palaryn 0.1.0 → 0.3.2

package/dist/tests/unit/logger.test.js

@@ -0,0 +1,97 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const logger_1 = require("../../src/server/logger");
+function getOutput(spy) {
+    return spy.mock.calls.map(c => c.join(' ')).join('\n');
+}
+describe('logger', () => {
+    let spy;
+    beforeEach(() => {
+        spy = jest.spyOn(console, 'log').mockImplementation(() => { });
+    });
+    afterEach(() => {
+        spy.mockRestore();
+    });
+    test('serverStart outputs host:port', () => {
+        logger_1.log.serverStart('0.0.0.0', 3000, { auth: true });
+        const output = getOutput(spy);
+        expect(output).toContain('0.0.0.0:3000');
+    });
+    test('serverShutdown outputs SHUTDOWN and signal name', () => {
+        logger_1.log.serverShutdown('SIGTERM');
+        const output = getOutput(spy);
+        expect(output).toContain('SHUTDOWN');
+        expect(output).toContain('SIGTERM');
+    });
+    test('request outputs method, path, and IP', () => {
+        logger_1.log.request('POST', '/api/tools', '127.0.0.1');
+        const output = getOutput(spy);
+        expect(output).toContain('POST');
+        expect(output).toContain('/api/tools');
+        expect(output).toContain('127.0.0.1');
+    });
+    test('request with body outputs tool name', () => {
+        logger_1.log.request('POST', '/api/tools', '127.0.0.1', {
+            params: { name: 'read_file' },
+        });
+        const output = getOutput(spy);
+        expect(output).toContain('POST');
+        expect(output).toContain('/api/tools');
+    });
+    test('response outputs status code', () => {
+        logger_1.log.response(200, 42);
+        const output = getOutput(spy);
+        expect(output).toContain('200');
+    });
+    test('response with body outputs status and error', () => {
+        logger_1.log.response(500, 100, { status: 'error', error: 'something broke' });
+        const output = getOutput(spy);
+        expect(output).toContain('500');
+        expect(output).toContain('error');
+    });
+    test('pipelineStart outputs PIPELINE and tool name', () => {
+        logger_1.log.pipelineStart('call-123', 'read_file');
+        const output = getOutput(spy);
+        expect(output).toContain('PIPELINE');
+        expect(output).toContain('read_file');
+    });
+    test('pipelineEnd outputs DONE and status', () => {
+        logger_1.log.pipelineEnd('allowed', 55);
+        const output = getOutput(spy);
+        expect(output).toContain('DONE');
+        expect(output).toContain('allowed');
+    });
+    test('pipelineStep outputs label', () => {
+        logger_1.log.pipelineStep('>', 'DLP Scan', 'no issues');
+        const output = getOutput(spy);
+        expect(output).toContain('DLP Scan');
+    });
+    test('policy outputs decision and reasons', () => {
+        logger_1.log.policy('deny', 'rule-1', ['forbidden tool']);
+        const output = getOutput(spy);
+        expect(output.toUpperCase()).toContain('DENY');
+        expect(output).toContain('forbidden tool');
+    });
+    test('dlp clean case outputs clean', () => {
+        logger_1.log.dlp('args', [], 'low', 0);
+        const output = getOutput(spy);
+        expect(output).toContain('clean');
+    });
+    test('dlp detection case outputs severity and detected types', () => {
+        logger_1.log.dlp('output', ['pii'], 'high', 2);
+        const output = getOutput(spy);
+        expect(output).toContain('high');
+        expect(output).toContain('pii');
+    });
+    test('budget allowed case', () => {
+        logger_1.log.budget(true, 0.01, 0.05, 0.95);
+        const output = getOutput(spy);
+        expect(output).toContain('0.01');
+    });
+    test('budget blocked case', () => {
+        logger_1.log.budget(false, 0.01, 1.0, 0.0, 'over limit');
+        const output = getOutput(spy);
+        expect(output).toContain('over limit');
+    });
+});
+//# sourceMappingURL=logger.test.js.map

package/dist/tests/unit/logger.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.test.js","sourceRoot":"","sources":["../../../tests/unit/logger.test.ts"],"names":[],"mappings":";;AAAA,oDAA8C;AAE9C,SAAS,SAAS,CAAC,GAAqB;IACtC,OAAO,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACzD,CAAC;AAED,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;IACtB,IAAI,GAAqB,CAAC;IAE1B,UAAU,CAAC,GAAG,EAAE;QACd,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,GAAG,CAAC,WAAW,EAAE,CAAC;IACpB,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,+BAA+B,EAAE,GAAG,EAAE;QACzC,YAAG,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QACjD,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,iDAAiD,EAAE,GAAG,EAAE;QAC3D,YAAG,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;QAC9B,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAChD,YAAG,CAAC,OAAO,CAAC,MAAM,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QACvC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC/C,YAAG,CAAC,OAAO,CAAC,MAAM,EAAE,YAAY,EAAE,WAAW,EAAE;YAC7C,MAAM,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE;SAC9B,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACxC,YAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACtB,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACvD,YAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;QACtE,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAChC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACxD,YAAG,CAAC,aAAa,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAC3C,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC/C,YAAG,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAC/B,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,4BAA4B,EAAE,GAAG,EAAE;QACtC,YAAG,CAAC,YAAY,CAAC,GAAG,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC/C,YAAG,CAAC,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC;QACjD,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAC/C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACxC,YAAG,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;QAC9B,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,wDAAwD,EAAE,GAAG,EAAE;QAClE,YAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,qBAAqB,EAAE,GAAG,EAAE;QAC/B,YAAG,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,qBAAqB,EAAE,GAAG,EAAE;QAC/B,YAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,YAAY,CAAC,CAAC;QAChD,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/tests/unit/mcp-internal-auth.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=mcp-internal-auth.test.d.ts.map

package/dist/tests/unit/mcp-internal-auth.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-internal-auth.test.d.ts","sourceRoot":"","sources":["../../../tests/unit/mcp-internal-auth.test.ts"],"names":[],"mappings":""}

package/dist/tests/unit/mcp-internal-auth.test.js

@@ -0,0 +1,445 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const express_1 = __importDefault(require("express"));
+const supertest_1 = __importDefault(require("supertest"));
+const internal_auth_1 = require("../../src/mcp/internal-auth");
+const http_executor_1 = require("../../src/executor/http-executor");
+// ---------------------------------------------------------------------------
+// Mock Gateway
+// ---------------------------------------------------------------------------
+function buildToolResult(overrides) {
+    return {
+        tool_call_id: 'tc-001',
+        task_id: 'task-001',
+        status: 'ok',
+        policy: { decision: 'allow', rule_id: 'rule-1', reasons: ['Allowed'] },
+        dlp: { detected: [], redactions: [], severity: 'low' },
+        budget: { estimated_cost_usd: 0.001, spent_cost_usd_task: 0.005, remaining_cost_usd_task: 1.995 },
+        output: { http_status: 200, body: { data: 'ok' } },
+        timing: { started_at: new Date().toISOString(), duration_ms: 10 },
+        ...overrides,
+    };
+}
+let capturedToolCalls = [];
+function createMockGateway() {
+    capturedToolCalls = [];
+    return {
+        execute: jest.fn().mockImplementation((tc) => {
+            capturedToolCalls.push(tc);
+            return Promise.resolve(buildToolResult({ tool_call_id: tc.tool_call_id, task_id: tc.task_id }));
+        }),
+        shutdown: jest.fn(),
+        registerExecutor: jest.fn(),
+        preExecute: jest.fn(),
+        postExecute: jest.fn(),
+        getApprovalManager: jest.fn().mockReturnValue({ getApproval: jest.fn() }),
+    };
+}
+// ---------------------------------------------------------------------------
+// Import after mocks
+// ---------------------------------------------------------------------------
+const http_transport_1 = require("../../src/mcp/http-transport");
+// ---------------------------------------------------------------------------
+// Test helpers
+// ---------------------------------------------------------------------------
+const GATEWAY_BASE_URL = 'https://app.palaryn.com';
+function createTestApp(gateway, gatewayBaseUrl) {
+    const app = (0, express_1.default)();
+    app.use(express_1.default.json());
+    // Simulate OAuth auth middleware — sets req.auth with token
+    app.use((req, _res, next) => {
+        req.auth = {
+            token: 'oauth-access-token-xyz',
+            clientId: 'pn_client_1',
+            scopes: ['mcp:tools'],
+            extra: {
+                workspace_id: 'ws_test',
+                actor_id: 'user:usr_1',
+                permissions: ['tool:execute'],
+                auth_method: 'oauth',
+            },
+        };
+        next();
+    });
+    const handler = (0, http_transport_1.createMCPHttpHandler)(gateway, {
+        gateway_base_url: gatewayBaseUrl,
+    });
+    app.use('/mcp', handler.router);
+    return { app, handler };
+}
+function createTestAppNoToken(gateway, gatewayBaseUrl) {
+    const app = (0, express_1.default)();
+    app.use(express_1.default.json());
+    // Auth middleware without token (legacy API key auth)
+    app.use((req, _res, next) => {
+        req.auth = {
+            workspace_id: 'ws_test',
+            actor_id: 'actor_test',
+            permissions: ['tool:execute'],
+            auth_method: 'api_key',
+        };
+        next();
+    });
+    const handler = (0, http_transport_1.createMCPHttpHandler)(gateway, {
+        gateway_base_url: gatewayBaseUrl,
+    });
+    app.use('/mcp', handler.router);
+    return { app, handler };
+}
+const INIT_REQUEST = {
+    jsonrpc: '2.0',
+    id: 1,
+    method: 'initialize',
+    params: {
+        protocolVersion: '2025-03-26',
+        capabilities: {},
+        clientInfo: { name: 'test-client', version: '1.0.0' },
+    },
+};
+const INITIALIZED_NOTIFICATION = {
+    jsonrpc: '2.0',
+    method: 'notifications/initialized',
+};
+async function initSession(app) {
+    const res = await (0, supertest_1.default)(app)
+        .post('/mcp')
+        .send(INIT_REQUEST)
+        .set('Accept', 'application/json, text/event-stream');
+    const sessionId = res.headers['mcp-session-id'];
+    if (!sessionId) {
+        throw new Error(`No session ID. Status: ${res.status}`);
+    }
+    await (0, supertest_1.default)(app)
+        .post('/mcp')
+        .send(INITIALIZED_NOTIFICATION)
+        .set('mcp-session-id', sessionId)
+        .set('Accept', 'application/json, text/event-stream');
+    return sessionId;
+}
+// ---------------------------------------------------------------------------
+// Tests: Internal auth token injection in MCP handler
+// ---------------------------------------------------------------------------
+describe('MCP Internal Auth', () => {
+    afterEach(() => {
+        internal_auth_1.internalAuthTokens.clear();
+    });
+    describe('internalAuthTokens Map entry creation', () => {
+        it('sets entry for self-referencing URL (http_get)', async () => {
+            const gateway = createMockGateway();
+            const { app, handler } = createTestApp(gateway, GATEWAY_BASE_URL);
+            const sessionId = await initSession(app);
+            await (0, supertest_1.default)(app)
+                .post('/mcp')
+                .send({
+                jsonrpc: '2.0', id: 3, method: 'tools/call',
+                params: {
+                    name: 'http_get',
+                    arguments: { url: `${GATEWAY_BASE_URL}/api/v1/workspaces` },
+                },
+            })
+                .set('mcp-session-id', sessionId)
+                .set('Accept', 'application/json, text/event-stream');
+            expect(gateway.execute).toHaveBeenCalledTimes(1);
+            // The Map entry should have been consumed by now (gateway.execute ran),
+            // but we verify it was set by checking the tool_call_id was captured
+            const tc = capturedToolCalls[0];
+            expect(tc).toBeDefined();
+            expect(tc.workspace_id).toBe('ws_test');
+            await handler.close();
+        });
+        it('sets entry for self-referencing URL (http_post)', async () => {
+            const gateway = createMockGateway();
+            const { app, handler } = createTestApp(gateway, GATEWAY_BASE_URL);
+            const sessionId = await initSession(app);
+            await (0, supertest_1.default)(app)
+                .post('/mcp')
+                .send({
+                jsonrpc: '2.0', id: 3, method: 'tools/call',
+                params: {
+                    name: 'http_post',
+                    arguments: {
+                        url: `${GATEWAY_BASE_URL}/api/v1/policies/validate`,
+                        body: '{"rules":[]}',
+                    },
+                },
+            })
+                .set('mcp-session-id', sessionId)
+                .set('Accept', 'application/json, text/event-stream');
+            expect(gateway.execute).toHaveBeenCalledTimes(1);
+            await handler.close();
+        });
+        it('sets entry for self-referencing URL (http_request)', async () => {
+            const gateway = createMockGateway();
+            const { app, handler } = createTestApp(gateway, GATEWAY_BASE_URL);
+            const sessionId = await initSession(app);
+            await (0, supertest_1.default)(app)
+                .post('/mcp')
+                .send({
+                jsonrpc: '2.0', id: 3, method: 'tools/call',
+                params: {
+                    name: 'http_request',
+                    arguments: {
+                        url: `${GATEWAY_BASE_URL}/api/v1/config/active`,
+                        method: 'GET',
+                    },
+                },
+            })
+                .set('mcp-session-id', sessionId)
+                .set('Accept', 'application/json, text/event-stream');
+            expect(gateway.execute).toHaveBeenCalledTimes(1);
+            await handler.close();
+        });
+        it('does NOT set entry for external URL', async () => {
+            const gateway = createMockGateway();
+            // Intercept to check Map before cleanup
+            let mapEntryBeforeExecute = false;
+            gateway.execute = jest.fn().mockImplementation((tc) => {
+                mapEntryBeforeExecute = internal_auth_1.internalAuthTokens.has(tc.tool_call_id);
+                return Promise.resolve(buildToolResult({ tool_call_id: tc.tool_call_id }));
+            });
+            const { app, handler } = createTestApp(gateway, GATEWAY_BASE_URL);
+            const sessionId = await initSession(app);
+            await (0, supertest_1.default)(app)
+                .post('/mcp')
+                .send({
+                jsonrpc: '2.0', id: 3, method: 'tools/call',
+                params: {
+                    name: 'http_get',
+                    arguments: { url: 'https://api.github.com/repos' },
+                },
+            })
+                .set('mcp-session-id', sessionId)
+                .set('Accept', 'application/json, text/event-stream');
+            expect(gateway.execute).toHaveBeenCalledTimes(1);
+            expect(mapEntryBeforeExecute).toBe(false);
+            await handler.close();
+        });
+        it('does NOT set entry when gateway_base_url is not configured', async () => {
+            const gateway = createMockGateway();
+            let mapEntryBeforeExecute = false;
+            gateway.execute = jest.fn().mockImplementation((tc) => {
+                mapEntryBeforeExecute = internal_auth_1.internalAuthTokens.has(tc.tool_call_id);
+                return Promise.resolve(buildToolResult({ tool_call_id: tc.tool_call_id }));
+            });
+            // No gateway_base_url
+            const { app, handler } = createTestApp(gateway, undefined);
+            const sessionId = await initSession(app);
+            await (0, supertest_1.default)(app)
+                .post('/mcp')
+                .send({
+                jsonrpc: '2.0', id: 3, method: 'tools/call',
+                params: {
+                    name: 'http_get',
+                    arguments: { url: `${GATEWAY_BASE_URL}/api/v1/workspaces` },
+                },
+            })
+                .set('mcp-session-id', sessionId)
+                .set('Accept', 'application/json, text/event-stream');
+            expect(mapEntryBeforeExecute).toBe(false);
+            await handler.close();
+        });
+        it('does NOT set entry when auth has no token (legacy API key)', async () => {
+            const gateway = createMockGateway();
+            let mapEntryBeforeExecute = false;
+            gateway.execute = jest.fn().mockImplementation((tc) => {
+                mapEntryBeforeExecute = internal_auth_1.internalAuthTokens.has(tc.tool_call_id);
+                return Promise.resolve(buildToolResult({ tool_call_id: tc.tool_call_id }));
+            });
+            const { app, handler } = createTestAppNoToken(gateway, GATEWAY_BASE_URL);
+            const sessionId = await initSession(app);
+            await (0, supertest_1.default)(app)
+                .post('/mcp')
+                .send({
+                jsonrpc: '2.0', id: 3, method: 'tools/call',
+                params: {
+                    name: 'http_get',
+                    arguments: { url: `${GATEWAY_BASE_URL}/api/v1/workspaces` },
+                },
+            })
+                .set('mcp-session-id', sessionId)
+                .set('Accept', 'application/json, text/event-stream');
+            expect(mapEntryBeforeExecute).toBe(false);
+            await handler.close();
+        });
+        it('sets entry with correct token and base URL', async () => {
+            const gateway = createMockGateway();
+            let capturedEntry = null;
+            gateway.execute = jest.fn().mockImplementation((tc) => {
+                capturedEntry = internal_auth_1.internalAuthTokens.get(tc.tool_call_id);
+                return Promise.resolve(buildToolResult({ tool_call_id: tc.tool_call_id }));
+            });
+            const { app, handler } = createTestApp(gateway, GATEWAY_BASE_URL);
+            const sessionId = await initSession(app);
+            await (0, supertest_1.default)(app)
+                .post('/mcp')
+                .send({
+                jsonrpc: '2.0', id: 3, method: 'tools/call',
+                params: {
+                    name: 'http_get',
+                    arguments: { url: `${GATEWAY_BASE_URL}/api/v1/workspaces` },
+                },
+            })
+                .set('mcp-session-id', sessionId)
+                .set('Accept', 'application/json, text/event-stream');
+            expect(capturedEntry).toBeDefined();
+            expect(capturedEntry.token).toBe('oauth-access-token-xyz');
+            expect(capturedEntry.gateway_base_url).toBe(GATEWAY_BASE_URL);
+            await handler.close();
+        });
+    });
+});
+// ---------------------------------------------------------------------------
+// Tests: HttpExecutor internal auth consumption
+// ---------------------------------------------------------------------------
+describe('HttpExecutor internal auth consumption', () => {
+    let executor;
+    beforeEach(() => {
+        executor = new http_executor_1.HttpExecutor({
+            http: { timeout_ms: 5000, max_retries: 0, backoff_base_ms: 100 },
+            cache: { enabled: false, ttl_ms: 60000 },
+        });
+        // Disable SSRF for tests that don't target internal auth
+        executor.ssrfProtectionEnabled = false;
+        internal_auth_1.internalAuthTokens.clear();
+    });
+    afterEach(() => {
+        internal_auth_1.internalAuthTokens.clear();
+    });
+    function makeToolCall(overrides) {
+        return {
+            tool_call_id: 'tc-ia-001',
+            task_id: 'task-ia-001',
+            workspace_id: 'ws_test',
+            actor: { type: 'agent', id: 'actor-1', display: 'actor-1' },
+            source: { platform: 'mcp_http' },
+            tool: { name: 'http.get', version: '1.0.0', capability: 'read' },
+            args: {
+                method: 'GET',
+                url: 'https://app.palaryn.com/api/v1/workspaces',
+                headers: {},
+            },
+            timestamp: new Date().toISOString(),
+            ...overrides,
+        };
+    }
+    it('injects Bearer header from internal auth for self-referencing URL', async () => {
+        const tc = makeToolCall();
+        internal_auth_1.internalAuthTokens.set(tc.tool_call_id, {
+            token: 'test-oauth-token',
+            gateway_base_url: 'https://app.palaryn.com',
+        });
+        // The executor will try to make a real HTTP request which will fail,
+        // but we can check the Map was consumed
+        try {
+            await executor.execute(tc);
+        }
+        catch {
+            // Expected — no real server running
+        }
+        // Map entry should be cleaned up
+        expect(internal_auth_1.internalAuthTokens.has(tc.tool_call_id)).toBe(false);
+    });
+    it('cleans up Map entry even for non-matching URL', async () => {
+        const tc = makeToolCall({
+            args: { method: 'GET', url: 'https://api.github.com/repos', headers: {} },
+        });
+        internal_auth_1.internalAuthTokens.set(tc.tool_call_id, {
+            token: 'test-oauth-token',
+            gateway_base_url: 'https://app.palaryn.com',
+        });
+        try {
+            await executor.execute(tc);
+        }
+        catch {
+            // Expected
+        }
+        expect(internal_auth_1.internalAuthTokens.has(tc.tool_call_id)).toBe(false);
+    });
+    it('does not overwrite user-provided Authorization header', async () => {
+        const tc = makeToolCall({
+            args: {
+                method: 'GET',
+                url: 'https://app.palaryn.com/api/v1/workspaces',
+                headers: { Authorization: 'Bearer user-custom-token' },
+            },
+        });
+        internal_auth_1.internalAuthTokens.set(tc.tool_call_id, {
+            token: 'internal-oauth-token',
+            gateway_base_url: 'https://app.palaryn.com',
+        });
+        // We need to intercept the actual request to verify headers.
+        // Use a spy on the private makeRequest method.
+        const makeRequestSpy = jest.spyOn(executor, 'makeRequest');
+        makeRequestSpy.mockResolvedValueOnce({ http_status: 200, body: {}, headers: {} });
+        await executor.execute(tc);
+        // Verify user's header was preserved
+        const callHeaders = makeRequestSpy.mock.calls[0][2];
+        expect(callHeaders['Authorization']).toBe('Bearer user-custom-token');
+        makeRequestSpy.mockRestore();
+    });
+    it('injects Bearer token when no Authorization header exists', async () => {
+        const tc = makeToolCall({
+            args: {
+                method: 'GET',
+                url: 'https://app.palaryn.com/api/v1/workspaces',
+                headers: {},
+            },
+        });
+        internal_auth_1.internalAuthTokens.set(tc.tool_call_id, {
+            token: 'injected-oauth-token',
+            gateway_base_url: 'https://app.palaryn.com',
+        });
+        const makeRequestSpy = jest.spyOn(executor, 'makeRequest');
+        makeRequestSpy.mockResolvedValueOnce({ http_status: 200, body: {}, headers: {} });
+        await executor.execute(tc);
+        const callHeaders = makeRequestSpy.mock.calls[0][2];
+        expect(callHeaders['Authorization']).toBe('Bearer injected-oauth-token');
+        makeRequestSpy.mockRestore();
+    });
+    it('skips SSRF check for self-referencing requests with internal auth', async () => {
+        // Re-enable SSRF protection to verify it's bypassed
+        executor.ssrfProtectionEnabled = true;
+        const tc = makeToolCall({
+            args: {
+                method: 'GET',
+                // localhost URL — would normally be SSRF-blocked
+                url: 'http://localhost:3000/api/v1/workspaces',
+                headers: {},
+            },
+        });
+        internal_auth_1.internalAuthTokens.set(tc.tool_call_id, {
+            token: 'internal-token',
+            gateway_base_url: 'http://localhost:3000',
+        });
+        const makeRequestSpy = jest.spyOn(executor, 'makeRequest');
+        makeRequestSpy.mockResolvedValueOnce({ http_status: 200, body: { ok: true }, headers: {} });
+        const result = await executor.execute(tc);
+        // Request succeeded (no SSRF block)
+        expect(result.http_status).toBe(200);
+        // pinnedIP should be undefined (SSRF was skipped)
+        const pinnedIP = makeRequestSpy.mock.calls[0][5]; // 6th param
+        expect(pinnedIP).toBeUndefined();
+        makeRequestSpy.mockRestore();
+    });
+    it('does not skip SSRF for external URLs even with stale Map entry', async () => {
+        executor.ssrfProtectionEnabled = true;
+        const tc = makeToolCall({
+            args: {
+                method: 'GET',
+                url: 'http://169.254.169.254/latest/meta-data/', // cloud metadata — must be blocked
+                headers: {},
+            },
+        });
+        // Stale entry with non-matching base URL
+        internal_auth_1.internalAuthTokens.set(tc.tool_call_id, {
+            token: 'stale-token',
+            gateway_base_url: 'https://app.palaryn.com',
+        });
+        await expect(executor.execute(tc)).rejects.toThrow(/SSRF blocked/);
+        expect(internal_auth_1.internalAuthTokens.has(tc.tool_call_id)).toBe(false);
+    });
+});
+//# sourceMappingURL=mcp-internal-auth.test.js.map

package/dist/tests/unit/mcp-internal-auth.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-internal-auth.test.js","sourceRoot":"","sources":["../../../tests/unit/mcp-internal-auth.test.ts"],"names":[],"mappings":";;;;;AAAA,sDAA8B;AAC9B,0DAAgC;AAEhC,+DAAiE;AACjE,oEAAgE;AAGhE,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E,SAAS,eAAe,CAAC,SAA+B;IACtD,OAAO;QACL,YAAY,EAAE,QAAQ;QACtB,OAAO,EAAE,UAAU;QACnB,MAAM,EAAE,IAAI;QACZ,MAAM,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,SAAS,CAAC,EAAE;QACtE,GAAG,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE;QACtD,MAAM,EAAE,EAAE,kBAAkB,EAAE,KAAK,EAAE,mBAAmB,EAAE,KAAK,EAAE,uBAAuB,EAAE,KAAK,EAAE;QACjG,MAAM,EAAE,EAAE,WAAW,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;QAClD,MAAM,EAAE,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE;QACjE,GAAG,SAAS;KACb,CAAC;AACJ,CAAC;AAED,IAAI,iBAAiB,GAAe,EAAE,CAAC;AAEvC,SAAS,iBAAiB;IACxB,iBAAiB,GAAG,EAAE,CAAC;IACvB,OAAO;QACL,OAAO,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,CAAC,EAAY,EAAE,EAAE;YACrD,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC3B,OAAO,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,YAAY,EAAE,EAAE,CAAC,YAAY,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QAClG,CAAC,CAAC;QACF,QAAQ,EAAE,IAAI,CAAC,EAAE,EAAE;QACnB,gBAAgB,EAAE,IAAI,CAAC,EAAE,EAAE;QAC3B,UAAU,EAAE,IAAI,CAAC,EAAE,EAAE;QACrB,WAAW,EAAE,IAAI,CAAC,EAAE,EAAE;QACtB,kBAAkB,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC;KAC1E,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E,iEAAoE;AAEpE,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E,MAAM,gBAAgB,GAAG,yBAAyB,CAAC;AAEnD,SAAS,aAAa,CAAC,OAAY,EAAE,cAAuB;IAC1D,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;IACtB,GAAG,CAAC,GAAG,CAAC,iBAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IACxB,4DAA4D;IAC5D,GAAG,CAAC,GAAG,CAAC,CAAC,GAAQ,EAAE,IAAS,EAAE,IAAS,EAAE,EAAE;QACzC,GAAG,CAAC,IAAI,GAAG;YACT,KAAK,EAAE,wBAAwB;YAC/B,QAAQ,EAAE,aAAa;YACvB,MAAM,EAAE,CAAC,WAAW,CAAC;YACrB,KAAK,EAAE;gBACL,YAAY,EAAE,SAAS;gBACvB,QAAQ,EAAE,YAAY;gBACtB,WAAW,EAAE,CAAC,cAAc,CAAC;gBAC7B,WAAW,EAAE,OAAO;aACrB;SACF,CAAC;QACF,IAAI,EAAE,CAAC;IACT,CAAC,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,IAAA,qCAAoB,EAAC,OAAc,EAAE;QACnD,gBAAgB,EAAE,cAAc;KACjC,CAAC,CAAC;IACH,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;IAChC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;AAC1B,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAY,EAAE,cAAuB;IACjE,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;IACtB,GAAG,CAAC,GAAG,CAAC,iBAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IACxB,sDAAsD;IACtD,GAAG,CAAC,GAAG,CAAC,CAAC,GAAQ,EAAE,IAAS,EAAE,IAAS,EAAE,EAAE;QACzC,GAAG,CAAC,IAAI,GAAG;YACT,YAAY,EAAE,SAAS;YACvB,QAAQ,EAAE,YAAY;YACtB,WAAW,EAAE,CAAC,cAAc,CAAC;YAC7B,WAAW,EAAE,SAAS;SACvB,CAAC;QACF,IAAI,EAAE,CAAC;IACT,CAAC,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,IAAA,qCAAoB,EAAC,OAAc,EAAE;QACnD,gBAAgB,EAAE,cAAc;KACjC,CAAC,CAAC;IACH,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;IAChC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;AAC1B,CAAC;AAED,MAAM,YAAY,GAAG;IACnB,OAAO,EAAE,KAAK;IACd,EAAE,EAAE,CAAC;IACL,MAAM,EAAE,YAAY;IACpB,MAAM,EAAE;QACN,eAAe,EAAE,YAAY;QAC7B,YAAY,EAAE,EAAE;QAChB,UAAU,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,OAAO,EAAE;KACtD;CACF,CAAC;AAEF,MAAM,wBAAwB,GAAG;IAC/B,OAAO,EAAE,KAAK;IACd,MAAM,EAAE,2BAA2B;CACpC,CAAC;AAEF,KAAK,UAAU,WAAW,CAAC,GAAwB;IACjD,MAAM,GAAG,GAAG,MAAM,IAAA,mBAAO,EAAC,GAAG,CAAC;SAC3B,IAAI,CAAC,MAAM,CAAC;SACZ,IAAI,CAAC,YAAY,CAAC;SAClB,GAAG,CAAC,QAAQ,EAAE,qCAAqC,CAAC,CAAC;IAExD,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAChD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,IAAA,mBAAO,EAAC,GAAG,CAAC;SACf,IAAI,CAAC,MAAM,CAAC;SACZ,IAAI,CAAC,wBAAwB,CAAC;SAC9B,GAAG,CAAC,gBAAgB,EAAE,SAAS,CAAC;SAChC,GAAG,CAAC,QAAQ,EAAE,qCAAqC,CAAC,CAAC;IAExD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,8EAA8E;AAC9E,sDAAsD;AACtD,8EAA8E;AAE9E,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,SAAS,CAAC,GAAG,EAAE;QACb,kCAAkB,CAAC,KAAK,EAAE,CAAC;IAC7B,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,uCAAuC,EAAE,GAAG,EAAE;QACrD,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;YAC9D,MAAM,OAAO,GAAG,iBAAiB,EAAE,CAAC;YACpC,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;YAClE,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,CAAC;YAEzC,MAAM,IAAA,mBAAO,EAAC,GAAG,CAAC;iBACf,IAAI,CAAC,MAAM,CAAC;iBACZ,IAAI,CAAC;gBACJ,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,EAAE,MAAM,EAAE,YAAY;gBAC3C,MAAM,EAAE;oBACN,IAAI,EAAE,UAAU;oBAChB,SAAS,EAAE,EAAE,GAAG,EAAE,GAAG,gBAAgB,oBAAoB,EAAE;iBAC5D;aACF,CAAC;iBACD,GAAG,CAAC,gBAAgB,EAAE,SAAS,CAAC;iBAChC,GAAG,CAAC,QAAQ,EAAE,qCAAqC,CAAC,CAAC;YAExD,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;YACjD,wEAAwE;YACxE,qEAAqE;YACrE,MAAM,EAAE,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAC;YAChC,MAAM,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;YACzB,MAAM,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAExC,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;QACxB,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;YAC/D,MAAM,OAAO,GAAG,iBAAiB,EAAE,CAAC;YACpC,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;YAClE,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,CAAC;YAEzC,MAAM,IAAA,mBAAO,EAAC,GAAG,CAAC;iBACf,IAAI,CAAC,MAAM,CAAC;iBACZ,IAAI,CAAC;gBACJ,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,EAAE,MAAM,EAAE,YAAY;gBAC3C,MAAM,EAAE;oBACN,IAAI,EAAE,WAAW;oBACjB,SAAS,EAAE;wBACT,GAAG,EAAE,GAAG,gBAAgB,2BAA2B;wBACnD,IAAI,EAAE,cAAc;qBACrB;iBACF;aACF,CAAC;iBACD,GAAG,CAAC,gBAAgB,EAAE,SAAS,CAAC;iBAChC,GAAG,CAAC,QAAQ,EAAE,qCAAqC,CAAC,CAAC;YAExD,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;YACjD,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;QACxB,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;YAClE,MAAM,OAAO,GAAG,iBAAiB,EAAE,CAAC;YACpC,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;YAClE,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,CAAC;YAEzC,MAAM,IAAA,mBAAO,EAAC,GAAG,CAAC;iBACf,IAAI,CAAC,MAAM,CAAC;iBACZ,IAAI,CAAC;gBACJ,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,EAAE,MAAM,EAAE,YAAY;gBAC3C,MAAM,EAAE;oBACN,IAAI,EAAE,cAAc;oBACpB,SAAS,EAAE;wBACT,GAAG,EAAE,GAAG,gBAAgB,uBAAuB;wBAC/C,MAAM,EAAE,KAAK;qBACd;iBACF;aACF,CAAC;iBACD,GAAG,CAAC,gBAAgB,EAAE,SAAS,CAAC;iBAChC,GAAG,CAAC,QAAQ,EAAE,qCAAqC,CAAC,CAAC;YAExD,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;YACjD,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;QACxB,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;YACnD,MAAM,OAAO,GAAG,iBAAiB,EAAE,CAAC;YACpC,wCAAwC;YACxC,IAAI,qBAAqB,GAAY,KAAK,CAAC;YAC3C,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,CAAC,EAAY,EAAE,EAAE;gBAC9D,qBAAqB,GAAG,kCAAkB,CAAC,GAAG,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC;gBAChE,OAAO,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,YAAY,EAAE,EAAE,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;YAC7E,CAAC,CAAC,CAAC;YAEH,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;YAClE,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,CAAC;YAEzC,MAAM,IAAA,mBAAO,EAAC,GAAG,CAAC;iBACf,IAAI,CAAC,MAAM,CAAC;iBACZ,IAAI,CAAC;gBACJ,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,EAAE,MAAM,EAAE,YAAY;gBAC3C,MAAM,EAAE;oBACN,IAAI,EAAE,UAAU;oBAChB,SAAS,EAAE,EAAE,GAAG,EAAE,8BAA8B,EAAE;iBACnD;aACF,CAAC;iBACD,GAAG,CAAC,gBAAgB,EAAE,SAAS,CAAC;iBAChC,GAAG,CAAC,QAAQ,EAAE,qCAAqC,CAAC,CAAC;YAExD,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;YACjD,MAAM,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAE1C,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;QACxB,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4DAA4D,EAAE,KAAK,IAAI,EAAE;YAC1E,MAAM,OAAO,GAAG,iBAAiB,EAAE,CAAC;YACpC,IAAI,qBAAqB,GAAY,KAAK,CAAC;YAC3C,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,CAAC,EAAY,EAAE,EAAE;gBAC9D,qBAAqB,GAAG,kCAAkB,CAAC,GAAG,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC;gBAChE,OAAO,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,YAAY,EAAE,EAAE,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;YAC7E,CAAC,CAAC,CAAC;YAEH,sBAAsB;YACtB,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAC3D,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,CAAC;YAEzC,MAAM,IAAA,mBAAO,EAAC,GAAG,CAAC;iBACf,IAAI,CAAC,MAAM,CAAC;iBACZ,IAAI,CAAC;gBACJ,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,EAAE,MAAM,EAAE,YAAY;gBAC3C,MAAM,EAAE;oBACN,IAAI,EAAE,UAAU;oBAChB,SAAS,EAAE,EAAE,GAAG,EAAE,GAAG,gBAAgB,oBAAoB,EAAE;iBAC5D;aACF,CAAC;iBACD,GAAG,CAAC,gBAAgB,EAAE,SAAS,CAAC;iBAChC,GAAG,CAAC,QAAQ,EAAE,qCAAqC,CAAC,CAAC;YAExD,MAAM,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1C,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;QACxB,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4DAA4D,EAAE,KAAK,IAAI,EAAE;YAC1E,MAAM,OAAO,GAAG,iBAAiB,EAAE,CAAC;YACpC,IAAI,qBAAqB,GAAY,KAAK,CAAC;YAC3C,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,CAAC,EAAY,EAAE,EAAE;gBAC9D,qBAAqB,GAAG,kCAAkB,CAAC,GAAG,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC;gBAChE,OAAO,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,YAAY,EAAE,EAAE,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;YAC7E,CAAC,CAAC,CAAC;YAEH,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,oBAAoB,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;YACzE,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,CAAC;YAEzC,MAAM,IAAA,mBAAO,EAAC,GAAG,CAAC;iBACf,IAAI,CAAC,MAAM,CAAC;iBACZ,IAAI,CAAC;gBACJ,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,EAAE,MAAM,EAAE,YAAY;gBAC3C,MAAM,EAAE;oBACN,IAAI,EAAE,UAAU;oBAChB,SAAS,EAAE,EAAE,GAAG,EAAE,GAAG,gBAAgB,oBAAoB,EAAE;iBAC5D;aACF,CAAC;iBACD,GAAG,CAAC,gBAAgB,EAAE,SAAS,CAAC;iBAChC,GAAG,CAAC,QAAQ,EAAE,qCAAqC,CAAC,CAAC;YAExD,MAAM,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1C,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;QACxB,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;YAC1D,MAAM,OAAO,GAAG,iBAAiB,EAAE,CAAC;YACpC,IAAI,aAAa,GAAQ,IAAI,CAAC;YAC9B,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,CAAC,EAAY,EAAE,EAAE;gBAC9D,aAAa,GAAG,kCAAkB,CAAC,GAAG,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC;gBACxD,OAAO,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,YAAY,EAAE,EAAE,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;YAC7E,CAAC,CAAC,CAAC;YAEH,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;YAClE,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,CAAC;YAEzC,MAAM,IAAA,mBAAO,EAAC,GAAG,CAAC;iBACf,IAAI,CAAC,MAAM,CAAC;iBACZ,IAAI,CAAC;gBACJ,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,EAAE,MAAM,EAAE,YAAY;gBAC3C,MAAM,EAAE;oBACN,IAAI,EAAE,UAAU;oBAChB,SAAS,EAAE,EAAE,GAAG,EAAE,GAAG,gBAAgB,oBAAoB,EAAE;iBAC5D;aACF,CAAC;iBACD,GAAG,CAAC,gBAAgB,EAAE,SAAS,CAAC;iBAChC,GAAG,CAAC,QAAQ,EAAE,qCAAqC,CAAC,CAAC;YAExD,MAAM,CAAC,aAAa,CAAC,CAAC,WAAW,EAAE,CAAC;YACpC,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;YAC3D,MAAM,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAE9D,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;QACxB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,gDAAgD;AAChD,8EAA8E;AAE9E,QAAQ,CAAC,wCAAwC,EAAE,GAAG,EAAE;IACtD,IAAI,QAAsB,CAAC;IAE3B,UAAU,CAAC,GAAG,EAAE;QACd,QAAQ,GAAG,IAAI,4BAAY,CAAC;YAC1B,IAAI,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,EAAE,eAAe,EAAE,GAAG,EAAE;YAChE,KAAK,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE;SACzC,CAAC,CAAC;QACH,yDAAyD;QACzD,QAAQ,CAAC,qBAAqB,GAAG,KAAK,CAAC;QACvC,kCAAkB,CAAC,KAAK,EAAE,CAAC;IAC7B,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,kCAAkB,CAAC,KAAK,EAAE,CAAC;IAC7B,CAAC,CAAC,CAAC;IAEH,SAAS,YAAY,CAAC,SAA6B;QACjD,OAAO;YACL,YAAY,EAAE,WAAW;YACzB,OAAO,EAAE,aAAa;YACtB,YAAY,EAAE,SAAS;YACvB,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE;YAC3D,MAAM,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE;YAChC,IAAI,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE;YAChE,IAAI,EAAE;gBACJ,MAAM,EAAE,KAAK;gBACb,GAAG,EAAE,2CAA2C;gBAChD,OAAO,EAAE,EAAE;aACZ;YACD,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,GAAG,SAAS;SACb,CAAC;IACJ,CAAC;IAED,EAAE,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;QACjF,MAAM,EAAE,GAAG,YAAY,EAAE,CAAC;QAC1B,kCAAkB,CAAC,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE;YACtC,KAAK,EAAE,kBAAkB;YACzB,gBAAgB,EAAE,yBAAyB;SAC5C,CAAC,CAAC;QAEH,qEAAqE;QACrE,wCAAwC;QACxC,IAAI,CAAC;YACH,MAAM,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,oCAAoC;QACtC,CAAC;QAED,iCAAiC;QACjC,MAAM,CAAC,kCAAkB,CAAC,GAAG,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;QAC7D,MAAM,EAAE,GAAG,YAAY,CAAC;YACtB,IAAI,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,8BAA8B,EAAE,OAAO,EAAE,EAAE,EAAE;SAC1E,CAAC,CAAC;QACH,kCAAkB,CAAC,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE;YACtC,KAAK,EAAE,kBAAkB;YACzB,gBAAgB,EAAE,yBAAyB;SAC5C,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,MAAM,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,WAAW;QACb,CAAC;QAED,MAAM,CAAC,kCAAkB,CAAC,GAAG,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uDAAuD,EAAE,KAAK,IAAI,EAAE;QACrE,MAAM,EAAE,GAAG,YAAY,CAAC;YACtB,IAAI,EAAE;gBACJ,MAAM,EAAE,KAAK;gBACb,GAAG,EAAE,2CAA2C;gBAChD,OAAO,EAAE,EAAE,aAAa,EAAE,0BAA0B,EAAE;aACvD;SACF,CAAC,CAAC;QACH,kCAAkB,CAAC,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE;YACtC,KAAK,EAAE,sBAAsB;YAC7B,gBAAgB,EAAE,yBAAyB;SAC5C,CAAC,CAAC;QAEH,6DAA6D;QAC7D,+CAA+C;QAC/C,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,QAAe,EAAE,aAAa,CAAC,CAAC;QAClE,cAAc,CAAC,qBAAqB,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC;QAElF,MAAM,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAE3B,qCAAqC;QACrC,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAA2B,CAAC;QAC9E,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QAEtE,cAAc,CAAC,WAAW,EAAE,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;QACxE,MAAM,EAAE,GAAG,YAAY,CAAC;YACtB,IAAI,EAAE;gBACJ,MAAM,EAAE,KAAK;gBACb,GAAG,EAAE,2CAA2C;gBAChD,OAAO,EAAE,EAAE;aACZ;SACF,CAAC,CAAC;QACH,kCAAkB,CAAC,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE;YACtC,KAAK,EAAE,sBAAsB;YAC7B,gBAAgB,EAAE,yBAAyB;SAC5C,CAAC,CAAC;QAEH,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,QAAe,EAAE,aAAa,CAAC,CAAC;QAClE,cAAc,CAAC,qBAAqB,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC;QAElF,MAAM,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAE3B,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAA2B,CAAC;QAC9E,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAEzE,cAAc,CAAC,WAAW,EAAE,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;QACjF,oDAAoD;QACpD,QAAQ,CAAC,qBAAqB,GAAG,IAAI,CAAC;QAEtC,MAAM,EAAE,GAAG,YAAY,CAAC;YACtB,IAAI,EAAE;gBACJ,MAAM,EAAE,KAAK;gBACb,iDAAiD;gBACjD,GAAG,EAAE,yCAAyC;gBAC9C,OAAO,EAAE,EAAE;aACZ;SACF,CAAC,CAAC;QACH,kCAAkB,CAAC,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE;YACtC,KAAK,EAAE,gBAAgB;YACvB,gBAAgB,EAAE,uBAAuB;SAC1C,CAAC,CAAC;QAEH,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,QAAe,EAAE,aAAa,CAAC,CAAC;QAClE,cAAc,CAAC,qBAAqB,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC;QAE5F,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAE1C,oCAAoC;QACpC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrC,kDAAkD;QAClD,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY;QAC9D,MAAM,CAAC,QAAQ,CAAC,CAAC,aAAa,EAAE,CAAC;QAEjC,cAAc,CAAC,WAAW,EAAE,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gEAAgE,EAAE,KAAK,IAAI,EAAE;QAC9E,QAAQ,CAAC,qBAAqB,GAAG,IAAI,CAAC;QAEtC,MAAM,EAAE,GAAG,YAAY,CAAC;YACtB,IAAI,EAAE;gBACJ,MAAM,EAAE,KAAK;gBACb,GAAG,EAAE,0CAA0C,EAAE,mCAAmC;gBACpF,OAAO,EAAE,EAAE;aACZ;SACF,CAAC,CAAC;QACH,yCAAyC;QACzC,kCAAkB,CAAC,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE;YACtC,KAAK,EAAE,aAAa;YACpB,gBAAgB,EAAE,yBAAyB;SAC5C,CAAC,CAAC;QAEH,MAAM,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QACnE,MAAM,CAAC,kCAAkB,CAAC,GAAG,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}