('node:fs/promises')\n        return await fs.readFile(path, 'utf-8')\n      } catch {\n        return undefined\n      }\n    },\n    homedir(): string {\n      return process.env.HOME ?? process.env.USERPROFILE ?? ''\n    },\n    platform(): string {\n      return process.platform\n    },\n    env(name: string): string | undefined {\n      return process.env[name]\n    },\n    async exec(command: string): Promise<string | undefined> {\n      try {\n        const { execSync } = await import('node:child_process')\n        return execSync(command, { encoding: 'utf-8', timeout: 5000, stdio: ['pipe', 'pipe', 'pipe'] }).trim()\n      } catch {\n        return undefined\n      }\n    },\n  }\n}\n\n// ---------------------------------------------------------------------------\n// Helpers\n// ---------------------------------------------------------------------------\n\nfunction join(base: string, ...segments: string[]): string {\n  return [base, ...segments].join('/')\n}\n\nfunction parseJson(raw: string): Record<string, unknown> | undefined {\n  try {\n    const parsed = JSON.parse(raw)\n    return parsed && typeof parsed === 'object' && !Array.isArray(parsed)\n      ? (parsed as Record<string, unknown>)\n      : undefined\n  } catch {\n    return undefined\n  }\n}\n\nfunction stripJsonComments(raw: string): string {\n  return raw.replace(/\\/\\*[\\s\\S]*?\\*\\//g, '').replace(/^\\s*\\/\\/.*$/gm, '')\n}\n\nasync function readJson(ctx: ScanContext, path: string): Promise<Record<string, unknown> | undefined> {\n  const raw = await ctx.readFile(path)\n  if (!raw) return undefined\n  return parseJson(raw) ?? parseJson(stripJsonComments(raw))\n}\n\nfunction configDir(ctx: ScanContext): string {\n  const xdg = ctx.env('XDG_CONFIG_HOME')\n  if (xdg) return xdg\n  return join(ctx.homedir(), '.config')\n}\n\n// ---------------------------------------------------------------------------\n// Scanners\n// ---------------------------------------------------------------------------\n\nconst copilotScanner: DiskScanner = {\n  name: 'github-copilot',\n  async scan(ctx) {\n    const results: DiskScanResult[] = []\n    const base = join(configDir(ctx), 'github-copilot')\n    const files = ['hosts.json', 'apps.json']\n\n    for (const file of files) {\n      const path = join(base, file)\n      const json = await readJson(ctx, path)\n      if (!json) continue\n\n      for (const [key, value] of Object.entries(json)) {\n        if (!key.includes('github.com')) continue\n        const token = value && typeof value === 'object' ? (value as Record<string, unknown>).oauth_token : undefined\n        if (typeof token === 'string' && token.length > 0) {\n          log('copilot: found token in %s', path)\n          results.push({ providerId: 'github-copilot', source: path, key: token })\n          return results\n        }\n      }\n    }\n\n    return results\n  },\n}\n\nconst claudeCodeScanner: DiskScanner = {\n  name: 'claude-code',\n  async scan(ctx) {\n    const results: DiskScanResult[] = []\n    const base = join(ctx.homedir(), '.claude')\n    const files = ['settings.json', 'settings.local.json']\n\n    for (const file of files) {\n      const path = join(base, file)\n      const json = await readJson(ctx, path)\n      if (!json) continue\n\n      for (const field of ['anthropicApiKey', 'anthropic_api_key', 'ANTHROPIC_API_KEY', 'apiKey']) {\n        const value = json[field]\n        if (typeof value === 'string' && value.length > 0) {\n          log('claude-code: found key in %s (%s)', path, field)\n          results.push({ providerId: 'anthropic', source: path, key: value })\n          return results\n        }\n      }\n    }\n\n    return results\n  },\n}\n\nconst codexCliScanner: DiskScanner = {\n  name: 'codex-cli',\n  async scan(ctx) {\n    const results: DiskScanResult[] = []\n    const authPath = join(ctx.homedir(), '.codex', 'auth.json')\n    const json = await readJson(ctx, authPath)\n    if (!json) return results\n    // Check for OPENAI_API_KEY first (user-set API key takes priority)\n    const apiKey = json.OPENAI_API_KEY\n    if (typeof apiKey === 'string' && apiKey.length > 0) {\n      log('codex-cli: found OPENAI_API_KEY in %s', authPath)\n      results.push({ providerId: 'openai', source: authPath, key: apiKey, credentialType: 'api' })\n      return results\n    }\n\n    // OAuth tokens from codex login\n    const tokens = json.tokens\n    if (tokens !== null && typeof tokens === 'object' && !Array.isArray(tokens)) {\n      const t = tokens as Record<string, unknown>\n      const accessToken = t.access_token\n      if (typeof accessToken === 'string' && accessToken.length > 0) {\n        const refreshToken = typeof t.refresh_token === 'string' ? t.refresh_token : undefined\n        const accountId = typeof t.account_id === 'string' ? t.account_id : undefined\n        log('codex-cli: found OAuth tokens in %s', authPath)\n        results.push({\n          providerId: 'openai',\n          source: authPath,\n          key: accessToken,\n          credentialType: 'oauth',\n          refresh: refreshToken,\n          accountId,\n        })\n        return results\n      }\n    }\n\n    // Fallback: flat token or apiKey field\n    const token = json.token ?? json.apiKey\n    if (typeof token === 'string' && token.length > 0) {\n      results.push({ providerId: 'openai', source: authPath, key: token })\n    }\n    return results\n  },\n}\n\nconst geminiCliScanner: DiskScanner = {\n  name: 'gemini-cli',\n  async scan(ctx) {\n    const results: DiskScanResult[] = []\n    const geminiHome = ctx.env('GEMINI_CLI_HOME') ?? join(ctx.homedir(), '.gemini')\n    const files = ['oauth_creds.json', 'google_accounts.json']\n\n    for (const file of files) {\n      const path = join(geminiHome, file)\n      const json = await readJson(ctx, path)\n      if (!json) continue\n      const accessToken = typeof json.access_token === 'string' ? json.access_token : undefined\n      const refreshToken = typeof json.refresh_token === 'string' ? json.refresh_token : undefined\n      const expiryDate = typeof json.expiry_date === 'number' ? json.expiry_date : undefined\n\n      if (accessToken || refreshToken) {\n        log('gemini-cli: found credentials in %s', path)\n        results.push({\n          providerId: 'google',\n          source: path,\n          key: accessToken,\n          credentialType: 'oauth',\n          refresh: refreshToken,\n          expires: expiryDate,\n        })\n        return results\n      }\n\n      // Fallback: google_accounts.json with accounts array\n      if (Array.isArray(json.accounts) && (json.accounts as unknown[]).length > 0) {\n        log('gemini-cli: found credentials in %s', path)\n        results.push({ providerId: 'google', source: path })\n        return results\n      }\n    }\n\n    return results\n  },\n}\n\nconst gcloudAdcScanner: DiskScanner = {\n  name: 'gcloud-adc',\n  async scan(ctx) {\n    const results: DiskScanResult[] = []\n    const cloudSdkConfig = ctx.env('CLOUDSDK_CONFIG')\n    const paths = [\n      ctx.env('GOOGLE_APPLICATION_CREDENTIALS'),\n      cloudSdkConfig ? join(cloudSdkConfig, 'application_default_credentials.json') : undefined,\n      join(configDir(ctx), 'gcloud', 'application_default_credentials.json'),\n    ].filter((p): p is string => typeof p === 'string')\n\n    for (const path of paths) {\n      const json = await readJson(ctx, path)\n      if (!json) continue\n\n      if ('refresh_token' in json || 'type' in json || 'private_key' in json) {\n        log('gcloud-adc: found ADC in %s', path)\n        results.push({ providerId: 'google-vertex', source: path })\n        return results\n      }\n    }\n\n    return results\n  },\n}\n\nconst awsCredentialsScanner: DiskScanner = {\n  name: 'aws-credentials',\n  async scan(ctx) {\n    const results: DiskScanResult[] = []\n    const credPath = ctx.env('AWS_SHARED_CREDENTIALS_FILE') ?? join(ctx.homedir(), '.aws', 'credentials')\n    const raw = await ctx.readFile(credPath)\n    if (!raw) return results\n\n    const profile = ctx.env('AWS_PROFILE') ?? 'default'\n    const key = parseIniProfileKey(raw, profile, 'aws_access_key_id')\n\n    if (key) {\n      log('aws: found credentials for profile [%s] in %s', profile, credPath)\n      results.push({ providerId: 'amazon-bedrock', source: credPath })\n    }\n\n    return results\n  },\n}\n\nconst opencodeAuthScanner: DiskScanner = {\n  name: 'opencode-auth',\n  async scan(ctx) {\n    const results: DiskScanResult[] = []\n    const xdgData = ctx.env('XDG_DATA_HOME')\n    const home = ctx.homedir()\n    const platform = ctx.platform()\n\n    const paths = [\n      xdgData ? join(xdgData, 'opencode', 'auth.json') : undefined,\n      platform === 'darwin' ? join(home, 'Library', 'Application Support', 'opencode', 'auth.json') : undefined,\n      join(home, '.local', 'share', 'opencode', 'auth.json'),\n      join(home, '.config', 'opencode', 'auth.json'),\n    ].filter((p): p is string => typeof p === 'string')\n\n    for (const path of paths) {\n      const json = await readJson(ctx, path)\n      if (!json) continue\n\n      for (const [providerId, entry] of Object.entries(json)) {\n        if (!entry || typeof entry !== 'object') continue\n        const typed = entry as Record<string, unknown>\n        const type = typed.type\n        if (type !== 'api' && type !== 'oauth' && type !== 'wellknown') continue\n\n        const key = typeof typed.key === 'string' ? typed.key : undefined\n        const refresh = typeof typed.refresh === 'string' ? typed.refresh : undefined\n        const accountId = typeof typed.accountId === 'string' ? typed.accountId : undefined\n        const expires = typeof typed.expires === 'number' ? typed.expires : undefined\n        log('opencode-auth: found %s (%s) in %s', providerId, type, path)\n        results.push({\n          providerId,\n          source: path,\n          key,\n          credentialType: type as DiskScanResult['credentialType'],\n          refresh,\n          accountId,\n          expires,\n        })\n      }\n\n      if (results.length > 0) return results\n    }\n\n    return results\n  },\n}\n\nconst vscodeSettingsScanner: DiskScanner = {\n  name: 'vscode',\n  async scan(ctx) {\n    const results: DiskScanResult[] = []\n    const home = ctx.homedir()\n    const platform = ctx.platform()\n\n    const vscodePaths = [\n      platform === 'darwin'\n        ? join(home, 'Library', 'Application Support', 'Code', 'User', 'globalStorage', 'github.copilot', 'hosts.json')\n        : undefined,\n      join(configDir(ctx), 'Code', 'User', 'globalStorage', 'github.copilot', 'hosts.json'),\n    ].filter((p): p is string => typeof p === 'string')\n\n    for (const path of vscodePaths) {\n      const json = await readJson(ctx, path)\n      if (!json) continue\n\n      for (const [key, value] of Object.entries(json)) {\n        if (!key.includes('github.com')) continue\n        const token = value && typeof value === 'object' ? (value as Record<string, unknown>).oauth_token : undefined\n        if (typeof token === 'string' && token.length > 0) {\n          log('vscode: found copilot token in %s', path)\n          results.push({ providerId: 'github-copilot', source: path, key: token })\n          return results\n        }\n      }\n    }\n\n    return results\n  },\n}\n\n// ---------------------------------------------------------------------------\n// INI parser (minimal, for AWS credentials)\n// ---------------------------------------------------------------------------\n\nfunction parseIniProfileKey(raw: string, profile: string, key: string): string | undefined {\n  const lines = raw.split('\\n')\n  let inProfile = false\n\n  for (const line of lines) {\n    const trimmed = line.trim()\n    if (trimmed.startsWith('[')) {\n      const name = trimmed.slice(1, trimmed.indexOf(']')).trim()\n      inProfile = name === profile\n      continue\n    }\n    if (inProfile && trimmed.startsWith(key)) {\n      const eq = trimmed.indexOf('=')\n      if (eq !== -1) return trimmed.slice(eq + 1).trim()\n    }\n  }\n  return undefined\n}\n\n// ---------------------------------------------------------------------------\n// Registry\n// ---------------------------------------------------------------------------\n\nconst cursorScanner: DiskScanner = {\n  name: 'cursor',\n  async scan(ctx) {\n    const results: DiskScanResult[] = []\n    const home = ctx.homedir()\n    const platform = ctx.platform()\n\n    const dbPaths = [\n      platform === 'darwin'\n        ? join(home, 'Library', 'Application Support', 'Cursor', 'User', 'globalStorage', 'state.vscdb')\n        : undefined,\n      platform === 'win32'\n        ? join(ctx.env('APPDATA') ?? join(home, 'AppData', 'Roaming'), 'Cursor', 'User', 'globalStorage', 'state.vscdb')\n        : undefined,\n      join(configDir(ctx), 'Cursor', 'User', 'globalStorage', 'state.vscdb'),\n    ].filter((p): p is string => typeof p === 'string')\n\n    if (!ctx.exec) return results\n\n    for (const dbPath of dbPaths) {\n      const query = `SELECT value FROM ItemTable WHERE key='cursorAuth/openAIKey'`\n      const value = await ctx.exec(`sqlite3 \"${dbPath}\" \"${query}\"`)\n      if (value && value.length > 0) {\n        log('cursor: found openAIKey in %s', dbPath)\n        results.push({ providerId: 'cursor', source: dbPath, key: value })\n        return results\n      }\n    }\n\n    return results\n  },\n}\n\nexport const DEFAULT_SCANNERS: DiskScanner[] = [\n  copilotScanner,\n  vscodeSettingsScanner,\n  claudeCodeScanner,\n  codexCliScanner,\n  geminiCliScanner,\n  gcloudAdcScanner,\n  awsCredentialsScanner,\n  cursorScanner,\n  opencodeAuthScanner,\n]\n\nexport async function runDiskScanners(scanners: DiskScanner[], ctx?: ScanContext): Promise<DiskScanResult[]> {\n  const scanCtx = ctx ?? createNodeScanContext()\n  const results: DiskScanResult[] = []\n\n  for (const scanner of scanners) {\n    try {\n      const found = await scanner.scan(scanCtx)\n      results.push(...found)\n    } catch (err: unknown) {\n      log('scanner %s failed: %s', scanner.name, err instanceof Error ? err.message : String(err))\n    }\n  }\n\n  return results\n}\n","import { createLogger } from '../logger.js'\nimport { type StorageAdapter, createDefaultStorage } from '../storage/index.js'\nimport type { AuthCredential } from '../types/plugin.js'\nimport type { DiskScanResult, DiskScanner, ScanContext } from './scanners.js'\nimport { DEFAULT_SCANNERS, createNodeScanContext, runDiskScanners } from './scanners.js'\n\nconst log = createLogger('auth')\n\nexport interface DiscoveredCredential {\n  providerId: string\n  source: 'env' | 'disk' | 'auth'\n  key?: string\n  credential?: AuthCredential\n  location?: string\n}\n\nexport interface DiscoverOptions {\n  scanners?: DiskScanner[]\n  scanContext?: ScanContext\n  skipDiskScan?: boolean\n  skipEnvScan?: boolean\n  persist?: boolean\n}\n\nexport interface AuthStoreOptions {\n  storage?: StorageAdapter\n  data?: Record<string, AuthCredential>\n}\n\nexport interface AuthStore {\n  all(): Promise<Record<string, AuthCredential>>\n  get(providerId: string): Promise<AuthCredential | null>\n  set(providerId: string, credential: AuthCredential): Promise<void>\n  remove(providerId: string): Promise<void>\n  discover(options?: DiscoverOptions): Promise<DiscoveredCredential[]>\n  getPreferred?(providerId: string, prefer: 'api' | 'oauth'): Promise<AuthCredential | null>\n}\n\nfunction pickBestCredential(creds: AuthCredential[], prefer: 'api' | 'oauth' = 'api'): AuthCredential | undefined {\n  if (creds.length === 0) return undefined\n  const preferred = creds.find((c) => c.type === prefer && c.key !== undefined)\n  if (preferred !== undefined) return preferred\n  const withKey = creds.find((c) => c.key !== undefined)\n  if (withKey !== undefined) return withKey\n  return creds[0]\n}\n\nexport function createAuthStore(options?: AuthStoreOptions): AuthStore {\n  const externalData = options?.data\n  let storagePromise: Promise<StorageAdapter> | undefined\n  const discoveredCredentials = new Map<string, AuthCredential[]>()\n\n  log('auth store created, external=%s', externalData !== undefined)\n\n  function getStorage(): Promise<StorageAdapter> {\n    if (storagePromise === undefined) {\n      storagePromise = options?.storage ? Promise.resolve(options.storage) : createDefaultStorage()\n    }\n    return storagePromise\n  }\n\n  async function readAuthState(): Promise<Record<string, AuthCredential>> {\n    if (externalData !== undefined) {\n      log('using external data, skipping file read')\n      return { ...externalData }\n    }\n\n    const storage = await getStorage()\n    const raw = await storage.get(AUTH_STORE_KEY)\n    if (raw === null) {\n      log('auth store not found, returning empty store')\n      return {}\n    }\n\n    const parsed: unknown = JSON.parse(raw)\n    if (typeof parsed !== 'object' || parsed === null || Array.isArray(parsed)) {\n      log('auth store payload is malformed, returning empty store')\n      return {}\n    }\n\n    const normalized = normalizeAuthState(parsed as Record<string, unknown>)\n    log('read auth store with %d entries', Object.keys(normalized).length)\n    return normalized\n  }\n\n  async function writeAuthState(data: Record<string, AuthCredential>): Promise<void> {\n    if (externalData !== undefined) {\n      for (const [k, v] of Object.entries(data)) {\n        externalData[k] = v\n      }\n      for (const k of Object.keys(externalData)) {\n        if (!(k in data)) {\n          delete externalData[k]\n        }\n      }\n      log('updated external data, %d entries', Object.keys(externalData).length)\n      return\n    }\n\n    const content = JSON.stringify(data, null, 2)\n    const storage = await getStorage()\n    await storage.set(AUTH_STORE_KEY, content)\n\n    log('wrote auth store with %d entries', Object.keys(data).length)\n  }\n\n  function mergeWithDiscovered(fileData: Record<string, AuthCredential>): Record<string, AuthCredential> {\n    if (discoveredCredentials.size === 0) return fileData\n    const merged = { ...fileData }\n    for (const [pid, creds] of discoveredCredentials) {\n      if (merged[pid] === undefined || !merged[pid].key) {\n        const best = pickBestCredential(creds, 'api')\n        if (best !== undefined) {\n          merged[pid] = best\n        }\n      }\n    }\n    log(\n      'merged %d discovered credentials with %d file entries',\n      discoveredCredentials.size,\n      Object.keys(fileData).length\n    )\n    return merged\n  }\n\n  function pushDiscoveredCredential(providerId: string, credential: AuthCredential): void {\n    const arr = discoveredCredentials.get(providerId) ?? []\n    arr.push(credential)\n    discoveredCredentials.set(providerId, arr)\n  }\n\n  function pushDiscoveredResultOnce(\n    seen: Set<string>,\n    results: DiscoveredCredential[],\n    result: DiscoveredCredential\n  ): boolean {\n    if (seen.has(result.providerId)) return false\n    seen.add(result.providerId)\n    results.push(result)\n    return true\n  }\n\n  function buildCredentialFromEnv(envVar: string, key: string): AuthCredential {\n    return buildCredential({ type: 'api', key, location: `env:${envVar}` })\n  }\n\n  function buildCredentialFromDisk(result: DiskScanResult): AuthCredential | undefined {\n    if (result.key === undefined) return undefined\n    return buildCredential({\n      type: result.credentialType ?? 'api',\n      key: result.key,\n      location: result.source,\n      refresh: result.refresh,\n      accountId: result.accountId,\n      expires: result.expires,\n    })\n  }\n\n  return {\n    async all(): Promise<Record<string, AuthCredential>> {\n      return mergeWithDiscovered(await readAuthState())\n    },\n\n    async get(providerId: string): Promise<AuthCredential | null> {\n      const store = mergeWithDiscovered(await readAuthState())\n      const credential = store[providerId]\n      if (credential === undefined) {\n        log('get(%s): not found', providerId)\n        return null\n      }\n      log('get(%s): found type=%s', providerId, credential.type)\n      return credential\n    },\n\n    async set(providerId: string, credential: AuthCredential): Promise<void> {\n      const store = await readAuthState()\n      store[providerId] = credential\n      await writeAuthState(store)\n      log('set(%s): type=%s', providerId, credential.type)\n    },\n\n    async remove(providerId: string): Promise<void> {\n      const store = await readAuthState()\n      if (!(providerId in store)) {\n        log('remove(%s): not found, no-op', providerId)\n        return\n      }\n      delete store[providerId]\n      await writeAuthState(store)\n      log('remove(%s): done', providerId)\n    },\n\n    async discover(discoverOptions?: DiscoverOptions): Promise<DiscoveredCredential[]> {\n      const results: DiscoveredCredential[] = []\n      const seen = new Set<string>()\n\n      if (!discoverOptions?.skipEnvScan) {\n        for (const [envVar, providerId] of ENV_HINTS) {\n          const value = process.env[envVar]\n          if (value) {\n            pushDiscoveredCredential(providerId, buildCredentialFromEnv(envVar, value))\n            pushDiscoveredResultOnce(seen, results, { providerId, source: 'env', key: value })\n            log('discover: %s [api] from env:%s', providerId, envVar)\n          }\n        }\n      }\n\n      if (!discoverOptions?.skipDiskScan) {\n        const scanners = discoverOptions?.scanners ?? DEFAULT_SCANNERS\n        const ctx = discoverOptions?.scanContext ?? createNodeScanContext()\n        const diskResults = await runDiskScanners(scanners, ctx)\n\n        for (const disk of diskResults) {\n          const credType = disk.credentialType ?? 'api'\n          pushDiscoveredResultOnce(seen, results, {\n            providerId: disk.providerId,\n            source: 'disk',\n            key: disk.key,\n            location: disk.source,\n          })\n          const cred = buildCredentialFromDisk(disk)\n          if (cred !== undefined) {\n            pushDiscoveredCredential(disk.providerId, cred)\n            log('discover: %s [%s] from %s', disk.providerId, credType, disk.source)\n          }\n        }\n      }\n\n      if (discoverOptions?.persist === true) {\n        const persistedCount = await persistDiscoveredCredentials()\n        log('discover: persisted %d providers to auth store', persistedCount)\n      }\n\n      let authData: Record<string, AuthCredential>\n      try {\n        authData = await readAuthState()\n      } catch (err: unknown) {\n        log('discover: failed to read auth store: %s', err instanceof Error ? err.message : String(err))\n        authData = {}\n      }\n\n      for (const [providerId, credential] of Object.entries(authData)) {\n        const added = pushDiscoveredResultOnce(seen, results, { providerId, source: 'auth', credential })\n        if (added) log('discover: %s via auth store', providerId)\n      }\n\n      log('discover: complete, %d providers found', results.length)\n      return results\n    },\n\n    async getPreferred(providerId: string, prefer: 'api' | 'oauth'): Promise<AuthCredential | null> {\n      const creds = discoveredCredentials.get(providerId)\n      if (creds !== undefined && creds.length > 0) {\n        const best = pickBestCredential(creds, prefer)\n        if (best !== undefined) return best\n      }\n      const store = mergeWithDiscovered(await readAuthState())\n      const credential = store[providerId]\n      return credential ?? null\n    },\n  }\n\n  async function persistDiscoveredCredentials(): Promise<number> {\n    if (discoveredCredentials.size === 0) return 0\n\n    const store = await readAuthState()\n    let changed = 0\n\n    for (const [providerId, creds] of discoveredCredentials) {\n      const existing = store[providerId]\n      if (existing?.key) {\n        continue\n      }\n\n      const best = pickBestCredential(creds, 'api')\n      if (best === undefined) {\n        continue\n      }\n\n      store[providerId] = best\n      changed += 1\n    }\n\n    if (changed > 0) {\n      await writeAuthState(store)\n    }\n\n    return changed\n  }\n}\n\nconst AUTH_STORE_KEY = 'auth:store'\n\ninterface CredentialBuildInput {\n  type: 'api' | 'oauth' | 'wellknown'\n  key?: string\n  location?: string\n  refresh?: string\n  accountId?: string\n  expires?: number\n}\n\nfunction buildCredential(input: CredentialBuildInput): AuthCredential {\n  const credential: AuthCredential = {\n    type: input.type,\n    key: input.key,\n    location: input.location,\n  }\n\n  if (input.refresh !== undefined) credential.refresh = input.refresh\n  if (input.accountId !== undefined) credential.accountId = input.accountId\n  if (input.expires !== undefined) credential.expires = input.expires\n\n  return credential\n}\n\nfunction normalizeAuthState(input: Record<string, unknown>): Record<string, AuthCredential> {\n  const normalized: Record<string, AuthCredential> = {}\n\n  for (const [providerId, rawCredential] of Object.entries(input)) {\n    const credential = normalizeCredential(rawCredential)\n    if (credential !== undefined) {\n      normalized[providerId] = credential\n    }\n  }\n\n  return normalized\n}\n\nfunction normalizeCredential(rawCredential: unknown): AuthCredential | undefined {\n  if (typeof rawCredential !== 'object' || rawCredential === null || Array.isArray(rawCredential)) {\n    return undefined\n  }\n\n  const typed = rawCredential as Record<string, unknown>\n  const type =\n    typed.type === 'api' || typed.type === 'oauth' || typed.type === 'wellknown' ? typed.type : ('api' as const)\n\n  const key = typeof typed.key === 'string' && typed.key.length > 0 ? typed.key : undefined\n  return {\n    ...typed,\n    type,\n    key,\n  } as AuthCredential\n}\n\nconst ENV_HINTS: Array<[string, string]> = [\n  ['ANTHROPIC_API_KEY', 'anthropic'],\n  ['OPENAI_API_KEY', 'openai'],\n  ['GOOGLE_GENERATIVE_AI_API_KEY', 'google'],\n  ['GOOGLE_API_KEY', 'google'],\n  ['AZURE_API_KEY', 'azure'],\n  ['XAI_API_KEY', 'xai'],\n  ['MISTRAL_API_KEY', 'mistral'],\n  ['GROQ_API_KEY', 'groq'],\n  ['OPENROUTER_API_KEY', 'openrouter'],\n]\n","import { createLogger } from '../logger.js'\nimport type { StorageAdapter } from '../storage/index.js'\nimport type { SecretRef, SecretResolver } from '../types/auth.js'\n\nconst log = createLogger('auth:resolver')\n\nexport function createSecretResolver(storage?: StorageAdapter): SecretResolver {\n  log('secret resolver created, storage=%s', storage !== undefined)\n\n  return {\n    async resolve(ref: SecretRef): Promise<string> {\n      if (typeof ref === 'string') {\n        log('resolve: plain string')\n        return ref\n      }\n\n      if (ref.type === 'plain') {\n        log('resolve: plain value')\n        return ref.value\n      }\n\n      if (ref.type === 'env') {\n        const value = process.env[ref.name]\n        if (value === undefined) {\n          throw new Error(`Environment variable not set: ${ref.name}`)\n        }\n        log('resolve: env %s', ref.name)\n        return value\n      }\n\n      if (ref.type === 'storage') {\n        if (!storage) {\n          throw new Error(`Storage not configured, cannot resolve key: ${ref.key}`)\n        }\n        const value = await storage.get(ref.key)\n        if (value === null) {\n          throw new Error(`Key not found in storage: ${ref.key}`)\n        }\n        log('resolve: storage key=%s', ref.key)\n        return value\n      }\n\n      throw new Error(`Unknown SecretRef type: ${JSON.stringify(ref)}`)\n    },\n  }\n}\n"],"mappings":";;;;AAEA,MAAMA,QAAM,aAAa,gBAAgB;AAiCzC,SAAgB,wBAAqC;AACnD,QAAO;EACL,MAAM,SAAS,MAA2C;AACxD,OAAI;AAEF,WAAO,OADI,MAAM,OAAO,qBACR,SAAS,MAAM,QAAQ;WACjC;AACN;;;EAGJ,UAAkB;AAChB,UAAO,QAAQ,IAAI,QAAQ,QAAQ,IAAI,eAAe;;EAExD,WAAmB;AACjB,UAAO,QAAQ;;EAEjB,IAAI,MAAkC;AACpC,UAAO,QAAQ,IAAI;;EAErB,MAAM,KAAK,SAA8C;AACvD,OAAI;IACF,MAAM,EAAE,aAAa,MAAM,OAAO;AAClC,WAAO,SAAS,SAAS;KAAE,UAAU;KAAS,SAAS;KAAM,OAAO;MAAC;MAAQ;MAAQ;MAAO;KAAE,CAAC,CAAC,MAAM;WAChG;AACN;;;EAGL;;AAOH,SAAS,KAAK,MAAc,GAAG,UAA4B;AACzD,QAAO,CAAC,MAAM,GAAG,SAAS,CAAC,KAAK,IAAI;;AAGtC,SAAS,UAAU,KAAkD;AACnE,KAAI;EACF,MAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,SAAO,UAAU,OAAO,WAAW,YAAY,CAAC,MAAM,QAAQ,OAAO,GAChE,SACD;SACE;AACN;;;AAIJ,SAAS,kBAAkB,KAAqB;AAC9C,QAAO,IAAI,QAAQ,qBAAqB,GAAG,CAAC,QAAQ,iBAAiB,GAAG;;AAG1E,eAAe,SAAS,KAAkB,MAA4D;CACpG,MAAM,MAAM,MAAM,IAAI,SAAS,KAAK;AACpC,KAAI,CAAC,IAAK,QAAO;AACjB,QAAO,UAAU,IAAI,IAAI,UAAU,kBAAkB,IAAI,CAAC;;AAG5D,SAAS,UAAU,KAA0B;CAC3C,MAAM,MAAM,IAAI,IAAI,kBAAkB;AACtC,KAAI,IAAK,QAAO;AAChB,QAAO,KAAK,IAAI,SAAS,EAAE,UAAU;;AAOvC,MAAM,iBAA8B;CAClC,MAAM;CACN,MAAM,KAAK,KAAK;EACd,MAAM,UAA4B,EAAE;EACpC,MAAM,OAAO,KAAK,UAAU,IAAI,EAAE,iBAAiB;AAGnD,OAAK,MAAM,QAFG,CAAC,cAAc,YAAY,EAEf;GACxB,MAAM,OAAO,KAAK,MAAM,KAAK;GAC7B,MAAM,OAAO,MAAM,SAAS,KAAK,KAAK;AACtC,OAAI,CAAC,KAAM;AAEX,QAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,KAAK,EAAE;AAC/C,QAAI,CAAC,IAAI,SAAS,aAAa,CAAE;IACjC,MAAM,QAAQ,SAAS,OAAO,UAAU,WAAY,MAAkC,cAAc;AACpG,QAAI,OAAO,UAAU,YAAY,MAAM,SAAS,GAAG;AACjD,WAAI,8BAA8B,KAAK;AACvC,aAAQ,KAAK;MAAE,YAAY;MAAkB,QAAQ;MAAM,KAAK;MAAO,CAAC;AACxE,YAAO;;;;AAKb,SAAO;;CAEV;AAED,MAAM,oBAAiC;CACrC,MAAM;CACN,MAAM,KAAK,KAAK;EACd,MAAM,UAA4B,EAAE;EACpC,MAAM,OAAO,KAAK,IAAI,SAAS,EAAE,UAAU;AAG3C,OAAK,MAAM,QAFG,CAAC,iBAAiB,sBAAsB,EAE5B;GACxB,MAAM,OAAO,KAAK,MAAM,KAAK;GAC7B,MAAM,OAAO,MAAM,SAAS,KAAK,KAAK;AACtC,OAAI,CAAC,KAAM;AAEX,QAAK,MAAM,SAAS;IAAC;IAAmB;IAAqB;IAAqB;IAAS,EAAE;IAC3F,MAAM,QAAQ,KAAK;AACnB,QAAI,OAAO,UAAU,YAAY,MAAM,SAAS,GAAG;AACjD,WAAI,qCAAqC,MAAM,MAAM;AACrD,aAAQ,KAAK;MAAE,YAAY;MAAa,QAAQ;MAAM,KAAK;MAAO,CAAC;AACnE,YAAO;;;;AAKb,SAAO;;CAEV;AAED,MAAM,kBAA+B;CACnC,MAAM;CACN,MAAM,KAAK,KAAK;EACd,MAAM,UAA4B,EAAE;EACpC,MAAM,WAAW,KAAK,IAAI,SAAS,EAAE,UAAU,YAAY;EAC3D,MAAM,OAAO,MAAM,SAAS,KAAK,SAAS;AAC1C,MAAI,CAAC,KAAM,QAAO;EAElB,MAAM,SAAS,KAAK;AACpB,MAAI,OAAO,WAAW,YAAY,OAAO,SAAS,GAAG;AACnD,SAAI,yCAAyC,SAAS;AACtD,WAAQ,KAAK;IAAE,YAAY;IAAU,QAAQ;IAAU,KAAK;IAAQ,gBAAgB;IAAO,CAAC;AAC5F,UAAO;;EAIT,MAAM,SAAS,KAAK;AACpB,MAAI,WAAW,QAAQ,OAAO,WAAW,YAAY,CAAC,MAAM,QAAQ,OAAO,EAAE;GAC3E,MAAM,IAAI;GACV,MAAM,cAAc,EAAE;AACtB,OAAI,OAAO,gBAAgB,YAAY,YAAY,SAAS,GAAG;IAC7D,MAAM,eAAe,OAAO,EAAE,kBAAkB,WAAW,EAAE,gBAAgB;IAC7E,MAAM,YAAY,OAAO,EAAE,eAAe,WAAW,EAAE,aAAa;AACpE,UAAI,uCAAuC,SAAS;AACpD,YAAQ,KAAK;KACX,YAAY;KACZ,QAAQ;KACR,KAAK;KACL,gBAAgB;KAChB,SAAS;KACT;KACD,CAAC;AACF,WAAO;;;EAKX,MAAM,QAAQ,KAAK,SAAS,KAAK;AACjC,MAAI,OAAO,UAAU,YAAY,MAAM,SAAS,EAC9C,SAAQ,KAAK;GAAE,YAAY;GAAU,QAAQ;GAAU,KAAK;GAAO,CAAC;AAEtE,SAAO;;CAEV;AAED,MAAM,mBAAgC;CACpC,MAAM;CACN,MAAM,KAAK,KAAK;EACd,MAAM,UAA4B,EAAE;EACpC,MAAM,aAAa,IAAI,IAAI,kBAAkB,IAAI,KAAK,IAAI,SAAS,EAAE,UAAU;AAG/E,OAAK,MAAM,QAFG,CAAC,oBAAoB,uBAAuB,EAEhC;GACxB,MAAM,OAAO,KAAK,YAAY,KAAK;GACnC,MAAM,OAAO,MAAM,SAAS,KAAK,KAAK;AACtC,OAAI,CAAC,KAAM;GACX,MAAM,cAAc,OAAO,KAAK,iBAAiB,WAAW,KAAK,eAAe;GAChF,MAAM,eAAe,OAAO,KAAK,kBAAkB,WAAW,KAAK,gBAAgB;GACnF,MAAM,aAAa,OAAO,KAAK,gBAAgB,WAAW,KAAK,cAAc;AAE7E,OAAI,eAAe,cAAc;AAC/B,UAAI,uCAAuC,KAAK;AAChD,YAAQ,KAAK;KACX,YAAY;KACZ,QAAQ;KACR,KAAK;KACL,gBAAgB;KAChB,SAAS;KACT,SAAS;KACV,CAAC;AACF,WAAO;;AAIT,OAAI,MAAM,QAAQ,KAAK,SAAS,IAAK,KAAK,SAAuB,SAAS,GAAG;AAC3E,UAAI,uCAAuC,KAAK;AAChD,YAAQ,KAAK;KAAE,YAAY;KAAU,QAAQ;KAAM,CAAC;AACpD,WAAO;;;AAIX,SAAO;;CAEV;AAED,MAAM,mBAAgC;CACpC,MAAM;CACN,MAAM,KAAK,KAAK;EACd,MAAM,UAA4B,EAAE;EACpC,MAAM,iBAAiB,IAAI,IAAI,kBAAkB;EACjD,MAAM,QAAQ;GACZ,IAAI,IAAI,iCAAiC;GACzC,iBAAiB,KAAK,gBAAgB,uCAAuC,GAAG;GAChF,KAAK,UAAU,IAAI,EAAE,UAAU,uCAAuC;GACvE,CAAC,QAAQ,MAAmB,OAAO,MAAM,SAAS;AAEnD,OAAK,MAAM,QAAQ,OAAO;GACxB,MAAM,OAAO,MAAM,SAAS,KAAK,KAAK;AACtC,OAAI,CAAC,KAAM;AAEX,OAAI,mBAAmB,QAAQ,UAAU,QAAQ,iBAAiB,MAAM;AACtE,UAAI,+BAA+B,KAAK;AACxC,YAAQ,KAAK;KAAE,YAAY;KAAiB,QAAQ;KAAM,CAAC;AAC3D,WAAO;;;AAIX,SAAO;;CAEV;AAED,MAAM,wBAAqC;CACzC,MAAM;CACN,MAAM,KAAK,KAAK;EACd,MAAM,UAA4B,EAAE;EACpC,MAAM,WAAW,IAAI,IAAI,8BAA8B,IAAI,KAAK,IAAI,SAAS,EAAE,QAAQ,cAAc;EACrG,MAAM,MAAM,MAAM,IAAI,SAAS,SAAS;AACxC,MAAI,CAAC,IAAK,QAAO;EAEjB,MAAM,UAAU,IAAI,IAAI,cAAc,IAAI;AAG1C,MAFY,mBAAmB,KAAK,SAAS,oBAAoB,EAExD;AACP,SAAI,iDAAiD,SAAS,SAAS;AACvE,WAAQ,KAAK;IAAE,YAAY;IAAkB,QAAQ;IAAU,CAAC;;AAGlE,SAAO;;CAEV;AAED,MAAM,sBAAmC;CACvC,MAAM;CACN,MAAM,KAAK,KAAK;EACd,MAAM,UAA4B,EAAE;EACpC,MAAM,UAAU,IAAI,IAAI,gBAAgB;EACxC,MAAM,OAAO,IAAI,SAAS;EAC1B,MAAM,WAAW,IAAI,UAAU;EAE/B,MAAM,QAAQ;GACZ,UAAU,KAAK,SAAS,YAAY,YAAY,GAAG;GACnD,aAAa,WAAW,KAAK,MAAM,WAAW,uBAAuB,YAAY,YAAY,GAAG;GAChG,KAAK,MAAM,UAAU,SAAS,YAAY,YAAY;GACtD,KAAK,MAAM,WAAW,YAAY,YAAY;GAC/C,CAAC,QAAQ,MAAmB,OAAO,MAAM,SAAS;AAEnD,OAAK,MAAM,QAAQ,OAAO;GACxB,MAAM,OAAO,MAAM,SAAS,KAAK,KAAK;AACtC,OAAI,CAAC,KAAM;AAEX,QAAK,MAAM,CAAC,YAAY,UAAU,OAAO,QAAQ,KAAK,EAAE;AACtD,QAAI,CAAC,SAAS,OAAO,UAAU,SAAU;IACzC,MAAM,QAAQ;IACd,MAAM,OAAO,MAAM;AACnB,QAAI,SAAS,SAAS,SAAS,WAAW,SAAS,YAAa;IAEhE,MAAM,MAAM,OAAO,MAAM,QAAQ,WAAW,MAAM,MAAM;IACxD,MAAM,UAAU,OAAO,MAAM,YAAY,WAAW,MAAM,UAAU;IACpE,MAAM,YAAY,OAAO,MAAM,cAAc,WAAW,MAAM,YAAY;IAC1E,MAAM,UAAU,OAAO,MAAM,YAAY,WAAW,MAAM,UAAU;AACpE,UAAI,sCAAsC,YAAY,MAAM,KAAK;AACjE,YAAQ,KAAK;KACX;KACA,QAAQ;KACR;KACA,gBAAgB;KAChB;KACA;KACA;KACD,CAAC;;AAGJ,OAAI,QAAQ,SAAS,EAAG,QAAO;;AAGjC,SAAO;;CAEV;AAED,MAAM,wBAAqC;CACzC,MAAM;CACN,MAAM,KAAK,KAAK;EACd,MAAM,UAA4B,EAAE;EACpC,MAAM,OAAO,IAAI,SAAS;EAG1B,MAAM,cAAc,CAFH,IAAI,UAAU,KAGhB,WACT,KAAK,MAAM,WAAW,uBAAuB,QAAQ,QAAQ,iBAAiB,kBAAkB,aAAa,GAC7G,QACJ,KAAK,UAAU,IAAI,EAAE,QAAQ,QAAQ,iBAAiB,kBAAkB,aAAa,CACtF,CAAC,QAAQ,MAAmB,OAAO,MAAM,SAAS;AAEnD,OAAK,MAAM,QAAQ,aAAa;GAC9B,MAAM,OAAO,MAAM,SAAS,KAAK,KAAK;AACtC,OAAI,CAAC,KAAM;AAEX,QAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,KAAK,EAAE;AAC/C,QAAI,CAAC,IAAI,SAAS,aAAa,CAAE;IACjC,MAAM,QAAQ,SAAS,OAAO,UAAU,WAAY,MAAkC,cAAc;AACpG,QAAI,OAAO,UAAU,YAAY,MAAM,SAAS,GAAG;AACjD,WAAI,qCAAqC,KAAK;AAC9C,aAAQ,KAAK;MAAE,YAAY;MAAkB,QAAQ;MAAM,KAAK;MAAO,CAAC;AACxE,YAAO;;;;AAKb,SAAO;;CAEV;AAMD,SAAS,mBAAmB,KAAa,SAAiB,KAAiC;CACzF,MAAM,QAAQ,IAAI,MAAM,KAAK;CAC7B,IAAI,YAAY;AAEhB,MAAK,MAAM,QAAQ,OAAO;EACxB,MAAM,UAAU,KAAK,MAAM;AAC3B,MAAI,QAAQ,WAAW,IAAI,EAAE;AAE3B,eADa,QAAQ,MAAM,GAAG,QAAQ,QAAQ,IAAI,CAAC,CAAC,MAAM,KACrC;AACrB;;AAEF,MAAI,aAAa,QAAQ,WAAW,IAAI,EAAE;GACxC,MAAM,KAAK,QAAQ,QAAQ,IAAI;AAC/B,OAAI,OAAO,GAAI,QAAO,QAAQ,MAAM,KAAK,EAAE,CAAC,MAAM;;;;AAUxD,MAAM,gBAA6B;CACjC,MAAM;CACN,MAAM,KAAK,KAAK;EACd,MAAM,UAA4B,EAAE;EACpC,MAAM,OAAO,IAAI,SAAS;EAC1B,MAAM,WAAW,IAAI,UAAU;EAE/B,MAAM,UAAU;GACd,aAAa,WACT,KAAK,MAAM,WAAW,uBAAuB,UAAU,QAAQ,iBAAiB,cAAc,GAC9F;GACJ,aAAa,UACT,KAAK,IAAI,IAAI,UAAU,IAAI,KAAK,MAAM,WAAW,UAAU,EAAE,UAAU,QAAQ,iBAAiB,cAAc,GAC9G;GACJ,KAAK,UAAU,IAAI,EAAE,UAAU,QAAQ,iBAAiB,cAAc;GACvE,CAAC,QAAQ,MAAmB,OAAO,MAAM,SAAS;AAEnD,MAAI,CAAC,IAAI,KAAM,QAAO;AAEtB,OAAK,MAAM,UAAU,SAAS;GAE5B,MAAM,QAAQ,MAAM,IAAI,KAAK,YAAY,OAAO,kEAAc;AAC9D,OAAI,SAAS,MAAM,SAAS,GAAG;AAC7B,UAAI,iCAAiC,OAAO;AAC5C,YAAQ,KAAK;KAAE,YAAY;KAAU,QAAQ;KAAQ,KAAK;KAAO,CAAC;AAClE,WAAO;;;AAIX,SAAO;;CAEV;AAED,MAAa,mBAAkC;CAC7C;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD;AAED,eAAsB,gBAAgB,UAAyB,KAA8C;CAC3G,MAAM,UAAU,OAAO,uBAAuB;CAC9C,MAAM,UAA4B,EAAE;AAEpC,MAAK,MAAM,WAAW,SACpB,KAAI;EACF,MAAM,QAAQ,MAAM,QAAQ,KAAK,QAAQ;AACzC,UAAQ,KAAK,GAAG,MAAM;UACf,KAAc;AACrB,QAAI,yBAAyB,QAAQ,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI,CAAC;;AAIhG,QAAO;;;;;AChcT,MAAMC,QAAM,aAAa,OAAO;AAgChC,SAAS,mBAAmB,OAAyB,SAA0B,OAAmC;AAChH,KAAI,MAAM,WAAW,EAAG,QAAO;CAC/B,MAAM,YAAY,MAAM,MAAM,MAAM,EAAE,SAAS,UAAU,EAAE,QAAQ,OAAU;AAC7E,KAAI,cAAc,OAAW,QAAO;CACpC,MAAM,UAAU,MAAM,MAAM,MAAM,EAAE,QAAQ,OAAU;AACtD,KAAI,YAAY,OAAW,QAAO;AAClC,QAAO,MAAM;;AAGf,SAAgB,gBAAgB,SAAuC;CACrE,MAAM,eAAe,SAAS;CAC9B,IAAI;CACJ,MAAM,wCAAwB,IAAI,KAA+B;AAEjE,OAAI,mCAAmC,iBAAiB,OAAU;CAElE,SAAS,aAAsC;AAC7C,MAAI,mBAAmB,OACrB,kBAAiB,SAAS,UAAU,QAAQ,QAAQ,QAAQ,QAAQ,GAAG,sBAAsB;AAE/F,SAAO;;CAGT,eAAe,gBAAyD;AACtE,MAAI,iBAAiB,QAAW;AAC9B,SAAI,0CAA0C;AAC9C,UAAO,EAAE,GAAG,cAAc;;EAI5B,MAAM,MAAM,OADI,MAAM,YAAY,EACR,IAAI,eAAe;AAC7C,MAAI,QAAQ,MAAM;AAChB,SAAI,8CAA8C;AAClD,UAAO,EAAE;;EAGX,MAAM,SAAkB,KAAK,MAAM,IAAI;AACvC,MAAI,OAAO,WAAW,YAAY,WAAW,QAAQ,MAAM,QAAQ,OAAO,EAAE;AAC1E,SAAI,yDAAyD;AAC7D,UAAO,EAAE;;EAGX,MAAM,aAAa,mBAAmB,OAAkC;AACxE,QAAI,mCAAmC,OAAO,KAAK,WAAW,CAAC,OAAO;AACtE,SAAO;;CAGT,eAAe,eAAe,MAAqD;AACjF,MAAI,iBAAiB,QAAW;AAC9B,QAAK,MAAM,CAAC,GAAG,MAAM,OAAO,QAAQ,KAAK,CACvC,cAAa,KAAK;AAEpB,QAAK,MAAM,KAAK,OAAO,KAAK,aAAa,CACvC,KAAI,EAAE,KAAK,MACT,QAAO,aAAa;AAGxB,SAAI,qCAAqC,OAAO,KAAK,aAAa,CAAC,OAAO;AAC1E;;EAGF,MAAM,UAAU,KAAK,UAAU,MAAM,MAAM,EAAE;AAE7C,SADgB,MAAM,YAAY,EACpB,IAAI,gBAAgB,QAAQ;AAE1C,QAAI,oCAAoC,OAAO,KAAK,KAAK,CAAC,OAAO;;CAGnE,SAAS,oBAAoB,UAA0E;AACrG,MAAI,sBAAsB,SAAS,EAAG,QAAO;EAC7C,MAAM,SAAS,EAAE,GAAG,UAAU;AAC9B,OAAK,MAAM,CAAC,KAAK,UAAU,sBACzB,KAAI,OAAO,SAAS,UAAa,CAAC,OAAO,KAAK,KAAK;GACjD,MAAM,OAAO,mBAAmB,OAAO,MAAM;AAC7C,OAAI,SAAS,OACX,QAAO,OAAO;;AAIpB,QACE,yDACA,sBAAsB,MACtB,OAAO,KAAK,SAAS,CAAC,OACvB;AACD,SAAO;;CAGT,SAAS,yBAAyB,YAAoB,YAAkC;EACtF,MAAM,MAAM,sBAAsB,IAAI,WAAW,IAAI,EAAE;AACvD,MAAI,KAAK,WAAW;AACpB,wBAAsB,IAAI,YAAY,IAAI;;CAG5C,SAAS,yBACP,MACA,SACA,QACS;AACT,MAAI,KAAK,IAAI,OAAO,WAAW,CAAE,QAAO;AACxC,OAAK,IAAI,OAAO,WAAW;AAC3B,UAAQ,KAAK,OAAO;AACpB,SAAO;;CAGT,SAAS,uBAAuB,QAAgB,KAA6B;AAC3E,SAAO,gBAAgB;GAAE,MAAM;GAAO;GAAK,UAAU,OAAO;GAAU,CAAC;;CAGzE,SAAS,wBAAwB,QAAoD;AACnF,MAAI,OAAO,QAAQ,OAAW,QAAO;AACrC,SAAO,gBAAgB;GACrB,MAAM,OAAO,kBAAkB;GAC/B,KAAK,OAAO;GACZ,UAAU,OAAO;GACjB,SAAS,OAAO;GAChB,WAAW,OAAO;GAClB,SAAS,OAAO;GACjB,CAAC;;AAGJ,QAAO;EACL,MAAM,MAA+C;AACnD,UAAO,oBAAoB,MAAM,eAAe,CAAC;;EAGnD,MAAM,IAAI,YAAoD;GAE5D,MAAM,aADQ,oBAAoB,MAAM,eAAe,CAAC,CAC/B;AACzB,OAAI,eAAe,QAAW;AAC5B,UAAI,sBAAsB,WAAW;AACrC,WAAO;;AAET,SAAI,0BAA0B,YAAY,WAAW,KAAK;AAC1D,UAAO;;EAGT,MAAM,IAAI,YAAoB,YAA2C;GACvE,MAAM,QAAQ,MAAM,eAAe;AACnC,SAAM,cAAc;AACpB,SAAM,eAAe,MAAM;AAC3B,SAAI,oBAAoB,YAAY,WAAW,KAAK;;EAGtD,MAAM,OAAO,YAAmC;GAC9C,MAAM,QAAQ,MAAM,eAAe;AACnC,OAAI,EAAE,cAAc,QAAQ;AAC1B,UAAI,gCAAgC,WAAW;AAC/C;;AAEF,UAAO,MAAM;AACb,SAAM,eAAe,MAAM;AAC3B,SAAI,oBAAoB,WAAW;;EAGrC,MAAM,SAAS,iBAAoE;GACjF,MAAM,UAAkC,EAAE;GAC1C,MAAM,uBAAO,IAAI,KAAa;AAE9B,OAAI,CAAC,iBAAiB,YACpB,MAAK,MAAM,CAAC,QAAQ,eAAe,WAAW;IAC5C,MAAM,QAAQ,QAAQ,IAAI;AAC1B,QAAI,OAAO;AACT,8BAAyB,YAAY,uBAAuB,QAAQ,MAAM,CAAC;AAC3E,8BAAyB,MAAM,SAAS;MAAE;MAAY,QAAQ;MAAO,KAAK;MAAO,CAAC;AAClF,WAAI,kCAAkC,YAAY,OAAO;;;AAK/D,OAAI,CAAC,iBAAiB,cAAc;IAGlC,MAAM,cAAc,MAAM,gBAFT,iBAAiB,YAAY,kBAClC,iBAAiB,eAAe,uBAAuB,CACX;AAExD,SAAK,MAAM,QAAQ,aAAa;KAC9B,MAAM,WAAW,KAAK,kBAAkB;AACxC,8BAAyB,MAAM,SAAS;MACtC,YAAY,KAAK;MACjB,QAAQ;MACR,KAAK,KAAK;MACV,UAAU,KAAK;MAChB,CAAC;KACF,MAAM,OAAO,wBAAwB,KAAK;AAC1C,SAAI,SAAS,QAAW;AACtB,+BAAyB,KAAK,YAAY,KAAK;AAC/C,YAAI,6BAA6B,KAAK,YAAY,UAAU,KAAK,OAAO;;;;AAK9E,OAAI,iBAAiB,YAAY,KAE/B,OAAI,kDADmB,MAAM,8BAA8B,CACU;GAGvE,IAAI;AACJ,OAAI;AACF,eAAW,MAAM,eAAe;YACzB,KAAc;AACrB,UAAI,2CAA2C,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI,CAAC;AAChG,eAAW,EAAE;;AAGf,QAAK,MAAM,CAAC,YAAY,eAAe,OAAO,QAAQ,SAAS,CAE7D,KADc,yBAAyB,MAAM,SAAS;IAAE;IAAY,QAAQ;IAAQ;IAAY,CAAC,CACtF,OAAI,+BAA+B,WAAW;AAG3D,SAAI,0CAA0C,QAAQ,OAAO;AAC7D,UAAO;;EAGT,MAAM,aAAa,YAAoB,QAAyD;GAC9F,MAAM,QAAQ,sBAAsB,IAAI,WAAW;AACnD,OAAI,UAAU,UAAa,MAAM,SAAS,GAAG;IAC3C,MAAM,OAAO,mBAAmB,OAAO,OAAO;AAC9C,QAAI,SAAS,OAAW,QAAO;;AAIjC,UAFc,oBAAoB,MAAM,eAAe,CAAC,CAC/B,eACJ;;EAExB;CAED,eAAe,+BAAgD;AAC7D,MAAI,sBAAsB,SAAS,EAAG,QAAO;EAE7C,MAAM,QAAQ,MAAM,eAAe;EACnC,IAAI,UAAU;AAEd,OAAK,MAAM,CAAC,YAAY,UAAU,uBAAuB;AAEvD,OADiB,MAAM,aACT,IACZ;GAGF,MAAM,OAAO,mBAAmB,OAAO,MAAM;AAC7C,OAAI,SAAS,OACX;AAGF,SAAM,cAAc;AACpB,cAAW;;AAGb,MAAI,UAAU,EACZ,OAAM,eAAe,MAAM;AAG7B,SAAO;;;AAIX,MAAM,iBAAiB;AAWvB,SAAS,gBAAgB,OAA6C;CACpE,MAAM,aAA6B;EACjC,MAAM,MAAM;EACZ,KAAK,MAAM;EACX,UAAU,MAAM;EACjB;AAED,KAAI,MAAM,YAAY,OAAW,YAAW,UAAU,MAAM;AAC5D,KAAI,MAAM,cAAc,OAAW,YAAW,YAAY,MAAM;AAChE,KAAI,MAAM,YAAY,OAAW,YAAW,UAAU,MAAM;AAE5D,QAAO;;AAGT,SAAS,mBAAmB,OAAgE;CAC1F,MAAM,aAA6C,EAAE;AAErD,MAAK,MAAM,CAAC,YAAY,kBAAkB,OAAO,QAAQ,MAAM,EAAE;EAC/D,MAAM,aAAa,oBAAoB,cAAc;AACrD,MAAI,eAAe,OACjB,YAAW,cAAc;;AAI7B,QAAO;;AAGT,SAAS,oBAAoB,eAAoD;AAC/E,KAAI,OAAO,kBAAkB,YAAY,kBAAkB,QAAQ,MAAM,QAAQ,cAAc,CAC7F;CAGF,MAAM,QAAQ;CACd,MAAM,OACJ,MAAM,SAAS,SAAS,MAAM,SAAS,WAAW,MAAM,SAAS,cAAc,MAAM,OAAQ;CAE/F,MAAM,MAAM,OAAO,MAAM,QAAQ,YAAY,MAAM,IAAI,SAAS,IAAI,MAAM,MAAM;AAChF,QAAO;EACL,GAAG;EACH;EACA;EACD;;AAGH,MAAM,YAAqC;CACzC,CAAC,qBAAqB,YAAY;CAClC,CAAC,kBAAkB,SAAS;CAC5B,CAAC,gCAAgC,SAAS;CAC1C,CAAC,kBAAkB,SAAS;CAC5B,CAAC,iBAAiB,QAAQ;CAC1B,CAAC,eAAe,MAAM;CACtB,CAAC,mBAAmB,UAAU;CAC9B,CAAC,gBAAgB,OAAO;CACxB,CAAC,sBAAsB,aAAa;CACrC;;;;AChWD,MAAM,MAAM,aAAa,gBAAgB;AAEzC,SAAgB,qBAAqB,SAA0C;AAC7E,KAAI,uCAAuC,YAAY,OAAU;AAEjE,QAAO,EACL,MAAM,QAAQ,KAAiC;AAC7C,MAAI,OAAO,QAAQ,UAAU;AAC3B,OAAI,wBAAwB;AAC5B,UAAO;;AAGT,MAAI,IAAI,SAAS,SAAS;AACxB,OAAI,uBAAuB;AAC3B,UAAO,IAAI;;AAGb,MAAI,IAAI,SAAS,OAAO;GACtB,MAAM,QAAQ,QAAQ,IAAI,IAAI;AAC9B,OAAI,UAAU,OACZ,OAAM,IAAI,MAAM,iCAAiC,IAAI,OAAO;AAE9D,OAAI,mBAAmB,IAAI,KAAK;AAChC,UAAO;;AAGT,MAAI,IAAI,SAAS,WAAW;AAC1B,OAAI,CAAC,QACH,OAAM,IAAI,MAAM,+CAA+C,IAAI,MAAM;GAE3E,MAAM,QAAQ,MAAM,QAAQ,IAAI,IAAI,IAAI;AACxC,OAAI,UAAU,KACZ,OAAM,IAAI,MAAM,6BAA6B,IAAI,MAAM;AAEzD,OAAI,2BAA2B,IAAI,IAAI;AACvC,UAAO;;AAGT,QAAM,IAAI,MAAM,2BAA2B,KAAK,UAAU,IAAI,GAAG;IAEpE"}