npm - rekor-cli - Versions diffs - 0.1.22 → 0.1.23 - Mend

rekor-cli 0.1.22 → 0.1.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 // src/program.ts
-import { Command as Command16 } from "commander";
+import { Command as Command17 } from "commander";
 // src/commands/login.ts
 import { Command } from "commander";
@@ -1234,10 +1234,41 @@ tokensCommand.command("revoke <token_id>").description("Revoke an API token").ac
   console.log("Token revoked");
 });
+// src/commands/debug.ts
+import { Command as Command16 } from "commander";
+var debugCommand = new Command16("debug").description("Platform-admin debug commands (requires platform:admin grant)");
+var doCommand = debugCommand.command("do").description("Inspect live database storage state");
+doCommand.command("tables <type> <id>").description("List internal tables and row counts. Types: database | org | user").action(async function(type, id) {
+  const client = new ApiClient();
+  const data = await client.request(
+    "GET",
+    `/admin/debug/do/${encodeURIComponent(type)}/${encodeURIComponent(id)}/tables`
+  );
+  console.log(formatOutput(data.tables, getFormat(this)));
+});
+doCommand.command("read <type> <id> <table>").description("Read rows from an internal table (sensitive columns redacted)").option("--limit <n>", "Max rows (default 20, cap 100)", (v) => Number(v)).option("--row-id <value>", "Filter to a single row by its id column").action(async function(type, id, table, opts) {
+  const client = new ApiClient();
+  const params = new URLSearchParams({ table });
+  if (opts.limit !== void 0) params.set("limit", String(opts.limit));
+  if (opts.rowId !== void 0) params.set("row_id", opts.rowId);
+  const data = await client.request(
+    "GET",
+    `/admin/debug/do/${encodeURIComponent(type)}/${encodeURIComponent(id)}/read?${params}`
+  );
+  const format = getFormat(this);
+  if (format === "json") {
+    console.log(JSON.stringify(data, null, 2));
+    return;
+  }
+  const objs = data.rows.map((r) => Object.fromEntries(data.columns.map((c, i) => [c, r[i]])));
+  console.log(formatOutput(objs, format));
+  if (data.truncated) console.log("(truncated \u2014 pass --limit to see more)");
+});
 // package.json
 var package_default = {
   name: "rekor-cli",
-  version: "0.1.22",
+  version: "0.1.23",
   type: "module",
   engines: {
     node: ">=20.0.0"
@@ -1270,7 +1301,7 @@ var package_default = {
 };
 // src/program.ts
-var program = new Command16("rekor").description("Rekor CLI \u2014 System of Record for AI agents").version(package_default.version).option("--database <id>", "Database ID").option("--output <format>", "Output format: json or table", "table");
+var program = new Command17("rekor").description("Rekor CLI \u2014 System of Record for AI agents").version(package_default.version).option("--database <id>", "Database ID").option("--output <format>", "Output format: json or table", "table");
 program.addCommand(loginCommand);
 program.addCommand(logoutCommand);
 program.addCommand(databasesCommand);
@@ -1286,6 +1317,7 @@ program.addCommand(batchCommand);
 program.addCommand(providersCommand);
 program.addCommand(tokensCommand);
 program.addCommand(endpointsCommand);
+program.addCommand(debugCommand);
 // src/index.ts
 program.parse();

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/program.ts","../src/commands/login.ts","../src/config.ts","../src/token-store.ts","../src/oauth.ts","../src/auth.ts","../src/pkce.ts","../src/commands/logout.ts","../src/client.ts","../src/commands/databases.ts","../src/output.ts","../src/helpers.ts","../src/commands/collections.ts","../src/commands/documents.ts","../src/commands/sql.ts","../src/commands/relationships.ts","../src/commands/query-relationships.ts","../src/commands/attachments.ts","../src/commands/hooks.ts","../src/commands/triggers.ts","../src/commands/endpoints.ts","../src/commands/batch.ts","../src/commands/providers.ts","../src/commands/tokens.ts","../package.json","../src/index.ts"],"sourcesContent":["import { Command } from 'commander';\nimport { loginCommand } from './commands/login.js';\nimport { logoutCommand } from './commands/logout.js';\nimport { databasesCommand } from './commands/databases.js';\nimport { collectionsCommand } from './commands/collections.js';\nimport { documentsCommand } from './commands/documents.js';\nimport { sqlCommand } from './commands/sql.js';\nimport { relationshipsCommand } from './commands/relationships.js';\nimport { queryRelationshipsCommand } from './commands/query-relationships.js';\nimport { attachmentsCommand } from './commands/attachments.js';\nimport { hooksCommand } from './commands/hooks.js';\nimport { triggersCommand } from './commands/triggers.js';\nimport { endpointsCommand } from './commands/endpoints.js';\nimport { batchCommand } from './commands/batch.js';\nimport { providersCommand } from './commands/providers.js';\nimport { tokensCommand } from './commands/tokens.js';\nimport pkg from '../package.json' with { type: 'json' };\n\nexport const program = new Command('rekor')\n .description('Rekor CLI — System of Record for AI agents')\n .version(pkg.version)\n .option('--database <id>', 'Database ID')\n .option('--output <format>', 'Output format: json or table', 'table');\n\nprogram.addCommand(loginCommand);\nprogram.addCommand(logoutCommand);\nprogram.addCommand(databasesCommand);\nprogram.addCommand(collectionsCommand);\nprogram.addCommand(documentsCommand);\nprogram.addCommand(sqlCommand);\nprogram.addCommand(relationshipsCommand);\nprogram.addCommand(queryRelationshipsCommand);\nprogram.addCommand(attachmentsCommand);\nprogram.addCommand(hooksCommand);\nprogram.addCommand(triggersCommand);\nprogram.addCommand(batchCommand);\nprogram.addCommand(providersCommand);\nprogram.addCommand(tokensCommand);\nprogram.addCommand(endpointsCommand);\n","import { Command } from 'commander';\nimport { login } from '../auth.js';\nimport { loadConfig, saveConfig } from '../config.js';\nimport {\n exchangeCodeForTokens,\n expiresInToIso,\n startCallbackServer,\n getAuthKitDomain,\n getAuthKitClientId,\n OAUTH_CALLBACK_PORT,\n} from '../oauth.js';\nimport {\n generateCodeVerifier,\n generateCodeChallenge,\n generateState,\n} from '../pkce.js';\nimport { setOAuthTokens } from '../token-store.js';\n\nconst FALLBACK_URL_DELAY_MS = 5_000;\n\nexport const loginCommand = new Command('login')\n .description('Authenticate with Rekor')\n .option('--token <token>', 'API key for headless/CI authentication (rec_...)')\n .option('--api-url <url>', 'API base URL')\n .action(async (opts: { token?: string; apiUrl?: string }) => {\n if (opts.token) {\n await login(opts.token, opts.apiUrl);\n console.log('Authenticated successfully');\n return;\n }\n\n try {\n await browserLoginPkce(opts.apiUrl);\n console.log('Authenticated successfully');\n } catch (err) {\n console.error(\n `Login failed: ${err instanceof Error ? err.message : 'Unknown error'}`,\n );\n process.exit(1);\n }\n });\n\nasync function browserLoginPkce(apiUrl?: string): Promise<void> {\n const open = await import('open').then(m => m.default);\n\n const codeVerifier = generateCodeVerifier();\n const codeChallenge = generateCodeChallenge(codeVerifier);\n const state = generateState();\n\n const port = OAUTH_CALLBACK_PORT;\n const redirectUri = `http://127.0.0.1:${port}/callback`;\n\n const authkitDomain = getAuthKitDomain();\n const clientId = getAuthKitClientId();\n\n const authorizeUrl = new URL(`${authkitDomain}/oauth2/authorize`);\n authorizeUrl.searchParams.set('client_id', clientId);\n authorizeUrl.searchParams.set('redirect_uri', redirectUri);\n authorizeUrl.searchParams.set('response_type', 'code');\n authorizeUrl.searchParams.set('code_challenge', codeChallenge);\n authorizeUrl.searchParams.set('code_challenge_method', 'S256');\n authorizeUrl.searchParams.set('state', state);\n // offline_access asks AuthKit to issue a refresh_token alongside the access_token —\n // without it the CLI would re-prompt every ~1h when the access token expires.\n authorizeUrl.searchParams.set('scope', 'openid profile email offline_access');\n\n console.log('Opening browser for authentication...');\n\n // Start the callback server first so the redirect can land.\n const callbackPromise = startCallbackServer(port, state);\n\n // open() resolves on spawn, not browser launch — print a fallback URL after a delay.\n let fallbackPrinted = false;\n const fallbackTimer = setTimeout(() => {\n fallbackPrinted = true;\n console.log(`If the browser didn't open, visit: ${authorizeUrl.toString()}`);\n }, FALLBACK_URL_DELAY_MS);\n\n open(authorizeUrl.toString()).catch(() => {\n if (fallbackPrinted) return;\n clearTimeout(fallbackTimer);\n console.log('Could not open browser automatically.');\n console.log(`Visit: ${authorizeUrl.toString()}`);\n });\n\n let code: string;\n try {\n ({ code } = await callbackPromise);\n } finally {\n clearTimeout(fallbackTimer);\n }\n\n const tokens = await exchangeCodeForTokens(authkitDomain, clientId, code, codeVerifier, redirectUri);\n const expiresAt = expiresInToIso(tokens.expires_in);\n await setOAuthTokens(tokens.access_token, tokens.refresh_token, expiresAt);\n\n const config = loadConfig();\n saveConfig({\n ...config,\n api_url: apiUrl ?? config.api_url,\n });\n}\n","import { readFileSync, writeFileSync, mkdirSync } from 'fs';\nimport { join } from 'path';\nimport { homedir } from 'os';\n\nconst CONFIG_DIR = join(homedir(), '.config', 'rekor');\nconst CONFIG_FILE = join(CONFIG_DIR, 'config.json');\n\nexport interface Config {\n api_url: string;\n default_database?: string;\n org_id?: string;\n}\n\ninterface ConfigFile extends Config {\n // Tokens may linger here from older CLI versions until token-store migrates them.\n token?: string;\n [key: string]: unknown;\n}\n\nexport function loadConfig(): Config {\n const envUrl = process.env['REKOR_API_URL'];\n\n try {\n const raw = readFileSync(CONFIG_FILE, 'utf-8');\n const stored = JSON.parse(raw) as ConfigFile;\n return {\n api_url: envUrl ?? stored.api_url ?? 'http://localhost:8787',\n default_database: stored.default_database,\n org_id: stored.org_id,\n };\n } catch {\n return {\n api_url: envUrl ?? 'http://localhost:8787',\n };\n }\n}\n\nexport function saveConfig(config: Config): void {\n mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });\n let existing: ConfigFile = {} as ConfigFile;\n try {\n existing = JSON.parse(readFileSync(CONFIG_FILE, 'utf-8')) as ConfigFile;\n } catch {\n existing = {} as ConfigFile;\n }\n const merged: ConfigFile = { ...existing, ...config };\n writeFileSync(CONFIG_FILE, JSON.stringify(merged, null, 2), { mode: 0o600 });\n}\n\nexport { CONFIG_DIR, CONFIG_FILE };\n","import * as fs from 'node:fs';\nimport { CONFIG_DIR, CONFIG_FILE } from './config.js';\n\nconst KEYRING_SERVICE = 'rekor';\nconst KEY_REC = 'rec_token';\nconst KEY_OAUTH_ACCESS = 'oauth_access_token';\nconst KEY_OAUTH_REFRESH = 'oauth_refresh_token';\n\ninterface KeyringBinding {\n getPassword(service: string, account: string): Promise<string \| null>;\n setPassword(service: string, account: string, password: string): Promise<void>;\n deletePassword(service: string, account: string): Promise<boolean>;\n}\n\nlet keyringCache: KeyringBinding \| null \| undefined;\n\nasync function getKeyring(): Promise<KeyringBinding \| null> {\n if (keyringCache !== undefined) return keyringCache;\n try {\n const mod = await import('@napi-rs/keyring');\n const Entry = mod.Entry;\n keyringCache = {\n async getPassword(service, account) {\n try { return new Entry(service, account).getPassword(); } catch { return null; }\n },\n async setPassword(service, account, password) {\n new Entry(service, account).setPassword(password);\n },\n async deletePassword(service, account) {\n try { return new Entry(service, account).deletePassword(); } catch { return false; }\n },\n };\n } catch {\n keyringCache = null;\n }\n return keyringCache;\n}\n\nfunction manualCleanupCommand(account: string): string {\n if (process.platform === 'darwin') {\n return `security delete-generic-password -s ${KEYRING_SERVICE} -a ${account}`;\n }\n if (process.platform === 'win32') {\n return `cmdkey /delete:${KEYRING_SERVICE}/${account}`;\n }\n if (process.platform === 'linux') {\n return `secret-tool clear service ${KEYRING_SERVICE} account ${account}`;\n }\n return `(remove service=\"${KEYRING_SERVICE}\" account=\"${account}\" from your OS credential store)`;\n}\n\ninterface LegacyConfigFile {\n api_url?: string;\n token?: string;\n access_token?: string;\n refresh_token?: string;\n token_expires_at?: string;\n default_database?: string;\n org_id?: string;\n [key: string]: unknown;\n}\n\nfunction readConfigFile(): LegacyConfigFile \| null {\n if (!fs.existsSync(CONFIG_FILE)) return null;\n try {\n return JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf-8')) as LegacyConfigFile;\n } catch {\n return null;\n }\n}\n\nfunction writeConfigFile(data: LegacyConfigFile): void {\n if (!fs.existsSync(CONFIG_DIR)) {\n fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });\n }\n fs.writeFileSync(CONFIG_FILE, JSON.stringify(data, null, 2), { mode: 0o600 });\n}\n\n// Delete reported success but get still returned a value — the keychain ignored the delete.\nexport class StaleKeyringSlotError extends Error {\n constructor(public readonly account: string) {\n super(\n `Stale credential remains in OS keychain slot \"${account}\" after delete. ` +\n `Clean it up manually and retry:\\n ${manualCleanupCommand(account)}`,\n );\n this.name = 'StaleKeyringSlotError';\n }\n}\n\nasync function clearSlot(keyring: KeyringBinding, account: string): Promise<boolean> {\n await keyring.deletePassword(KEYRING_SERVICE, account);\n try {\n return (await keyring.getPassword(KEYRING_SERVICE, account)) === null;\n } catch {\n return false;\n }\n}\n\nexport type ResolvedToken =\n \| { kind: 'rec'; token: string }\n \| { kind: 'oauth'; access_token: string; refresh_token?: string; expires_at?: string };\n\nfunction stripTokenFieldsFromFile(): void {\n const existing = readConfigFile();\n if (!existing) return;\n if (existing.token === undefined && existing.access_token === undefined && existing.refresh_token === undefined) return;\n delete existing.token;\n delete existing.access_token;\n delete existing.refresh_token;\n writeConfigFile(existing);\n}\n\nfunction readMetadataExpiresAt(): string \| undefined {\n return readConfigFile()?.token_expires_at;\n}\n\nfunction writeMetadataExpiresAt(value: string \| undefined): void {\n const existing = readConfigFile() ?? {};\n if (value === undefined) {\n delete existing.token_expires_at;\n } else {\n existing.token_expires_at = value;\n }\n writeConfigFile(existing);\n}\n\nasync function migrateLegacyFileToken(keyring: KeyringBinding \| null): Promise<ResolvedToken \| null> {\n const existing = readConfigFile();\n if (!existing) return null;\n\n // Prefer OAuth fields if present (newer file-fallback format), else legacy `token`.\n if (existing.access_token) {\n const out: ResolvedToken = {\n kind: 'oauth',\n access_token: existing.access_token,\n refresh_token: existing.refresh_token,\n expires_at: existing.token_expires_at,\n };\n if (keyring) {\n try {\n // Keyring wins on conflict — only migrate if slots are empty.\n const accessExisting = await keyring.getPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS);\n if (!accessExisting) {\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS, existing.access_token);\n if (existing.refresh_token) {\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_REFRESH, existing.refresh_token);\n }\n }\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip legacy OAuth tokens from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n } catch (err) {\n console.warn(`rekor: OAuth migration to keychain failed (${(err as Error).message}); continuing with file-backed.`);\n }\n }\n return out;\n }\n\n if (existing.token) {\n const token = existing.token;\n if (!keyring) return { kind: 'rec', token };\n try {\n const recExisting = await keyring.getPassword(KEYRING_SERVICE, KEY_REC);\n if (recExisting) {\n // Keyring wins — strip stale file copy.\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip stale token from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n return null;\n }\n await keyring.setPassword(KEYRING_SERVICE, KEY_REC, token);\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip legacy token from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n } catch (err) {\n console.warn(`rekor: keychain migration failed (${(err as Error).message}); continuing with file-backed token.`);\n }\n return { kind: 'rec', token };\n }\n\n return null;\n}\n\n// Read order: REKOR_TOKEN env → rec_ slot → OAuth slot. rec_ wins so an OAuth fallback can't silently switch identities.\nexport async function getResolvedToken(): Promise<ResolvedToken \| null> {\n const envToken = process.env['REKOR_TOKEN'];\n if (envToken) {\n // Always rec-kind — preserves `REKOR_TOKEN=dev` for DEV_BYPASS_AUTH and avoids the OAuth refresh path on plain strings.\n return { kind: 'rec', token: envToken };\n }\n\n const keyring = await getKeyring();\n const migrated = await migrateLegacyFileToken(keyring);\n if (migrated) return migrated;\n\n if (keyring) {\n // All three slots in parallel — rec_ wins read precedence but probing sequentially would block on empty slots.\n const [rec, access, refresh] = await Promise.all([\n keyring.getPassword(KEYRING_SERVICE, KEY_REC),\n keyring.getPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS),\n keyring.getPassword(KEYRING_SERVICE, KEY_OAUTH_REFRESH),\n ]);\n if (rec) return { kind: 'rec', token: rec };\n if (access) {\n const out: ResolvedToken = { kind: 'oauth', access_token: access };\n if (refresh) out.refresh_token = refresh;\n const expiresAt = readMetadataExpiresAt();\n if (expiresAt) out.expires_at = expiresAt;\n return out;\n }\n }\n\n return null;\n}\n\n// Backwards-compatible single-string accessor for callers that don't need the kind.\nexport async function getToken(): Promise<string \| null> {\n const resolved = await getResolvedToken();\n if (!resolved) return null;\n return resolved.kind === 'rec' ? resolved.token : resolved.access_token;\n}\n\nexport async function setToken(token: string): Promise<void> {\n await setRecToken(token);\n}\n\nexport async function setRecToken(token: string): Promise<void> {\n const keyring = await getKeyring();\n if (keyring) {\n try {\n // Clear OAuth slots first — a stale OAuth would survive `rekor logout` and confuse mode-switch debugging.\n const [accessCleared, refreshCleared] = await Promise.all([\n clearSlot(keyring, KEY_OAUTH_ACCESS),\n clearSlot(keyring, KEY_OAUTH_REFRESH),\n ]);\n const stuck = [\n accessCleared ? null : KEY_OAUTH_ACCESS,\n refreshCleared ? null : KEY_OAUTH_REFRESH,\n ].filter((a): a is string => a !== null);\n if (stuck.length > 0) {\n console.warn(\n [\n `rekor: stale OAuth credential remains in OS keychain after delete. Commands work but logout won't fully clear. Manually:`,\n ...stuck.map(a => ` ${manualCleanupCommand(a)}`),\n ].join('\\n'),\n );\n }\n await keyring.setPassword(KEYRING_SERVICE, KEY_REC, token);\n writeMetadataExpiresAt(undefined);\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip stale tokens from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n return;\n } catch (err) {\n if (err instanceof StaleKeyringSlotError) throw err;\n console.warn(`rekor: keychain write failed (${(err as Error).message}); falling back to file storage.`);\n }\n }\n const existing = readConfigFile() ?? {};\n delete existing.access_token;\n delete existing.refresh_token;\n delete existing.token_expires_at;\n existing.token = token;\n writeConfigFile(existing);\n}\n\nexport async function setOAuthTokens(\n accessToken: string,\n refreshToken: string \| undefined,\n expiresAt: string,\n): Promise<void> {\n const keyring = await getKeyring();\n if (keyring) {\n try {\n // rec_ wins the read race — a leftover would mask new OAuth tokens; verify empty after delete and fail loudly.\n if (!(await clearSlot(keyring, KEY_REC))) {\n throw new StaleKeyringSlotError(KEY_REC);\n }\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS, accessToken);\n if (refreshToken) {\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_REFRESH, refreshToken);\n } else {\n // Best-effort clear of any stale refresh slot when the new pair has none.\n await clearSlot(keyring, KEY_OAUTH_REFRESH);\n }\n writeMetadataExpiresAt(expiresAt);\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip stale tokens from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n return;\n } catch (err) {\n // StaleKeyringSlotError propagates — file fallback won't help if the keyring still holds rec_.\n if (err instanceof StaleKeyringSlotError) throw err;\n console.warn(`rekor: keychain write failed (${(err as Error).message}); falling back to file storage.`);\n }\n }\n const existing = readConfigFile() ?? {};\n delete existing.token;\n existing.access_token = accessToken;\n if (refreshToken) existing.refresh_token = refreshToken;\n existing.token_expires_at = expiresAt;\n writeConfigFile(existing);\n}\n\nexport async function clearToken(): Promise<void> {\n await clearAllTokens();\n}\n\nexport async function clearAllTokens(): Promise<void> {\n const keyring = await getKeyring();\n if (keyring) {\n const slots = [KEY_REC, KEY_OAUTH_ACCESS, KEY_OAUTH_REFRESH] as const;\n const cleared = await Promise.all(slots.map(s => clearSlot(keyring, s)));\n for (const [i, ok] of cleared.entries()) {\n if (!ok) {\n const account = slots[i]!;\n console.warn(\n `rekor: could not clear keychain slot \"${account}\". Subsequent commands may still pick the stale token. Manually:\\n ${manualCleanupCommand(account)}`,\n );\n }\n }\n }\n const existing = readConfigFile();\n if (existing) {\n let dirty = false;\n for (const k of ['token', 'access_token', 'refresh_token', 'token_expires_at'] as const) {\n if (existing[k] !== undefined) {\n delete existing[k];\n dirty = true;\n }\n }\n if (dirty) writeConfigFile(existing);\n }\n}\n\nexport function __setKeyringForTesting(binding: KeyringBinding \| null): void {\n keyringCache = binding;\n}\n\nexport function __resetKeyringForTesting(): void {\n keyringCache = undefined;\n}\n","import * as http from 'node:http';\n\n// Fixed port for the OAuth redirect URI — must match what's registered in WorkOS AuthKit.\nexport const OAUTH_CALLBACK_PORT = 3927;\n\n// No live defaults until production AuthKit is registered — a registrable fallback subdomain would let an attacker intercept codes from misconfigured installs.\nconst DEFAULT_AUTHKIT_DOMAIN = '';\nconst DEFAULT_AUTHKIT_CLIENT_ID = '';\n\nexport function getAuthKitDomain(): string {\n const value = process.env['REKOR_AUTHKIT_DOMAIN'] \|\| DEFAULT_AUTHKIT_DOMAIN;\n if (!value) {\n throw new Error('REKOR_AUTHKIT_DOMAIN is not configured — set the env var to your AuthKit tenant (e.g. https://<tenant>.authkit.app).');\n }\n return value;\n}\n\nexport function getAuthKitClientId(): string {\n const value = process.env['REKOR_AUTHKIT_CLIENT_ID'] \|\| DEFAULT_AUTHKIT_CLIENT_ID;\n if (!value) {\n throw new Error('REKOR_AUTHKIT_CLIENT_ID is not configured — set the env var to the AuthKit public PKCE client id registered for the Rekor CLI.');\n }\n return value;\n}\n\nexport interface TokenResponse {\n access_token: string;\n refresh_token?: string;\n expires_in: number;\n}\n\nexport function expiresInToIso(expiresInSeconds: number): string {\n return new Date(Date.now() + expiresInSeconds * 1000).toISOString();\n}\n\nfunction asTokenResponse(value: unknown): TokenResponse {\n if (typeof value !== 'object' \|\| value === null) {\n throw new Error('AuthKit returned a non-object token payload');\n }\n const v = value as Partial<TokenResponse>;\n if (typeof v.access_token !== 'string' \|\| typeof v.expires_in !== 'number') {\n throw new Error('AuthKit token payload missing required fields');\n }\n const out: TokenResponse = { access_token: v.access_token, expires_in: v.expires_in };\n if (typeof v.refresh_token === 'string') out.refresh_token = v.refresh_token;\n return out;\n}\n\nexport async function exchangeCodeForTokens(\n authkitDomain: string,\n clientId: string,\n code: string,\n codeVerifier: string,\n redirectUri: string,\n): Promise<TokenResponse> {\n const response = await fetch(`${authkitDomain}/oauth2/token`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: new URLSearchParams({\n grant_type: 'authorization_code',\n code,\n code_verifier: codeVerifier,\n redirect_uri: redirectUri,\n client_id: clientId,\n }).toString(),\n });\n\n if (!response.ok) {\n const body = await response.text();\n throw new Error(`Token exchange failed (${response.status}): ${body}`);\n }\n\n return asTokenResponse(await response.json());\n}\n\nexport class SessionExpiredError extends Error {\n constructor() {\n super('SESSION_EXPIRED');\n this.name = 'SessionExpiredError';\n }\n}\n\nexport async function refreshAccessToken(\n authkitDomain: string,\n clientId: string,\n refreshToken: string,\n): Promise<TokenResponse> {\n const response = await fetch(`${authkitDomain}/oauth2/token`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: new URLSearchParams({\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n client_id: clientId,\n }).toString(),\n });\n\n if (!response.ok) {\n const status = response.status;\n const body = await response.text();\n\n if (status === 400 \|\| status === 401) {\n try {\n const parsed = JSON.parse(body) as { error?: string };\n if (parsed.error === 'invalid_grant') throw new SessionExpiredError();\n } catch (err) {\n if (err instanceof SessionExpiredError) throw err;\n // Non-JSON body — fall through to generic error.\n }\n }\n\n throw new Error(`Token refresh failed (${status}): ${body}`);\n }\n\n return asTokenResponse(await response.json());\n}\n\nexport function startCallbackServer(\n port: number,\n expectedState: string,\n timeoutMs: number = 120_000,\n): Promise<{ code: string }> {\n return new Promise((resolve, reject) => {\n let handled = false;\n const server = http.createServer((req, res) => {\n const url = new URL(req.url \|\| '/', `http://127.0.0.1:${port}`);\n if (url.pathname !== '/callback') {\n res.writeHead(404);\n res.end();\n return;\n }\n\n if (handled) {\n res.writeHead(409);\n res.end();\n return;\n }\n\n const code = url.searchParams.get('code');\n const state = url.searchParams.get('state');\n const error = url.searchParams.get('error');\n const errorDescription = url.searchParams.get('error_description');\n\n if (error) {\n handled = true;\n res.writeHead(400, { 'Content-Type': 'text/html' });\n res.end(errorPage(errorDescription \|\| error));\n cleanup();\n reject(new Error(`OAuth error: ${errorDescription \|\| error}`));\n return;\n }\n\n if (state !== expectedState) {\n handled = true;\n res.writeHead(400, { 'Content-Type': 'text/html' });\n res.end(errorPage('Invalid state parameter'));\n cleanup();\n reject(new Error('OAuth state mismatch — possible CSRF attempt'));\n return;\n }\n\n if (!code) {\n handled = true;\n res.writeHead(400, { 'Content-Type': 'text/html' });\n res.end(errorPage('No authorization code received'));\n cleanup();\n reject(new Error('No authorization code received'));\n return;\n }\n\n handled = true;\n res.writeHead(200, { 'Content-Type': 'text/html' });\n res.end(successPage());\n cleanup();\n resolve({ code });\n });\n\n const timeout = setTimeout(() => {\n cleanup();\n reject(new Error('Timed out waiting for login. Run `rekor login` again.'));\n }, timeoutMs);\n\n function cleanup(): void {\n clearTimeout(timeout);\n server.close();\n }\n\n server.on('error', (err: NodeJS.ErrnoException) => {\n cleanup();\n if (err.code === 'EADDRINUSE') {\n reject(new Error(`Port ${port} is in use. Close the other process and retry.`));\n } else {\n reject(err);\n }\n });\n\n server.listen(port, '127.0.0.1');\n });\n}\n\nfunction successPage(): string {\n return `<!DOCTYPE html>\n<html><head><title>Rekor CLI</title></head>\n<body style=\"font-family: system-ui, sans-serif; display: flex; align-items: center; justify-content: center; min-height: 100vh; margin: 0; background: #fafafa;\">\n <div style=\"text-align: center;\">\n <h1 style=\"font-size: 1.25rem; font-weight: 600;\">Authentication successful</h1>\n <p style=\"color: #666; margin-top: 0.5rem;\">You can close this tab and return to your terminal.</p>\n </div>\n</body></html>`;\n}\n\n// `message` comes from OAuth redirect params — encode so a compromised IdP can't inject HTML into the localhost page.\nfunction escapeHtml(input: string): string {\n return input\n .replace(/&/g, '&')\n .replace(/</g, '<')\n .replace(/>/g, '>')\n .replace(/\"/g, '"')\n .replace(/'/g, ''');\n}\n\nfunction errorPage(message: string): string {\n return `<!DOCTYPE html>\n<html><head><title>Rekor CLI</title></head>\n<body style=\"font-family: system-ui, sans-serif; display: flex; align-items: center; justify-content: center; min-height: 100vh; margin: 0; background: #fafafa;\">\n <div style=\"text-align: center;\">\n <h1 style=\"font-size: 1.25rem; font-weight: 600; color: #dc2626;\">Authentication failed</h1>\n <p style=\"color: #666; margin-top: 0.5rem;\">${escapeHtml(message)}</p>\n </div>\n</body></html>`;\n}\n","import { loadConfig, saveConfig } from './config.js';\nimport { getResolvedToken, setRecToken, setOAuthTokens, clearAllTokens, type ResolvedToken } from './token-store.js';\nimport { refreshAccessToken, expiresInToIso, getAuthKitDomain, getAuthKitClientId, SessionExpiredError } from './oauth.js';\n\n/** Persist a pasted rec_ token (CI / headless path). /\nexport async function login(token: string, apiUrl?: string): Promise<void> {\n await setRecToken(token);\n const config = loadConfig();\n saveConfig({\n ...config,\n api_url: apiUrl ?? config.api_url,\n });\n}\n\nconst REFRESH_LEEWAY_MS = 60_000;\n\n// Returns a valid access token; silently refreshes OAuth tokens within 60s of expiry.\nexport async function getAccessToken(): Promise<string \| null> {\n const resolved = await getResolvedToken();\n if (!resolved) return null;\n\n if (resolved.kind === 'rec') return resolved.token;\n\n // OAuth path — refresh if near expiry. Missing/unparseable expires_at: assume valid, let the API surface a real 401.\n const expiresAtMs = resolved.expires_at ? new Date(resolved.expires_at).getTime() : Number.NaN;\n if (!Number.isFinite(expiresAtMs) \|\| expiresAtMs > Date.now() + REFRESH_LEEWAY_MS) {\n return resolved.access_token;\n }\n if (!resolved.refresh_token) {\n throw new Error('Access token expired and no refresh token available. Run `rekor login` again.');\n }\n\n try {\n const result = await refreshAccessToken(getAuthKitDomain(), getAuthKitClientId(), resolved.refresh_token);\n const newExpiresAt = expiresInToIso(result.expires_in);\n await setOAuthTokens(result.access_token, result.refresh_token ?? resolved.refresh_token, newExpiresAt);\n return result.access_token;\n } catch (err) {\n if (err instanceof SessionExpiredError) {\n await clearAllTokens();\n throw new Error('Session expired. Run `rekor login` again.');\n }\n throw err;\n }\n}\n\n/* Auth kind for the current credential, without resolving the token itself. Used by logout to decide if it should call the revoke endpoint. /\nexport async function currentAuthKind(): Promise<ResolvedToken['kind'] \| null> {\n const resolved = await getResolvedToken();\n return resolved?.kind ?? null;\n}\n\nexport async function isAuthenticated(): Promise<boolean> {\n return (await getResolvedToken()) !== null;\n}\n","import as crypto from 'node:crypto';\n\nexport function generateCodeVerifier(): string {\n return crypto.randomBytes(32).toString('base64url');\n}\n\nexport function generateCodeChallenge(verifier: string): string {\n return crypto.createHash('sha256').update(verifier).digest().toString('base64url');\n}\n\nexport function generateState(): string {\n return crypto.randomBytes(16).toString('base64url');\n}\n","import { Command } from 'commander';\nimport { clearAllTokens } from '../token-store.js';\nimport { currentAuthKind } from '../auth.js';\nimport { ApiClient } from '../client.js';\n\nexport const logoutCommand = new Command('logout')\n .description('Remove stored authentication credentials')\n .action(async () => {\n const kind = await currentAuthKind();\n\n // For OAuth sessions, ask the backend to revoke the WorkOS session so cross-device\n // logout works. Best-effort — errors don't block local credential cleanup.\n if (kind === 'oauth') {\n try {\n const client = new ApiClient();\n await client.request('POST', '/v1/auth/logout');\n } catch (err) {\n console.warn(`rekor: server-side logout failed (${err instanceof Error ? err.message : 'unknown'}); clearing local credentials anyway.`);\n }\n }\n\n await clearAllTokens();\n console.log('Logged out successfully');\n });\n","import { loadConfig } from './config.js';\nimport { getAccessToken } from './auth.js';\n\nexport class ApiClient {\n readonly baseUrl: string;\n private _tokenPromise: Promise<string \| null> \| undefined;\n\n constructor() {\n const config = loadConfig();\n this.baseUrl = config.api_url;\n }\n\n private getToken(): Promise<string \| null> {\n if (!this._tokenPromise) this._tokenPromise = getAccessToken();\n return this._tokenPromise;\n }\n\n private async authHeaders(): Promise<Record<string, string>> {\n const token = await this.getToken();\n return token ? { 'Authorization': `Bearer ${token}` } : {};\n }\n\n async request<T = unknown>(method: string, path: string, body?: unknown): Promise<T> {\n const res = await fetch(`${this.baseUrl}${path}`, {\n method,\n headers: {\n ...(await this.authHeaders()),\n 'Content-Type': 'application/json',\n },\n body: body ? JSON.stringify(body) : undefined,\n });\n\n const json = await res.json() as { data?: T; error?: { message: string } };\n if (!res.ok) {\n throw new Error(json.error?.message ?? `HTTP ${res.status}`);\n }\n return json.data as T;\n }\n\n async uploadFile(url: string, body: BodyInit, contentType: string): Promise<void> {\n const res = await fetch(url, {\n method: 'PUT',\n headers: {\n ...(await this.authHeaders()),\n 'Content-Type': contentType,\n },\n body,\n });\n if (!res.ok) {\n throw new Error(`Upload failed: HTTP ${res.status}`);\n }\n }\n}\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getFormat } from '../helpers.js';\n\nexport const databasesCommand = new Command('databases')\n .description('Manage databases');\n\ndatabasesCommand.command('list')\n .description('List all databases')\n .option('--tag <tag>', 'Filter by tag')\n .action(async function (this: Command, opts: { tag?: string }) {\n const client = new ApiClient();\n const qs = opts.tag ? `?tag=${encodeURIComponent(opts.tag)}` : '';\n const data = await client.request('GET', `/v1/databases${qs}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('get <id>')\n .description('Get a database')\n .action(async function (this: Command, id: string) {\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/databases/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('create <id>')\n .description('Create a database')\n .requiredOption('--name <name>', 'Database name')\n .option('--description <desc>', 'Description')\n .option('--tags <tags>', 'Comma-separated tags (e.g., client:acme,billing)')\n .action(async function (this: Command, id: string, opts: { name: string; description?: string; tags?: string }) {\n const client = new ApiClient();\n const body: Record<string, unknown> = {\n name: opts.name,\n description: opts.description,\n };\n if (opts.tags) {\n body['tags'] = opts.tags.split(',').map(t => t.trim());\n }\n const data = await client.request('PUT', `/v1/databases/${id}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('tag <id>')\n .description('Set tags on a database')\n .requiredOption('--tags <tags>', 'Comma-separated tags (e.g., client:acme,billing)')\n .action(async function (this: Command, id: string, opts: { tags: string }) {\n const client = new ApiClient();\n const data = await client.request('PUT', `/v1/databases/${id}`, {\n tags: opts.tags.split(',').map(t => t.trim()),\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('delete <id>')\n .description('Delete a database')\n .action(async (_id: string) => {\n const client = new ApiClient();\n await client.request('DELETE', `/v1/databases/${_id}`);\n console.log('Deleted');\n });\n\n// --- Environment commands ---\n\ndatabasesCommand.command('create-preview <production-id>')\n .description('Create a preview database linked to a production database')\n .requiredOption('--name <name>', 'Preview database name')\n .option('--description <desc>', 'Description')\n .action(async function (this: Command, productionId: string, opts: { name: string; description?: string }) {\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${productionId}/preview`, {\n name: opts.name,\n description: opts.description,\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('list-previews <production-id>')\n .description('List preview databases for a production database')\n .action(async function (this: Command, productionId: string) {\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${productionId}/previews`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('promote <production-id>')\n .description('Promote config from a preview database to production (human-only)')\n .requiredOption('--from <preview-id>', 'Source preview database ID')\n .option('--dry-run', 'Show what would change without applying')\n .option('--collections <ids>', 'Comma-separated collection IDs to promote', (v: string) => v.split(','))\n .option('--triggers <ids>', 'Comma-separated trigger IDs to promote', (v: string) => v.split(','))\n .option('--hooks <ids>', 'Comma-separated hook IDs to promote', (v: string) => v.split(','))\n .action(async function (\n this: Command,\n productionId: string,\n opts: { from: string; dryRun?: boolean; collections?: string[]; triggers?: string[]; hooks?: string[] },\n ) {\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${productionId}/promote`, {\n source_database_id: opts.from,\n dry_run: opts.dryRun ?? false,\n collections: opts.collections,\n triggers: opts.triggers,\n hooks: opts.hooks,\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('rollback <production-id>')\n .description('Rollback a promotion (human-only)')\n .requiredOption('--promotion <promotion-id>', 'Promotion ID to rollback')\n .action(async function (this: Command, productionId: string, opts: { promotion: string }) {\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${productionId}/promote/rollback`, {\n promotion_id: opts.promotion,\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('promotions <production-id>')\n .description('List promotion history for a production database')\n .action(async function (this: Command, productionId: string) {\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${productionId}/promotions`);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import chalk from 'chalk';\nimport Table from 'cli-table3';\n\nexport type OutputFormat = 'json' \| 'table';\n\nexport function formatOutput(data: unknown, format: OutputFormat): string {\n if (format === 'json') {\n return JSON.stringify(data, null, 2);\n }\n\n if (Array.isArray(data)) {\n return formatTable(data as Record<string, unknown>[]);\n }\n\n if (typeof data === 'object' && data !== null) {\n return formatKeyValue(data as Record<string, unknown>);\n }\n\n return String(data);\n}\n\nfunction formatTable(rows: Record<string, unknown>[]): string {\n if (rows.length === 0) return chalk.dim('No results');\n\n const keys = Object.keys(rows[0]!);\n const table = new Table({ head: keys.map(k => chalk.bold(k)) });\n\n for (const row of rows) {\n table.push(keys.map(k => {\n const val = row[k];\n if (val === null \|\| val === undefined) return '';\n if (typeof val === 'object') return JSON.stringify(val);\n return String(val);\n }));\n }\n\n return table.toString();\n}\n\nfunction formatKeyValue(obj: Record<string, unknown>): string {\n const table = new Table();\n for (const [key, value] of Object.entries(obj)) {\n const displayValue = typeof value === 'object' ? JSON.stringify(value) : String(value ?? '');\n table.push({ [chalk.bold(key)]: displayValue });\n }\n return table.toString();\n}\n","import { readFileSync } from 'fs';\nimport { Command } from 'commander';\nimport { type OutputFormat } from './output.js';\n\nexport function parseData(data: string): Record<string, unknown> {\n if (data.startsWith('@')) {\n const content = readFileSync(data.slice(1), 'utf-8');\n return JSON.parse(content) as Record<string, unknown>;\n }\n return JSON.parse(data) as Record<string, unknown>;\n}\n\nexport function getDatabase(cmd: Command): string {\n // Walk up the command chain to find --database on the root program\n let current: Command \| null = cmd;\n while (current) {\n const ws = current.opts().database as string \| undefined;\n if (ws) return ws;\n current = current.parent;\n }\n console.error('Error: --database is required');\n return process.exit(1);\n}\n\nexport function getFormat(cmd: Command): OutputFormat {\n return (cmd.parent?.parent?.opts().output ?? cmd.parent?.opts().output ?? 'table') as OutputFormat;\n}\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\n\nexport const collectionsCommand = new Command('collections')\n .description('Manage collections');\n\ncollectionsCommand.command('list')\n .description('List all collections in a database')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/collections`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ncollectionsCommand.command('get <id>')\n .description('Get a collection')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/collections/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ncollectionsCommand.command('upsert <id>')\n .description('Create or update a collection')\n .requiredOption('--name <name>', 'Collection name')\n .option('--description <desc>', 'Description')\n .option('--schema <json>', 'JSON Schema (inline JSON or @filename)')\n .option('--icon <icon>', 'Icon name')\n .option('--color <color>', 'Hex color')\n .option('--sources <json>', 'External sources config (inline JSON or @filename)')\n .action(async function (this: Command, id: string, opts: { name: string; description?: string; schema?: string; icon?: string; color?: string; sources?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const body: Record<string, unknown> = { name: opts.name };\n if (opts.description) body['description'] = opts.description;\n if (opts.schema) body['json_schema'] = parseData(opts.schema);\n if (opts.icon) body['icon'] = opts.icon;\n if (opts.color) body['color'] = opts.color;\n if (opts.sources) body['sources'] = parseData(opts.sources);\n const data = await client.request('PUT', `/v1/${ws}/collections/${id}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ncollectionsCommand.command('delete <id>')\n .description('Delete a collection')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/collections/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\n\nexport const documentsCommand = new Command('documents')\n .description('Manage documents');\n\ndocumentsCommand.command('upsert <collection>')\n .description('Create or update a document')\n .requiredOption('--data <json>', 'Record data (inline JSON or @filename)')\n .option('--id <id>', 'Internal document ID (UUID) to update a known document')\n .option('--external-id <id>', 'External/agent-supplied ID for idempotent upsert')\n .option('--external-source <source>', 'Source system for external_id (e.g. stripe)')\n .action(async function (this: Command, collection: string, opts: { data: string; id?: string; externalId?: string; externalSource?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const body: Record<string, unknown> = { data: parseData(opts.data) };\n if (opts.externalId) body['external_id'] = opts.externalId;\n if (opts.externalSource) body['external_source'] = opts.externalSource;\n const path = opts.id\n ? `/v1/${ws}/documents/${collection}/${opts.id}`\n : `/v1/${ws}/documents/${collection}`;\n const data = await client.request('PUT', path, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndocumentsCommand.command('get <collection> <id>')\n .description('Get a document by ID')\n .action(async function (this: Command, collection: string, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/documents/${collection}/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndocumentsCommand.command('delete <collection> <id>')\n .description('Delete a document')\n .action(async function (this: Command, collection: string, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/documents/${collection}/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { readFileSync } from 'fs';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\n\nexport const sqlCommand = new Command('sql')\n .description('Execute a read-only SQL query against database data')\n .argument('[query]', 'SQL query (SELECT only)')\n .option('--file <path>', 'Read SQL from a file instead of argument')\n .option('--param <kv...>', 'Named parameters as key=value pairs (e.g., --param status=issued)')\n .action(async function (this: Command, queryArg: string \| undefined, opts: { file?: string; param?: string[] }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n\n let query: string;\n if (opts.file) {\n query = readFileSync(opts.file, 'utf-8').trim();\n } else if (queryArg) {\n query = queryArg;\n } else {\n console.error('Error: provide a SQL query as argument or via --file');\n process.exit(1);\n }\n\n const params: Record<string, unknown> = {};\n if (opts.param) {\n for (const kv of opts.param) {\n const eqIdx = kv.indexOf('=');\n if (eqIdx === -1) {\n console.error(`Error: invalid param format \"${kv}\", expected key=value`);\n process.exit(1);\n }\n params[kv.slice(0, eqIdx)] = kv.slice(eqIdx + 1);\n }\n }\n\n const body: Record<string, unknown> = { query };\n if (Object.keys(params).length > 0) body.params = params;\n\n const data = await client.request('POST', `/v1/${ws}/sql`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\n\nexport const relationshipsCommand = new Command('relationships')\n .description('Manage relationships between documents');\n\nrelationshipsCommand.command('upsert')\n .description('Create or update a relationship')\n .requiredOption('--source <collection/id>', 'Source document (collection/id)')\n .requiredOption('--target <collection/id>', 'Target document (collection/id)')\n .requiredOption('--type <type>', 'Relationship type')\n .option('--id <id>', 'Relationship ID')\n .option('--data <json>', 'Relationship metadata (inline JSON or @filename)')\n .action(async function (this: Command, opts: { source: string; target: string; type: string; id?: string; data?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const [sourceCollection, sourceId] = opts.source.split('/');\n const [targetCollection, targetId] = opts.target.split('/');\n const body: Record<string, unknown> = {\n rel_type: opts.type,\n source_collection: sourceCollection,\n source_id: sourceId,\n target_collection: targetCollection,\n target_id: targetId,\n };\n if (opts.id) body['id'] = opts.id;\n if (opts.data) body['data'] = parseData(opts.data);\n const path = opts.id ? `/v1/${ws}/relationships/${opts.id}` : `/v1/${ws}/relationships`;\n const data = await client.request('PUT', path, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nrelationshipsCommand.command('get <id>')\n .description('Get a relationship by ID')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/relationships/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nrelationshipsCommand.command('delete <id>')\n .description('Delete a relationship')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/relationships/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\n\nexport const queryRelationshipsCommand = new Command('query-relationships')\n .description('Query related documents')\n .argument('<collection>', 'Collection of the source document')\n .argument('<id>', 'Source document ID')\n .option('--type <type>', 'Filter by relationship type')\n .option('--direction <dir>', 'Direction: outgoing, incoming, or both', 'both')\n .option('--limit <n>', 'Max results', '50')\n .option('--offset <n>', 'Skip results', '0')\n .action(async function (this: Command, collection: string, id: string, opts: { type?: string; direction: string; limit: string; offset: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const params = new URLSearchParams();\n if (opts.type) params.set('rel_type', opts.type);\n // Map user-friendly direction names to backend API terms\n const directionMap: Record<string, string> = { outgoing: 'source', incoming: 'target', both: 'both' };\n params.set('direction', directionMap[opts.direction] ?? opts.direction);\n params.set('limit', opts.limit);\n params.set('offset', opts.offset);\n const data = await client.request('GET', `/v1/${ws}/documents/${collection}/${id}/related?${params.toString()}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { readFileSync } from 'node:fs';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\n\nexport const attachmentsCommand = new Command('attachments')\n .description('Manage document attachments');\n\nattachmentsCommand.command('upload <collection> <id>')\n .description('Get a presigned upload URL for a document attachment. With --file, uploads the file content in one step.')\n .requiredOption('--filename <name>', 'File name or path (e.g. docs/guide.md)')\n .option('--content-type <type>', 'MIME type', 'application/octet-stream')\n .option('--file <path>', 'Local file to upload (skips presigned URL output, uploads directly)')\n .action(async function (this: Command, collection: string, id: string, opts: { filename: string; contentType: string; file?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${ws}/documents/${collection}/${id}/attachments`, {\n filename: opts.filename,\n content_type: opts.contentType,\n }) as { upload_url: string; [key: string]: unknown };\n\n if (opts.file) {\n const body = readFileSync(opts.file);\n const uploadUrl = data.upload_url.startsWith('http') ? data.upload_url : `${client.baseUrl}${data.upload_url}`;\n await client.uploadFile(uploadUrl, body, opts.contentType);\n console.log(formatOutput({ ...data, uploaded: true }, getFormat(this)));\n } else {\n console.log(formatOutput(data, getFormat(this)));\n }\n });\n\nattachmentsCommand.command('url <collection> <id>')\n .description('Get a download URL for an attachment by filename')\n .requiredOption('--filename <name>', 'File name or path (e.g. docs/guide.md)')\n .action(async function (this: Command, collection: string, id: string, opts: { filename: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const attachments = await client.request<Array<{ key: string; size: number; uploaded: string }>>('GET', `/v1/${ws}/documents/${collection}/${id}/attachments`);\n const match = attachments.find(a => a.key.endsWith(`/${opts.filename}`));\n if (!match) {\n throw new Error(`Attachment \"${opts.filename}\" not found`);\n }\n const downloadUrl = `${client.baseUrl}/v1/${ws}/attachments/${match.key}`;\n console.log(formatOutput({ download_url: downloadUrl, ...match }, getFormat(this)));\n });\n\nattachmentsCommand.command('list <collection> <id>')\n .description('List attachments for a document')\n .option('--prefix <path>', 'Filter by path prefix (e.g. docs/)')\n .action(async function (this: Command, collection: string, id: string, opts: { prefix?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const query = opts.prefix ? `?prefix=${encodeURIComponent(opts.prefix)}` : '';\n const data = await client.request('GET', `/v1/${ws}/documents/${collection}/${id}/attachments${query}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nattachmentsCommand.command('delete <collection> <id> <attachment-id>')\n .description('Delete an attachment')\n .action(async function (this: Command, collection: string, id: string, attachmentId: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/documents/${collection}/${id}/attachments/${attachmentId}`);\n console.log('Deleted');\n });\n","import { randomUUID } from 'crypto';\nimport { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\n\nexport const hooksCommand = new Command('hooks')\n .description('Manage inbound webhook endpoints');\n\nhooksCommand.command('create')\n .description('Create a new inbound hook')\n .requiredOption('--name <name>', 'Hook name')\n .requiredOption('--secret <secret>', 'HMAC shared secret')\n .option('--id <id>', 'Hook ID (auto-generated if omitted)')\n .option('--collection-scope <collections>', 'Comma-separated collection scope')\n .action(async function (this: Command, opts: { name: string; secret: string; id?: string; collectionScope?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const hookId = opts.id ?? randomUUID();\n const body: Record<string, unknown> = {\n name: opts.name,\n secret: opts.secret,\n enabled: true,\n };\n if (opts.collectionScope) {\n body['collection_scope'] = opts.collectionScope.split(',');\n }\n const data = await client.request('PUT', `/v1/${ws}/hooks/${hookId}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nhooksCommand.command('get <id>')\n .description('Get a hook')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/hooks/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nhooksCommand.command('list')\n .description('List all hooks')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/hooks`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nhooksCommand.command('delete <id>')\n .description('Delete a hook')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/hooks/${id}`);\n console.log('Deleted');\n });\n","import { randomUUID } from 'crypto';\nimport { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\n\nexport const triggersCommand = new Command('triggers')\n .description('Manage outbound triggers');\n\ntriggersCommand.command('create')\n .description('Create an outbound trigger')\n .requiredOption('--name <name>', 'Trigger name')\n .requiredOption('--url <url>', 'Target URL')\n .requiredOption('--secret <secret>', 'HMAC signing secret')\n .requiredOption('--events <events>', 'Comma-separated event types')\n .option('--id <id>', 'Trigger ID (auto-generated if omitted)')\n .option('--collection-scope <collections>', 'Comma-separated collection scope')\n .option('--filter <json>', 'Filter expression (JSON)')\n .action(async function (this: Command, opts: { name: string; url: string; secret: string; events: string; id?: string; collectionScope?: string; filter?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const triggerId = opts.id ?? randomUUID();\n const body: Record<string, unknown> = {\n name: opts.name,\n url: opts.url,\n secret: opts.secret,\n events: opts.events.split(','),\n enabled: true,\n };\n if (opts.collectionScope) {\n body['collection_scope'] = opts.collectionScope.split(',');\n }\n if (opts.filter) {\n body['filter'] = JSON.parse(opts.filter);\n }\n const data = await client.request('PUT', `/v1/${ws}/triggers/${triggerId}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntriggersCommand.command('get <id>')\n .description('Get a trigger')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/triggers/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntriggersCommand.command('list')\n .description('List all triggers')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/triggers`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntriggersCommand.command('delete <id>')\n .description('Delete a trigger')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/triggers/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\n\nexport const endpointsCommand = new Command('endpoints')\n .description('Manage MCP Factory endpoints');\n\nendpointsCommand.command('upsert <slug>')\n .description('Create or update an MCP endpoint')\n .option('--name <name>', 'Endpoint display name (required unless using --config)')\n .option('--description <desc>', 'Endpoint description')\n .option('--tool <spec>', 'Collection tool spec: collection:op1,op2 (repeatable)', collect, [])\n .option('--relationship <spec>', 'Relationship tool spec: rel_type:op1,op2 (repeatable)', collect, [])\n .option('--batch <spec>', 'Batch operation spec: collection_or_rel:op1,op2 (repeatable)', collect, [])\n .option('--sql-query', 'Enable sql_query tool')\n .option('--config <json>', 'Full endpoint config as JSON (supports name_override, description_override per tool). Use @file.json to read from file.')\n .action(async function (this: Command, slug: string, opts: {\n name?: string;\n description?: string;\n tool: string[];\n relationship: string[];\n batch: string[];\n sqlQuery?: boolean;\n config?: string;\n }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n\n let body: Record<string, unknown>;\n\n if (opts.config) {\n // Full JSON config — supports name_override, description_override per tool\n body = JSON.parse(opts.config);\n } else {\n if (!opts.name) {\n throw new Error('--name is required (or use --config for full JSON config)');\n }\n body = {\n name: opts.name,\n tools: opts.tool.map(parseToolSpec),\n };\n\n if (opts.description) body.description = opts.description;\n\n if (opts.relationship.length > 0) {\n body.relationships = opts.relationship.map(parseRelSpec);\n }\n\n if (opts.batch.length > 0) {\n const operations: Record<string, string[]> = {};\n for (const spec of opts.batch) {\n const parsed = parseSpec(spec);\n operations[parsed.key] = parsed.ops;\n }\n body.batch = { enabled: true, operations };\n }\n\n if (opts.sqlQuery) body.sql_query = true;\n }\n\n const data = await client.request('PUT', `/v1/${ws}/endpoints/${slug}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nendpointsCommand.command('get <slug>')\n .description('Get an endpoint')\n .option('--resolved', 'Include resolved collection schemas')\n .action(async function (this: Command, slug: string, opts: { resolved?: boolean }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const path = opts.resolved\n ? `/v1/${ws}/endpoints/${slug}/resolved`\n : `/v1/${ws}/endpoints/${slug}`;\n const data = await client.request('GET', path);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nendpointsCommand.command('list')\n .description('List all endpoints')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/endpoints`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nendpointsCommand.command('delete <slug>')\n .description('Delete an endpoint')\n .action(async function (this: Command, slug: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/endpoints/${slug}`);\n console.log('Deleted');\n });\n\nendpointsCommand.command('url <slug>')\n .description('Get the MCP connection URL for an endpoint')\n .option('--transport <type>', 'Transport: mcp or sse', 'mcp')\n .action((_slug: string, opts: { transport: string }) => {\n const transport = opts.transport === 'sse' ? 'sse' : 'mcp';\n console.log(`https://mcp.rekor.pro/e/${_slug}/${transport}`);\n });\n\n// ---- Helpers ----\n\nfunction collect(value: string, previous: string[]): string[] {\n return [...previous, value];\n}\n\nfunction parseSpec(spec: string): { key: string; ops: string[] } {\n const [key, opsStr] = spec.split(':');\n if (!key \|\| !opsStr) {\n throw new Error(`Invalid spec '${spec}'. Expected format: name:op1,op2`);\n }\n return { key, ops: opsStr.split(',') };\n}\n\nfunction parseToolSpec(spec: string): Record<string, unknown> {\n const { key, ops } = parseSpec(spec);\n return { collection: key, operations: ops };\n}\n\nfunction parseRelSpec(spec: string): Record<string, unknown> {\n const { key, ops } = parseSpec(spec);\n return { rel_type: key, operations: ops };\n}\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\n\nexport const batchCommand = new Command('batch')\n .description('Execute atomic batch operations (up to 1,000 operations)')\n .requiredOption('--operations <json>', 'Operations array (inline JSON or @filename)')\n .action(async function (this: Command, opts: { operations: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const operations = parseData(opts.operations);\n const data = await client.request('POST', `/v1/${ws}/batch`, {\n operations: Array.isArray(operations) ? operations : [operations],\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\nconst VALID_PROVIDERS = 'openai, anthropic, google, mcp';\n\nexport const providersCommand = new Command('providers')\n .description('Import/export tool definitions between LLM providers and Record collections');\n\nprovidersCommand.command('import <provider>')\n .description(`Import tool definitions as collections. Providers: ${VALID_PROVIDERS}`)\n .requiredOption('--tools <json>', 'Tool definitions (inline JSON or @filename)')\n .action(async function (this: Command, provider: string, opts: { tools: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const tools = parseData(opts.tools);\n const data = await client.request('POST', `/v1/${ws}/providers/${provider}/import`, {\n tools: Array.isArray(tools) ? tools : [tools],\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\nprovidersCommand.command('export <provider>')\n .description(`Export collections as tool definitions. Providers: ${VALID_PROVIDERS}`)\n .option('--collections <ids>', 'Comma-separated collection IDs (omit for all)')\n .option('--output <file>', 'Write output to file')\n .action(async function (this: Command, provider: string, opts: { collections?: string; output?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const query = opts.collections ? `?collections=${opts.collections}` : '';\n const data = await client.request('GET', `/v1/${ws}/providers/${provider}/export${query}`);\n\n if (opts.output) {\n const { writeFileSync } = await import('fs');\n writeFileSync(opts.output, JSON.stringify(data, null, 2));\n console.log(`Written to ${opts.output}`);\n } else {\n console.log(formatOutput(data, getFormat(this)));\n }\n });\n\nprovidersCommand.command('import-call <provider> <collection>')\n .description(`Create a document from a tool call in provider format. Providers: ${VALID_PROVIDERS}`)\n .requiredOption('--data <json>', 'Tool call data in provider format (inline JSON or @filename)')\n .option('--external-id <id>', 'External ID for idempotent upsert')\n .option('--external-source <source>', 'External source identifier')\n .action(async function (this: Command, provider: string, collection: string, opts: { data: string; externalId?: string; externalSource?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const callData = parseData(opts.data);\n const queryParts: string[] = [];\n if (opts.externalId) queryParts.push(`external_id=${encodeURIComponent(opts.externalId)}`);\n if (opts.externalSource) queryParts.push(`external_source=${encodeURIComponent(opts.externalSource)}`);\n const qs = queryParts.length ? `?${queryParts.join('&')}` : '';\n const data = await client.request('POST', `/v1/${ws}/providers/${provider}/documents/${collection}${qs}`, callData);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getFormat } from '../helpers.js';\n\nexport const tokensCommand = new Command('tokens')\n .description('Manage API tokens');\n\ntokensCommand.command('create')\n .description('Create a scoped API token')\n .requiredOption('--name <name>', 'Token name')\n .requiredOption('--grants <json>', 'Grant definitions as JSON array')\n .option('--expires-at <date>', 'Expiration date (ISO 8601, e.g., 2026-06-01T00:00:00Z)')\n .action(async function (this: Command, opts: { name: string; grants: string; expiresAt?: string }) {\n const client = new ApiClient();\n let grants: unknown;\n try {\n grants = JSON.parse(opts.grants);\n } catch {\n throw new Error('--grants must be valid JSON');\n }\n const body: Record<string, unknown> = { name: opts.name, grants };\n if (opts.expiresAt) body.expires_at = opts.expiresAt;\n const data = await client.request('POST', '/v1/tokens', body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntokensCommand.command('list')\n .description('List API tokens')\n .action(async function (this: Command) {\n const client = new ApiClient();\n const data = await client.request('GET', '/v1/tokens');\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntokensCommand.command('revoke <token_id>')\n .description('Revoke an API token')\n .action(async function (this: Command, tokenId: string) {\n const client = new ApiClient();\n await client.request('DELETE', `/v1/tokens/${tokenId}`);\n console.log('Token revoked');\n });\n","{\n \"name\": \"rekor-cli\",\n \"version\": \"0.1.22\",\n \"type\": \"module\",\n \"engines\": {\n \"node\": \">=20.0.0\"\n },\n \"bin\": {\n \"rekor\": \"dist/index.js\"\n },\n \"files\": [\n \"dist\"\n ],\n \"scripts\": {\n \"build\": \"tsup\",\n \"typecheck\": \"tsc --noEmit\",\n \"test\": \"vitest run\",\n \"dev\": \"tsup --watch\"\n },\n \"dependencies\": {\n \"@napi-rs/keyring\": \"^1.1.6\",\n \"chalk\": \"^5.4.1\",\n \"cli-table3\": \"^0.6.5\",\n \"commander\": \"^13.1.0\",\n \"open\": \"^11.0.0\"\n },\n \"devDependencies\": {\n \"@types/node\": \"^25.5.0\",\n \"tsup\": \"^8.4.0\",\n \"typescript\": \"^5.8.2\",\n \"vitest\": \"~3.0.9\"\n }\n}\n","import { program } from './program.js';\n\nprogram.parse();\n"],"mappings":";;;AAAA,SAAS,WAAAA,iBAAe;;;ACAxB,SAAS,eAAe;;;ACAxB,SAAS,cAAc,eAAe,iBAAiB;AACvD,SAAS,YAAY;AACrB,SAAS,eAAe;AAExB,IAAM,aAAa,KAAK,QAAQ,GAAG,WAAW,OAAO;AACrD,IAAM,cAAc,KAAK,YAAY,aAAa;AAc3C,SAAS,aAAqB;AACnC,QAAM,SAAS,QAAQ,IAAI,eAAe;AAE1C,MAAI;AACF,UAAM,MAAM,aAAa,aAAa,OAAO;AAC7C,UAAM,SAAS,KAAK,MAAM,GAAG;AAC7B,WAAO;AAAA,MACL,SAAS,UAAU,OAAO,WAAW;AAAA,MACrC,kBAAkB,OAAO;AAAA,MACzB,QAAQ,OAAO;AAAA,IACjB;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,MACL,SAAS,UAAU;AAAA,IACrB;AAAA,EACF;AACF;AAEO,SAAS,WAAW,QAAsB;AAC/C,YAAU,YAAY,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AACtD,MAAI,WAAuB,CAAC;AAC5B,MAAI;AACF,eAAW,KAAK,MAAM,aAAa,aAAa,OAAO,CAAC;AAAA,EAC1D,QAAQ;AACN,eAAW,CAAC;AAAA,EACd;AACA,QAAM,SAAqB,EAAE,GAAG,UAAU,GAAG,OAAO;AACpD,gBAAc,aAAa,KAAK,UAAU,QAAQ,MAAM,CAAC,GAAG,EAAE,MAAM,IAAM,CAAC;AAC7E;;;AC/CA,YAAY,QAAQ;AAGpB,IAAM,kBAAkB;AACxB,IAAM,UAAU;AAChB,IAAM,mBAAmB;AACzB,IAAM,oBAAoB;AAQ1B,IAAI;AAEJ,eAAe,aAA6C;AAC1D,MAAI,iBAAiB,OAAW,QAAO;AACvC,MAAI;AACF,UAAM,MAAM,MAAM,OAAO,kBAAkB;AAC3C,UAAM,QAAQ,IAAI;AAClB,mBAAe;AAAA,MACb,MAAM,YAAY,SAAS,SAAS;AAClC,YAAI;AAAE,iBAAO,IAAI,MAAM,SAAS,OAAO,EAAE,YAAY;AAAA,QAAG,QAAQ;AAAE,iBAAO;AAAA,QAAM;AAAA,MACjF;AAAA,MACA,MAAM,YAAY,SAAS,SAAS,UAAU;AAC5C,YAAI,MAAM,SAAS,OAAO,EAAE,YAAY,QAAQ;AAAA,MAClD;AAAA,MACA,MAAM,eAAe,SAAS,SAAS;AACrC,YAAI;AAAE,iBAAO,IAAI,MAAM,SAAS,OAAO,EAAE,eAAe;AAAA,QAAG,QAAQ;AAAE,iBAAO;AAAA,QAAO;AAAA,MACrF;AAAA,IACF;AAAA,EACF,QAAQ;AACN,mBAAe;AAAA,EACjB;AACA,SAAO;AACT;AAEA,SAAS,qBAAqB,SAAyB;AACrD,MAAI,QAAQ,aAAa,UAAU;AACjC,WAAO,uCAAuC,eAAe,OAAO,OAAO;AAAA,EAC7E;AACA,MAAI,QAAQ,aAAa,SAAS;AAChC,WAAO,kBAAkB,eAAe,IAAI,OAAO;AAAA,EACrD;AACA,MAAI,QAAQ,aAAa,SAAS;AAChC,WAAO,6BAA6B,eAAe,YAAY,OAAO;AAAA,EACxE;AACA,SAAO,oBAAoB,eAAe,cAAc,OAAO;AACjE;AAaA,SAAS,iBAA0C;AACjD,MAAI,CAAI,cAAW,WAAW,EAAG,QAAO;AACxC,MAAI;AACF,WAAO,KAAK,MAAS,gBAAa,aAAa,OAAO,CAAC;AAAA,EACzD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,gBAAgB,MAA8B;AACrD,MAAI,CAAI,cAAW,UAAU,GAAG;AAC9B,IAAG,aAAU,YAAY,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AAAA,EAC3D;AACA,EAAG,iBAAc,aAAa,KAAK,UAAU,MAAM,MAAM,CAAC,GAAG,EAAE,MAAM,IAAM,CAAC;AAC9E;AAGO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAC/C,YAA4B,SAAiB;AAC3C;AAAA,MACE,iDAAiD,OAAO;AAAA,IAClB,qBAAqB,OAAO,CAAC;AAAA,IACrE;AAJ0B;AAK1B,SAAK,OAAO;AAAA,EACd;AACF;AAEA,eAAe,UAAU,SAAyB,SAAmC;AACnF,QAAM,QAAQ,eAAe,iBAAiB,OAAO;AACrD,MAAI;AACF,WAAQ,MAAM,QAAQ,YAAY,iBAAiB,OAAO,MAAO;AAAA,EACnE,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAMA,SAAS,2BAAiC;AACxC,QAAM,WAAW,eAAe;AAChC,MAAI,CAAC,SAAU;AACf,MAAI,SAAS,UAAU,UAAa,SAAS,iBAAiB,UAAa,SAAS,kBAAkB,OAAW;AACjH,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,kBAAgB,QAAQ;AAC1B;AAEA,SAAS,wBAA4C;AACnD,SAAO,eAAe,GAAG;AAC3B;AAEA,SAAS,uBAAuB,OAAiC;AAC/D,QAAM,WAAW,eAAe,KAAK,CAAC;AACtC,MAAI,UAAU,QAAW;AACvB,WAAO,SAAS;AAAA,EAClB,OAAO;AACL,aAAS,mBAAmB;AAAA,EAC9B;AACA,kBAAgB,QAAQ;AAC1B;AAEA,eAAe,uBAAuB,SAA+D;AACnG,QAAM,WAAW,eAAe;AAChC,MAAI,CAAC,SAAU,QAAO;AAGtB,MAAI,SAAS,cAAc;AACzB,UAAM,MAAqB;AAAA,MACzB,MAAM;AAAA,MACN,cAAc,SAAS;AAAA,MACvB,eAAe,SAAS;AAAA,MACxB,YAAY,SAAS;AAAA,IACvB;AACA,QAAI,SAAS;AACX,UAAI;AAEF,cAAM,iBAAiB,MAAM,QAAQ,YAAY,iBAAiB,gBAAgB;AAClF,YAAI,CAAC,gBAAgB;AACnB,gBAAM,QAAQ,YAAY,iBAAiB,kBAAkB,SAAS,YAAY;AAClF,cAAI,SAAS,eAAe;AAC1B,kBAAM,QAAQ,YAAY,iBAAiB,mBAAmB,SAAS,aAAa;AAAA,UACtF;AAAA,QACF;AACA,YAAI;AAAE,mCAAyB;AAAA,QAAG,SAAS,KAAK;AAC9C,kBAAQ,KAAK,mDAAmD,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,QAC5G;AAAA,MACF,SAAS,KAAK;AACZ,gBAAQ,KAAK,8CAA+C,IAAc,OAAO,iCAAiC;AAAA,MACpH;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,MAAI,SAAS,OAAO;AAClB,UAAM,QAAQ,SAAS;AACvB,QAAI,CAAC,QAAS,QAAO,EAAE,MAAM,OAAO,MAAM;AAC1C,QAAI;AACF,YAAM,cAAc,MAAM,QAAQ,YAAY,iBAAiB,OAAO;AACtE,UAAI,aAAa;AAEf,YAAI;AAAE,mCAAyB;AAAA,QAAG,SAAS,KAAK;AAC9C,kBAAQ,KAAK,2CAA2C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,QACpG;AACA,eAAO;AAAA,MACT;AACA,YAAM,QAAQ,YAAY,iBAAiB,SAAS,KAAK;AACzD,UAAI;AAAE,iCAAyB;AAAA,MAAG,SAAS,KAAK;AAC9C,gBAAQ,KAAK,4CAA4C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,MACrG;AAAA,IACF,SAAS,KAAK;AACZ,cAAQ,KAAK,qCAAsC,IAAc,OAAO,uCAAuC;AAAA,IACjH;AACA,WAAO,EAAE,MAAM,OAAO,MAAM;AAAA,EAC9B;AAEA,SAAO;AACT;AAGA,eAAsB,mBAAkD;AACtE,QAAM,WAAW,QAAQ,IAAI,aAAa;AAC1C,MAAI,UAAU;AAEZ,WAAO,EAAE,MAAM,OAAO,OAAO,SAAS;AAAA,EACxC;AAEA,QAAM,UAAU,MAAM,WAAW;AACjC,QAAM,WAAW,MAAM,uBAAuB,OAAO;AACrD,MAAI,SAAU,QAAO;AAErB,MAAI,SAAS;AAEX,UAAM,CAAC,KAAK,QAAQ,OAAO,IAAI,MAAM,QAAQ,IAAI;AAAA,MAC/C,QAAQ,YAAY,iBAAiB,OAAO;AAAA,MAC5C,QAAQ,YAAY,iBAAiB,gBAAgB;AAAA,MACrD,QAAQ,YAAY,iBAAiB,iBAAiB;AAAA,IACxD,CAAC;AACD,QAAI,IAAK,QAAO,EAAE,MAAM,OAAO,OAAO,IAAI;AAC1C,QAAI,QAAQ;AACV,YAAM,MAAqB,EAAE,MAAM,SAAS,cAAc,OAAO;AACjE,UAAI,QAAS,KAAI,gBAAgB;AACjC,YAAM,YAAY,sBAAsB;AACxC,UAAI,UAAW,KAAI,aAAa;AAChC,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAaA,eAAsB,YAAY,OAA8B;AAC9D,QAAM,UAAU,MAAM,WAAW;AACjC,MAAI,SAAS;AACX,QAAI;AAEF,YAAM,CAAC,eAAe,cAAc,IAAI,MAAM,QAAQ,IAAI;AAAA,QACxD,UAAU,SAAS,gBAAgB;AAAA,QACnC,UAAU,SAAS,iBAAiB;AAAA,MACtC,CAAC;AACD,YAAM,QAAQ;AAAA,QACZ,gBAAgB,OAAO;AAAA,QACvB,iBAAiB,OAAO;AAAA,MAC1B,EAAE,OAAO,CAAC,MAAmB,MAAM,IAAI;AACvC,UAAI,MAAM,SAAS,GAAG;AACpB,gBAAQ;AAAA,UACN;AAAA,YACE;AAAA,YACA,GAAG,MAAM,IAAI,OAAK,KAAK,qBAAqB,CAAC,CAAC,EAAE;AAAA,UAClD,EAAE,KAAK,IAAI;AAAA,QACb;AAAA,MACF;AACA,YAAM,QAAQ,YAAY,iBAAiB,SAAS,KAAK;AACzD,6BAAuB,MAAS;AAChC,UAAI;AAAE,iCAAyB;AAAA,MAAG,SAAS,KAAK;AAC9C,gBAAQ,KAAK,4CAA4C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,MACrG;AACA;AAAA,IACF,SAAS,KAAK;AACZ,UAAI,eAAe,sBAAuB,OAAM;AAChD,cAAQ,KAAK,iCAAkC,IAAc,OAAO,kCAAkC;AAAA,IACxG;AAAA,EACF;AACA,QAAM,WAAW,eAAe,KAAK,CAAC;AACtC,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,WAAS,QAAQ;AACjB,kBAAgB,QAAQ;AAC1B;AAEA,eAAsB,eACpB,aACA,cACA,WACe;AACf,QAAM,UAAU,MAAM,WAAW;AACjC,MAAI,SAAS;AACX,QAAI;AAEF,UAAI,CAAE,MAAM,UAAU,SAAS,OAAO,GAAI;AACxC,cAAM,IAAI,sBAAsB,OAAO;AAAA,MACzC;AACA,YAAM,QAAQ,YAAY,iBAAiB,kBAAkB,WAAW;AACxE,UAAI,cAAc;AAChB,cAAM,QAAQ,YAAY,iBAAiB,mBAAmB,YAAY;AAAA,MAC5E,OAAO;AAEL,cAAM,UAAU,SAAS,iBAAiB;AAAA,MAC5C;AACA,6BAAuB,SAAS;AAChC,UAAI;AAAE,iCAAyB;AAAA,MAAG,SAAS,KAAK;AAC9C,gBAAQ,KAAK,4CAA4C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,MACrG;AACA;AAAA,IACF,SAAS,KAAK;AAEZ,UAAI,eAAe,sBAAuB,OAAM;AAChD,cAAQ,KAAK,iCAAkC,IAAc,OAAO,kCAAkC;AAAA,IACxG;AAAA,EACF;AACA,QAAM,WAAW,eAAe,KAAK,CAAC;AACtC,SAAO,SAAS;AAChB,WAAS,eAAe;AACxB,MAAI,aAAc,UAAS,gBAAgB;AAC3C,WAAS,mBAAmB;AAC5B,kBAAgB,QAAQ;AAC1B;AAMA,eAAsB,iBAAgC;AACpD,QAAM,UAAU,MAAM,WAAW;AACjC,MAAI,SAAS;AACX,UAAM,QAAQ,CAAC,SAAS,kBAAkB,iBAAiB;AAC3D,UAAM,UAAU,MAAM,QAAQ,IAAI,MAAM,IAAI,OAAK,UAAU,SAAS,CAAC,CAAC,CAAC;AACvE,eAAW,CAAC,GAAG,EAAE,KAAK,QAAQ,QAAQ,GAAG;AACvC,UAAI,CAAC,IAAI;AACP,cAAM,UAAU,MAAM,CAAC;AACvB,gBAAQ;AAAA,UACN,yCAAyC,OAAO;AAAA,IAAuE,qBAAqB,OAAO,CAAC;AAAA,QACtJ;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,QAAM,WAAW,eAAe;AAChC,MAAI,UAAU;AACZ,QAAI,QAAQ;AACZ,eAAW,KAAK,CAAC,SAAS,gBAAgB,iBAAiB,kBAAkB,GAAY;AACvF,UAAI,SAAS,CAAC,MAAM,QAAW;AAC7B,eAAO,SAAS,CAAC;AACjB,gBAAQ;AAAA,MACV;AAAA,IACF;AACA,QAAI,MAAO,iBAAgB,QAAQ;AAAA,EACrC;AACF;;;AC7UA,YAAY,UAAU;AAGf,IAAM,sBAAsB;AAGnC,IAAM,yBAAyB;AAC/B,IAAM,4BAA4B;AAE3B,SAAS,mBAA2B;AACzC,QAAM,QAAQ,QAAQ,IAAI,sBAAsB,KAAK;AACrD,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,MAAM,2HAAsH;AAAA,EACxI;AACA,SAAO;AACT;AAEO,SAAS,qBAA6B;AAC3C,QAAM,QAAQ,QAAQ,IAAI,yBAAyB,KAAK;AACxD,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,MAAM,qIAAgI;AAAA,EAClJ;AACA,SAAO;AACT;AAQO,SAAS,eAAe,kBAAkC;AAC/D,SAAO,IAAI,KAAK,KAAK,IAAI,IAAI,mBAAmB,GAAI,EAAE,YAAY;AACpE;AAEA,SAAS,gBAAgB,OAA+B;AACtD,MAAI,OAAO,UAAU,YAAY,UAAU,MAAM;AAC/C,UAAM,IAAI,MAAM,6CAA6C;AAAA,EAC/D;AACA,QAAM,IAAI;AACV,MAAI,OAAO,EAAE,iBAAiB,YAAY,OAAO,EAAE,eAAe,UAAU;AAC1E,UAAM,IAAI,MAAM,+CAA+C;AAAA,EACjE;AACA,QAAM,MAAqB,EAAE,cAAc,EAAE,cAAc,YAAY,EAAE,WAAW;AACpF,MAAI,OAAO,EAAE,kBAAkB,SAAU,KAAI,gBAAgB,EAAE;AAC/D,SAAO;AACT;AAEA,eAAsB,sBACpB,eACA,UACA,MACA,cACA,aACwB;AACxB,QAAM,WAAW,MAAM,MAAM,GAAG,aAAa,iBAAiB;AAAA,IAC5D,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,IAC/D,MAAM,IAAI,gBAAgB;AAAA,MACxB,YAAY;AAAA,MACZ;AAAA,MACA,eAAe;AAAA,MACf,cAAc;AAAA,MACd,WAAW;AAAA,IACb,CAAC,EAAE,SAAS;AAAA,EACd,CAAC;AAED,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,UAAM,IAAI,MAAM,0BAA0B,SAAS,MAAM,MAAM,IAAI,EAAE;AAAA,EACvE;AAEA,SAAO,gBAAgB,MAAM,SAAS,KAAK,CAAC;AAC9C;AAEO,IAAM,sBAAN,cAAkC,MAAM;AAAA,EAC7C,cAAc;AACZ,UAAM,iBAAiB;AACvB,SAAK,OAAO;AAAA,EACd;AACF;AAEA,eAAsB,mBACpB,eACA,UACA,cACwB;AACxB,QAAM,WAAW,MAAM,MAAM,GAAG,aAAa,iBAAiB;AAAA,IAC5D,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,IAC/D,MAAM,IAAI,gBAAgB;AAAA,MACxB,YAAY;AAAA,MACZ,eAAe;AAAA,MACf,WAAW;AAAA,IACb,CAAC,EAAE,SAAS;AAAA,EACd,CAAC;AAED,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,SAAS,SAAS;AACxB,UAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,QAAI,WAAW,OAAO,WAAW,KAAK;AACpC,UAAI;AACF,cAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,YAAI,OAAO,UAAU,gBAAiB,OAAM,IAAI,oBAAoB;AAAA,MACtE,SAAS,KAAK;AACZ,YAAI,eAAe,oBAAqB,OAAM;AAAA,MAEhD;AAAA,IACF;AAEA,UAAM,IAAI,MAAM,yBAAyB,MAAM,MAAM,IAAI,EAAE;AAAA,EAC7D;AAEA,SAAO,gBAAgB,MAAM,SAAS,KAAK,CAAC;AAC9C;AAEO,SAAS,oBACd,MACA,eACA,YAAoB,MACO;AAC3B,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,QAAI,UAAU;AACd,UAAM,SAAc,kBAAa,CAAC,KAAK,QAAQ;AAC7C,YAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,oBAAoB,IAAI,EAAE;AAC9D,UAAI,IAAI,aAAa,aAAa;AAChC,YAAI,UAAU,GAAG;AACjB,YAAI,IAAI;AACR;AAAA,MACF;AAEA,UAAI,SAAS;AACX,YAAI,UAAU,GAAG;AACjB,YAAI,IAAI;AACR;AAAA,MACF;AAEA,YAAM,OAAO,IAAI,aAAa,IAAI,MAAM;AACxC,YAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,YAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,YAAM,mBAAmB,IAAI,aAAa,IAAI,mBAAmB;AAEjE,UAAI,OAAO;AACT,kBAAU;AACV,YAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,YAAI,IAAI,UAAU,oBAAoB,KAAK,CAAC;AAC5C,gBAAQ;AACR,eAAO,IAAI,MAAM,gBAAgB,oBAAoB,KAAK,EAAE,CAAC;AAC7D;AAAA,MACF;AAEA,UAAI,UAAU,eAAe;AAC3B,kBAAU;AACV,YAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,YAAI,IAAI,UAAU,yBAAyB,CAAC;AAC5C,gBAAQ;AACR,eAAO,IAAI,MAAM,mDAA8C,CAAC;AAChE;AAAA,MACF;AAEA,UAAI,CAAC,MAAM;AACT,kBAAU;AACV,YAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,YAAI,IAAI,UAAU,gCAAgC,CAAC;AACnD,gBAAQ;AACR,eAAO,IAAI,MAAM,gCAAgC,CAAC;AAClD;AAAA,MACF;AAEA,gBAAU;AACV,UAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,UAAI,IAAI,YAAY,CAAC;AACrB,cAAQ;AACR,cAAQ,EAAE,KAAK,CAAC;AAAA,IAClB,CAAC;AAED,UAAM,UAAU,WAAW,MAAM;AAC/B,cAAQ;AACR,aAAO,IAAI,MAAM,uDAAuD,CAAC;AAAA,IAC3E,GAAG,SAAS;AAEZ,aAAS,UAAgB;AACvB,mBAAa,OAAO;AACpB,aAAO,MAAM;AAAA,IACf;AAEA,WAAO,GAAG,SAAS,CAAC,QAA+B;AACjD,cAAQ;AACR,UAAI,IAAI,SAAS,cAAc;AAC7B,eAAO,IAAI,MAAM,QAAQ,IAAI,gDAAgD,CAAC;AAAA,MAChF,OAAO;AACL,eAAO,GAAG;AAAA,MACZ;AAAA,IACF,CAAC;AAED,WAAO,OAAO,MAAM,WAAW;AAAA,EACjC,CAAC;AACH;AAEA,SAAS,cAAsB;AAC7B,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAQT;AAGA,SAAS,WAAW,OAAuB;AACzC,SAAO,MACJ,QAAQ,MAAM,OAAO,EACrB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,QAAQ,EACtB,QAAQ,MAAM,OAAO;AAC1B;AAEA,SAAS,UAAU,SAAyB;AAC1C,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA,kDAKyC,WAAW,OAAO,CAAC;AAAA;AAAA;AAGrE;;;ACjOA,eAAsB,MAAM,OAAe,QAAgC;AACzE,QAAM,YAAY,KAAK;AACvB,QAAM,SAAS,WAAW;AAC1B,aAAW;AAAA,IACT,GAAG;AAAA,IACH,SAAS,UAAU,OAAO;AAAA,EAC5B,CAAC;AACH;AAEA,IAAM,oBAAoB;AAG1B,eAAsB,iBAAyC;AAC7D,QAAM,WAAW,MAAM,iBAAiB;AACxC,MAAI,CAAC,SAAU,QAAO;AAEtB,MAAI,SAAS,SAAS,MAAO,QAAO,SAAS;AAG7C,QAAM,cAAc,SAAS,aAAa,IAAI,KAAK,SAAS,UAAU,EAAE,QAAQ,IAAI,OAAO;AAC3F,MAAI,CAAC,OAAO,SAAS,WAAW,KAAK,cAAc,KAAK,IAAI,IAAI,mBAAmB;AACjF,WAAO,SAAS;AAAA,EAClB;AACA,MAAI,CAAC,SAAS,eAAe;AAC3B,UAAM,IAAI,MAAM,+EAA+E;AAAA,EACjG;AAEA,MAAI;AACF,UAAM,SAAS,MAAM,mBAAmB,iBAAiB,GAAG,mBAAmB,GAAG,SAAS,aAAa;AACxG,UAAM,eAAe,eAAe,OAAO,UAAU;AACrD,UAAM,eAAe,OAAO,cAAc,OAAO,iBAAiB,SAAS,eAAe,YAAY;AACtG,WAAO,OAAO;AAAA,EAChB,SAAS,KAAK;AACZ,QAAI,eAAe,qBAAqB;AACtC,YAAM,eAAe;AACrB,YAAM,IAAI,MAAM,2CAA2C;AAAA,IAC7D;AACA,UAAM;AAAA,EACR;AACF;AAGA,eAAsB,kBAAyD;AAC7E,QAAM,WAAW,MAAM,iBAAiB;AACxC,SAAO,UAAU,QAAQ;AAC3B;;;AClDA,YAAY,YAAY;AAEjB,SAAS,uBAA+B;AAC7C,SAAc,mBAAY,EAAE,EAAE,SAAS,WAAW;AACpD;AAEO,SAAS,sBAAsB,UAA0B;AAC9D,SAAc,kBAAW,QAAQ,EAAE,OAAO,QAAQ,EAAE,OAAO,EAAE,SAAS,WAAW;AACnF;AAEO,SAAS,gBAAwB;AACtC,SAAc,mBAAY,EAAE,EAAE,SAAS,WAAW;AACpD;;;ALMA,IAAM,wBAAwB;AAEvB,IAAM,eAAe,IAAI,QAAQ,OAAO,EAC5C,YAAY,yBAAyB,EACrC,OAAO,mBAAmB,kDAAkD,EAC5E,OAAO,mBAAmB,cAAc,EACxC,OAAO,OAAO,SAA8C;AAC3D,MAAI,KAAK,OAAO;AACd,UAAM,MAAM,KAAK,OAAO,KAAK,MAAM;AACnC,YAAQ,IAAI,4BAA4B;AACxC;AAAA,EACF;AAEA,MAAI;AACF,UAAM,iBAAiB,KAAK,MAAM;AAClC,YAAQ,IAAI,4BAA4B;AAAA,EAC1C,SAAS,KAAK;AACZ,YAAQ;AAAA,MACN,iBAAiB,eAAe,QAAQ,IAAI,UAAU,eAAe;AAAA,IACvE;AACA,YAAQ,KAAK,CAAC;AAAA,EAChB;AACF,CAAC;AAEH,eAAe,iBAAiB,QAAgC;AAC9D,QAAM,OAAO,MAAM,OAAO,MAAM,EAAE,KAAK,OAAK,EAAE,OAAO;AAErD,QAAM,eAAe,qBAAqB;AAC1C,QAAM,gBAAgB,sBAAsB,YAAY;AACxD,QAAM,QAAQ,cAAc;AAE5B,QAAM,OAAO;AACb,QAAM,cAAc,oBAAoB,IAAI;AAE5C,QAAM,gBAAgB,iBAAiB;AACvC,QAAM,WAAW,mBAAmB;AAEpC,QAAM,eAAe,IAAI,IAAI,GAAG,aAAa,mBAAmB;AAChE,eAAa,aAAa,IAAI,aAAa,QAAQ;AACnD,eAAa,aAAa,IAAI,gBAAgB,WAAW;AACzD,eAAa,aAAa,IAAI,iBAAiB,MAAM;AACrD,eAAa,aAAa,IAAI,kBAAkB,aAAa;AAC7D,eAAa,aAAa,IAAI,yBAAyB,MAAM;AAC7D,eAAa,aAAa,IAAI,SAAS,KAAK;AAG5C,eAAa,aAAa,IAAI,SAAS,qCAAqC;AAE5E,UAAQ,IAAI,uCAAuC;AAGnD,QAAM,kBAAkB,oBAAoB,MAAM,KAAK;AAGvD,MAAI,kBAAkB;AACtB,QAAM,gBAAgB,WAAW,MAAM;AACrC,sBAAkB;AAClB,YAAQ,IAAI,sCAAsC,aAAa,SAAS,CAAC,EAAE;AAAA,EAC7E,GAAG,qBAAqB;AAExB,OAAK,aAAa,SAAS,CAAC,EAAE,MAAM,MAAM;AACxC,QAAI,gBAAiB;AACrB,iBAAa,aAAa;AAC1B,YAAQ,IAAI,uCAAuC;AACnD,YAAQ,IAAI,UAAU,aAAa,SAAS,CAAC,EAAE;AAAA,EACjD,CAAC;AAED,MAAI;AACJ,MAAI;AACF,KAAC,EAAE,KAAK,IAAI,MAAM;AAAA,EACpB,UAAE;AACA,iBAAa,aAAa;AAAA,EAC5B;AAEA,QAAM,SAAS,MAAM,sBAAsB,eAAe,UAAU,MAAM,cAAc,WAAW;AACnG,QAAM,YAAY,eAAe,OAAO,UAAU;AAClD,QAAM,eAAe,OAAO,cAAc,OAAO,eAAe,SAAS;AAEzE,QAAM,SAAS,WAAW;AAC1B,aAAW;AAAA,IACT,GAAG;AAAA,IACH,SAAS,UAAU,OAAO;AAAA,EAC5B,CAAC;AACH;;;AMrGA,SAAS,WAAAC,gBAAe;;;ACGjB,IAAM,YAAN,MAAgB;AAAA,EACZ;AAAA,EACD;AAAA,EAER,cAAc;AACZ,UAAM,SAAS,WAAW;AAC1B,SAAK,UAAU,OAAO;AAAA,EACxB;AAAA,EAEQ,WAAmC;AACzC,QAAI,CAAC,KAAK,cAAe,MAAK,gBAAgB,eAAe;AAC7D,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAc,cAA+C;AAC3D,UAAM,QAAQ,MAAM,KAAK,SAAS;AAClC,WAAO,QAAQ,EAAE,iBAAiB,UAAU,KAAK,GAAG,IAAI,CAAC;AAAA,EAC3D;AAAA,EAEA,MAAM,QAAqB,QAAgB,MAAc,MAA4B;AACnF,UAAM,MAAM,MAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI,IAAI;AAAA,MAChD;AAAA,MACA,SAAS;AAAA,QACP,GAAI,MAAM,KAAK,YAAY;AAAA,QAC3B,gBAAgB;AAAA,MAClB;AAAA,MACA,MAAM,OAAO,KAAK,UAAU,IAAI,IAAI;AAAA,IACtC,CAAC;AAED,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,IAAI,MAAM,KAAK,OAAO,WAAW,QAAQ,IAAI,MAAM,EAAE;AAAA,IAC7D;AACA,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAM,WAAW,KAAa,MAAgB,aAAoC;AAChF,UAAM,MAAM,MAAM,MAAM,KAAK;AAAA,MAC3B,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,GAAI,MAAM,KAAK,YAAY;AAAA,QAC3B,gBAAgB;AAAA,MAClB;AAAA,MACA;AAAA,IACF,CAAC;AACD,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,IAAI,MAAM,uBAAuB,IAAI,MAAM,EAAE;AAAA,IACrD;AAAA,EACF;AACF;;;AD/CO,IAAM,gBAAgB,IAAIC,SAAQ,QAAQ,EAC9C,YAAY,0CAA0C,EACtD,OAAO,YAAY;AAClB,QAAM,OAAO,MAAM,gBAAgB;AAInC,MAAI,SAAS,SAAS;AACpB,QAAI;AACF,YAAM,SAAS,IAAI,UAAU;AAC7B,YAAM,OAAO,QAAQ,QAAQ,iBAAiB;AAAA,IAChD,SAAS,KAAK;AACZ,cAAQ,KAAK,qCAAqC,eAAe,QAAQ,IAAI,UAAU,SAAS,uCAAuC;AAAA,IACzI;AAAA,EACF;AAEA,QAAM,eAAe;AACrB,UAAQ,IAAI,yBAAyB;AACvC,CAAC;;;AEvBH,SAAS,WAAAC,gBAAe;;;ACAxB,OAAO,WAAW;AAClB,OAAO,WAAW;AAIX,SAAS,aAAa,MAAe,QAA8B;AACxE,MAAI,WAAW,QAAQ;AACrB,WAAO,KAAK,UAAU,MAAM,MAAM,CAAC;AAAA,EACrC;AAEA,MAAI,MAAM,QAAQ,IAAI,GAAG;AACvB,WAAO,YAAY,IAAiC;AAAA,EACtD;AAEA,MAAI,OAAO,SAAS,YAAY,SAAS,MAAM;AAC7C,WAAO,eAAe,IAA+B;AAAA,EACvD;AAEA,SAAO,OAAO,IAAI;AACpB;AAEA,SAAS,YAAY,MAAyC;AAC5D,MAAI,KAAK,WAAW,EAAG,QAAO,MAAM,IAAI,YAAY;AAEpD,QAAM,OAAO,OAAO,KAAK,KAAK,CAAC,CAAE;AACjC,QAAM,QAAQ,IAAI,MAAM,EAAE,MAAM,KAAK,IAAI,OAAK,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;AAE9D,aAAW,OAAO,MAAM;AACtB,UAAM,KAAK,KAAK,IAAI,OAAK;AACvB,YAAM,MAAM,IAAI,CAAC;AACjB,UAAI,QAAQ,QAAQ,QAAQ,OAAW,QAAO;AAC9C,UAAI,OAAO,QAAQ,SAAU,QAAO,KAAK,UAAU,GAAG;AACtD,aAAO,OAAO,GAAG;AAAA,IACnB,CAAC,CAAC;AAAA,EACJ;AAEA,SAAO,MAAM,SAAS;AACxB;AAEA,SAAS,eAAe,KAAsC;AAC5D,QAAM,QAAQ,IAAI,MAAM;AACxB,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,GAAG,GAAG;AAC9C,UAAM,eAAe,OAAO,UAAU,WAAW,KAAK,UAAU,KAAK,IAAI,OAAO,SAAS,EAAE;AAC3F,UAAM,KAAK,EAAE,CAAC,MAAM,KAAK,GAAG,CAAC,GAAG,aAAa,CAAC;AAAA,EAChD;AACA,SAAO,MAAM,SAAS;AACxB;;;AC9CA,SAAS,gBAAAC,qBAAoB;AAItB,SAAS,UAAU,MAAuC;AAC/D,MAAI,KAAK,WAAW,GAAG,GAAG;AACxB,UAAM,UAAUA,cAAa,KAAK,MAAM,CAAC,GAAG,OAAO;AACnD,WAAO,KAAK,MAAM,OAAO;AAAA,EAC3B;AACA,SAAO,KAAK,MAAM,IAAI;AACxB;AAEO,SAAS,YAAY,KAAsB;AAEhD,MAAI,UAA0B;AAC9B,SAAO,SAAS;AACd,UAAM,KAAK,QAAQ,KAAK,EAAE;AAC1B,QAAI,GAAI,QAAO;AACf,cAAU,QAAQ;AAAA,EACpB;AACA,UAAQ,MAAM,+BAA+B;AAC7C,SAAO,QAAQ,KAAK,CAAC;AACvB;AAEO,SAAS,UAAU,KAA4B;AACpD,SAAQ,IAAI,QAAQ,QAAQ,KAAK,EAAE,UAAU,IAAI,QAAQ,KAAK,EAAE,UAAU;AAC5E;;;AFrBO,IAAM,mBAAmB,IAAIC,SAAQ,WAAW,EACpD,YAAY,kBAAkB;AAEjC,iBAAiB,QAAQ,MAAM,EAC5B,YAAY,oBAAoB,EAChC,OAAO,eAAe,eAAe,EACrC,OAAO,eAA+B,MAAwB;AAC7D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,KAAK,KAAK,MAAM,QAAQ,mBAAmB,KAAK,GAAG,CAAC,KAAK;AAC/D,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,gBAAgB,EAAE,EAAE;AAC7D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,UAAU,EAChC,YAAY,gBAAgB,EAC5B,OAAO,eAA+B,IAAY;AACjD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,iBAAiB,EAAE,EAAE;AAC9D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,aAAa,EACnC,YAAY,mBAAmB,EAC/B,eAAe,iBAAiB,eAAe,EAC/C,OAAO,wBAAwB,aAAa,EAC5C,OAAO,iBAAiB,kDAAkD,EAC1E,OAAO,eAA+B,IAAY,MAA6D;AAC9G,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC;AAAA,IACpC,MAAM,KAAK;AAAA,IACX,aAAa,KAAK;AAAA,EACpB;AACA,MAAI,KAAK,MAAM;AACb,SAAK,MAAM,IAAI,KAAK,KAAK,MAAM,GAAG,EAAE,IAAI,OAAK,EAAE,KAAK,CAAC;AAAA,EACvD;AACA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,iBAAiB,EAAE,IAAI,IAAI;AACpE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,UAAU,EAChC,YAAY,wBAAwB,EACpC,eAAe,iBAAiB,kDAAkD,EAClF,OAAO,eAA+B,IAAY,MAAwB;AACzE,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,iBAAiB,EAAE,IAAI;AAAA,IAC9D,MAAM,KAAK,KAAK,MAAM,GAAG,EAAE,IAAI,OAAK,EAAE,KAAK,CAAC;AAAA,EAC9C,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,aAAa,EACnC,YAAY,mBAAmB,EAC/B,OAAO,OAAO,QAAgB;AAC7B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,iBAAiB,GAAG,EAAE;AACrD,UAAQ,IAAI,SAAS;AACvB,CAAC;AAIH,iBAAiB,QAAQ,gCAAgC,EACtD,YAAY,2DAA2D,EACvE,eAAe,iBAAiB,uBAAuB,EACvD,OAAO,wBAAwB,aAAa,EAC5C,OAAO,eAA+B,cAAsB,MAA8C;AACzG,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,YAAY,YAAY;AAAA,IACvE,MAAM,KAAK;AAAA,IACX,aAAa,KAAK;AAAA,EACpB,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,+BAA+B,EACrD,YAAY,kDAAkD,EAC9D,OAAO,eAA+B,cAAsB;AAC3D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,YAAY,WAAW;AACvE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,yBAAyB,EAC/C,YAAY,mEAAmE,EAC/E,eAAe,uBAAuB,4BAA4B,EAClE,OAAO,aAAa,yCAAyC,EAC7D,OAAO,uBAAuB,6CAA6C,CAAC,MAAc,EAAE,MAAM,GAAG,CAAC,EACtG,OAAO,oBAAoB,0CAA0C,CAAC,MAAc,EAAE,MAAM,GAAG,CAAC,EAChG,OAAO,iBAAiB,uCAAuC,CAAC,MAAc,EAAE,MAAM,GAAG,CAAC,EAC1F,OAAO,eAEN,cACA,MACA;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,YAAY,YAAY;AAAA,IACvE,oBAAoB,KAAK;AAAA,IACzB,SAAS,KAAK,UAAU;AAAA,IACxB,aAAa,KAAK;AAAA,IAClB,UAAU,KAAK;AAAA,IACf,OAAO,KAAK;AAAA,EACd,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,0BAA0B,EAChD,YAAY,mCAAmC,EAC/C,eAAe,8BAA8B,0BAA0B,EACvE,OAAO,eAA+B,cAAsB,MAA6B;AACxF,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,YAAY,qBAAqB;AAAA,IAChF,cAAc,KAAK;AAAA,EACrB,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,4BAA4B,EAClD,YAAY,kDAAkD,EAC9D,OAAO,eAA+B,cAAsB;AAC3D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,YAAY,aAAa;AACzE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;AG9HH,SAAS,WAAAC,gBAAe;AAKjB,IAAM,qBAAqB,IAAIC,SAAQ,aAAa,EACxD,YAAY,oBAAoB;AAEnC,mBAAmB,QAAQ,MAAM,EAC9B,YAAY,oCAAoC,EAChD,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc;AAChE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,UAAU,EAClC,YAAY,kBAAkB,EAC9B,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,gBAAgB,EAAE,EAAE;AACtE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,aAAa,EACrC,YAAY,+BAA+B,EAC3C,eAAe,iBAAiB,iBAAiB,EACjD,OAAO,wBAAwB,aAAa,EAC5C,OAAO,mBAAmB,wCAAwC,EAClE,OAAO,iBAAiB,WAAW,EACnC,OAAO,mBAAmB,WAAW,EACrC,OAAO,oBAAoB,oDAAoD,EAC/E,OAAO,eAA+B,IAAY,MAAgH;AACjK,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,MAAM,KAAK,KAAK;AACxD,MAAI,KAAK,YAAa,MAAK,aAAa,IAAI,KAAK;AACjD,MAAI,KAAK,OAAQ,MAAK,aAAa,IAAI,UAAU,KAAK,MAAM;AAC5D,MAAI,KAAK,KAAM,MAAK,MAAM,IAAI,KAAK;AACnC,MAAI,KAAK,MAAO,MAAK,OAAO,IAAI,KAAK;AACrC,MAAI,KAAK,QAAS,MAAK,SAAS,IAAI,UAAU,KAAK,OAAO;AAC1D,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,gBAAgB,EAAE,IAAI,IAAI;AAC5E,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,aAAa,EACrC,YAAY,qBAAqB,EACjC,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,gBAAgB,EAAE,EAAE;AAC5D,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACtDH,SAAS,WAAAC,gBAAe;AAKjB,IAAM,mBAAmB,IAAIC,SAAQ,WAAW,EACpD,YAAY,kBAAkB;AAEjC,iBAAiB,QAAQ,qBAAqB,EAC3C,YAAY,6BAA6B,EACzC,eAAe,iBAAiB,wCAAwC,EACxE,OAAO,aAAa,wDAAwD,EAC5E,OAAO,sBAAsB,kDAAkD,EAC/E,OAAO,8BAA8B,6CAA6C,EAClF,OAAO,eAA+B,YAAoB,MAAmF;AAC5I,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,MAAM,UAAU,KAAK,IAAI,EAAE;AACnE,MAAI,KAAK,WAAY,MAAK,aAAa,IAAI,KAAK;AAChD,MAAI,KAAK,eAAgB,MAAK,iBAAiB,IAAI,KAAK;AACxD,QAAM,OAAO,KAAK,KACd,OAAO,EAAE,cAAc,UAAU,IAAI,KAAK,EAAE,KAC5C,OAAO,EAAE,cAAc,UAAU;AACrC,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,MAAM,IAAI;AACnD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,uBAAuB,EAC7C,YAAY,sBAAsB,EAClC,OAAO,eAA+B,YAAoB,IAAY;AACrE,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,EAAE;AAClF,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,0BAA0B,EAChD,YAAY,mBAAmB,EAC/B,OAAO,eAA+B,YAAoB,IAAY;AACrE,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,EAAE;AACxE,UAAQ,IAAI,SAAS;AACvB,CAAC;;;AC3CH,SAAS,WAAAC,gBAAe;AACxB,SAAS,gBAAAC,qBAAoB;AAKtB,IAAM,aAAa,IAAIC,SAAQ,KAAK,EACxC,YAAY,qDAAqD,EACjE,SAAS,WAAW,yBAAyB,EAC7C,OAAO,iBAAiB,0CAA0C,EAClE,OAAO,mBAAmB,mEAAmE,EAC7F,OAAO,eAA+B,UAA8B,MAA2C;AAC9G,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAE7B,MAAI;AACJ,MAAI,KAAK,MAAM;AACb,YAAQC,cAAa,KAAK,MAAM,OAAO,EAAE,KAAK;AAAA,EAChD,WAAW,UAAU;AACnB,YAAQ;AAAA,EACV,OAAO;AACL,YAAQ,MAAM,sDAAsD;AACpE,YAAQ,KAAK,CAAC;AAAA,EAChB;AAEA,QAAM,SAAkC,CAAC;AACzC,MAAI,KAAK,OAAO;AACd,eAAW,MAAM,KAAK,OAAO;AAC3B,YAAM,QAAQ,GAAG,QAAQ,GAAG;AAC5B,UAAI,UAAU,IAAI;AAChB,gBAAQ,MAAM,gCAAgC,EAAE,uBAAuB;AACvE,gBAAQ,KAAK,CAAC;AAAA,MAChB;AACA,aAAO,GAAG,MAAM,GAAG,KAAK,CAAC,IAAI,GAAG,MAAM,QAAQ,CAAC;AAAA,IACjD;AAAA,EACF;AAEA,QAAM,OAAgC,EAAE,MAAM;AAC9C,MAAI,OAAO,KAAK,MAAM,EAAE,SAAS,EAAG,MAAK,SAAS;AAElD,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,QAAQ,IAAI;AAC/D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;AC1CH,SAAS,WAAAC,gBAAe;AAKjB,IAAM,uBAAuB,IAAIC,SAAQ,eAAe,EAC5D,YAAY,wCAAwC;AAEvD,qBAAqB,QAAQ,QAAQ,EAClC,YAAY,iCAAiC,EAC7C,eAAe,4BAA4B,iCAAiC,EAC5E,eAAe,4BAA4B,iCAAiC,EAC5E,eAAe,iBAAiB,mBAAmB,EACnD,OAAO,aAAa,iBAAiB,EACrC,OAAO,iBAAiB,kDAAkD,EAC1E,OAAO,eAA+B,MAAoF;AACzH,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,CAAC,kBAAkB,QAAQ,IAAI,KAAK,OAAO,MAAM,GAAG;AAC1D,QAAM,CAAC,kBAAkB,QAAQ,IAAI,KAAK,OAAO,MAAM,GAAG;AAC1D,QAAM,OAAgC;AAAA,IACpC,UAAU,KAAK;AAAA,IACf,mBAAmB;AAAA,IACnB,WAAW;AAAA,IACX,mBAAmB;AAAA,IACnB,WAAW;AAAA,EACb;AACA,MAAI,KAAK,GAAI,MAAK,IAAI,IAAI,KAAK;AAC/B,MAAI,KAAK,KAAM,MAAK,MAAM,IAAI,UAAU,KAAK,IAAI;AACjD,QAAM,OAAO,KAAK,KAAK,OAAO,EAAE,kBAAkB,KAAK,EAAE,KAAK,OAAO,EAAE;AACvE,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,MAAM,IAAI;AACnD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,qBAAqB,QAAQ,UAAU,EACpC,YAAY,0BAA0B,EACtC,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,kBAAkB,EAAE,EAAE;AACxE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,qBAAqB,QAAQ,aAAa,EACvC,YAAY,uBAAuB,EACnC,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,kBAAkB,EAAE,EAAE;AAC9D,UAAQ,IAAI,SAAS;AACvB,CAAC;;;AClDH,SAAS,WAAAC,gBAAe;AAKjB,IAAM,4BAA4B,IAAIC,SAAQ,qBAAqB,EACvE,YAAY,yBAAyB,EACrC,SAAS,gBAAgB,mCAAmC,EAC5D,SAAS,QAAQ,oBAAoB,EACrC,OAAO,iBAAiB,6BAA6B,EACrD,OAAO,qBAAqB,0CAA0C,MAAM,EAC5E,OAAO,eAAe,eAAe,IAAI,EACzC,OAAO,gBAAgB,gBAAgB,GAAG,EAC1C,OAAO,eAA+B,YAAoB,IAAY,MAA2E;AAChJ,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,IAAI,gBAAgB;AACnC,MAAI,KAAK,KAAM,QAAO,IAAI,YAAY,KAAK,IAAI;AAE/C,QAAM,eAAuC,EAAE,UAAU,UAAU,UAAU,UAAU,MAAM,OAAO;AACpG,SAAO,IAAI,aAAa,aAAa,KAAK,SAAS,KAAK,KAAK,SAAS;AACtE,SAAO,IAAI,SAAS,KAAK,KAAK;AAC9B,SAAO,IAAI,UAAU,KAAK,MAAM;AAChC,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,YAAY,OAAO,SAAS,CAAC,EAAE;AAC/G,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;ACzBH,SAAS,WAAAC,gBAAe;AACxB,SAAS,gBAAAC,qBAAoB;AAKtB,IAAM,qBAAqB,IAAIC,SAAQ,aAAa,EACxD,YAAY,6BAA6B;AAE5C,mBAAmB,QAAQ,0BAA0B,EAClD,YAAY,0GAA0G,EACtH,eAAe,qBAAqB,wCAAwC,EAC5E,OAAO,yBAAyB,aAAa,0BAA0B,EACvE,OAAO,iBAAiB,qEAAqE,EAC7F,OAAO,eAA+B,YAAoB,IAAY,MAAgE;AACrI,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,gBAAgB;AAAA,IAC/F,UAAU,KAAK;AAAA,IACf,cAAc,KAAK;AAAA,EACrB,CAAC;AAED,MAAI,KAAK,MAAM;AACb,UAAM,OAAOC,cAAa,KAAK,IAAI;AACnC,UAAM,YAAY,KAAK,WAAW,WAAW,MAAM,IAAI,KAAK,aAAa,GAAG,OAAO,OAAO,GAAG,KAAK,UAAU;AAC5G,UAAM,OAAO,WAAW,WAAW,MAAM,KAAK,WAAW;AACzD,YAAQ,IAAI,aAAa,EAAE,GAAG,MAAM,UAAU,KAAK,GAAG,UAAU,IAAI,CAAC,CAAC;AAAA,EACxE,OAAO;AACL,YAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AAAA,EACjD;AACF,CAAC;AAEH,mBAAmB,QAAQ,uBAAuB,EAC/C,YAAY,kDAAkD,EAC9D,eAAe,qBAAqB,wCAAwC,EAC5E,OAAO,eAA+B,YAAoB,IAAY,MAA4B;AACjG,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,cAAc,MAAM,OAAO,QAAgE,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,cAAc;AAC7J,QAAM,QAAQ,YAAY,KAAK,OAAK,EAAE,IAAI,SAAS,IAAI,KAAK,QAAQ,EAAE,CAAC;AACvE,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,MAAM,eAAe,KAAK,QAAQ,aAAa;AAAA,EAC3D;AACA,QAAM,cAAc,GAAG,OAAO,OAAO,OAAO,EAAE,gBAAgB,MAAM,GAAG;AACvE,UAAQ,IAAI,aAAa,EAAE,cAAc,aAAa,GAAG,MAAM,GAAG,UAAU,IAAI,CAAC,CAAC;AACpF,CAAC;AAEH,mBAAmB,QAAQ,wBAAwB,EAChD,YAAY,iCAAiC,EAC7C,OAAO,mBAAmB,oCAAoC,EAC9D,OAAO,eAA+B,YAAoB,IAAY,MAA2B;AAChG,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,QAAQ,KAAK,SAAS,WAAW,mBAAmB,KAAK,MAAM,CAAC,KAAK;AAC3E,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,eAAe,KAAK,EAAE;AACtG,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,0CAA0C,EAClE,YAAY,sBAAsB,EAClC,OAAO,eAA+B,YAAoB,IAAY,cAAsB;AAC3F,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,gBAAgB,YAAY,EAAE;AACpG,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACjEH,SAAS,kBAAkB;AAC3B,SAAS,WAAAC,iBAAe;AAKjB,IAAM,eAAe,IAAIC,UAAQ,OAAO,EAC5C,YAAY,kCAAkC;AAEjD,aAAa,QAAQ,QAAQ,EAC1B,YAAY,2BAA2B,EACvC,eAAe,iBAAiB,WAAW,EAC3C,eAAe,qBAAqB,oBAAoB,EACxD,OAAO,aAAa,qCAAqC,EACzD,OAAO,oCAAoC,kCAAkC,EAC7E,OAAO,eAA+B,MAA+E;AACpH,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,KAAK,MAAM,WAAW;AACrC,QAAM,OAAgC;AAAA,IACpC,MAAM,KAAK;AAAA,IACX,QAAQ,KAAK;AAAA,IACb,SAAS;AAAA,EACX;AACA,MAAI,KAAK,iBAAiB;AACxB,SAAK,kBAAkB,IAAI,KAAK,gBAAgB,MAAM,GAAG;AAAA,EAC3D;AACA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,UAAU,MAAM,IAAI,IAAI;AAC1E,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,aAAa,QAAQ,UAAU,EAC5B,YAAY,YAAY,EACxB,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,UAAU,EAAE,EAAE;AAChE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,aAAa,QAAQ,MAAM,EACxB,YAAY,gBAAgB,EAC5B,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,QAAQ;AAC1D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,aAAa,QAAQ,aAAa,EAC/B,YAAY,eAAe,EAC3B,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,UAAU,EAAE,EAAE;AACtD,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACxDH,SAAS,cAAAC,mBAAkB;AAC3B,SAAS,WAAAC,iBAAe;AAKjB,IAAM,kBAAkB,IAAIC,UAAQ,UAAU,EAClD,YAAY,0BAA0B;AAEzC,gBAAgB,QAAQ,QAAQ,EAC7B,YAAY,4BAA4B,EACxC,eAAe,iBAAiB,cAAc,EAC9C,eAAe,eAAe,YAAY,EAC1C,eAAe,qBAAqB,qBAAqB,EACzD,eAAe,qBAAqB,6BAA6B,EACjE,OAAO,aAAa,wCAAwC,EAC5D,OAAO,oCAAoC,kCAAkC,EAC7E,OAAO,mBAAmB,0BAA0B,EACpD,OAAO,eAA+B,MAA6H;AAClK,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,YAAY,KAAK,MAAMC,YAAW;AACxC,QAAM,OAAgC;AAAA,IACpC,MAAM,KAAK;AAAA,IACX,KAAK,KAAK;AAAA,IACV,QAAQ,KAAK;AAAA,IACb,QAAQ,KAAK,OAAO,MAAM,GAAG;AAAA,IAC7B,SAAS;AAAA,EACX;AACA,MAAI,KAAK,iBAAiB;AACxB,SAAK,kBAAkB,IAAI,KAAK,gBAAgB,MAAM,GAAG;AAAA,EAC3D;AACA,MAAI,KAAK,QAAQ;AACf,SAAK,QAAQ,IAAI,KAAK,MAAM,KAAK,MAAM;AAAA,EACzC;AACA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,aAAa,SAAS,IAAI,IAAI;AAChF,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,gBAAgB,QAAQ,UAAU,EAC/B,YAAY,eAAe,EAC3B,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,aAAa,EAAE,EAAE;AACnE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,gBAAgB,QAAQ,MAAM,EAC3B,YAAY,mBAAmB,EAC/B,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,WAAW;AAC7D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,gBAAgB,QAAQ,aAAa,EAClC,YAAY,kBAAkB,EAC9B,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,aAAa,EAAE,EAAE;AACzD,UAAQ,IAAI,SAAS;AACvB,CAAC;;;AChEH,SAAS,WAAAC,iBAAe;AAKjB,IAAM,mBAAmB,IAAIC,UAAQ,WAAW,EACpD,YAAY,8BAA8B;AAE7C,iBAAiB,QAAQ,eAAe,EACrC,YAAY,kCAAkC,EAC9C,OAAO,iBAAiB,wDAAwD,EAChF,OAAO,wBAAwB,sBAAsB,EACrD,OAAO,iBAAiB,yDAAyD,SAAS,CAAC,CAAC,EAC5F,OAAO,yBAAyB,yDAAyD,SAAS,CAAC,CAAC,EACpG,OAAO,kBAAkB,gEAAgE,SAAS,CAAC,CAAC,EACpG,OAAO,eAAe,uBAAuB,EAC7C,OAAO,mBAAmB,yHAAyH,EACnJ,OAAO,eAA+B,MAAc,MAQlD;AACD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAE7B,MAAI;AAEJ,MAAI,KAAK,QAAQ;AAEf,WAAO,KAAK,MAAM,KAAK,MAAM;AAAA,EAC/B,OAAO;AACL,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,MAAM,2DAA2D;AAAA,IAC7E;AACA,WAAO;AAAA,MACL,MAAM,KAAK;AAAA,MACX,OAAO,KAAK,KAAK,IAAI,aAAa;AAAA,IACpC;AAEA,QAAI,KAAK,YAAa,MAAK,cAAc,KAAK;AAE9C,QAAI,KAAK,aAAa,SAAS,GAAG;AAChC,WAAK,gBAAgB,KAAK,aAAa,IAAI,YAAY;AAAA,IACzD;AAEA,QAAI,KAAK,MAAM,SAAS,GAAG;AACzB,YAAM,aAAuC,CAAC;AAC9C,iBAAW,QAAQ,KAAK,OAAO;AAC7B,cAAM,SAAS,UAAU,IAAI;AAC7B,mBAAW,OAAO,GAAG,IAAI,OAAO;AAAA,MAClC;AACA,WAAK,QAAQ,EAAE,SAAS,MAAM,WAAW;AAAA,IAC3C;AAEA,QAAI,KAAK,SAAU,MAAK,YAAY;AAAA,EACtC;AAEA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,IAAI,IAAI,IAAI;AAC5E,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,YAAY,EAClC,YAAY,iBAAiB,EAC7B,OAAO,cAAc,qCAAqC,EAC1D,OAAO,eAA+B,MAAc,MAA8B;AACjF,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,KAAK,WACd,OAAO,EAAE,cAAc,IAAI,cAC3B,OAAO,EAAE,cAAc,IAAI;AAC/B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,IAAI;AAC7C,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,MAAM,EAC5B,YAAY,oBAAoB,EAChC,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,YAAY;AAC9D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,eAAe,EACrC,YAAY,oBAAoB,EAChC,OAAO,eAA+B,MAAc;AACnD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,cAAc,IAAI,EAAE;AAC5D,UAAQ,IAAI,SAAS;AACvB,CAAC;AAEH,iBAAiB,QAAQ,YAAY,EAClC,YAAY,4CAA4C,EACxD,OAAO,sBAAsB,yBAAyB,KAAK,EAC3D,OAAO,CAAC,OAAe,SAAgC;AACtD,QAAM,YAAY,KAAK,cAAc,QAAQ,QAAQ;AACrD,UAAQ,IAAI,2BAA2B,KAAK,IAAI,SAAS,EAAE;AAC7D,CAAC;AAIH,SAAS,QAAQ,OAAe,UAA8B;AAC5D,SAAO,CAAC,GAAG,UAAU,KAAK;AAC5B;AAEA,SAAS,UAAU,MAA8C;AAC/D,QAAM,CAAC,KAAK,MAAM,IAAI,KAAK,MAAM,GAAG;AACpC,MAAI,CAAC,OAAO,CAAC,QAAQ;AACnB,UAAM,IAAI,MAAM,iBAAiB,IAAI,kCAAkC;AAAA,EACzE;AACA,SAAO,EAAE,KAAK,KAAK,OAAO,MAAM,GAAG,EAAE;AACvC;AAEA,SAAS,cAAc,MAAuC;AAC5D,QAAM,EAAE,KAAK,IAAI,IAAI,UAAU,IAAI;AACnC,SAAO,EAAE,YAAY,KAAK,YAAY,IAAI;AAC5C;AAEA,SAAS,aAAa,MAAuC;AAC3D,QAAM,EAAE,KAAK,IAAI,IAAI,UAAU,IAAI;AACnC,SAAO,EAAE,UAAU,KAAK,YAAY,IAAI;AAC1C;;;AC9HA,SAAS,WAAAC,iBAAe;AAKjB,IAAM,eAAe,IAAIC,UAAQ,OAAO,EAC5C,YAAY,0DAA0D,EACtE,eAAe,uBAAuB,6CAA6C,EACnF,OAAO,eAA+B,MAA8B;AACnE,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,aAAa,UAAU,KAAK,UAAU;AAC5C,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,UAAU;AAAA,IAC3D,YAAY,MAAM,QAAQ,UAAU,IAAI,aAAa,CAAC,UAAU;AAAA,EAClE,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;AChBH,SAAS,WAAAC,iBAAe;AAIxB,IAAM,kBAAkB;AAEjB,IAAM,mBAAmB,IAAIC,UAAQ,WAAW,EACpD,YAAY,6EAA6E;AAE5F,iBAAiB,QAAQ,mBAAmB,EACzC,YAAY,sDAAsD,eAAe,EAAE,EACnF,eAAe,kBAAkB,6CAA6C,EAC9E,OAAO,eAA+B,UAAkB,MAAyB;AAChF,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,QAAQ,UAAU,KAAK,KAAK;AAClC,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,cAAc,QAAQ,WAAW;AAAA,IAClF,OAAO,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC,KAAK;AAAA,EAC9C,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,mBAAmB,EACzC,YAAY,sDAAsD,eAAe,EAAE,EACnF,OAAO,uBAAuB,+CAA+C,EAC7E,OAAO,mBAAmB,sBAAsB,EAChD,OAAO,eAA+B,UAAkB,MAAiD;AACxG,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,QAAQ,KAAK,cAAc,gBAAgB,KAAK,WAAW,KAAK;AACtE,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,QAAQ,UAAU,KAAK,EAAE;AAEzF,MAAI,KAAK,QAAQ;AACf,UAAM,EAAE,eAAAC,eAAc,IAAI,MAAM,OAAO,IAAI;AAC3C,IAAAA,eAAc,KAAK,QAAQ,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AACxD,YAAQ,IAAI,cAAc,KAAK,MAAM,EAAE;AAAA,EACzC,OAAO;AACL,YAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AAAA,EACjD;AACF,CAAC;AAEH,iBAAiB,QAAQ,qCAAqC,EAC3D,YAAY,qEAAqE,eAAe,EAAE,EAClG,eAAe,iBAAiB,8DAA8D,EAC9F,OAAO,sBAAsB,mCAAmC,EAChE,OAAO,8BAA8B,4BAA4B,EACjE,OAAO,eAA+B,UAAkB,YAAoB,MAAsE;AACjJ,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,WAAW,UAAU,KAAK,IAAI;AACpC,QAAM,aAAuB,CAAC;AAC9B,MAAI,KAAK,WAAY,YAAW,KAAK,eAAe,mBAAmB,KAAK,UAAU,CAAC,EAAE;AACzF,MAAI,KAAK,eAAgB,YAAW,KAAK,mBAAmB,mBAAmB,KAAK,cAAc,CAAC,EAAE;AACrG,QAAM,KAAK,WAAW,SAAS,IAAI,WAAW,KAAK,GAAG,CAAC,KAAK;AAC5D,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,cAAc,QAAQ,cAAc,UAAU,GAAG,EAAE,IAAI,QAAQ;AAClH,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;ACxDH,SAAS,WAAAC,iBAAe;AAKjB,IAAM,gBAAgB,IAAIC,UAAQ,QAAQ,EAC9C,YAAY,mBAAmB;AAElC,cAAc,QAAQ,QAAQ,EAC3B,YAAY,2BAA2B,EACvC,eAAe,iBAAiB,YAAY,EAC5C,eAAe,mBAAmB,iCAAiC,EACnE,OAAO,uBAAuB,wDAAwD,EACtF,OAAO,eAA+B,MAA4D;AACjG,QAAM,SAAS,IAAI,UAAU;AAC7B,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,KAAK,MAAM;AAAA,EACjC,QAAQ;AACN,UAAM,IAAI,MAAM,6BAA6B;AAAA,EAC/C;AACA,QAAM,OAAgC,EAAE,MAAM,KAAK,MAAM,OAAO;AAChE,MAAI,KAAK,UAAW,MAAK,aAAa,KAAK;AAC3C,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,cAAc,IAAI;AAC5D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,cAAc,QAAQ,MAAM,EACzB,YAAY,iBAAiB,EAC7B,OAAO,iBAA+B;AACrC,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,YAAY;AACrD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,cAAc,QAAQ,mBAAmB,EACtC,YAAY,qBAAqB,EACjC,OAAO,eAA+B,SAAiB;AACtD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,cAAc,OAAO,EAAE;AACtD,UAAQ,IAAI,eAAe;AAC7B,CAAC;;;ACzCH;AAAA,EACE,MAAQ;AAAA,EACR,SAAW;AAAA,EACX,MAAQ;AAAA,EACR,SAAW;AAAA,IACT,MAAQ;AAAA,EACV;AAAA,EACA,KAAO;AAAA,IACL,OAAS;AAAA,EACX;AAAA,EACA,OAAS;AAAA,IACP;AAAA,EACF;AAAA,EACA,SAAW;AAAA,IACT,OAAS;AAAA,IACT,WAAa;AAAA,IACb,MAAQ;AAAA,IACR,KAAO;AAAA,EACT;AAAA,EACA,cAAgB;AAAA,IACd,oBAAoB;AAAA,IACpB,OAAS;AAAA,IACT,cAAc;AAAA,IACd,WAAa;AAAA,IACb,MAAQ;AAAA,EACV;AAAA,EACA,iBAAmB;AAAA,IACjB,eAAe;AAAA,IACf,MAAQ;AAAA,IACR,YAAc;AAAA,IACd,QAAU;AAAA,EACZ;AACF;;;AxBdO,IAAM,UAAU,IAAIC,UAAQ,OAAO,EACvC,YAAY,iDAA4C,EACxD,QAAQ,gBAAI,OAAO,EACnB,OAAO,mBAAmB,aAAa,EACvC,OAAO,qBAAqB,gCAAgC,OAAO;AAEtE,QAAQ,WAAW,YAAY;AAC/B,QAAQ,WAAW,aAAa;AAChC,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,kBAAkB;AACrC,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,UAAU;AAC7B,QAAQ,WAAW,oBAAoB;AACvC,QAAQ,WAAW,yBAAyB;AAC5C,QAAQ,WAAW,kBAAkB;AACrC,QAAQ,WAAW,YAAY;AAC/B,QAAQ,WAAW,eAAe;AAClC,QAAQ,WAAW,YAAY;AAC/B,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,aAAa;AAChC,QAAQ,WAAW,gBAAgB;;;AyBpCnC,QAAQ,MAAM;","names":["Command","Command","Command","Command","readFileSync","Command","Command","Command","Command","Command","Command","readFileSync","Command","readFileSync","Command","Command","Command","Command","Command","readFileSync","Command","readFileSync","Command","Command","randomUUID","Command","Command","randomUUID","Command","Command","Command","Command","Command","Command","writeFileSync","Command","Command","Command"]}
1	+ {"version":3,"sources":["../src/program.ts","../src/commands/login.ts","../src/config.ts","../src/token-store.ts","../src/oauth.ts","../src/auth.ts","../src/pkce.ts","../src/commands/logout.ts","../src/client.ts","../src/commands/databases.ts","../src/output.ts","../src/helpers.ts","../src/commands/collections.ts","../src/commands/documents.ts","../src/commands/sql.ts","../src/commands/relationships.ts","../src/commands/query-relationships.ts","../src/commands/attachments.ts","../src/commands/hooks.ts","../src/commands/triggers.ts","../src/commands/endpoints.ts","../src/commands/batch.ts","../src/commands/providers.ts","../src/commands/tokens.ts","../src/commands/debug.ts","../package.json","../src/index.ts"],"sourcesContent":["import { Command } from 'commander';\nimport { loginCommand } from './commands/login.js';\nimport { logoutCommand } from './commands/logout.js';\nimport { databasesCommand } from './commands/databases.js';\nimport { collectionsCommand } from './commands/collections.js';\nimport { documentsCommand } from './commands/documents.js';\nimport { sqlCommand } from './commands/sql.js';\nimport { relationshipsCommand } from './commands/relationships.js';\nimport { queryRelationshipsCommand } from './commands/query-relationships.js';\nimport { attachmentsCommand } from './commands/attachments.js';\nimport { hooksCommand } from './commands/hooks.js';\nimport { triggersCommand } from './commands/triggers.js';\nimport { endpointsCommand } from './commands/endpoints.js';\nimport { batchCommand } from './commands/batch.js';\nimport { providersCommand } from './commands/providers.js';\nimport { tokensCommand } from './commands/tokens.js';\nimport { debugCommand } from './commands/debug.js';\nimport pkg from '../package.json' with { type: 'json' };\n\nexport const program = new Command('rekor')\n .description('Rekor CLI — System of Record for AI agents')\n .version(pkg.version)\n .option('--database <id>', 'Database ID')\n .option('--output <format>', 'Output format: json or table', 'table');\n\nprogram.addCommand(loginCommand);\nprogram.addCommand(logoutCommand);\nprogram.addCommand(databasesCommand);\nprogram.addCommand(collectionsCommand);\nprogram.addCommand(documentsCommand);\nprogram.addCommand(sqlCommand);\nprogram.addCommand(relationshipsCommand);\nprogram.addCommand(queryRelationshipsCommand);\nprogram.addCommand(attachmentsCommand);\nprogram.addCommand(hooksCommand);\nprogram.addCommand(triggersCommand);\nprogram.addCommand(batchCommand);\nprogram.addCommand(providersCommand);\nprogram.addCommand(tokensCommand);\nprogram.addCommand(endpointsCommand);\nprogram.addCommand(debugCommand);\n","import { Command } from 'commander';\nimport { login } from '../auth.js';\nimport { loadConfig, saveConfig } from '../config.js';\nimport {\n exchangeCodeForTokens,\n expiresInToIso,\n startCallbackServer,\n getAuthKitDomain,\n getAuthKitClientId,\n OAUTH_CALLBACK_PORT,\n} from '../oauth.js';\nimport {\n generateCodeVerifier,\n generateCodeChallenge,\n generateState,\n} from '../pkce.js';\nimport { setOAuthTokens } from '../token-store.js';\n\nconst FALLBACK_URL_DELAY_MS = 5_000;\n\nexport const loginCommand = new Command('login')\n .description('Authenticate with Rekor')\n .option('--token <token>', 'API key for headless/CI authentication (rec_...)')\n .option('--api-url <url>', 'API base URL')\n .action(async (opts: { token?: string; apiUrl?: string }) => {\n if (opts.token) {\n await login(opts.token, opts.apiUrl);\n console.log('Authenticated successfully');\n return;\n }\n\n try {\n await browserLoginPkce(opts.apiUrl);\n console.log('Authenticated successfully');\n } catch (err) {\n console.error(\n `Login failed: ${err instanceof Error ? err.message : 'Unknown error'}`,\n );\n process.exit(1);\n }\n });\n\nasync function browserLoginPkce(apiUrl?: string): Promise<void> {\n const open = await import('open').then(m => m.default);\n\n const codeVerifier = generateCodeVerifier();\n const codeChallenge = generateCodeChallenge(codeVerifier);\n const state = generateState();\n\n const port = OAUTH_CALLBACK_PORT;\n const redirectUri = `http://127.0.0.1:${port}/callback`;\n\n const authkitDomain = getAuthKitDomain();\n const clientId = getAuthKitClientId();\n\n const authorizeUrl = new URL(`${authkitDomain}/oauth2/authorize`);\n authorizeUrl.searchParams.set('client_id', clientId);\n authorizeUrl.searchParams.set('redirect_uri', redirectUri);\n authorizeUrl.searchParams.set('response_type', 'code');\n authorizeUrl.searchParams.set('code_challenge', codeChallenge);\n authorizeUrl.searchParams.set('code_challenge_method', 'S256');\n authorizeUrl.searchParams.set('state', state);\n // offline_access asks AuthKit to issue a refresh_token alongside the access_token —\n // without it the CLI would re-prompt every ~1h when the access token expires.\n authorizeUrl.searchParams.set('scope', 'openid profile email offline_access');\n\n console.log('Opening browser for authentication...');\n\n // Start the callback server first so the redirect can land.\n const callbackPromise = startCallbackServer(port, state);\n\n // open() resolves on spawn, not browser launch — print a fallback URL after a delay.\n let fallbackPrinted = false;\n const fallbackTimer = setTimeout(() => {\n fallbackPrinted = true;\n console.log(`If the browser didn't open, visit: ${authorizeUrl.toString()}`);\n }, FALLBACK_URL_DELAY_MS);\n\n open(authorizeUrl.toString()).catch(() => {\n if (fallbackPrinted) return;\n clearTimeout(fallbackTimer);\n console.log('Could not open browser automatically.');\n console.log(`Visit: ${authorizeUrl.toString()}`);\n });\n\n let code: string;\n try {\n ({ code } = await callbackPromise);\n } finally {\n clearTimeout(fallbackTimer);\n }\n\n const tokens = await exchangeCodeForTokens(authkitDomain, clientId, code, codeVerifier, redirectUri);\n const expiresAt = expiresInToIso(tokens.expires_in);\n await setOAuthTokens(tokens.access_token, tokens.refresh_token, expiresAt);\n\n const config = loadConfig();\n saveConfig({\n ...config,\n api_url: apiUrl ?? config.api_url,\n });\n}\n","import { readFileSync, writeFileSync, mkdirSync } from 'fs';\nimport { join } from 'path';\nimport { homedir } from 'os';\n\nconst CONFIG_DIR = join(homedir(), '.config', 'rekor');\nconst CONFIG_FILE = join(CONFIG_DIR, 'config.json');\n\nexport interface Config {\n api_url: string;\n default_database?: string;\n org_id?: string;\n}\n\ninterface ConfigFile extends Config {\n // Tokens may linger here from older CLI versions until token-store migrates them.\n token?: string;\n [key: string]: unknown;\n}\n\nexport function loadConfig(): Config {\n const envUrl = process.env['REKOR_API_URL'];\n\n try {\n const raw = readFileSync(CONFIG_FILE, 'utf-8');\n const stored = JSON.parse(raw) as ConfigFile;\n return {\n api_url: envUrl ?? stored.api_url ?? 'http://localhost:8787',\n default_database: stored.default_database,\n org_id: stored.org_id,\n };\n } catch {\n return {\n api_url: envUrl ?? 'http://localhost:8787',\n };\n }\n}\n\nexport function saveConfig(config: Config): void {\n mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });\n let existing: ConfigFile = {} as ConfigFile;\n try {\n existing = JSON.parse(readFileSync(CONFIG_FILE, 'utf-8')) as ConfigFile;\n } catch {\n existing = {} as ConfigFile;\n }\n const merged: ConfigFile = { ...existing, ...config };\n writeFileSync(CONFIG_FILE, JSON.stringify(merged, null, 2), { mode: 0o600 });\n}\n\nexport { CONFIG_DIR, CONFIG_FILE };\n","import * as fs from 'node:fs';\nimport { CONFIG_DIR, CONFIG_FILE } from './config.js';\n\nconst KEYRING_SERVICE = 'rekor';\nconst KEY_REC = 'rec_token';\nconst KEY_OAUTH_ACCESS = 'oauth_access_token';\nconst KEY_OAUTH_REFRESH = 'oauth_refresh_token';\n\ninterface KeyringBinding {\n getPassword(service: string, account: string): Promise<string \| null>;\n setPassword(service: string, account: string, password: string): Promise<void>;\n deletePassword(service: string, account: string): Promise<boolean>;\n}\n\nlet keyringCache: KeyringBinding \| null \| undefined;\n\nasync function getKeyring(): Promise<KeyringBinding \| null> {\n if (keyringCache !== undefined) return keyringCache;\n try {\n const mod = await import('@napi-rs/keyring');\n const Entry = mod.Entry;\n keyringCache = {\n async getPassword(service, account) {\n try { return new Entry(service, account).getPassword(); } catch { return null; }\n },\n async setPassword(service, account, password) {\n new Entry(service, account).setPassword(password);\n },\n async deletePassword(service, account) {\n try { return new Entry(service, account).deletePassword(); } catch { return false; }\n },\n };\n } catch {\n keyringCache = null;\n }\n return keyringCache;\n}\n\nfunction manualCleanupCommand(account: string): string {\n if (process.platform === 'darwin') {\n return `security delete-generic-password -s ${KEYRING_SERVICE} -a ${account}`;\n }\n if (process.platform === 'win32') {\n return `cmdkey /delete:${KEYRING_SERVICE}/${account}`;\n }\n if (process.platform === 'linux') {\n return `secret-tool clear service ${KEYRING_SERVICE} account ${account}`;\n }\n return `(remove service=\"${KEYRING_SERVICE}\" account=\"${account}\" from your OS credential store)`;\n}\n\ninterface LegacyConfigFile {\n api_url?: string;\n token?: string;\n access_token?: string;\n refresh_token?: string;\n token_expires_at?: string;\n default_database?: string;\n org_id?: string;\n [key: string]: unknown;\n}\n\nfunction readConfigFile(): LegacyConfigFile \| null {\n if (!fs.existsSync(CONFIG_FILE)) return null;\n try {\n return JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf-8')) as LegacyConfigFile;\n } catch {\n return null;\n }\n}\n\nfunction writeConfigFile(data: LegacyConfigFile): void {\n if (!fs.existsSync(CONFIG_DIR)) {\n fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });\n }\n fs.writeFileSync(CONFIG_FILE, JSON.stringify(data, null, 2), { mode: 0o600 });\n}\n\n// Delete reported success but get still returned a value — the keychain ignored the delete.\nexport class StaleKeyringSlotError extends Error {\n constructor(public readonly account: string) {\n super(\n `Stale credential remains in OS keychain slot \"${account}\" after delete. ` +\n `Clean it up manually and retry:\\n ${manualCleanupCommand(account)}`,\n );\n this.name = 'StaleKeyringSlotError';\n }\n}\n\nasync function clearSlot(keyring: KeyringBinding, account: string): Promise<boolean> {\n await keyring.deletePassword(KEYRING_SERVICE, account);\n try {\n return (await keyring.getPassword(KEYRING_SERVICE, account)) === null;\n } catch {\n return false;\n }\n}\n\nexport type ResolvedToken =\n \| { kind: 'rec'; token: string }\n \| { kind: 'oauth'; access_token: string; refresh_token?: string; expires_at?: string };\n\nfunction stripTokenFieldsFromFile(): void {\n const existing = readConfigFile();\n if (!existing) return;\n if (existing.token === undefined && existing.access_token === undefined && existing.refresh_token === undefined) return;\n delete existing.token;\n delete existing.access_token;\n delete existing.refresh_token;\n writeConfigFile(existing);\n}\n\nfunction readMetadataExpiresAt(): string \| undefined {\n return readConfigFile()?.token_expires_at;\n}\n\nfunction writeMetadataExpiresAt(value: string \| undefined): void {\n const existing = readConfigFile() ?? {};\n if (value === undefined) {\n delete existing.token_expires_at;\n } else {\n existing.token_expires_at = value;\n }\n writeConfigFile(existing);\n}\n\nasync function migrateLegacyFileToken(keyring: KeyringBinding \| null): Promise<ResolvedToken \| null> {\n const existing = readConfigFile();\n if (!existing) return null;\n\n // Prefer OAuth fields if present (newer file-fallback format), else legacy `token`.\n if (existing.access_token) {\n const out: ResolvedToken = {\n kind: 'oauth',\n access_token: existing.access_token,\n refresh_token: existing.refresh_token,\n expires_at: existing.token_expires_at,\n };\n if (keyring) {\n try {\n // Keyring wins on conflict — only migrate if slots are empty.\n const accessExisting = await keyring.getPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS);\n if (!accessExisting) {\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS, existing.access_token);\n if (existing.refresh_token) {\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_REFRESH, existing.refresh_token);\n }\n }\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip legacy OAuth tokens from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n } catch (err) {\n console.warn(`rekor: OAuth migration to keychain failed (${(err as Error).message}); continuing with file-backed.`);\n }\n }\n return out;\n }\n\n if (existing.token) {\n const token = existing.token;\n if (!keyring) return { kind: 'rec', token };\n try {\n const recExisting = await keyring.getPassword(KEYRING_SERVICE, KEY_REC);\n if (recExisting) {\n // Keyring wins — strip stale file copy.\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip stale token from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n return null;\n }\n await keyring.setPassword(KEYRING_SERVICE, KEY_REC, token);\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip legacy token from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n } catch (err) {\n console.warn(`rekor: keychain migration failed (${(err as Error).message}); continuing with file-backed token.`);\n }\n return { kind: 'rec', token };\n }\n\n return null;\n}\n\n// Read order: REKOR_TOKEN env → rec_ slot → OAuth slot. rec_ wins so an OAuth fallback can't silently switch identities.\nexport async function getResolvedToken(): Promise<ResolvedToken \| null> {\n const envToken = process.env['REKOR_TOKEN'];\n if (envToken) {\n // Always rec-kind — preserves `REKOR_TOKEN=dev` for DEV_BYPASS_AUTH and avoids the OAuth refresh path on plain strings.\n return { kind: 'rec', token: envToken };\n }\n\n const keyring = await getKeyring();\n const migrated = await migrateLegacyFileToken(keyring);\n if (migrated) return migrated;\n\n if (keyring) {\n // All three slots in parallel — rec_ wins read precedence but probing sequentially would block on empty slots.\n const [rec, access, refresh] = await Promise.all([\n keyring.getPassword(KEYRING_SERVICE, KEY_REC),\n keyring.getPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS),\n keyring.getPassword(KEYRING_SERVICE, KEY_OAUTH_REFRESH),\n ]);\n if (rec) return { kind: 'rec', token: rec };\n if (access) {\n const out: ResolvedToken = { kind: 'oauth', access_token: access };\n if (refresh) out.refresh_token = refresh;\n const expiresAt = readMetadataExpiresAt();\n if (expiresAt) out.expires_at = expiresAt;\n return out;\n }\n }\n\n return null;\n}\n\n// Backwards-compatible single-string accessor for callers that don't need the kind.\nexport async function getToken(): Promise<string \| null> {\n const resolved = await getResolvedToken();\n if (!resolved) return null;\n return resolved.kind === 'rec' ? resolved.token : resolved.access_token;\n}\n\nexport async function setToken(token: string): Promise<void> {\n await setRecToken(token);\n}\n\nexport async function setRecToken(token: string): Promise<void> {\n const keyring = await getKeyring();\n if (keyring) {\n try {\n // Clear OAuth slots first — a stale OAuth would survive `rekor logout` and confuse mode-switch debugging.\n const [accessCleared, refreshCleared] = await Promise.all([\n clearSlot(keyring, KEY_OAUTH_ACCESS),\n clearSlot(keyring, KEY_OAUTH_REFRESH),\n ]);\n const stuck = [\n accessCleared ? null : KEY_OAUTH_ACCESS,\n refreshCleared ? null : KEY_OAUTH_REFRESH,\n ].filter((a): a is string => a !== null);\n if (stuck.length > 0) {\n console.warn(\n [\n `rekor: stale OAuth credential remains in OS keychain after delete. Commands work but logout won't fully clear. Manually:`,\n ...stuck.map(a => ` ${manualCleanupCommand(a)}`),\n ].join('\\n'),\n );\n }\n await keyring.setPassword(KEYRING_SERVICE, KEY_REC, token);\n writeMetadataExpiresAt(undefined);\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip stale tokens from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n return;\n } catch (err) {\n if (err instanceof StaleKeyringSlotError) throw err;\n console.warn(`rekor: keychain write failed (${(err as Error).message}); falling back to file storage.`);\n }\n }\n const existing = readConfigFile() ?? {};\n delete existing.access_token;\n delete existing.refresh_token;\n delete existing.token_expires_at;\n existing.token = token;\n writeConfigFile(existing);\n}\n\nexport async function setOAuthTokens(\n accessToken: string,\n refreshToken: string \| undefined,\n expiresAt: string,\n): Promise<void> {\n const keyring = await getKeyring();\n if (keyring) {\n try {\n // rec_ wins the read race — a leftover would mask new OAuth tokens; verify empty after delete and fail loudly.\n if (!(await clearSlot(keyring, KEY_REC))) {\n throw new StaleKeyringSlotError(KEY_REC);\n }\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS, accessToken);\n if (refreshToken) {\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_REFRESH, refreshToken);\n } else {\n // Best-effort clear of any stale refresh slot when the new pair has none.\n await clearSlot(keyring, KEY_OAUTH_REFRESH);\n }\n writeMetadataExpiresAt(expiresAt);\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip stale tokens from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n return;\n } catch (err) {\n // StaleKeyringSlotError propagates — file fallback won't help if the keyring still holds rec_.\n if (err instanceof StaleKeyringSlotError) throw err;\n console.warn(`rekor: keychain write failed (${(err as Error).message}); falling back to file storage.`);\n }\n }\n const existing = readConfigFile() ?? {};\n delete existing.token;\n existing.access_token = accessToken;\n if (refreshToken) existing.refresh_token = refreshToken;\n existing.token_expires_at = expiresAt;\n writeConfigFile(existing);\n}\n\nexport async function clearToken(): Promise<void> {\n await clearAllTokens();\n}\n\nexport async function clearAllTokens(): Promise<void> {\n const keyring = await getKeyring();\n if (keyring) {\n const slots = [KEY_REC, KEY_OAUTH_ACCESS, KEY_OAUTH_REFRESH] as const;\n const cleared = await Promise.all(slots.map(s => clearSlot(keyring, s)));\n for (const [i, ok] of cleared.entries()) {\n if (!ok) {\n const account = slots[i]!;\n console.warn(\n `rekor: could not clear keychain slot \"${account}\". Subsequent commands may still pick the stale token. Manually:\\n ${manualCleanupCommand(account)}`,\n );\n }\n }\n }\n const existing = readConfigFile();\n if (existing) {\n let dirty = false;\n for (const k of ['token', 'access_token', 'refresh_token', 'token_expires_at'] as const) {\n if (existing[k] !== undefined) {\n delete existing[k];\n dirty = true;\n }\n }\n if (dirty) writeConfigFile(existing);\n }\n}\n\nexport function __setKeyringForTesting(binding: KeyringBinding \| null): void {\n keyringCache = binding;\n}\n\nexport function __resetKeyringForTesting(): void {\n keyringCache = undefined;\n}\n","import * as http from 'node:http';\n\n// Fixed port for the OAuth redirect URI — must match what's registered in WorkOS AuthKit.\nexport const OAUTH_CALLBACK_PORT = 3927;\n\n// No live defaults until production AuthKit is registered — a registrable fallback subdomain would let an attacker intercept codes from misconfigured installs.\nconst DEFAULT_AUTHKIT_DOMAIN = '';\nconst DEFAULT_AUTHKIT_CLIENT_ID = '';\n\nexport function getAuthKitDomain(): string {\n const value = process.env['REKOR_AUTHKIT_DOMAIN'] \|\| DEFAULT_AUTHKIT_DOMAIN;\n if (!value) {\n throw new Error('REKOR_AUTHKIT_DOMAIN is not configured — set the env var to your AuthKit tenant (e.g. https://<tenant>.authkit.app).');\n }\n return value;\n}\n\nexport function getAuthKitClientId(): string {\n const value = process.env['REKOR_AUTHKIT_CLIENT_ID'] \|\| DEFAULT_AUTHKIT_CLIENT_ID;\n if (!value) {\n throw new Error('REKOR_AUTHKIT_CLIENT_ID is not configured — set the env var to the AuthKit public PKCE client id registered for the Rekor CLI.');\n }\n return value;\n}\n\nexport interface TokenResponse {\n access_token: string;\n refresh_token?: string;\n expires_in: number;\n}\n\nexport function expiresInToIso(expiresInSeconds: number): string {\n return new Date(Date.now() + expiresInSeconds * 1000).toISOString();\n}\n\nfunction asTokenResponse(value: unknown): TokenResponse {\n if (typeof value !== 'object' \|\| value === null) {\n throw new Error('AuthKit returned a non-object token payload');\n }\n const v = value as Partial<TokenResponse>;\n if (typeof v.access_token !== 'string' \|\| typeof v.expires_in !== 'number') {\n throw new Error('AuthKit token payload missing required fields');\n }\n const out: TokenResponse = { access_token: v.access_token, expires_in: v.expires_in };\n if (typeof v.refresh_token === 'string') out.refresh_token = v.refresh_token;\n return out;\n}\n\nexport async function exchangeCodeForTokens(\n authkitDomain: string,\n clientId: string,\n code: string,\n codeVerifier: string,\n redirectUri: string,\n): Promise<TokenResponse> {\n const response = await fetch(`${authkitDomain}/oauth2/token`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: new URLSearchParams({\n grant_type: 'authorization_code',\n code,\n code_verifier: codeVerifier,\n redirect_uri: redirectUri,\n client_id: clientId,\n }).toString(),\n });\n\n if (!response.ok) {\n const body = await response.text();\n throw new Error(`Token exchange failed (${response.status}): ${body}`);\n }\n\n return asTokenResponse(await response.json());\n}\n\nexport class SessionExpiredError extends Error {\n constructor() {\n super('SESSION_EXPIRED');\n this.name = 'SessionExpiredError';\n }\n}\n\nexport async function refreshAccessToken(\n authkitDomain: string,\n clientId: string,\n refreshToken: string,\n): Promise<TokenResponse> {\n const response = await fetch(`${authkitDomain}/oauth2/token`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: new URLSearchParams({\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n client_id: clientId,\n }).toString(),\n });\n\n if (!response.ok) {\n const status = response.status;\n const body = await response.text();\n\n if (status === 400 \|\| status === 401) {\n try {\n const parsed = JSON.parse(body) as { error?: string };\n if (parsed.error === 'invalid_grant') throw new SessionExpiredError();\n } catch (err) {\n if (err instanceof SessionExpiredError) throw err;\n // Non-JSON body — fall through to generic error.\n }\n }\n\n throw new Error(`Token refresh failed (${status}): ${body}`);\n }\n\n return asTokenResponse(await response.json());\n}\n\nexport function startCallbackServer(\n port: number,\n expectedState: string,\n timeoutMs: number = 120_000,\n): Promise<{ code: string }> {\n return new Promise((resolve, reject) => {\n let handled = false;\n const server = http.createServer((req, res) => {\n const url = new URL(req.url \|\| '/', `http://127.0.0.1:${port}`);\n if (url.pathname !== '/callback') {\n res.writeHead(404);\n res.end();\n return;\n }\n\n if (handled) {\n res.writeHead(409);\n res.end();\n return;\n }\n\n const code = url.searchParams.get('code');\n const state = url.searchParams.get('state');\n const error = url.searchParams.get('error');\n const errorDescription = url.searchParams.get('error_description');\n\n if (error) {\n handled = true;\n res.writeHead(400, { 'Content-Type': 'text/html' });\n res.end(errorPage(errorDescription \|\| error));\n cleanup();\n reject(new Error(`OAuth error: ${errorDescription \|\| error}`));\n return;\n }\n\n if (state !== expectedState) {\n handled = true;\n res.writeHead(400, { 'Content-Type': 'text/html' });\n res.end(errorPage('Invalid state parameter'));\n cleanup();\n reject(new Error('OAuth state mismatch — possible CSRF attempt'));\n return;\n }\n\n if (!code) {\n handled = true;\n res.writeHead(400, { 'Content-Type': 'text/html' });\n res.end(errorPage('No authorization code received'));\n cleanup();\n reject(new Error('No authorization code received'));\n return;\n }\n\n handled = true;\n res.writeHead(200, { 'Content-Type': 'text/html' });\n res.end(successPage());\n cleanup();\n resolve({ code });\n });\n\n const timeout = setTimeout(() => {\n cleanup();\n reject(new Error('Timed out waiting for login. Run `rekor login` again.'));\n }, timeoutMs);\n\n function cleanup(): void {\n clearTimeout(timeout);\n server.close();\n }\n\n server.on('error', (err: NodeJS.ErrnoException) => {\n cleanup();\n if (err.code === 'EADDRINUSE') {\n reject(new Error(`Port ${port} is in use. Close the other process and retry.`));\n } else {\n reject(err);\n }\n });\n\n server.listen(port, '127.0.0.1');\n });\n}\n\nfunction successPage(): string {\n return `<!DOCTYPE html>\n<html><head><title>Rekor CLI</title></head>\n<body style=\"font-family: system-ui, sans-serif; display: flex; align-items: center; justify-content: center; min-height: 100vh; margin: 0; background: #fafafa;\">\n <div style=\"text-align: center;\">\n <h1 style=\"font-size: 1.25rem; font-weight: 600;\">Authentication successful</h1>\n <p style=\"color: #666; margin-top: 0.5rem;\">You can close this tab and return to your terminal.</p>\n </div>\n</body></html>`;\n}\n\n// `message` comes from OAuth redirect params — encode so a compromised IdP can't inject HTML into the localhost page.\nfunction escapeHtml(input: string): string {\n return input\n .replace(/&/g, '&')\n .replace(/</g, '<')\n .replace(/>/g, '>')\n .replace(/\"/g, '"')\n .replace(/'/g, ''');\n}\n\nfunction errorPage(message: string): string {\n return `<!DOCTYPE html>\n<html><head><title>Rekor CLI</title></head>\n<body style=\"font-family: system-ui, sans-serif; display: flex; align-items: center; justify-content: center; min-height: 100vh; margin: 0; background: #fafafa;\">\n <div style=\"text-align: center;\">\n <h1 style=\"font-size: 1.25rem; font-weight: 600; color: #dc2626;\">Authentication failed</h1>\n <p style=\"color: #666; margin-top: 0.5rem;\">${escapeHtml(message)}</p>\n </div>\n</body></html>`;\n}\n","import { loadConfig, saveConfig } from './config.js';\nimport { getResolvedToken, setRecToken, setOAuthTokens, clearAllTokens, type ResolvedToken } from './token-store.js';\nimport { refreshAccessToken, expiresInToIso, getAuthKitDomain, getAuthKitClientId, SessionExpiredError } from './oauth.js';\n\n/** Persist a pasted rec_ token (CI / headless path). /\nexport async function login(token: string, apiUrl?: string): Promise<void> {\n await setRecToken(token);\n const config = loadConfig();\n saveConfig({\n ...config,\n api_url: apiUrl ?? config.api_url,\n });\n}\n\nconst REFRESH_LEEWAY_MS = 60_000;\n\n// Returns a valid access token; silently refreshes OAuth tokens within 60s of expiry.\nexport async function getAccessToken(): Promise<string \| null> {\n const resolved = await getResolvedToken();\n if (!resolved) return null;\n\n if (resolved.kind === 'rec') return resolved.token;\n\n // OAuth path — refresh if near expiry. Missing/unparseable expires_at: assume valid, let the API surface a real 401.\n const expiresAtMs = resolved.expires_at ? new Date(resolved.expires_at).getTime() : Number.NaN;\n if (!Number.isFinite(expiresAtMs) \|\| expiresAtMs > Date.now() + REFRESH_LEEWAY_MS) {\n return resolved.access_token;\n }\n if (!resolved.refresh_token) {\n throw new Error('Access token expired and no refresh token available. Run `rekor login` again.');\n }\n\n try {\n const result = await refreshAccessToken(getAuthKitDomain(), getAuthKitClientId(), resolved.refresh_token);\n const newExpiresAt = expiresInToIso(result.expires_in);\n await setOAuthTokens(result.access_token, result.refresh_token ?? resolved.refresh_token, newExpiresAt);\n return result.access_token;\n } catch (err) {\n if (err instanceof SessionExpiredError) {\n await clearAllTokens();\n throw new Error('Session expired. Run `rekor login` again.');\n }\n throw err;\n }\n}\n\n/* Auth kind for the current credential, without resolving the token itself. Used by logout to decide if it should call the revoke endpoint. /\nexport async function currentAuthKind(): Promise<ResolvedToken['kind'] \| null> {\n const resolved = await getResolvedToken();\n return resolved?.kind ?? null;\n}\n\nexport async function isAuthenticated(): Promise<boolean> {\n return (await getResolvedToken()) !== null;\n}\n","import as crypto from 'node:crypto';\n\nexport function generateCodeVerifier(): string {\n return crypto.randomBytes(32).toString('base64url');\n}\n\nexport function generateCodeChallenge(verifier: string): string {\n return crypto.createHash('sha256').update(verifier).digest().toString('base64url');\n}\n\nexport function generateState(): string {\n return crypto.randomBytes(16).toString('base64url');\n}\n","import { Command } from 'commander';\nimport { clearAllTokens } from '../token-store.js';\nimport { currentAuthKind } from '../auth.js';\nimport { ApiClient } from '../client.js';\n\nexport const logoutCommand = new Command('logout')\n .description('Remove stored authentication credentials')\n .action(async () => {\n const kind = await currentAuthKind();\n\n // For OAuth sessions, ask the backend to revoke the WorkOS session so cross-device\n // logout works. Best-effort — errors don't block local credential cleanup.\n if (kind === 'oauth') {\n try {\n const client = new ApiClient();\n await client.request('POST', '/v1/auth/logout');\n } catch (err) {\n console.warn(`rekor: server-side logout failed (${err instanceof Error ? err.message : 'unknown'}); clearing local credentials anyway.`);\n }\n }\n\n await clearAllTokens();\n console.log('Logged out successfully');\n });\n","import { loadConfig } from './config.js';\nimport { getAccessToken } from './auth.js';\n\nexport class ApiClient {\n readonly baseUrl: string;\n private _tokenPromise: Promise<string \| null> \| undefined;\n\n constructor() {\n const config = loadConfig();\n this.baseUrl = config.api_url;\n }\n\n private getToken(): Promise<string \| null> {\n if (!this._tokenPromise) this._tokenPromise = getAccessToken();\n return this._tokenPromise;\n }\n\n private async authHeaders(): Promise<Record<string, string>> {\n const token = await this.getToken();\n return token ? { 'Authorization': `Bearer ${token}` } : {};\n }\n\n async request<T = unknown>(method: string, path: string, body?: unknown): Promise<T> {\n const res = await fetch(`${this.baseUrl}${path}`, {\n method,\n headers: {\n ...(await this.authHeaders()),\n 'Content-Type': 'application/json',\n },\n body: body ? JSON.stringify(body) : undefined,\n });\n\n const json = await res.json() as { data?: T; error?: { message: string } };\n if (!res.ok) {\n throw new Error(json.error?.message ?? `HTTP ${res.status}`);\n }\n return json.data as T;\n }\n\n async uploadFile(url: string, body: BodyInit, contentType: string): Promise<void> {\n const res = await fetch(url, {\n method: 'PUT',\n headers: {\n ...(await this.authHeaders()),\n 'Content-Type': contentType,\n },\n body,\n });\n if (!res.ok) {\n throw new Error(`Upload failed: HTTP ${res.status}`);\n }\n }\n}\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getFormat } from '../helpers.js';\n\nexport const databasesCommand = new Command('databases')\n .description('Manage databases');\n\ndatabasesCommand.command('list')\n .description('List all databases')\n .option('--tag <tag>', 'Filter by tag')\n .action(async function (this: Command, opts: { tag?: string }) {\n const client = new ApiClient();\n const qs = opts.tag ? `?tag=${encodeURIComponent(opts.tag)}` : '';\n const data = await client.request('GET', `/v1/databases${qs}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('get <id>')\n .description('Get a database')\n .action(async function (this: Command, id: string) {\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/databases/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('create <id>')\n .description('Create a database')\n .requiredOption('--name <name>', 'Database name')\n .option('--description <desc>', 'Description')\n .option('--tags <tags>', 'Comma-separated tags (e.g., client:acme,billing)')\n .action(async function (this: Command, id: string, opts: { name: string; description?: string; tags?: string }) {\n const client = new ApiClient();\n const body: Record<string, unknown> = {\n name: opts.name,\n description: opts.description,\n };\n if (opts.tags) {\n body['tags'] = opts.tags.split(',').map(t => t.trim());\n }\n const data = await client.request('PUT', `/v1/databases/${id}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('tag <id>')\n .description('Set tags on a database')\n .requiredOption('--tags <tags>', 'Comma-separated tags (e.g., client:acme,billing)')\n .action(async function (this: Command, id: string, opts: { tags: string }) {\n const client = new ApiClient();\n const data = await client.request('PUT', `/v1/databases/${id}`, {\n tags: opts.tags.split(',').map(t => t.trim()),\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('delete <id>')\n .description('Delete a database')\n .action(async (_id: string) => {\n const client = new ApiClient();\n await client.request('DELETE', `/v1/databases/${_id}`);\n console.log('Deleted');\n });\n\n// --- Environment commands ---\n\ndatabasesCommand.command('create-preview <production-id>')\n .description('Create a preview database linked to a production database')\n .requiredOption('--name <name>', 'Preview database name')\n .option('--description <desc>', 'Description')\n .action(async function (this: Command, productionId: string, opts: { name: string; description?: string }) {\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${productionId}/preview`, {\n name: opts.name,\n description: opts.description,\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('list-previews <production-id>')\n .description('List preview databases for a production database')\n .action(async function (this: Command, productionId: string) {\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${productionId}/previews`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('promote <production-id>')\n .description('Promote config from a preview database to production (human-only)')\n .requiredOption('--from <preview-id>', 'Source preview database ID')\n .option('--dry-run', 'Show what would change without applying')\n .option('--collections <ids>', 'Comma-separated collection IDs to promote', (v: string) => v.split(','))\n .option('--triggers <ids>', 'Comma-separated trigger IDs to promote', (v: string) => v.split(','))\n .option('--hooks <ids>', 'Comma-separated hook IDs to promote', (v: string) => v.split(','))\n .action(async function (\n this: Command,\n productionId: string,\n opts: { from: string; dryRun?: boolean; collections?: string[]; triggers?: string[]; hooks?: string[] },\n ) {\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${productionId}/promote`, {\n source_database_id: opts.from,\n dry_run: opts.dryRun ?? false,\n collections: opts.collections,\n triggers: opts.triggers,\n hooks: opts.hooks,\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('rollback <production-id>')\n .description('Rollback a promotion (human-only)')\n .requiredOption('--promotion <promotion-id>', 'Promotion ID to rollback')\n .action(async function (this: Command, productionId: string, opts: { promotion: string }) {\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${productionId}/promote/rollback`, {\n promotion_id: opts.promotion,\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('promotions <production-id>')\n .description('List promotion history for a production database')\n .action(async function (this: Command, productionId: string) {\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${productionId}/promotions`);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import chalk from 'chalk';\nimport Table from 'cli-table3';\n\nexport type OutputFormat = 'json' \| 'table';\n\nexport function formatOutput(data: unknown, format: OutputFormat): string {\n if (format === 'json') {\n return JSON.stringify(data, null, 2);\n }\n\n if (Array.isArray(data)) {\n return formatTable(data as Record<string, unknown>[]);\n }\n\n if (typeof data === 'object' && data !== null) {\n return formatKeyValue(data as Record<string, unknown>);\n }\n\n return String(data);\n}\n\nfunction formatTable(rows: Record<string, unknown>[]): string {\n if (rows.length === 0) return chalk.dim('No results');\n\n const keys = Object.keys(rows[0]!);\n const table = new Table({ head: keys.map(k => chalk.bold(k)) });\n\n for (const row of rows) {\n table.push(keys.map(k => {\n const val = row[k];\n if (val === null \|\| val === undefined) return '';\n if (typeof val === 'object') return JSON.stringify(val);\n return String(val);\n }));\n }\n\n return table.toString();\n}\n\nfunction formatKeyValue(obj: Record<string, unknown>): string {\n const table = new Table();\n for (const [key, value] of Object.entries(obj)) {\n const displayValue = typeof value === 'object' ? JSON.stringify(value) : String(value ?? '');\n table.push({ [chalk.bold(key)]: displayValue });\n }\n return table.toString();\n}\n","import { readFileSync } from 'fs';\nimport { Command } from 'commander';\nimport { type OutputFormat } from './output.js';\n\nexport function parseData(data: string): Record<string, unknown> {\n if (data.startsWith('@')) {\n const content = readFileSync(data.slice(1), 'utf-8');\n return JSON.parse(content) as Record<string, unknown>;\n }\n return JSON.parse(data) as Record<string, unknown>;\n}\n\nexport function getDatabase(cmd: Command): string {\n // Walk up the command chain to find --database on the root program\n let current: Command \| null = cmd;\n while (current) {\n const ws = current.opts().database as string \| undefined;\n if (ws) return ws;\n current = current.parent;\n }\n console.error('Error: --database is required');\n return process.exit(1);\n}\n\nexport function getFormat(cmd: Command): OutputFormat {\n return (cmd.parent?.parent?.opts().output ?? cmd.parent?.opts().output ?? 'table') as OutputFormat;\n}\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\n\nexport const collectionsCommand = new Command('collections')\n .description('Manage collections');\n\ncollectionsCommand.command('list')\n .description('List all collections in a database')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/collections`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ncollectionsCommand.command('get <id>')\n .description('Get a collection')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/collections/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ncollectionsCommand.command('upsert <id>')\n .description('Create or update a collection')\n .requiredOption('--name <name>', 'Collection name')\n .option('--description <desc>', 'Description')\n .option('--schema <json>', 'JSON Schema (inline JSON or @filename)')\n .option('--icon <icon>', 'Icon name')\n .option('--color <color>', 'Hex color')\n .option('--sources <json>', 'External sources config (inline JSON or @filename)')\n .action(async function (this: Command, id: string, opts: { name: string; description?: string; schema?: string; icon?: string; color?: string; sources?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const body: Record<string, unknown> = { name: opts.name };\n if (opts.description) body['description'] = opts.description;\n if (opts.schema) body['json_schema'] = parseData(opts.schema);\n if (opts.icon) body['icon'] = opts.icon;\n if (opts.color) body['color'] = opts.color;\n if (opts.sources) body['sources'] = parseData(opts.sources);\n const data = await client.request('PUT', `/v1/${ws}/collections/${id}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ncollectionsCommand.command('delete <id>')\n .description('Delete a collection')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/collections/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\n\nexport const documentsCommand = new Command('documents')\n .description('Manage documents');\n\ndocumentsCommand.command('upsert <collection>')\n .description('Create or update a document')\n .requiredOption('--data <json>', 'Record data (inline JSON or @filename)')\n .option('--id <id>', 'Internal document ID (UUID) to update a known document')\n .option('--external-id <id>', 'External/agent-supplied ID for idempotent upsert')\n .option('--external-source <source>', 'Source system for external_id (e.g. stripe)')\n .action(async function (this: Command, collection: string, opts: { data: string; id?: string; externalId?: string; externalSource?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const body: Record<string, unknown> = { data: parseData(opts.data) };\n if (opts.externalId) body['external_id'] = opts.externalId;\n if (opts.externalSource) body['external_source'] = opts.externalSource;\n const path = opts.id\n ? `/v1/${ws}/documents/${collection}/${opts.id}`\n : `/v1/${ws}/documents/${collection}`;\n const data = await client.request('PUT', path, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndocumentsCommand.command('get <collection> <id>')\n .description('Get a document by ID')\n .action(async function (this: Command, collection: string, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/documents/${collection}/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndocumentsCommand.command('delete <collection> <id>')\n .description('Delete a document')\n .action(async function (this: Command, collection: string, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/documents/${collection}/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { readFileSync } from 'fs';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\n\nexport const sqlCommand = new Command('sql')\n .description('Execute a read-only SQL query against database data')\n .argument('[query]', 'SQL query (SELECT only)')\n .option('--file <path>', 'Read SQL from a file instead of argument')\n .option('--param <kv...>', 'Named parameters as key=value pairs (e.g., --param status=issued)')\n .action(async function (this: Command, queryArg: string \| undefined, opts: { file?: string; param?: string[] }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n\n let query: string;\n if (opts.file) {\n query = readFileSync(opts.file, 'utf-8').trim();\n } else if (queryArg) {\n query = queryArg;\n } else {\n console.error('Error: provide a SQL query as argument or via --file');\n process.exit(1);\n }\n\n const params: Record<string, unknown> = {};\n if (opts.param) {\n for (const kv of opts.param) {\n const eqIdx = kv.indexOf('=');\n if (eqIdx === -1) {\n console.error(`Error: invalid param format \"${kv}\", expected key=value`);\n process.exit(1);\n }\n params[kv.slice(0, eqIdx)] = kv.slice(eqIdx + 1);\n }\n }\n\n const body: Record<string, unknown> = { query };\n if (Object.keys(params).length > 0) body.params = params;\n\n const data = await client.request('POST', `/v1/${ws}/sql`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\n\nexport const relationshipsCommand = new Command('relationships')\n .description('Manage relationships between documents');\n\nrelationshipsCommand.command('upsert')\n .description('Create or update a relationship')\n .requiredOption('--source <collection/id>', 'Source document (collection/id)')\n .requiredOption('--target <collection/id>', 'Target document (collection/id)')\n .requiredOption('--type <type>', 'Relationship type')\n .option('--id <id>', 'Relationship ID')\n .option('--data <json>', 'Relationship metadata (inline JSON or @filename)')\n .action(async function (this: Command, opts: { source: string; target: string; type: string; id?: string; data?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const [sourceCollection, sourceId] = opts.source.split('/');\n const [targetCollection, targetId] = opts.target.split('/');\n const body: Record<string, unknown> = {\n rel_type: opts.type,\n source_collection: sourceCollection,\n source_id: sourceId,\n target_collection: targetCollection,\n target_id: targetId,\n };\n if (opts.id) body['id'] = opts.id;\n if (opts.data) body['data'] = parseData(opts.data);\n const path = opts.id ? `/v1/${ws}/relationships/${opts.id}` : `/v1/${ws}/relationships`;\n const data = await client.request('PUT', path, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nrelationshipsCommand.command('get <id>')\n .description('Get a relationship by ID')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/relationships/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nrelationshipsCommand.command('delete <id>')\n .description('Delete a relationship')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/relationships/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\n\nexport const queryRelationshipsCommand = new Command('query-relationships')\n .description('Query related documents')\n .argument('<collection>', 'Collection of the source document')\n .argument('<id>', 'Source document ID')\n .option('--type <type>', 'Filter by relationship type')\n .option('--direction <dir>', 'Direction: outgoing, incoming, or both', 'both')\n .option('--limit <n>', 'Max results', '50')\n .option('--offset <n>', 'Skip results', '0')\n .action(async function (this: Command, collection: string, id: string, opts: { type?: string; direction: string; limit: string; offset: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const params = new URLSearchParams();\n if (opts.type) params.set('rel_type', opts.type);\n // Map user-friendly direction names to backend API terms\n const directionMap: Record<string, string> = { outgoing: 'source', incoming: 'target', both: 'both' };\n params.set('direction', directionMap[opts.direction] ?? opts.direction);\n params.set('limit', opts.limit);\n params.set('offset', opts.offset);\n const data = await client.request('GET', `/v1/${ws}/documents/${collection}/${id}/related?${params.toString()}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { readFileSync } from 'node:fs';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\n\nexport const attachmentsCommand = new Command('attachments')\n .description('Manage document attachments');\n\nattachmentsCommand.command('upload <collection> <id>')\n .description('Get a presigned upload URL for a document attachment. With --file, uploads the file content in one step.')\n .requiredOption('--filename <name>', 'File name or path (e.g. docs/guide.md)')\n .option('--content-type <type>', 'MIME type', 'application/octet-stream')\n .option('--file <path>', 'Local file to upload (skips presigned URL output, uploads directly)')\n .action(async function (this: Command, collection: string, id: string, opts: { filename: string; contentType: string; file?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${ws}/documents/${collection}/${id}/attachments`, {\n filename: opts.filename,\n content_type: opts.contentType,\n }) as { upload_url: string; [key: string]: unknown };\n\n if (opts.file) {\n const body = readFileSync(opts.file);\n const uploadUrl = data.upload_url.startsWith('http') ? data.upload_url : `${client.baseUrl}${data.upload_url}`;\n await client.uploadFile(uploadUrl, body, opts.contentType);\n console.log(formatOutput({ ...data, uploaded: true }, getFormat(this)));\n } else {\n console.log(formatOutput(data, getFormat(this)));\n }\n });\n\nattachmentsCommand.command('url <collection> <id>')\n .description('Get a download URL for an attachment by filename')\n .requiredOption('--filename <name>', 'File name or path (e.g. docs/guide.md)')\n .action(async function (this: Command, collection: string, id: string, opts: { filename: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const attachments = await client.request<Array<{ key: string; size: number; uploaded: string }>>('GET', `/v1/${ws}/documents/${collection}/${id}/attachments`);\n const match = attachments.find(a => a.key.endsWith(`/${opts.filename}`));\n if (!match) {\n throw new Error(`Attachment \"${opts.filename}\" not found`);\n }\n const downloadUrl = `${client.baseUrl}/v1/${ws}/attachments/${match.key}`;\n console.log(formatOutput({ download_url: downloadUrl, ...match }, getFormat(this)));\n });\n\nattachmentsCommand.command('list <collection> <id>')\n .description('List attachments for a document')\n .option('--prefix <path>', 'Filter by path prefix (e.g. docs/)')\n .action(async function (this: Command, collection: string, id: string, opts: { prefix?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const query = opts.prefix ? `?prefix=${encodeURIComponent(opts.prefix)}` : '';\n const data = await client.request('GET', `/v1/${ws}/documents/${collection}/${id}/attachments${query}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nattachmentsCommand.command('delete <collection> <id> <attachment-id>')\n .description('Delete an attachment')\n .action(async function (this: Command, collection: string, id: string, attachmentId: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/documents/${collection}/${id}/attachments/${attachmentId}`);\n console.log('Deleted');\n });\n","import { randomUUID } from 'crypto';\nimport { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\n\nexport const hooksCommand = new Command('hooks')\n .description('Manage inbound webhook endpoints');\n\nhooksCommand.command('create')\n .description('Create a new inbound hook')\n .requiredOption('--name <name>', 'Hook name')\n .requiredOption('--secret <secret>', 'HMAC shared secret')\n .option('--id <id>', 'Hook ID (auto-generated if omitted)')\n .option('--collection-scope <collections>', 'Comma-separated collection scope')\n .action(async function (this: Command, opts: { name: string; secret: string; id?: string; collectionScope?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const hookId = opts.id ?? randomUUID();\n const body: Record<string, unknown> = {\n name: opts.name,\n secret: opts.secret,\n enabled: true,\n };\n if (opts.collectionScope) {\n body['collection_scope'] = opts.collectionScope.split(',');\n }\n const data = await client.request('PUT', `/v1/${ws}/hooks/${hookId}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nhooksCommand.command('get <id>')\n .description('Get a hook')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/hooks/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nhooksCommand.command('list')\n .description('List all hooks')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/hooks`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nhooksCommand.command('delete <id>')\n .description('Delete a hook')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/hooks/${id}`);\n console.log('Deleted');\n });\n","import { randomUUID } from 'crypto';\nimport { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\n\nexport const triggersCommand = new Command('triggers')\n .description('Manage outbound triggers');\n\ntriggersCommand.command('create')\n .description('Create an outbound trigger')\n .requiredOption('--name <name>', 'Trigger name')\n .requiredOption('--url <url>', 'Target URL')\n .requiredOption('--secret <secret>', 'HMAC signing secret')\n .requiredOption('--events <events>', 'Comma-separated event types')\n .option('--id <id>', 'Trigger ID (auto-generated if omitted)')\n .option('--collection-scope <collections>', 'Comma-separated collection scope')\n .option('--filter <json>', 'Filter expression (JSON)')\n .action(async function (this: Command, opts: { name: string; url: string; secret: string; events: string; id?: string; collectionScope?: string; filter?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const triggerId = opts.id ?? randomUUID();\n const body: Record<string, unknown> = {\n name: opts.name,\n url: opts.url,\n secret: opts.secret,\n events: opts.events.split(','),\n enabled: true,\n };\n if (opts.collectionScope) {\n body['collection_scope'] = opts.collectionScope.split(',');\n }\n if (opts.filter) {\n body['filter'] = JSON.parse(opts.filter);\n }\n const data = await client.request('PUT', `/v1/${ws}/triggers/${triggerId}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntriggersCommand.command('get <id>')\n .description('Get a trigger')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/triggers/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntriggersCommand.command('list')\n .description('List all triggers')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/triggers`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntriggersCommand.command('delete <id>')\n .description('Delete a trigger')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/triggers/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\n\nexport const endpointsCommand = new Command('endpoints')\n .description('Manage MCP Factory endpoints');\n\nendpointsCommand.command('upsert <slug>')\n .description('Create or update an MCP endpoint')\n .option('--name <name>', 'Endpoint display name (required unless using --config)')\n .option('--description <desc>', 'Endpoint description')\n .option('--tool <spec>', 'Collection tool spec: collection:op1,op2 (repeatable)', collect, [])\n .option('--relationship <spec>', 'Relationship tool spec: rel_type:op1,op2 (repeatable)', collect, [])\n .option('--batch <spec>', 'Batch operation spec: collection_or_rel:op1,op2 (repeatable)', collect, [])\n .option('--sql-query', 'Enable sql_query tool')\n .option('--config <json>', 'Full endpoint config as JSON (supports name_override, description_override per tool). Use @file.json to read from file.')\n .action(async function (this: Command, slug: string, opts: {\n name?: string;\n description?: string;\n tool: string[];\n relationship: string[];\n batch: string[];\n sqlQuery?: boolean;\n config?: string;\n }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n\n let body: Record<string, unknown>;\n\n if (opts.config) {\n // Full JSON config — supports name_override, description_override per tool\n body = JSON.parse(opts.config);\n } else {\n if (!opts.name) {\n throw new Error('--name is required (or use --config for full JSON config)');\n }\n body = {\n name: opts.name,\n tools: opts.tool.map(parseToolSpec),\n };\n\n if (opts.description) body.description = opts.description;\n\n if (opts.relationship.length > 0) {\n body.relationships = opts.relationship.map(parseRelSpec);\n }\n\n if (opts.batch.length > 0) {\n const operations: Record<string, string[]> = {};\n for (const spec of opts.batch) {\n const parsed = parseSpec(spec);\n operations[parsed.key] = parsed.ops;\n }\n body.batch = { enabled: true, operations };\n }\n\n if (opts.sqlQuery) body.sql_query = true;\n }\n\n const data = await client.request('PUT', `/v1/${ws}/endpoints/${slug}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nendpointsCommand.command('get <slug>')\n .description('Get an endpoint')\n .option('--resolved', 'Include resolved collection schemas')\n .action(async function (this: Command, slug: string, opts: { resolved?: boolean }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const path = opts.resolved\n ? `/v1/${ws}/endpoints/${slug}/resolved`\n : `/v1/${ws}/endpoints/${slug}`;\n const data = await client.request('GET', path);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nendpointsCommand.command('list')\n .description('List all endpoints')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/endpoints`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nendpointsCommand.command('delete <slug>')\n .description('Delete an endpoint')\n .action(async function (this: Command, slug: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/endpoints/${slug}`);\n console.log('Deleted');\n });\n\nendpointsCommand.command('url <slug>')\n .description('Get the MCP connection URL for an endpoint')\n .option('--transport <type>', 'Transport: mcp or sse', 'mcp')\n .action((_slug: string, opts: { transport: string }) => {\n const transport = opts.transport === 'sse' ? 'sse' : 'mcp';\n console.log(`https://mcp.rekor.pro/e/${_slug}/${transport}`);\n });\n\n// ---- Helpers ----\n\nfunction collect(value: string, previous: string[]): string[] {\n return [...previous, value];\n}\n\nfunction parseSpec(spec: string): { key: string; ops: string[] } {\n const [key, opsStr] = spec.split(':');\n if (!key \|\| !opsStr) {\n throw new Error(`Invalid spec '${spec}'. Expected format: name:op1,op2`);\n }\n return { key, ops: opsStr.split(',') };\n}\n\nfunction parseToolSpec(spec: string): Record<string, unknown> {\n const { key, ops } = parseSpec(spec);\n return { collection: key, operations: ops };\n}\n\nfunction parseRelSpec(spec: string): Record<string, unknown> {\n const { key, ops } = parseSpec(spec);\n return { rel_type: key, operations: ops };\n}\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\n\nexport const batchCommand = new Command('batch')\n .description('Execute atomic batch operations (up to 1,000 operations)')\n .requiredOption('--operations <json>', 'Operations array (inline JSON or @filename)')\n .action(async function (this: Command, opts: { operations: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const operations = parseData(opts.operations);\n const data = await client.request('POST', `/v1/${ws}/batch`, {\n operations: Array.isArray(operations) ? operations : [operations],\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\nconst VALID_PROVIDERS = 'openai, anthropic, google, mcp';\n\nexport const providersCommand = new Command('providers')\n .description('Import/export tool definitions between LLM providers and Record collections');\n\nprovidersCommand.command('import <provider>')\n .description(`Import tool definitions as collections. Providers: ${VALID_PROVIDERS}`)\n .requiredOption('--tools <json>', 'Tool definitions (inline JSON or @filename)')\n .action(async function (this: Command, provider: string, opts: { tools: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const tools = parseData(opts.tools);\n const data = await client.request('POST', `/v1/${ws}/providers/${provider}/import`, {\n tools: Array.isArray(tools) ? tools : [tools],\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\nprovidersCommand.command('export <provider>')\n .description(`Export collections as tool definitions. Providers: ${VALID_PROVIDERS}`)\n .option('--collections <ids>', 'Comma-separated collection IDs (omit for all)')\n .option('--output <file>', 'Write output to file')\n .action(async function (this: Command, provider: string, opts: { collections?: string; output?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const query = opts.collections ? `?collections=${opts.collections}` : '';\n const data = await client.request('GET', `/v1/${ws}/providers/${provider}/export${query}`);\n\n if (opts.output) {\n const { writeFileSync } = await import('fs');\n writeFileSync(opts.output, JSON.stringify(data, null, 2));\n console.log(`Written to ${opts.output}`);\n } else {\n console.log(formatOutput(data, getFormat(this)));\n }\n });\n\nprovidersCommand.command('import-call <provider> <collection>')\n .description(`Create a document from a tool call in provider format. Providers: ${VALID_PROVIDERS}`)\n .requiredOption('--data <json>', 'Tool call data in provider format (inline JSON or @filename)')\n .option('--external-id <id>', 'External ID for idempotent upsert')\n .option('--external-source <source>', 'External source identifier')\n .action(async function (this: Command, provider: string, collection: string, opts: { data: string; externalId?: string; externalSource?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const callData = parseData(opts.data);\n const queryParts: string[] = [];\n if (opts.externalId) queryParts.push(`external_id=${encodeURIComponent(opts.externalId)}`);\n if (opts.externalSource) queryParts.push(`external_source=${encodeURIComponent(opts.externalSource)}`);\n const qs = queryParts.length ? `?${queryParts.join('&')}` : '';\n const data = await client.request('POST', `/v1/${ws}/providers/${provider}/documents/${collection}${qs}`, callData);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getFormat } from '../helpers.js';\n\nexport const tokensCommand = new Command('tokens')\n .description('Manage API tokens');\n\ntokensCommand.command('create')\n .description('Create a scoped API token')\n .requiredOption('--name <name>', 'Token name')\n .requiredOption('--grants <json>', 'Grant definitions as JSON array')\n .option('--expires-at <date>', 'Expiration date (ISO 8601, e.g., 2026-06-01T00:00:00Z)')\n .action(async function (this: Command, opts: { name: string; grants: string; expiresAt?: string }) {\n const client = new ApiClient();\n let grants: unknown;\n try {\n grants = JSON.parse(opts.grants);\n } catch {\n throw new Error('--grants must be valid JSON');\n }\n const body: Record<string, unknown> = { name: opts.name, grants };\n if (opts.expiresAt) body.expires_at = opts.expiresAt;\n const data = await client.request('POST', '/v1/tokens', body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntokensCommand.command('list')\n .description('List API tokens')\n .action(async function (this: Command) {\n const client = new ApiClient();\n const data = await client.request('GET', '/v1/tokens');\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntokensCommand.command('revoke <token_id>')\n .description('Revoke an API token')\n .action(async function (this: Command, tokenId: string) {\n const client = new ApiClient();\n await client.request('DELETE', `/v1/tokens/${tokenId}`);\n console.log('Token revoked');\n });\n","// Platform-admin debug commands. Backed by /admin/debug/* on the backend,\n// which requires the `platform:admin` permission (granted to JWT auth when\n// the WorkOS email is in PLATFORM_ADMIN_EMAILS). All reads are audit-logged\n// and rate-limited to 60/hour per user.\n\nimport { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getFormat } from '../helpers.js';\n\nexport const debugCommand = new Command('debug')\n .description('Platform-admin debug commands (requires platform:admin grant)');\n\n// --- do ---\n\nconst doCommand = debugCommand.command('do').description('Inspect live database storage state');\n\ndoCommand.command('tables <type> <id>')\n .description('List internal tables and row counts. Types: database \| org \| user')\n .action(async function (this: Command, type: string, id: string) {\n const client = new ApiClient();\n const data = await client.request<{ type: string; id: string; tables: { name: string; row_count: number }[] }>(\n 'GET',\n `/admin/debug/do/${encodeURIComponent(type)}/${encodeURIComponent(id)}/tables`,\n );\n console.log(formatOutput(data.tables, getFormat(this)));\n });\n\ndoCommand.command('read <type> <id> <table>')\n .description('Read rows from an internal table (sensitive columns redacted)')\n .option('--limit <n>', 'Max rows (default 20, cap 100)', (v: string) => Number(v))\n .option('--row-id <value>', 'Filter to a single row by its id column')\n .action(async function (\n this: Command,\n type: string,\n id: string,\n table: string,\n opts: { limit?: number; rowId?: string },\n ) {\n const client = new ApiClient();\n const params = new URLSearchParams({ table });\n if (opts.limit !== undefined) params.set('limit', String(opts.limit));\n if (opts.rowId !== undefined) params.set('row_id', opts.rowId);\n\n const data = await client.request<{\n table: string;\n columns: string[];\n rows: unknown[][];\n truncated: boolean;\n }>(\n 'GET',\n `/admin/debug/do/${encodeURIComponent(type)}/${encodeURIComponent(id)}/read?${params}`,\n );\n\n const format = getFormat(this);\n if (format === 'json') {\n console.log(JSON.stringify(data, null, 2));\n return;\n }\n // Reshape columns/rows into row objects for table display.\n const objs = data.rows.map(r => Object.fromEntries(data.columns.map((c, i) => [c, r[i]])));\n console.log(formatOutput(objs, format));\n if (data.truncated) console.log('(truncated — pass --limit to see more)');\n });\n","{\n \"name\": \"rekor-cli\",\n \"version\": \"0.1.23\",\n \"type\": \"module\",\n \"engines\": {\n \"node\": \">=20.0.0\"\n },\n \"bin\": {\n \"rekor\": \"dist/index.js\"\n },\n \"files\": [\n \"dist\"\n ],\n \"scripts\": {\n \"build\": \"tsup\",\n \"typecheck\": \"tsc --noEmit\",\n \"test\": \"vitest run\",\n \"dev\": \"tsup --watch\"\n },\n \"dependencies\": {\n \"@napi-rs/keyring\": \"^1.1.6\",\n \"chalk\": \"^5.4.1\",\n \"cli-table3\": \"^0.6.5\",\n \"commander\": \"^13.1.0\",\n \"open\": \"^11.0.0\"\n },\n \"devDependencies\": {\n \"@types/node\": \"^25.5.0\",\n \"tsup\": \"^8.4.0\",\n \"typescript\": \"^5.8.2\",\n \"vitest\": \"~3.0.9\"\n }\n}\n","import { program } from './program.js';\n\nprogram.parse();\n"],"mappings":";;;AAAA,SAAS,WAAAA,iBAAe;;;ACAxB,SAAS,eAAe;;;ACAxB,SAAS,cAAc,eAAe,iBAAiB;AACvD,SAAS,YAAY;AACrB,SAAS,eAAe;AAExB,IAAM,aAAa,KAAK,QAAQ,GAAG,WAAW,OAAO;AACrD,IAAM,cAAc,KAAK,YAAY,aAAa;AAc3C,SAAS,aAAqB;AACnC,QAAM,SAAS,QAAQ,IAAI,eAAe;AAE1C,MAAI;AACF,UAAM,MAAM,aAAa,aAAa,OAAO;AAC7C,UAAM,SAAS,KAAK,MAAM,GAAG;AAC7B,WAAO;AAAA,MACL,SAAS,UAAU,OAAO,WAAW;AAAA,MACrC,kBAAkB,OAAO;AAAA,MACzB,QAAQ,OAAO;AAAA,IACjB;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,MACL,SAAS,UAAU;AAAA,IACrB;AAAA,EACF;AACF;AAEO,SAAS,WAAW,QAAsB;AAC/C,YAAU,YAAY,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AACtD,MAAI,WAAuB,CAAC;AAC5B,MAAI;AACF,eAAW,KAAK,MAAM,aAAa,aAAa,OAAO,CAAC;AAAA,EAC1D,QAAQ;AACN,eAAW,CAAC;AAAA,EACd;AACA,QAAM,SAAqB,EAAE,GAAG,UAAU,GAAG,OAAO;AACpD,gBAAc,aAAa,KAAK,UAAU,QAAQ,MAAM,CAAC,GAAG,EAAE,MAAM,IAAM,CAAC;AAC7E;;;AC/CA,YAAY,QAAQ;AAGpB,IAAM,kBAAkB;AACxB,IAAM,UAAU;AAChB,IAAM,mBAAmB;AACzB,IAAM,oBAAoB;AAQ1B,IAAI;AAEJ,eAAe,aAA6C;AAC1D,MAAI,iBAAiB,OAAW,QAAO;AACvC,MAAI;AACF,UAAM,MAAM,MAAM,OAAO,kBAAkB;AAC3C,UAAM,QAAQ,IAAI;AAClB,mBAAe;AAAA,MACb,MAAM,YAAY,SAAS,SAAS;AAClC,YAAI;AAAE,iBAAO,IAAI,MAAM,SAAS,OAAO,EAAE,YAAY;AAAA,QAAG,QAAQ;AAAE,iBAAO;AAAA,QAAM;AAAA,MACjF;AAAA,MACA,MAAM,YAAY,SAAS,SAAS,UAAU;AAC5C,YAAI,MAAM,SAAS,OAAO,EAAE,YAAY,QAAQ;AAAA,MAClD;AAAA,MACA,MAAM,eAAe,SAAS,SAAS;AACrC,YAAI;AAAE,iBAAO,IAAI,MAAM,SAAS,OAAO,EAAE,eAAe;AAAA,QAAG,QAAQ;AAAE,iBAAO;AAAA,QAAO;AAAA,MACrF;AAAA,IACF;AAAA,EACF,QAAQ;AACN,mBAAe;AAAA,EACjB;AACA,SAAO;AACT;AAEA,SAAS,qBAAqB,SAAyB;AACrD,MAAI,QAAQ,aAAa,UAAU;AACjC,WAAO,uCAAuC,eAAe,OAAO,OAAO;AAAA,EAC7E;AACA,MAAI,QAAQ,aAAa,SAAS;AAChC,WAAO,kBAAkB,eAAe,IAAI,OAAO;AAAA,EACrD;AACA,MAAI,QAAQ,aAAa,SAAS;AAChC,WAAO,6BAA6B,eAAe,YAAY,OAAO;AAAA,EACxE;AACA,SAAO,oBAAoB,eAAe,cAAc,OAAO;AACjE;AAaA,SAAS,iBAA0C;AACjD,MAAI,CAAI,cAAW,WAAW,EAAG,QAAO;AACxC,MAAI;AACF,WAAO,KAAK,MAAS,gBAAa,aAAa,OAAO,CAAC;AAAA,EACzD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,gBAAgB,MAA8B;AACrD,MAAI,CAAI,cAAW,UAAU,GAAG;AAC9B,IAAG,aAAU,YAAY,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AAAA,EAC3D;AACA,EAAG,iBAAc,aAAa,KAAK,UAAU,MAAM,MAAM,CAAC,GAAG,EAAE,MAAM,IAAM,CAAC;AAC9E;AAGO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAC/C,YAA4B,SAAiB;AAC3C;AAAA,MACE,iDAAiD,OAAO;AAAA,IAClB,qBAAqB,OAAO,CAAC;AAAA,IACrE;AAJ0B;AAK1B,SAAK,OAAO;AAAA,EACd;AACF;AAEA,eAAe,UAAU,SAAyB,SAAmC;AACnF,QAAM,QAAQ,eAAe,iBAAiB,OAAO;AACrD,MAAI;AACF,WAAQ,MAAM,QAAQ,YAAY,iBAAiB,OAAO,MAAO;AAAA,EACnE,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAMA,SAAS,2BAAiC;AACxC,QAAM,WAAW,eAAe;AAChC,MAAI,CAAC,SAAU;AACf,MAAI,SAAS,UAAU,UAAa,SAAS,iBAAiB,UAAa,SAAS,kBAAkB,OAAW;AACjH,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,kBAAgB,QAAQ;AAC1B;AAEA,SAAS,wBAA4C;AACnD,SAAO,eAAe,GAAG;AAC3B;AAEA,SAAS,uBAAuB,OAAiC;AAC/D,QAAM,WAAW,eAAe,KAAK,CAAC;AACtC,MAAI,UAAU,QAAW;AACvB,WAAO,SAAS;AAAA,EAClB,OAAO;AACL,aAAS,mBAAmB;AAAA,EAC9B;AACA,kBAAgB,QAAQ;AAC1B;AAEA,eAAe,uBAAuB,SAA+D;AACnG,QAAM,WAAW,eAAe;AAChC,MAAI,CAAC,SAAU,QAAO;AAGtB,MAAI,SAAS,cAAc;AACzB,UAAM,MAAqB;AAAA,MACzB,MAAM;AAAA,MACN,cAAc,SAAS;AAAA,MACvB,eAAe,SAAS;AAAA,MACxB,YAAY,SAAS;AAAA,IACvB;AACA,QAAI,SAAS;AACX,UAAI;AAEF,cAAM,iBAAiB,MAAM,QAAQ,YAAY,iBAAiB,gBAAgB;AAClF,YAAI,CAAC,gBAAgB;AACnB,gBAAM,QAAQ,YAAY,iBAAiB,kBAAkB,SAAS,YAAY;AAClF,cAAI,SAAS,eAAe;AAC1B,kBAAM,QAAQ,YAAY,iBAAiB,mBAAmB,SAAS,aAAa;AAAA,UACtF;AAAA,QACF;AACA,YAAI;AAAE,mCAAyB;AAAA,QAAG,SAAS,KAAK;AAC9C,kBAAQ,KAAK,mDAAmD,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,QAC5G;AAAA,MACF,SAAS,KAAK;AACZ,gBAAQ,KAAK,8CAA+C,IAAc,OAAO,iCAAiC;AAAA,MACpH;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,MAAI,SAAS,OAAO;AAClB,UAAM,QAAQ,SAAS;AACvB,QAAI,CAAC,QAAS,QAAO,EAAE,MAAM,OAAO,MAAM;AAC1C,QAAI;AACF,YAAM,cAAc,MAAM,QAAQ,YAAY,iBAAiB,OAAO;AACtE,UAAI,aAAa;AAEf,YAAI;AAAE,mCAAyB;AAAA,QAAG,SAAS,KAAK;AAC9C,kBAAQ,KAAK,2CAA2C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,QACpG;AACA,eAAO;AAAA,MACT;AACA,YAAM,QAAQ,YAAY,iBAAiB,SAAS,KAAK;AACzD,UAAI;AAAE,iCAAyB;AAAA,MAAG,SAAS,KAAK;AAC9C,gBAAQ,KAAK,4CAA4C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,MACrG;AAAA,IACF,SAAS,KAAK;AACZ,cAAQ,KAAK,qCAAsC,IAAc,OAAO,uCAAuC;AAAA,IACjH;AACA,WAAO,EAAE,MAAM,OAAO,MAAM;AAAA,EAC9B;AAEA,SAAO;AACT;AAGA,eAAsB,mBAAkD;AACtE,QAAM,WAAW,QAAQ,IAAI,aAAa;AAC1C,MAAI,UAAU;AAEZ,WAAO,EAAE,MAAM,OAAO,OAAO,SAAS;AAAA,EACxC;AAEA,QAAM,UAAU,MAAM,WAAW;AACjC,QAAM,WAAW,MAAM,uBAAuB,OAAO;AACrD,MAAI,SAAU,QAAO;AAErB,MAAI,SAAS;AAEX,UAAM,CAAC,KAAK,QAAQ,OAAO,IAAI,MAAM,QAAQ,IAAI;AAAA,MAC/C,QAAQ,YAAY,iBAAiB,OAAO;AAAA,MAC5C,QAAQ,YAAY,iBAAiB,gBAAgB;AAAA,MACrD,QAAQ,YAAY,iBAAiB,iBAAiB;AAAA,IACxD,CAAC;AACD,QAAI,IAAK,QAAO,EAAE,MAAM,OAAO,OAAO,IAAI;AAC1C,QAAI,QAAQ;AACV,YAAM,MAAqB,EAAE,MAAM,SAAS,cAAc,OAAO;AACjE,UAAI,QAAS,KAAI,gBAAgB;AACjC,YAAM,YAAY,sBAAsB;AACxC,UAAI,UAAW,KAAI,aAAa;AAChC,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAaA,eAAsB,YAAY,OAA8B;AAC9D,QAAM,UAAU,MAAM,WAAW;AACjC,MAAI,SAAS;AACX,QAAI;AAEF,YAAM,CAAC,eAAe,cAAc,IAAI,MAAM,QAAQ,IAAI;AAAA,QACxD,UAAU,SAAS,gBAAgB;AAAA,QACnC,UAAU,SAAS,iBAAiB;AAAA,MACtC,CAAC;AACD,YAAM,QAAQ;AAAA,QACZ,gBAAgB,OAAO;AAAA,QACvB,iBAAiB,OAAO;AAAA,MAC1B,EAAE,OAAO,CAAC,MAAmB,MAAM,IAAI;AACvC,UAAI,MAAM,SAAS,GAAG;AACpB,gBAAQ;AAAA,UACN;AAAA,YACE;AAAA,YACA,GAAG,MAAM,IAAI,OAAK,KAAK,qBAAqB,CAAC,CAAC,EAAE;AAAA,UAClD,EAAE,KAAK,IAAI;AAAA,QACb;AAAA,MACF;AACA,YAAM,QAAQ,YAAY,iBAAiB,SAAS,KAAK;AACzD,6BAAuB,MAAS;AAChC,UAAI;AAAE,iCAAyB;AAAA,MAAG,SAAS,KAAK;AAC9C,gBAAQ,KAAK,4CAA4C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,MACrG;AACA;AAAA,IACF,SAAS,KAAK;AACZ,UAAI,eAAe,sBAAuB,OAAM;AAChD,cAAQ,KAAK,iCAAkC,IAAc,OAAO,kCAAkC;AAAA,IACxG;AAAA,EACF;AACA,QAAM,WAAW,eAAe,KAAK,CAAC;AACtC,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,WAAS,QAAQ;AACjB,kBAAgB,QAAQ;AAC1B;AAEA,eAAsB,eACpB,aACA,cACA,WACe;AACf,QAAM,UAAU,MAAM,WAAW;AACjC,MAAI,SAAS;AACX,QAAI;AAEF,UAAI,CAAE,MAAM,UAAU,SAAS,OAAO,GAAI;AACxC,cAAM,IAAI,sBAAsB,OAAO;AAAA,MACzC;AACA,YAAM,QAAQ,YAAY,iBAAiB,kBAAkB,WAAW;AACxE,UAAI,cAAc;AAChB,cAAM,QAAQ,YAAY,iBAAiB,mBAAmB,YAAY;AAAA,MAC5E,OAAO;AAEL,cAAM,UAAU,SAAS,iBAAiB;AAAA,MAC5C;AACA,6BAAuB,SAAS;AAChC,UAAI;AAAE,iCAAyB;AAAA,MAAG,SAAS,KAAK;AAC9C,gBAAQ,KAAK,4CAA4C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,MACrG;AACA;AAAA,IACF,SAAS,KAAK;AAEZ,UAAI,eAAe,sBAAuB,OAAM;AAChD,cAAQ,KAAK,iCAAkC,IAAc,OAAO,kCAAkC;AAAA,IACxG;AAAA,EACF;AACA,QAAM,WAAW,eAAe,KAAK,CAAC;AACtC,SAAO,SAAS;AAChB,WAAS,eAAe;AACxB,MAAI,aAAc,UAAS,gBAAgB;AAC3C,WAAS,mBAAmB;AAC5B,kBAAgB,QAAQ;AAC1B;AAMA,eAAsB,iBAAgC;AACpD,QAAM,UAAU,MAAM,WAAW;AACjC,MAAI,SAAS;AACX,UAAM,QAAQ,CAAC,SAAS,kBAAkB,iBAAiB;AAC3D,UAAM,UAAU,MAAM,QAAQ,IAAI,MAAM,IAAI,OAAK,UAAU,SAAS,CAAC,CAAC,CAAC;AACvE,eAAW,CAAC,GAAG,EAAE,KAAK,QAAQ,QAAQ,GAAG;AACvC,UAAI,CAAC,IAAI;AACP,cAAM,UAAU,MAAM,CAAC;AACvB,gBAAQ;AAAA,UACN,yCAAyC,OAAO;AAAA,IAAuE,qBAAqB,OAAO,CAAC;AAAA,QACtJ;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,QAAM,WAAW,eAAe;AAChC,MAAI,UAAU;AACZ,QAAI,QAAQ;AACZ,eAAW,KAAK,CAAC,SAAS,gBAAgB,iBAAiB,kBAAkB,GAAY;AACvF,UAAI,SAAS,CAAC,MAAM,QAAW;AAC7B,eAAO,SAAS,CAAC;AACjB,gBAAQ;AAAA,MACV;AAAA,IACF;AACA,QAAI,MAAO,iBAAgB,QAAQ;AAAA,EACrC;AACF;;;AC7UA,YAAY,UAAU;AAGf,IAAM,sBAAsB;AAGnC,IAAM,yBAAyB;AAC/B,IAAM,4BAA4B;AAE3B,SAAS,mBAA2B;AACzC,QAAM,QAAQ,QAAQ,IAAI,sBAAsB,KAAK;AACrD,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,MAAM,2HAAsH;AAAA,EACxI;AACA,SAAO;AACT;AAEO,SAAS,qBAA6B;AAC3C,QAAM,QAAQ,QAAQ,IAAI,yBAAyB,KAAK;AACxD,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,MAAM,qIAAgI;AAAA,EAClJ;AACA,SAAO;AACT;AAQO,SAAS,eAAe,kBAAkC;AAC/D,SAAO,IAAI,KAAK,KAAK,IAAI,IAAI,mBAAmB,GAAI,EAAE,YAAY;AACpE;AAEA,SAAS,gBAAgB,OAA+B;AACtD,MAAI,OAAO,UAAU,YAAY,UAAU,MAAM;AAC/C,UAAM,IAAI,MAAM,6CAA6C;AAAA,EAC/D;AACA,QAAM,IAAI;AACV,MAAI,OAAO,EAAE,iBAAiB,YAAY,OAAO,EAAE,eAAe,UAAU;AAC1E,UAAM,IAAI,MAAM,+CAA+C;AAAA,EACjE;AACA,QAAM,MAAqB,EAAE,cAAc,EAAE,cAAc,YAAY,EAAE,WAAW;AACpF,MAAI,OAAO,EAAE,kBAAkB,SAAU,KAAI,gBAAgB,EAAE;AAC/D,SAAO;AACT;AAEA,eAAsB,sBACpB,eACA,UACA,MACA,cACA,aACwB;AACxB,QAAM,WAAW,MAAM,MAAM,GAAG,aAAa,iBAAiB;AAAA,IAC5D,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,IAC/D,MAAM,IAAI,gBAAgB;AAAA,MACxB,YAAY;AAAA,MACZ;AAAA,MACA,eAAe;AAAA,MACf,cAAc;AAAA,MACd,WAAW;AAAA,IACb,CAAC,EAAE,SAAS;AAAA,EACd,CAAC;AAED,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,UAAM,IAAI,MAAM,0BAA0B,SAAS,MAAM,MAAM,IAAI,EAAE;AAAA,EACvE;AAEA,SAAO,gBAAgB,MAAM,SAAS,KAAK,CAAC;AAC9C;AAEO,IAAM,sBAAN,cAAkC,MAAM;AAAA,EAC7C,cAAc;AACZ,UAAM,iBAAiB;AACvB,SAAK,OAAO;AAAA,EACd;AACF;AAEA,eAAsB,mBACpB,eACA,UACA,cACwB;AACxB,QAAM,WAAW,MAAM,MAAM,GAAG,aAAa,iBAAiB;AAAA,IAC5D,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,IAC/D,MAAM,IAAI,gBAAgB;AAAA,MACxB,YAAY;AAAA,MACZ,eAAe;AAAA,MACf,WAAW;AAAA,IACb,CAAC,EAAE,SAAS;AAAA,EACd,CAAC;AAED,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,SAAS,SAAS;AACxB,UAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,QAAI,WAAW,OAAO,WAAW,KAAK;AACpC,UAAI;AACF,cAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,YAAI,OAAO,UAAU,gBAAiB,OAAM,IAAI,oBAAoB;AAAA,MACtE,SAAS,KAAK;AACZ,YAAI,eAAe,oBAAqB,OAAM;AAAA,MAEhD;AAAA,IACF;AAEA,UAAM,IAAI,MAAM,yBAAyB,MAAM,MAAM,IAAI,EAAE;AAAA,EAC7D;AAEA,SAAO,gBAAgB,MAAM,SAAS,KAAK,CAAC;AAC9C;AAEO,SAAS,oBACd,MACA,eACA,YAAoB,MACO;AAC3B,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,QAAI,UAAU;AACd,UAAM,SAAc,kBAAa,CAAC,KAAK,QAAQ;AAC7C,YAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,oBAAoB,IAAI,EAAE;AAC9D,UAAI,IAAI,aAAa,aAAa;AAChC,YAAI,UAAU,GAAG;AACjB,YAAI,IAAI;AACR;AAAA,MACF;AAEA,UAAI,SAAS;AACX,YAAI,UAAU,GAAG;AACjB,YAAI,IAAI;AACR;AAAA,MACF;AAEA,YAAM,OAAO,IAAI,aAAa,IAAI,MAAM;AACxC,YAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,YAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,YAAM,mBAAmB,IAAI,aAAa,IAAI,mBAAmB;AAEjE,UAAI,OAAO;AACT,kBAAU;AACV,YAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,YAAI,IAAI,UAAU,oBAAoB,KAAK,CAAC;AAC5C,gBAAQ;AACR,eAAO,IAAI,MAAM,gBAAgB,oBAAoB,KAAK,EAAE,CAAC;AAC7D;AAAA,MACF;AAEA,UAAI,UAAU,eAAe;AAC3B,kBAAU;AACV,YAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,YAAI,IAAI,UAAU,yBAAyB,CAAC;AAC5C,gBAAQ;AACR,eAAO,IAAI,MAAM,mDAA8C,CAAC;AAChE;AAAA,MACF;AAEA,UAAI,CAAC,MAAM;AACT,kBAAU;AACV,YAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,YAAI,IAAI,UAAU,gCAAgC,CAAC;AACnD,gBAAQ;AACR,eAAO,IAAI,MAAM,gCAAgC,CAAC;AAClD;AAAA,MACF;AAEA,gBAAU;AACV,UAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,UAAI,IAAI,YAAY,CAAC;AACrB,cAAQ;AACR,cAAQ,EAAE,KAAK,CAAC;AAAA,IAClB,CAAC;AAED,UAAM,UAAU,WAAW,MAAM;AAC/B,cAAQ;AACR,aAAO,IAAI,MAAM,uDAAuD,CAAC;AAAA,IAC3E,GAAG,SAAS;AAEZ,aAAS,UAAgB;AACvB,mBAAa,OAAO;AACpB,aAAO,MAAM;AAAA,IACf;AAEA,WAAO,GAAG,SAAS,CAAC,QAA+B;AACjD,cAAQ;AACR,UAAI,IAAI,SAAS,cAAc;AAC7B,eAAO,IAAI,MAAM,QAAQ,IAAI,gDAAgD,CAAC;AAAA,MAChF,OAAO;AACL,eAAO,GAAG;AAAA,MACZ;AAAA,IACF,CAAC;AAED,WAAO,OAAO,MAAM,WAAW;AAAA,EACjC,CAAC;AACH;AAEA,SAAS,cAAsB;AAC7B,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAQT;AAGA,SAAS,WAAW,OAAuB;AACzC,SAAO,MACJ,QAAQ,MAAM,OAAO,EACrB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,QAAQ,EACtB,QAAQ,MAAM,OAAO;AAC1B;AAEA,SAAS,UAAU,SAAyB;AAC1C,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA,kDAKyC,WAAW,OAAO,CAAC;AAAA;AAAA;AAGrE;;;ACjOA,eAAsB,MAAM,OAAe,QAAgC;AACzE,QAAM,YAAY,KAAK;AACvB,QAAM,SAAS,WAAW;AAC1B,aAAW;AAAA,IACT,GAAG;AAAA,IACH,SAAS,UAAU,OAAO;AAAA,EAC5B,CAAC;AACH;AAEA,IAAM,oBAAoB;AAG1B,eAAsB,iBAAyC;AAC7D,QAAM,WAAW,MAAM,iBAAiB;AACxC,MAAI,CAAC,SAAU,QAAO;AAEtB,MAAI,SAAS,SAAS,MAAO,QAAO,SAAS;AAG7C,QAAM,cAAc,SAAS,aAAa,IAAI,KAAK,SAAS,UAAU,EAAE,QAAQ,IAAI,OAAO;AAC3F,MAAI,CAAC,OAAO,SAAS,WAAW,KAAK,cAAc,KAAK,IAAI,IAAI,mBAAmB;AACjF,WAAO,SAAS;AAAA,EAClB;AACA,MAAI,CAAC,SAAS,eAAe;AAC3B,UAAM,IAAI,MAAM,+EAA+E;AAAA,EACjG;AAEA,MAAI;AACF,UAAM,SAAS,MAAM,mBAAmB,iBAAiB,GAAG,mBAAmB,GAAG,SAAS,aAAa;AACxG,UAAM,eAAe,eAAe,OAAO,UAAU;AACrD,UAAM,eAAe,OAAO,cAAc,OAAO,iBAAiB,SAAS,eAAe,YAAY;AACtG,WAAO,OAAO;AAAA,EAChB,SAAS,KAAK;AACZ,QAAI,eAAe,qBAAqB;AACtC,YAAM,eAAe;AACrB,YAAM,IAAI,MAAM,2CAA2C;AAAA,IAC7D;AACA,UAAM;AAAA,EACR;AACF;AAGA,eAAsB,kBAAyD;AAC7E,QAAM,WAAW,MAAM,iBAAiB;AACxC,SAAO,UAAU,QAAQ;AAC3B;;;AClDA,YAAY,YAAY;AAEjB,SAAS,uBAA+B;AAC7C,SAAc,mBAAY,EAAE,EAAE,SAAS,WAAW;AACpD;AAEO,SAAS,sBAAsB,UAA0B;AAC9D,SAAc,kBAAW,QAAQ,EAAE,OAAO,QAAQ,EAAE,OAAO,EAAE,SAAS,WAAW;AACnF;AAEO,SAAS,gBAAwB;AACtC,SAAc,mBAAY,EAAE,EAAE,SAAS,WAAW;AACpD;;;ALMA,IAAM,wBAAwB;AAEvB,IAAM,eAAe,IAAI,QAAQ,OAAO,EAC5C,YAAY,yBAAyB,EACrC,OAAO,mBAAmB,kDAAkD,EAC5E,OAAO,mBAAmB,cAAc,EACxC,OAAO,OAAO,SAA8C;AAC3D,MAAI,KAAK,OAAO;AACd,UAAM,MAAM,KAAK,OAAO,KAAK,MAAM;AACnC,YAAQ,IAAI,4BAA4B;AACxC;AAAA,EACF;AAEA,MAAI;AACF,UAAM,iBAAiB,KAAK,MAAM;AAClC,YAAQ,IAAI,4BAA4B;AAAA,EAC1C,SAAS,KAAK;AACZ,YAAQ;AAAA,MACN,iBAAiB,eAAe,QAAQ,IAAI,UAAU,eAAe;AAAA,IACvE;AACA,YAAQ,KAAK,CAAC;AAAA,EAChB;AACF,CAAC;AAEH,eAAe,iBAAiB,QAAgC;AAC9D,QAAM,OAAO,MAAM,OAAO,MAAM,EAAE,KAAK,OAAK,EAAE,OAAO;AAErD,QAAM,eAAe,qBAAqB;AAC1C,QAAM,gBAAgB,sBAAsB,YAAY;AACxD,QAAM,QAAQ,cAAc;AAE5B,QAAM,OAAO;AACb,QAAM,cAAc,oBAAoB,IAAI;AAE5C,QAAM,gBAAgB,iBAAiB;AACvC,QAAM,WAAW,mBAAmB;AAEpC,QAAM,eAAe,IAAI,IAAI,GAAG,aAAa,mBAAmB;AAChE,eAAa,aAAa,IAAI,aAAa,QAAQ;AACnD,eAAa,aAAa,IAAI,gBAAgB,WAAW;AACzD,eAAa,aAAa,IAAI,iBAAiB,MAAM;AACrD,eAAa,aAAa,IAAI,kBAAkB,aAAa;AAC7D,eAAa,aAAa,IAAI,yBAAyB,MAAM;AAC7D,eAAa,aAAa,IAAI,SAAS,KAAK;AAG5C,eAAa,aAAa,IAAI,SAAS,qCAAqC;AAE5E,UAAQ,IAAI,uCAAuC;AAGnD,QAAM,kBAAkB,oBAAoB,MAAM,KAAK;AAGvD,MAAI,kBAAkB;AACtB,QAAM,gBAAgB,WAAW,MAAM;AACrC,sBAAkB;AAClB,YAAQ,IAAI,sCAAsC,aAAa,SAAS,CAAC,EAAE;AAAA,EAC7E,GAAG,qBAAqB;AAExB,OAAK,aAAa,SAAS,CAAC,EAAE,MAAM,MAAM;AACxC,QAAI,gBAAiB;AACrB,iBAAa,aAAa;AAC1B,YAAQ,IAAI,uCAAuC;AACnD,YAAQ,IAAI,UAAU,aAAa,SAAS,CAAC,EAAE;AAAA,EACjD,CAAC;AAED,MAAI;AACJ,MAAI;AACF,KAAC,EAAE,KAAK,IAAI,MAAM;AAAA,EACpB,UAAE;AACA,iBAAa,aAAa;AAAA,EAC5B;AAEA,QAAM,SAAS,MAAM,sBAAsB,eAAe,UAAU,MAAM,cAAc,WAAW;AACnG,QAAM,YAAY,eAAe,OAAO,UAAU;AAClD,QAAM,eAAe,OAAO,cAAc,OAAO,eAAe,SAAS;AAEzE,QAAM,SAAS,WAAW;AAC1B,aAAW;AAAA,IACT,GAAG;AAAA,IACH,SAAS,UAAU,OAAO;AAAA,EAC5B,CAAC;AACH;;;AMrGA,SAAS,WAAAC,gBAAe;;;ACGjB,IAAM,YAAN,MAAgB;AAAA,EACZ;AAAA,EACD;AAAA,EAER,cAAc;AACZ,UAAM,SAAS,WAAW;AAC1B,SAAK,UAAU,OAAO;AAAA,EACxB;AAAA,EAEQ,WAAmC;AACzC,QAAI,CAAC,KAAK,cAAe,MAAK,gBAAgB,eAAe;AAC7D,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAc,cAA+C;AAC3D,UAAM,QAAQ,MAAM,KAAK,SAAS;AAClC,WAAO,QAAQ,EAAE,iBAAiB,UAAU,KAAK,GAAG,IAAI,CAAC;AAAA,EAC3D;AAAA,EAEA,MAAM,QAAqB,QAAgB,MAAc,MAA4B;AACnF,UAAM,MAAM,MAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI,IAAI;AAAA,MAChD;AAAA,MACA,SAAS;AAAA,QACP,GAAI,MAAM,KAAK,YAAY;AAAA,QAC3B,gBAAgB;AAAA,MAClB;AAAA,MACA,MAAM,OAAO,KAAK,UAAU,IAAI,IAAI;AAAA,IACtC,CAAC;AAED,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,IAAI,MAAM,KAAK,OAAO,WAAW,QAAQ,IAAI,MAAM,EAAE;AAAA,IAC7D;AACA,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAM,WAAW,KAAa,MAAgB,aAAoC;AAChF,UAAM,MAAM,MAAM,MAAM,KAAK;AAAA,MAC3B,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,GAAI,MAAM,KAAK,YAAY;AAAA,QAC3B,gBAAgB;AAAA,MAClB;AAAA,MACA;AAAA,IACF,CAAC;AACD,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,IAAI,MAAM,uBAAuB,IAAI,MAAM,EAAE;AAAA,IACrD;AAAA,EACF;AACF;;;AD/CO,IAAM,gBAAgB,IAAIC,SAAQ,QAAQ,EAC9C,YAAY,0CAA0C,EACtD,OAAO,YAAY;AAClB,QAAM,OAAO,MAAM,gBAAgB;AAInC,MAAI,SAAS,SAAS;AACpB,QAAI;AACF,YAAM,SAAS,IAAI,UAAU;AAC7B,YAAM,OAAO,QAAQ,QAAQ,iBAAiB;AAAA,IAChD,SAAS,KAAK;AACZ,cAAQ,KAAK,qCAAqC,eAAe,QAAQ,IAAI,UAAU,SAAS,uCAAuC;AAAA,IACzI;AAAA,EACF;AAEA,QAAM,eAAe;AACrB,UAAQ,IAAI,yBAAyB;AACvC,CAAC;;;AEvBH,SAAS,WAAAC,gBAAe;;;ACAxB,OAAO,WAAW;AAClB,OAAO,WAAW;AAIX,SAAS,aAAa,MAAe,QAA8B;AACxE,MAAI,WAAW,QAAQ;AACrB,WAAO,KAAK,UAAU,MAAM,MAAM,CAAC;AAAA,EACrC;AAEA,MAAI,MAAM,QAAQ,IAAI,GAAG;AACvB,WAAO,YAAY,IAAiC;AAAA,EACtD;AAEA,MAAI,OAAO,SAAS,YAAY,SAAS,MAAM;AAC7C,WAAO,eAAe,IAA+B;AAAA,EACvD;AAEA,SAAO,OAAO,IAAI;AACpB;AAEA,SAAS,YAAY,MAAyC;AAC5D,MAAI,KAAK,WAAW,EAAG,QAAO,MAAM,IAAI,YAAY;AAEpD,QAAM,OAAO,OAAO,KAAK,KAAK,CAAC,CAAE;AACjC,QAAM,QAAQ,IAAI,MAAM,EAAE,MAAM,KAAK,IAAI,OAAK,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;AAE9D,aAAW,OAAO,MAAM;AACtB,UAAM,KAAK,KAAK,IAAI,OAAK;AACvB,YAAM,MAAM,IAAI,CAAC;AACjB,UAAI,QAAQ,QAAQ,QAAQ,OAAW,QAAO;AAC9C,UAAI,OAAO,QAAQ,SAAU,QAAO,KAAK,UAAU,GAAG;AACtD,aAAO,OAAO,GAAG;AAAA,IACnB,CAAC,CAAC;AAAA,EACJ;AAEA,SAAO,MAAM,SAAS;AACxB;AAEA,SAAS,eAAe,KAAsC;AAC5D,QAAM,QAAQ,IAAI,MAAM;AACxB,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,GAAG,GAAG;AAC9C,UAAM,eAAe,OAAO,UAAU,WAAW,KAAK,UAAU,KAAK,IAAI,OAAO,SAAS,EAAE;AAC3F,UAAM,KAAK,EAAE,CAAC,MAAM,KAAK,GAAG,CAAC,GAAG,aAAa,CAAC;AAAA,EAChD;AACA,SAAO,MAAM,SAAS;AACxB;;;AC9CA,SAAS,gBAAAC,qBAAoB;AAItB,SAAS,UAAU,MAAuC;AAC/D,MAAI,KAAK,WAAW,GAAG,GAAG;AACxB,UAAM,UAAUA,cAAa,KAAK,MAAM,CAAC,GAAG,OAAO;AACnD,WAAO,KAAK,MAAM,OAAO;AAAA,EAC3B;AACA,SAAO,KAAK,MAAM,IAAI;AACxB;AAEO,SAAS,YAAY,KAAsB;AAEhD,MAAI,UAA0B;AAC9B,SAAO,SAAS;AACd,UAAM,KAAK,QAAQ,KAAK,EAAE;AAC1B,QAAI,GAAI,QAAO;AACf,cAAU,QAAQ;AAAA,EACpB;AACA,UAAQ,MAAM,+BAA+B;AAC7C,SAAO,QAAQ,KAAK,CAAC;AACvB;AAEO,SAAS,UAAU,KAA4B;AACpD,SAAQ,IAAI,QAAQ,QAAQ,KAAK,EAAE,UAAU,IAAI,QAAQ,KAAK,EAAE,UAAU;AAC5E;;;AFrBO,IAAM,mBAAmB,IAAIC,SAAQ,WAAW,EACpD,YAAY,kBAAkB;AAEjC,iBAAiB,QAAQ,MAAM,EAC5B,YAAY,oBAAoB,EAChC,OAAO,eAAe,eAAe,EACrC,OAAO,eAA+B,MAAwB;AAC7D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,KAAK,KAAK,MAAM,QAAQ,mBAAmB,KAAK,GAAG,CAAC,KAAK;AAC/D,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,gBAAgB,EAAE,EAAE;AAC7D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,UAAU,EAChC,YAAY,gBAAgB,EAC5B,OAAO,eAA+B,IAAY;AACjD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,iBAAiB,EAAE,EAAE;AAC9D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,aAAa,EACnC,YAAY,mBAAmB,EAC/B,eAAe,iBAAiB,eAAe,EAC/C,OAAO,wBAAwB,aAAa,EAC5C,OAAO,iBAAiB,kDAAkD,EAC1E,OAAO,eAA+B,IAAY,MAA6D;AAC9G,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC;AAAA,IACpC,MAAM,KAAK;AAAA,IACX,aAAa,KAAK;AAAA,EACpB;AACA,MAAI,KAAK,MAAM;AACb,SAAK,MAAM,IAAI,KAAK,KAAK,MAAM,GAAG,EAAE,IAAI,OAAK,EAAE,KAAK,CAAC;AAAA,EACvD;AACA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,iBAAiB,EAAE,IAAI,IAAI;AACpE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,UAAU,EAChC,YAAY,wBAAwB,EACpC,eAAe,iBAAiB,kDAAkD,EAClF,OAAO,eAA+B,IAAY,MAAwB;AACzE,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,iBAAiB,EAAE,IAAI;AAAA,IAC9D,MAAM,KAAK,KAAK,MAAM,GAAG,EAAE,IAAI,OAAK,EAAE,KAAK,CAAC;AAAA,EAC9C,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,aAAa,EACnC,YAAY,mBAAmB,EAC/B,OAAO,OAAO,QAAgB;AAC7B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,iBAAiB,GAAG,EAAE;AACrD,UAAQ,IAAI,SAAS;AACvB,CAAC;AAIH,iBAAiB,QAAQ,gCAAgC,EACtD,YAAY,2DAA2D,EACvE,eAAe,iBAAiB,uBAAuB,EACvD,OAAO,wBAAwB,aAAa,EAC5C,OAAO,eAA+B,cAAsB,MAA8C;AACzG,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,YAAY,YAAY;AAAA,IACvE,MAAM,KAAK;AAAA,IACX,aAAa,KAAK;AAAA,EACpB,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,+BAA+B,EACrD,YAAY,kDAAkD,EAC9D,OAAO,eAA+B,cAAsB;AAC3D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,YAAY,WAAW;AACvE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,yBAAyB,EAC/C,YAAY,mEAAmE,EAC/E,eAAe,uBAAuB,4BAA4B,EAClE,OAAO,aAAa,yCAAyC,EAC7D,OAAO,uBAAuB,6CAA6C,CAAC,MAAc,EAAE,MAAM,GAAG,CAAC,EACtG,OAAO,oBAAoB,0CAA0C,CAAC,MAAc,EAAE,MAAM,GAAG,CAAC,EAChG,OAAO,iBAAiB,uCAAuC,CAAC,MAAc,EAAE,MAAM,GAAG,CAAC,EAC1F,OAAO,eAEN,cACA,MACA;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,YAAY,YAAY;AAAA,IACvE,oBAAoB,KAAK;AAAA,IACzB,SAAS,KAAK,UAAU;AAAA,IACxB,aAAa,KAAK;AAAA,IAClB,UAAU,KAAK;AAAA,IACf,OAAO,KAAK;AAAA,EACd,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,0BAA0B,EAChD,YAAY,mCAAmC,EAC/C,eAAe,8BAA8B,0BAA0B,EACvE,OAAO,eAA+B,cAAsB,MAA6B;AACxF,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,YAAY,qBAAqB;AAAA,IAChF,cAAc,KAAK;AAAA,EACrB,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,4BAA4B,EAClD,YAAY,kDAAkD,EAC9D,OAAO,eAA+B,cAAsB;AAC3D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,YAAY,aAAa;AACzE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;AG9HH,SAAS,WAAAC,gBAAe;AAKjB,IAAM,qBAAqB,IAAIC,SAAQ,aAAa,EACxD,YAAY,oBAAoB;AAEnC,mBAAmB,QAAQ,MAAM,EAC9B,YAAY,oCAAoC,EAChD,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc;AAChE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,UAAU,EAClC,YAAY,kBAAkB,EAC9B,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,gBAAgB,EAAE,EAAE;AACtE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,aAAa,EACrC,YAAY,+BAA+B,EAC3C,eAAe,iBAAiB,iBAAiB,EACjD,OAAO,wBAAwB,aAAa,EAC5C,OAAO,mBAAmB,wCAAwC,EAClE,OAAO,iBAAiB,WAAW,EACnC,OAAO,mBAAmB,WAAW,EACrC,OAAO,oBAAoB,oDAAoD,EAC/E,OAAO,eAA+B,IAAY,MAAgH;AACjK,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,MAAM,KAAK,KAAK;AACxD,MAAI,KAAK,YAAa,MAAK,aAAa,IAAI,KAAK;AACjD,MAAI,KAAK,OAAQ,MAAK,aAAa,IAAI,UAAU,KAAK,MAAM;AAC5D,MAAI,KAAK,KAAM,MAAK,MAAM,IAAI,KAAK;AACnC,MAAI,KAAK,MAAO,MAAK,OAAO,IAAI,KAAK;AACrC,MAAI,KAAK,QAAS,MAAK,SAAS,IAAI,UAAU,KAAK,OAAO;AAC1D,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,gBAAgB,EAAE,IAAI,IAAI;AAC5E,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,aAAa,EACrC,YAAY,qBAAqB,EACjC,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,gBAAgB,EAAE,EAAE;AAC5D,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACtDH,SAAS,WAAAC,gBAAe;AAKjB,IAAM,mBAAmB,IAAIC,SAAQ,WAAW,EACpD,YAAY,kBAAkB;AAEjC,iBAAiB,QAAQ,qBAAqB,EAC3C,YAAY,6BAA6B,EACzC,eAAe,iBAAiB,wCAAwC,EACxE,OAAO,aAAa,wDAAwD,EAC5E,OAAO,sBAAsB,kDAAkD,EAC/E,OAAO,8BAA8B,6CAA6C,EAClF,OAAO,eAA+B,YAAoB,MAAmF;AAC5I,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,MAAM,UAAU,KAAK,IAAI,EAAE;AACnE,MAAI,KAAK,WAAY,MAAK,aAAa,IAAI,KAAK;AAChD,MAAI,KAAK,eAAgB,MAAK,iBAAiB,IAAI,KAAK;AACxD,QAAM,OAAO,KAAK,KACd,OAAO,EAAE,cAAc,UAAU,IAAI,KAAK,EAAE,KAC5C,OAAO,EAAE,cAAc,UAAU;AACrC,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,MAAM,IAAI;AACnD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,uBAAuB,EAC7C,YAAY,sBAAsB,EAClC,OAAO,eAA+B,YAAoB,IAAY;AACrE,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,EAAE;AAClF,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,0BAA0B,EAChD,YAAY,mBAAmB,EAC/B,OAAO,eAA+B,YAAoB,IAAY;AACrE,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,EAAE;AACxE,UAAQ,IAAI,SAAS;AACvB,CAAC;;;AC3CH,SAAS,WAAAC,gBAAe;AACxB,SAAS,gBAAAC,qBAAoB;AAKtB,IAAM,aAAa,IAAIC,SAAQ,KAAK,EACxC,YAAY,qDAAqD,EACjE,SAAS,WAAW,yBAAyB,EAC7C,OAAO,iBAAiB,0CAA0C,EAClE,OAAO,mBAAmB,mEAAmE,EAC7F,OAAO,eAA+B,UAA8B,MAA2C;AAC9G,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAE7B,MAAI;AACJ,MAAI,KAAK,MAAM;AACb,YAAQC,cAAa,KAAK,MAAM,OAAO,EAAE,KAAK;AAAA,EAChD,WAAW,UAAU;AACnB,YAAQ;AAAA,EACV,OAAO;AACL,YAAQ,MAAM,sDAAsD;AACpE,YAAQ,KAAK,CAAC;AAAA,EAChB;AAEA,QAAM,SAAkC,CAAC;AACzC,MAAI,KAAK,OAAO;AACd,eAAW,MAAM,KAAK,OAAO;AAC3B,YAAM,QAAQ,GAAG,QAAQ,GAAG;AAC5B,UAAI,UAAU,IAAI;AAChB,gBAAQ,MAAM,gCAAgC,EAAE,uBAAuB;AACvE,gBAAQ,KAAK,CAAC;AAAA,MAChB;AACA,aAAO,GAAG,MAAM,GAAG,KAAK,CAAC,IAAI,GAAG,MAAM,QAAQ,CAAC;AAAA,IACjD;AAAA,EACF;AAEA,QAAM,OAAgC,EAAE,MAAM;AAC9C,MAAI,OAAO,KAAK,MAAM,EAAE,SAAS,EAAG,MAAK,SAAS;AAElD,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,QAAQ,IAAI;AAC/D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;AC1CH,SAAS,WAAAC,gBAAe;AAKjB,IAAM,uBAAuB,IAAIC,SAAQ,eAAe,EAC5D,YAAY,wCAAwC;AAEvD,qBAAqB,QAAQ,QAAQ,EAClC,YAAY,iCAAiC,EAC7C,eAAe,4BAA4B,iCAAiC,EAC5E,eAAe,4BAA4B,iCAAiC,EAC5E,eAAe,iBAAiB,mBAAmB,EACnD,OAAO,aAAa,iBAAiB,EACrC,OAAO,iBAAiB,kDAAkD,EAC1E,OAAO,eAA+B,MAAoF;AACzH,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,CAAC,kBAAkB,QAAQ,IAAI,KAAK,OAAO,MAAM,GAAG;AAC1D,QAAM,CAAC,kBAAkB,QAAQ,IAAI,KAAK,OAAO,MAAM,GAAG;AAC1D,QAAM,OAAgC;AAAA,IACpC,UAAU,KAAK;AAAA,IACf,mBAAmB;AAAA,IACnB,WAAW;AAAA,IACX,mBAAmB;AAAA,IACnB,WAAW;AAAA,EACb;AACA,MAAI,KAAK,GAAI,MAAK,IAAI,IAAI,KAAK;AAC/B,MAAI,KAAK,KAAM,MAAK,MAAM,IAAI,UAAU,KAAK,IAAI;AACjD,QAAM,OAAO,KAAK,KAAK,OAAO,EAAE,kBAAkB,KAAK,EAAE,KAAK,OAAO,EAAE;AACvE,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,MAAM,IAAI;AACnD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,qBAAqB,QAAQ,UAAU,EACpC,YAAY,0BAA0B,EACtC,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,kBAAkB,EAAE,EAAE;AACxE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,qBAAqB,QAAQ,aAAa,EACvC,YAAY,uBAAuB,EACnC,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,kBAAkB,EAAE,EAAE;AAC9D,UAAQ,IAAI,SAAS;AACvB,CAAC;;;AClDH,SAAS,WAAAC,gBAAe;AAKjB,IAAM,4BAA4B,IAAIC,SAAQ,qBAAqB,EACvE,YAAY,yBAAyB,EACrC,SAAS,gBAAgB,mCAAmC,EAC5D,SAAS,QAAQ,oBAAoB,EACrC,OAAO,iBAAiB,6BAA6B,EACrD,OAAO,qBAAqB,0CAA0C,MAAM,EAC5E,OAAO,eAAe,eAAe,IAAI,EACzC,OAAO,gBAAgB,gBAAgB,GAAG,EAC1C,OAAO,eAA+B,YAAoB,IAAY,MAA2E;AAChJ,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,IAAI,gBAAgB;AACnC,MAAI,KAAK,KAAM,QAAO,IAAI,YAAY,KAAK,IAAI;AAE/C,QAAM,eAAuC,EAAE,UAAU,UAAU,UAAU,UAAU,MAAM,OAAO;AACpG,SAAO,IAAI,aAAa,aAAa,KAAK,SAAS,KAAK,KAAK,SAAS;AACtE,SAAO,IAAI,SAAS,KAAK,KAAK;AAC9B,SAAO,IAAI,UAAU,KAAK,MAAM;AAChC,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,YAAY,OAAO,SAAS,CAAC,EAAE;AAC/G,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;ACzBH,SAAS,WAAAC,gBAAe;AACxB,SAAS,gBAAAC,qBAAoB;AAKtB,IAAM,qBAAqB,IAAIC,SAAQ,aAAa,EACxD,YAAY,6BAA6B;AAE5C,mBAAmB,QAAQ,0BAA0B,EAClD,YAAY,0GAA0G,EACtH,eAAe,qBAAqB,wCAAwC,EAC5E,OAAO,yBAAyB,aAAa,0BAA0B,EACvE,OAAO,iBAAiB,qEAAqE,EAC7F,OAAO,eAA+B,YAAoB,IAAY,MAAgE;AACrI,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,gBAAgB;AAAA,IAC/F,UAAU,KAAK;AAAA,IACf,cAAc,KAAK;AAAA,EACrB,CAAC;AAED,MAAI,KAAK,MAAM;AACb,UAAM,OAAOC,cAAa,KAAK,IAAI;AACnC,UAAM,YAAY,KAAK,WAAW,WAAW,MAAM,IAAI,KAAK,aAAa,GAAG,OAAO,OAAO,GAAG,KAAK,UAAU;AAC5G,UAAM,OAAO,WAAW,WAAW,MAAM,KAAK,WAAW;AACzD,YAAQ,IAAI,aAAa,EAAE,GAAG,MAAM,UAAU,KAAK,GAAG,UAAU,IAAI,CAAC,CAAC;AAAA,EACxE,OAAO;AACL,YAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AAAA,EACjD;AACF,CAAC;AAEH,mBAAmB,QAAQ,uBAAuB,EAC/C,YAAY,kDAAkD,EAC9D,eAAe,qBAAqB,wCAAwC,EAC5E,OAAO,eAA+B,YAAoB,IAAY,MAA4B;AACjG,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,cAAc,MAAM,OAAO,QAAgE,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,cAAc;AAC7J,QAAM,QAAQ,YAAY,KAAK,OAAK,EAAE,IAAI,SAAS,IAAI,KAAK,QAAQ,EAAE,CAAC;AACvE,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,MAAM,eAAe,KAAK,QAAQ,aAAa;AAAA,EAC3D;AACA,QAAM,cAAc,GAAG,OAAO,OAAO,OAAO,EAAE,gBAAgB,MAAM,GAAG;AACvE,UAAQ,IAAI,aAAa,EAAE,cAAc,aAAa,GAAG,MAAM,GAAG,UAAU,IAAI,CAAC,CAAC;AACpF,CAAC;AAEH,mBAAmB,QAAQ,wBAAwB,EAChD,YAAY,iCAAiC,EAC7C,OAAO,mBAAmB,oCAAoC,EAC9D,OAAO,eAA+B,YAAoB,IAAY,MAA2B;AAChG,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,QAAQ,KAAK,SAAS,WAAW,mBAAmB,KAAK,MAAM,CAAC,KAAK;AAC3E,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,eAAe,KAAK,EAAE;AACtG,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,0CAA0C,EAClE,YAAY,sBAAsB,EAClC,OAAO,eAA+B,YAAoB,IAAY,cAAsB;AAC3F,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,gBAAgB,YAAY,EAAE;AACpG,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACjEH,SAAS,kBAAkB;AAC3B,SAAS,WAAAC,iBAAe;AAKjB,IAAM,eAAe,IAAIC,UAAQ,OAAO,EAC5C,YAAY,kCAAkC;AAEjD,aAAa,QAAQ,QAAQ,EAC1B,YAAY,2BAA2B,EACvC,eAAe,iBAAiB,WAAW,EAC3C,eAAe,qBAAqB,oBAAoB,EACxD,OAAO,aAAa,qCAAqC,EACzD,OAAO,oCAAoC,kCAAkC,EAC7E,OAAO,eAA+B,MAA+E;AACpH,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,KAAK,MAAM,WAAW;AACrC,QAAM,OAAgC;AAAA,IACpC,MAAM,KAAK;AAAA,IACX,QAAQ,KAAK;AAAA,IACb,SAAS;AAAA,EACX;AACA,MAAI,KAAK,iBAAiB;AACxB,SAAK,kBAAkB,IAAI,KAAK,gBAAgB,MAAM,GAAG;AAAA,EAC3D;AACA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,UAAU,MAAM,IAAI,IAAI;AAC1E,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,aAAa,QAAQ,UAAU,EAC5B,YAAY,YAAY,EACxB,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,UAAU,EAAE,EAAE;AAChE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,aAAa,QAAQ,MAAM,EACxB,YAAY,gBAAgB,EAC5B,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,QAAQ;AAC1D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,aAAa,QAAQ,aAAa,EAC/B,YAAY,eAAe,EAC3B,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,UAAU,EAAE,EAAE;AACtD,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACxDH,SAAS,cAAAC,mBAAkB;AAC3B,SAAS,WAAAC,iBAAe;AAKjB,IAAM,kBAAkB,IAAIC,UAAQ,UAAU,EAClD,YAAY,0BAA0B;AAEzC,gBAAgB,QAAQ,QAAQ,EAC7B,YAAY,4BAA4B,EACxC,eAAe,iBAAiB,cAAc,EAC9C,eAAe,eAAe,YAAY,EAC1C,eAAe,qBAAqB,qBAAqB,EACzD,eAAe,qBAAqB,6BAA6B,EACjE,OAAO,aAAa,wCAAwC,EAC5D,OAAO,oCAAoC,kCAAkC,EAC7E,OAAO,mBAAmB,0BAA0B,EACpD,OAAO,eAA+B,MAA6H;AAClK,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,YAAY,KAAK,MAAMC,YAAW;AACxC,QAAM,OAAgC;AAAA,IACpC,MAAM,KAAK;AAAA,IACX,KAAK,KAAK;AAAA,IACV,QAAQ,KAAK;AAAA,IACb,QAAQ,KAAK,OAAO,MAAM,GAAG;AAAA,IAC7B,SAAS;AAAA,EACX;AACA,MAAI,KAAK,iBAAiB;AACxB,SAAK,kBAAkB,IAAI,KAAK,gBAAgB,MAAM,GAAG;AAAA,EAC3D;AACA,MAAI,KAAK,QAAQ;AACf,SAAK,QAAQ,IAAI,KAAK,MAAM,KAAK,MAAM;AAAA,EACzC;AACA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,aAAa,SAAS,IAAI,IAAI;AAChF,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,gBAAgB,QAAQ,UAAU,EAC/B,YAAY,eAAe,EAC3B,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,aAAa,EAAE,EAAE;AACnE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,gBAAgB,QAAQ,MAAM,EAC3B,YAAY,mBAAmB,EAC/B,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,WAAW;AAC7D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,gBAAgB,QAAQ,aAAa,EAClC,YAAY,kBAAkB,EAC9B,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,aAAa,EAAE,EAAE;AACzD,UAAQ,IAAI,SAAS;AACvB,CAAC;;;AChEH,SAAS,WAAAC,iBAAe;AAKjB,IAAM,mBAAmB,IAAIC,UAAQ,WAAW,EACpD,YAAY,8BAA8B;AAE7C,iBAAiB,QAAQ,eAAe,EACrC,YAAY,kCAAkC,EAC9C,OAAO,iBAAiB,wDAAwD,EAChF,OAAO,wBAAwB,sBAAsB,EACrD,OAAO,iBAAiB,yDAAyD,SAAS,CAAC,CAAC,EAC5F,OAAO,yBAAyB,yDAAyD,SAAS,CAAC,CAAC,EACpG,OAAO,kBAAkB,gEAAgE,SAAS,CAAC,CAAC,EACpG,OAAO,eAAe,uBAAuB,EAC7C,OAAO,mBAAmB,yHAAyH,EACnJ,OAAO,eAA+B,MAAc,MAQlD;AACD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAE7B,MAAI;AAEJ,MAAI,KAAK,QAAQ;AAEf,WAAO,KAAK,MAAM,KAAK,MAAM;AAAA,EAC/B,OAAO;AACL,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,MAAM,2DAA2D;AAAA,IAC7E;AACA,WAAO;AAAA,MACL,MAAM,KAAK;AAAA,MACX,OAAO,KAAK,KAAK,IAAI,aAAa;AAAA,IACpC;AAEA,QAAI,KAAK,YAAa,MAAK,cAAc,KAAK;AAE9C,QAAI,KAAK,aAAa,SAAS,GAAG;AAChC,WAAK,gBAAgB,KAAK,aAAa,IAAI,YAAY;AAAA,IACzD;AAEA,QAAI,KAAK,MAAM,SAAS,GAAG;AACzB,YAAM,aAAuC,CAAC;AAC9C,iBAAW,QAAQ,KAAK,OAAO;AAC7B,cAAM,SAAS,UAAU,IAAI;AAC7B,mBAAW,OAAO,GAAG,IAAI,OAAO;AAAA,MAClC;AACA,WAAK,QAAQ,EAAE,SAAS,MAAM,WAAW;AAAA,IAC3C;AAEA,QAAI,KAAK,SAAU,MAAK,YAAY;AAAA,EACtC;AAEA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,IAAI,IAAI,IAAI;AAC5E,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,YAAY,EAClC,YAAY,iBAAiB,EAC7B,OAAO,cAAc,qCAAqC,EAC1D,OAAO,eAA+B,MAAc,MAA8B;AACjF,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,KAAK,WACd,OAAO,EAAE,cAAc,IAAI,cAC3B,OAAO,EAAE,cAAc,IAAI;AAC/B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,IAAI;AAC7C,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,MAAM,EAC5B,YAAY,oBAAoB,EAChC,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,YAAY;AAC9D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,eAAe,EACrC,YAAY,oBAAoB,EAChC,OAAO,eAA+B,MAAc;AACnD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,cAAc,IAAI,EAAE;AAC5D,UAAQ,IAAI,SAAS;AACvB,CAAC;AAEH,iBAAiB,QAAQ,YAAY,EAClC,YAAY,4CAA4C,EACxD,OAAO,sBAAsB,yBAAyB,KAAK,EAC3D,OAAO,CAAC,OAAe,SAAgC;AACtD,QAAM,YAAY,KAAK,cAAc,QAAQ,QAAQ;AACrD,UAAQ,IAAI,2BAA2B,KAAK,IAAI,SAAS,EAAE;AAC7D,CAAC;AAIH,SAAS,QAAQ,OAAe,UAA8B;AAC5D,SAAO,CAAC,GAAG,UAAU,KAAK;AAC5B;AAEA,SAAS,UAAU,MAA8C;AAC/D,QAAM,CAAC,KAAK,MAAM,IAAI,KAAK,MAAM,GAAG;AACpC,MAAI,CAAC,OAAO,CAAC,QAAQ;AACnB,UAAM,IAAI,MAAM,iBAAiB,IAAI,kCAAkC;AAAA,EACzE;AACA,SAAO,EAAE,KAAK,KAAK,OAAO,MAAM,GAAG,EAAE;AACvC;AAEA,SAAS,cAAc,MAAuC;AAC5D,QAAM,EAAE,KAAK,IAAI,IAAI,UAAU,IAAI;AACnC,SAAO,EAAE,YAAY,KAAK,YAAY,IAAI;AAC5C;AAEA,SAAS,aAAa,MAAuC;AAC3D,QAAM,EAAE,KAAK,IAAI,IAAI,UAAU,IAAI;AACnC,SAAO,EAAE,UAAU,KAAK,YAAY,IAAI;AAC1C;;;AC9HA,SAAS,WAAAC,iBAAe;AAKjB,IAAM,eAAe,IAAIC,UAAQ,OAAO,EAC5C,YAAY,0DAA0D,EACtE,eAAe,uBAAuB,6CAA6C,EACnF,OAAO,eAA+B,MAA8B;AACnE,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,aAAa,UAAU,KAAK,UAAU;AAC5C,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,UAAU;AAAA,IAC3D,YAAY,MAAM,QAAQ,UAAU,IAAI,aAAa,CAAC,UAAU;AAAA,EAClE,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;AChBH,SAAS,WAAAC,iBAAe;AAIxB,IAAM,kBAAkB;AAEjB,IAAM,mBAAmB,IAAIC,UAAQ,WAAW,EACpD,YAAY,6EAA6E;AAE5F,iBAAiB,QAAQ,mBAAmB,EACzC,YAAY,sDAAsD,eAAe,EAAE,EACnF,eAAe,kBAAkB,6CAA6C,EAC9E,OAAO,eAA+B,UAAkB,MAAyB;AAChF,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,QAAQ,UAAU,KAAK,KAAK;AAClC,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,cAAc,QAAQ,WAAW;AAAA,IAClF,OAAO,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC,KAAK;AAAA,EAC9C,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,mBAAmB,EACzC,YAAY,sDAAsD,eAAe,EAAE,EACnF,OAAO,uBAAuB,+CAA+C,EAC7E,OAAO,mBAAmB,sBAAsB,EAChD,OAAO,eAA+B,UAAkB,MAAiD;AACxG,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,QAAQ,KAAK,cAAc,gBAAgB,KAAK,WAAW,KAAK;AACtE,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,QAAQ,UAAU,KAAK,EAAE;AAEzF,MAAI,KAAK,QAAQ;AACf,UAAM,EAAE,eAAAC,eAAc,IAAI,MAAM,OAAO,IAAI;AAC3C,IAAAA,eAAc,KAAK,QAAQ,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AACxD,YAAQ,IAAI,cAAc,KAAK,MAAM,EAAE;AAAA,EACzC,OAAO;AACL,YAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AAAA,EACjD;AACF,CAAC;AAEH,iBAAiB,QAAQ,qCAAqC,EAC3D,YAAY,qEAAqE,eAAe,EAAE,EAClG,eAAe,iBAAiB,8DAA8D,EAC9F,OAAO,sBAAsB,mCAAmC,EAChE,OAAO,8BAA8B,4BAA4B,EACjE,OAAO,eAA+B,UAAkB,YAAoB,MAAsE;AACjJ,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,WAAW,UAAU,KAAK,IAAI;AACpC,QAAM,aAAuB,CAAC;AAC9B,MAAI,KAAK,WAAY,YAAW,KAAK,eAAe,mBAAmB,KAAK,UAAU,CAAC,EAAE;AACzF,MAAI,KAAK,eAAgB,YAAW,KAAK,mBAAmB,mBAAmB,KAAK,cAAc,CAAC,EAAE;AACrG,QAAM,KAAK,WAAW,SAAS,IAAI,WAAW,KAAK,GAAG,CAAC,KAAK;AAC5D,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,cAAc,QAAQ,cAAc,UAAU,GAAG,EAAE,IAAI,QAAQ;AAClH,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;ACxDH,SAAS,WAAAC,iBAAe;AAKjB,IAAM,gBAAgB,IAAIC,UAAQ,QAAQ,EAC9C,YAAY,mBAAmB;AAElC,cAAc,QAAQ,QAAQ,EAC3B,YAAY,2BAA2B,EACvC,eAAe,iBAAiB,YAAY,EAC5C,eAAe,mBAAmB,iCAAiC,EACnE,OAAO,uBAAuB,wDAAwD,EACtF,OAAO,eAA+B,MAA4D;AACjG,QAAM,SAAS,IAAI,UAAU;AAC7B,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,KAAK,MAAM;AAAA,EACjC,QAAQ;AACN,UAAM,IAAI,MAAM,6BAA6B;AAAA,EAC/C;AACA,QAAM,OAAgC,EAAE,MAAM,KAAK,MAAM,OAAO;AAChE,MAAI,KAAK,UAAW,MAAK,aAAa,KAAK;AAC3C,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,cAAc,IAAI;AAC5D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,cAAc,QAAQ,MAAM,EACzB,YAAY,iBAAiB,EAC7B,OAAO,iBAA+B;AACrC,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,YAAY;AACrD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,cAAc,QAAQ,mBAAmB,EACtC,YAAY,qBAAqB,EACjC,OAAO,eAA+B,SAAiB;AACtD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,cAAc,OAAO,EAAE;AACtD,UAAQ,IAAI,eAAe;AAC7B,CAAC;;;ACpCH,SAAS,WAAAC,iBAAe;AAKjB,IAAM,eAAe,IAAIC,UAAQ,OAAO,EAC5C,YAAY,+DAA+D;AAI9E,IAAM,YAAY,aAAa,QAAQ,IAAI,EAAE,YAAY,qCAAqC;AAE9F,UAAU,QAAQ,oBAAoB,EACnC,YAAY,mEAAmE,EAC/E,OAAO,eAA+B,MAAc,IAAY;AAC/D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,mBAAmB,mBAAmB,IAAI,CAAC,IAAI,mBAAmB,EAAE,CAAC;AAAA,EACvE;AACA,UAAQ,IAAI,aAAa,KAAK,QAAQ,UAAU,IAAI,CAAC,CAAC;AACxD,CAAC;AAEH,UAAU,QAAQ,0BAA0B,EACzC,YAAY,+DAA+D,EAC3E,OAAO,eAAe,kCAAkC,CAAC,MAAc,OAAO,CAAC,CAAC,EAChF,OAAO,oBAAoB,yCAAyC,EACpE,OAAO,eAEN,MACA,IACA,OACA,MACA;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,IAAI,gBAAgB,EAAE,MAAM,CAAC;AAC5C,MAAI,KAAK,UAAU,OAAW,QAAO,IAAI,SAAS,OAAO,KAAK,KAAK,CAAC;AACpE,MAAI,KAAK,UAAU,OAAW,QAAO,IAAI,UAAU,KAAK,KAAK;AAE7D,QAAM,OAAO,MAAM,OAAO;AAAA,IAMxB;AAAA,IACA,mBAAmB,mBAAmB,IAAI,CAAC,IAAI,mBAAmB,EAAE,CAAC,SAAS,MAAM;AAAA,EACtF;AAEA,QAAM,SAAS,UAAU,IAAI;AAC7B,MAAI,WAAW,QAAQ;AACrB,YAAQ,IAAI,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AACzC;AAAA,EACF;AAEA,QAAM,OAAO,KAAK,KAAK,IAAI,OAAK,OAAO,YAAY,KAAK,QAAQ,IAAI,CAAC,GAAG,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;AACzF,UAAQ,IAAI,aAAa,MAAM,MAAM,CAAC;AACtC,MAAI,KAAK,UAAW,SAAQ,IAAI,6CAAwC;AAC1E,CAAC;;;AC/DH;AAAA,EACE,MAAQ;AAAA,EACR,SAAW;AAAA,EACX,MAAQ;AAAA,EACR,SAAW;AAAA,IACT,MAAQ;AAAA,EACV;AAAA,EACA,KAAO;AAAA,IACL,OAAS;AAAA,EACX;AAAA,EACA,OAAS;AAAA,IACP;AAAA,EACF;AAAA,EACA,SAAW;AAAA,IACT,OAAS;AAAA,IACT,WAAa;AAAA,IACb,MAAQ;AAAA,IACR,KAAO;AAAA,EACT;AAAA,EACA,cAAgB;AAAA,IACd,oBAAoB;AAAA,IACpB,OAAS;AAAA,IACT,cAAc;AAAA,IACd,WAAa;AAAA,IACb,MAAQ;AAAA,EACV;AAAA,EACA,iBAAmB;AAAA,IACjB,eAAe;AAAA,IACf,MAAQ;AAAA,IACR,YAAc;AAAA,IACd,QAAU;AAAA,EACZ;AACF;;;AzBbO,IAAM,UAAU,IAAIC,UAAQ,OAAO,EACvC,YAAY,iDAA4C,EACxD,QAAQ,gBAAI,OAAO,EACnB,OAAO,mBAAmB,aAAa,EACvC,OAAO,qBAAqB,gCAAgC,OAAO;AAEtE,QAAQ,WAAW,YAAY;AAC/B,QAAQ,WAAW,aAAa;AAChC,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,kBAAkB;AACrC,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,UAAU;AAC7B,QAAQ,WAAW,oBAAoB;AACvC,QAAQ,WAAW,yBAAyB;AAC5C,QAAQ,WAAW,kBAAkB;AACrC,QAAQ,WAAW,YAAY;AAC/B,QAAQ,WAAW,eAAe;AAClC,QAAQ,WAAW,YAAY;AAC/B,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,aAAa;AAChC,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,YAAY;;;A0BtC/B,QAAQ,MAAM;","names":["Command","Command","Command","Command","readFileSync","Command","Command","Command","Command","Command","Command","readFileSync","Command","readFileSync","Command","Command","Command","Command","Command","readFileSync","Command","readFileSync","Command","Command","randomUUID","Command","Command","randomUUID","Command","Command","Command","Command","Command","Command","writeFileSync","Command","Command","Command","Command","Command"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "rekor-cli",
-  "version": "0.1.22",
+  "version": "0.1.23",
   "type": "module",
   "engines": {
     "node": ">=20.0.0"