rekor-cli 0.1.35 → 0.1.37
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +82 -31
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
2
|
|
|
3
3
|
// src/program.ts
|
|
4
|
-
import { Command as
|
|
4
|
+
import { Command as Command23 } from "commander";
|
|
5
5
|
|
|
6
6
|
// src/commands/login.ts
|
|
7
7
|
import { Command } from "commander";
|
|
@@ -949,6 +949,19 @@ documentsCommand.command("upsert <collection>").description("Create or update a
|
|
|
949
949
|
const data = await client.request("PUT", path, body);
|
|
950
950
|
console.log(formatOutput(data, getFormat(this)));
|
|
951
951
|
});
|
|
952
|
+
documentsCommand.command("query <collection>").description("List/search documents: exact filters + fuzzy `search`, sorting, pagination").option("--filter <json>", "Filter DSL expression (inline JSON or @filename). Use the `search` operator for fuzzy matching.").option("--sort <json>", 'Sort expressions (inline JSON or @filename), e.g. [{"field":"data.created","direction":"desc"}]').option("--fields <list>", "Comma-separated field projection").option("--limit <n>", "Max results").option("--offset <n>", "Pagination offset").action(async function(collection, opts) {
|
|
953
|
+
const ws = getDatabase(this);
|
|
954
|
+
const client = new ApiClient();
|
|
955
|
+
const qs = new URLSearchParams();
|
|
956
|
+
if (opts.filter) qs.set("filter", JSON.stringify(parseData(opts.filter)));
|
|
957
|
+
if (opts.sort) qs.set("sort", JSON.stringify(parseData(opts.sort)));
|
|
958
|
+
if (opts.fields) qs.set("fields", opts.fields);
|
|
959
|
+
if (opts.limit) qs.set("limit", opts.limit);
|
|
960
|
+
if (opts.offset) qs.set("offset", opts.offset);
|
|
961
|
+
const q = qs.toString();
|
|
962
|
+
const data = await client.request("GET", `/v1/${ws}/documents/${collection}${q ? `?${q}` : ""}`);
|
|
963
|
+
console.log(formatOutput(data, getFormat(this)));
|
|
964
|
+
});
|
|
952
965
|
documentsCommand.command("get <collection> <id>").description("Get a document by ID").action(async function(collection, id) {
|
|
953
966
|
const ws = getDatabase(this);
|
|
954
967
|
const client = new ApiClient();
|
|
@@ -1036,9 +1049,46 @@ relationshipsCommand.command("delete <id>").description("Delete a relationship")
|
|
|
1036
1049
|
console.log("Deleted");
|
|
1037
1050
|
});
|
|
1038
1051
|
|
|
1039
|
-
// src/commands/
|
|
1052
|
+
// src/commands/relationship-types.ts
|
|
1040
1053
|
import { Command as Command8 } from "commander";
|
|
1041
|
-
var
|
|
1054
|
+
var relationshipTypesCommand = new Command8("relationship-types").description("Manage relationship types (the schema for a relationship's metadata)");
|
|
1055
|
+
relationshipTypesCommand.command("list").description("List all relationship types in a database").action(async function() {
|
|
1056
|
+
const ws = getDatabase(this);
|
|
1057
|
+
const client = new ApiClient();
|
|
1058
|
+
const data = await client.request("GET", `/v1/${ws}/relationship-types`);
|
|
1059
|
+
console.log(formatOutput(data, getFormat(this)));
|
|
1060
|
+
});
|
|
1061
|
+
relationshipTypesCommand.command("get <rel_type>").description("Get a relationship type").action(async function(relType) {
|
|
1062
|
+
const ws = getDatabase(this);
|
|
1063
|
+
const client = new ApiClient();
|
|
1064
|
+
const data = await client.request("GET", `/v1/${ws}/relationship-types/${relType}`);
|
|
1065
|
+
console.log(formatOutput(data, getFormat(this)));
|
|
1066
|
+
});
|
|
1067
|
+
relationshipTypesCommand.command("upsert <rel_type>").description("Create or update a relationship type").option("--description <desc>", "Description").option("--schema <json>", "JSON Schema for the relationship data (inline JSON or @filename). Omit to allow any data.").option("--source-collections <json>", "JSON array of allowed source collections (inline JSON or @filename)").option("--target-collections <json>", "JSON array of allowed target collections (inline JSON or @filename)").action(async function(relType, opts) {
|
|
1068
|
+
const ws = getDatabase(this);
|
|
1069
|
+
const client = new ApiClient();
|
|
1070
|
+
const body = {};
|
|
1071
|
+
if (opts.description) body["description"] = opts.description;
|
|
1072
|
+
if (opts.schema) body["data_schema"] = parseData(opts.schema);
|
|
1073
|
+
if (opts.sourceCollections) body["source_collections"] = parseData(opts.sourceCollections);
|
|
1074
|
+
if (opts.targetCollections) body["target_collections"] = parseData(opts.targetCollections);
|
|
1075
|
+
const data = await client.request("PUT", `/v1/${ws}/relationship-types/${relType}`, body);
|
|
1076
|
+
console.log(formatOutput(data, getFormat(this)));
|
|
1077
|
+
});
|
|
1078
|
+
relationshipTypesCommand.command("delete <rel_type>").description("Delete a relationship type").option("-y, --yes", "Skip confirmation prompt").action(async function(relType, opts) {
|
|
1079
|
+
if (!opts.yes && !await confirm(`Delete relationship type "${relType}"? This cannot be undone.`)) {
|
|
1080
|
+
console.log("Aborted");
|
|
1081
|
+
return;
|
|
1082
|
+
}
|
|
1083
|
+
const ws = getDatabase(this);
|
|
1084
|
+
const client = new ApiClient();
|
|
1085
|
+
await client.request("DELETE", `/v1/${ws}/relationship-types/${relType}`);
|
|
1086
|
+
console.log("Deleted");
|
|
1087
|
+
});
|
|
1088
|
+
|
|
1089
|
+
// src/commands/query-relationships.ts
|
|
1090
|
+
import { Command as Command9 } from "commander";
|
|
1091
|
+
var queryRelationshipsCommand = new Command9("query-relationships").description("Query related documents").argument("<collection>", "Collection of the source document").argument("<id>", "Source document ID").option("--type <type>", "Filter by relationship type").option("--direction <dir>", "Direction: outgoing, incoming, or both", "both").option("--limit <n>", "Max results", "50").option("--offset <n>", "Skip results", "0").action(async function(collection, id, opts) {
|
|
1042
1092
|
const ws = getDatabase(this);
|
|
1043
1093
|
const client = new ApiClient();
|
|
1044
1094
|
const params = new URLSearchParams();
|
|
@@ -1052,9 +1102,9 @@ var queryRelationshipsCommand = new Command8("query-relationships").description(
|
|
|
1052
1102
|
});
|
|
1053
1103
|
|
|
1054
1104
|
// src/commands/attachments.ts
|
|
1055
|
-
import { Command as
|
|
1105
|
+
import { Command as Command10 } from "commander";
|
|
1056
1106
|
import { readFileSync as readFileSync5 } from "fs";
|
|
1057
|
-
var attachmentsCommand = new
|
|
1107
|
+
var attachmentsCommand = new Command10("attachments").description("Manage document attachments");
|
|
1058
1108
|
attachmentsCommand.command("upload <collection> <id>").description("Get a presigned upload URL for a document attachment. With --file, uploads the file content in one step.").requiredOption("--filename <name>", "File name or path (e.g. docs/guide.md)").option("--content-type <type>", "MIME type", "application/octet-stream").option("--file <path>", "Local file to upload (skips presigned URL output, uploads directly)").action(async function(collection, id, opts) {
|
|
1059
1109
|
const ws = getDatabase(this);
|
|
1060
1110
|
const client = new ApiClient();
|
|
@@ -1102,8 +1152,8 @@ attachmentsCommand.command("delete <collection> <id> <attachment-id>").descripti
|
|
|
1102
1152
|
|
|
1103
1153
|
// src/commands/hooks.ts
|
|
1104
1154
|
import { randomUUID } from "crypto";
|
|
1105
|
-
import { Command as
|
|
1106
|
-
var hooksCommand = new
|
|
1155
|
+
import { Command as Command11 } from "commander";
|
|
1156
|
+
var hooksCommand = new Command11("hooks").description("Manage inbound webhook endpoints");
|
|
1107
1157
|
hooksCommand.command("create").description("Create a new inbound hook").requiredOption("--name <name>", "Hook name").requiredOption("--secret <secret>", "HMAC shared secret").option("--id <id>", "Hook ID (auto-generated if omitted)").option("--collection-scope <collections>", "Comma-separated collection scope").action(async function(opts) {
|
|
1108
1158
|
const ws = getDatabase(this);
|
|
1109
1159
|
const client = new ApiClient();
|
|
@@ -1144,8 +1194,8 @@ hooksCommand.command("delete <id>").description("Delete a hook").option("-y, --y
|
|
|
1144
1194
|
|
|
1145
1195
|
// src/commands/triggers.ts
|
|
1146
1196
|
import { randomUUID as randomUUID2 } from "crypto";
|
|
1147
|
-
import { Command as
|
|
1148
|
-
var triggersCommand = new
|
|
1197
|
+
import { Command as Command12 } from "commander";
|
|
1198
|
+
var triggersCommand = new Command12("triggers").description("Manage outbound triggers");
|
|
1149
1199
|
triggersCommand.command("create").description("Create an outbound trigger").requiredOption("--name <name>", "Trigger name").requiredOption("--url <url>", "Target URL").requiredOption("--secret <secret>", "HMAC signing secret").requiredOption("--events <events>", "Comma-separated event types").option("--id <id>", "Trigger ID (auto-generated if omitted)").option("--collection-scope <collections>", "Comma-separated collection scope").option("--filter <json>", "Filter expression (JSON)").action(async function(opts) {
|
|
1150
1200
|
const ws = getDatabase(this);
|
|
1151
1201
|
const client = new ApiClient();
|
|
@@ -1200,8 +1250,8 @@ triggersCommand.command("delete <id>").description("Delete a trigger").option("-
|
|
|
1200
1250
|
});
|
|
1201
1251
|
|
|
1202
1252
|
// src/commands/endpoints.ts
|
|
1203
|
-
import { Command as
|
|
1204
|
-
var endpointsCommand = new
|
|
1253
|
+
import { Command as Command13 } from "commander";
|
|
1254
|
+
var endpointsCommand = new Command13("endpoints").description("Manage MCP Factory endpoints");
|
|
1205
1255
|
endpointsCommand.command("upsert <slug>").description("Create or update an MCP endpoint").option("--name <name>", "Endpoint display name (required unless using --config)").option("--description <desc>", "Endpoint description").option("--tool <spec>", "Collection tool spec: collection:op1,op2 (repeatable)", collect, []).option("--relationship <spec>", "Relationship tool spec: rel_type:op1,op2 (repeatable)", collect, []).option("--batch <spec>", "Batch operation spec: collection_or_rel:op1,op2 (repeatable)", collect, []).option("--sql-query", "Enable sql_query tool").option("--config <json>", "Full endpoint config as JSON (supports name_override, description_override per tool). Use @file.json to read from file.").action(async function(slug, opts) {
|
|
1206
1256
|
const ws = getDatabase(this);
|
|
1207
1257
|
const client = new ApiClient();
|
|
@@ -1280,8 +1330,8 @@ function parseRelSpec(spec) {
|
|
|
1280
1330
|
}
|
|
1281
1331
|
|
|
1282
1332
|
// src/commands/batch.ts
|
|
1283
|
-
import { Command as
|
|
1284
|
-
var batchCommand = new
|
|
1333
|
+
import { Command as Command14 } from "commander";
|
|
1334
|
+
var batchCommand = new Command14("batch").description("Execute atomic batch operations (up to 1,000 operations)").requiredOption("--operations <json>", "Operations array (inline JSON or @filename)").action(async function(opts) {
|
|
1285
1335
|
const ws = getDatabase(this);
|
|
1286
1336
|
const client = new ApiClient();
|
|
1287
1337
|
const operations = parseData(opts.operations);
|
|
@@ -1292,9 +1342,9 @@ var batchCommand = new Command13("batch").description("Execute atomic batch oper
|
|
|
1292
1342
|
});
|
|
1293
1343
|
|
|
1294
1344
|
// src/commands/providers.ts
|
|
1295
|
-
import { Command as
|
|
1345
|
+
import { Command as Command15 } from "commander";
|
|
1296
1346
|
var VALID_PROVIDERS = "openai, anthropic, google, mcp";
|
|
1297
|
-
var providersCommand = new
|
|
1347
|
+
var providersCommand = new Command15("providers").description("Import/export tool definitions between LLM providers and Record collections");
|
|
1298
1348
|
providersCommand.command("import <provider>").description(`Import tool definitions as collections. Providers: ${VALID_PROVIDERS}`).requiredOption("--tools <json>", "Tool definitions (inline JSON or @filename)").action(async function(provider, opts) {
|
|
1299
1349
|
const ws = getDatabase(this);
|
|
1300
1350
|
const client = new ApiClient();
|
|
@@ -1330,8 +1380,8 @@ providersCommand.command("import-call <provider> <collection>").description(`Cre
|
|
|
1330
1380
|
});
|
|
1331
1381
|
|
|
1332
1382
|
// src/commands/tokens.ts
|
|
1333
|
-
import { Command as
|
|
1334
|
-
var tokensCommand = new
|
|
1383
|
+
import { Command as Command16 } from "commander";
|
|
1384
|
+
var tokensCommand = new Command16("tokens").description("Manage API tokens");
|
|
1335
1385
|
tokensCommand.command("create").description("Create a scoped API token").requiredOption("--name <name>", "Token name").requiredOption("--grants <json>", "Grant definitions as JSON array").option("--expires-at <date>", "Expiration date (ISO 8601, e.g., 2026-06-01T00:00:00Z)").action(async function(opts) {
|
|
1336
1386
|
const client = new ApiClient();
|
|
1337
1387
|
let grants;
|
|
@@ -1357,7 +1407,7 @@ tokensCommand.command("revoke <token_id>").description("Revoke an API token").ac
|
|
|
1357
1407
|
});
|
|
1358
1408
|
|
|
1359
1409
|
// src/commands/secrets.ts
|
|
1360
|
-
import { Command as
|
|
1410
|
+
import { Command as Command17 } from "commander";
|
|
1361
1411
|
import { readFileSync as readFileSync6 } from "fs";
|
|
1362
1412
|
function resolveValue(opts) {
|
|
1363
1413
|
if (opts.value === void 0 === (opts.file === void 0)) {
|
|
@@ -1366,7 +1416,7 @@ function resolveValue(opts) {
|
|
|
1366
1416
|
if (opts.file !== void 0) return readFileSync6(opts.file).toString("base64");
|
|
1367
1417
|
return opts.value;
|
|
1368
1418
|
}
|
|
1369
|
-
var secretsCommand = new
|
|
1419
|
+
var secretsCommand = new Command17("secrets").description("Manage organization vault secrets");
|
|
1370
1420
|
secretsCommand.command("create").description("Store a vault secret (a string value, or a file via --file as base64)").requiredOption("--name <name>", "Secret name").option("--value <value>", "Secret value (plain string)").option("--file <path>", "Read the value from a file and base64-encode it (certificates, keystores, SA JSON)").option("--content-type <mime>", "MIME type of the value (e.g. application/x-pkcs12)").option("--expires-at <date>", "Expiry as ISO-8601 (e.g. 2027-01-01T00:00:00Z) \u2014 surfaced by `list --expiring`").option("--tags <tags>", "Comma-separated tags").action(async function(opts) {
|
|
1371
1421
|
const client = new ApiClient();
|
|
1372
1422
|
const body = { name: opts.name, value: resolveValue(opts) };
|
|
@@ -1405,8 +1455,8 @@ secretsCommand.command("delete <id>").description("Delete a vault secret").optio
|
|
|
1405
1455
|
});
|
|
1406
1456
|
|
|
1407
1457
|
// src/commands/debug.ts
|
|
1408
|
-
import { Command as
|
|
1409
|
-
var debugCommand = new
|
|
1458
|
+
import { Command as Command18 } from "commander";
|
|
1459
|
+
var debugCommand = new Command18("debug").description("Platform-admin debug commands (requires platform:admin grant)");
|
|
1410
1460
|
var doCommand = debugCommand.command("do").description("Inspect live database storage state");
|
|
1411
1461
|
doCommand.command("tables <type> <id>").description("List internal tables and row counts. Types: database | org | user").action(async function(type, id) {
|
|
1412
1462
|
const client = new ApiClient();
|
|
@@ -1534,8 +1584,8 @@ reportCommand.command("dismiss <id>").description("Mark a report as dismissed (n
|
|
|
1534
1584
|
});
|
|
1535
1585
|
|
|
1536
1586
|
// src/commands/report-bug.ts
|
|
1537
|
-
import { Command as
|
|
1538
|
-
var reportBugCommand = new
|
|
1587
|
+
import { Command as Command19 } from "commander";
|
|
1588
|
+
var reportBugCommand = new Command19("report-bug").description("Submit a report to the Rekor triage queue (deduplicated)").requiredOption("--title <title>", "Short summary").requiredOption("--description <text>", "What happened").option("--source <source>", "Origin: cli_report (default) | review | security_audit").option("--classification <c>", "Nature: bug (default) | flaky_test | security").option("--dedup-key <key>", 'Stable dedup key (e.g. "<file>::<test>"); collapses repeat occurrences').option("--severity <level>", "low | medium | high | critical").option("--steps <text>", "Steps to reproduce").option("--error-message <text>", "Exact error text if any").option("--context <text>", "Additional context (logs, request IDs)").option("--locale <code>", "Notification locale (en | pt | es)", "en").option("--reporter-email <addr>", "Override reporter email (defaults to session email)").action(async function(opts) {
|
|
1539
1589
|
const client = new ApiClient();
|
|
1540
1590
|
const body = {
|
|
1541
1591
|
title: opts.title,
|
|
@@ -1560,7 +1610,7 @@ var reportBugCommand = new Command18("report-bug").description("Submit a report
|
|
|
1560
1610
|
});
|
|
1561
1611
|
|
|
1562
1612
|
// src/commands/update.ts
|
|
1563
|
-
import { Command as
|
|
1613
|
+
import { Command as Command20 } from "commander";
|
|
1564
1614
|
import { execFileSync } from "child_process";
|
|
1565
1615
|
|
|
1566
1616
|
// src/version.ts
|
|
@@ -1647,7 +1697,7 @@ function checkForUpdates(current) {
|
|
|
1647
1697
|
// package.json
|
|
1648
1698
|
var package_default = {
|
|
1649
1699
|
name: "rekor-cli",
|
|
1650
|
-
version: "0.1.
|
|
1700
|
+
version: "0.1.37",
|
|
1651
1701
|
type: "module",
|
|
1652
1702
|
engines: {
|
|
1653
1703
|
node: ">=20.0.0"
|
|
@@ -1683,7 +1733,7 @@ var package_default = {
|
|
|
1683
1733
|
};
|
|
1684
1734
|
|
|
1685
1735
|
// src/commands/update.ts
|
|
1686
|
-
var updateCommand = new
|
|
1736
|
+
var updateCommand = new Command20("update").description("Update the Rekor CLI to the latest published version").action(() => {
|
|
1687
1737
|
console.log(`Current version: ${package_default.version}`);
|
|
1688
1738
|
console.log("Checking for updates...");
|
|
1689
1739
|
let latest;
|
|
@@ -1714,8 +1764,8 @@ var updateCommand = new Command19("update").description("Update the Rekor CLI to
|
|
|
1714
1764
|
});
|
|
1715
1765
|
|
|
1716
1766
|
// src/commands/whoami.ts
|
|
1717
|
-
import { Command as
|
|
1718
|
-
var whoamiCommand = new
|
|
1767
|
+
import { Command as Command21 } from "commander";
|
|
1768
|
+
var whoamiCommand = new Command21("whoami").description("Show the authenticated identity").action(async function() {
|
|
1719
1769
|
const client = new ApiClient();
|
|
1720
1770
|
const me = await client.request("GET", "/v1/auth/me");
|
|
1721
1771
|
if (getFormat(this) === "json") {
|
|
@@ -1736,8 +1786,8 @@ var whoamiCommand = new Command20("whoami").description("Show the authenticated
|
|
|
1736
1786
|
});
|
|
1737
1787
|
|
|
1738
1788
|
// src/commands/status.ts
|
|
1739
|
-
import { Command as
|
|
1740
|
-
var statusCommand = new
|
|
1789
|
+
import { Command as Command22 } from "commander";
|
|
1790
|
+
var statusCommand = new Command22("status").description("Show auth, connectivity, and CLI version diagnostics").action(async function() {
|
|
1741
1791
|
const config = loadConfig();
|
|
1742
1792
|
const loggedIn = await isAuthenticated();
|
|
1743
1793
|
const cliLatest = readCachedLatest(package_default.version);
|
|
@@ -1781,7 +1831,7 @@ var statusCommand = new Command21("status").description("Show auth, connectivity
|
|
|
1781
1831
|
});
|
|
1782
1832
|
|
|
1783
1833
|
// src/program.ts
|
|
1784
|
-
var program = new
|
|
1834
|
+
var program = new Command23("rekor").description("Rekor CLI \u2014 System of Record for AI agents").version(package_default.version).option("--database <id>", "Database ID").option("--output <format>", "Output format: json or table", "table").option("--json", "Shorthand for --output json");
|
|
1785
1835
|
program.addCommand(loginCommand);
|
|
1786
1836
|
program.addCommand(logoutCommand);
|
|
1787
1837
|
program.addCommand(whoamiCommand);
|
|
@@ -1791,6 +1841,7 @@ program.addCommand(collectionsCommand);
|
|
|
1791
1841
|
program.addCommand(documentsCommand);
|
|
1792
1842
|
program.addCommand(sqlCommand);
|
|
1793
1843
|
program.addCommand(relationshipsCommand);
|
|
1844
|
+
program.addCommand(relationshipTypesCommand);
|
|
1794
1845
|
program.addCommand(queryRelationshipsCommand);
|
|
1795
1846
|
program.addCommand(attachmentsCommand);
|
|
1796
1847
|
program.addCommand(hooksCommand);
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/program.ts","../src/commands/login.ts","../src/config.ts","../src/token-store.ts","../src/oauth.ts","../src/auth.ts","../src/pkce.ts","../src/env.ts","../src/commands/logout.ts","../src/errors.ts","../src/client.ts","../src/commands/databases.ts","../src/output.ts","../src/helpers.ts","../src/prompt.ts","../src/commands/collections.ts","../src/commands/documents.ts","../src/commands/sql.ts","../src/commands/relationships.ts","../src/commands/query-relationships.ts","../src/commands/attachments.ts","../src/commands/hooks.ts","../src/commands/triggers.ts","../src/commands/endpoints.ts","../src/commands/batch.ts","../src/commands/providers.ts","../src/commands/tokens.ts","../src/commands/secrets.ts","../src/commands/debug.ts","../src/commands/report-bug.ts","../src/commands/update.ts","../src/version.ts","../src/version-check.ts","../package.json","../src/commands/whoami.ts","../src/commands/status.ts","../src/telemetry.ts","../src/index.ts"],"sourcesContent":["import { Command } from 'commander';\nimport { loginCommand } from './commands/login.js';\nimport { logoutCommand } from './commands/logout.js';\nimport { databasesCommand } from './commands/databases.js';\nimport { collectionsCommand } from './commands/collections.js';\nimport { documentsCommand } from './commands/documents.js';\nimport { sqlCommand } from './commands/sql.js';\nimport { relationshipsCommand } from './commands/relationships.js';\nimport { queryRelationshipsCommand } from './commands/query-relationships.js';\nimport { attachmentsCommand } from './commands/attachments.js';\nimport { hooksCommand } from './commands/hooks.js';\nimport { triggersCommand } from './commands/triggers.js';\nimport { endpointsCommand } from './commands/endpoints.js';\nimport { batchCommand } from './commands/batch.js';\nimport { providersCommand } from './commands/providers.js';\nimport { tokensCommand } from './commands/tokens.js';\nimport { secretsCommand } from './commands/secrets.js';\nimport { debugCommand } from './commands/debug.js';\nimport { reportBugCommand } from './commands/report-bug.js';\nimport { updateCommand } from './commands/update.js';\nimport { whoamiCommand } from './commands/whoami.js';\nimport { statusCommand } from './commands/status.js';\nimport pkg from '../package.json' with { type: 'json' };\n\nexport const program = new Command('rekor')\n .description('Rekor CLI — System of Record for AI agents')\n .version(pkg.version)\n .option('--database <id>', 'Database ID')\n .option('--output <format>', 'Output format: json or table', 'table')\n .option('--json', 'Shorthand for --output json');\n\nprogram.addCommand(loginCommand);\nprogram.addCommand(logoutCommand);\nprogram.addCommand(whoamiCommand);\nprogram.addCommand(statusCommand);\nprogram.addCommand(databasesCommand);\nprogram.addCommand(collectionsCommand);\nprogram.addCommand(documentsCommand);\nprogram.addCommand(sqlCommand);\nprogram.addCommand(relationshipsCommand);\nprogram.addCommand(queryRelationshipsCommand);\nprogram.addCommand(attachmentsCommand);\nprogram.addCommand(hooksCommand);\nprogram.addCommand(triggersCommand);\nprogram.addCommand(batchCommand);\nprogram.addCommand(providersCommand);\nprogram.addCommand(tokensCommand);\nprogram.addCommand(secretsCommand);\nprogram.addCommand(endpointsCommand);\nprogram.addCommand(debugCommand);\nprogram.addCommand(reportBugCommand);\nprogram.addCommand(updateCommand);\n","import { Command } from 'commander';\nimport { login } from '../auth.js';\nimport { loadConfig, saveConfig } from '../config.js';\nimport {\n exchangeCodeForTokens,\n expiresInToIso,\n refreshTokenMissingWarning,\n startCallbackServer,\n getAuthKitDomain,\n getAuthKitClientId,\n OAUTH_CALLBACK_PORT,\n} from '../oauth.js';\nimport {\n generateCodeVerifier,\n generateCodeChallenge,\n generateState,\n} from '../pkce.js';\nimport { setOAuthTokens } from '../token-store.js';\nimport { isSSH } from '../env.js';\n\nconst FALLBACK_URL_DELAY_MS = 5_000;\n\nexport const loginCommand = new Command('login')\n .description('Authenticate with Rekor')\n .option('--token <token>', 'API key for headless/CI authentication (rec_...)')\n .option('--api-url <url>', 'API base URL')\n .action(async (opts: { token?: string; apiUrl?: string }) => {\n if (opts.token) {\n await login(opts.token, opts.apiUrl);\n console.log('Authenticated successfully');\n return;\n }\n\n // Let failures propagate to the top-level handler so the error prints cleanly and\n // telemetry flushes (a local process.exit here would bypass both).\n await browserLoginPkce(opts.apiUrl);\n console.log('Authenticated successfully');\n });\n\nasync function browserLoginPkce(apiUrl?: string): Promise<void> {\n const codeVerifier = generateCodeVerifier();\n const codeChallenge = generateCodeChallenge(codeVerifier);\n const state = generateState();\n\n const port = OAUTH_CALLBACK_PORT;\n const redirectUri = `http://127.0.0.1:${port}/callback`;\n\n const authkitDomain = getAuthKitDomain();\n const clientId = getAuthKitClientId();\n\n const authorizeUrl = new URL(`${authkitDomain}/oauth2/authorize`);\n authorizeUrl.searchParams.set('client_id', clientId);\n authorizeUrl.searchParams.set('redirect_uri', redirectUri);\n authorizeUrl.searchParams.set('response_type', 'code');\n authorizeUrl.searchParams.set('code_challenge', codeChallenge);\n authorizeUrl.searchParams.set('code_challenge_method', 'S256');\n authorizeUrl.searchParams.set('state', state);\n // offline_access asks AuthKit to issue a refresh_token alongside the access_token —\n // without it the CLI would re-prompt every ~1h when the access token expires.\n authorizeUrl.searchParams.set('scope', 'openid profile email offline_access');\n\n // Start the callback server first so the redirect can land.\n const callbackPromise = startCallbackServer(port, state);\n\n let fallbackTimer: ReturnType<typeof setTimeout> | undefined;\n if (isSSH()) {\n // No usable browser over SSH — print the URL up front instead of auto-opening.\n console.log('SSH session detected. Open this URL in a browser to authenticate:');\n console.log(authorizeUrl.toString());\n } else {\n console.log('Opening browser for authentication...');\n const open = await import('open').then(m => m.default);\n\n // open() resolves on spawn, not browser launch — print a fallback URL after a delay.\n let fallbackPrinted = false;\n fallbackTimer = setTimeout(() => {\n fallbackPrinted = true;\n console.log(`If the browser didn't open, visit: ${authorizeUrl.toString()}`);\n }, FALLBACK_URL_DELAY_MS);\n\n open(authorizeUrl.toString()).catch(() => {\n if (fallbackPrinted) return;\n clearTimeout(fallbackTimer);\n console.log('Could not open browser automatically.');\n console.log(`Visit: ${authorizeUrl.toString()}`);\n });\n }\n\n let code: string;\n try {\n ({ code } = await callbackPromise);\n } finally {\n if (fallbackTimer) clearTimeout(fallbackTimer);\n }\n\n const tokens = await exchangeCodeForTokens(authkitDomain, clientId, code, codeVerifier, redirectUri);\n const expiresAt = expiresInToIso(tokens.expires_in);\n await setOAuthTokens(tokens.access_token, tokens.refresh_token, expiresAt);\n\n const noRefreshWarning = refreshTokenMissingWarning(tokens.refresh_token);\n if (noRefreshWarning) console.warn(noRefreshWarning);\n\n const config = loadConfig();\n saveConfig({\n ...config,\n api_url: apiUrl ?? config.api_url,\n });\n}\n","import { readFileSync, writeFileSync, mkdirSync } from 'fs';\nimport { join } from 'path';\nimport { homedir } from 'os';\n\nconst CONFIG_DIR = join(homedir(), '.config', 'rekor');\nconst CONFIG_FILE = join(CONFIG_DIR, 'config.json');\n\nexport interface Config {\n api_url: string;\n default_database?: string;\n org_id?: string;\n}\n\ninterface ConfigFile extends Config {\n // Tokens may linger here from older CLI versions until token-store migrates them.\n token?: string;\n [key: string]: unknown;\n}\n\nexport function loadConfig(): Config {\n const envUrl = process.env['REKOR_API_URL'];\n\n try {\n const raw = readFileSync(CONFIG_FILE, 'utf-8');\n const stored = JSON.parse(raw) as ConfigFile;\n return {\n api_url: envUrl ?? stored.api_url ?? 'http://localhost:8787',\n default_database: stored.default_database,\n org_id: stored.org_id,\n };\n } catch {\n return {\n api_url: envUrl ?? 'http://localhost:8787',\n };\n }\n}\n\nexport function saveConfig(config: Config): void {\n mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });\n let existing: ConfigFile = {} as ConfigFile;\n try {\n existing = JSON.parse(readFileSync(CONFIG_FILE, 'utf-8')) as ConfigFile;\n } catch {\n existing = {} as ConfigFile;\n }\n const merged: ConfigFile = { ...existing, ...config };\n writeFileSync(CONFIG_FILE, JSON.stringify(merged, null, 2), { mode: 0o600 });\n}\n\nexport { CONFIG_DIR, CONFIG_FILE };\n","import * as fs from 'node:fs';\nimport { CONFIG_DIR, CONFIG_FILE } from './config.js';\n\nconst KEYRING_SERVICE = 'rekor';\nconst KEY_REC = 'rec_token';\nconst KEY_OAUTH_ACCESS = 'oauth_access_token';\nconst KEY_OAUTH_REFRESH = 'oauth_refresh_token';\n\ninterface KeyringBinding {\n getPassword(service: string, account: string): Promise<string | null>;\n setPassword(service: string, account: string, password: string): Promise<void>;\n deletePassword(service: string, account: string): Promise<boolean>;\n}\n\nlet keyringCache: KeyringBinding | null | undefined;\n\nasync function getKeyring(): Promise<KeyringBinding | null> {\n if (keyringCache !== undefined) return keyringCache;\n try {\n const mod = await import('@napi-rs/keyring');\n const Entry = mod.Entry;\n keyringCache = {\n async getPassword(service, account) {\n try { return new Entry(service, account).getPassword(); } catch { return null; }\n },\n async setPassword(service, account, password) {\n new Entry(service, account).setPassword(password);\n },\n async deletePassword(service, account) {\n try { return new Entry(service, account).deletePassword(); } catch { return false; }\n },\n };\n } catch {\n keyringCache = null;\n }\n return keyringCache;\n}\n\nfunction manualCleanupCommand(account: string): string {\n if (process.platform === 'darwin') {\n return `security delete-generic-password -s ${KEYRING_SERVICE} -a ${account}`;\n }\n if (process.platform === 'win32') {\n return `cmdkey /delete:${KEYRING_SERVICE}/${account}`;\n }\n if (process.platform === 'linux') {\n return `secret-tool clear service ${KEYRING_SERVICE} account ${account}`;\n }\n return `(remove service=\"${KEYRING_SERVICE}\" account=\"${account}\" from your OS credential store)`;\n}\n\ninterface LegacyConfigFile {\n api_url?: string;\n token?: string;\n access_token?: string;\n refresh_token?: string;\n token_expires_at?: string;\n default_database?: string;\n org_id?: string;\n [key: string]: unknown;\n}\n\nfunction readConfigFile(): LegacyConfigFile | null {\n if (!fs.existsSync(CONFIG_FILE)) return null;\n try {\n return JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf-8')) as LegacyConfigFile;\n } catch {\n return null;\n }\n}\n\nfunction writeConfigFile(data: LegacyConfigFile): void {\n if (!fs.existsSync(CONFIG_DIR)) {\n fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });\n }\n fs.writeFileSync(CONFIG_FILE, JSON.stringify(data, null, 2), { mode: 0o600 });\n}\n\n// Delete reported success but get still returned a value — the keychain ignored the delete.\nexport class StaleKeyringSlotError extends Error {\n constructor(public readonly account: string) {\n super(\n `Stale credential remains in OS keychain slot \"${account}\" after delete. ` +\n `Clean it up manually and retry:\\n ${manualCleanupCommand(account)}`,\n );\n this.name = 'StaleKeyringSlotError';\n }\n}\n\nasync function clearSlot(keyring: KeyringBinding, account: string): Promise<boolean> {\n await keyring.deletePassword(KEYRING_SERVICE, account);\n try {\n return (await keyring.getPassword(KEYRING_SERVICE, account)) === null;\n } catch {\n return false;\n }\n}\n\nexport type ResolvedToken =\n | { kind: 'rec'; token: string }\n | { kind: 'oauth'; access_token: string; refresh_token?: string; expires_at?: string };\n\nfunction stripTokenFieldsFromFile(): void {\n const existing = readConfigFile();\n if (!existing) return;\n if (existing.token === undefined && existing.access_token === undefined && existing.refresh_token === undefined) return;\n delete existing.token;\n delete existing.access_token;\n delete existing.refresh_token;\n writeConfigFile(existing);\n}\n\nfunction readMetadataExpiresAt(): string | undefined {\n return readConfigFile()?.token_expires_at;\n}\n\nfunction writeMetadataExpiresAt(value: string | undefined): void {\n const existing = readConfigFile() ?? {};\n if (value === undefined) {\n delete existing.token_expires_at;\n } else {\n existing.token_expires_at = value;\n }\n writeConfigFile(existing);\n}\n\nasync function migrateLegacyFileToken(keyring: KeyringBinding | null): Promise<ResolvedToken | null> {\n const existing = readConfigFile();\n if (!existing) return null;\n\n // Prefer OAuth fields if present (newer file-fallback format), else legacy `token`.\n if (existing.access_token) {\n const out: ResolvedToken = {\n kind: 'oauth',\n access_token: existing.access_token,\n refresh_token: existing.refresh_token,\n expires_at: existing.token_expires_at,\n };\n if (keyring) {\n try {\n // Keyring wins on conflict — only migrate if slots are empty.\n const accessExisting = await keyring.getPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS);\n if (!accessExisting) {\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS, existing.access_token);\n if (existing.refresh_token) {\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_REFRESH, existing.refresh_token);\n }\n }\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip legacy OAuth tokens from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n } catch (err) {\n console.warn(`rekor: OAuth migration to keychain failed (${(err as Error).message}); continuing with file-backed.`);\n }\n }\n return out;\n }\n\n if (existing.token) {\n const token = existing.token;\n if (!keyring) return { kind: 'rec', token };\n try {\n const recExisting = await keyring.getPassword(KEYRING_SERVICE, KEY_REC);\n if (recExisting) {\n // Keyring wins — strip stale file copy.\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip stale token from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n return null;\n }\n await keyring.setPassword(KEYRING_SERVICE, KEY_REC, token);\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip legacy token from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n } catch (err) {\n console.warn(`rekor: keychain migration failed (${(err as Error).message}); continuing with file-backed token.`);\n }\n return { kind: 'rec', token };\n }\n\n return null;\n}\n\n// Read order: REKOR_TOKEN env → rec_ slot → OAuth slot. rec_ wins so an OAuth fallback can't silently switch identities.\nexport async function getResolvedToken(): Promise<ResolvedToken | null> {\n const envToken = process.env['REKOR_TOKEN'];\n if (envToken) {\n // Always rec-kind — preserves `REKOR_TOKEN=dev` for DEV_BYPASS_AUTH and avoids the OAuth refresh path on plain strings.\n return { kind: 'rec', token: envToken };\n }\n\n const keyring = await getKeyring();\n const migrated = await migrateLegacyFileToken(keyring);\n if (migrated) return migrated;\n\n if (keyring) {\n // All three slots in parallel — rec_ wins read precedence but probing sequentially would block on empty slots.\n const [rec, access, refresh] = await Promise.all([\n keyring.getPassword(KEYRING_SERVICE, KEY_REC),\n keyring.getPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS),\n keyring.getPassword(KEYRING_SERVICE, KEY_OAUTH_REFRESH),\n ]);\n if (rec) return { kind: 'rec', token: rec };\n if (access) {\n const out: ResolvedToken = { kind: 'oauth', access_token: access };\n if (refresh) out.refresh_token = refresh;\n const expiresAt = readMetadataExpiresAt();\n if (expiresAt) out.expires_at = expiresAt;\n return out;\n }\n }\n\n return null;\n}\n\n// Backwards-compatible single-string accessor for callers that don't need the kind.\nexport async function getToken(): Promise<string | null> {\n const resolved = await getResolvedToken();\n if (!resolved) return null;\n return resolved.kind === 'rec' ? resolved.token : resolved.access_token;\n}\n\nexport async function setToken(token: string): Promise<void> {\n await setRecToken(token);\n}\n\nexport async function setRecToken(token: string): Promise<void> {\n const keyring = await getKeyring();\n if (keyring) {\n try {\n // Clear OAuth slots first — a stale OAuth would survive `rekor logout` and confuse mode-switch debugging.\n const [accessCleared, refreshCleared] = await Promise.all([\n clearSlot(keyring, KEY_OAUTH_ACCESS),\n clearSlot(keyring, KEY_OAUTH_REFRESH),\n ]);\n const stuck = [\n accessCleared ? null : KEY_OAUTH_ACCESS,\n refreshCleared ? null : KEY_OAUTH_REFRESH,\n ].filter((a): a is string => a !== null);\n if (stuck.length > 0) {\n console.warn(\n [\n `rekor: stale OAuth credential remains in OS keychain after delete. Commands work but logout won't fully clear. Manually:`,\n ...stuck.map(a => ` ${manualCleanupCommand(a)}`),\n ].join('\\n'),\n );\n }\n await keyring.setPassword(KEYRING_SERVICE, KEY_REC, token);\n writeMetadataExpiresAt(undefined);\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip stale tokens from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n return;\n } catch (err) {\n if (err instanceof StaleKeyringSlotError) throw err;\n console.warn(`rekor: keychain write failed (${(err as Error).message}); falling back to file storage.`);\n }\n }\n const existing = readConfigFile() ?? {};\n delete existing.access_token;\n delete existing.refresh_token;\n delete existing.token_expires_at;\n existing.token = token;\n writeConfigFile(existing);\n}\n\nexport async function setOAuthTokens(\n accessToken: string,\n refreshToken: string | undefined,\n expiresAt: string,\n): Promise<void> {\n const keyring = await getKeyring();\n if (keyring) {\n try {\n // rec_ wins the read race — a leftover would mask new OAuth tokens; verify empty after delete and fail loudly.\n if (!(await clearSlot(keyring, KEY_REC))) {\n throw new StaleKeyringSlotError(KEY_REC);\n }\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS, accessToken);\n if (refreshToken) {\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_REFRESH, refreshToken);\n } else {\n // Best-effort clear of any stale refresh slot when the new pair has none.\n await clearSlot(keyring, KEY_OAUTH_REFRESH);\n }\n writeMetadataExpiresAt(expiresAt);\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip stale tokens from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n return;\n } catch (err) {\n // StaleKeyringSlotError propagates — file fallback won't help if the keyring still holds rec_.\n if (err instanceof StaleKeyringSlotError) throw err;\n console.warn(`rekor: keychain write failed (${(err as Error).message}); falling back to file storage.`);\n }\n }\n const existing = readConfigFile() ?? {};\n delete existing.token;\n existing.access_token = accessToken;\n if (refreshToken) existing.refresh_token = refreshToken;\n existing.token_expires_at = expiresAt;\n writeConfigFile(existing);\n}\n\nexport async function clearToken(): Promise<void> {\n await clearAllTokens();\n}\n\nexport async function clearAllTokens(): Promise<void> {\n const keyring = await getKeyring();\n if (keyring) {\n const slots = [KEY_REC, KEY_OAUTH_ACCESS, KEY_OAUTH_REFRESH] as const;\n const cleared = await Promise.all(slots.map(s => clearSlot(keyring, s)));\n for (const [i, ok] of cleared.entries()) {\n if (!ok) {\n const account = slots[i]!;\n console.warn(\n `rekor: could not clear keychain slot \"${account}\". Subsequent commands may still pick the stale token. Manually:\\n ${manualCleanupCommand(account)}`,\n );\n }\n }\n }\n const existing = readConfigFile();\n if (existing) {\n let dirty = false;\n for (const k of ['token', 'access_token', 'refresh_token', 'token_expires_at'] as const) {\n if (existing[k] !== undefined) {\n delete existing[k];\n dirty = true;\n }\n }\n if (dirty) writeConfigFile(existing);\n }\n}\n\nexport function __setKeyringForTesting(binding: KeyringBinding | null): void {\n keyringCache = binding;\n}\n\nexport function __resetKeyringForTesting(): void {\n keyringCache = undefined;\n}\n","import * as http from 'node:http';\n\n// Fixed port for the OAuth redirect URI — must match what's registered in WorkOS AuthKit.\nexport const OAUTH_CALLBACK_PORT = 3927;\n\nconst DEFAULT_AUTHKIT_DOMAIN = 'https://engaging-tip-62.authkit.app';\nconst DEFAULT_AUTHKIT_CLIENT_ID = 'client_01KSMZJ6YN7VAKTP2BW41V56SZ';\n\nexport function getAuthKitDomain(): string {\n return process.env['REKOR_AUTHKIT_DOMAIN'] || DEFAULT_AUTHKIT_DOMAIN;\n}\n\nexport function getAuthKitClientId(): string {\n return process.env['REKOR_AUTHKIT_CLIENT_ID'] || DEFAULT_AUTHKIT_CLIENT_ID;\n}\n\nexport interface TokenResponse {\n access_token: string;\n refresh_token?: string;\n expires_in: number;\n}\n\nexport function expiresInToIso(expiresInSeconds: number): string {\n return new Date(Date.now() + expiresInSeconds * 1000).toISOString();\n}\n\n// AuthKit only returns a refresh_token when the app is configured to issue them (offline_access).\n// Without one, the short-lived access token can't be silently renewed — the session dies within\n// minutes and every command fails until the next `rekor login`. Surface that at login time rather\n// than letting the user discover it via a confusing mid-session auth failure.\nexport function refreshTokenMissingWarning(refreshToken: string | undefined): string | null {\n if (refreshToken) return null;\n return (\n 'Signed in, but no refresh token was issued — this session will expire shortly and you will ' +\n 'need to run `rekor login` again. Enable refresh tokens (offline_access) on the WorkOS AuthKit ' +\n 'application to keep CLI sessions alive.'\n );\n}\n\nfunction asTokenResponse(value: unknown): TokenResponse {\n if (typeof value !== 'object' || value === null) {\n throw new Error('AuthKit returned a non-object token payload');\n }\n const v = value as Partial<TokenResponse>;\n if (typeof v.access_token !== 'string' || typeof v.expires_in !== 'number') {\n throw new Error('AuthKit token payload missing required fields');\n }\n const out: TokenResponse = { access_token: v.access_token, expires_in: v.expires_in };\n if (typeof v.refresh_token === 'string') out.refresh_token = v.refresh_token;\n return out;\n}\n\nexport async function exchangeCodeForTokens(\n authkitDomain: string,\n clientId: string,\n code: string,\n codeVerifier: string,\n redirectUri: string,\n): Promise<TokenResponse> {\n const response = await fetch(`${authkitDomain}/oauth2/token`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: new URLSearchParams({\n grant_type: 'authorization_code',\n code,\n code_verifier: codeVerifier,\n redirect_uri: redirectUri,\n client_id: clientId,\n }).toString(),\n });\n\n if (!response.ok) {\n const body = await response.text();\n throw new Error(`Token exchange failed (${response.status}): ${body}`);\n }\n\n return asTokenResponse(await response.json());\n}\n\nexport class SessionExpiredError extends Error {\n constructor() {\n super('SESSION_EXPIRED');\n this.name = 'SessionExpiredError';\n }\n}\n\nexport async function refreshAccessToken(\n authkitDomain: string,\n clientId: string,\n refreshToken: string,\n): Promise<TokenResponse> {\n const response = await fetch(`${authkitDomain}/oauth2/token`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: new URLSearchParams({\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n client_id: clientId,\n }).toString(),\n });\n\n if (!response.ok) {\n const status = response.status;\n const body = await response.text();\n\n if (status === 400 || status === 401) {\n try {\n const parsed = JSON.parse(body) as { error?: string };\n if (parsed.error === 'invalid_grant') throw new SessionExpiredError();\n } catch (err) {\n if (err instanceof SessionExpiredError) throw err;\n // Non-JSON body — fall through to generic error.\n }\n }\n\n throw new Error(`Token refresh failed (${status}): ${body}`);\n }\n\n return asTokenResponse(await response.json());\n}\n\nexport function startCallbackServer(\n port: number,\n expectedState: string,\n timeoutMs: number = 120_000,\n): Promise<{ code: string }> {\n return new Promise((resolve, reject) => {\n let handled = false;\n const server = http.createServer((req, res) => {\n const url = new URL(req.url || '/', `http://127.0.0.1:${port}`);\n if (url.pathname !== '/callback') {\n res.writeHead(404);\n res.end();\n return;\n }\n\n if (handled) {\n res.writeHead(409);\n res.end();\n return;\n }\n\n const code = url.searchParams.get('code');\n const state = url.searchParams.get('state');\n const error = url.searchParams.get('error');\n const errorDescription = url.searchParams.get('error_description');\n\n if (error) {\n handled = true;\n res.writeHead(400, { 'Content-Type': 'text/html' });\n res.end(errorPage(errorDescription || error));\n cleanup();\n reject(new Error(`OAuth error: ${errorDescription || error}`));\n return;\n }\n\n if (state !== expectedState) {\n handled = true;\n res.writeHead(400, { 'Content-Type': 'text/html' });\n res.end(errorPage('Invalid state parameter'));\n cleanup();\n reject(new Error('OAuth state mismatch — possible CSRF attempt'));\n return;\n }\n\n if (!code) {\n handled = true;\n res.writeHead(400, { 'Content-Type': 'text/html' });\n res.end(errorPage('No authorization code received'));\n cleanup();\n reject(new Error('No authorization code received'));\n return;\n }\n\n handled = true;\n res.writeHead(200, { 'Content-Type': 'text/html' });\n res.end(successPage());\n cleanup();\n resolve({ code });\n });\n\n const timeout = setTimeout(() => {\n cleanup();\n reject(new Error('Timed out waiting for login. Run `rekor login` again.'));\n }, timeoutMs);\n\n function cleanup(): void {\n clearTimeout(timeout);\n server.close();\n }\n\n server.on('error', (err: NodeJS.ErrnoException) => {\n cleanup();\n if (err.code === 'EADDRINUSE') {\n reject(new Error(`Port ${port} is in use. Close the other process and retry.`));\n } else {\n reject(err);\n }\n });\n\n server.listen(port, '127.0.0.1');\n });\n}\n\nfunction successPage(): string {\n return `<!DOCTYPE html>\n<html><head><title>Rekor CLI</title></head>\n<body style=\"font-family: system-ui, sans-serif; display: flex; align-items: center; justify-content: center; min-height: 100vh; margin: 0; background: #fafafa;\">\n <div style=\"text-align: center;\">\n <h1 style=\"font-size: 1.25rem; font-weight: 600;\">Authentication successful</h1>\n <p style=\"color: #666; margin-top: 0.5rem;\">You can close this tab and return to your terminal.</p>\n </div>\n</body></html>`;\n}\n\n// `message` comes from OAuth redirect params — encode so a compromised IdP can't inject HTML into the localhost page.\nfunction escapeHtml(input: string): string {\n return input\n .replace(/&/g, '&')\n .replace(/</g, '<')\n .replace(/>/g, '>')\n .replace(/\"/g, '"')\n .replace(/'/g, ''');\n}\n\nfunction errorPage(message: string): string {\n return `<!DOCTYPE html>\n<html><head><title>Rekor CLI</title></head>\n<body style=\"font-family: system-ui, sans-serif; display: flex; align-items: center; justify-content: center; min-height: 100vh; margin: 0; background: #fafafa;\">\n <div style=\"text-align: center;\">\n <h1 style=\"font-size: 1.25rem; font-weight: 600; color: #dc2626;\">Authentication failed</h1>\n <p style=\"color: #666; margin-top: 0.5rem;\">${escapeHtml(message)}</p>\n </div>\n</body></html>`;\n}\n","import { loadConfig, saveConfig } from './config.js';\nimport { getResolvedToken, setRecToken, setOAuthTokens, clearAllTokens, type ResolvedToken } from './token-store.js';\nimport { refreshAccessToken, expiresInToIso, getAuthKitDomain, getAuthKitClientId, SessionExpiredError } from './oauth.js';\n\n/** Persist a pasted rec_ token (CI / headless path). */\nexport async function login(token: string, apiUrl?: string): Promise<void> {\n await setRecToken(token);\n const config = loadConfig();\n saveConfig({\n ...config,\n api_url: apiUrl ?? config.api_url,\n });\n}\n\nconst REFRESH_LEEWAY_MS = 60_000;\n\n// Returns a valid access token; silently refreshes OAuth tokens within 60s of expiry.\nexport async function getAccessToken(): Promise<string | null> {\n const resolved = await getResolvedToken();\n if (!resolved) return null;\n\n if (resolved.kind === 'rec') return resolved.token;\n\n // OAuth path — refresh if near expiry. Missing/unparseable expires_at: assume valid, let the API surface a real 401.\n const expiresAtMs = resolved.expires_at ? new Date(resolved.expires_at).getTime() : Number.NaN;\n if (!Number.isFinite(expiresAtMs) || expiresAtMs > Date.now() + REFRESH_LEEWAY_MS) {\n return resolved.access_token;\n }\n if (!resolved.refresh_token) {\n throw new Error('Access token expired and no refresh token available. Run `rekor login` again.');\n }\n\n try {\n const result = await refreshAccessToken(getAuthKitDomain(), getAuthKitClientId(), resolved.refresh_token);\n const newExpiresAt = expiresInToIso(result.expires_in);\n await setOAuthTokens(result.access_token, result.refresh_token ?? resolved.refresh_token, newExpiresAt);\n return result.access_token;\n } catch (err) {\n if (err instanceof SessionExpiredError) {\n await clearAllTokens();\n throw new Error('Session expired. Run `rekor login` again.');\n }\n throw err;\n }\n}\n\n/** Auth kind for the current credential, without resolving the token itself. Used by logout to decide if it should call the revoke endpoint. */\nexport async function currentAuthKind(): Promise<ResolvedToken['kind'] | null> {\n const resolved = await getResolvedToken();\n return resolved?.kind ?? null;\n}\n\nexport async function isAuthenticated(): Promise<boolean> {\n return (await getResolvedToken()) !== null;\n}\n","import * as crypto from 'node:crypto';\n\nexport function generateCodeVerifier(): string {\n return crypto.randomBytes(32).toString('base64url');\n}\n\nexport function generateCodeChallenge(verifier: string): string {\n return crypto.createHash('sha256').update(verifier).digest().toString('base64url');\n}\n\nexport function generateState(): string {\n return crypto.randomBytes(16).toString('base64url');\n}\n","/** Environment detection helpers for adapting CLI UX to CI, pipes, and remote sessions. */\n\nexport function isCI(): boolean {\n return Boolean(process.env['CI']);\n}\n\n/** True when both stdin and stdout are TTYs — safe to render interactive prompts. */\nexport function isInteractive(): boolean {\n return Boolean(process.stdin.isTTY && process.stdout.isTTY);\n}\n\n/** True when running inside an SSH session — browser auto-open won't reach the user. */\nexport function isSSH(): boolean {\n return Boolean(process.env['SSH_CONNECTION'] || process.env['SSH_TTY']);\n}\n","import { Command } from 'commander';\nimport { clearAllTokens } from '../token-store.js';\nimport { currentAuthKind } from '../auth.js';\nimport { ApiClient } from '../client.js';\n\nexport const logoutCommand = new Command('logout')\n .description('Remove stored authentication credentials')\n .action(async () => {\n const kind = await currentAuthKind();\n\n // For OAuth sessions, ask the backend to revoke the WorkOS session so cross-device\n // logout works. Best-effort — errors don't block local credential cleanup.\n if (kind === 'oauth') {\n try {\n const client = new ApiClient();\n await client.request('POST', '/v1/auth/logout');\n } catch (err) {\n console.warn(`rekor: server-side logout failed (${err instanceof Error ? err.message : 'unknown'}); clearing local credentials anyway.`);\n }\n }\n\n await clearAllTokens();\n console.log('Logged out successfully');\n });\n","/** Error raised by the API client carrying the HTTP status so callers can branch and hint. */\nexport class ApiError extends Error {\n constructor(\n public readonly status: number,\n message: string,\n public readonly code?: string,\n public readonly body?: unknown,\n ) {\n super(message);\n this.name = 'ApiError';\n }\n\n /** 4xx are user-facing (bad input, auth, quota) — not bugs worth reporting. */\n get isExpected(): boolean {\n return this.status >= 400 && this.status < 500;\n }\n}\n\n/** A short actionable line for a known failure, or null when the raw message is enough. */\nexport function friendlyHint(err: unknown): string | null {\n if (!(err instanceof ApiError)) return null;\n switch (err.status) {\n case 401:\n return 'Authentication failed or session expired. Run `rekor login`.';\n case 402:\n return 'Quota exceeded for your plan. Review usage or upgrade your plan.';\n case 403:\n return 'Access denied. Your token may lack permission for this resource.';\n case 429:\n return 'Rate limited. Wait a moment and try again.';\n default:\n if (err.status >= 500) return 'Rekor server error. Try again shortly.';\n return null;\n }\n}\n\n/** Print a clean `Error: …` line plus a hint when we have one. Never prints a stack trace. */\nexport function handleCliError(err: unknown): void {\n const message = err instanceof Error ? err.message : String(err);\n console.error(`Error: ${message}`);\n const hint = friendlyHint(err);\n if (hint) console.error(hint);\n}\n","import { loadConfig } from './config.js';\nimport { getAccessToken } from './auth.js';\nimport { ApiError } from './errors.js';\n\nexport class ApiClient {\n readonly baseUrl: string;\n private _tokenPromise: Promise<string | null> | undefined;\n\n constructor() {\n const config = loadConfig();\n this.baseUrl = config.api_url;\n }\n\n private getToken(): Promise<string | null> {\n if (!this._tokenPromise) this._tokenPromise = getAccessToken();\n return this._tokenPromise;\n }\n\n private async authHeaders(): Promise<Record<string, string>> {\n const token = await this.getToken();\n return token ? { 'Authorization': `Bearer ${token}` } : {};\n }\n\n async request<T = unknown>(method: string, path: string, body?: unknown): Promise<T> {\n const res = await fetch(`${this.baseUrl}${path}`, {\n method,\n headers: {\n ...(await this.authHeaders()),\n 'Content-Type': 'application/json',\n },\n body: body ? JSON.stringify(body) : undefined,\n });\n\n // Read the body once as text — error/204 responses may be empty or non-JSON, and\n // an unconditional res.json() would throw before we can map the status to an ApiError.\n const text = await res.text();\n let parsed: { data?: T; error?: { message?: string; code?: string } } | undefined;\n if (text) {\n try {\n parsed = JSON.parse(text) as typeof parsed;\n } catch {\n parsed = undefined;\n }\n }\n\n if (!res.ok) {\n throw new ApiError(\n res.status,\n parsed?.error?.message ?? `HTTP ${res.status}`,\n parsed?.error?.code,\n parsed,\n );\n }\n return parsed?.data as T;\n }\n\n async uploadFile(url: string, body: BodyInit, contentType: string): Promise<void> {\n const res = await fetch(url, {\n method: 'PUT',\n headers: {\n ...(await this.authHeaders()),\n 'Content-Type': contentType,\n },\n body,\n });\n if (!res.ok) {\n throw new ApiError(res.status, `Upload failed: HTTP ${res.status}`);\n }\n }\n}\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const databasesCommand = new Command('databases')\n .description('Manage databases');\n\ndatabasesCommand.command('list')\n .description('List all databases')\n .option('--tag <tag>', 'Filter by tag')\n .action(async function (this: Command, opts: { tag?: string }) {\n const client = new ApiClient();\n const qs = opts.tag ? `?tag=${encodeURIComponent(opts.tag)}` : '';\n const data = await client.request('GET', `/v1/databases${qs}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('get <id>')\n .description('Get a database')\n .action(async function (this: Command, id: string) {\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/databases/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('create <id>')\n .description('Create a database')\n .requiredOption('--name <name>', 'Database name')\n .option('--description <desc>', 'Description')\n .option('--tags <tags>', 'Comma-separated tags (e.g., client:acme,billing)')\n .action(async function (this: Command, id: string, opts: { name: string; description?: string; tags?: string }) {\n const client = new ApiClient();\n const body: Record<string, unknown> = {\n name: opts.name,\n description: opts.description,\n };\n if (opts.tags) {\n body['tags'] = opts.tags.split(',').map(t => t.trim());\n }\n const data = await client.request('PUT', `/v1/databases/${id}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('tag <id>')\n .description('Set tags on a database')\n .requiredOption('--tags <tags>', 'Comma-separated tags (e.g., client:acme,billing)')\n .action(async function (this: Command, id: string, opts: { tags: string }) {\n const client = new ApiClient();\n const data = await client.request('PUT', `/v1/databases/${id}`, {\n tags: opts.tags.split(',').map(t => t.trim()),\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('delete <id>')\n .description('Delete a database')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async (id: string, opts: { yes?: boolean }) => {\n if (!opts.yes && !(await confirm(`Delete database \"${id}\"? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const client = new ApiClient();\n await client.request('DELETE', `/v1/databases/${id}`);\n console.log('Deleted');\n });\n\n// --- Environment commands ---\n\ndatabasesCommand.command('create-preview <production-id>')\n .description('Create a preview database linked to a production database')\n .requiredOption('--name <name>', 'Preview database name')\n .option('--description <desc>', 'Description')\n .action(async function (this: Command, productionId: string, opts: { name: string; description?: string }) {\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${productionId}/preview`, {\n name: opts.name,\n description: opts.description,\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('list-previews <production-id>')\n .description('List preview databases for a production database')\n .action(async function (this: Command, productionId: string) {\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${productionId}/previews`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('promote <production-id>')\n .description('Promote config from a preview database to production (human-only)')\n .requiredOption('--from <preview-id>', 'Source preview database ID')\n .option('--dry-run', 'Show what would change without applying')\n .option('--collections <ids>', 'Comma-separated collection IDs to promote', (v: string) => v.split(','))\n .option('--triggers <ids>', 'Comma-separated trigger IDs to promote', (v: string) => v.split(','))\n .option('--hooks <ids>', 'Comma-separated hook IDs to promote', (v: string) => v.split(','))\n .action(async function (\n this: Command,\n productionId: string,\n opts: { from: string; dryRun?: boolean; collections?: string[]; triggers?: string[]; hooks?: string[] },\n ) {\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${productionId}/promote`, {\n source_database_id: opts.from,\n dry_run: opts.dryRun ?? false,\n collections: opts.collections,\n triggers: opts.triggers,\n hooks: opts.hooks,\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('rollback <production-id>')\n .description('Rollback a promotion (human-only)')\n .requiredOption('--promotion <promotion-id>', 'Promotion ID to rollback')\n .action(async function (this: Command, productionId: string, opts: { promotion: string }) {\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${productionId}/promote/rollback`, {\n promotion_id: opts.promotion,\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('promotions <production-id>')\n .description('List promotion history for a production database')\n .action(async function (this: Command, productionId: string) {\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${productionId}/promotions`);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import chalk from 'chalk';\nimport Table from 'cli-table3';\n\nexport type OutputFormat = 'json' | 'table';\n\nexport function formatOutput(data: unknown, format: OutputFormat): string {\n if (format === 'json') {\n return JSON.stringify(data, null, 2);\n }\n\n if (Array.isArray(data)) {\n return formatTable(data as Record<string, unknown>[]);\n }\n\n if (typeof data === 'object' && data !== null) {\n return formatKeyValue(data as Record<string, unknown>);\n }\n\n return String(data);\n}\n\nfunction formatTable(rows: Record<string, unknown>[]): string {\n if (rows.length === 0) return chalk.dim('No results');\n\n const keys = Object.keys(rows[0]!);\n const table = new Table({ head: keys.map(k => chalk.bold(k)) });\n\n for (const row of rows) {\n table.push(keys.map(k => {\n const val = row[k];\n if (val === null || val === undefined) return '';\n if (typeof val === 'object') return JSON.stringify(val);\n return String(val);\n }));\n }\n\n return table.toString();\n}\n\nfunction formatKeyValue(obj: Record<string, unknown>): string {\n const table = new Table();\n for (const [key, value] of Object.entries(obj)) {\n const displayValue = typeof value === 'object' ? JSON.stringify(value) : String(value ?? '');\n table.push({ [chalk.bold(key)]: displayValue });\n }\n return table.toString();\n}\n","import { readFileSync } from 'fs';\nimport { Command } from 'commander';\nimport { type OutputFormat } from './output.js';\n\nexport function parseData(data: string): Record<string, unknown> {\n if (data.startsWith('@')) {\n const content = readFileSync(data.slice(1), 'utf-8');\n return JSON.parse(content) as Record<string, unknown>;\n }\n return JSON.parse(data) as Record<string, unknown>;\n}\n\nexport function getDatabase(cmd: Command): string {\n // Walk up the command chain to find --database on the root program\n let current: Command | null = cmd;\n while (current) {\n const ws = current.opts().database as string | undefined;\n if (ws) return ws;\n current = current.parent;\n }\n console.error('Error: --database is required');\n return process.exit(1);\n}\n\nexport function getFormat(cmd: Command): OutputFormat {\n // The global --output / --json flags live only on the root program. Commander\n // routes them to the root regardless of nesting depth or whether they appear\n // before or after the subcommand, so we resolve from the root rather than a\n // fixed parent.parent walk (which missed the root on 4-level commands like\n // `debug report list`). Reading the root also avoids picking up a subcommand's\n // own same-named --output (e.g. `providers export --output <file>`).\n let root: Command = cmd;\n while (root.parent) root = root.parent;\n const opts = root.opts();\n // Compare against 'json' rather than casting opts.output through, so an\n // unrecognized --output value falls back to 'table' instead of a bogus format.\n return opts.json || opts.output === 'json' ? 'json' : 'table';\n}\n","import * as readline from 'node:readline';\nimport { isInteractive } from './env.js';\n\n/**\n * Yes/no confirmation. When stdin/stdout aren't a TTY (pipes, CI) it resolves to `true`\n * immediately so non-interactive callers keep their existing non-blocking behavior — guard\n * destructive paths with an explicit `--yes` flag, not this prompt, for scripts.\n */\nexport function confirm(question: string, opts: { defaultYes?: boolean } = {}): Promise<boolean> {\n if (!isInteractive()) return Promise.resolve(true);\n\n const suffix = opts.defaultYes ? '[Y/n]' : '[y/N]';\n const rl = readline.createInterface({ input: process.stdin, output: process.stdout });\n return new Promise((resolve) => {\n rl.question(`${question} ${suffix}: `, (answer) => {\n rl.close();\n const a = answer.trim().toLowerCase();\n if (a === '') return resolve(Boolean(opts.defaultYes));\n resolve(a === 'y' || a === 'yes');\n });\n });\n}\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const collectionsCommand = new Command('collections')\n .description('Manage collections');\n\ncollectionsCommand.command('list')\n .description('List all collections in a database')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/collections`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ncollectionsCommand.command('get <id>')\n .description('Get a collection')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/collections/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ncollectionsCommand.command('upsert <id>')\n .description('Create or update a collection')\n .requiredOption('--name <name>', 'Collection name')\n .option('--description <desc>', 'Description')\n .option('--schema <json>', 'JSON Schema (inline JSON or @filename)')\n .option('--icon <icon>', 'Icon name')\n .option('--color <color>', 'Hex color')\n .option('--sources <json>', 'External sources config (inline JSON or @filename)')\n .action(async function (this: Command, id: string, opts: { name: string; description?: string; schema?: string; icon?: string; color?: string; sources?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const body: Record<string, unknown> = { name: opts.name };\n if (opts.description) body['description'] = opts.description;\n if (opts.schema) body['json_schema'] = parseData(opts.schema);\n if (opts.icon) body['icon'] = opts.icon;\n if (opts.color) body['color'] = opts.color;\n if (opts.sources) body['sources'] = parseData(opts.sources);\n const data = await client.request('PUT', `/v1/${ws}/collections/${id}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ncollectionsCommand.command('delete <id>')\n .description('Delete a collection')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete collection \"${id}\"? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/collections/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const documentsCommand = new Command('documents')\n .description('Manage documents');\n\ndocumentsCommand.command('upsert <collection>')\n .description('Create or update a document')\n .requiredOption('--data <json>', 'Record data (inline JSON or @filename)')\n .option('--id <id>', 'Internal document ID (UUID) to update a known document')\n .option('--external-id <id>', 'External/agent-supplied ID for idempotent upsert')\n .option('--external-source <source>', 'Source system for external_id (e.g. stripe)')\n .action(async function (this: Command, collection: string, opts: { data: string; id?: string; externalId?: string; externalSource?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const body: Record<string, unknown> = { data: parseData(opts.data) };\n if (opts.externalId) body['external_id'] = opts.externalId;\n if (opts.externalSource) body['external_source'] = opts.externalSource;\n const path = opts.id\n ? `/v1/${ws}/documents/${collection}/${opts.id}`\n : `/v1/${ws}/documents/${collection}`;\n const data = await client.request('PUT', path, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndocumentsCommand.command('get <collection> <id>')\n .description('Get a document by ID')\n .action(async function (this: Command, collection: string, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/documents/${collection}/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndocumentsCommand.command('delete <collection> <id>')\n .description('Delete a document')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, collection: string, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete document ${collection}/${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/documents/${collection}/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { readFileSync } from 'fs';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\n\nexport const sqlCommand = new Command('sql')\n .description('Execute a read-only SQL query against database data')\n .argument('[query]', 'SQL query (SELECT only)')\n .option('--file <path>', 'Read SQL from a file instead of argument')\n .option('--param <kv...>', 'Named parameters as key=value pairs (e.g., --param status=issued)')\n .action(async function (this: Command, queryArg: string | undefined, opts: { file?: string; param?: string[] }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n\n let query: string;\n if (opts.file) {\n query = readFileSync(opts.file, 'utf-8').trim();\n } else if (queryArg) {\n query = queryArg;\n } else {\n console.error('Error: provide a SQL query as argument or via --file');\n process.exit(1);\n }\n\n const params: Record<string, unknown> = {};\n if (opts.param) {\n for (const kv of opts.param) {\n const eqIdx = kv.indexOf('=');\n if (eqIdx === -1) {\n console.error(`Error: invalid param format \"${kv}\", expected key=value`);\n process.exit(1);\n }\n params[kv.slice(0, eqIdx)] = kv.slice(eqIdx + 1);\n }\n }\n\n const body: Record<string, unknown> = { query };\n if (Object.keys(params).length > 0) body.params = params;\n\n const data = await client.request('POST', `/v1/${ws}/sql`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const relationshipsCommand = new Command('relationships')\n .description('Manage relationships between documents');\n\nrelationshipsCommand.command('upsert')\n .description('Create or update a relationship')\n .requiredOption('--source <collection/id>', 'Source document (collection/id)')\n .requiredOption('--target <collection/id>', 'Target document (collection/id)')\n .requiredOption('--type <type>', 'Relationship type')\n .option('--id <id>', 'Relationship ID')\n .option('--data <json>', 'Relationship metadata (inline JSON or @filename)')\n .action(async function (this: Command, opts: { source: string; target: string; type: string; id?: string; data?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const [sourceCollection, sourceId] = opts.source.split('/');\n const [targetCollection, targetId] = opts.target.split('/');\n const body: Record<string, unknown> = {\n rel_type: opts.type,\n source_collection: sourceCollection,\n source_id: sourceId,\n target_collection: targetCollection,\n target_id: targetId,\n };\n if (opts.id) body['id'] = opts.id;\n if (opts.data) body['data'] = parseData(opts.data);\n const path = opts.id ? `/v1/${ws}/relationships/${opts.id}` : `/v1/${ws}/relationships`;\n const data = await client.request('PUT', path, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nrelationshipsCommand.command('get <id>')\n .description('Get a relationship by ID')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/relationships/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nrelationshipsCommand.command('delete <id>')\n .description('Delete a relationship')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete relationship ${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/relationships/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\n\nexport const queryRelationshipsCommand = new Command('query-relationships')\n .description('Query related documents')\n .argument('<collection>', 'Collection of the source document')\n .argument('<id>', 'Source document ID')\n .option('--type <type>', 'Filter by relationship type')\n .option('--direction <dir>', 'Direction: outgoing, incoming, or both', 'both')\n .option('--limit <n>', 'Max results', '50')\n .option('--offset <n>', 'Skip results', '0')\n .action(async function (this: Command, collection: string, id: string, opts: { type?: string; direction: string; limit: string; offset: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const params = new URLSearchParams();\n if (opts.type) params.set('rel_type', opts.type);\n // Map user-friendly direction names to backend API terms\n const directionMap: Record<string, string> = { outgoing: 'source', incoming: 'target', both: 'both' };\n params.set('direction', directionMap[opts.direction] ?? opts.direction);\n params.set('limit', opts.limit);\n params.set('offset', opts.offset);\n const data = await client.request('GET', `/v1/${ws}/documents/${collection}/${id}/related?${params.toString()}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { readFileSync } from 'node:fs';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const attachmentsCommand = new Command('attachments')\n .description('Manage document attachments');\n\nattachmentsCommand.command('upload <collection> <id>')\n .description('Get a presigned upload URL for a document attachment. With --file, uploads the file content in one step.')\n .requiredOption('--filename <name>', 'File name or path (e.g. docs/guide.md)')\n .option('--content-type <type>', 'MIME type', 'application/octet-stream')\n .option('--file <path>', 'Local file to upload (skips presigned URL output, uploads directly)')\n .action(async function (this: Command, collection: string, id: string, opts: { filename: string; contentType: string; file?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${ws}/documents/${collection}/${id}/attachments`, {\n filename: opts.filename,\n content_type: opts.contentType,\n }) as { upload_url: string; [key: string]: unknown };\n\n if (opts.file) {\n const body = readFileSync(opts.file);\n const uploadUrl = data.upload_url.startsWith('http') ? data.upload_url : `${client.baseUrl}${data.upload_url}`;\n await client.uploadFile(uploadUrl, body, opts.contentType);\n console.log(formatOutput({ ...data, uploaded: true }, getFormat(this)));\n } else {\n console.log(formatOutput(data, getFormat(this)));\n }\n });\n\nattachmentsCommand.command('url <collection> <id>')\n .description('Get a download URL for an attachment by filename')\n .requiredOption('--filename <name>', 'File name or path (e.g. docs/guide.md)')\n .action(async function (this: Command, collection: string, id: string, opts: { filename: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const attachments = await client.request<Array<{ key: string; size: number; uploaded: string }>>('GET', `/v1/${ws}/documents/${collection}/${id}/attachments`);\n const match = attachments.find(a => a.key.endsWith(`/${opts.filename}`));\n if (!match) {\n throw new Error(`Attachment \"${opts.filename}\" not found`);\n }\n const downloadUrl = `${client.baseUrl}/v1/${ws}/attachments/${match.key}`;\n console.log(formatOutput({ download_url: downloadUrl, ...match }, getFormat(this)));\n });\n\nattachmentsCommand.command('list <collection> <id>')\n .description('List attachments for a document')\n .option('--prefix <path>', 'Filter by path prefix (e.g. docs/)')\n .action(async function (this: Command, collection: string, id: string, opts: { prefix?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const query = opts.prefix ? `?prefix=${encodeURIComponent(opts.prefix)}` : '';\n const data = await client.request('GET', `/v1/${ws}/documents/${collection}/${id}/attachments${query}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nattachmentsCommand.command('delete <collection> <id> <attachment-id>')\n .description('Delete an attachment')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, collection: string, id: string, attachmentId: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete attachment ${attachmentId} on ${collection}/${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/documents/${collection}/${id}/attachments/${attachmentId}`);\n console.log('Deleted');\n });\n","import { randomUUID } from 'crypto';\nimport { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const hooksCommand = new Command('hooks')\n .description('Manage inbound webhook endpoints');\n\nhooksCommand.command('create')\n .description('Create a new inbound hook')\n .requiredOption('--name <name>', 'Hook name')\n .requiredOption('--secret <secret>', 'HMAC shared secret')\n .option('--id <id>', 'Hook ID (auto-generated if omitted)')\n .option('--collection-scope <collections>', 'Comma-separated collection scope')\n .action(async function (this: Command, opts: { name: string; secret: string; id?: string; collectionScope?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const hookId = opts.id ?? randomUUID();\n const body: Record<string, unknown> = {\n name: opts.name,\n secret: opts.secret,\n enabled: true,\n };\n if (opts.collectionScope) {\n body['collection_scope'] = opts.collectionScope.split(',');\n }\n const data = await client.request('PUT', `/v1/${ws}/hooks/${hookId}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nhooksCommand.command('get <id>')\n .description('Get a hook')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/hooks/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nhooksCommand.command('list')\n .description('List all hooks')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/hooks`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nhooksCommand.command('delete <id>')\n .description('Delete a hook')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete hook ${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/hooks/${id}`);\n console.log('Deleted');\n });\n","import { randomUUID } from 'crypto';\nimport { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const triggersCommand = new Command('triggers')\n .description('Manage outbound triggers');\n\ntriggersCommand.command('create')\n .description('Create an outbound trigger')\n .requiredOption('--name <name>', 'Trigger name')\n .requiredOption('--url <url>', 'Target URL')\n .requiredOption('--secret <secret>', 'HMAC signing secret')\n .requiredOption('--events <events>', 'Comma-separated event types')\n .option('--id <id>', 'Trigger ID (auto-generated if omitted)')\n .option('--collection-scope <collections>', 'Comma-separated collection scope')\n .option('--filter <json>', 'Filter expression (JSON)')\n .action(async function (this: Command, opts: { name: string; url: string; secret: string; events: string; id?: string; collectionScope?: string; filter?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const triggerId = opts.id ?? randomUUID();\n const body: Record<string, unknown> = {\n name: opts.name,\n url: opts.url,\n secret: opts.secret,\n events: opts.events.split(','),\n enabled: true,\n };\n if (opts.collectionScope) {\n body['collection_scope'] = opts.collectionScope.split(',');\n }\n if (opts.filter) {\n body['filter'] = JSON.parse(opts.filter);\n }\n const data = await client.request('PUT', `/v1/${ws}/triggers/${triggerId}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntriggersCommand.command('get <id>')\n .description('Get a trigger')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/triggers/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntriggersCommand.command('list')\n .description('List all triggers')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/triggers`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntriggersCommand.command('deliveries')\n .description('List trigger delivery attempts (status, retries, errors)')\n .option('--status <status>', 'Filter by status (pending | delivered | failed | dead)')\n .option('--trigger-id <id>', 'Filter by trigger id')\n .action(async function (this: Command, opts: { status?: string; triggerId?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const params = new URLSearchParams();\n if (opts.status) params.set('status', opts.status);\n if (opts.triggerId) params.set('trigger_id', opts.triggerId);\n const qs = params.toString();\n const data = await client.request('GET', `/v1/${ws}/triggers/deliveries${qs ? `?${qs}` : ''}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntriggersCommand.command('delete <id>')\n .description('Delete a trigger')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete trigger ${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/triggers/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const endpointsCommand = new Command('endpoints')\n .description('Manage MCP Factory endpoints');\n\nendpointsCommand.command('upsert <slug>')\n .description('Create or update an MCP endpoint')\n .option('--name <name>', 'Endpoint display name (required unless using --config)')\n .option('--description <desc>', 'Endpoint description')\n .option('--tool <spec>', 'Collection tool spec: collection:op1,op2 (repeatable)', collect, [])\n .option('--relationship <spec>', 'Relationship tool spec: rel_type:op1,op2 (repeatable)', collect, [])\n .option('--batch <spec>', 'Batch operation spec: collection_or_rel:op1,op2 (repeatable)', collect, [])\n .option('--sql-query', 'Enable sql_query tool')\n .option('--config <json>', 'Full endpoint config as JSON (supports name_override, description_override per tool). Use @file.json to read from file.')\n .action(async function (this: Command, slug: string, opts: {\n name?: string;\n description?: string;\n tool: string[];\n relationship: string[];\n batch: string[];\n sqlQuery?: boolean;\n config?: string;\n }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n\n let body: Record<string, unknown>;\n\n if (opts.config) {\n // Full JSON config — supports name_override, description_override per tool\n body = JSON.parse(opts.config);\n } else {\n if (!opts.name) {\n throw new Error('--name is required (or use --config for full JSON config)');\n }\n body = {\n name: opts.name,\n tools: opts.tool.map(parseToolSpec),\n };\n\n if (opts.description) body.description = opts.description;\n\n if (opts.relationship.length > 0) {\n body.relationships = opts.relationship.map(parseRelSpec);\n }\n\n if (opts.batch.length > 0) {\n const operations: Record<string, string[]> = {};\n for (const spec of opts.batch) {\n const parsed = parseSpec(spec);\n operations[parsed.key] = parsed.ops;\n }\n body.batch = { enabled: true, operations };\n }\n\n if (opts.sqlQuery) body.sql_query = true;\n }\n\n const data = await client.request('PUT', `/v1/${ws}/endpoints/${slug}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nendpointsCommand.command('get <slug>')\n .description('Get an endpoint')\n .option('--resolved', 'Include resolved collection schemas')\n .action(async function (this: Command, slug: string, opts: { resolved?: boolean }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const path = opts.resolved\n ? `/v1/${ws}/endpoints/${slug}/resolved`\n : `/v1/${ws}/endpoints/${slug}`;\n const data = await client.request('GET', path);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nendpointsCommand.command('list')\n .description('List all endpoints')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/endpoints`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nendpointsCommand.command('delete <slug>')\n .description('Delete an endpoint')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, slug: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete endpoint \"${slug}\"? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/endpoints/${slug}`);\n console.log('Deleted');\n });\n\nendpointsCommand.command('url <slug>')\n .description('Get the MCP connection URL for an endpoint')\n .option('--transport <type>', 'Transport: mcp or sse', 'mcp')\n .action((_slug: string, opts: { transport: string }) => {\n const transport = opts.transport === 'sse' ? 'sse' : 'mcp';\n console.log(`https://mcp.rekor.pro/e/${_slug}/${transport}`);\n });\n\n// ---- Helpers ----\n\nfunction collect(value: string, previous: string[]): string[] {\n return [...previous, value];\n}\n\nfunction parseSpec(spec: string): { key: string; ops: string[] } {\n const [key, opsStr] = spec.split(':');\n if (!key || !opsStr) {\n throw new Error(`Invalid spec '${spec}'. Expected format: name:op1,op2`);\n }\n return { key, ops: opsStr.split(',') };\n}\n\nfunction parseToolSpec(spec: string): Record<string, unknown> {\n const { key, ops } = parseSpec(spec);\n return { collection: key, operations: ops };\n}\n\nfunction parseRelSpec(spec: string): Record<string, unknown> {\n const { key, ops } = parseSpec(spec);\n return { rel_type: key, operations: ops };\n}\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\n\nexport const batchCommand = new Command('batch')\n .description('Execute atomic batch operations (up to 1,000 operations)')\n .requiredOption('--operations <json>', 'Operations array (inline JSON or @filename)')\n .action(async function (this: Command, opts: { operations: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const operations = parseData(opts.operations);\n const data = await client.request('POST', `/v1/${ws}/batch`, {\n operations: Array.isArray(operations) ? operations : [operations],\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\nconst VALID_PROVIDERS = 'openai, anthropic, google, mcp';\n\nexport const providersCommand = new Command('providers')\n .description('Import/export tool definitions between LLM providers and Record collections');\n\nprovidersCommand.command('import <provider>')\n .description(`Import tool definitions as collections. Providers: ${VALID_PROVIDERS}`)\n .requiredOption('--tools <json>', 'Tool definitions (inline JSON or @filename)')\n .action(async function (this: Command, provider: string, opts: { tools: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const tools = parseData(opts.tools);\n const data = await client.request('POST', `/v1/${ws}/providers/${provider}/import`, {\n tools: Array.isArray(tools) ? tools : [tools],\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\nprovidersCommand.command('export <provider>')\n .description(`Export collections as tool definitions. Providers: ${VALID_PROVIDERS}`)\n .option('--collections <ids>', 'Comma-separated collection IDs (omit for all)')\n .option('--output <file>', 'Write output to file')\n .action(async function (this: Command, provider: string, opts: { collections?: string; output?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const query = opts.collections ? `?collections=${opts.collections}` : '';\n const data = await client.request('GET', `/v1/${ws}/providers/${provider}/export${query}`);\n\n if (opts.output) {\n const { writeFileSync } = await import('fs');\n writeFileSync(opts.output, JSON.stringify(data, null, 2));\n console.log(`Written to ${opts.output}`);\n } else {\n console.log(formatOutput(data, getFormat(this)));\n }\n });\n\nprovidersCommand.command('import-call <provider> <collection>')\n .description(`Create a document from a tool call in provider format. Providers: ${VALID_PROVIDERS}`)\n .requiredOption('--data <json>', 'Tool call data in provider format (inline JSON or @filename)')\n .option('--external-id <id>', 'External ID for idempotent upsert')\n .option('--external-source <source>', 'External source identifier')\n .action(async function (this: Command, provider: string, collection: string, opts: { data: string; externalId?: string; externalSource?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const callData = parseData(opts.data);\n const queryParts: string[] = [];\n if (opts.externalId) queryParts.push(`external_id=${encodeURIComponent(opts.externalId)}`);\n if (opts.externalSource) queryParts.push(`external_source=${encodeURIComponent(opts.externalSource)}`);\n const qs = queryParts.length ? `?${queryParts.join('&')}` : '';\n const data = await client.request('POST', `/v1/${ws}/providers/${provider}/documents/${collection}${qs}`, callData);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getFormat } from '../helpers.js';\n\nexport const tokensCommand = new Command('tokens')\n .description('Manage API tokens');\n\ntokensCommand.command('create')\n .description('Create a scoped API token')\n .requiredOption('--name <name>', 'Token name')\n .requiredOption('--grants <json>', 'Grant definitions as JSON array')\n .option('--expires-at <date>', 'Expiration date (ISO 8601, e.g., 2026-06-01T00:00:00Z)')\n .action(async function (this: Command, opts: { name: string; grants: string; expiresAt?: string }) {\n const client = new ApiClient();\n let grants: unknown;\n try {\n grants = JSON.parse(opts.grants);\n } catch {\n throw new Error('--grants must be valid JSON');\n }\n const body: Record<string, unknown> = { name: opts.name, grants };\n if (opts.expiresAt) body.expires_at = opts.expiresAt;\n const data = await client.request('POST', '/v1/tokens', body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntokensCommand.command('list')\n .description('List API tokens')\n .action(async function (this: Command) {\n const client = new ApiClient();\n const data = await client.request('GET', '/v1/tokens');\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntokensCommand.command('revoke <token_id>')\n .description('Revoke an API token')\n .action(async function (this: Command, tokenId: string) {\n const client = new ApiClient();\n await client.request('DELETE', `/v1/tokens/${tokenId}`);\n console.log('Token revoked');\n });\n","import { Command } from 'commander';\nimport { readFileSync } from 'node:fs';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\n/**\n * Resolve a secret value from exactly one of `--value` (a plain string) or `--file` (the file's bytes,\n * base64-encoded — for certificates, keystores, or service-account JSON). Throws if neither or both given.\n */\nfunction resolveValue(opts: { value?: string; file?: string }): string {\n if ((opts.value === undefined) === (opts.file === undefined)) {\n throw new Error('provide exactly one of --value or --file');\n }\n if (opts.file !== undefined) return readFileSync(opts.file).toString('base64');\n return opts.value!;\n}\n\nexport const secretsCommand = new Command('secrets')\n .description('Manage organization vault secrets');\n\nsecretsCommand.command('create')\n .description('Store a vault secret (a string value, or a file via --file as base64)')\n .requiredOption('--name <name>', 'Secret name')\n .option('--value <value>', 'Secret value (plain string)')\n .option('--file <path>', 'Read the value from a file and base64-encode it (certificates, keystores, SA JSON)')\n .option('--content-type <mime>', 'MIME type of the value (e.g. application/x-pkcs12)')\n .option('--expires-at <date>', 'Expiry as ISO-8601 (e.g. 2027-01-01T00:00:00Z) — surfaced by `list --expiring`')\n .option('--tags <tags>', 'Comma-separated tags')\n .action(async function (this: Command, opts: { name: string; value?: string; file?: string; contentType?: string; expiresAt?: string; tags?: string }) {\n const client = new ApiClient();\n const body: Record<string, unknown> = { name: opts.name, value: resolveValue(opts) };\n if (opts.contentType) body.content_type = opts.contentType;\n if (opts.expiresAt) body.expires_at = opts.expiresAt;\n if (opts.tags) body.tags = opts.tags.split(',').map((t) => t.trim()).filter(Boolean);\n const data = await client.request('POST', '/v1/vault/secrets', body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nsecretsCommand.command('list')\n .description('List vault secrets (values masked)')\n .option('--expiring', 'Only secrets expiring within --days (default 30)')\n .option('--days <n>', 'Window for --expiring, in days', '30')\n .action(async function (this: Command, opts: { expiring?: boolean; days: string }) {\n const client = new ApiClient();\n const path = opts.expiring ? `/v1/vault/secrets?expiring_within_days=${encodeURIComponent(opts.days)}` : '/v1/vault/secrets';\n const data = await client.request('GET', path);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nsecretsCommand.command('get <id>')\n .description('Get vault secret metadata (value masked)')\n .action(async function (this: Command, id: string) {\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/vault/secrets/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nsecretsCommand.command('rotate <id>')\n .description('Rotate a secret by installing a new caller-supplied value (from --value or --file)')\n .option('--value <value>', 'New secret value (plain string)')\n .option('--file <path>', 'Read the new value from a file and base64-encode it')\n .option('--expires-at <date>', \"Set the rotated credential's new expiry (ISO-8601)\")\n .action(async function (this: Command, id: string, opts: { value?: string; file?: string; expiresAt?: string }) {\n const client = new ApiClient();\n const body: Record<string, unknown> = { value: resolveValue(opts) };\n if (opts.expiresAt) body.expires_at = opts.expiresAt;\n const data = await client.request('POST', `/v1/vault/secrets/${id}/rotate`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nsecretsCommand.command('delete <id>')\n .description('Delete a vault secret')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete vault secret ${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const client = new ApiClient();\n await client.request('DELETE', `/v1/vault/secrets/${id}`);\n console.log('Secret deleted');\n });\n","// Platform-admin debug commands. Backed by /admin/debug/* on the backend,\n// which requires the `platform:admin` permission (granted to JWT auth when\n// the WorkOS email is in PLATFORM_ADMIN_EMAILS). All reads are audit-logged\n// and rate-limited to 60/hour per user.\n\nimport { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getFormat } from '../helpers.js';\n\nexport const debugCommand = new Command('debug')\n .description('Platform-admin debug commands (requires platform:admin grant)');\n\n// --- do ---\n\nconst doCommand = debugCommand.command('do').description('Inspect live database storage state');\n\ndoCommand.command('tables <type> <id>')\n .description('List internal tables and row counts. Types: database | org | user')\n .action(async function (this: Command, type: string, id: string) {\n const client = new ApiClient();\n const data = await client.request<{ type: string; id: string; tables: { name: string; row_count: number }[] }>(\n 'GET',\n `/admin/debug/do/${encodeURIComponent(type)}/${encodeURIComponent(id)}/tables`,\n );\n console.log(formatOutput(data.tables, getFormat(this)));\n });\n\ndoCommand.command('read <type> <id> <table>')\n .description('Read rows from an internal table (sensitive columns redacted)')\n .option('--limit <n>', 'Max rows (default 20, cap 100)', (v: string) => Number(v))\n .option('--row-id <value>', 'Filter to a single row by its id column')\n .action(async function (\n this: Command,\n type: string,\n id: string,\n table: string,\n opts: { limit?: number; rowId?: string },\n ) {\n const client = new ApiClient();\n const params = new URLSearchParams({ table });\n if (opts.limit !== undefined) params.set('limit', String(opts.limit));\n if (opts.rowId !== undefined) params.set('row_id', opts.rowId);\n\n const data = await client.request<{\n table: string;\n columns: string[];\n rows: unknown[][];\n truncated: boolean;\n }>(\n 'GET',\n `/admin/debug/do/${encodeURIComponent(type)}/${encodeURIComponent(id)}/read?${params}`,\n );\n\n const format = getFormat(this);\n if (format === 'json') {\n console.log(JSON.stringify(data, null, 2));\n return;\n }\n // Reshape columns/rows into row objects for table display.\n const objs = data.rows.map(r => Object.fromEntries(data.columns.map((c, i) => [c, r[i]])));\n console.log(formatOutput(objs, format));\n if (data.truncated) console.log('(truncated — pass --limit to see more)');\n });\n\n// --- report (platform_report triage queue) ---\n\nconst reportCommand = debugCommand\n .command('report')\n .description('Inspect and triage the platform_report queue (Sentry + CLI bug reports)');\n\ninterface PlatformReportRow {\n report_id: string;\n source: 'sentry' | 'cli_report' | 'review' | 'security_audit';\n classification: 'bug' | 'flaky_test' | 'security' | null;\n status: 'pending' | 'grouped' | 'escalated' | 'addressed' | 'dismissed';\n fingerprint: string;\n gh_issue_url: string | null;\n reporter_email: string | null;\n created_at: string;\n}\n\nreportCommand.command('list')\n .description('List reports with optional filters')\n .option('--status <s>', 'pending | grouped | escalated | addressed | dismissed')\n .option('--source <s>', 'sentry | cli_report | review | security_audit')\n .option('--classification <c>', 'bug | flaky_test | security')\n .option('--limit <n>', 'Max rows (default 50, cap 200)', (v: string) => Number(v))\n .option('--offset <n>', 'Offset for pagination', (v: string) => Number(v))\n .option('--since <iso>', 'Lower bound on created_at (ISO timestamp)')\n .action(async function (\n this: Command,\n opts: { status?: string; source?: string; classification?: string; limit?: number; offset?: number; since?: string },\n ) {\n const client = new ApiClient();\n const params = new URLSearchParams();\n if (opts.status) params.set('status', opts.status);\n if (opts.source) params.set('source', opts.source);\n if (opts.classification) params.set('classification', opts.classification);\n if (opts.limit !== undefined) params.set('limit', String(opts.limit));\n if (opts.offset !== undefined) params.set('offset', String(opts.offset));\n if (opts.since) params.set('since', opts.since);\n const qs = params.toString() ? `?${params}` : '';\n\n const data = await client.request<{ rows: PlatformReportRow[]; total: number }>(\n 'GET',\n `/admin/reports${qs}`,\n );\n\n const format = getFormat(this);\n if (format === 'json') {\n console.log(JSON.stringify(data, null, 2));\n return;\n }\n console.log(formatOutput(data.rows, format));\n console.log(`(${data.rows.length} of ${data.total})`);\n });\n\nreportCommand.command('show <id>')\n .description('Show a single report with its group members')\n .action(async function (this: Command, id: string) {\n const client = new ApiClient();\n const data = await client.request<{ report: PlatformReportRow; members: PlatformReportRow[] }>(\n 'GET',\n `/admin/reports/${encodeURIComponent(id)}`,\n );\n console.log(JSON.stringify(data, null, 2));\n });\n\n// Local copy: the CLI is a separate package and can't import backend internals\n// (mirrors the local PlatformReportRow above).\ninterface GroupReportSkip {\n report_id: string;\n reason: 'not_found' | 'terminal' | 'grouped_elsewhere' | 'different_gh_issue';\n detail?: string;\n}\n\nfunction describeGroupSkip(s: GroupReportSkip): string {\n switch (s.reason) {\n case 'not_found':\n return 'not found';\n case 'terminal':\n return `terminal (${s.detail ?? 'resolved'})`;\n case 'grouped_elsewhere':\n return `already grouped under ${s.detail ?? 'another canonical'}`;\n case 'different_gh_issue':\n return `tracks a different GitHub issue (${s.detail ?? 'unknown'})`;\n default: {\n // Compile-time exhaustiveness: a new skip reason must be handled here.\n const _exhaustive: never = s.reason;\n return _exhaustive;\n }\n }\n}\n\nreportCommand.command('group <canonical_id> <member_ids...>')\n .description('Fold member_ids under canonical_id (members must be pending or escalated)')\n .action(async function (this: Command, canonicalId: string, memberIds: string[]) {\n const client = new ApiClient();\n const data = await client.request<{ grouped: number; skipped: GroupReportSkip[] }>(\n 'POST',\n `/admin/reports/${encodeURIComponent(canonicalId)}/group`,\n { member_ids: memberIds },\n );\n console.log(`Grouped ${data.grouped} member(s) under ${canonicalId}`);\n for (const s of data.skipped ?? []) {\n console.log(` skipped ${s.report_id} — ${describeGroupSkip(s)}`);\n }\n });\n\nreportCommand.command('ungroup <member_id>')\n .description('Detach a grouped member back to pending (inverse of group)')\n .action(async function (this: Command, memberId: string) {\n const client = new ApiClient();\n const data = await client.request<{ report: PlatformReportRow }>(\n 'POST',\n `/admin/reports/${encodeURIComponent(memberId)}/ungroup`,\n );\n console.log(`Detached ${data.report.report_id} → ${data.report.status}`);\n });\n\nreportCommand.command('escalate <id>')\n .description('Mark a pending report as escalated and link a GitHub issue')\n .requiredOption('--gh <url>', 'GitHub issue URL the triage routine opened')\n .option('--verdict <text>', 'AI verdict / triage rationale')\n .action(async function (this: Command, id: string, opts: { gh: string; verdict?: string }) {\n const client = new ApiClient();\n const body: Record<string, unknown> = { target: 'escalated', gh_issue_url: opts.gh };\n if (opts.verdict) body['ai_verdict'] = opts.verdict;\n const data = await client.request<{ report: PlatformReportRow; cascaded_report_ids: string[] }>(\n 'PATCH',\n `/admin/reports/${encodeURIComponent(id)}/transition`,\n body,\n );\n console.log(`Escalated ${data.report.report_id} → ${opts.gh}`);\n });\n\nreportCommand.command('addressed <id>')\n .description('Mark an escalated report as addressed (fix shipped)')\n .action(async function (this: Command, id: string) {\n const client = new ApiClient();\n const data = await client.request<{ report: PlatformReportRow; cascaded_report_ids: string[] }>(\n 'PATCH',\n `/admin/reports/${encodeURIComponent(id)}/transition`,\n { target: 'addressed' },\n );\n console.log(`Addressed ${data.report.report_id} (cascaded to ${data.cascaded_report_ids.length} group member(s))`);\n });\n\nreportCommand.command('dismiss <id>')\n .description('Mark a report as dismissed (not actionable)')\n .requiredOption('--reason <text>', 'Why this report was dismissed')\n .option('--verdict <text>', 'AI verdict / triage rationale')\n .action(async function (this: Command, id: string, opts: { reason: string; verdict?: string }) {\n const client = new ApiClient();\n const body: Record<string, unknown> = { target: 'dismissed', dismissal_reason: opts.reason };\n if (opts.verdict) body['ai_verdict'] = opts.verdict;\n const data = await client.request<{ report: PlatformReportRow; cascaded_report_ids: string[] }>(\n 'PATCH',\n `/admin/reports/${encodeURIComponent(id)}/transition`,\n body,\n );\n console.log(`Dismissed ${data.report.report_id} (reason: ${opts.reason})`);\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\n\ninterface ReportResponse {\n report_id: string;\n created: boolean;\n fingerprint: string;\n}\n\nexport const reportBugCommand = new Command('report-bug')\n .description('Submit a report to the Rekor triage queue (deduplicated)')\n .requiredOption('--title <title>', 'Short summary')\n .requiredOption('--description <text>', 'What happened')\n .option('--source <source>', 'Origin: cli_report (default) | review | security_audit')\n .option('--classification <c>', 'Nature: bug (default) | flaky_test | security')\n .option('--dedup-key <key>', 'Stable dedup key (e.g. \"<file>::<test>\"); collapses repeat occurrences')\n .option('--severity <level>', 'low | medium | high | critical')\n .option('--steps <text>', 'Steps to reproduce')\n .option('--error-message <text>', 'Exact error text if any')\n .option('--context <text>', 'Additional context (logs, request IDs)')\n .option('--locale <code>', 'Notification locale (en | pt | es)', 'en')\n .option('--reporter-email <addr>', 'Override reporter email (defaults to session email)')\n .action(async function (\n this: Command,\n opts: {\n title: string;\n description: string;\n source?: string;\n classification?: string;\n dedupKey?: string;\n severity?: string;\n steps?: string;\n errorMessage?: string;\n context?: string;\n locale?: string;\n reporterEmail?: string;\n },\n ) {\n const client = new ApiClient();\n const body: Record<string, unknown> = {\n title: opts.title,\n description: opts.description,\n locale: opts.locale,\n };\n if (opts.source) body['source'] = opts.source;\n if (opts.classification) body['classification'] = opts.classification;\n if (opts.dedupKey) body['dedup_key'] = opts.dedupKey;\n if (opts.severity) body['severity'] = opts.severity;\n if (opts.steps) body['steps'] = opts.steps;\n if (opts.errorMessage) body['error_message'] = opts.errorMessage;\n if (opts.context) body['context'] = opts.context;\n if (opts.reporterEmail) body['reporter_email'] = opts.reporterEmail;\n\n const data = await client.request<ReportResponse>('POST', '/v1/reports', body);\n if (data.created) {\n console.log(`Report submitted (id: ${data.report_id}).`);\n console.log('Our team will review and follow up by email if you provided one.');\n } else {\n console.log(`A matching report already exists (id: ${data.report_id}) — your submission was merged into it.`);\n }\n });\n","import { Command } from 'commander';\nimport { execFileSync } from 'node:child_process';\nimport { isNewerVersion } from '../version.js';\nimport { NPM_PACKAGE } from '../version-check.js';\nimport pkg from '../../package.json' with { type: 'json' };\n\nexport const updateCommand = new Command('update')\n .description('Update the Rekor CLI to the latest published version')\n .action(() => {\n console.log(`Current version: ${pkg.version}`);\n console.log('Checking for updates...');\n let latest: string;\n try {\n // shell: true is required on Windows where npm is a .cmd shim.\n latest = execFileSync('npm', ['view', NPM_PACKAGE, 'version'], { timeout: 10_000, shell: true })\n .toString()\n .trim();\n } catch {\n console.error(`Could not reach npm to check for updates.`);\n console.error(`Try manually: npm install -g ${NPM_PACKAGE}`);\n process.exit(1);\n }\n\n if (!isNewerVersion(latest, pkg.version)) {\n console.log(`Already on the latest version (${pkg.version}).`);\n return;\n }\n\n console.log(`Updating ${pkg.version} → ${latest}...`);\n try {\n execFileSync('npm', ['install', '-g', `${NPM_PACKAGE}@latest`], {\n timeout: 120_000,\n shell: true,\n stdio: 'inherit',\n });\n console.log(`Updated to ${latest}.`);\n } catch (err) {\n console.error(`Update failed: ${err instanceof Error ? err.message : String(err)}`);\n console.error(`Try manually: npm install -g ${NPM_PACKAGE}`);\n process.exit(1);\n }\n });\n","/** Returns true if `latest` is a newer semver than `current`. Prerelease/build metadata is stripped. */\nexport function isNewerVersion(latest: string, current: string): boolean {\n const strip = (v: string) => v.replace(/[-+].*$/, '');\n const l = strip(latest).split('.').map(Number);\n const c = strip(current).split('.').map(Number);\n for (let i = 0; i < Math.max(l.length, c.length); i++) {\n const lv = l[i] ?? 0;\n const cv = c[i] ?? 0;\n if (Number.isNaN(lv) || Number.isNaN(cv)) return false;\n if (lv > cv) return true;\n if (lv < cv) return false;\n }\n return false;\n}\n","import { readFileSync, writeFileSync, mkdirSync } from 'node:fs';\nimport { join } from 'node:path';\nimport { execFile } from 'node:child_process';\nimport { CONFIG_DIR } from './config.js';\nimport { isNewerVersion } from './version.js';\nimport { isCI } from './env.js';\n\n/** npm package name — shared with the `update` command. */\nexport const NPM_PACKAGE = 'rekor-cli';\nconst CACHE_FILE = join(CONFIG_DIR, 'update-check.json');\nconst MAX_AGE_MS = 24 * 60 * 60 * 1000; // 24h\n\ninterface VersionCache {\n lastCheck: number;\n latest: string | null;\n}\n\nfunction isDisabled(): boolean {\n return Boolean(\n process.env['NO_UPDATE_NOTIFIER'] ||\n process.env['REKOR_NO_UPDATE_CHECK'] ||\n isCI(),\n );\n}\n\nfunction readCache(): VersionCache | null {\n try {\n const parsed = JSON.parse(readFileSync(CACHE_FILE, 'utf-8')) as VersionCache;\n if (typeof parsed.lastCheck !== 'number') return null;\n if (parsed.latest !== null && typeof parsed.latest !== 'string') return null;\n return parsed;\n } catch {\n return null;\n }\n}\n\nfunction writeCache(cache: VersionCache): void {\n try {\n mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });\n writeFileSync(CACHE_FILE, JSON.stringify(cache), { mode: 0o600 });\n } catch {\n // Cache write failures just mean we re-check next run — never fatal.\n }\n}\n\n/** Latest known version from cache if it's fresh and newer than `current`, else null. */\nexport function readCachedLatest(current: string): string | null {\n const cache = readCache();\n if (!cache?.latest) return null;\n if (Date.now() - cache.lastCheck > MAX_AGE_MS) return null;\n return isNewerVersion(cache.latest, current) ? cache.latest : null;\n}\n\nfunction notify(latest: string, current: string): void {\n console.error(`\\nUpdate available: ${current} → ${latest}\\nRun \\`rekor update\\` to update.`);\n}\n\n/**\n * Non-blocking update check. Prints a nudge to stderr from a fresh cache; otherwise spawns a\n * detached `npm view` to populate the cache for next time. Wrapped so it can never throw or\n * delay CLI exit (the spawned child is unref'd).\n */\nexport function checkForUpdates(current: string): void {\n if (isDisabled()) return;\n try {\n const cache = readCache();\n\n if (cache && Date.now() - cache.lastCheck < MAX_AGE_MS) {\n if (cache.latest && isNewerVersion(cache.latest, current)) notify(cache.latest, current);\n return;\n }\n\n // Sentinel write first so concurrent/rapid runs don't all spawn npm.\n writeCache({ lastCheck: Date.now(), latest: cache?.latest ?? null });\n\n // shell: true is required on Windows where npm is a .cmd shim.\n const child = execFile(\n 'npm',\n ['view', NPM_PACKAGE, 'version'],\n { timeout: 5000, shell: true },\n (err, stdout) => {\n if (err) return;\n const latest = stdout.trim();\n if (!latest) return;\n writeCache({ lastCheck: Date.now(), latest });\n if (isNewerVersion(latest, current)) notify(latest, current);\n },\n );\n // Let the CLI exit immediately; the refresh runs detached.\n child.unref();\n } catch {\n // Never block the CLI on an update check.\n }\n}\n","{\n \"name\": \"rekor-cli\",\n \"version\": \"0.1.35\",\n \"type\": \"module\",\n \"engines\": {\n \"node\": \">=20.0.0\"\n },\n \"bin\": {\n \"rekor\": \"dist/index.js\"\n },\n \"files\": [\n \"dist\"\n ],\n \"scripts\": {\n \"build\": \"tsup\",\n \"typecheck\": \"tsc --noEmit\",\n \"test\": \"vitest run\",\n \"dev\": \"tsup --watch\"\n },\n \"dependencies\": {\n \"@napi-rs/keyring\": \"^1.1.6\",\n \"chalk\": \"^5.4.1\",\n \"cli-table3\": \"^0.6.5\",\n \"commander\": \"^13.1.0\",\n \"open\": \"^11.0.0\"\n },\n \"optionalDependencies\": {\n \"@sentry/node\": \"^10.0.0\"\n },\n \"devDependencies\": {\n \"@types/node\": \"^25.5.0\",\n \"tsup\": \"^8.4.0\",\n \"typescript\": \"^5.8.2\",\n \"vitest\": \"~3.0.9\"\n }\n}\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { getFormat } from '../helpers.js';\n\nexport interface MeResponse {\n auth_kind: string;\n grants_summary: string;\n org_id?: string;\n user_id?: string;\n email?: string;\n orgs?: Array<{ org_id: string; name: string; role: string }>;\n}\n\nexport const whoamiCommand = new Command('whoami')\n .description('Show the authenticated identity')\n .action(async function (this: Command) {\n const client = new ApiClient();\n const me = await client.request<MeResponse>('GET', '/v1/auth/me');\n\n if (getFormat(this) === 'json') {\n console.log(JSON.stringify(me, null, 2));\n return;\n }\n\n console.log(`auth_kind: ${me.auth_kind}`);\n if (me.email) console.log(`email: ${me.email}`);\n if (me.user_id) console.log(`user_id: ${me.user_id}`);\n if (me.org_id) console.log(`org_id: ${me.org_id}`);\n console.log(`grants: ${me.grants_summary}`);\n if (me.orgs && me.orgs.length > 0) {\n console.log('organizations:');\n for (const o of me.orgs) {\n console.log(` ${o.name} (${o.org_id}) — ${o.role}`);\n }\n }\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { ApiError } from '../errors.js';\nimport { loadConfig } from '../config.js';\nimport { isAuthenticated } from '../auth.js';\nimport { getFormat } from '../helpers.js';\nimport { readCachedLatest } from '../version-check.js';\nimport type { MeResponse } from './whoami.js';\nimport pkg from '../../package.json' with { type: 'json' };\n\ninterface StatusSnapshot {\n logged_in: boolean;\n token_valid: boolean | null;\n api_url: string;\n auth_kind: string | null;\n email: string | null;\n org_id: string | null;\n grants: string | null;\n cli: { version: string; latest: string | null };\n}\n\nexport const statusCommand = new Command('status')\n .description('Show auth, connectivity, and CLI version diagnostics')\n .action(async function (this: Command) {\n const config = loadConfig();\n const loggedIn = await isAuthenticated();\n const cliLatest = readCachedLatest(pkg.version);\n\n // null means \"not determined\" (never set false just because no credential exists) —\n // it flips to false only on a real 401/403 rejection, avoiding a misleading verdict.\n let tokenValid: boolean | null = null;\n let me: MeResponse | null = null;\n if (loggedIn) {\n try {\n me = await new ApiClient().request<MeResponse>('GET', '/v1/auth/me');\n tokenValid = true;\n } catch (err) {\n if (err instanceof ApiError && (err.status === 401 || err.status === 403)) tokenValid = false;\n }\n }\n\n const snapshot: StatusSnapshot = {\n logged_in: loggedIn,\n token_valid: tokenValid,\n api_url: config.api_url,\n auth_kind: me?.auth_kind ?? null,\n email: me?.email ?? null,\n org_id: me?.org_id ?? null,\n grants: me?.grants_summary ?? null,\n cli: { version: pkg.version, latest: cliLatest },\n };\n\n if (getFormat(this) === 'json') {\n console.log(JSON.stringify(snapshot, null, 2));\n return;\n }\n\n if (!loggedIn) {\n console.log('Not logged in. Run `rekor login`.');\n console.log(`API: ${config.api_url}`);\n if (cliLatest) console.log(`CLI: ${pkg.version} (latest: ${cliLatest} — run \\`rekor update\\`)`);\n return;\n }\n\n const tokenStatus =\n tokenValid === true\n ? 'token valid'\n : tokenValid === false\n ? 'token rejected — run `rekor login` to re-authenticate'\n : 'token validity unknown — backend unreachable';\n console.log(`Logged in${me?.email ? ` as ${me.email}` : ''} — ${tokenStatus}`);\n console.log(`API: ${config.api_url}`);\n if (me?.auth_kind) console.log(`Auth: ${me.auth_kind}`);\n if (me?.org_id) console.log(`Org: ${me.org_id}`);\n if (me?.grants_summary) console.log(`Grants: ${me.grants_summary}`);\n if (cliLatest) console.log(`CLI: ${pkg.version} (latest: ${cliLatest} — run \\`rekor update\\`)`);\n });\n","import { homedir, platform, arch } from 'node:os';\nimport { ApiError } from './errors.js';\n\n// Optional dependency — loaded lazily and only when a DSN is configured.\ntype SentryModule = typeof import('@sentry/node');\n\nlet sentry: SentryModule | null = null;\n\nfunction getDsn(): string | undefined {\n if (process.env['REKOR_TELEMETRY_DISABLED']) return undefined;\n return process.env['REKOR_CLI_SENTRY_DSN'] || undefined;\n}\n\n// Structural subset — keeps scrubHome decoupled from the optional @sentry/node types.\ninterface ScrubbableEvent {\n exception?: {\n values?: Array<{\n value?: string;\n stacktrace?: { frames?: Array<{ filename?: string; abs_path?: string }> };\n }>;\n };\n}\n\n// Redact the home dir wherever it leaks — fs-error messages embed it, not just stack frames.\nexport function scrubHome<T extends ScrubbableEvent>(event: T, home: string): T {\n const root = home.replace(/[\\\\/]+$/, '');\n if (!root) return event;\n const re = new RegExp(root.replace(/[.*+?^${}()|[\\]\\\\]/g, '\\\\$&') + '(?=[\\\\\\\\/]|$)', 'g');\n const scrub = (s: string): string => s.replace(re, '~');\n for (const value of event.exception?.values ?? []) {\n if (value.value) value.value = scrub(value.value);\n for (const frame of value.stacktrace?.frames ?? []) {\n if (frame.filename) frame.filename = scrub(frame.filename);\n if (frame.abs_path) frame.abs_path = scrub(frame.abs_path);\n }\n }\n return event;\n}\n\n/**\n * Initialize crash reporting. No-op unless `REKOR_CLI_SENTRY_DSN` is set and\n * `REKOR_TELEMETRY_DISABLED` is unset. The `@sentry/node` import is guarded so a missing\n * optional dependency degrades to silence rather than crashing.\n */\nexport async function initTelemetry(command: string | undefined, version: string): Promise<void> {\n if (sentry) return;\n const dsn = getDsn();\n if (!dsn) return;\n try {\n const mod = await import('@sentry/node');\n const home = homedir();\n mod.init({\n dsn,\n tracesSampleRate: 0,\n release: `rekor-cli@${version}`,\n environment: 'production',\n defaultIntegrations: false,\n beforeSend: (event) => scrubHome(event, home),\n });\n mod.setTag('command', command || 'unknown');\n mod.setTag('node_version', process.version);\n mod.setTag('os_platform', platform());\n mod.setTag('os_arch', arch());\n sentry = mod;\n } catch {\n sentry = null;\n }\n}\n\n/** Report an unexpected error. Skips when telemetry is off and skips expected (4xx) API errors. */\nexport function captureException(err: unknown): void {\n if (!sentry) return;\n if (err instanceof ApiError && err.isExpected) return;\n try {\n sentry.captureException(err);\n } catch {\n // Best-effort.\n }\n}\n\n/** Flush and close. Safe to call when telemetry was never initialized. */\nexport async function closeTelemetry(): Promise<void> {\n if (!sentry) return;\n try {\n await sentry.close(2000);\n } catch {\n // Best-effort.\n }\n sentry = null;\n}\n","import { program } from './program.js';\nimport { checkForUpdates } from './version-check.js';\nimport { handleCliError } from './errors.js';\nimport { initTelemetry, captureException, closeTelemetry } from './telemetry.js';\nimport pkg from '../package.json' with { type: 'json' };\n\nconst SKIP_UPDATE_CHECK = ['--version', '-v', '--help', '-h', 'help', 'update'];\nconst command = process.argv[2];\n\nasync function main(): Promise<void> {\n await initTelemetry(command, pkg.version);\n await program.parseAsync();\n if (command && !SKIP_UPDATE_CHECK.includes(command)) {\n checkForUpdates(pkg.version);\n }\n}\n\nmain()\n .then(() => closeTelemetry())\n .catch(async (err) => {\n handleCliError(err);\n captureException(err);\n await closeTelemetry();\n process.exit(1);\n });\n"],"mappings":";;;AAAA,SAAS,WAAAA,iBAAe;;;ACAxB,SAAS,eAAe;;;ACAxB,SAAS,cAAc,eAAe,iBAAiB;AACvD,SAAS,YAAY;AACrB,SAAS,eAAe;AAExB,IAAM,aAAa,KAAK,QAAQ,GAAG,WAAW,OAAO;AACrD,IAAM,cAAc,KAAK,YAAY,aAAa;AAc3C,SAAS,aAAqB;AACnC,QAAM,SAAS,QAAQ,IAAI,eAAe;AAE1C,MAAI;AACF,UAAM,MAAM,aAAa,aAAa,OAAO;AAC7C,UAAM,SAAS,KAAK,MAAM,GAAG;AAC7B,WAAO;AAAA,MACL,SAAS,UAAU,OAAO,WAAW;AAAA,MACrC,kBAAkB,OAAO;AAAA,MACzB,QAAQ,OAAO;AAAA,IACjB;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,MACL,SAAS,UAAU;AAAA,IACrB;AAAA,EACF;AACF;AAEO,SAAS,WAAW,QAAsB;AAC/C,YAAU,YAAY,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AACtD,MAAI,WAAuB,CAAC;AAC5B,MAAI;AACF,eAAW,KAAK,MAAM,aAAa,aAAa,OAAO,CAAC;AAAA,EAC1D,QAAQ;AACN,eAAW,CAAC;AAAA,EACd;AACA,QAAM,SAAqB,EAAE,GAAG,UAAU,GAAG,OAAO;AACpD,gBAAc,aAAa,KAAK,UAAU,QAAQ,MAAM,CAAC,GAAG,EAAE,MAAM,IAAM,CAAC;AAC7E;;;AC/CA,YAAY,QAAQ;AAGpB,IAAM,kBAAkB;AACxB,IAAM,UAAU;AAChB,IAAM,mBAAmB;AACzB,IAAM,oBAAoB;AAQ1B,IAAI;AAEJ,eAAe,aAA6C;AAC1D,MAAI,iBAAiB,OAAW,QAAO;AACvC,MAAI;AACF,UAAM,MAAM,MAAM,OAAO,kBAAkB;AAC3C,UAAM,QAAQ,IAAI;AAClB,mBAAe;AAAA,MACb,MAAM,YAAY,SAAS,SAAS;AAClC,YAAI;AAAE,iBAAO,IAAI,MAAM,SAAS,OAAO,EAAE,YAAY;AAAA,QAAG,QAAQ;AAAE,iBAAO;AAAA,QAAM;AAAA,MACjF;AAAA,MACA,MAAM,YAAY,SAAS,SAAS,UAAU;AAC5C,YAAI,MAAM,SAAS,OAAO,EAAE,YAAY,QAAQ;AAAA,MAClD;AAAA,MACA,MAAM,eAAe,SAAS,SAAS;AACrC,YAAI;AAAE,iBAAO,IAAI,MAAM,SAAS,OAAO,EAAE,eAAe;AAAA,QAAG,QAAQ;AAAE,iBAAO;AAAA,QAAO;AAAA,MACrF;AAAA,IACF;AAAA,EACF,QAAQ;AACN,mBAAe;AAAA,EACjB;AACA,SAAO;AACT;AAEA,SAAS,qBAAqB,SAAyB;AACrD,MAAI,QAAQ,aAAa,UAAU;AACjC,WAAO,uCAAuC,eAAe,OAAO,OAAO;AAAA,EAC7E;AACA,MAAI,QAAQ,aAAa,SAAS;AAChC,WAAO,kBAAkB,eAAe,IAAI,OAAO;AAAA,EACrD;AACA,MAAI,QAAQ,aAAa,SAAS;AAChC,WAAO,6BAA6B,eAAe,YAAY,OAAO;AAAA,EACxE;AACA,SAAO,oBAAoB,eAAe,cAAc,OAAO;AACjE;AAaA,SAAS,iBAA0C;AACjD,MAAI,CAAI,cAAW,WAAW,EAAG,QAAO;AACxC,MAAI;AACF,WAAO,KAAK,MAAS,gBAAa,aAAa,OAAO,CAAC;AAAA,EACzD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,gBAAgB,MAA8B;AACrD,MAAI,CAAI,cAAW,UAAU,GAAG;AAC9B,IAAG,aAAU,YAAY,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AAAA,EAC3D;AACA,EAAG,iBAAc,aAAa,KAAK,UAAU,MAAM,MAAM,CAAC,GAAG,EAAE,MAAM,IAAM,CAAC;AAC9E;AAGO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAC/C,YAA4B,SAAiB;AAC3C;AAAA,MACE,iDAAiD,OAAO;AAAA,IAClB,qBAAqB,OAAO,CAAC;AAAA,IACrE;AAJ0B;AAK1B,SAAK,OAAO;AAAA,EACd;AACF;AAEA,eAAe,UAAU,SAAyB,SAAmC;AACnF,QAAM,QAAQ,eAAe,iBAAiB,OAAO;AACrD,MAAI;AACF,WAAQ,MAAM,QAAQ,YAAY,iBAAiB,OAAO,MAAO;AAAA,EACnE,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAMA,SAAS,2BAAiC;AACxC,QAAM,WAAW,eAAe;AAChC,MAAI,CAAC,SAAU;AACf,MAAI,SAAS,UAAU,UAAa,SAAS,iBAAiB,UAAa,SAAS,kBAAkB,OAAW;AACjH,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,kBAAgB,QAAQ;AAC1B;AAEA,SAAS,wBAA4C;AACnD,SAAO,eAAe,GAAG;AAC3B;AAEA,SAAS,uBAAuB,OAAiC;AAC/D,QAAM,WAAW,eAAe,KAAK,CAAC;AACtC,MAAI,UAAU,QAAW;AACvB,WAAO,SAAS;AAAA,EAClB,OAAO;AACL,aAAS,mBAAmB;AAAA,EAC9B;AACA,kBAAgB,QAAQ;AAC1B;AAEA,eAAe,uBAAuB,SAA+D;AACnG,QAAM,WAAW,eAAe;AAChC,MAAI,CAAC,SAAU,QAAO;AAGtB,MAAI,SAAS,cAAc;AACzB,UAAM,MAAqB;AAAA,MACzB,MAAM;AAAA,MACN,cAAc,SAAS;AAAA,MACvB,eAAe,SAAS;AAAA,MACxB,YAAY,SAAS;AAAA,IACvB;AACA,QAAI,SAAS;AACX,UAAI;AAEF,cAAM,iBAAiB,MAAM,QAAQ,YAAY,iBAAiB,gBAAgB;AAClF,YAAI,CAAC,gBAAgB;AACnB,gBAAM,QAAQ,YAAY,iBAAiB,kBAAkB,SAAS,YAAY;AAClF,cAAI,SAAS,eAAe;AAC1B,kBAAM,QAAQ,YAAY,iBAAiB,mBAAmB,SAAS,aAAa;AAAA,UACtF;AAAA,QACF;AACA,YAAI;AAAE,mCAAyB;AAAA,QAAG,SAAS,KAAK;AAC9C,kBAAQ,KAAK,mDAAmD,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,QAC5G;AAAA,MACF,SAAS,KAAK;AACZ,gBAAQ,KAAK,8CAA+C,IAAc,OAAO,iCAAiC;AAAA,MACpH;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,MAAI,SAAS,OAAO;AAClB,UAAM,QAAQ,SAAS;AACvB,QAAI,CAAC,QAAS,QAAO,EAAE,MAAM,OAAO,MAAM;AAC1C,QAAI;AACF,YAAM,cAAc,MAAM,QAAQ,YAAY,iBAAiB,OAAO;AACtE,UAAI,aAAa;AAEf,YAAI;AAAE,mCAAyB;AAAA,QAAG,SAAS,KAAK;AAC9C,kBAAQ,KAAK,2CAA2C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,QACpG;AACA,eAAO;AAAA,MACT;AACA,YAAM,QAAQ,YAAY,iBAAiB,SAAS,KAAK;AACzD,UAAI;AAAE,iCAAyB;AAAA,MAAG,SAAS,KAAK;AAC9C,gBAAQ,KAAK,4CAA4C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,MACrG;AAAA,IACF,SAAS,KAAK;AACZ,cAAQ,KAAK,qCAAsC,IAAc,OAAO,uCAAuC;AAAA,IACjH;AACA,WAAO,EAAE,MAAM,OAAO,MAAM;AAAA,EAC9B;AAEA,SAAO;AACT;AAGA,eAAsB,mBAAkD;AACtE,QAAM,WAAW,QAAQ,IAAI,aAAa;AAC1C,MAAI,UAAU;AAEZ,WAAO,EAAE,MAAM,OAAO,OAAO,SAAS;AAAA,EACxC;AAEA,QAAM,UAAU,MAAM,WAAW;AACjC,QAAM,WAAW,MAAM,uBAAuB,OAAO;AACrD,MAAI,SAAU,QAAO;AAErB,MAAI,SAAS;AAEX,UAAM,CAAC,KAAK,QAAQ,OAAO,IAAI,MAAM,QAAQ,IAAI;AAAA,MAC/C,QAAQ,YAAY,iBAAiB,OAAO;AAAA,MAC5C,QAAQ,YAAY,iBAAiB,gBAAgB;AAAA,MACrD,QAAQ,YAAY,iBAAiB,iBAAiB;AAAA,IACxD,CAAC;AACD,QAAI,IAAK,QAAO,EAAE,MAAM,OAAO,OAAO,IAAI;AAC1C,QAAI,QAAQ;AACV,YAAM,MAAqB,EAAE,MAAM,SAAS,cAAc,OAAO;AACjE,UAAI,QAAS,KAAI,gBAAgB;AACjC,YAAM,YAAY,sBAAsB;AACxC,UAAI,UAAW,KAAI,aAAa;AAChC,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAaA,eAAsB,YAAY,OAA8B;AAC9D,QAAM,UAAU,MAAM,WAAW;AACjC,MAAI,SAAS;AACX,QAAI;AAEF,YAAM,CAAC,eAAe,cAAc,IAAI,MAAM,QAAQ,IAAI;AAAA,QACxD,UAAU,SAAS,gBAAgB;AAAA,QACnC,UAAU,SAAS,iBAAiB;AAAA,MACtC,CAAC;AACD,YAAM,QAAQ;AAAA,QACZ,gBAAgB,OAAO;AAAA,QACvB,iBAAiB,OAAO;AAAA,MAC1B,EAAE,OAAO,CAAC,MAAmB,MAAM,IAAI;AACvC,UAAI,MAAM,SAAS,GAAG;AACpB,gBAAQ;AAAA,UACN;AAAA,YACE;AAAA,YACA,GAAG,MAAM,IAAI,OAAK,KAAK,qBAAqB,CAAC,CAAC,EAAE;AAAA,UAClD,EAAE,KAAK,IAAI;AAAA,QACb;AAAA,MACF;AACA,YAAM,QAAQ,YAAY,iBAAiB,SAAS,KAAK;AACzD,6BAAuB,MAAS;AAChC,UAAI;AAAE,iCAAyB;AAAA,MAAG,SAAS,KAAK;AAC9C,gBAAQ,KAAK,4CAA4C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,MACrG;AACA;AAAA,IACF,SAAS,KAAK;AACZ,UAAI,eAAe,sBAAuB,OAAM;AAChD,cAAQ,KAAK,iCAAkC,IAAc,OAAO,kCAAkC;AAAA,IACxG;AAAA,EACF;AACA,QAAM,WAAW,eAAe,KAAK,CAAC;AACtC,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,WAAS,QAAQ;AACjB,kBAAgB,QAAQ;AAC1B;AAEA,eAAsB,eACpB,aACA,cACA,WACe;AACf,QAAM,UAAU,MAAM,WAAW;AACjC,MAAI,SAAS;AACX,QAAI;AAEF,UAAI,CAAE,MAAM,UAAU,SAAS,OAAO,GAAI;AACxC,cAAM,IAAI,sBAAsB,OAAO;AAAA,MACzC;AACA,YAAM,QAAQ,YAAY,iBAAiB,kBAAkB,WAAW;AACxE,UAAI,cAAc;AAChB,cAAM,QAAQ,YAAY,iBAAiB,mBAAmB,YAAY;AAAA,MAC5E,OAAO;AAEL,cAAM,UAAU,SAAS,iBAAiB;AAAA,MAC5C;AACA,6BAAuB,SAAS;AAChC,UAAI;AAAE,iCAAyB;AAAA,MAAG,SAAS,KAAK;AAC9C,gBAAQ,KAAK,4CAA4C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,MACrG;AACA;AAAA,IACF,SAAS,KAAK;AAEZ,UAAI,eAAe,sBAAuB,OAAM;AAChD,cAAQ,KAAK,iCAAkC,IAAc,OAAO,kCAAkC;AAAA,IACxG;AAAA,EACF;AACA,QAAM,WAAW,eAAe,KAAK,CAAC;AACtC,SAAO,SAAS;AAChB,WAAS,eAAe;AACxB,MAAI,aAAc,UAAS,gBAAgB;AAC3C,WAAS,mBAAmB;AAC5B,kBAAgB,QAAQ;AAC1B;AAMA,eAAsB,iBAAgC;AACpD,QAAM,UAAU,MAAM,WAAW;AACjC,MAAI,SAAS;AACX,UAAM,QAAQ,CAAC,SAAS,kBAAkB,iBAAiB;AAC3D,UAAM,UAAU,MAAM,QAAQ,IAAI,MAAM,IAAI,OAAK,UAAU,SAAS,CAAC,CAAC,CAAC;AACvE,eAAW,CAAC,GAAG,EAAE,KAAK,QAAQ,QAAQ,GAAG;AACvC,UAAI,CAAC,IAAI;AACP,cAAM,UAAU,MAAM,CAAC;AACvB,gBAAQ;AAAA,UACN,yCAAyC,OAAO;AAAA,IAAuE,qBAAqB,OAAO,CAAC;AAAA,QACtJ;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,QAAM,WAAW,eAAe;AAChC,MAAI,UAAU;AACZ,QAAI,QAAQ;AACZ,eAAW,KAAK,CAAC,SAAS,gBAAgB,iBAAiB,kBAAkB,GAAY;AACvF,UAAI,SAAS,CAAC,MAAM,QAAW;AAC7B,eAAO,SAAS,CAAC;AACjB,gBAAQ;AAAA,MACV;AAAA,IACF;AACA,QAAI,MAAO,iBAAgB,QAAQ;AAAA,EACrC;AACF;;;AC7UA,YAAY,UAAU;AAGf,IAAM,sBAAsB;AAEnC,IAAM,yBAAyB;AAC/B,IAAM,4BAA4B;AAE3B,SAAS,mBAA2B;AACzC,SAAO,QAAQ,IAAI,sBAAsB,KAAK;AAChD;AAEO,SAAS,qBAA6B;AAC3C,SAAO,QAAQ,IAAI,yBAAyB,KAAK;AACnD;AAQO,SAAS,eAAe,kBAAkC;AAC/D,SAAO,IAAI,KAAK,KAAK,IAAI,IAAI,mBAAmB,GAAI,EAAE,YAAY;AACpE;AAMO,SAAS,2BAA2B,cAAiD;AAC1F,MAAI,aAAc,QAAO;AACzB,SACE;AAIJ;AAEA,SAAS,gBAAgB,OAA+B;AACtD,MAAI,OAAO,UAAU,YAAY,UAAU,MAAM;AAC/C,UAAM,IAAI,MAAM,6CAA6C;AAAA,EAC/D;AACA,QAAM,IAAI;AACV,MAAI,OAAO,EAAE,iBAAiB,YAAY,OAAO,EAAE,eAAe,UAAU;AAC1E,UAAM,IAAI,MAAM,+CAA+C;AAAA,EACjE;AACA,QAAM,MAAqB,EAAE,cAAc,EAAE,cAAc,YAAY,EAAE,WAAW;AACpF,MAAI,OAAO,EAAE,kBAAkB,SAAU,KAAI,gBAAgB,EAAE;AAC/D,SAAO;AACT;AAEA,eAAsB,sBACpB,eACA,UACA,MACA,cACA,aACwB;AACxB,QAAM,WAAW,MAAM,MAAM,GAAG,aAAa,iBAAiB;AAAA,IAC5D,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,IAC/D,MAAM,IAAI,gBAAgB;AAAA,MACxB,YAAY;AAAA,MACZ;AAAA,MACA,eAAe;AAAA,MACf,cAAc;AAAA,MACd,WAAW;AAAA,IACb,CAAC,EAAE,SAAS;AAAA,EACd,CAAC;AAED,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,UAAM,IAAI,MAAM,0BAA0B,SAAS,MAAM,MAAM,IAAI,EAAE;AAAA,EACvE;AAEA,SAAO,gBAAgB,MAAM,SAAS,KAAK,CAAC;AAC9C;AAEO,IAAM,sBAAN,cAAkC,MAAM;AAAA,EAC7C,cAAc;AACZ,UAAM,iBAAiB;AACvB,SAAK,OAAO;AAAA,EACd;AACF;AAEA,eAAsB,mBACpB,eACA,UACA,cACwB;AACxB,QAAM,WAAW,MAAM,MAAM,GAAG,aAAa,iBAAiB;AAAA,IAC5D,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,IAC/D,MAAM,IAAI,gBAAgB;AAAA,MACxB,YAAY;AAAA,MACZ,eAAe;AAAA,MACf,WAAW;AAAA,IACb,CAAC,EAAE,SAAS;AAAA,EACd,CAAC;AAED,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,SAAS,SAAS;AACxB,UAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,QAAI,WAAW,OAAO,WAAW,KAAK;AACpC,UAAI;AACF,cAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,YAAI,OAAO,UAAU,gBAAiB,OAAM,IAAI,oBAAoB;AAAA,MACtE,SAAS,KAAK;AACZ,YAAI,eAAe,oBAAqB,OAAM;AAAA,MAEhD;AAAA,IACF;AAEA,UAAM,IAAI,MAAM,yBAAyB,MAAM,MAAM,IAAI,EAAE;AAAA,EAC7D;AAEA,SAAO,gBAAgB,MAAM,SAAS,KAAK,CAAC;AAC9C;AAEO,SAAS,oBACd,MACA,eACA,YAAoB,MACO;AAC3B,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,QAAI,UAAU;AACd,UAAM,SAAc,kBAAa,CAAC,KAAK,QAAQ;AAC7C,YAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,oBAAoB,IAAI,EAAE;AAC9D,UAAI,IAAI,aAAa,aAAa;AAChC,YAAI,UAAU,GAAG;AACjB,YAAI,IAAI;AACR;AAAA,MACF;AAEA,UAAI,SAAS;AACX,YAAI,UAAU,GAAG;AACjB,YAAI,IAAI;AACR;AAAA,MACF;AAEA,YAAM,OAAO,IAAI,aAAa,IAAI,MAAM;AACxC,YAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,YAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,YAAM,mBAAmB,IAAI,aAAa,IAAI,mBAAmB;AAEjE,UAAI,OAAO;AACT,kBAAU;AACV,YAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,YAAI,IAAI,UAAU,oBAAoB,KAAK,CAAC;AAC5C,gBAAQ;AACR,eAAO,IAAI,MAAM,gBAAgB,oBAAoB,KAAK,EAAE,CAAC;AAC7D;AAAA,MACF;AAEA,UAAI,UAAU,eAAe;AAC3B,kBAAU;AACV,YAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,YAAI,IAAI,UAAU,yBAAyB,CAAC;AAC5C,gBAAQ;AACR,eAAO,IAAI,MAAM,mDAA8C,CAAC;AAChE;AAAA,MACF;AAEA,UAAI,CAAC,MAAM;AACT,kBAAU;AACV,YAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,YAAI,IAAI,UAAU,gCAAgC,CAAC;AACnD,gBAAQ;AACR,eAAO,IAAI,MAAM,gCAAgC,CAAC;AAClD;AAAA,MACF;AAEA,gBAAU;AACV,UAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,UAAI,IAAI,YAAY,CAAC;AACrB,cAAQ;AACR,cAAQ,EAAE,KAAK,CAAC;AAAA,IAClB,CAAC;AAED,UAAM,UAAU,WAAW,MAAM;AAC/B,cAAQ;AACR,aAAO,IAAI,MAAM,uDAAuD,CAAC;AAAA,IAC3E,GAAG,SAAS;AAEZ,aAAS,UAAgB;AACvB,mBAAa,OAAO;AACpB,aAAO,MAAM;AAAA,IACf;AAEA,WAAO,GAAG,SAAS,CAAC,QAA+B;AACjD,cAAQ;AACR,UAAI,IAAI,SAAS,cAAc;AAC7B,eAAO,IAAI,MAAM,QAAQ,IAAI,gDAAgD,CAAC;AAAA,MAChF,OAAO;AACL,eAAO,GAAG;AAAA,MACZ;AAAA,IACF,CAAC;AAED,WAAO,OAAO,MAAM,WAAW;AAAA,EACjC,CAAC;AACH;AAEA,SAAS,cAAsB;AAC7B,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAQT;AAGA,SAAS,WAAW,OAAuB;AACzC,SAAO,MACJ,QAAQ,MAAM,OAAO,EACrB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,QAAQ,EACtB,QAAQ,MAAM,OAAO;AAC1B;AAEA,SAAS,UAAU,SAAyB;AAC1C,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA,kDAKyC,WAAW,OAAO,CAAC;AAAA;AAAA;AAGrE;;;ACrOA,eAAsB,MAAM,OAAe,QAAgC;AACzE,QAAM,YAAY,KAAK;AACvB,QAAM,SAAS,WAAW;AAC1B,aAAW;AAAA,IACT,GAAG;AAAA,IACH,SAAS,UAAU,OAAO;AAAA,EAC5B,CAAC;AACH;AAEA,IAAM,oBAAoB;AAG1B,eAAsB,iBAAyC;AAC7D,QAAM,WAAW,MAAM,iBAAiB;AACxC,MAAI,CAAC,SAAU,QAAO;AAEtB,MAAI,SAAS,SAAS,MAAO,QAAO,SAAS;AAG7C,QAAM,cAAc,SAAS,aAAa,IAAI,KAAK,SAAS,UAAU,EAAE,QAAQ,IAAI,OAAO;AAC3F,MAAI,CAAC,OAAO,SAAS,WAAW,KAAK,cAAc,KAAK,IAAI,IAAI,mBAAmB;AACjF,WAAO,SAAS;AAAA,EAClB;AACA,MAAI,CAAC,SAAS,eAAe;AAC3B,UAAM,IAAI,MAAM,+EAA+E;AAAA,EACjG;AAEA,MAAI;AACF,UAAM,SAAS,MAAM,mBAAmB,iBAAiB,GAAG,mBAAmB,GAAG,SAAS,aAAa;AACxG,UAAM,eAAe,eAAe,OAAO,UAAU;AACrD,UAAM,eAAe,OAAO,cAAc,OAAO,iBAAiB,SAAS,eAAe,YAAY;AACtG,WAAO,OAAO;AAAA,EAChB,SAAS,KAAK;AACZ,QAAI,eAAe,qBAAqB;AACtC,YAAM,eAAe;AACrB,YAAM,IAAI,MAAM,2CAA2C;AAAA,IAC7D;AACA,UAAM;AAAA,EACR;AACF;AAGA,eAAsB,kBAAyD;AAC7E,QAAM,WAAW,MAAM,iBAAiB;AACxC,SAAO,UAAU,QAAQ;AAC3B;AAEA,eAAsB,kBAAoC;AACxD,SAAQ,MAAM,iBAAiB,MAAO;AACxC;;;ACtDA,YAAY,YAAY;AAEjB,SAAS,uBAA+B;AAC7C,SAAc,mBAAY,EAAE,EAAE,SAAS,WAAW;AACpD;AAEO,SAAS,sBAAsB,UAA0B;AAC9D,SAAc,kBAAW,QAAQ,EAAE,OAAO,QAAQ,EAAE,OAAO,EAAE,SAAS,WAAW;AACnF;AAEO,SAAS,gBAAwB;AACtC,SAAc,mBAAY,EAAE,EAAE,SAAS,WAAW;AACpD;;;ACVO,SAAS,OAAgB;AAC9B,SAAO,QAAQ,QAAQ,IAAI,IAAI,CAAC;AAClC;AAGO,SAAS,gBAAyB;AACvC,SAAO,QAAQ,QAAQ,MAAM,SAAS,QAAQ,OAAO,KAAK;AAC5D;AAGO,SAAS,QAAiB;AAC/B,SAAO,QAAQ,QAAQ,IAAI,gBAAgB,KAAK,QAAQ,IAAI,SAAS,CAAC;AACxE;;;ANMA,IAAM,wBAAwB;AAEvB,IAAM,eAAe,IAAI,QAAQ,OAAO,EAC5C,YAAY,yBAAyB,EACrC,OAAO,mBAAmB,kDAAkD,EAC5E,OAAO,mBAAmB,cAAc,EACxC,OAAO,OAAO,SAA8C;AAC3D,MAAI,KAAK,OAAO;AACd,UAAM,MAAM,KAAK,OAAO,KAAK,MAAM;AACnC,YAAQ,IAAI,4BAA4B;AACxC;AAAA,EACF;AAIA,QAAM,iBAAiB,KAAK,MAAM;AAClC,UAAQ,IAAI,4BAA4B;AAC1C,CAAC;AAEH,eAAe,iBAAiB,QAAgC;AAC9D,QAAM,eAAe,qBAAqB;AAC1C,QAAM,gBAAgB,sBAAsB,YAAY;AACxD,QAAM,QAAQ,cAAc;AAE5B,QAAM,OAAO;AACb,QAAM,cAAc,oBAAoB,IAAI;AAE5C,QAAM,gBAAgB,iBAAiB;AACvC,QAAM,WAAW,mBAAmB;AAEpC,QAAM,eAAe,IAAI,IAAI,GAAG,aAAa,mBAAmB;AAChE,eAAa,aAAa,IAAI,aAAa,QAAQ;AACnD,eAAa,aAAa,IAAI,gBAAgB,WAAW;AACzD,eAAa,aAAa,IAAI,iBAAiB,MAAM;AACrD,eAAa,aAAa,IAAI,kBAAkB,aAAa;AAC7D,eAAa,aAAa,IAAI,yBAAyB,MAAM;AAC7D,eAAa,aAAa,IAAI,SAAS,KAAK;AAG5C,eAAa,aAAa,IAAI,SAAS,qCAAqC;AAG5E,QAAM,kBAAkB,oBAAoB,MAAM,KAAK;AAEvD,MAAI;AACJ,MAAI,MAAM,GAAG;AAEX,YAAQ,IAAI,mEAAmE;AAC/E,YAAQ,IAAI,aAAa,SAAS,CAAC;AAAA,EACrC,OAAO;AACL,YAAQ,IAAI,uCAAuC;AACnD,UAAM,OAAO,MAAM,OAAO,MAAM,EAAE,KAAK,OAAK,EAAE,OAAO;AAGrD,QAAI,kBAAkB;AACtB,oBAAgB,WAAW,MAAM;AAC/B,wBAAkB;AAClB,cAAQ,IAAI,sCAAsC,aAAa,SAAS,CAAC,EAAE;AAAA,IAC7E,GAAG,qBAAqB;AAExB,SAAK,aAAa,SAAS,CAAC,EAAE,MAAM,MAAM;AACxC,UAAI,gBAAiB;AACrB,mBAAa,aAAa;AAC1B,cAAQ,IAAI,uCAAuC;AACnD,cAAQ,IAAI,UAAU,aAAa,SAAS,CAAC,EAAE;AAAA,IACjD,CAAC;AAAA,EACH;AAEA,MAAI;AACJ,MAAI;AACF,KAAC,EAAE,KAAK,IAAI,MAAM;AAAA,EACpB,UAAE;AACA,QAAI,cAAe,cAAa,aAAa;AAAA,EAC/C;AAEA,QAAM,SAAS,MAAM,sBAAsB,eAAe,UAAU,MAAM,cAAc,WAAW;AACnG,QAAM,YAAY,eAAe,OAAO,UAAU;AAClD,QAAM,eAAe,OAAO,cAAc,OAAO,eAAe,SAAS;AAEzE,QAAM,mBAAmB,2BAA2B,OAAO,aAAa;AACxE,MAAI,iBAAkB,SAAQ,KAAK,gBAAgB;AAEnD,QAAM,SAAS,WAAW;AAC1B,aAAW;AAAA,IACT,GAAG;AAAA,IACH,SAAS,UAAU,OAAO;AAAA,EAC5B,CAAC;AACH;;;AO3GA,SAAS,WAAAC,gBAAe;;;ACCjB,IAAM,WAAN,cAAuB,MAAM;AAAA,EAClC,YACkB,QAChB,SACgB,MACA,MAChB;AACA,UAAM,OAAO;AALG;AAEA;AACA;AAGhB,SAAK,OAAO;AAAA,EACd;AAAA;AAAA,EAGA,IAAI,aAAsB;AACxB,WAAO,KAAK,UAAU,OAAO,KAAK,SAAS;AAAA,EAC7C;AACF;AAGO,SAAS,aAAa,KAA6B;AACxD,MAAI,EAAE,eAAe,UAAW,QAAO;AACvC,UAAQ,IAAI,QAAQ;AAAA,IAClB,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT;AACE,UAAI,IAAI,UAAU,IAAK,QAAO;AAC9B,aAAO;AAAA,EACX;AACF;AAGO,SAAS,eAAe,KAAoB;AACjD,QAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,UAAQ,MAAM,UAAU,OAAO,EAAE;AACjC,QAAM,OAAO,aAAa,GAAG;AAC7B,MAAI,KAAM,SAAQ,MAAM,IAAI;AAC9B;;;ACtCO,IAAM,YAAN,MAAgB;AAAA,EACZ;AAAA,EACD;AAAA,EAER,cAAc;AACZ,UAAM,SAAS,WAAW;AAC1B,SAAK,UAAU,OAAO;AAAA,EACxB;AAAA,EAEQ,WAAmC;AACzC,QAAI,CAAC,KAAK,cAAe,MAAK,gBAAgB,eAAe;AAC7D,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAc,cAA+C;AAC3D,UAAM,QAAQ,MAAM,KAAK,SAAS;AAClC,WAAO,QAAQ,EAAE,iBAAiB,UAAU,KAAK,GAAG,IAAI,CAAC;AAAA,EAC3D;AAAA,EAEA,MAAM,QAAqB,QAAgB,MAAc,MAA4B;AACnF,UAAM,MAAM,MAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI,IAAI;AAAA,MAChD;AAAA,MACA,SAAS;AAAA,QACP,GAAI,MAAM,KAAK,YAAY;AAAA,QAC3B,gBAAgB;AAAA,MAClB;AAAA,MACA,MAAM,OAAO,KAAK,UAAU,IAAI,IAAI;AAAA,IACtC,CAAC;AAID,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,QAAI;AACJ,QAAI,MAAM;AACR,UAAI;AACF,iBAAS,KAAK,MAAM,IAAI;AAAA,MAC1B,QAAQ;AACN,iBAAS;AAAA,MACX;AAAA,IACF;AAEA,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,IAAI;AAAA,QACR,IAAI;AAAA,QACJ,QAAQ,OAAO,WAAW,QAAQ,IAAI,MAAM;AAAA,QAC5C,QAAQ,OAAO;AAAA,QACf;AAAA,MACF;AAAA,IACF;AACA,WAAO,QAAQ;AAAA,EACjB;AAAA,EAEA,MAAM,WAAW,KAAa,MAAgB,aAAoC;AAChF,UAAM,MAAM,MAAM,MAAM,KAAK;AAAA,MAC3B,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,GAAI,MAAM,KAAK,YAAY;AAAA,QAC3B,gBAAgB;AAAA,MAClB;AAAA,MACA;AAAA,IACF,CAAC;AACD,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,IAAI,SAAS,IAAI,QAAQ,uBAAuB,IAAI,MAAM,EAAE;AAAA,IACpE;AAAA,EACF;AACF;;;AFhEO,IAAM,gBAAgB,IAAIC,SAAQ,QAAQ,EAC9C,YAAY,0CAA0C,EACtD,OAAO,YAAY;AAClB,QAAM,OAAO,MAAM,gBAAgB;AAInC,MAAI,SAAS,SAAS;AACpB,QAAI;AACF,YAAM,SAAS,IAAI,UAAU;AAC7B,YAAM,OAAO,QAAQ,QAAQ,iBAAiB;AAAA,IAChD,SAAS,KAAK;AACZ,cAAQ,KAAK,qCAAqC,eAAe,QAAQ,IAAI,UAAU,SAAS,uCAAuC;AAAA,IACzI;AAAA,EACF;AAEA,QAAM,eAAe;AACrB,UAAQ,IAAI,yBAAyB;AACvC,CAAC;;;AGvBH,SAAS,WAAAC,gBAAe;;;ACAxB,OAAO,WAAW;AAClB,OAAO,WAAW;AAIX,SAAS,aAAa,MAAe,QAA8B;AACxE,MAAI,WAAW,QAAQ;AACrB,WAAO,KAAK,UAAU,MAAM,MAAM,CAAC;AAAA,EACrC;AAEA,MAAI,MAAM,QAAQ,IAAI,GAAG;AACvB,WAAO,YAAY,IAAiC;AAAA,EACtD;AAEA,MAAI,OAAO,SAAS,YAAY,SAAS,MAAM;AAC7C,WAAO,eAAe,IAA+B;AAAA,EACvD;AAEA,SAAO,OAAO,IAAI;AACpB;AAEA,SAAS,YAAY,MAAyC;AAC5D,MAAI,KAAK,WAAW,EAAG,QAAO,MAAM,IAAI,YAAY;AAEpD,QAAM,OAAO,OAAO,KAAK,KAAK,CAAC,CAAE;AACjC,QAAM,QAAQ,IAAI,MAAM,EAAE,MAAM,KAAK,IAAI,OAAK,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;AAE9D,aAAW,OAAO,MAAM;AACtB,UAAM,KAAK,KAAK,IAAI,OAAK;AACvB,YAAM,MAAM,IAAI,CAAC;AACjB,UAAI,QAAQ,QAAQ,QAAQ,OAAW,QAAO;AAC9C,UAAI,OAAO,QAAQ,SAAU,QAAO,KAAK,UAAU,GAAG;AACtD,aAAO,OAAO,GAAG;AAAA,IACnB,CAAC,CAAC;AAAA,EACJ;AAEA,SAAO,MAAM,SAAS;AACxB;AAEA,SAAS,eAAe,KAAsC;AAC5D,QAAM,QAAQ,IAAI,MAAM;AACxB,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,GAAG,GAAG;AAC9C,UAAM,eAAe,OAAO,UAAU,WAAW,KAAK,UAAU,KAAK,IAAI,OAAO,SAAS,EAAE;AAC3F,UAAM,KAAK,EAAE,CAAC,MAAM,KAAK,GAAG,CAAC,GAAG,aAAa,CAAC;AAAA,EAChD;AACA,SAAO,MAAM,SAAS;AACxB;;;AC9CA,SAAS,gBAAAC,qBAAoB;AAItB,SAAS,UAAU,MAAuC;AAC/D,MAAI,KAAK,WAAW,GAAG,GAAG;AACxB,UAAM,UAAUA,cAAa,KAAK,MAAM,CAAC,GAAG,OAAO;AACnD,WAAO,KAAK,MAAM,OAAO;AAAA,EAC3B;AACA,SAAO,KAAK,MAAM,IAAI;AACxB;AAEO,SAAS,YAAY,KAAsB;AAEhD,MAAI,UAA0B;AAC9B,SAAO,SAAS;AACd,UAAM,KAAK,QAAQ,KAAK,EAAE;AAC1B,QAAI,GAAI,QAAO;AACf,cAAU,QAAQ;AAAA,EACpB;AACA,UAAQ,MAAM,+BAA+B;AAC7C,SAAO,QAAQ,KAAK,CAAC;AACvB;AAEO,SAAS,UAAU,KAA4B;AAOpD,MAAI,OAAgB;AACpB,SAAO,KAAK,OAAQ,QAAO,KAAK;AAChC,QAAM,OAAO,KAAK,KAAK;AAGvB,SAAO,KAAK,QAAQ,KAAK,WAAW,SAAS,SAAS;AACxD;;;ACrCA,YAAY,cAAc;AAQnB,SAAS,QAAQ,UAAkB,OAAiC,CAAC,GAAqB;AAC/F,MAAI,CAAC,cAAc,EAAG,QAAO,QAAQ,QAAQ,IAAI;AAEjD,QAAM,SAAS,KAAK,aAAa,UAAU;AAC3C,QAAM,KAAc,yBAAgB,EAAE,OAAO,QAAQ,OAAO,QAAQ,QAAQ,OAAO,CAAC;AACpF,SAAO,IAAI,QAAQ,CAAC,YAAY;AAC9B,OAAG,SAAS,GAAG,QAAQ,IAAI,MAAM,MAAM,CAAC,WAAW;AACjD,SAAG,MAAM;AACT,YAAM,IAAI,OAAO,KAAK,EAAE,YAAY;AACpC,UAAI,MAAM,GAAI,QAAO,QAAQ,QAAQ,KAAK,UAAU,CAAC;AACrD,cAAQ,MAAM,OAAO,MAAM,KAAK;AAAA,IAClC,CAAC;AAAA,EACH,CAAC;AACH;;;AHfO,IAAM,mBAAmB,IAAIC,SAAQ,WAAW,EACpD,YAAY,kBAAkB;AAEjC,iBAAiB,QAAQ,MAAM,EAC5B,YAAY,oBAAoB,EAChC,OAAO,eAAe,eAAe,EACrC,OAAO,eAA+B,MAAwB;AAC7D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,KAAK,KAAK,MAAM,QAAQ,mBAAmB,KAAK,GAAG,CAAC,KAAK;AAC/D,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,gBAAgB,EAAE,EAAE;AAC7D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,UAAU,EAChC,YAAY,gBAAgB,EAC5B,OAAO,eAA+B,IAAY;AACjD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,iBAAiB,EAAE,EAAE;AAC9D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,aAAa,EACnC,YAAY,mBAAmB,EAC/B,eAAe,iBAAiB,eAAe,EAC/C,OAAO,wBAAwB,aAAa,EAC5C,OAAO,iBAAiB,kDAAkD,EAC1E,OAAO,eAA+B,IAAY,MAA6D;AAC9G,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC;AAAA,IACpC,MAAM,KAAK;AAAA,IACX,aAAa,KAAK;AAAA,EACpB;AACA,MAAI,KAAK,MAAM;AACb,SAAK,MAAM,IAAI,KAAK,KAAK,MAAM,GAAG,EAAE,IAAI,OAAK,EAAE,KAAK,CAAC;AAAA,EACvD;AACA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,iBAAiB,EAAE,IAAI,IAAI;AACpE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,UAAU,EAChC,YAAY,wBAAwB,EACpC,eAAe,iBAAiB,kDAAkD,EAClF,OAAO,eAA+B,IAAY,MAAwB;AACzE,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,iBAAiB,EAAE,IAAI;AAAA,IAC9D,MAAM,KAAK,KAAK,MAAM,GAAG,EAAE,IAAI,OAAK,EAAE,KAAK,CAAC;AAAA,EAC9C,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,aAAa,EACnC,YAAY,mBAAmB,EAC/B,OAAO,aAAa,0BAA0B,EAC9C,OAAO,OAAO,IAAY,SAA4B;AACrD,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,oBAAoB,EAAE,2BAA2B,GAAI;AACpF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,iBAAiB,EAAE,EAAE;AACpD,UAAQ,IAAI,SAAS;AACvB,CAAC;AAIH,iBAAiB,QAAQ,gCAAgC,EACtD,YAAY,2DAA2D,EACvE,eAAe,iBAAiB,uBAAuB,EACvD,OAAO,wBAAwB,aAAa,EAC5C,OAAO,eAA+B,cAAsB,MAA8C;AACzG,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,YAAY,YAAY;AAAA,IACvE,MAAM,KAAK;AAAA,IACX,aAAa,KAAK;AAAA,EACpB,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,+BAA+B,EACrD,YAAY,kDAAkD,EAC9D,OAAO,eAA+B,cAAsB;AAC3D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,YAAY,WAAW;AACvE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,yBAAyB,EAC/C,YAAY,mEAAmE,EAC/E,eAAe,uBAAuB,4BAA4B,EAClE,OAAO,aAAa,yCAAyC,EAC7D,OAAO,uBAAuB,6CAA6C,CAAC,MAAc,EAAE,MAAM,GAAG,CAAC,EACtG,OAAO,oBAAoB,0CAA0C,CAAC,MAAc,EAAE,MAAM,GAAG,CAAC,EAChG,OAAO,iBAAiB,uCAAuC,CAAC,MAAc,EAAE,MAAM,GAAG,CAAC,EAC1F,OAAO,eAEN,cACA,MACA;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,YAAY,YAAY;AAAA,IACvE,oBAAoB,KAAK;AAAA,IACzB,SAAS,KAAK,UAAU;AAAA,IACxB,aAAa,KAAK;AAAA,IAClB,UAAU,KAAK;AAAA,IACf,OAAO,KAAK;AAAA,EACd,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,0BAA0B,EAChD,YAAY,mCAAmC,EAC/C,eAAe,8BAA8B,0BAA0B,EACvE,OAAO,eAA+B,cAAsB,MAA6B;AACxF,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,YAAY,qBAAqB;AAAA,IAChF,cAAc,KAAK;AAAA,EACrB,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,4BAA4B,EAClD,YAAY,kDAAkD,EAC9D,OAAO,eAA+B,cAAsB;AAC3D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,YAAY,aAAa;AACzE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;AIpIH,SAAS,WAAAC,gBAAe;AAMjB,IAAM,qBAAqB,IAAIC,SAAQ,aAAa,EACxD,YAAY,oBAAoB;AAEnC,mBAAmB,QAAQ,MAAM,EAC9B,YAAY,oCAAoC,EAChD,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc;AAChE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,UAAU,EAClC,YAAY,kBAAkB,EAC9B,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,gBAAgB,EAAE,EAAE;AACtE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,aAAa,EACrC,YAAY,+BAA+B,EAC3C,eAAe,iBAAiB,iBAAiB,EACjD,OAAO,wBAAwB,aAAa,EAC5C,OAAO,mBAAmB,wCAAwC,EAClE,OAAO,iBAAiB,WAAW,EACnC,OAAO,mBAAmB,WAAW,EACrC,OAAO,oBAAoB,oDAAoD,EAC/E,OAAO,eAA+B,IAAY,MAAgH;AACjK,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,MAAM,KAAK,KAAK;AACxD,MAAI,KAAK,YAAa,MAAK,aAAa,IAAI,KAAK;AACjD,MAAI,KAAK,OAAQ,MAAK,aAAa,IAAI,UAAU,KAAK,MAAM;AAC5D,MAAI,KAAK,KAAM,MAAK,MAAM,IAAI,KAAK;AACnC,MAAI,KAAK,MAAO,MAAK,OAAO,IAAI,KAAK;AACrC,MAAI,KAAK,QAAS,MAAK,SAAS,IAAI,UAAU,KAAK,OAAO;AAC1D,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,gBAAgB,EAAE,IAAI,IAAI;AAC5E,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,aAAa,EACrC,YAAY,qBAAqB,EACjC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,IAAY,MAAyB;AAC1E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,sBAAsB,EAAE,2BAA2B,GAAI;AACtF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,gBAAgB,EAAE,EAAE;AAC5D,UAAQ,IAAI,SAAS;AACvB,CAAC;;;AC5DH,SAAS,WAAAC,gBAAe;AAMjB,IAAM,mBAAmB,IAAIC,SAAQ,WAAW,EACpD,YAAY,kBAAkB;AAEjC,iBAAiB,QAAQ,qBAAqB,EAC3C,YAAY,6BAA6B,EACzC,eAAe,iBAAiB,wCAAwC,EACxE,OAAO,aAAa,wDAAwD,EAC5E,OAAO,sBAAsB,kDAAkD,EAC/E,OAAO,8BAA8B,6CAA6C,EAClF,OAAO,eAA+B,YAAoB,MAAmF;AAC5I,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,MAAM,UAAU,KAAK,IAAI,EAAE;AACnE,MAAI,KAAK,WAAY,MAAK,aAAa,IAAI,KAAK;AAChD,MAAI,KAAK,eAAgB,MAAK,iBAAiB,IAAI,KAAK;AACxD,QAAM,OAAO,KAAK,KACd,OAAO,EAAE,cAAc,UAAU,IAAI,KAAK,EAAE,KAC5C,OAAO,EAAE,cAAc,UAAU;AACrC,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,MAAM,IAAI;AACnD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,uBAAuB,EAC7C,YAAY,sBAAsB,EAClC,OAAO,eAA+B,YAAoB,IAAY;AACrE,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,EAAE;AAClF,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,0BAA0B,EAChD,YAAY,mBAAmB,EAC/B,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,YAAoB,IAAY,MAAyB;AAC9F,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,mBAAmB,UAAU,IAAI,EAAE,0BAA0B,GAAI;AAChG,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,EAAE;AACxE,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACjDH,SAAS,WAAAC,gBAAe;AACxB,SAAS,gBAAAC,qBAAoB;AAKtB,IAAM,aAAa,IAAIC,SAAQ,KAAK,EACxC,YAAY,qDAAqD,EACjE,SAAS,WAAW,yBAAyB,EAC7C,OAAO,iBAAiB,0CAA0C,EAClE,OAAO,mBAAmB,mEAAmE,EAC7F,OAAO,eAA+B,UAA8B,MAA2C;AAC9G,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAE7B,MAAI;AACJ,MAAI,KAAK,MAAM;AACb,YAAQC,cAAa,KAAK,MAAM,OAAO,EAAE,KAAK;AAAA,EAChD,WAAW,UAAU;AACnB,YAAQ;AAAA,EACV,OAAO;AACL,YAAQ,MAAM,sDAAsD;AACpE,YAAQ,KAAK,CAAC;AAAA,EAChB;AAEA,QAAM,SAAkC,CAAC;AACzC,MAAI,KAAK,OAAO;AACd,eAAW,MAAM,KAAK,OAAO;AAC3B,YAAM,QAAQ,GAAG,QAAQ,GAAG;AAC5B,UAAI,UAAU,IAAI;AAChB,gBAAQ,MAAM,gCAAgC,EAAE,uBAAuB;AACvE,gBAAQ,KAAK,CAAC;AAAA,MAChB;AACA,aAAO,GAAG,MAAM,GAAG,KAAK,CAAC,IAAI,GAAG,MAAM,QAAQ,CAAC;AAAA,IACjD;AAAA,EACF;AAEA,QAAM,OAAgC,EAAE,MAAM;AAC9C,MAAI,OAAO,KAAK,MAAM,EAAE,SAAS,EAAG,MAAK,SAAS;AAElD,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,QAAQ,IAAI;AAC/D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;AC1CH,SAAS,WAAAC,gBAAe;AAMjB,IAAM,uBAAuB,IAAIC,SAAQ,eAAe,EAC5D,YAAY,wCAAwC;AAEvD,qBAAqB,QAAQ,QAAQ,EAClC,YAAY,iCAAiC,EAC7C,eAAe,4BAA4B,iCAAiC,EAC5E,eAAe,4BAA4B,iCAAiC,EAC5E,eAAe,iBAAiB,mBAAmB,EACnD,OAAO,aAAa,iBAAiB,EACrC,OAAO,iBAAiB,kDAAkD,EAC1E,OAAO,eAA+B,MAAoF;AACzH,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,CAAC,kBAAkB,QAAQ,IAAI,KAAK,OAAO,MAAM,GAAG;AAC1D,QAAM,CAAC,kBAAkB,QAAQ,IAAI,KAAK,OAAO,MAAM,GAAG;AAC1D,QAAM,OAAgC;AAAA,IACpC,UAAU,KAAK;AAAA,IACf,mBAAmB;AAAA,IACnB,WAAW;AAAA,IACX,mBAAmB;AAAA,IACnB,WAAW;AAAA,EACb;AACA,MAAI,KAAK,GAAI,MAAK,IAAI,IAAI,KAAK;AAC/B,MAAI,KAAK,KAAM,MAAK,MAAM,IAAI,UAAU,KAAK,IAAI;AACjD,QAAM,OAAO,KAAK,KAAK,OAAO,EAAE,kBAAkB,KAAK,EAAE,KAAK,OAAO,EAAE;AACvE,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,MAAM,IAAI;AACnD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,qBAAqB,QAAQ,UAAU,EACpC,YAAY,0BAA0B,EACtC,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,kBAAkB,EAAE,EAAE;AACxE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,qBAAqB,QAAQ,aAAa,EACvC,YAAY,uBAAuB,EACnC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,IAAY,MAAyB;AAC1E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,uBAAuB,EAAE,0BAA0B,GAAI;AACtF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,kBAAkB,EAAE,EAAE;AAC9D,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACxDH,SAAS,WAAAC,gBAAe;AAKjB,IAAM,4BAA4B,IAAIC,SAAQ,qBAAqB,EACvE,YAAY,yBAAyB,EACrC,SAAS,gBAAgB,mCAAmC,EAC5D,SAAS,QAAQ,oBAAoB,EACrC,OAAO,iBAAiB,6BAA6B,EACrD,OAAO,qBAAqB,0CAA0C,MAAM,EAC5E,OAAO,eAAe,eAAe,IAAI,EACzC,OAAO,gBAAgB,gBAAgB,GAAG,EAC1C,OAAO,eAA+B,YAAoB,IAAY,MAA2E;AAChJ,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,IAAI,gBAAgB;AACnC,MAAI,KAAK,KAAM,QAAO,IAAI,YAAY,KAAK,IAAI;AAE/C,QAAM,eAAuC,EAAE,UAAU,UAAU,UAAU,UAAU,MAAM,OAAO;AACpG,SAAO,IAAI,aAAa,aAAa,KAAK,SAAS,KAAK,KAAK,SAAS;AACtE,SAAO,IAAI,SAAS,KAAK,KAAK;AAC9B,SAAO,IAAI,UAAU,KAAK,MAAM;AAChC,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,YAAY,OAAO,SAAS,CAAC,EAAE;AAC/G,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;ACzBH,SAAS,WAAAC,gBAAe;AACxB,SAAS,gBAAAC,qBAAoB;AAMtB,IAAM,qBAAqB,IAAIC,SAAQ,aAAa,EACxD,YAAY,6BAA6B;AAE5C,mBAAmB,QAAQ,0BAA0B,EAClD,YAAY,0GAA0G,EACtH,eAAe,qBAAqB,wCAAwC,EAC5E,OAAO,yBAAyB,aAAa,0BAA0B,EACvE,OAAO,iBAAiB,qEAAqE,EAC7F,OAAO,eAA+B,YAAoB,IAAY,MAAgE;AACrI,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,gBAAgB;AAAA,IAC/F,UAAU,KAAK;AAAA,IACf,cAAc,KAAK;AAAA,EACrB,CAAC;AAED,MAAI,KAAK,MAAM;AACb,UAAM,OAAOC,cAAa,KAAK,IAAI;AACnC,UAAM,YAAY,KAAK,WAAW,WAAW,MAAM,IAAI,KAAK,aAAa,GAAG,OAAO,OAAO,GAAG,KAAK,UAAU;AAC5G,UAAM,OAAO,WAAW,WAAW,MAAM,KAAK,WAAW;AACzD,YAAQ,IAAI,aAAa,EAAE,GAAG,MAAM,UAAU,KAAK,GAAG,UAAU,IAAI,CAAC,CAAC;AAAA,EACxE,OAAO;AACL,YAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AAAA,EACjD;AACF,CAAC;AAEH,mBAAmB,QAAQ,uBAAuB,EAC/C,YAAY,kDAAkD,EAC9D,eAAe,qBAAqB,wCAAwC,EAC5E,OAAO,eAA+B,YAAoB,IAAY,MAA4B;AACjG,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,cAAc,MAAM,OAAO,QAAgE,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,cAAc;AAC7J,QAAM,QAAQ,YAAY,KAAK,OAAK,EAAE,IAAI,SAAS,IAAI,KAAK,QAAQ,EAAE,CAAC;AACvE,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,MAAM,eAAe,KAAK,QAAQ,aAAa;AAAA,EAC3D;AACA,QAAM,cAAc,GAAG,OAAO,OAAO,OAAO,EAAE,gBAAgB,MAAM,GAAG;AACvE,UAAQ,IAAI,aAAa,EAAE,cAAc,aAAa,GAAG,MAAM,GAAG,UAAU,IAAI,CAAC,CAAC;AACpF,CAAC;AAEH,mBAAmB,QAAQ,wBAAwB,EAChD,YAAY,iCAAiC,EAC7C,OAAO,mBAAmB,oCAAoC,EAC9D,OAAO,eAA+B,YAAoB,IAAY,MAA2B;AAChG,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,QAAQ,KAAK,SAAS,WAAW,mBAAmB,KAAK,MAAM,CAAC,KAAK;AAC3E,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,eAAe,KAAK,EAAE;AACtG,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,0CAA0C,EAClE,YAAY,sBAAsB,EAClC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,YAAoB,IAAY,cAAsB,MAAyB;AACpH,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,qBAAqB,YAAY,OAAO,UAAU,IAAI,EAAE,0BAA0B,GAAI;AACrH,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,gBAAgB,YAAY,EAAE;AACpG,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACvEH,SAAS,kBAAkB;AAC3B,SAAS,WAAAC,iBAAe;AAMjB,IAAM,eAAe,IAAIC,UAAQ,OAAO,EAC5C,YAAY,kCAAkC;AAEjD,aAAa,QAAQ,QAAQ,EAC1B,YAAY,2BAA2B,EACvC,eAAe,iBAAiB,WAAW,EAC3C,eAAe,qBAAqB,oBAAoB,EACxD,OAAO,aAAa,qCAAqC,EACzD,OAAO,oCAAoC,kCAAkC,EAC7E,OAAO,eAA+B,MAA+E;AACpH,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,KAAK,MAAM,WAAW;AACrC,QAAM,OAAgC;AAAA,IACpC,MAAM,KAAK;AAAA,IACX,QAAQ,KAAK;AAAA,IACb,SAAS;AAAA,EACX;AACA,MAAI,KAAK,iBAAiB;AACxB,SAAK,kBAAkB,IAAI,KAAK,gBAAgB,MAAM,GAAG;AAAA,EAC3D;AACA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,UAAU,MAAM,IAAI,IAAI;AAC1E,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,aAAa,QAAQ,UAAU,EAC5B,YAAY,YAAY,EACxB,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,UAAU,EAAE,EAAE;AAChE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,aAAa,QAAQ,MAAM,EACxB,YAAY,gBAAgB,EAC5B,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,QAAQ;AAC1D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,aAAa,QAAQ,aAAa,EAC/B,YAAY,eAAe,EAC3B,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,IAAY,MAAyB;AAC1E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,eAAe,EAAE,0BAA0B,GAAI;AAC9E,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,UAAU,EAAE,EAAE;AACtD,UAAQ,IAAI,SAAS;AACvB,CAAC;;;AC9DH,SAAS,cAAAC,mBAAkB;AAC3B,SAAS,WAAAC,iBAAe;AAMjB,IAAM,kBAAkB,IAAIC,UAAQ,UAAU,EAClD,YAAY,0BAA0B;AAEzC,gBAAgB,QAAQ,QAAQ,EAC7B,YAAY,4BAA4B,EACxC,eAAe,iBAAiB,cAAc,EAC9C,eAAe,eAAe,YAAY,EAC1C,eAAe,qBAAqB,qBAAqB,EACzD,eAAe,qBAAqB,6BAA6B,EACjE,OAAO,aAAa,wCAAwC,EAC5D,OAAO,oCAAoC,kCAAkC,EAC7E,OAAO,mBAAmB,0BAA0B,EACpD,OAAO,eAA+B,MAA6H;AAClK,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,YAAY,KAAK,MAAMC,YAAW;AACxC,QAAM,OAAgC;AAAA,IACpC,MAAM,KAAK;AAAA,IACX,KAAK,KAAK;AAAA,IACV,QAAQ,KAAK;AAAA,IACb,QAAQ,KAAK,OAAO,MAAM,GAAG;AAAA,IAC7B,SAAS;AAAA,EACX;AACA,MAAI,KAAK,iBAAiB;AACxB,SAAK,kBAAkB,IAAI,KAAK,gBAAgB,MAAM,GAAG;AAAA,EAC3D;AACA,MAAI,KAAK,QAAQ;AACf,SAAK,QAAQ,IAAI,KAAK,MAAM,KAAK,MAAM;AAAA,EACzC;AACA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,aAAa,SAAS,IAAI,IAAI;AAChF,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,gBAAgB,QAAQ,UAAU,EAC/B,YAAY,eAAe,EAC3B,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,aAAa,EAAE,EAAE;AACnE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,gBAAgB,QAAQ,MAAM,EAC3B,YAAY,mBAAmB,EAC/B,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,WAAW;AAC7D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,gBAAgB,QAAQ,YAAY,EACjC,YAAY,0DAA0D,EACtE,OAAO,qBAAqB,wDAAwD,EACpF,OAAO,qBAAqB,sBAAsB,EAClD,OAAO,eAA+B,MAA+C;AACpF,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,IAAI,gBAAgB;AACnC,MAAI,KAAK,OAAQ,QAAO,IAAI,UAAU,KAAK,MAAM;AACjD,MAAI,KAAK,UAAW,QAAO,IAAI,cAAc,KAAK,SAAS;AAC3D,QAAM,KAAK,OAAO,SAAS;AAC3B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,uBAAuB,KAAK,IAAI,EAAE,KAAK,EAAE,EAAE;AAC7F,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,gBAAgB,QAAQ,aAAa,EAClC,YAAY,kBAAkB,EAC9B,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,IAAY,MAAyB;AAC1E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,kBAAkB,EAAE,0BAA0B,GAAI;AACjF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,aAAa,EAAE,EAAE;AACzD,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACrFH,SAAS,WAAAC,iBAAe;AAMjB,IAAM,mBAAmB,IAAIC,UAAQ,WAAW,EACpD,YAAY,8BAA8B;AAE7C,iBAAiB,QAAQ,eAAe,EACrC,YAAY,kCAAkC,EAC9C,OAAO,iBAAiB,wDAAwD,EAChF,OAAO,wBAAwB,sBAAsB,EACrD,OAAO,iBAAiB,yDAAyD,SAAS,CAAC,CAAC,EAC5F,OAAO,yBAAyB,yDAAyD,SAAS,CAAC,CAAC,EACpG,OAAO,kBAAkB,gEAAgE,SAAS,CAAC,CAAC,EACpG,OAAO,eAAe,uBAAuB,EAC7C,OAAO,mBAAmB,yHAAyH,EACnJ,OAAO,eAA+B,MAAc,MAQlD;AACD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAE7B,MAAI;AAEJ,MAAI,KAAK,QAAQ;AAEf,WAAO,KAAK,MAAM,KAAK,MAAM;AAAA,EAC/B,OAAO;AACL,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,MAAM,2DAA2D;AAAA,IAC7E;AACA,WAAO;AAAA,MACL,MAAM,KAAK;AAAA,MACX,OAAO,KAAK,KAAK,IAAI,aAAa;AAAA,IACpC;AAEA,QAAI,KAAK,YAAa,MAAK,cAAc,KAAK;AAE9C,QAAI,KAAK,aAAa,SAAS,GAAG;AAChC,WAAK,gBAAgB,KAAK,aAAa,IAAI,YAAY;AAAA,IACzD;AAEA,QAAI,KAAK,MAAM,SAAS,GAAG;AACzB,YAAM,aAAuC,CAAC;AAC9C,iBAAW,QAAQ,KAAK,OAAO;AAC7B,cAAM,SAAS,UAAU,IAAI;AAC7B,mBAAW,OAAO,GAAG,IAAI,OAAO;AAAA,MAClC;AACA,WAAK,QAAQ,EAAE,SAAS,MAAM,WAAW;AAAA,IAC3C;AAEA,QAAI,KAAK,SAAU,MAAK,YAAY;AAAA,EACtC;AAEA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,IAAI,IAAI,IAAI;AAC5E,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,YAAY,EAClC,YAAY,iBAAiB,EAC7B,OAAO,cAAc,qCAAqC,EAC1D,OAAO,eAA+B,MAAc,MAA8B;AACjF,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,KAAK,WACd,OAAO,EAAE,cAAc,IAAI,cAC3B,OAAO,EAAE,cAAc,IAAI;AAC/B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,IAAI;AAC7C,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,MAAM,EAC5B,YAAY,oBAAoB,EAChC,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,YAAY;AAC9D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,eAAe,EACrC,YAAY,oBAAoB,EAChC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,MAAc,MAAyB;AAC5E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,oBAAoB,IAAI,2BAA2B,GAAI;AACtF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,cAAc,IAAI,EAAE;AAC5D,UAAQ,IAAI,SAAS;AACvB,CAAC;AAEH,iBAAiB,QAAQ,YAAY,EAClC,YAAY,4CAA4C,EACxD,OAAO,sBAAsB,yBAAyB,KAAK,EAC3D,OAAO,CAAC,OAAe,SAAgC;AACtD,QAAM,YAAY,KAAK,cAAc,QAAQ,QAAQ;AACrD,UAAQ,IAAI,2BAA2B,KAAK,IAAI,SAAS,EAAE;AAC7D,CAAC;AAIH,SAAS,QAAQ,OAAe,UAA8B;AAC5D,SAAO,CAAC,GAAG,UAAU,KAAK;AAC5B;AAEA,SAAS,UAAU,MAA8C;AAC/D,QAAM,CAAC,KAAK,MAAM,IAAI,KAAK,MAAM,GAAG;AACpC,MAAI,CAAC,OAAO,CAAC,QAAQ;AACnB,UAAM,IAAI,MAAM,iBAAiB,IAAI,kCAAkC;AAAA,EACzE;AACA,SAAO,EAAE,KAAK,KAAK,OAAO,MAAM,GAAG,EAAE;AACvC;AAEA,SAAS,cAAc,MAAuC;AAC5D,QAAM,EAAE,KAAK,IAAI,IAAI,UAAU,IAAI;AACnC,SAAO,EAAE,YAAY,KAAK,YAAY,IAAI;AAC5C;AAEA,SAAS,aAAa,MAAuC;AAC3D,QAAM,EAAE,KAAK,IAAI,IAAI,UAAU,IAAI;AACnC,SAAO,EAAE,UAAU,KAAK,YAAY,IAAI;AAC1C;;;ACpIA,SAAS,WAAAC,iBAAe;AAKjB,IAAM,eAAe,IAAIC,UAAQ,OAAO,EAC5C,YAAY,0DAA0D,EACtE,eAAe,uBAAuB,6CAA6C,EACnF,OAAO,eAA+B,MAA8B;AACnE,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,aAAa,UAAU,KAAK,UAAU;AAC5C,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,UAAU;AAAA,IAC3D,YAAY,MAAM,QAAQ,UAAU,IAAI,aAAa,CAAC,UAAU;AAAA,EAClE,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;AChBH,SAAS,WAAAC,iBAAe;AAIxB,IAAM,kBAAkB;AAEjB,IAAM,mBAAmB,IAAIC,UAAQ,WAAW,EACpD,YAAY,6EAA6E;AAE5F,iBAAiB,QAAQ,mBAAmB,EACzC,YAAY,sDAAsD,eAAe,EAAE,EACnF,eAAe,kBAAkB,6CAA6C,EAC9E,OAAO,eAA+B,UAAkB,MAAyB;AAChF,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,QAAQ,UAAU,KAAK,KAAK;AAClC,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,cAAc,QAAQ,WAAW;AAAA,IAClF,OAAO,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC,KAAK;AAAA,EAC9C,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,mBAAmB,EACzC,YAAY,sDAAsD,eAAe,EAAE,EACnF,OAAO,uBAAuB,+CAA+C,EAC7E,OAAO,mBAAmB,sBAAsB,EAChD,OAAO,eAA+B,UAAkB,MAAiD;AACxG,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,QAAQ,KAAK,cAAc,gBAAgB,KAAK,WAAW,KAAK;AACtE,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,QAAQ,UAAU,KAAK,EAAE;AAEzF,MAAI,KAAK,QAAQ;AACf,UAAM,EAAE,eAAAC,eAAc,IAAI,MAAM,OAAO,IAAI;AAC3C,IAAAA,eAAc,KAAK,QAAQ,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AACxD,YAAQ,IAAI,cAAc,KAAK,MAAM,EAAE;AAAA,EACzC,OAAO;AACL,YAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AAAA,EACjD;AACF,CAAC;AAEH,iBAAiB,QAAQ,qCAAqC,EAC3D,YAAY,qEAAqE,eAAe,EAAE,EAClG,eAAe,iBAAiB,8DAA8D,EAC9F,OAAO,sBAAsB,mCAAmC,EAChE,OAAO,8BAA8B,4BAA4B,EACjE,OAAO,eAA+B,UAAkB,YAAoB,MAAsE;AACjJ,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,WAAW,UAAU,KAAK,IAAI;AACpC,QAAM,aAAuB,CAAC;AAC9B,MAAI,KAAK,WAAY,YAAW,KAAK,eAAe,mBAAmB,KAAK,UAAU,CAAC,EAAE;AACzF,MAAI,KAAK,eAAgB,YAAW,KAAK,mBAAmB,mBAAmB,KAAK,cAAc,CAAC,EAAE;AACrG,QAAM,KAAK,WAAW,SAAS,IAAI,WAAW,KAAK,GAAG,CAAC,KAAK;AAC5D,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,cAAc,QAAQ,cAAc,UAAU,GAAG,EAAE,IAAI,QAAQ;AAClH,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;ACxDH,SAAS,WAAAC,iBAAe;AAKjB,IAAM,gBAAgB,IAAIC,UAAQ,QAAQ,EAC9C,YAAY,mBAAmB;AAElC,cAAc,QAAQ,QAAQ,EAC3B,YAAY,2BAA2B,EACvC,eAAe,iBAAiB,YAAY,EAC5C,eAAe,mBAAmB,iCAAiC,EACnE,OAAO,uBAAuB,wDAAwD,EACtF,OAAO,eAA+B,MAA4D;AACjG,QAAM,SAAS,IAAI,UAAU;AAC7B,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,KAAK,MAAM;AAAA,EACjC,QAAQ;AACN,UAAM,IAAI,MAAM,6BAA6B;AAAA,EAC/C;AACA,QAAM,OAAgC,EAAE,MAAM,KAAK,MAAM,OAAO;AAChE,MAAI,KAAK,UAAW,MAAK,aAAa,KAAK;AAC3C,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,cAAc,IAAI;AAC5D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,cAAc,QAAQ,MAAM,EACzB,YAAY,iBAAiB,EAC7B,OAAO,iBAA+B;AACrC,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,YAAY;AACrD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,cAAc,QAAQ,mBAAmB,EACtC,YAAY,qBAAqB,EACjC,OAAO,eAA+B,SAAiB;AACtD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,cAAc,OAAO,EAAE;AACtD,UAAQ,IAAI,eAAe;AAC7B,CAAC;;;ACzCH,SAAS,WAAAC,iBAAe;AACxB,SAAS,gBAAAC,qBAAoB;AAU7B,SAAS,aAAa,MAAiD;AACrE,MAAK,KAAK,UAAU,YAAgB,KAAK,SAAS,SAAY;AAC5D,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC5D;AACA,MAAI,KAAK,SAAS,OAAW,QAAOC,cAAa,KAAK,IAAI,EAAE,SAAS,QAAQ;AAC7E,SAAO,KAAK;AACd;AAEO,IAAM,iBAAiB,IAAIC,UAAQ,SAAS,EAChD,YAAY,mCAAmC;AAElD,eAAe,QAAQ,QAAQ,EAC5B,YAAY,uEAAuE,EACnF,eAAe,iBAAiB,aAAa,EAC7C,OAAO,mBAAmB,6BAA6B,EACvD,OAAO,iBAAiB,oFAAoF,EAC5G,OAAO,yBAAyB,oDAAoD,EACpF,OAAO,uBAAuB,qFAAgF,EAC9G,OAAO,iBAAiB,sBAAsB,EAC9C,OAAO,eAA+B,MAAgH;AACrJ,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,MAAM,KAAK,MAAM,OAAO,aAAa,IAAI,EAAE;AACnF,MAAI,KAAK,YAAa,MAAK,eAAe,KAAK;AAC/C,MAAI,KAAK,UAAW,MAAK,aAAa,KAAK;AAC3C,MAAI,KAAK,KAAM,MAAK,OAAO,KAAK,KAAK,MAAM,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,OAAO;AACnF,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,qBAAqB,IAAI;AACnE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,eAAe,QAAQ,MAAM,EAC1B,YAAY,oCAAoC,EAChD,OAAO,cAAc,kDAAkD,EACvE,OAAO,cAAc,kCAAkC,IAAI,EAC3D,OAAO,eAA+B,MAA4C;AACjF,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,KAAK,WAAW,0CAA0C,mBAAmB,KAAK,IAAI,CAAC,KAAK;AACzG,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,IAAI;AAC7C,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,eAAe,QAAQ,UAAU,EAC9B,YAAY,0CAA0C,EACtD,OAAO,eAA+B,IAAY;AACjD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,qBAAqB,EAAE,EAAE;AAClE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,eAAe,QAAQ,aAAa,EACjC,YAAY,oFAAoF,EAChG,OAAO,mBAAmB,iCAAiC,EAC3D,OAAO,iBAAiB,qDAAqD,EAC7E,OAAO,uBAAuB,oDAAoD,EAClF,OAAO,eAA+B,IAAY,MAA6D;AAC9G,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,OAAO,aAAa,IAAI,EAAE;AAClE,MAAI,KAAK,UAAW,MAAK,aAAa,KAAK;AAC3C,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,qBAAqB,EAAE,WAAW,IAAI;AAChF,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,eAAe,QAAQ,aAAa,EACjC,YAAY,uBAAuB,EACnC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,IAAY,MAAyB;AAC1E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,uBAAuB,EAAE,0BAA0B,GAAI;AACtF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,qBAAqB,EAAE,EAAE;AACxD,UAAQ,IAAI,gBAAgB;AAC9B,CAAC;;;AC9EH,SAAS,WAAAC,iBAAe;AAKjB,IAAM,eAAe,IAAIC,UAAQ,OAAO,EAC5C,YAAY,+DAA+D;AAI9E,IAAM,YAAY,aAAa,QAAQ,IAAI,EAAE,YAAY,qCAAqC;AAE9F,UAAU,QAAQ,oBAAoB,EACnC,YAAY,mEAAmE,EAC/E,OAAO,eAA+B,MAAc,IAAY;AAC/D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,mBAAmB,mBAAmB,IAAI,CAAC,IAAI,mBAAmB,EAAE,CAAC;AAAA,EACvE;AACA,UAAQ,IAAI,aAAa,KAAK,QAAQ,UAAU,IAAI,CAAC,CAAC;AACxD,CAAC;AAEH,UAAU,QAAQ,0BAA0B,EACzC,YAAY,+DAA+D,EAC3E,OAAO,eAAe,kCAAkC,CAAC,MAAc,OAAO,CAAC,CAAC,EAChF,OAAO,oBAAoB,yCAAyC,EACpE,OAAO,eAEN,MACA,IACA,OACA,MACA;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,IAAI,gBAAgB,EAAE,MAAM,CAAC;AAC5C,MAAI,KAAK,UAAU,OAAW,QAAO,IAAI,SAAS,OAAO,KAAK,KAAK,CAAC;AACpE,MAAI,KAAK,UAAU,OAAW,QAAO,IAAI,UAAU,KAAK,KAAK;AAE7D,QAAM,OAAO,MAAM,OAAO;AAAA,IAMxB;AAAA,IACA,mBAAmB,mBAAmB,IAAI,CAAC,IAAI,mBAAmB,EAAE,CAAC,SAAS,MAAM;AAAA,EACtF;AAEA,QAAM,SAAS,UAAU,IAAI;AAC7B,MAAI,WAAW,QAAQ;AACrB,YAAQ,IAAI,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AACzC;AAAA,EACF;AAEA,QAAM,OAAO,KAAK,KAAK,IAAI,OAAK,OAAO,YAAY,KAAK,QAAQ,IAAI,CAAC,GAAG,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;AACzF,UAAQ,IAAI,aAAa,MAAM,MAAM,CAAC;AACtC,MAAI,KAAK,UAAW,SAAQ,IAAI,6CAAwC;AAC1E,CAAC;AAIH,IAAM,gBAAgB,aACnB,QAAQ,QAAQ,EAChB,YAAY,yEAAyE;AAaxF,cAAc,QAAQ,MAAM,EACzB,YAAY,oCAAoC,EAChD,OAAO,gBAAgB,uDAAuD,EAC9E,OAAO,gBAAgB,+CAA+C,EACtE,OAAO,wBAAwB,6BAA6B,EAC5D,OAAO,eAAe,kCAAkC,CAAC,MAAc,OAAO,CAAC,CAAC,EAChF,OAAO,gBAAgB,yBAAyB,CAAC,MAAc,OAAO,CAAC,CAAC,EACxE,OAAO,iBAAiB,2CAA2C,EACnE,OAAO,eAEN,MACA;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,IAAI,gBAAgB;AACnC,MAAI,KAAK,OAAQ,QAAO,IAAI,UAAU,KAAK,MAAM;AACjD,MAAI,KAAK,OAAQ,QAAO,IAAI,UAAU,KAAK,MAAM;AACjD,MAAI,KAAK,eAAgB,QAAO,IAAI,kBAAkB,KAAK,cAAc;AACzE,MAAI,KAAK,UAAU,OAAW,QAAO,IAAI,SAAS,OAAO,KAAK,KAAK,CAAC;AACpE,MAAI,KAAK,WAAW,OAAW,QAAO,IAAI,UAAU,OAAO,KAAK,MAAM,CAAC;AACvE,MAAI,KAAK,MAAO,QAAO,IAAI,SAAS,KAAK,KAAK;AAC9C,QAAM,KAAK,OAAO,SAAS,IAAI,IAAI,MAAM,KAAK;AAE9C,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,iBAAiB,EAAE;AAAA,EACrB;AAEA,QAAM,SAAS,UAAU,IAAI;AAC7B,MAAI,WAAW,QAAQ;AACrB,YAAQ,IAAI,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AACzC;AAAA,EACF;AACA,UAAQ,IAAI,aAAa,KAAK,MAAM,MAAM,CAAC;AAC3C,UAAQ,IAAI,IAAI,KAAK,KAAK,MAAM,OAAO,KAAK,KAAK,GAAG;AACtD,CAAC;AAEH,cAAc,QAAQ,WAAW,EAC9B,YAAY,6CAA6C,EACzD,OAAO,eAA+B,IAAY;AACjD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,EAAE,CAAC;AAAA,EAC1C;AACA,UAAQ,IAAI,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AAC3C,CAAC;AAUH,SAAS,kBAAkB,GAA4B;AACrD,UAAQ,EAAE,QAAQ;AAAA,IAChB,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO,aAAa,EAAE,UAAU,UAAU;AAAA,IAC5C,KAAK;AACH,aAAO,yBAAyB,EAAE,UAAU,mBAAmB;AAAA,IACjE,KAAK;AACH,aAAO,oCAAoC,EAAE,UAAU,SAAS;AAAA,IAClE,SAAS;AAEP,YAAM,cAAqB,EAAE;AAC7B,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,cAAc,QAAQ,sCAAsC,EACzD,YAAY,2EAA2E,EACvF,OAAO,eAA+B,aAAqB,WAAqB;AAC/E,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,WAAW,CAAC;AAAA,IACjD,EAAE,YAAY,UAAU;AAAA,EAC1B;AACA,UAAQ,IAAI,WAAW,KAAK,OAAO,oBAAoB,WAAW,EAAE;AACpE,aAAW,KAAK,KAAK,WAAW,CAAC,GAAG;AAClC,YAAQ,IAAI,aAAa,EAAE,SAAS,WAAM,kBAAkB,CAAC,CAAC,EAAE;AAAA,EAClE;AACF,CAAC;AAEH,cAAc,QAAQ,qBAAqB,EACxC,YAAY,4DAA4D,EACxE,OAAO,eAA+B,UAAkB;AACvD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,QAAQ,CAAC;AAAA,EAChD;AACA,UAAQ,IAAI,YAAY,KAAK,OAAO,SAAS,WAAM,KAAK,OAAO,MAAM,EAAE;AACzE,CAAC;AAEH,cAAc,QAAQ,eAAe,EAClC,YAAY,4DAA4D,EACxE,eAAe,cAAc,4CAA4C,EACzE,OAAO,oBAAoB,+BAA+B,EAC1D,OAAO,eAA+B,IAAY,MAAwC;AACzF,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,QAAQ,aAAa,cAAc,KAAK,GAAG;AACnF,MAAI,KAAK,QAAS,MAAK,YAAY,IAAI,KAAK;AAC5C,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,EAAE,CAAC;AAAA,IACxC;AAAA,EACF;AACA,UAAQ,IAAI,aAAa,KAAK,OAAO,SAAS,WAAM,KAAK,EAAE,EAAE;AAC/D,CAAC;AAEH,cAAc,QAAQ,gBAAgB,EACnC,YAAY,qDAAqD,EACjE,OAAO,eAA+B,IAAY;AACjD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,EAAE,CAAC;AAAA,IACxC,EAAE,QAAQ,YAAY;AAAA,EACxB;AACA,UAAQ,IAAI,aAAa,KAAK,OAAO,SAAS,iBAAiB,KAAK,oBAAoB,MAAM,mBAAmB;AACnH,CAAC;AAEH,cAAc,QAAQ,cAAc,EACjC,YAAY,6CAA6C,EACzD,eAAe,mBAAmB,+BAA+B,EACjE,OAAO,oBAAoB,+BAA+B,EAC1D,OAAO,eAA+B,IAAY,MAA4C;AAC7F,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,QAAQ,aAAa,kBAAkB,KAAK,OAAO;AAC3F,MAAI,KAAK,QAAS,MAAK,YAAY,IAAI,KAAK;AAC5C,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,EAAE,CAAC;AAAA,IACxC;AAAA,EACF;AACA,UAAQ,IAAI,aAAa,KAAK,OAAO,SAAS,aAAa,KAAK,MAAM,GAAG;AAC3E,CAAC;;;AC/NH,SAAS,WAAAC,iBAAe;AASjB,IAAM,mBAAmB,IAAIC,UAAQ,YAAY,EACrD,YAAY,0DAA0D,EACtE,eAAe,mBAAmB,eAAe,EACjD,eAAe,wBAAwB,eAAe,EACtD,OAAO,qBAAqB,wDAAwD,EACpF,OAAO,wBAAwB,+CAA+C,EAC9E,OAAO,qBAAqB,wEAAwE,EACpG,OAAO,sBAAsB,gCAAgC,EAC7D,OAAO,kBAAkB,oBAAoB,EAC7C,OAAO,0BAA0B,yBAAyB,EAC1D,OAAO,oBAAoB,wCAAwC,EACnE,OAAO,mBAAmB,sCAAsC,IAAI,EACpE,OAAO,2BAA2B,qDAAqD,EACvF,OAAO,eAEN,MAaA;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC;AAAA,IACpC,OAAO,KAAK;AAAA,IACZ,aAAa,KAAK;AAAA,IAClB,QAAQ,KAAK;AAAA,EACf;AACA,MAAI,KAAK,OAAQ,MAAK,QAAQ,IAAI,KAAK;AACvC,MAAI,KAAK,eAAgB,MAAK,gBAAgB,IAAI,KAAK;AACvD,MAAI,KAAK,SAAU,MAAK,WAAW,IAAI,KAAK;AAC5C,MAAI,KAAK,SAAU,MAAK,UAAU,IAAI,KAAK;AAC3C,MAAI,KAAK,MAAO,MAAK,OAAO,IAAI,KAAK;AACrC,MAAI,KAAK,aAAc,MAAK,eAAe,IAAI,KAAK;AACpD,MAAI,KAAK,QAAS,MAAK,SAAS,IAAI,KAAK;AACzC,MAAI,KAAK,cAAe,MAAK,gBAAgB,IAAI,KAAK;AAEtD,QAAM,OAAO,MAAM,OAAO,QAAwB,QAAQ,eAAe,IAAI;AAC7E,MAAI,KAAK,SAAS;AAChB,YAAQ,IAAI,yBAAyB,KAAK,SAAS,IAAI;AACvD,YAAQ,IAAI,kEAAkE;AAAA,EAChF,OAAO;AACL,YAAQ,IAAI,yCAAyC,KAAK,SAAS,8CAAyC;AAAA,EAC9G;AACF,CAAC;;;AC5DH,SAAS,WAAAC,iBAAe;AACxB,SAAS,oBAAoB;;;ACAtB,SAAS,eAAe,QAAgB,SAA0B;AACvE,QAAM,QAAQ,CAAC,MAAc,EAAE,QAAQ,WAAW,EAAE;AACpD,QAAM,IAAI,MAAM,MAAM,EAAE,MAAM,GAAG,EAAE,IAAI,MAAM;AAC7C,QAAM,IAAI,MAAM,OAAO,EAAE,MAAM,GAAG,EAAE,IAAI,MAAM;AAC9C,WAAS,IAAI,GAAG,IAAI,KAAK,IAAI,EAAE,QAAQ,EAAE,MAAM,GAAG,KAAK;AACrD,UAAM,KAAK,EAAE,CAAC,KAAK;AACnB,UAAM,KAAK,EAAE,CAAC,KAAK;AACnB,QAAI,OAAO,MAAM,EAAE,KAAK,OAAO,MAAM,EAAE,EAAG,QAAO;AACjD,QAAI,KAAK,GAAI,QAAO;AACpB,QAAI,KAAK,GAAI,QAAO;AAAA,EACtB;AACA,SAAO;AACT;;;ACbA,SAAS,gBAAAC,eAAc,iBAAAC,gBAAe,aAAAC,kBAAiB;AACvD,SAAS,QAAAC,aAAY;AACrB,SAAS,gBAAgB;AAMlB,IAAM,cAAc;AAC3B,IAAM,aAAaC,MAAK,YAAY,mBAAmB;AACvD,IAAM,aAAa,KAAK,KAAK,KAAK;AAOlC,SAAS,aAAsB;AAC7B,SAAO;AAAA,IACL,QAAQ,IAAI,oBAAoB,KAChC,QAAQ,IAAI,uBAAuB,KACnC,KAAK;AAAA,EACP;AACF;AAEA,SAAS,YAAiC;AACxC,MAAI;AACF,UAAM,SAAS,KAAK,MAAMC,cAAa,YAAY,OAAO,CAAC;AAC3D,QAAI,OAAO,OAAO,cAAc,SAAU,QAAO;AACjD,QAAI,OAAO,WAAW,QAAQ,OAAO,OAAO,WAAW,SAAU,QAAO;AACxE,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,WAAW,OAA2B;AAC7C,MAAI;AACF,IAAAC,WAAU,YAAY,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AACtD,IAAAC,eAAc,YAAY,KAAK,UAAU,KAAK,GAAG,EAAE,MAAM,IAAM,CAAC;AAAA,EAClE,QAAQ;AAAA,EAER;AACF;AAGO,SAAS,iBAAiB,SAAgC;AAC/D,QAAM,QAAQ,UAAU;AACxB,MAAI,CAAC,OAAO,OAAQ,QAAO;AAC3B,MAAI,KAAK,IAAI,IAAI,MAAM,YAAY,WAAY,QAAO;AACtD,SAAO,eAAe,MAAM,QAAQ,OAAO,IAAI,MAAM,SAAS;AAChE;AAEA,SAAS,OAAO,QAAgB,SAAuB;AACrD,UAAQ,MAAM;AAAA,oBAAuB,OAAO,WAAM,MAAM;AAAA,gCAAmC;AAC7F;AAOO,SAAS,gBAAgB,SAAuB;AACrD,MAAI,WAAW,EAAG;AAClB,MAAI;AACF,UAAM,QAAQ,UAAU;AAExB,QAAI,SAAS,KAAK,IAAI,IAAI,MAAM,YAAY,YAAY;AACtD,UAAI,MAAM,UAAU,eAAe,MAAM,QAAQ,OAAO,EAAG,QAAO,MAAM,QAAQ,OAAO;AACvF;AAAA,IACF;AAGA,eAAW,EAAE,WAAW,KAAK,IAAI,GAAG,QAAQ,OAAO,UAAU,KAAK,CAAC;AAGnE,UAAM,QAAQ;AAAA,MACZ;AAAA,MACA,CAAC,QAAQ,aAAa,SAAS;AAAA,MAC/B,EAAE,SAAS,KAAM,OAAO,KAAK;AAAA,MAC7B,CAAC,KAAK,WAAW;AACf,YAAI,IAAK;AACT,cAAM,SAAS,OAAO,KAAK;AAC3B,YAAI,CAAC,OAAQ;AACb,mBAAW,EAAE,WAAW,KAAK,IAAI,GAAG,OAAO,CAAC;AAC5C,YAAI,eAAe,QAAQ,OAAO,EAAG,QAAO,QAAQ,OAAO;AAAA,MAC7D;AAAA,IACF;AAEA,UAAM,MAAM;AAAA,EACd,QAAQ;AAAA,EAER;AACF;;;AC7FA;AAAA,EACE,MAAQ;AAAA,EACR,SAAW;AAAA,EACX,MAAQ;AAAA,EACR,SAAW;AAAA,IACT,MAAQ;AAAA,EACV;AAAA,EACA,KAAO;AAAA,IACL,OAAS;AAAA,EACX;AAAA,EACA,OAAS;AAAA,IACP;AAAA,EACF;AAAA,EACA,SAAW;AAAA,IACT,OAAS;AAAA,IACT,WAAa;AAAA,IACb,MAAQ;AAAA,IACR,KAAO;AAAA,EACT;AAAA,EACA,cAAgB;AAAA,IACd,oBAAoB;AAAA,IACpB,OAAS;AAAA,IACT,cAAc;AAAA,IACd,WAAa;AAAA,IACb,MAAQ;AAAA,EACV;AAAA,EACA,sBAAwB;AAAA,IACtB,gBAAgB;AAAA,EAClB;AAAA,EACA,iBAAmB;AAAA,IACjB,eAAe;AAAA,IACf,MAAQ;AAAA,IACR,YAAc;AAAA,IACd,QAAU;AAAA,EACZ;AACF;;;AH7BO,IAAM,gBAAgB,IAAIC,UAAQ,QAAQ,EAC9C,YAAY,sDAAsD,EAClE,OAAO,MAAM;AACZ,UAAQ,IAAI,oBAAoB,gBAAI,OAAO,EAAE;AAC7C,UAAQ,IAAI,yBAAyB;AACrC,MAAI;AACJ,MAAI;AAEF,aAAS,aAAa,OAAO,CAAC,QAAQ,aAAa,SAAS,GAAG,EAAE,SAAS,KAAQ,OAAO,KAAK,CAAC,EAC5F,SAAS,EACT,KAAK;AAAA,EACV,QAAQ;AACN,YAAQ,MAAM,2CAA2C;AACzD,YAAQ,MAAM,gCAAgC,WAAW,EAAE;AAC3D,YAAQ,KAAK,CAAC;AAAA,EAChB;AAEA,MAAI,CAAC,eAAe,QAAQ,gBAAI,OAAO,GAAG;AACxC,YAAQ,IAAI,kCAAkC,gBAAI,OAAO,IAAI;AAC7D;AAAA,EACF;AAEA,UAAQ,IAAI,YAAY,gBAAI,OAAO,WAAM,MAAM,KAAK;AACpD,MAAI;AACF,iBAAa,OAAO,CAAC,WAAW,MAAM,GAAG,WAAW,SAAS,GAAG;AAAA,MAC9D,SAAS;AAAA,MACT,OAAO;AAAA,MACP,OAAO;AAAA,IACT,CAAC;AACD,YAAQ,IAAI,cAAc,MAAM,GAAG;AAAA,EACrC,SAAS,KAAK;AACZ,YAAQ,MAAM,kBAAkB,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC,EAAE;AAClF,YAAQ,MAAM,gCAAgC,WAAW,EAAE;AAC3D,YAAQ,KAAK,CAAC;AAAA,EAChB;AACF,CAAC;;;AIzCH,SAAS,WAAAC,iBAAe;AAajB,IAAM,gBAAgB,IAAIC,UAAQ,QAAQ,EAC9C,YAAY,iCAAiC,EAC7C,OAAO,iBAA+B;AACrC,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,KAAK,MAAM,OAAO,QAAoB,OAAO,aAAa;AAEhE,MAAI,UAAU,IAAI,MAAM,QAAQ;AAC9B,YAAQ,IAAI,KAAK,UAAU,IAAI,MAAM,CAAC,CAAC;AACvC;AAAA,EACF;AAEA,UAAQ,IAAI,mBAAmB,GAAG,SAAS,EAAE;AAC7C,MAAI,GAAG,MAAO,SAAQ,IAAI,mBAAmB,GAAG,KAAK,EAAE;AACvD,MAAI,GAAG,QAAS,SAAQ,IAAI,mBAAmB,GAAG,OAAO,EAAE;AAC3D,MAAI,GAAG,OAAQ,SAAQ,IAAI,mBAAmB,GAAG,MAAM,EAAE;AACzD,UAAQ,IAAI,mBAAmB,GAAG,cAAc,EAAE;AAClD,MAAI,GAAG,QAAQ,GAAG,KAAK,SAAS,GAAG;AACjC,YAAQ,IAAI,gBAAgB;AAC5B,eAAW,KAAK,GAAG,MAAM;AACvB,cAAQ,IAAI,KAAK,EAAE,IAAI,KAAK,EAAE,MAAM,YAAO,EAAE,IAAI,EAAE;AAAA,IACrD;AAAA,EACF;AACF,CAAC;;;ACnCH,SAAS,WAAAC,iBAAe;AAqBjB,IAAM,gBAAgB,IAAIC,UAAQ,QAAQ,EAC9C,YAAY,sDAAsD,EAClE,OAAO,iBAA+B;AACrC,QAAM,SAAS,WAAW;AAC1B,QAAM,WAAW,MAAM,gBAAgB;AACvC,QAAM,YAAY,iBAAiB,gBAAI,OAAO;AAI9C,MAAI,aAA6B;AACjC,MAAI,KAAwB;AAC5B,MAAI,UAAU;AACZ,QAAI;AACF,WAAK,MAAM,IAAI,UAAU,EAAE,QAAoB,OAAO,aAAa;AACnE,mBAAa;AAAA,IACf,SAAS,KAAK;AACZ,UAAI,eAAe,aAAa,IAAI,WAAW,OAAO,IAAI,WAAW,KAAM,cAAa;AAAA,IAC1F;AAAA,EACF;AAEA,QAAM,WAA2B;AAAA,IAC/B,WAAW;AAAA,IACX,aAAa;AAAA,IACb,SAAS,OAAO;AAAA,IAChB,WAAW,IAAI,aAAa;AAAA,IAC5B,OAAO,IAAI,SAAS;AAAA,IACpB,QAAQ,IAAI,UAAU;AAAA,IACtB,QAAQ,IAAI,kBAAkB;AAAA,IAC9B,KAAK,EAAE,SAAS,gBAAI,SAAS,QAAQ,UAAU;AAAA,EACjD;AAEA,MAAI,UAAU,IAAI,MAAM,QAAQ;AAC9B,YAAQ,IAAI,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAC7C;AAAA,EACF;AAEA,MAAI,CAAC,UAAU;AACb,YAAQ,IAAI,mCAAmC;AAC/C,YAAQ,IAAI,QAAQ,OAAO,OAAO,EAAE;AACpC,QAAI,UAAW,SAAQ,IAAI,QAAQ,gBAAI,OAAO,aAAa,SAAS,+BAA0B;AAC9F;AAAA,EACF;AAEA,QAAM,cACJ,eAAe,OACX,gBACA,eAAe,QACb,+DACA;AACR,UAAQ,IAAI,YAAY,IAAI,QAAQ,OAAO,GAAG,KAAK,KAAK,EAAE,WAAM,WAAW,EAAE;AAC7E,UAAQ,IAAI,QAAQ,OAAO,OAAO,EAAE;AACpC,MAAI,IAAI,UAAW,SAAQ,IAAI,SAAS,GAAG,SAAS,EAAE;AACtD,MAAI,IAAI,OAAQ,SAAQ,IAAI,QAAQ,GAAG,MAAM,EAAE;AAC/C,MAAI,IAAI,eAAgB,SAAQ,IAAI,WAAW,GAAG,cAAc,EAAE;AAClE,MAAI,UAAW,SAAQ,IAAI,QAAQ,gBAAI,OAAO,aAAa,SAAS,+BAA0B;AAChG,CAAC;;;AnCpDI,IAAM,UAAU,IAAIC,UAAQ,OAAO,EACvC,YAAY,iDAA4C,EACxD,QAAQ,gBAAI,OAAO,EACnB,OAAO,mBAAmB,aAAa,EACvC,OAAO,qBAAqB,gCAAgC,OAAO,EACnE,OAAO,UAAU,6BAA6B;AAEjD,QAAQ,WAAW,YAAY;AAC/B,QAAQ,WAAW,aAAa;AAChC,QAAQ,WAAW,aAAa;AAChC,QAAQ,WAAW,aAAa;AAChC,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,kBAAkB;AACrC,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,UAAU;AAC7B,QAAQ,WAAW,oBAAoB;AACvC,QAAQ,WAAW,yBAAyB;AAC5C,QAAQ,WAAW,kBAAkB;AACrC,QAAQ,WAAW,YAAY;AAC/B,QAAQ,WAAW,eAAe;AAClC,QAAQ,WAAW,YAAY;AAC/B,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,aAAa;AAChC,QAAQ,WAAW,cAAc;AACjC,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,YAAY;AAC/B,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,aAAa;;;AoCnDhC,SAAS,WAAAC,UAAS,UAAU,YAAY;AAMxC,IAAI,SAA8B;AAElC,SAAS,SAA6B;AACpC,MAAI,QAAQ,IAAI,0BAA0B,EAAG,QAAO;AACpD,SAAO,QAAQ,IAAI,sBAAsB,KAAK;AAChD;AAaO,SAAS,UAAqC,OAAU,MAAiB;AAC9E,QAAM,OAAO,KAAK,QAAQ,WAAW,EAAE;AACvC,MAAI,CAAC,KAAM,QAAO;AAClB,QAAM,KAAK,IAAI,OAAO,KAAK,QAAQ,uBAAuB,MAAM,IAAI,iBAAiB,GAAG;AACxF,QAAM,QAAQ,CAAC,MAAsB,EAAE,QAAQ,IAAI,GAAG;AACtD,aAAW,SAAS,MAAM,WAAW,UAAU,CAAC,GAAG;AACjD,QAAI,MAAM,MAAO,OAAM,QAAQ,MAAM,MAAM,KAAK;AAChD,eAAW,SAAS,MAAM,YAAY,UAAU,CAAC,GAAG;AAClD,UAAI,MAAM,SAAU,OAAM,WAAW,MAAM,MAAM,QAAQ;AACzD,UAAI,MAAM,SAAU,OAAM,WAAW,MAAM,MAAM,QAAQ;AAAA,IAC3D;AAAA,EACF;AACA,SAAO;AACT;AAOA,eAAsB,cAAcC,UAA6B,SAAgC;AAC/F,MAAI,OAAQ;AACZ,QAAM,MAAM,OAAO;AACnB,MAAI,CAAC,IAAK;AACV,MAAI;AACF,UAAM,MAAM,MAAM,OAAO,cAAc;AACvC,UAAM,OAAOC,SAAQ;AACrB,QAAI,KAAK;AAAA,MACP;AAAA,MACA,kBAAkB;AAAA,MAClB,SAAS,aAAa,OAAO;AAAA,MAC7B,aAAa;AAAA,MACb,qBAAqB;AAAA,MACrB,YAAY,CAAC,UAAU,UAAU,OAAO,IAAI;AAAA,IAC9C,CAAC;AACD,QAAI,OAAO,WAAWD,YAAW,SAAS;AAC1C,QAAI,OAAO,gBAAgB,QAAQ,OAAO;AAC1C,QAAI,OAAO,eAAe,SAAS,CAAC;AACpC,QAAI,OAAO,WAAW,KAAK,CAAC;AAC5B,aAAS;AAAA,EACX,QAAQ;AACN,aAAS;AAAA,EACX;AACF;AAGO,SAAS,iBAAiB,KAAoB;AACnD,MAAI,CAAC,OAAQ;AACb,MAAI,eAAe,YAAY,IAAI,WAAY;AAC/C,MAAI;AACF,WAAO,iBAAiB,GAAG;AAAA,EAC7B,QAAQ;AAAA,EAER;AACF;AAGA,eAAsB,iBAAgC;AACpD,MAAI,CAAC,OAAQ;AACb,MAAI;AACF,UAAM,OAAO,MAAM,GAAI;AAAA,EACzB,QAAQ;AAAA,EAER;AACA,WAAS;AACX;;;ACnFA,IAAM,oBAAoB,CAAC,aAAa,MAAM,UAAU,MAAM,QAAQ,QAAQ;AAC9E,IAAM,UAAU,QAAQ,KAAK,CAAC;AAE9B,eAAe,OAAsB;AACnC,QAAM,cAAc,SAAS,gBAAI,OAAO;AACxC,QAAM,QAAQ,WAAW;AACzB,MAAI,WAAW,CAAC,kBAAkB,SAAS,OAAO,GAAG;AACnD,oBAAgB,gBAAI,OAAO;AAAA,EAC7B;AACF;AAEA,KAAK,EACF,KAAK,MAAM,eAAe,CAAC,EAC3B,MAAM,OAAO,QAAQ;AACpB,iBAAe,GAAG;AAClB,mBAAiB,GAAG;AACpB,QAAM,eAAe;AACrB,UAAQ,KAAK,CAAC;AAChB,CAAC;","names":["Command","Command","Command","Command","readFileSync","Command","Command","Command","Command","Command","Command","readFileSync","Command","readFileSync","Command","Command","Command","Command","Command","readFileSync","Command","readFileSync","Command","Command","randomUUID","Command","Command","randomUUID","Command","Command","Command","Command","Command","Command","writeFileSync","Command","Command","Command","readFileSync","readFileSync","Command","Command","Command","Command","Command","Command","readFileSync","writeFileSync","mkdirSync","join","join","readFileSync","mkdirSync","writeFileSync","Command","Command","Command","Command","Command","Command","homedir","command","homedir"]}
|
|
1
|
+
{"version":3,"sources":["../src/program.ts","../src/commands/login.ts","../src/config.ts","../src/token-store.ts","../src/oauth.ts","../src/auth.ts","../src/pkce.ts","../src/env.ts","../src/commands/logout.ts","../src/errors.ts","../src/client.ts","../src/commands/databases.ts","../src/output.ts","../src/helpers.ts","../src/prompt.ts","../src/commands/collections.ts","../src/commands/documents.ts","../src/commands/sql.ts","../src/commands/relationships.ts","../src/commands/relationship-types.ts","../src/commands/query-relationships.ts","../src/commands/attachments.ts","../src/commands/hooks.ts","../src/commands/triggers.ts","../src/commands/endpoints.ts","../src/commands/batch.ts","../src/commands/providers.ts","../src/commands/tokens.ts","../src/commands/secrets.ts","../src/commands/debug.ts","../src/commands/report-bug.ts","../src/commands/update.ts","../src/version.ts","../src/version-check.ts","../package.json","../src/commands/whoami.ts","../src/commands/status.ts","../src/telemetry.ts","../src/index.ts"],"sourcesContent":["import { Command } from 'commander';\nimport { loginCommand } from './commands/login.js';\nimport { logoutCommand } from './commands/logout.js';\nimport { databasesCommand } from './commands/databases.js';\nimport { collectionsCommand } from './commands/collections.js';\nimport { documentsCommand } from './commands/documents.js';\nimport { sqlCommand } from './commands/sql.js';\nimport { relationshipsCommand } from './commands/relationships.js';\nimport { relationshipTypesCommand } from './commands/relationship-types.js';\nimport { queryRelationshipsCommand } from './commands/query-relationships.js';\nimport { attachmentsCommand } from './commands/attachments.js';\nimport { hooksCommand } from './commands/hooks.js';\nimport { triggersCommand } from './commands/triggers.js';\nimport { endpointsCommand } from './commands/endpoints.js';\nimport { batchCommand } from './commands/batch.js';\nimport { providersCommand } from './commands/providers.js';\nimport { tokensCommand } from './commands/tokens.js';\nimport { secretsCommand } from './commands/secrets.js';\nimport { debugCommand } from './commands/debug.js';\nimport { reportBugCommand } from './commands/report-bug.js';\nimport { updateCommand } from './commands/update.js';\nimport { whoamiCommand } from './commands/whoami.js';\nimport { statusCommand } from './commands/status.js';\nimport pkg from '../package.json' with { type: 'json' };\n\nexport const program = new Command('rekor')\n .description('Rekor CLI — System of Record for AI agents')\n .version(pkg.version)\n .option('--database <id>', 'Database ID')\n .option('--output <format>', 'Output format: json or table', 'table')\n .option('--json', 'Shorthand for --output json');\n\nprogram.addCommand(loginCommand);\nprogram.addCommand(logoutCommand);\nprogram.addCommand(whoamiCommand);\nprogram.addCommand(statusCommand);\nprogram.addCommand(databasesCommand);\nprogram.addCommand(collectionsCommand);\nprogram.addCommand(documentsCommand);\nprogram.addCommand(sqlCommand);\nprogram.addCommand(relationshipsCommand);\nprogram.addCommand(relationshipTypesCommand);\nprogram.addCommand(queryRelationshipsCommand);\nprogram.addCommand(attachmentsCommand);\nprogram.addCommand(hooksCommand);\nprogram.addCommand(triggersCommand);\nprogram.addCommand(batchCommand);\nprogram.addCommand(providersCommand);\nprogram.addCommand(tokensCommand);\nprogram.addCommand(secretsCommand);\nprogram.addCommand(endpointsCommand);\nprogram.addCommand(debugCommand);\nprogram.addCommand(reportBugCommand);\nprogram.addCommand(updateCommand);\n","import { Command } from 'commander';\nimport { login } from '../auth.js';\nimport { loadConfig, saveConfig } from '../config.js';\nimport {\n exchangeCodeForTokens,\n expiresInToIso,\n refreshTokenMissingWarning,\n startCallbackServer,\n getAuthKitDomain,\n getAuthKitClientId,\n OAUTH_CALLBACK_PORT,\n} from '../oauth.js';\nimport {\n generateCodeVerifier,\n generateCodeChallenge,\n generateState,\n} from '../pkce.js';\nimport { setOAuthTokens } from '../token-store.js';\nimport { isSSH } from '../env.js';\n\nconst FALLBACK_URL_DELAY_MS = 5_000;\n\nexport const loginCommand = new Command('login')\n .description('Authenticate with Rekor')\n .option('--token <token>', 'API key for headless/CI authentication (rec_...)')\n .option('--api-url <url>', 'API base URL')\n .action(async (opts: { token?: string; apiUrl?: string }) => {\n if (opts.token) {\n await login(opts.token, opts.apiUrl);\n console.log('Authenticated successfully');\n return;\n }\n\n // Let failures propagate to the top-level handler so the error prints cleanly and\n // telemetry flushes (a local process.exit here would bypass both).\n await browserLoginPkce(opts.apiUrl);\n console.log('Authenticated successfully');\n });\n\nasync function browserLoginPkce(apiUrl?: string): Promise<void> {\n const codeVerifier = generateCodeVerifier();\n const codeChallenge = generateCodeChallenge(codeVerifier);\n const state = generateState();\n\n const port = OAUTH_CALLBACK_PORT;\n const redirectUri = `http://127.0.0.1:${port}/callback`;\n\n const authkitDomain = getAuthKitDomain();\n const clientId = getAuthKitClientId();\n\n const authorizeUrl = new URL(`${authkitDomain}/oauth2/authorize`);\n authorizeUrl.searchParams.set('client_id', clientId);\n authorizeUrl.searchParams.set('redirect_uri', redirectUri);\n authorizeUrl.searchParams.set('response_type', 'code');\n authorizeUrl.searchParams.set('code_challenge', codeChallenge);\n authorizeUrl.searchParams.set('code_challenge_method', 'S256');\n authorizeUrl.searchParams.set('state', state);\n // offline_access asks AuthKit to issue a refresh_token alongside the access_token —\n // without it the CLI would re-prompt every ~1h when the access token expires.\n authorizeUrl.searchParams.set('scope', 'openid profile email offline_access');\n\n // Start the callback server first so the redirect can land.\n const callbackPromise = startCallbackServer(port, state);\n\n let fallbackTimer: ReturnType<typeof setTimeout> | undefined;\n if (isSSH()) {\n // No usable browser over SSH — print the URL up front instead of auto-opening.\n console.log('SSH session detected. Open this URL in a browser to authenticate:');\n console.log(authorizeUrl.toString());\n } else {\n console.log('Opening browser for authentication...');\n const open = await import('open').then(m => m.default);\n\n // open() resolves on spawn, not browser launch — print a fallback URL after a delay.\n let fallbackPrinted = false;\n fallbackTimer = setTimeout(() => {\n fallbackPrinted = true;\n console.log(`If the browser didn't open, visit: ${authorizeUrl.toString()}`);\n }, FALLBACK_URL_DELAY_MS);\n\n open(authorizeUrl.toString()).catch(() => {\n if (fallbackPrinted) return;\n clearTimeout(fallbackTimer);\n console.log('Could not open browser automatically.');\n console.log(`Visit: ${authorizeUrl.toString()}`);\n });\n }\n\n let code: string;\n try {\n ({ code } = await callbackPromise);\n } finally {\n if (fallbackTimer) clearTimeout(fallbackTimer);\n }\n\n const tokens = await exchangeCodeForTokens(authkitDomain, clientId, code, codeVerifier, redirectUri);\n const expiresAt = expiresInToIso(tokens.expires_in);\n await setOAuthTokens(tokens.access_token, tokens.refresh_token, expiresAt);\n\n const noRefreshWarning = refreshTokenMissingWarning(tokens.refresh_token);\n if (noRefreshWarning) console.warn(noRefreshWarning);\n\n const config = loadConfig();\n saveConfig({\n ...config,\n api_url: apiUrl ?? config.api_url,\n });\n}\n","import { readFileSync, writeFileSync, mkdirSync } from 'fs';\nimport { join } from 'path';\nimport { homedir } from 'os';\n\nconst CONFIG_DIR = join(homedir(), '.config', 'rekor');\nconst CONFIG_FILE = join(CONFIG_DIR, 'config.json');\n\nexport interface Config {\n api_url: string;\n default_database?: string;\n org_id?: string;\n}\n\ninterface ConfigFile extends Config {\n // Tokens may linger here from older CLI versions until token-store migrates them.\n token?: string;\n [key: string]: unknown;\n}\n\nexport function loadConfig(): Config {\n const envUrl = process.env['REKOR_API_URL'];\n\n try {\n const raw = readFileSync(CONFIG_FILE, 'utf-8');\n const stored = JSON.parse(raw) as ConfigFile;\n return {\n api_url: envUrl ?? stored.api_url ?? 'http://localhost:8787',\n default_database: stored.default_database,\n org_id: stored.org_id,\n };\n } catch {\n return {\n api_url: envUrl ?? 'http://localhost:8787',\n };\n }\n}\n\nexport function saveConfig(config: Config): void {\n mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });\n let existing: ConfigFile = {} as ConfigFile;\n try {\n existing = JSON.parse(readFileSync(CONFIG_FILE, 'utf-8')) as ConfigFile;\n } catch {\n existing = {} as ConfigFile;\n }\n const merged: ConfigFile = { ...existing, ...config };\n writeFileSync(CONFIG_FILE, JSON.stringify(merged, null, 2), { mode: 0o600 });\n}\n\nexport { CONFIG_DIR, CONFIG_FILE };\n","import * as fs from 'node:fs';\nimport { CONFIG_DIR, CONFIG_FILE } from './config.js';\n\nconst KEYRING_SERVICE = 'rekor';\nconst KEY_REC = 'rec_token';\nconst KEY_OAUTH_ACCESS = 'oauth_access_token';\nconst KEY_OAUTH_REFRESH = 'oauth_refresh_token';\n\ninterface KeyringBinding {\n getPassword(service: string, account: string): Promise<string | null>;\n setPassword(service: string, account: string, password: string): Promise<void>;\n deletePassword(service: string, account: string): Promise<boolean>;\n}\n\nlet keyringCache: KeyringBinding | null | undefined;\n\nasync function getKeyring(): Promise<KeyringBinding | null> {\n if (keyringCache !== undefined) return keyringCache;\n try {\n const mod = await import('@napi-rs/keyring');\n const Entry = mod.Entry;\n keyringCache = {\n async getPassword(service, account) {\n try { return new Entry(service, account).getPassword(); } catch { return null; }\n },\n async setPassword(service, account, password) {\n new Entry(service, account).setPassword(password);\n },\n async deletePassword(service, account) {\n try { return new Entry(service, account).deletePassword(); } catch { return false; }\n },\n };\n } catch {\n keyringCache = null;\n }\n return keyringCache;\n}\n\nfunction manualCleanupCommand(account: string): string {\n if (process.platform === 'darwin') {\n return `security delete-generic-password -s ${KEYRING_SERVICE} -a ${account}`;\n }\n if (process.platform === 'win32') {\n return `cmdkey /delete:${KEYRING_SERVICE}/${account}`;\n }\n if (process.platform === 'linux') {\n return `secret-tool clear service ${KEYRING_SERVICE} account ${account}`;\n }\n return `(remove service=\"${KEYRING_SERVICE}\" account=\"${account}\" from your OS credential store)`;\n}\n\ninterface LegacyConfigFile {\n api_url?: string;\n token?: string;\n access_token?: string;\n refresh_token?: string;\n token_expires_at?: string;\n default_database?: string;\n org_id?: string;\n [key: string]: unknown;\n}\n\nfunction readConfigFile(): LegacyConfigFile | null {\n if (!fs.existsSync(CONFIG_FILE)) return null;\n try {\n return JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf-8')) as LegacyConfigFile;\n } catch {\n return null;\n }\n}\n\nfunction writeConfigFile(data: LegacyConfigFile): void {\n if (!fs.existsSync(CONFIG_DIR)) {\n fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });\n }\n fs.writeFileSync(CONFIG_FILE, JSON.stringify(data, null, 2), { mode: 0o600 });\n}\n\n// Delete reported success but get still returned a value — the keychain ignored the delete.\nexport class StaleKeyringSlotError extends Error {\n constructor(public readonly account: string) {\n super(\n `Stale credential remains in OS keychain slot \"${account}\" after delete. ` +\n `Clean it up manually and retry:\\n ${manualCleanupCommand(account)}`,\n );\n this.name = 'StaleKeyringSlotError';\n }\n}\n\nasync function clearSlot(keyring: KeyringBinding, account: string): Promise<boolean> {\n await keyring.deletePassword(KEYRING_SERVICE, account);\n try {\n return (await keyring.getPassword(KEYRING_SERVICE, account)) === null;\n } catch {\n return false;\n }\n}\n\nexport type ResolvedToken =\n | { kind: 'rec'; token: string }\n | { kind: 'oauth'; access_token: string; refresh_token?: string; expires_at?: string };\n\nfunction stripTokenFieldsFromFile(): void {\n const existing = readConfigFile();\n if (!existing) return;\n if (existing.token === undefined && existing.access_token === undefined && existing.refresh_token === undefined) return;\n delete existing.token;\n delete existing.access_token;\n delete existing.refresh_token;\n writeConfigFile(existing);\n}\n\nfunction readMetadataExpiresAt(): string | undefined {\n return readConfigFile()?.token_expires_at;\n}\n\nfunction writeMetadataExpiresAt(value: string | undefined): void {\n const existing = readConfigFile() ?? {};\n if (value === undefined) {\n delete existing.token_expires_at;\n } else {\n existing.token_expires_at = value;\n }\n writeConfigFile(existing);\n}\n\nasync function migrateLegacyFileToken(keyring: KeyringBinding | null): Promise<ResolvedToken | null> {\n const existing = readConfigFile();\n if (!existing) return null;\n\n // Prefer OAuth fields if present (newer file-fallback format), else legacy `token`.\n if (existing.access_token) {\n const out: ResolvedToken = {\n kind: 'oauth',\n access_token: existing.access_token,\n refresh_token: existing.refresh_token,\n expires_at: existing.token_expires_at,\n };\n if (keyring) {\n try {\n // Keyring wins on conflict — only migrate if slots are empty.\n const accessExisting = await keyring.getPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS);\n if (!accessExisting) {\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS, existing.access_token);\n if (existing.refresh_token) {\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_REFRESH, existing.refresh_token);\n }\n }\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip legacy OAuth tokens from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n } catch (err) {\n console.warn(`rekor: OAuth migration to keychain failed (${(err as Error).message}); continuing with file-backed.`);\n }\n }\n return out;\n }\n\n if (existing.token) {\n const token = existing.token;\n if (!keyring) return { kind: 'rec', token };\n try {\n const recExisting = await keyring.getPassword(KEYRING_SERVICE, KEY_REC);\n if (recExisting) {\n // Keyring wins — strip stale file copy.\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip stale token from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n return null;\n }\n await keyring.setPassword(KEYRING_SERVICE, KEY_REC, token);\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip legacy token from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n } catch (err) {\n console.warn(`rekor: keychain migration failed (${(err as Error).message}); continuing with file-backed token.`);\n }\n return { kind: 'rec', token };\n }\n\n return null;\n}\n\n// Read order: REKOR_TOKEN env → rec_ slot → OAuth slot. rec_ wins so an OAuth fallback can't silently switch identities.\nexport async function getResolvedToken(): Promise<ResolvedToken | null> {\n const envToken = process.env['REKOR_TOKEN'];\n if (envToken) {\n // Always rec-kind — preserves `REKOR_TOKEN=dev` for DEV_BYPASS_AUTH and avoids the OAuth refresh path on plain strings.\n return { kind: 'rec', token: envToken };\n }\n\n const keyring = await getKeyring();\n const migrated = await migrateLegacyFileToken(keyring);\n if (migrated) return migrated;\n\n if (keyring) {\n // All three slots in parallel — rec_ wins read precedence but probing sequentially would block on empty slots.\n const [rec, access, refresh] = await Promise.all([\n keyring.getPassword(KEYRING_SERVICE, KEY_REC),\n keyring.getPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS),\n keyring.getPassword(KEYRING_SERVICE, KEY_OAUTH_REFRESH),\n ]);\n if (rec) return { kind: 'rec', token: rec };\n if (access) {\n const out: ResolvedToken = { kind: 'oauth', access_token: access };\n if (refresh) out.refresh_token = refresh;\n const expiresAt = readMetadataExpiresAt();\n if (expiresAt) out.expires_at = expiresAt;\n return out;\n }\n }\n\n return null;\n}\n\n// Backwards-compatible single-string accessor for callers that don't need the kind.\nexport async function getToken(): Promise<string | null> {\n const resolved = await getResolvedToken();\n if (!resolved) return null;\n return resolved.kind === 'rec' ? resolved.token : resolved.access_token;\n}\n\nexport async function setToken(token: string): Promise<void> {\n await setRecToken(token);\n}\n\nexport async function setRecToken(token: string): Promise<void> {\n const keyring = await getKeyring();\n if (keyring) {\n try {\n // Clear OAuth slots first — a stale OAuth would survive `rekor logout` and confuse mode-switch debugging.\n const [accessCleared, refreshCleared] = await Promise.all([\n clearSlot(keyring, KEY_OAUTH_ACCESS),\n clearSlot(keyring, KEY_OAUTH_REFRESH),\n ]);\n const stuck = [\n accessCleared ? null : KEY_OAUTH_ACCESS,\n refreshCleared ? null : KEY_OAUTH_REFRESH,\n ].filter((a): a is string => a !== null);\n if (stuck.length > 0) {\n console.warn(\n [\n `rekor: stale OAuth credential remains in OS keychain after delete. Commands work but logout won't fully clear. Manually:`,\n ...stuck.map(a => ` ${manualCleanupCommand(a)}`),\n ].join('\\n'),\n );\n }\n await keyring.setPassword(KEYRING_SERVICE, KEY_REC, token);\n writeMetadataExpiresAt(undefined);\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip stale tokens from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n return;\n } catch (err) {\n if (err instanceof StaleKeyringSlotError) throw err;\n console.warn(`rekor: keychain write failed (${(err as Error).message}); falling back to file storage.`);\n }\n }\n const existing = readConfigFile() ?? {};\n delete existing.access_token;\n delete existing.refresh_token;\n delete existing.token_expires_at;\n existing.token = token;\n writeConfigFile(existing);\n}\n\nexport async function setOAuthTokens(\n accessToken: string,\n refreshToken: string | undefined,\n expiresAt: string,\n): Promise<void> {\n const keyring = await getKeyring();\n if (keyring) {\n try {\n // rec_ wins the read race — a leftover would mask new OAuth tokens; verify empty after delete and fail loudly.\n if (!(await clearSlot(keyring, KEY_REC))) {\n throw new StaleKeyringSlotError(KEY_REC);\n }\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS, accessToken);\n if (refreshToken) {\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_REFRESH, refreshToken);\n } else {\n // Best-effort clear of any stale refresh slot when the new pair has none.\n await clearSlot(keyring, KEY_OAUTH_REFRESH);\n }\n writeMetadataExpiresAt(expiresAt);\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip stale tokens from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n return;\n } catch (err) {\n // StaleKeyringSlotError propagates — file fallback won't help if the keyring still holds rec_.\n if (err instanceof StaleKeyringSlotError) throw err;\n console.warn(`rekor: keychain write failed (${(err as Error).message}); falling back to file storage.`);\n }\n }\n const existing = readConfigFile() ?? {};\n delete existing.token;\n existing.access_token = accessToken;\n if (refreshToken) existing.refresh_token = refreshToken;\n existing.token_expires_at = expiresAt;\n writeConfigFile(existing);\n}\n\nexport async function clearToken(): Promise<void> {\n await clearAllTokens();\n}\n\nexport async function clearAllTokens(): Promise<void> {\n const keyring = await getKeyring();\n if (keyring) {\n const slots = [KEY_REC, KEY_OAUTH_ACCESS, KEY_OAUTH_REFRESH] as const;\n const cleared = await Promise.all(slots.map(s => clearSlot(keyring, s)));\n for (const [i, ok] of cleared.entries()) {\n if (!ok) {\n const account = slots[i]!;\n console.warn(\n `rekor: could not clear keychain slot \"${account}\". Subsequent commands may still pick the stale token. Manually:\\n ${manualCleanupCommand(account)}`,\n );\n }\n }\n }\n const existing = readConfigFile();\n if (existing) {\n let dirty = false;\n for (const k of ['token', 'access_token', 'refresh_token', 'token_expires_at'] as const) {\n if (existing[k] !== undefined) {\n delete existing[k];\n dirty = true;\n }\n }\n if (dirty) writeConfigFile(existing);\n }\n}\n\nexport function __setKeyringForTesting(binding: KeyringBinding | null): void {\n keyringCache = binding;\n}\n\nexport function __resetKeyringForTesting(): void {\n keyringCache = undefined;\n}\n","import * as http from 'node:http';\n\n// Fixed port for the OAuth redirect URI — must match what's registered in WorkOS AuthKit.\nexport const OAUTH_CALLBACK_PORT = 3927;\n\nconst DEFAULT_AUTHKIT_DOMAIN = 'https://engaging-tip-62.authkit.app';\nconst DEFAULT_AUTHKIT_CLIENT_ID = 'client_01KSMZJ6YN7VAKTP2BW41V56SZ';\n\nexport function getAuthKitDomain(): string {\n return process.env['REKOR_AUTHKIT_DOMAIN'] || DEFAULT_AUTHKIT_DOMAIN;\n}\n\nexport function getAuthKitClientId(): string {\n return process.env['REKOR_AUTHKIT_CLIENT_ID'] || DEFAULT_AUTHKIT_CLIENT_ID;\n}\n\nexport interface TokenResponse {\n access_token: string;\n refresh_token?: string;\n expires_in: number;\n}\n\nexport function expiresInToIso(expiresInSeconds: number): string {\n return new Date(Date.now() + expiresInSeconds * 1000).toISOString();\n}\n\n// AuthKit only returns a refresh_token when the app is configured to issue them (offline_access).\n// Without one, the short-lived access token can't be silently renewed — the session dies within\n// minutes and every command fails until the next `rekor login`. Surface that at login time rather\n// than letting the user discover it via a confusing mid-session auth failure.\nexport function refreshTokenMissingWarning(refreshToken: string | undefined): string | null {\n if (refreshToken) return null;\n return (\n 'Signed in, but no refresh token was issued — this session will expire shortly and you will ' +\n 'need to run `rekor login` again. Enable refresh tokens (offline_access) on the WorkOS AuthKit ' +\n 'application to keep CLI sessions alive.'\n );\n}\n\nfunction asTokenResponse(value: unknown): TokenResponse {\n if (typeof value !== 'object' || value === null) {\n throw new Error('AuthKit returned a non-object token payload');\n }\n const v = value as Partial<TokenResponse>;\n if (typeof v.access_token !== 'string' || typeof v.expires_in !== 'number') {\n throw new Error('AuthKit token payload missing required fields');\n }\n const out: TokenResponse = { access_token: v.access_token, expires_in: v.expires_in };\n if (typeof v.refresh_token === 'string') out.refresh_token = v.refresh_token;\n return out;\n}\n\nexport async function exchangeCodeForTokens(\n authkitDomain: string,\n clientId: string,\n code: string,\n codeVerifier: string,\n redirectUri: string,\n): Promise<TokenResponse> {\n const response = await fetch(`${authkitDomain}/oauth2/token`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: new URLSearchParams({\n grant_type: 'authorization_code',\n code,\n code_verifier: codeVerifier,\n redirect_uri: redirectUri,\n client_id: clientId,\n }).toString(),\n });\n\n if (!response.ok) {\n const body = await response.text();\n throw new Error(`Token exchange failed (${response.status}): ${body}`);\n }\n\n return asTokenResponse(await response.json());\n}\n\nexport class SessionExpiredError extends Error {\n constructor() {\n super('SESSION_EXPIRED');\n this.name = 'SessionExpiredError';\n }\n}\n\nexport async function refreshAccessToken(\n authkitDomain: string,\n clientId: string,\n refreshToken: string,\n): Promise<TokenResponse> {\n const response = await fetch(`${authkitDomain}/oauth2/token`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: new URLSearchParams({\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n client_id: clientId,\n }).toString(),\n });\n\n if (!response.ok) {\n const status = response.status;\n const body = await response.text();\n\n if (status === 400 || status === 401) {\n try {\n const parsed = JSON.parse(body) as { error?: string };\n if (parsed.error === 'invalid_grant') throw new SessionExpiredError();\n } catch (err) {\n if (err instanceof SessionExpiredError) throw err;\n // Non-JSON body — fall through to generic error.\n }\n }\n\n throw new Error(`Token refresh failed (${status}): ${body}`);\n }\n\n return asTokenResponse(await response.json());\n}\n\nexport function startCallbackServer(\n port: number,\n expectedState: string,\n timeoutMs: number = 120_000,\n): Promise<{ code: string }> {\n return new Promise((resolve, reject) => {\n let handled = false;\n const server = http.createServer((req, res) => {\n const url = new URL(req.url || '/', `http://127.0.0.1:${port}`);\n if (url.pathname !== '/callback') {\n res.writeHead(404);\n res.end();\n return;\n }\n\n if (handled) {\n res.writeHead(409);\n res.end();\n return;\n }\n\n const code = url.searchParams.get('code');\n const state = url.searchParams.get('state');\n const error = url.searchParams.get('error');\n const errorDescription = url.searchParams.get('error_description');\n\n if (error) {\n handled = true;\n res.writeHead(400, { 'Content-Type': 'text/html' });\n res.end(errorPage(errorDescription || error));\n cleanup();\n reject(new Error(`OAuth error: ${errorDescription || error}`));\n return;\n }\n\n if (state !== expectedState) {\n handled = true;\n res.writeHead(400, { 'Content-Type': 'text/html' });\n res.end(errorPage('Invalid state parameter'));\n cleanup();\n reject(new Error('OAuth state mismatch — possible CSRF attempt'));\n return;\n }\n\n if (!code) {\n handled = true;\n res.writeHead(400, { 'Content-Type': 'text/html' });\n res.end(errorPage('No authorization code received'));\n cleanup();\n reject(new Error('No authorization code received'));\n return;\n }\n\n handled = true;\n res.writeHead(200, { 'Content-Type': 'text/html' });\n res.end(successPage());\n cleanup();\n resolve({ code });\n });\n\n const timeout = setTimeout(() => {\n cleanup();\n reject(new Error('Timed out waiting for login. Run `rekor login` again.'));\n }, timeoutMs);\n\n function cleanup(): void {\n clearTimeout(timeout);\n server.close();\n }\n\n server.on('error', (err: NodeJS.ErrnoException) => {\n cleanup();\n if (err.code === 'EADDRINUSE') {\n reject(new Error(`Port ${port} is in use. Close the other process and retry.`));\n } else {\n reject(err);\n }\n });\n\n server.listen(port, '127.0.0.1');\n });\n}\n\nfunction successPage(): string {\n return `<!DOCTYPE html>\n<html><head><title>Rekor CLI</title></head>\n<body style=\"font-family: system-ui, sans-serif; display: flex; align-items: center; justify-content: center; min-height: 100vh; margin: 0; background: #fafafa;\">\n <div style=\"text-align: center;\">\n <h1 style=\"font-size: 1.25rem; font-weight: 600;\">Authentication successful</h1>\n <p style=\"color: #666; margin-top: 0.5rem;\">You can close this tab and return to your terminal.</p>\n </div>\n</body></html>`;\n}\n\n// `message` comes from OAuth redirect params — encode so a compromised IdP can't inject HTML into the localhost page.\nfunction escapeHtml(input: string): string {\n return input\n .replace(/&/g, '&')\n .replace(/</g, '<')\n .replace(/>/g, '>')\n .replace(/\"/g, '"')\n .replace(/'/g, ''');\n}\n\nfunction errorPage(message: string): string {\n return `<!DOCTYPE html>\n<html><head><title>Rekor CLI</title></head>\n<body style=\"font-family: system-ui, sans-serif; display: flex; align-items: center; justify-content: center; min-height: 100vh; margin: 0; background: #fafafa;\">\n <div style=\"text-align: center;\">\n <h1 style=\"font-size: 1.25rem; font-weight: 600; color: #dc2626;\">Authentication failed</h1>\n <p style=\"color: #666; margin-top: 0.5rem;\">${escapeHtml(message)}</p>\n </div>\n</body></html>`;\n}\n","import { loadConfig, saveConfig } from './config.js';\nimport { getResolvedToken, setRecToken, setOAuthTokens, clearAllTokens, type ResolvedToken } from './token-store.js';\nimport { refreshAccessToken, expiresInToIso, getAuthKitDomain, getAuthKitClientId, SessionExpiredError } from './oauth.js';\n\n/** Persist a pasted rec_ token (CI / headless path). */\nexport async function login(token: string, apiUrl?: string): Promise<void> {\n await setRecToken(token);\n const config = loadConfig();\n saveConfig({\n ...config,\n api_url: apiUrl ?? config.api_url,\n });\n}\n\nconst REFRESH_LEEWAY_MS = 60_000;\n\n// Returns a valid access token; silently refreshes OAuth tokens within 60s of expiry.\nexport async function getAccessToken(): Promise<string | null> {\n const resolved = await getResolvedToken();\n if (!resolved) return null;\n\n if (resolved.kind === 'rec') return resolved.token;\n\n // OAuth path — refresh if near expiry. Missing/unparseable expires_at: assume valid, let the API surface a real 401.\n const expiresAtMs = resolved.expires_at ? new Date(resolved.expires_at).getTime() : Number.NaN;\n if (!Number.isFinite(expiresAtMs) || expiresAtMs > Date.now() + REFRESH_LEEWAY_MS) {\n return resolved.access_token;\n }\n if (!resolved.refresh_token) {\n throw new Error('Access token expired and no refresh token available. Run `rekor login` again.');\n }\n\n try {\n const result = await refreshAccessToken(getAuthKitDomain(), getAuthKitClientId(), resolved.refresh_token);\n const newExpiresAt = expiresInToIso(result.expires_in);\n await setOAuthTokens(result.access_token, result.refresh_token ?? resolved.refresh_token, newExpiresAt);\n return result.access_token;\n } catch (err) {\n if (err instanceof SessionExpiredError) {\n await clearAllTokens();\n throw new Error('Session expired. Run `rekor login` again.');\n }\n throw err;\n }\n}\n\n/** Auth kind for the current credential, without resolving the token itself. Used by logout to decide if it should call the revoke endpoint. */\nexport async function currentAuthKind(): Promise<ResolvedToken['kind'] | null> {\n const resolved = await getResolvedToken();\n return resolved?.kind ?? null;\n}\n\nexport async function isAuthenticated(): Promise<boolean> {\n return (await getResolvedToken()) !== null;\n}\n","import * as crypto from 'node:crypto';\n\nexport function generateCodeVerifier(): string {\n return crypto.randomBytes(32).toString('base64url');\n}\n\nexport function generateCodeChallenge(verifier: string): string {\n return crypto.createHash('sha256').update(verifier).digest().toString('base64url');\n}\n\nexport function generateState(): string {\n return crypto.randomBytes(16).toString('base64url');\n}\n","/** Environment detection helpers for adapting CLI UX to CI, pipes, and remote sessions. */\n\nexport function isCI(): boolean {\n return Boolean(process.env['CI']);\n}\n\n/** True when both stdin and stdout are TTYs — safe to render interactive prompts. */\nexport function isInteractive(): boolean {\n return Boolean(process.stdin.isTTY && process.stdout.isTTY);\n}\n\n/** True when running inside an SSH session — browser auto-open won't reach the user. */\nexport function isSSH(): boolean {\n return Boolean(process.env['SSH_CONNECTION'] || process.env['SSH_TTY']);\n}\n","import { Command } from 'commander';\nimport { clearAllTokens } from '../token-store.js';\nimport { currentAuthKind } from '../auth.js';\nimport { ApiClient } from '../client.js';\n\nexport const logoutCommand = new Command('logout')\n .description('Remove stored authentication credentials')\n .action(async () => {\n const kind = await currentAuthKind();\n\n // For OAuth sessions, ask the backend to revoke the WorkOS session so cross-device\n // logout works. Best-effort — errors don't block local credential cleanup.\n if (kind === 'oauth') {\n try {\n const client = new ApiClient();\n await client.request('POST', '/v1/auth/logout');\n } catch (err) {\n console.warn(`rekor: server-side logout failed (${err instanceof Error ? err.message : 'unknown'}); clearing local credentials anyway.`);\n }\n }\n\n await clearAllTokens();\n console.log('Logged out successfully');\n });\n","/** Error raised by the API client carrying the HTTP status so callers can branch and hint. */\nexport class ApiError extends Error {\n constructor(\n public readonly status: number,\n message: string,\n public readonly code?: string,\n public readonly body?: unknown,\n ) {\n super(message);\n this.name = 'ApiError';\n }\n\n /** 4xx are user-facing (bad input, auth, quota) — not bugs worth reporting. */\n get isExpected(): boolean {\n return this.status >= 400 && this.status < 500;\n }\n}\n\n/** A short actionable line for a known failure, or null when the raw message is enough. */\nexport function friendlyHint(err: unknown): string | null {\n if (!(err instanceof ApiError)) return null;\n switch (err.status) {\n case 401:\n return 'Authentication failed or session expired. Run `rekor login`.';\n case 402:\n return 'Quota exceeded for your plan. Review usage or upgrade your plan.';\n case 403:\n return 'Access denied. Your token may lack permission for this resource.';\n case 429:\n return 'Rate limited. Wait a moment and try again.';\n default:\n if (err.status >= 500) return 'Rekor server error. Try again shortly.';\n return null;\n }\n}\n\n/** Print a clean `Error: …` line plus a hint when we have one. Never prints a stack trace. */\nexport function handleCliError(err: unknown): void {\n const message = err instanceof Error ? err.message : String(err);\n console.error(`Error: ${message}`);\n const hint = friendlyHint(err);\n if (hint) console.error(hint);\n}\n","import { loadConfig } from './config.js';\nimport { getAccessToken } from './auth.js';\nimport { ApiError } from './errors.js';\n\nexport class ApiClient {\n readonly baseUrl: string;\n private _tokenPromise: Promise<string | null> | undefined;\n\n constructor() {\n const config = loadConfig();\n this.baseUrl = config.api_url;\n }\n\n private getToken(): Promise<string | null> {\n if (!this._tokenPromise) this._tokenPromise = getAccessToken();\n return this._tokenPromise;\n }\n\n private async authHeaders(): Promise<Record<string, string>> {\n const token = await this.getToken();\n return token ? { 'Authorization': `Bearer ${token}` } : {};\n }\n\n async request<T = unknown>(method: string, path: string, body?: unknown): Promise<T> {\n const res = await fetch(`${this.baseUrl}${path}`, {\n method,\n headers: {\n ...(await this.authHeaders()),\n 'Content-Type': 'application/json',\n },\n body: body ? JSON.stringify(body) : undefined,\n });\n\n // Read the body once as text — error/204 responses may be empty or non-JSON, and\n // an unconditional res.json() would throw before we can map the status to an ApiError.\n const text = await res.text();\n let parsed: { data?: T; error?: { message?: string; code?: string } } | undefined;\n if (text) {\n try {\n parsed = JSON.parse(text) as typeof parsed;\n } catch {\n parsed = undefined;\n }\n }\n\n if (!res.ok) {\n throw new ApiError(\n res.status,\n parsed?.error?.message ?? `HTTP ${res.status}`,\n parsed?.error?.code,\n parsed,\n );\n }\n return parsed?.data as T;\n }\n\n async uploadFile(url: string, body: BodyInit, contentType: string): Promise<void> {\n const res = await fetch(url, {\n method: 'PUT',\n headers: {\n ...(await this.authHeaders()),\n 'Content-Type': contentType,\n },\n body,\n });\n if (!res.ok) {\n throw new ApiError(res.status, `Upload failed: HTTP ${res.status}`);\n }\n }\n}\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const databasesCommand = new Command('databases')\n .description('Manage databases');\n\ndatabasesCommand.command('list')\n .description('List all databases')\n .option('--tag <tag>', 'Filter by tag')\n .action(async function (this: Command, opts: { tag?: string }) {\n const client = new ApiClient();\n const qs = opts.tag ? `?tag=${encodeURIComponent(opts.tag)}` : '';\n const data = await client.request('GET', `/v1/databases${qs}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('get <id>')\n .description('Get a database')\n .action(async function (this: Command, id: string) {\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/databases/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('create <id>')\n .description('Create a database')\n .requiredOption('--name <name>', 'Database name')\n .option('--description <desc>', 'Description')\n .option('--tags <tags>', 'Comma-separated tags (e.g., client:acme,billing)')\n .action(async function (this: Command, id: string, opts: { name: string; description?: string; tags?: string }) {\n const client = new ApiClient();\n const body: Record<string, unknown> = {\n name: opts.name,\n description: opts.description,\n };\n if (opts.tags) {\n body['tags'] = opts.tags.split(',').map(t => t.trim());\n }\n const data = await client.request('PUT', `/v1/databases/${id}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('tag <id>')\n .description('Set tags on a database')\n .requiredOption('--tags <tags>', 'Comma-separated tags (e.g., client:acme,billing)')\n .action(async function (this: Command, id: string, opts: { tags: string }) {\n const client = new ApiClient();\n const data = await client.request('PUT', `/v1/databases/${id}`, {\n tags: opts.tags.split(',').map(t => t.trim()),\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('delete <id>')\n .description('Delete a database')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async (id: string, opts: { yes?: boolean }) => {\n if (!opts.yes && !(await confirm(`Delete database \"${id}\"? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const client = new ApiClient();\n await client.request('DELETE', `/v1/databases/${id}`);\n console.log('Deleted');\n });\n\n// --- Environment commands ---\n\ndatabasesCommand.command('create-preview <production-id>')\n .description('Create a preview database linked to a production database')\n .requiredOption('--name <name>', 'Preview database name')\n .option('--description <desc>', 'Description')\n .action(async function (this: Command, productionId: string, opts: { name: string; description?: string }) {\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${productionId}/preview`, {\n name: opts.name,\n description: opts.description,\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('list-previews <production-id>')\n .description('List preview databases for a production database')\n .action(async function (this: Command, productionId: string) {\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${productionId}/previews`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('promote <production-id>')\n .description('Promote config from a preview database to production (human-only)')\n .requiredOption('--from <preview-id>', 'Source preview database ID')\n .option('--dry-run', 'Show what would change without applying')\n .option('--collections <ids>', 'Comma-separated collection IDs to promote', (v: string) => v.split(','))\n .option('--triggers <ids>', 'Comma-separated trigger IDs to promote', (v: string) => v.split(','))\n .option('--hooks <ids>', 'Comma-separated hook IDs to promote', (v: string) => v.split(','))\n .action(async function (\n this: Command,\n productionId: string,\n opts: { from: string; dryRun?: boolean; collections?: string[]; triggers?: string[]; hooks?: string[] },\n ) {\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${productionId}/promote`, {\n source_database_id: opts.from,\n dry_run: opts.dryRun ?? false,\n collections: opts.collections,\n triggers: opts.triggers,\n hooks: opts.hooks,\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('rollback <production-id>')\n .description('Rollback a promotion (human-only)')\n .requiredOption('--promotion <promotion-id>', 'Promotion ID to rollback')\n .action(async function (this: Command, productionId: string, opts: { promotion: string }) {\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${productionId}/promote/rollback`, {\n promotion_id: opts.promotion,\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('promotions <production-id>')\n .description('List promotion history for a production database')\n .action(async function (this: Command, productionId: string) {\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${productionId}/promotions`);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import chalk from 'chalk';\nimport Table from 'cli-table3';\n\nexport type OutputFormat = 'json' | 'table';\n\nexport function formatOutput(data: unknown, format: OutputFormat): string {\n if (format === 'json') {\n return JSON.stringify(data, null, 2);\n }\n\n if (Array.isArray(data)) {\n return formatTable(data as Record<string, unknown>[]);\n }\n\n if (typeof data === 'object' && data !== null) {\n return formatKeyValue(data as Record<string, unknown>);\n }\n\n return String(data);\n}\n\nfunction formatTable(rows: Record<string, unknown>[]): string {\n if (rows.length === 0) return chalk.dim('No results');\n\n const keys = Object.keys(rows[0]!);\n const table = new Table({ head: keys.map(k => chalk.bold(k)) });\n\n for (const row of rows) {\n table.push(keys.map(k => {\n const val = row[k];\n if (val === null || val === undefined) return '';\n if (typeof val === 'object') return JSON.stringify(val);\n return String(val);\n }));\n }\n\n return table.toString();\n}\n\nfunction formatKeyValue(obj: Record<string, unknown>): string {\n const table = new Table();\n for (const [key, value] of Object.entries(obj)) {\n const displayValue = typeof value === 'object' ? JSON.stringify(value) : String(value ?? '');\n table.push({ [chalk.bold(key)]: displayValue });\n }\n return table.toString();\n}\n","import { readFileSync } from 'fs';\nimport { Command } from 'commander';\nimport { type OutputFormat } from './output.js';\n\nexport function parseData(data: string): Record<string, unknown> {\n if (data.startsWith('@')) {\n const content = readFileSync(data.slice(1), 'utf-8');\n return JSON.parse(content) as Record<string, unknown>;\n }\n return JSON.parse(data) as Record<string, unknown>;\n}\n\nexport function getDatabase(cmd: Command): string {\n // Walk up the command chain to find --database on the root program\n let current: Command | null = cmd;\n while (current) {\n const ws = current.opts().database as string | undefined;\n if (ws) return ws;\n current = current.parent;\n }\n console.error('Error: --database is required');\n return process.exit(1);\n}\n\nexport function getFormat(cmd: Command): OutputFormat {\n // The global --output / --json flags live only on the root program. Commander\n // routes them to the root regardless of nesting depth or whether they appear\n // before or after the subcommand, so we resolve from the root rather than a\n // fixed parent.parent walk (which missed the root on 4-level commands like\n // `debug report list`). Reading the root also avoids picking up a subcommand's\n // own same-named --output (e.g. `providers export --output <file>`).\n let root: Command = cmd;\n while (root.parent) root = root.parent;\n const opts = root.opts();\n // Compare against 'json' rather than casting opts.output through, so an\n // unrecognized --output value falls back to 'table' instead of a bogus format.\n return opts.json || opts.output === 'json' ? 'json' : 'table';\n}\n","import * as readline from 'node:readline';\nimport { isInteractive } from './env.js';\n\n/**\n * Yes/no confirmation. When stdin/stdout aren't a TTY (pipes, CI) it resolves to `true`\n * immediately so non-interactive callers keep their existing non-blocking behavior — guard\n * destructive paths with an explicit `--yes` flag, not this prompt, for scripts.\n */\nexport function confirm(question: string, opts: { defaultYes?: boolean } = {}): Promise<boolean> {\n if (!isInteractive()) return Promise.resolve(true);\n\n const suffix = opts.defaultYes ? '[Y/n]' : '[y/N]';\n const rl = readline.createInterface({ input: process.stdin, output: process.stdout });\n return new Promise((resolve) => {\n rl.question(`${question} ${suffix}: `, (answer) => {\n rl.close();\n const a = answer.trim().toLowerCase();\n if (a === '') return resolve(Boolean(opts.defaultYes));\n resolve(a === 'y' || a === 'yes');\n });\n });\n}\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const collectionsCommand = new Command('collections')\n .description('Manage collections');\n\ncollectionsCommand.command('list')\n .description('List all collections in a database')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/collections`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ncollectionsCommand.command('get <id>')\n .description('Get a collection')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/collections/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ncollectionsCommand.command('upsert <id>')\n .description('Create or update a collection')\n .requiredOption('--name <name>', 'Collection name')\n .option('--description <desc>', 'Description')\n .option('--schema <json>', 'JSON Schema (inline JSON or @filename)')\n .option('--icon <icon>', 'Icon name')\n .option('--color <color>', 'Hex color')\n .option('--sources <json>', 'External sources config (inline JSON or @filename)')\n .action(async function (this: Command, id: string, opts: { name: string; description?: string; schema?: string; icon?: string; color?: string; sources?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const body: Record<string, unknown> = { name: opts.name };\n if (opts.description) body['description'] = opts.description;\n if (opts.schema) body['json_schema'] = parseData(opts.schema);\n if (opts.icon) body['icon'] = opts.icon;\n if (opts.color) body['color'] = opts.color;\n if (opts.sources) body['sources'] = parseData(opts.sources);\n const data = await client.request('PUT', `/v1/${ws}/collections/${id}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ncollectionsCommand.command('delete <id>')\n .description('Delete a collection')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete collection \"${id}\"? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/collections/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const documentsCommand = new Command('documents')\n .description('Manage documents');\n\ndocumentsCommand.command('upsert <collection>')\n .description('Create or update a document')\n .requiredOption('--data <json>', 'Record data (inline JSON or @filename)')\n .option('--id <id>', 'Internal document ID (UUID) to update a known document')\n .option('--external-id <id>', 'External/agent-supplied ID for idempotent upsert')\n .option('--external-source <source>', 'Source system for external_id (e.g. stripe)')\n .action(async function (this: Command, collection: string, opts: { data: string; id?: string; externalId?: string; externalSource?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const body: Record<string, unknown> = { data: parseData(opts.data) };\n if (opts.externalId) body['external_id'] = opts.externalId;\n if (opts.externalSource) body['external_source'] = opts.externalSource;\n const path = opts.id\n ? `/v1/${ws}/documents/${collection}/${opts.id}`\n : `/v1/${ws}/documents/${collection}`;\n const data = await client.request('PUT', path, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndocumentsCommand.command('query <collection>')\n .description('List/search documents: exact filters + fuzzy `search`, sorting, pagination')\n .option('--filter <json>', 'Filter DSL expression (inline JSON or @filename). Use the `search` operator for fuzzy matching.')\n .option('--sort <json>', 'Sort expressions (inline JSON or @filename), e.g. [{\"field\":\"data.created\",\"direction\":\"desc\"}]')\n .option('--fields <list>', 'Comma-separated field projection')\n .option('--limit <n>', 'Max results')\n .option('--offset <n>', 'Pagination offset')\n .action(async function (this: Command, collection: string, opts: { filter?: string; sort?: string; fields?: string; limit?: string; offset?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const qs = new URLSearchParams();\n if (opts.filter) qs.set('filter', JSON.stringify(parseData(opts.filter)));\n if (opts.sort) qs.set('sort', JSON.stringify(parseData(opts.sort)));\n if (opts.fields) qs.set('fields', opts.fields);\n if (opts.limit) qs.set('limit', opts.limit);\n if (opts.offset) qs.set('offset', opts.offset);\n const q = qs.toString();\n const data = await client.request('GET', `/v1/${ws}/documents/${collection}${q ? `?${q}` : ''}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndocumentsCommand.command('get <collection> <id>')\n .description('Get a document by ID')\n .action(async function (this: Command, collection: string, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/documents/${collection}/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndocumentsCommand.command('delete <collection> <id>')\n .description('Delete a document')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, collection: string, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete document ${collection}/${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/documents/${collection}/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { readFileSync } from 'fs';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\n\nexport const sqlCommand = new Command('sql')\n .description('Execute a read-only SQL query against database data')\n .argument('[query]', 'SQL query (SELECT only)')\n .option('--file <path>', 'Read SQL from a file instead of argument')\n .option('--param <kv...>', 'Named parameters as key=value pairs (e.g., --param status=issued)')\n .action(async function (this: Command, queryArg: string | undefined, opts: { file?: string; param?: string[] }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n\n let query: string;\n if (opts.file) {\n query = readFileSync(opts.file, 'utf-8').trim();\n } else if (queryArg) {\n query = queryArg;\n } else {\n console.error('Error: provide a SQL query as argument or via --file');\n process.exit(1);\n }\n\n const params: Record<string, unknown> = {};\n if (opts.param) {\n for (const kv of opts.param) {\n const eqIdx = kv.indexOf('=');\n if (eqIdx === -1) {\n console.error(`Error: invalid param format \"${kv}\", expected key=value`);\n process.exit(1);\n }\n params[kv.slice(0, eqIdx)] = kv.slice(eqIdx + 1);\n }\n }\n\n const body: Record<string, unknown> = { query };\n if (Object.keys(params).length > 0) body.params = params;\n\n const data = await client.request('POST', `/v1/${ws}/sql`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const relationshipsCommand = new Command('relationships')\n .description('Manage relationships between documents');\n\nrelationshipsCommand.command('upsert')\n .description('Create or update a relationship')\n .requiredOption('--source <collection/id>', 'Source document (collection/id)')\n .requiredOption('--target <collection/id>', 'Target document (collection/id)')\n .requiredOption('--type <type>', 'Relationship type')\n .option('--id <id>', 'Relationship ID')\n .option('--data <json>', 'Relationship metadata (inline JSON or @filename)')\n .action(async function (this: Command, opts: { source: string; target: string; type: string; id?: string; data?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const [sourceCollection, sourceId] = opts.source.split('/');\n const [targetCollection, targetId] = opts.target.split('/');\n const body: Record<string, unknown> = {\n rel_type: opts.type,\n source_collection: sourceCollection,\n source_id: sourceId,\n target_collection: targetCollection,\n target_id: targetId,\n };\n if (opts.id) body['id'] = opts.id;\n if (opts.data) body['data'] = parseData(opts.data);\n const path = opts.id ? `/v1/${ws}/relationships/${opts.id}` : `/v1/${ws}/relationships`;\n const data = await client.request('PUT', path, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nrelationshipsCommand.command('get <id>')\n .description('Get a relationship by ID')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/relationships/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nrelationshipsCommand.command('delete <id>')\n .description('Delete a relationship')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete relationship ${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/relationships/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const relationshipTypesCommand = new Command('relationship-types')\n .description('Manage relationship types (the schema for a relationship\\'s metadata)');\n\nrelationshipTypesCommand.command('list')\n .description('List all relationship types in a database')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/relationship-types`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nrelationshipTypesCommand.command('get <rel_type>')\n .description('Get a relationship type')\n .action(async function (this: Command, relType: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/relationship-types/${relType}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nrelationshipTypesCommand.command('upsert <rel_type>')\n .description('Create or update a relationship type')\n .option('--description <desc>', 'Description')\n .option('--schema <json>', 'JSON Schema for the relationship data (inline JSON or @filename). Omit to allow any data.')\n .option('--source-collections <json>', 'JSON array of allowed source collections (inline JSON or @filename)')\n .option('--target-collections <json>', 'JSON array of allowed target collections (inline JSON or @filename)')\n .action(async function (this: Command, relType: string, opts: { description?: string; schema?: string; sourceCollections?: string; targetCollections?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const body: Record<string, unknown> = {};\n if (opts.description) body['description'] = opts.description;\n if (opts.schema) body['data_schema'] = parseData(opts.schema);\n if (opts.sourceCollections) body['source_collections'] = parseData(opts.sourceCollections);\n if (opts.targetCollections) body['target_collections'] = parseData(opts.targetCollections);\n const data = await client.request('PUT', `/v1/${ws}/relationship-types/${relType}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nrelationshipTypesCommand.command('delete <rel_type>')\n .description('Delete a relationship type')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, relType: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete relationship type \"${relType}\"? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/relationship-types/${relType}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\n\nexport const queryRelationshipsCommand = new Command('query-relationships')\n .description('Query related documents')\n .argument('<collection>', 'Collection of the source document')\n .argument('<id>', 'Source document ID')\n .option('--type <type>', 'Filter by relationship type')\n .option('--direction <dir>', 'Direction: outgoing, incoming, or both', 'both')\n .option('--limit <n>', 'Max results', '50')\n .option('--offset <n>', 'Skip results', '0')\n .action(async function (this: Command, collection: string, id: string, opts: { type?: string; direction: string; limit: string; offset: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const params = new URLSearchParams();\n if (opts.type) params.set('rel_type', opts.type);\n // Map user-friendly direction names to backend API terms\n const directionMap: Record<string, string> = { outgoing: 'source', incoming: 'target', both: 'both' };\n params.set('direction', directionMap[opts.direction] ?? opts.direction);\n params.set('limit', opts.limit);\n params.set('offset', opts.offset);\n const data = await client.request('GET', `/v1/${ws}/documents/${collection}/${id}/related?${params.toString()}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { readFileSync } from 'node:fs';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const attachmentsCommand = new Command('attachments')\n .description('Manage document attachments');\n\nattachmentsCommand.command('upload <collection> <id>')\n .description('Get a presigned upload URL for a document attachment. With --file, uploads the file content in one step.')\n .requiredOption('--filename <name>', 'File name or path (e.g. docs/guide.md)')\n .option('--content-type <type>', 'MIME type', 'application/octet-stream')\n .option('--file <path>', 'Local file to upload (skips presigned URL output, uploads directly)')\n .action(async function (this: Command, collection: string, id: string, opts: { filename: string; contentType: string; file?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${ws}/documents/${collection}/${id}/attachments`, {\n filename: opts.filename,\n content_type: opts.contentType,\n }) as { upload_url: string; [key: string]: unknown };\n\n if (opts.file) {\n const body = readFileSync(opts.file);\n const uploadUrl = data.upload_url.startsWith('http') ? data.upload_url : `${client.baseUrl}${data.upload_url}`;\n await client.uploadFile(uploadUrl, body, opts.contentType);\n console.log(formatOutput({ ...data, uploaded: true }, getFormat(this)));\n } else {\n console.log(formatOutput(data, getFormat(this)));\n }\n });\n\nattachmentsCommand.command('url <collection> <id>')\n .description('Get a download URL for an attachment by filename')\n .requiredOption('--filename <name>', 'File name or path (e.g. docs/guide.md)')\n .action(async function (this: Command, collection: string, id: string, opts: { filename: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const attachments = await client.request<Array<{ key: string; size: number; uploaded: string }>>('GET', `/v1/${ws}/documents/${collection}/${id}/attachments`);\n const match = attachments.find(a => a.key.endsWith(`/${opts.filename}`));\n if (!match) {\n throw new Error(`Attachment \"${opts.filename}\" not found`);\n }\n const downloadUrl = `${client.baseUrl}/v1/${ws}/attachments/${match.key}`;\n console.log(formatOutput({ download_url: downloadUrl, ...match }, getFormat(this)));\n });\n\nattachmentsCommand.command('list <collection> <id>')\n .description('List attachments for a document')\n .option('--prefix <path>', 'Filter by path prefix (e.g. docs/)')\n .action(async function (this: Command, collection: string, id: string, opts: { prefix?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const query = opts.prefix ? `?prefix=${encodeURIComponent(opts.prefix)}` : '';\n const data = await client.request('GET', `/v1/${ws}/documents/${collection}/${id}/attachments${query}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nattachmentsCommand.command('delete <collection> <id> <attachment-id>')\n .description('Delete an attachment')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, collection: string, id: string, attachmentId: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete attachment ${attachmentId} on ${collection}/${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/documents/${collection}/${id}/attachments/${attachmentId}`);\n console.log('Deleted');\n });\n","import { randomUUID } from 'crypto';\nimport { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const hooksCommand = new Command('hooks')\n .description('Manage inbound webhook endpoints');\n\nhooksCommand.command('create')\n .description('Create a new inbound hook')\n .requiredOption('--name <name>', 'Hook name')\n .requiredOption('--secret <secret>', 'HMAC shared secret')\n .option('--id <id>', 'Hook ID (auto-generated if omitted)')\n .option('--collection-scope <collections>', 'Comma-separated collection scope')\n .action(async function (this: Command, opts: { name: string; secret: string; id?: string; collectionScope?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const hookId = opts.id ?? randomUUID();\n const body: Record<string, unknown> = {\n name: opts.name,\n secret: opts.secret,\n enabled: true,\n };\n if (opts.collectionScope) {\n body['collection_scope'] = opts.collectionScope.split(',');\n }\n const data = await client.request('PUT', `/v1/${ws}/hooks/${hookId}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nhooksCommand.command('get <id>')\n .description('Get a hook')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/hooks/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nhooksCommand.command('list')\n .description('List all hooks')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/hooks`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nhooksCommand.command('delete <id>')\n .description('Delete a hook')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete hook ${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/hooks/${id}`);\n console.log('Deleted');\n });\n","import { randomUUID } from 'crypto';\nimport { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const triggersCommand = new Command('triggers')\n .description('Manage outbound triggers');\n\ntriggersCommand.command('create')\n .description('Create an outbound trigger')\n .requiredOption('--name <name>', 'Trigger name')\n .requiredOption('--url <url>', 'Target URL')\n .requiredOption('--secret <secret>', 'HMAC signing secret')\n .requiredOption('--events <events>', 'Comma-separated event types')\n .option('--id <id>', 'Trigger ID (auto-generated if omitted)')\n .option('--collection-scope <collections>', 'Comma-separated collection scope')\n .option('--filter <json>', 'Filter expression (JSON)')\n .action(async function (this: Command, opts: { name: string; url: string; secret: string; events: string; id?: string; collectionScope?: string; filter?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const triggerId = opts.id ?? randomUUID();\n const body: Record<string, unknown> = {\n name: opts.name,\n url: opts.url,\n secret: opts.secret,\n events: opts.events.split(','),\n enabled: true,\n };\n if (opts.collectionScope) {\n body['collection_scope'] = opts.collectionScope.split(',');\n }\n if (opts.filter) {\n body['filter'] = JSON.parse(opts.filter);\n }\n const data = await client.request('PUT', `/v1/${ws}/triggers/${triggerId}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntriggersCommand.command('get <id>')\n .description('Get a trigger')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/triggers/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntriggersCommand.command('list')\n .description('List all triggers')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/triggers`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntriggersCommand.command('deliveries')\n .description('List trigger delivery attempts (status, retries, errors)')\n .option('--status <status>', 'Filter by status (pending | delivered | failed | dead)')\n .option('--trigger-id <id>', 'Filter by trigger id')\n .action(async function (this: Command, opts: { status?: string; triggerId?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const params = new URLSearchParams();\n if (opts.status) params.set('status', opts.status);\n if (opts.triggerId) params.set('trigger_id', opts.triggerId);\n const qs = params.toString();\n const data = await client.request('GET', `/v1/${ws}/triggers/deliveries${qs ? `?${qs}` : ''}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntriggersCommand.command('delete <id>')\n .description('Delete a trigger')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete trigger ${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/triggers/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const endpointsCommand = new Command('endpoints')\n .description('Manage MCP Factory endpoints');\n\nendpointsCommand.command('upsert <slug>')\n .description('Create or update an MCP endpoint')\n .option('--name <name>', 'Endpoint display name (required unless using --config)')\n .option('--description <desc>', 'Endpoint description')\n .option('--tool <spec>', 'Collection tool spec: collection:op1,op2 (repeatable)', collect, [])\n .option('--relationship <spec>', 'Relationship tool spec: rel_type:op1,op2 (repeatable)', collect, [])\n .option('--batch <spec>', 'Batch operation spec: collection_or_rel:op1,op2 (repeatable)', collect, [])\n .option('--sql-query', 'Enable sql_query tool')\n .option('--config <json>', 'Full endpoint config as JSON (supports name_override, description_override per tool). Use @file.json to read from file.')\n .action(async function (this: Command, slug: string, opts: {\n name?: string;\n description?: string;\n tool: string[];\n relationship: string[];\n batch: string[];\n sqlQuery?: boolean;\n config?: string;\n }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n\n let body: Record<string, unknown>;\n\n if (opts.config) {\n // Full JSON config — supports name_override, description_override per tool\n body = JSON.parse(opts.config);\n } else {\n if (!opts.name) {\n throw new Error('--name is required (or use --config for full JSON config)');\n }\n body = {\n name: opts.name,\n tools: opts.tool.map(parseToolSpec),\n };\n\n if (opts.description) body.description = opts.description;\n\n if (opts.relationship.length > 0) {\n body.relationships = opts.relationship.map(parseRelSpec);\n }\n\n if (opts.batch.length > 0) {\n const operations: Record<string, string[]> = {};\n for (const spec of opts.batch) {\n const parsed = parseSpec(spec);\n operations[parsed.key] = parsed.ops;\n }\n body.batch = { enabled: true, operations };\n }\n\n if (opts.sqlQuery) body.sql_query = true;\n }\n\n const data = await client.request('PUT', `/v1/${ws}/endpoints/${slug}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nendpointsCommand.command('get <slug>')\n .description('Get an endpoint')\n .option('--resolved', 'Include resolved collection schemas')\n .action(async function (this: Command, slug: string, opts: { resolved?: boolean }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const path = opts.resolved\n ? `/v1/${ws}/endpoints/${slug}/resolved`\n : `/v1/${ws}/endpoints/${slug}`;\n const data = await client.request('GET', path);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nendpointsCommand.command('list')\n .description('List all endpoints')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/endpoints`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nendpointsCommand.command('delete <slug>')\n .description('Delete an endpoint')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, slug: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete endpoint \"${slug}\"? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/endpoints/${slug}`);\n console.log('Deleted');\n });\n\nendpointsCommand.command('url <slug>')\n .description('Get the MCP connection URL for an endpoint')\n .option('--transport <type>', 'Transport: mcp or sse', 'mcp')\n .action((_slug: string, opts: { transport: string }) => {\n const transport = opts.transport === 'sse' ? 'sse' : 'mcp';\n console.log(`https://mcp.rekor.pro/e/${_slug}/${transport}`);\n });\n\n// ---- Helpers ----\n\nfunction collect(value: string, previous: string[]): string[] {\n return [...previous, value];\n}\n\nfunction parseSpec(spec: string): { key: string; ops: string[] } {\n const [key, opsStr] = spec.split(':');\n if (!key || !opsStr) {\n throw new Error(`Invalid spec '${spec}'. Expected format: name:op1,op2`);\n }\n return { key, ops: opsStr.split(',') };\n}\n\nfunction parseToolSpec(spec: string): Record<string, unknown> {\n const { key, ops } = parseSpec(spec);\n return { collection: key, operations: ops };\n}\n\nfunction parseRelSpec(spec: string): Record<string, unknown> {\n const { key, ops } = parseSpec(spec);\n return { rel_type: key, operations: ops };\n}\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\n\nexport const batchCommand = new Command('batch')\n .description('Execute atomic batch operations (up to 1,000 operations)')\n .requiredOption('--operations <json>', 'Operations array (inline JSON or @filename)')\n .action(async function (this: Command, opts: { operations: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const operations = parseData(opts.operations);\n const data = await client.request('POST', `/v1/${ws}/batch`, {\n operations: Array.isArray(operations) ? operations : [operations],\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\nconst VALID_PROVIDERS = 'openai, anthropic, google, mcp';\n\nexport const providersCommand = new Command('providers')\n .description('Import/export tool definitions between LLM providers and Record collections');\n\nprovidersCommand.command('import <provider>')\n .description(`Import tool definitions as collections. Providers: ${VALID_PROVIDERS}`)\n .requiredOption('--tools <json>', 'Tool definitions (inline JSON or @filename)')\n .action(async function (this: Command, provider: string, opts: { tools: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const tools = parseData(opts.tools);\n const data = await client.request('POST', `/v1/${ws}/providers/${provider}/import`, {\n tools: Array.isArray(tools) ? tools : [tools],\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\nprovidersCommand.command('export <provider>')\n .description(`Export collections as tool definitions. Providers: ${VALID_PROVIDERS}`)\n .option('--collections <ids>', 'Comma-separated collection IDs (omit for all)')\n .option('--output <file>', 'Write output to file')\n .action(async function (this: Command, provider: string, opts: { collections?: string; output?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const query = opts.collections ? `?collections=${opts.collections}` : '';\n const data = await client.request('GET', `/v1/${ws}/providers/${provider}/export${query}`);\n\n if (opts.output) {\n const { writeFileSync } = await import('fs');\n writeFileSync(opts.output, JSON.stringify(data, null, 2));\n console.log(`Written to ${opts.output}`);\n } else {\n console.log(formatOutput(data, getFormat(this)));\n }\n });\n\nprovidersCommand.command('import-call <provider> <collection>')\n .description(`Create a document from a tool call in provider format. Providers: ${VALID_PROVIDERS}`)\n .requiredOption('--data <json>', 'Tool call data in provider format (inline JSON or @filename)')\n .option('--external-id <id>', 'External ID for idempotent upsert')\n .option('--external-source <source>', 'External source identifier')\n .action(async function (this: Command, provider: string, collection: string, opts: { data: string; externalId?: string; externalSource?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const callData = parseData(opts.data);\n const queryParts: string[] = [];\n if (opts.externalId) queryParts.push(`external_id=${encodeURIComponent(opts.externalId)}`);\n if (opts.externalSource) queryParts.push(`external_source=${encodeURIComponent(opts.externalSource)}`);\n const qs = queryParts.length ? `?${queryParts.join('&')}` : '';\n const data = await client.request('POST', `/v1/${ws}/providers/${provider}/documents/${collection}${qs}`, callData);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getFormat } from '../helpers.js';\n\nexport const tokensCommand = new Command('tokens')\n .description('Manage API tokens');\n\ntokensCommand.command('create')\n .description('Create a scoped API token')\n .requiredOption('--name <name>', 'Token name')\n .requiredOption('--grants <json>', 'Grant definitions as JSON array')\n .option('--expires-at <date>', 'Expiration date (ISO 8601, e.g., 2026-06-01T00:00:00Z)')\n .action(async function (this: Command, opts: { name: string; grants: string; expiresAt?: string }) {\n const client = new ApiClient();\n let grants: unknown;\n try {\n grants = JSON.parse(opts.grants);\n } catch {\n throw new Error('--grants must be valid JSON');\n }\n const body: Record<string, unknown> = { name: opts.name, grants };\n if (opts.expiresAt) body.expires_at = opts.expiresAt;\n const data = await client.request('POST', '/v1/tokens', body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntokensCommand.command('list')\n .description('List API tokens')\n .action(async function (this: Command) {\n const client = new ApiClient();\n const data = await client.request('GET', '/v1/tokens');\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntokensCommand.command('revoke <token_id>')\n .description('Revoke an API token')\n .action(async function (this: Command, tokenId: string) {\n const client = new ApiClient();\n await client.request('DELETE', `/v1/tokens/${tokenId}`);\n console.log('Token revoked');\n });\n","import { Command } from 'commander';\nimport { readFileSync } from 'node:fs';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\n/**\n * Resolve a secret value from exactly one of `--value` (a plain string) or `--file` (the file's bytes,\n * base64-encoded — for certificates, keystores, or service-account JSON). Throws if neither or both given.\n */\nfunction resolveValue(opts: { value?: string; file?: string }): string {\n if ((opts.value === undefined) === (opts.file === undefined)) {\n throw new Error('provide exactly one of --value or --file');\n }\n if (opts.file !== undefined) return readFileSync(opts.file).toString('base64');\n return opts.value!;\n}\n\nexport const secretsCommand = new Command('secrets')\n .description('Manage organization vault secrets');\n\nsecretsCommand.command('create')\n .description('Store a vault secret (a string value, or a file via --file as base64)')\n .requiredOption('--name <name>', 'Secret name')\n .option('--value <value>', 'Secret value (plain string)')\n .option('--file <path>', 'Read the value from a file and base64-encode it (certificates, keystores, SA JSON)')\n .option('--content-type <mime>', 'MIME type of the value (e.g. application/x-pkcs12)')\n .option('--expires-at <date>', 'Expiry as ISO-8601 (e.g. 2027-01-01T00:00:00Z) — surfaced by `list --expiring`')\n .option('--tags <tags>', 'Comma-separated tags')\n .action(async function (this: Command, opts: { name: string; value?: string; file?: string; contentType?: string; expiresAt?: string; tags?: string }) {\n const client = new ApiClient();\n const body: Record<string, unknown> = { name: opts.name, value: resolveValue(opts) };\n if (opts.contentType) body.content_type = opts.contentType;\n if (opts.expiresAt) body.expires_at = opts.expiresAt;\n if (opts.tags) body.tags = opts.tags.split(',').map((t) => t.trim()).filter(Boolean);\n const data = await client.request('POST', '/v1/vault/secrets', body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nsecretsCommand.command('list')\n .description('List vault secrets (values masked)')\n .option('--expiring', 'Only secrets expiring within --days (default 30)')\n .option('--days <n>', 'Window for --expiring, in days', '30')\n .action(async function (this: Command, opts: { expiring?: boolean; days: string }) {\n const client = new ApiClient();\n const path = opts.expiring ? `/v1/vault/secrets?expiring_within_days=${encodeURIComponent(opts.days)}` : '/v1/vault/secrets';\n const data = await client.request('GET', path);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nsecretsCommand.command('get <id>')\n .description('Get vault secret metadata (value masked)')\n .action(async function (this: Command, id: string) {\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/vault/secrets/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nsecretsCommand.command('rotate <id>')\n .description('Rotate a secret by installing a new caller-supplied value (from --value or --file)')\n .option('--value <value>', 'New secret value (plain string)')\n .option('--file <path>', 'Read the new value from a file and base64-encode it')\n .option('--expires-at <date>', \"Set the rotated credential's new expiry (ISO-8601)\")\n .action(async function (this: Command, id: string, opts: { value?: string; file?: string; expiresAt?: string }) {\n const client = new ApiClient();\n const body: Record<string, unknown> = { value: resolveValue(opts) };\n if (opts.expiresAt) body.expires_at = opts.expiresAt;\n const data = await client.request('POST', `/v1/vault/secrets/${id}/rotate`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nsecretsCommand.command('delete <id>')\n .description('Delete a vault secret')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete vault secret ${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const client = new ApiClient();\n await client.request('DELETE', `/v1/vault/secrets/${id}`);\n console.log('Secret deleted');\n });\n","// Platform-admin debug commands. Backed by /admin/debug/* on the backend,\n// which requires the `platform:admin` permission (granted to JWT auth when\n// the WorkOS email is in PLATFORM_ADMIN_EMAILS). All reads are audit-logged\n// and rate-limited to 60/hour per user.\n\nimport { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getFormat } from '../helpers.js';\n\nexport const debugCommand = new Command('debug')\n .description('Platform-admin debug commands (requires platform:admin grant)');\n\n// --- do ---\n\nconst doCommand = debugCommand.command('do').description('Inspect live database storage state');\n\ndoCommand.command('tables <type> <id>')\n .description('List internal tables and row counts. Types: database | org | user')\n .action(async function (this: Command, type: string, id: string) {\n const client = new ApiClient();\n const data = await client.request<{ type: string; id: string; tables: { name: string; row_count: number }[] }>(\n 'GET',\n `/admin/debug/do/${encodeURIComponent(type)}/${encodeURIComponent(id)}/tables`,\n );\n console.log(formatOutput(data.tables, getFormat(this)));\n });\n\ndoCommand.command('read <type> <id> <table>')\n .description('Read rows from an internal table (sensitive columns redacted)')\n .option('--limit <n>', 'Max rows (default 20, cap 100)', (v: string) => Number(v))\n .option('--row-id <value>', 'Filter to a single row by its id column')\n .action(async function (\n this: Command,\n type: string,\n id: string,\n table: string,\n opts: { limit?: number; rowId?: string },\n ) {\n const client = new ApiClient();\n const params = new URLSearchParams({ table });\n if (opts.limit !== undefined) params.set('limit', String(opts.limit));\n if (opts.rowId !== undefined) params.set('row_id', opts.rowId);\n\n const data = await client.request<{\n table: string;\n columns: string[];\n rows: unknown[][];\n truncated: boolean;\n }>(\n 'GET',\n `/admin/debug/do/${encodeURIComponent(type)}/${encodeURIComponent(id)}/read?${params}`,\n );\n\n const format = getFormat(this);\n if (format === 'json') {\n console.log(JSON.stringify(data, null, 2));\n return;\n }\n // Reshape columns/rows into row objects for table display.\n const objs = data.rows.map(r => Object.fromEntries(data.columns.map((c, i) => [c, r[i]])));\n console.log(formatOutput(objs, format));\n if (data.truncated) console.log('(truncated — pass --limit to see more)');\n });\n\n// --- report (platform_report triage queue) ---\n\nconst reportCommand = debugCommand\n .command('report')\n .description('Inspect and triage the platform_report queue (Sentry + CLI bug reports)');\n\ninterface PlatformReportRow {\n report_id: string;\n source: 'sentry' | 'cli_report' | 'review' | 'security_audit';\n classification: 'bug' | 'flaky_test' | 'security' | null;\n status: 'pending' | 'grouped' | 'escalated' | 'addressed' | 'dismissed';\n fingerprint: string;\n gh_issue_url: string | null;\n reporter_email: string | null;\n created_at: string;\n}\n\nreportCommand.command('list')\n .description('List reports with optional filters')\n .option('--status <s>', 'pending | grouped | escalated | addressed | dismissed')\n .option('--source <s>', 'sentry | cli_report | review | security_audit')\n .option('--classification <c>', 'bug | flaky_test | security')\n .option('--limit <n>', 'Max rows (default 50, cap 200)', (v: string) => Number(v))\n .option('--offset <n>', 'Offset for pagination', (v: string) => Number(v))\n .option('--since <iso>', 'Lower bound on created_at (ISO timestamp)')\n .action(async function (\n this: Command,\n opts: { status?: string; source?: string; classification?: string; limit?: number; offset?: number; since?: string },\n ) {\n const client = new ApiClient();\n const params = new URLSearchParams();\n if (opts.status) params.set('status', opts.status);\n if (opts.source) params.set('source', opts.source);\n if (opts.classification) params.set('classification', opts.classification);\n if (opts.limit !== undefined) params.set('limit', String(opts.limit));\n if (opts.offset !== undefined) params.set('offset', String(opts.offset));\n if (opts.since) params.set('since', opts.since);\n const qs = params.toString() ? `?${params}` : '';\n\n const data = await client.request<{ rows: PlatformReportRow[]; total: number }>(\n 'GET',\n `/admin/reports${qs}`,\n );\n\n const format = getFormat(this);\n if (format === 'json') {\n console.log(JSON.stringify(data, null, 2));\n return;\n }\n console.log(formatOutput(data.rows, format));\n console.log(`(${data.rows.length} of ${data.total})`);\n });\n\nreportCommand.command('show <id>')\n .description('Show a single report with its group members')\n .action(async function (this: Command, id: string) {\n const client = new ApiClient();\n const data = await client.request<{ report: PlatformReportRow; members: PlatformReportRow[] }>(\n 'GET',\n `/admin/reports/${encodeURIComponent(id)}`,\n );\n console.log(JSON.stringify(data, null, 2));\n });\n\n// Local copy: the CLI is a separate package and can't import backend internals\n// (mirrors the local PlatformReportRow above).\ninterface GroupReportSkip {\n report_id: string;\n reason: 'not_found' | 'terminal' | 'grouped_elsewhere' | 'different_gh_issue';\n detail?: string;\n}\n\nfunction describeGroupSkip(s: GroupReportSkip): string {\n switch (s.reason) {\n case 'not_found':\n return 'not found';\n case 'terminal':\n return `terminal (${s.detail ?? 'resolved'})`;\n case 'grouped_elsewhere':\n return `already grouped under ${s.detail ?? 'another canonical'}`;\n case 'different_gh_issue':\n return `tracks a different GitHub issue (${s.detail ?? 'unknown'})`;\n default: {\n // Compile-time exhaustiveness: a new skip reason must be handled here.\n const _exhaustive: never = s.reason;\n return _exhaustive;\n }\n }\n}\n\nreportCommand.command('group <canonical_id> <member_ids...>')\n .description('Fold member_ids under canonical_id (members must be pending or escalated)')\n .action(async function (this: Command, canonicalId: string, memberIds: string[]) {\n const client = new ApiClient();\n const data = await client.request<{ grouped: number; skipped: GroupReportSkip[] }>(\n 'POST',\n `/admin/reports/${encodeURIComponent(canonicalId)}/group`,\n { member_ids: memberIds },\n );\n console.log(`Grouped ${data.grouped} member(s) under ${canonicalId}`);\n for (const s of data.skipped ?? []) {\n console.log(` skipped ${s.report_id} — ${describeGroupSkip(s)}`);\n }\n });\n\nreportCommand.command('ungroup <member_id>')\n .description('Detach a grouped member back to pending (inverse of group)')\n .action(async function (this: Command, memberId: string) {\n const client = new ApiClient();\n const data = await client.request<{ report: PlatformReportRow }>(\n 'POST',\n `/admin/reports/${encodeURIComponent(memberId)}/ungroup`,\n );\n console.log(`Detached ${data.report.report_id} → ${data.report.status}`);\n });\n\nreportCommand.command('escalate <id>')\n .description('Mark a pending report as escalated and link a GitHub issue')\n .requiredOption('--gh <url>', 'GitHub issue URL the triage routine opened')\n .option('--verdict <text>', 'AI verdict / triage rationale')\n .action(async function (this: Command, id: string, opts: { gh: string; verdict?: string }) {\n const client = new ApiClient();\n const body: Record<string, unknown> = { target: 'escalated', gh_issue_url: opts.gh };\n if (opts.verdict) body['ai_verdict'] = opts.verdict;\n const data = await client.request<{ report: PlatformReportRow; cascaded_report_ids: string[] }>(\n 'PATCH',\n `/admin/reports/${encodeURIComponent(id)}/transition`,\n body,\n );\n console.log(`Escalated ${data.report.report_id} → ${opts.gh}`);\n });\n\nreportCommand.command('addressed <id>')\n .description('Mark an escalated report as addressed (fix shipped)')\n .action(async function (this: Command, id: string) {\n const client = new ApiClient();\n const data = await client.request<{ report: PlatformReportRow; cascaded_report_ids: string[] }>(\n 'PATCH',\n `/admin/reports/${encodeURIComponent(id)}/transition`,\n { target: 'addressed' },\n );\n console.log(`Addressed ${data.report.report_id} (cascaded to ${data.cascaded_report_ids.length} group member(s))`);\n });\n\nreportCommand.command('dismiss <id>')\n .description('Mark a report as dismissed (not actionable)')\n .requiredOption('--reason <text>', 'Why this report was dismissed')\n .option('--verdict <text>', 'AI verdict / triage rationale')\n .action(async function (this: Command, id: string, opts: { reason: string; verdict?: string }) {\n const client = new ApiClient();\n const body: Record<string, unknown> = { target: 'dismissed', dismissal_reason: opts.reason };\n if (opts.verdict) body['ai_verdict'] = opts.verdict;\n const data = await client.request<{ report: PlatformReportRow; cascaded_report_ids: string[] }>(\n 'PATCH',\n `/admin/reports/${encodeURIComponent(id)}/transition`,\n body,\n );\n console.log(`Dismissed ${data.report.report_id} (reason: ${opts.reason})`);\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\n\ninterface ReportResponse {\n report_id: string;\n created: boolean;\n fingerprint: string;\n}\n\nexport const reportBugCommand = new Command('report-bug')\n .description('Submit a report to the Rekor triage queue (deduplicated)')\n .requiredOption('--title <title>', 'Short summary')\n .requiredOption('--description <text>', 'What happened')\n .option('--source <source>', 'Origin: cli_report (default) | review | security_audit')\n .option('--classification <c>', 'Nature: bug (default) | flaky_test | security')\n .option('--dedup-key <key>', 'Stable dedup key (e.g. \"<file>::<test>\"); collapses repeat occurrences')\n .option('--severity <level>', 'low | medium | high | critical')\n .option('--steps <text>', 'Steps to reproduce')\n .option('--error-message <text>', 'Exact error text if any')\n .option('--context <text>', 'Additional context (logs, request IDs)')\n .option('--locale <code>', 'Notification locale (en | pt | es)', 'en')\n .option('--reporter-email <addr>', 'Override reporter email (defaults to session email)')\n .action(async function (\n this: Command,\n opts: {\n title: string;\n description: string;\n source?: string;\n classification?: string;\n dedupKey?: string;\n severity?: string;\n steps?: string;\n errorMessage?: string;\n context?: string;\n locale?: string;\n reporterEmail?: string;\n },\n ) {\n const client = new ApiClient();\n const body: Record<string, unknown> = {\n title: opts.title,\n description: opts.description,\n locale: opts.locale,\n };\n if (opts.source) body['source'] = opts.source;\n if (opts.classification) body['classification'] = opts.classification;\n if (opts.dedupKey) body['dedup_key'] = opts.dedupKey;\n if (opts.severity) body['severity'] = opts.severity;\n if (opts.steps) body['steps'] = opts.steps;\n if (opts.errorMessage) body['error_message'] = opts.errorMessage;\n if (opts.context) body['context'] = opts.context;\n if (opts.reporterEmail) body['reporter_email'] = opts.reporterEmail;\n\n const data = await client.request<ReportResponse>('POST', '/v1/reports', body);\n if (data.created) {\n console.log(`Report submitted (id: ${data.report_id}).`);\n console.log('Our team will review and follow up by email if you provided one.');\n } else {\n console.log(`A matching report already exists (id: ${data.report_id}) — your submission was merged into it.`);\n }\n });\n","import { Command } from 'commander';\nimport { execFileSync } from 'node:child_process';\nimport { isNewerVersion } from '../version.js';\nimport { NPM_PACKAGE } from '../version-check.js';\nimport pkg from '../../package.json' with { type: 'json' };\n\nexport const updateCommand = new Command('update')\n .description('Update the Rekor CLI to the latest published version')\n .action(() => {\n console.log(`Current version: ${pkg.version}`);\n console.log('Checking for updates...');\n let latest: string;\n try {\n // shell: true is required on Windows where npm is a .cmd shim.\n latest = execFileSync('npm', ['view', NPM_PACKAGE, 'version'], { timeout: 10_000, shell: true })\n .toString()\n .trim();\n } catch {\n console.error(`Could not reach npm to check for updates.`);\n console.error(`Try manually: npm install -g ${NPM_PACKAGE}`);\n process.exit(1);\n }\n\n if (!isNewerVersion(latest, pkg.version)) {\n console.log(`Already on the latest version (${pkg.version}).`);\n return;\n }\n\n console.log(`Updating ${pkg.version} → ${latest}...`);\n try {\n execFileSync('npm', ['install', '-g', `${NPM_PACKAGE}@latest`], {\n timeout: 120_000,\n shell: true,\n stdio: 'inherit',\n });\n console.log(`Updated to ${latest}.`);\n } catch (err) {\n console.error(`Update failed: ${err instanceof Error ? err.message : String(err)}`);\n console.error(`Try manually: npm install -g ${NPM_PACKAGE}`);\n process.exit(1);\n }\n });\n","/** Returns true if `latest` is a newer semver than `current`. Prerelease/build metadata is stripped. */\nexport function isNewerVersion(latest: string, current: string): boolean {\n const strip = (v: string) => v.replace(/[-+].*$/, '');\n const l = strip(latest).split('.').map(Number);\n const c = strip(current).split('.').map(Number);\n for (let i = 0; i < Math.max(l.length, c.length); i++) {\n const lv = l[i] ?? 0;\n const cv = c[i] ?? 0;\n if (Number.isNaN(lv) || Number.isNaN(cv)) return false;\n if (lv > cv) return true;\n if (lv < cv) return false;\n }\n return false;\n}\n","import { readFileSync, writeFileSync, mkdirSync } from 'node:fs';\nimport { join } from 'node:path';\nimport { execFile } from 'node:child_process';\nimport { CONFIG_DIR } from './config.js';\nimport { isNewerVersion } from './version.js';\nimport { isCI } from './env.js';\n\n/** npm package name — shared with the `update` command. */\nexport const NPM_PACKAGE = 'rekor-cli';\nconst CACHE_FILE = join(CONFIG_DIR, 'update-check.json');\nconst MAX_AGE_MS = 24 * 60 * 60 * 1000; // 24h\n\ninterface VersionCache {\n lastCheck: number;\n latest: string | null;\n}\n\nfunction isDisabled(): boolean {\n return Boolean(\n process.env['NO_UPDATE_NOTIFIER'] ||\n process.env['REKOR_NO_UPDATE_CHECK'] ||\n isCI(),\n );\n}\n\nfunction readCache(): VersionCache | null {\n try {\n const parsed = JSON.parse(readFileSync(CACHE_FILE, 'utf-8')) as VersionCache;\n if (typeof parsed.lastCheck !== 'number') return null;\n if (parsed.latest !== null && typeof parsed.latest !== 'string') return null;\n return parsed;\n } catch {\n return null;\n }\n}\n\nfunction writeCache(cache: VersionCache): void {\n try {\n mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });\n writeFileSync(CACHE_FILE, JSON.stringify(cache), { mode: 0o600 });\n } catch {\n // Cache write failures just mean we re-check next run — never fatal.\n }\n}\n\n/** Latest known version from cache if it's fresh and newer than `current`, else null. */\nexport function readCachedLatest(current: string): string | null {\n const cache = readCache();\n if (!cache?.latest) return null;\n if (Date.now() - cache.lastCheck > MAX_AGE_MS) return null;\n return isNewerVersion(cache.latest, current) ? cache.latest : null;\n}\n\nfunction notify(latest: string, current: string): void {\n console.error(`\\nUpdate available: ${current} → ${latest}\\nRun \\`rekor update\\` to update.`);\n}\n\n/**\n * Non-blocking update check. Prints a nudge to stderr from a fresh cache; otherwise spawns a\n * detached `npm view` to populate the cache for next time. Wrapped so it can never throw or\n * delay CLI exit (the spawned child is unref'd).\n */\nexport function checkForUpdates(current: string): void {\n if (isDisabled()) return;\n try {\n const cache = readCache();\n\n if (cache && Date.now() - cache.lastCheck < MAX_AGE_MS) {\n if (cache.latest && isNewerVersion(cache.latest, current)) notify(cache.latest, current);\n return;\n }\n\n // Sentinel write first so concurrent/rapid runs don't all spawn npm.\n writeCache({ lastCheck: Date.now(), latest: cache?.latest ?? null });\n\n // shell: true is required on Windows where npm is a .cmd shim.\n const child = execFile(\n 'npm',\n ['view', NPM_PACKAGE, 'version'],\n { timeout: 5000, shell: true },\n (err, stdout) => {\n if (err) return;\n const latest = stdout.trim();\n if (!latest) return;\n writeCache({ lastCheck: Date.now(), latest });\n if (isNewerVersion(latest, current)) notify(latest, current);\n },\n );\n // Let the CLI exit immediately; the refresh runs detached.\n child.unref();\n } catch {\n // Never block the CLI on an update check.\n }\n}\n","{\n \"name\": \"rekor-cli\",\n \"version\": \"0.1.37\",\n \"type\": \"module\",\n \"engines\": {\n \"node\": \">=20.0.0\"\n },\n \"bin\": {\n \"rekor\": \"dist/index.js\"\n },\n \"files\": [\n \"dist\"\n ],\n \"scripts\": {\n \"build\": \"tsup\",\n \"typecheck\": \"tsc --noEmit\",\n \"test\": \"vitest run\",\n \"dev\": \"tsup --watch\"\n },\n \"dependencies\": {\n \"@napi-rs/keyring\": \"^1.1.6\",\n \"chalk\": \"^5.4.1\",\n \"cli-table3\": \"^0.6.5\",\n \"commander\": \"^13.1.0\",\n \"open\": \"^11.0.0\"\n },\n \"optionalDependencies\": {\n \"@sentry/node\": \"^10.0.0\"\n },\n \"devDependencies\": {\n \"@types/node\": \"^25.5.0\",\n \"tsup\": \"^8.4.0\",\n \"typescript\": \"^5.8.2\",\n \"vitest\": \"~3.0.9\"\n }\n}\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { getFormat } from '../helpers.js';\n\nexport interface MeResponse {\n auth_kind: string;\n grants_summary: string;\n org_id?: string;\n user_id?: string;\n email?: string;\n orgs?: Array<{ org_id: string; name: string; role: string }>;\n}\n\nexport const whoamiCommand = new Command('whoami')\n .description('Show the authenticated identity')\n .action(async function (this: Command) {\n const client = new ApiClient();\n const me = await client.request<MeResponse>('GET', '/v1/auth/me');\n\n if (getFormat(this) === 'json') {\n console.log(JSON.stringify(me, null, 2));\n return;\n }\n\n console.log(`auth_kind: ${me.auth_kind}`);\n if (me.email) console.log(`email: ${me.email}`);\n if (me.user_id) console.log(`user_id: ${me.user_id}`);\n if (me.org_id) console.log(`org_id: ${me.org_id}`);\n console.log(`grants: ${me.grants_summary}`);\n if (me.orgs && me.orgs.length > 0) {\n console.log('organizations:');\n for (const o of me.orgs) {\n console.log(` ${o.name} (${o.org_id}) — ${o.role}`);\n }\n }\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { ApiError } from '../errors.js';\nimport { loadConfig } from '../config.js';\nimport { isAuthenticated } from '../auth.js';\nimport { getFormat } from '../helpers.js';\nimport { readCachedLatest } from '../version-check.js';\nimport type { MeResponse } from './whoami.js';\nimport pkg from '../../package.json' with { type: 'json' };\n\ninterface StatusSnapshot {\n logged_in: boolean;\n token_valid: boolean | null;\n api_url: string;\n auth_kind: string | null;\n email: string | null;\n org_id: string | null;\n grants: string | null;\n cli: { version: string; latest: string | null };\n}\n\nexport const statusCommand = new Command('status')\n .description('Show auth, connectivity, and CLI version diagnostics')\n .action(async function (this: Command) {\n const config = loadConfig();\n const loggedIn = await isAuthenticated();\n const cliLatest = readCachedLatest(pkg.version);\n\n // null means \"not determined\" (never set false just because no credential exists) —\n // it flips to false only on a real 401/403 rejection, avoiding a misleading verdict.\n let tokenValid: boolean | null = null;\n let me: MeResponse | null = null;\n if (loggedIn) {\n try {\n me = await new ApiClient().request<MeResponse>('GET', '/v1/auth/me');\n tokenValid = true;\n } catch (err) {\n if (err instanceof ApiError && (err.status === 401 || err.status === 403)) tokenValid = false;\n }\n }\n\n const snapshot: StatusSnapshot = {\n logged_in: loggedIn,\n token_valid: tokenValid,\n api_url: config.api_url,\n auth_kind: me?.auth_kind ?? null,\n email: me?.email ?? null,\n org_id: me?.org_id ?? null,\n grants: me?.grants_summary ?? null,\n cli: { version: pkg.version, latest: cliLatest },\n };\n\n if (getFormat(this) === 'json') {\n console.log(JSON.stringify(snapshot, null, 2));\n return;\n }\n\n if (!loggedIn) {\n console.log('Not logged in. Run `rekor login`.');\n console.log(`API: ${config.api_url}`);\n if (cliLatest) console.log(`CLI: ${pkg.version} (latest: ${cliLatest} — run \\`rekor update\\`)`);\n return;\n }\n\n const tokenStatus =\n tokenValid === true\n ? 'token valid'\n : tokenValid === false\n ? 'token rejected — run `rekor login` to re-authenticate'\n : 'token validity unknown — backend unreachable';\n console.log(`Logged in${me?.email ? ` as ${me.email}` : ''} — ${tokenStatus}`);\n console.log(`API: ${config.api_url}`);\n if (me?.auth_kind) console.log(`Auth: ${me.auth_kind}`);\n if (me?.org_id) console.log(`Org: ${me.org_id}`);\n if (me?.grants_summary) console.log(`Grants: ${me.grants_summary}`);\n if (cliLatest) console.log(`CLI: ${pkg.version} (latest: ${cliLatest} — run \\`rekor update\\`)`);\n });\n","import { homedir, platform, arch } from 'node:os';\nimport { ApiError } from './errors.js';\n\n// Optional dependency — loaded lazily and only when a DSN is configured.\ntype SentryModule = typeof import('@sentry/node');\n\nlet sentry: SentryModule | null = null;\n\nfunction getDsn(): string | undefined {\n if (process.env['REKOR_TELEMETRY_DISABLED']) return undefined;\n return process.env['REKOR_CLI_SENTRY_DSN'] || undefined;\n}\n\n// Structural subset — keeps scrubHome decoupled from the optional @sentry/node types.\ninterface ScrubbableEvent {\n exception?: {\n values?: Array<{\n value?: string;\n stacktrace?: { frames?: Array<{ filename?: string; abs_path?: string }> };\n }>;\n };\n}\n\n// Redact the home dir wherever it leaks — fs-error messages embed it, not just stack frames.\nexport function scrubHome<T extends ScrubbableEvent>(event: T, home: string): T {\n const root = home.replace(/[\\\\/]+$/, '');\n if (!root) return event;\n const re = new RegExp(root.replace(/[.*+?^${}()|[\\]\\\\]/g, '\\\\$&') + '(?=[\\\\\\\\/]|$)', 'g');\n const scrub = (s: string): string => s.replace(re, '~');\n for (const value of event.exception?.values ?? []) {\n if (value.value) value.value = scrub(value.value);\n for (const frame of value.stacktrace?.frames ?? []) {\n if (frame.filename) frame.filename = scrub(frame.filename);\n if (frame.abs_path) frame.abs_path = scrub(frame.abs_path);\n }\n }\n return event;\n}\n\n/**\n * Initialize crash reporting. No-op unless `REKOR_CLI_SENTRY_DSN` is set and\n * `REKOR_TELEMETRY_DISABLED` is unset. The `@sentry/node` import is guarded so a missing\n * optional dependency degrades to silence rather than crashing.\n */\nexport async function initTelemetry(command: string | undefined, version: string): Promise<void> {\n if (sentry) return;\n const dsn = getDsn();\n if (!dsn) return;\n try {\n const mod = await import('@sentry/node');\n const home = homedir();\n mod.init({\n dsn,\n tracesSampleRate: 0,\n release: `rekor-cli@${version}`,\n environment: 'production',\n defaultIntegrations: false,\n beforeSend: (event) => scrubHome(event, home),\n });\n mod.setTag('command', command || 'unknown');\n mod.setTag('node_version', process.version);\n mod.setTag('os_platform', platform());\n mod.setTag('os_arch', arch());\n sentry = mod;\n } catch {\n sentry = null;\n }\n}\n\n/** Report an unexpected error. Skips when telemetry is off and skips expected (4xx) API errors. */\nexport function captureException(err: unknown): void {\n if (!sentry) return;\n if (err instanceof ApiError && err.isExpected) return;\n try {\n sentry.captureException(err);\n } catch {\n // Best-effort.\n }\n}\n\n/** Flush and close. Safe to call when telemetry was never initialized. */\nexport async function closeTelemetry(): Promise<void> {\n if (!sentry) return;\n try {\n await sentry.close(2000);\n } catch {\n // Best-effort.\n }\n sentry = null;\n}\n","import { program } from './program.js';\nimport { checkForUpdates } from './version-check.js';\nimport { handleCliError } from './errors.js';\nimport { initTelemetry, captureException, closeTelemetry } from './telemetry.js';\nimport pkg from '../package.json' with { type: 'json' };\n\nconst SKIP_UPDATE_CHECK = ['--version', '-v', '--help', '-h', 'help', 'update'];\nconst command = process.argv[2];\n\nasync function main(): Promise<void> {\n await initTelemetry(command, pkg.version);\n await program.parseAsync();\n if (command && !SKIP_UPDATE_CHECK.includes(command)) {\n checkForUpdates(pkg.version);\n }\n}\n\nmain()\n .then(() => closeTelemetry())\n .catch(async (err) => {\n handleCliError(err);\n captureException(err);\n await closeTelemetry();\n process.exit(1);\n });\n"],"mappings":";;;AAAA,SAAS,WAAAA,iBAAe;;;ACAxB,SAAS,eAAe;;;ACAxB,SAAS,cAAc,eAAe,iBAAiB;AACvD,SAAS,YAAY;AACrB,SAAS,eAAe;AAExB,IAAM,aAAa,KAAK,QAAQ,GAAG,WAAW,OAAO;AACrD,IAAM,cAAc,KAAK,YAAY,aAAa;AAc3C,SAAS,aAAqB;AACnC,QAAM,SAAS,QAAQ,IAAI,eAAe;AAE1C,MAAI;AACF,UAAM,MAAM,aAAa,aAAa,OAAO;AAC7C,UAAM,SAAS,KAAK,MAAM,GAAG;AAC7B,WAAO;AAAA,MACL,SAAS,UAAU,OAAO,WAAW;AAAA,MACrC,kBAAkB,OAAO;AAAA,MACzB,QAAQ,OAAO;AAAA,IACjB;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,MACL,SAAS,UAAU;AAAA,IACrB;AAAA,EACF;AACF;AAEO,SAAS,WAAW,QAAsB;AAC/C,YAAU,YAAY,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AACtD,MAAI,WAAuB,CAAC;AAC5B,MAAI;AACF,eAAW,KAAK,MAAM,aAAa,aAAa,OAAO,CAAC;AAAA,EAC1D,QAAQ;AACN,eAAW,CAAC;AAAA,EACd;AACA,QAAM,SAAqB,EAAE,GAAG,UAAU,GAAG,OAAO;AACpD,gBAAc,aAAa,KAAK,UAAU,QAAQ,MAAM,CAAC,GAAG,EAAE,MAAM,IAAM,CAAC;AAC7E;;;AC/CA,YAAY,QAAQ;AAGpB,IAAM,kBAAkB;AACxB,IAAM,UAAU;AAChB,IAAM,mBAAmB;AACzB,IAAM,oBAAoB;AAQ1B,IAAI;AAEJ,eAAe,aAA6C;AAC1D,MAAI,iBAAiB,OAAW,QAAO;AACvC,MAAI;AACF,UAAM,MAAM,MAAM,OAAO,kBAAkB;AAC3C,UAAM,QAAQ,IAAI;AAClB,mBAAe;AAAA,MACb,MAAM,YAAY,SAAS,SAAS;AAClC,YAAI;AAAE,iBAAO,IAAI,MAAM,SAAS,OAAO,EAAE,YAAY;AAAA,QAAG,QAAQ;AAAE,iBAAO;AAAA,QAAM;AAAA,MACjF;AAAA,MACA,MAAM,YAAY,SAAS,SAAS,UAAU;AAC5C,YAAI,MAAM,SAAS,OAAO,EAAE,YAAY,QAAQ;AAAA,MAClD;AAAA,MACA,MAAM,eAAe,SAAS,SAAS;AACrC,YAAI;AAAE,iBAAO,IAAI,MAAM,SAAS,OAAO,EAAE,eAAe;AAAA,QAAG,QAAQ;AAAE,iBAAO;AAAA,QAAO;AAAA,MACrF;AAAA,IACF;AAAA,EACF,QAAQ;AACN,mBAAe;AAAA,EACjB;AACA,SAAO;AACT;AAEA,SAAS,qBAAqB,SAAyB;AACrD,MAAI,QAAQ,aAAa,UAAU;AACjC,WAAO,uCAAuC,eAAe,OAAO,OAAO;AAAA,EAC7E;AACA,MAAI,QAAQ,aAAa,SAAS;AAChC,WAAO,kBAAkB,eAAe,IAAI,OAAO;AAAA,EACrD;AACA,MAAI,QAAQ,aAAa,SAAS;AAChC,WAAO,6BAA6B,eAAe,YAAY,OAAO;AAAA,EACxE;AACA,SAAO,oBAAoB,eAAe,cAAc,OAAO;AACjE;AAaA,SAAS,iBAA0C;AACjD,MAAI,CAAI,cAAW,WAAW,EAAG,QAAO;AACxC,MAAI;AACF,WAAO,KAAK,MAAS,gBAAa,aAAa,OAAO,CAAC;AAAA,EACzD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,gBAAgB,MAA8B;AACrD,MAAI,CAAI,cAAW,UAAU,GAAG;AAC9B,IAAG,aAAU,YAAY,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AAAA,EAC3D;AACA,EAAG,iBAAc,aAAa,KAAK,UAAU,MAAM,MAAM,CAAC,GAAG,EAAE,MAAM,IAAM,CAAC;AAC9E;AAGO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAC/C,YAA4B,SAAiB;AAC3C;AAAA,MACE,iDAAiD,OAAO;AAAA,IAClB,qBAAqB,OAAO,CAAC;AAAA,IACrE;AAJ0B;AAK1B,SAAK,OAAO;AAAA,EACd;AACF;AAEA,eAAe,UAAU,SAAyB,SAAmC;AACnF,QAAM,QAAQ,eAAe,iBAAiB,OAAO;AACrD,MAAI;AACF,WAAQ,MAAM,QAAQ,YAAY,iBAAiB,OAAO,MAAO;AAAA,EACnE,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAMA,SAAS,2BAAiC;AACxC,QAAM,WAAW,eAAe;AAChC,MAAI,CAAC,SAAU;AACf,MAAI,SAAS,UAAU,UAAa,SAAS,iBAAiB,UAAa,SAAS,kBAAkB,OAAW;AACjH,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,kBAAgB,QAAQ;AAC1B;AAEA,SAAS,wBAA4C;AACnD,SAAO,eAAe,GAAG;AAC3B;AAEA,SAAS,uBAAuB,OAAiC;AAC/D,QAAM,WAAW,eAAe,KAAK,CAAC;AACtC,MAAI,UAAU,QAAW;AACvB,WAAO,SAAS;AAAA,EAClB,OAAO;AACL,aAAS,mBAAmB;AAAA,EAC9B;AACA,kBAAgB,QAAQ;AAC1B;AAEA,eAAe,uBAAuB,SAA+D;AACnG,QAAM,WAAW,eAAe;AAChC,MAAI,CAAC,SAAU,QAAO;AAGtB,MAAI,SAAS,cAAc;AACzB,UAAM,MAAqB;AAAA,MACzB,MAAM;AAAA,MACN,cAAc,SAAS;AAAA,MACvB,eAAe,SAAS;AAAA,MACxB,YAAY,SAAS;AAAA,IACvB;AACA,QAAI,SAAS;AACX,UAAI;AAEF,cAAM,iBAAiB,MAAM,QAAQ,YAAY,iBAAiB,gBAAgB;AAClF,YAAI,CAAC,gBAAgB;AACnB,gBAAM,QAAQ,YAAY,iBAAiB,kBAAkB,SAAS,YAAY;AAClF,cAAI,SAAS,eAAe;AAC1B,kBAAM,QAAQ,YAAY,iBAAiB,mBAAmB,SAAS,aAAa;AAAA,UACtF;AAAA,QACF;AACA,YAAI;AAAE,mCAAyB;AAAA,QAAG,SAAS,KAAK;AAC9C,kBAAQ,KAAK,mDAAmD,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,QAC5G;AAAA,MACF,SAAS,KAAK;AACZ,gBAAQ,KAAK,8CAA+C,IAAc,OAAO,iCAAiC;AAAA,MACpH;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,MAAI,SAAS,OAAO;AAClB,UAAM,QAAQ,SAAS;AACvB,QAAI,CAAC,QAAS,QAAO,EAAE,MAAM,OAAO,MAAM;AAC1C,QAAI;AACF,YAAM,cAAc,MAAM,QAAQ,YAAY,iBAAiB,OAAO;AACtE,UAAI,aAAa;AAEf,YAAI;AAAE,mCAAyB;AAAA,QAAG,SAAS,KAAK;AAC9C,kBAAQ,KAAK,2CAA2C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,QACpG;AACA,eAAO;AAAA,MACT;AACA,YAAM,QAAQ,YAAY,iBAAiB,SAAS,KAAK;AACzD,UAAI;AAAE,iCAAyB;AAAA,MAAG,SAAS,KAAK;AAC9C,gBAAQ,KAAK,4CAA4C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,MACrG;AAAA,IACF,SAAS,KAAK;AACZ,cAAQ,KAAK,qCAAsC,IAAc,OAAO,uCAAuC;AAAA,IACjH;AACA,WAAO,EAAE,MAAM,OAAO,MAAM;AAAA,EAC9B;AAEA,SAAO;AACT;AAGA,eAAsB,mBAAkD;AACtE,QAAM,WAAW,QAAQ,IAAI,aAAa;AAC1C,MAAI,UAAU;AAEZ,WAAO,EAAE,MAAM,OAAO,OAAO,SAAS;AAAA,EACxC;AAEA,QAAM,UAAU,MAAM,WAAW;AACjC,QAAM,WAAW,MAAM,uBAAuB,OAAO;AACrD,MAAI,SAAU,QAAO;AAErB,MAAI,SAAS;AAEX,UAAM,CAAC,KAAK,QAAQ,OAAO,IAAI,MAAM,QAAQ,IAAI;AAAA,MAC/C,QAAQ,YAAY,iBAAiB,OAAO;AAAA,MAC5C,QAAQ,YAAY,iBAAiB,gBAAgB;AAAA,MACrD,QAAQ,YAAY,iBAAiB,iBAAiB;AAAA,IACxD,CAAC;AACD,QAAI,IAAK,QAAO,EAAE,MAAM,OAAO,OAAO,IAAI;AAC1C,QAAI,QAAQ;AACV,YAAM,MAAqB,EAAE,MAAM,SAAS,cAAc,OAAO;AACjE,UAAI,QAAS,KAAI,gBAAgB;AACjC,YAAM,YAAY,sBAAsB;AACxC,UAAI,UAAW,KAAI,aAAa;AAChC,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAaA,eAAsB,YAAY,OAA8B;AAC9D,QAAM,UAAU,MAAM,WAAW;AACjC,MAAI,SAAS;AACX,QAAI;AAEF,YAAM,CAAC,eAAe,cAAc,IAAI,MAAM,QAAQ,IAAI;AAAA,QACxD,UAAU,SAAS,gBAAgB;AAAA,QACnC,UAAU,SAAS,iBAAiB;AAAA,MACtC,CAAC;AACD,YAAM,QAAQ;AAAA,QACZ,gBAAgB,OAAO;AAAA,QACvB,iBAAiB,OAAO;AAAA,MAC1B,EAAE,OAAO,CAAC,MAAmB,MAAM,IAAI;AACvC,UAAI,MAAM,SAAS,GAAG;AACpB,gBAAQ;AAAA,UACN;AAAA,YACE;AAAA,YACA,GAAG,MAAM,IAAI,OAAK,KAAK,qBAAqB,CAAC,CAAC,EAAE;AAAA,UAClD,EAAE,KAAK,IAAI;AAAA,QACb;AAAA,MACF;AACA,YAAM,QAAQ,YAAY,iBAAiB,SAAS,KAAK;AACzD,6BAAuB,MAAS;AAChC,UAAI;AAAE,iCAAyB;AAAA,MAAG,SAAS,KAAK;AAC9C,gBAAQ,KAAK,4CAA4C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,MACrG;AACA;AAAA,IACF,SAAS,KAAK;AACZ,UAAI,eAAe,sBAAuB,OAAM;AAChD,cAAQ,KAAK,iCAAkC,IAAc,OAAO,kCAAkC;AAAA,IACxG;AAAA,EACF;AACA,QAAM,WAAW,eAAe,KAAK,CAAC;AACtC,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,WAAS,QAAQ;AACjB,kBAAgB,QAAQ;AAC1B;AAEA,eAAsB,eACpB,aACA,cACA,WACe;AACf,QAAM,UAAU,MAAM,WAAW;AACjC,MAAI,SAAS;AACX,QAAI;AAEF,UAAI,CAAE,MAAM,UAAU,SAAS,OAAO,GAAI;AACxC,cAAM,IAAI,sBAAsB,OAAO;AAAA,MACzC;AACA,YAAM,QAAQ,YAAY,iBAAiB,kBAAkB,WAAW;AACxE,UAAI,cAAc;AAChB,cAAM,QAAQ,YAAY,iBAAiB,mBAAmB,YAAY;AAAA,MAC5E,OAAO;AAEL,cAAM,UAAU,SAAS,iBAAiB;AAAA,MAC5C;AACA,6BAAuB,SAAS;AAChC,UAAI;AAAE,iCAAyB;AAAA,MAAG,SAAS,KAAK;AAC9C,gBAAQ,KAAK,4CAA4C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,MACrG;AACA;AAAA,IACF,SAAS,KAAK;AAEZ,UAAI,eAAe,sBAAuB,OAAM;AAChD,cAAQ,KAAK,iCAAkC,IAAc,OAAO,kCAAkC;AAAA,IACxG;AAAA,EACF;AACA,QAAM,WAAW,eAAe,KAAK,CAAC;AACtC,SAAO,SAAS;AAChB,WAAS,eAAe;AACxB,MAAI,aAAc,UAAS,gBAAgB;AAC3C,WAAS,mBAAmB;AAC5B,kBAAgB,QAAQ;AAC1B;AAMA,eAAsB,iBAAgC;AACpD,QAAM,UAAU,MAAM,WAAW;AACjC,MAAI,SAAS;AACX,UAAM,QAAQ,CAAC,SAAS,kBAAkB,iBAAiB;AAC3D,UAAM,UAAU,MAAM,QAAQ,IAAI,MAAM,IAAI,OAAK,UAAU,SAAS,CAAC,CAAC,CAAC;AACvE,eAAW,CAAC,GAAG,EAAE,KAAK,QAAQ,QAAQ,GAAG;AACvC,UAAI,CAAC,IAAI;AACP,cAAM,UAAU,MAAM,CAAC;AACvB,gBAAQ;AAAA,UACN,yCAAyC,OAAO;AAAA,IAAuE,qBAAqB,OAAO,CAAC;AAAA,QACtJ;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,QAAM,WAAW,eAAe;AAChC,MAAI,UAAU;AACZ,QAAI,QAAQ;AACZ,eAAW,KAAK,CAAC,SAAS,gBAAgB,iBAAiB,kBAAkB,GAAY;AACvF,UAAI,SAAS,CAAC,MAAM,QAAW;AAC7B,eAAO,SAAS,CAAC;AACjB,gBAAQ;AAAA,MACV;AAAA,IACF;AACA,QAAI,MAAO,iBAAgB,QAAQ;AAAA,EACrC;AACF;;;AC7UA,YAAY,UAAU;AAGf,IAAM,sBAAsB;AAEnC,IAAM,yBAAyB;AAC/B,IAAM,4BAA4B;AAE3B,SAAS,mBAA2B;AACzC,SAAO,QAAQ,IAAI,sBAAsB,KAAK;AAChD;AAEO,SAAS,qBAA6B;AAC3C,SAAO,QAAQ,IAAI,yBAAyB,KAAK;AACnD;AAQO,SAAS,eAAe,kBAAkC;AAC/D,SAAO,IAAI,KAAK,KAAK,IAAI,IAAI,mBAAmB,GAAI,EAAE,YAAY;AACpE;AAMO,SAAS,2BAA2B,cAAiD;AAC1F,MAAI,aAAc,QAAO;AACzB,SACE;AAIJ;AAEA,SAAS,gBAAgB,OAA+B;AACtD,MAAI,OAAO,UAAU,YAAY,UAAU,MAAM;AAC/C,UAAM,IAAI,MAAM,6CAA6C;AAAA,EAC/D;AACA,QAAM,IAAI;AACV,MAAI,OAAO,EAAE,iBAAiB,YAAY,OAAO,EAAE,eAAe,UAAU;AAC1E,UAAM,IAAI,MAAM,+CAA+C;AAAA,EACjE;AACA,QAAM,MAAqB,EAAE,cAAc,EAAE,cAAc,YAAY,EAAE,WAAW;AACpF,MAAI,OAAO,EAAE,kBAAkB,SAAU,KAAI,gBAAgB,EAAE;AAC/D,SAAO;AACT;AAEA,eAAsB,sBACpB,eACA,UACA,MACA,cACA,aACwB;AACxB,QAAM,WAAW,MAAM,MAAM,GAAG,aAAa,iBAAiB;AAAA,IAC5D,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,IAC/D,MAAM,IAAI,gBAAgB;AAAA,MACxB,YAAY;AAAA,MACZ;AAAA,MACA,eAAe;AAAA,MACf,cAAc;AAAA,MACd,WAAW;AAAA,IACb,CAAC,EAAE,SAAS;AAAA,EACd,CAAC;AAED,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,UAAM,IAAI,MAAM,0BAA0B,SAAS,MAAM,MAAM,IAAI,EAAE;AAAA,EACvE;AAEA,SAAO,gBAAgB,MAAM,SAAS,KAAK,CAAC;AAC9C;AAEO,IAAM,sBAAN,cAAkC,MAAM;AAAA,EAC7C,cAAc;AACZ,UAAM,iBAAiB;AACvB,SAAK,OAAO;AAAA,EACd;AACF;AAEA,eAAsB,mBACpB,eACA,UACA,cACwB;AACxB,QAAM,WAAW,MAAM,MAAM,GAAG,aAAa,iBAAiB;AAAA,IAC5D,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,IAC/D,MAAM,IAAI,gBAAgB;AAAA,MACxB,YAAY;AAAA,MACZ,eAAe;AAAA,MACf,WAAW;AAAA,IACb,CAAC,EAAE,SAAS;AAAA,EACd,CAAC;AAED,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,SAAS,SAAS;AACxB,UAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,QAAI,WAAW,OAAO,WAAW,KAAK;AACpC,UAAI;AACF,cAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,YAAI,OAAO,UAAU,gBAAiB,OAAM,IAAI,oBAAoB;AAAA,MACtE,SAAS,KAAK;AACZ,YAAI,eAAe,oBAAqB,OAAM;AAAA,MAEhD;AAAA,IACF;AAEA,UAAM,IAAI,MAAM,yBAAyB,MAAM,MAAM,IAAI,EAAE;AAAA,EAC7D;AAEA,SAAO,gBAAgB,MAAM,SAAS,KAAK,CAAC;AAC9C;AAEO,SAAS,oBACd,MACA,eACA,YAAoB,MACO;AAC3B,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,QAAI,UAAU;AACd,UAAM,SAAc,kBAAa,CAAC,KAAK,QAAQ;AAC7C,YAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,oBAAoB,IAAI,EAAE;AAC9D,UAAI,IAAI,aAAa,aAAa;AAChC,YAAI,UAAU,GAAG;AACjB,YAAI,IAAI;AACR;AAAA,MACF;AAEA,UAAI,SAAS;AACX,YAAI,UAAU,GAAG;AACjB,YAAI,IAAI;AACR;AAAA,MACF;AAEA,YAAM,OAAO,IAAI,aAAa,IAAI,MAAM;AACxC,YAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,YAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,YAAM,mBAAmB,IAAI,aAAa,IAAI,mBAAmB;AAEjE,UAAI,OAAO;AACT,kBAAU;AACV,YAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,YAAI,IAAI,UAAU,oBAAoB,KAAK,CAAC;AAC5C,gBAAQ;AACR,eAAO,IAAI,MAAM,gBAAgB,oBAAoB,KAAK,EAAE,CAAC;AAC7D;AAAA,MACF;AAEA,UAAI,UAAU,eAAe;AAC3B,kBAAU;AACV,YAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,YAAI,IAAI,UAAU,yBAAyB,CAAC;AAC5C,gBAAQ;AACR,eAAO,IAAI,MAAM,mDAA8C,CAAC;AAChE;AAAA,MACF;AAEA,UAAI,CAAC,MAAM;AACT,kBAAU;AACV,YAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,YAAI,IAAI,UAAU,gCAAgC,CAAC;AACnD,gBAAQ;AACR,eAAO,IAAI,MAAM,gCAAgC,CAAC;AAClD;AAAA,MACF;AAEA,gBAAU;AACV,UAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,UAAI,IAAI,YAAY,CAAC;AACrB,cAAQ;AACR,cAAQ,EAAE,KAAK,CAAC;AAAA,IAClB,CAAC;AAED,UAAM,UAAU,WAAW,MAAM;AAC/B,cAAQ;AACR,aAAO,IAAI,MAAM,uDAAuD,CAAC;AAAA,IAC3E,GAAG,SAAS;AAEZ,aAAS,UAAgB;AACvB,mBAAa,OAAO;AACpB,aAAO,MAAM;AAAA,IACf;AAEA,WAAO,GAAG,SAAS,CAAC,QAA+B;AACjD,cAAQ;AACR,UAAI,IAAI,SAAS,cAAc;AAC7B,eAAO,IAAI,MAAM,QAAQ,IAAI,gDAAgD,CAAC;AAAA,MAChF,OAAO;AACL,eAAO,GAAG;AAAA,MACZ;AAAA,IACF,CAAC;AAED,WAAO,OAAO,MAAM,WAAW;AAAA,EACjC,CAAC;AACH;AAEA,SAAS,cAAsB;AAC7B,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAQT;AAGA,SAAS,WAAW,OAAuB;AACzC,SAAO,MACJ,QAAQ,MAAM,OAAO,EACrB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,QAAQ,EACtB,QAAQ,MAAM,OAAO;AAC1B;AAEA,SAAS,UAAU,SAAyB;AAC1C,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA,kDAKyC,WAAW,OAAO,CAAC;AAAA;AAAA;AAGrE;;;ACrOA,eAAsB,MAAM,OAAe,QAAgC;AACzE,QAAM,YAAY,KAAK;AACvB,QAAM,SAAS,WAAW;AAC1B,aAAW;AAAA,IACT,GAAG;AAAA,IACH,SAAS,UAAU,OAAO;AAAA,EAC5B,CAAC;AACH;AAEA,IAAM,oBAAoB;AAG1B,eAAsB,iBAAyC;AAC7D,QAAM,WAAW,MAAM,iBAAiB;AACxC,MAAI,CAAC,SAAU,QAAO;AAEtB,MAAI,SAAS,SAAS,MAAO,QAAO,SAAS;AAG7C,QAAM,cAAc,SAAS,aAAa,IAAI,KAAK,SAAS,UAAU,EAAE,QAAQ,IAAI,OAAO;AAC3F,MAAI,CAAC,OAAO,SAAS,WAAW,KAAK,cAAc,KAAK,IAAI,IAAI,mBAAmB;AACjF,WAAO,SAAS;AAAA,EAClB;AACA,MAAI,CAAC,SAAS,eAAe;AAC3B,UAAM,IAAI,MAAM,+EAA+E;AAAA,EACjG;AAEA,MAAI;AACF,UAAM,SAAS,MAAM,mBAAmB,iBAAiB,GAAG,mBAAmB,GAAG,SAAS,aAAa;AACxG,UAAM,eAAe,eAAe,OAAO,UAAU;AACrD,UAAM,eAAe,OAAO,cAAc,OAAO,iBAAiB,SAAS,eAAe,YAAY;AACtG,WAAO,OAAO;AAAA,EAChB,SAAS,KAAK;AACZ,QAAI,eAAe,qBAAqB;AACtC,YAAM,eAAe;AACrB,YAAM,IAAI,MAAM,2CAA2C;AAAA,IAC7D;AACA,UAAM;AAAA,EACR;AACF;AAGA,eAAsB,kBAAyD;AAC7E,QAAM,WAAW,MAAM,iBAAiB;AACxC,SAAO,UAAU,QAAQ;AAC3B;AAEA,eAAsB,kBAAoC;AACxD,SAAQ,MAAM,iBAAiB,MAAO;AACxC;;;ACtDA,YAAY,YAAY;AAEjB,SAAS,uBAA+B;AAC7C,SAAc,mBAAY,EAAE,EAAE,SAAS,WAAW;AACpD;AAEO,SAAS,sBAAsB,UAA0B;AAC9D,SAAc,kBAAW,QAAQ,EAAE,OAAO,QAAQ,EAAE,OAAO,EAAE,SAAS,WAAW;AACnF;AAEO,SAAS,gBAAwB;AACtC,SAAc,mBAAY,EAAE,EAAE,SAAS,WAAW;AACpD;;;ACVO,SAAS,OAAgB;AAC9B,SAAO,QAAQ,QAAQ,IAAI,IAAI,CAAC;AAClC;AAGO,SAAS,gBAAyB;AACvC,SAAO,QAAQ,QAAQ,MAAM,SAAS,QAAQ,OAAO,KAAK;AAC5D;AAGO,SAAS,QAAiB;AAC/B,SAAO,QAAQ,QAAQ,IAAI,gBAAgB,KAAK,QAAQ,IAAI,SAAS,CAAC;AACxE;;;ANMA,IAAM,wBAAwB;AAEvB,IAAM,eAAe,IAAI,QAAQ,OAAO,EAC5C,YAAY,yBAAyB,EACrC,OAAO,mBAAmB,kDAAkD,EAC5E,OAAO,mBAAmB,cAAc,EACxC,OAAO,OAAO,SAA8C;AAC3D,MAAI,KAAK,OAAO;AACd,UAAM,MAAM,KAAK,OAAO,KAAK,MAAM;AACnC,YAAQ,IAAI,4BAA4B;AACxC;AAAA,EACF;AAIA,QAAM,iBAAiB,KAAK,MAAM;AAClC,UAAQ,IAAI,4BAA4B;AAC1C,CAAC;AAEH,eAAe,iBAAiB,QAAgC;AAC9D,QAAM,eAAe,qBAAqB;AAC1C,QAAM,gBAAgB,sBAAsB,YAAY;AACxD,QAAM,QAAQ,cAAc;AAE5B,QAAM,OAAO;AACb,QAAM,cAAc,oBAAoB,IAAI;AAE5C,QAAM,gBAAgB,iBAAiB;AACvC,QAAM,WAAW,mBAAmB;AAEpC,QAAM,eAAe,IAAI,IAAI,GAAG,aAAa,mBAAmB;AAChE,eAAa,aAAa,IAAI,aAAa,QAAQ;AACnD,eAAa,aAAa,IAAI,gBAAgB,WAAW;AACzD,eAAa,aAAa,IAAI,iBAAiB,MAAM;AACrD,eAAa,aAAa,IAAI,kBAAkB,aAAa;AAC7D,eAAa,aAAa,IAAI,yBAAyB,MAAM;AAC7D,eAAa,aAAa,IAAI,SAAS,KAAK;AAG5C,eAAa,aAAa,IAAI,SAAS,qCAAqC;AAG5E,QAAM,kBAAkB,oBAAoB,MAAM,KAAK;AAEvD,MAAI;AACJ,MAAI,MAAM,GAAG;AAEX,YAAQ,IAAI,mEAAmE;AAC/E,YAAQ,IAAI,aAAa,SAAS,CAAC;AAAA,EACrC,OAAO;AACL,YAAQ,IAAI,uCAAuC;AACnD,UAAM,OAAO,MAAM,OAAO,MAAM,EAAE,KAAK,OAAK,EAAE,OAAO;AAGrD,QAAI,kBAAkB;AACtB,oBAAgB,WAAW,MAAM;AAC/B,wBAAkB;AAClB,cAAQ,IAAI,sCAAsC,aAAa,SAAS,CAAC,EAAE;AAAA,IAC7E,GAAG,qBAAqB;AAExB,SAAK,aAAa,SAAS,CAAC,EAAE,MAAM,MAAM;AACxC,UAAI,gBAAiB;AACrB,mBAAa,aAAa;AAC1B,cAAQ,IAAI,uCAAuC;AACnD,cAAQ,IAAI,UAAU,aAAa,SAAS,CAAC,EAAE;AAAA,IACjD,CAAC;AAAA,EACH;AAEA,MAAI;AACJ,MAAI;AACF,KAAC,EAAE,KAAK,IAAI,MAAM;AAAA,EACpB,UAAE;AACA,QAAI,cAAe,cAAa,aAAa;AAAA,EAC/C;AAEA,QAAM,SAAS,MAAM,sBAAsB,eAAe,UAAU,MAAM,cAAc,WAAW;AACnG,QAAM,YAAY,eAAe,OAAO,UAAU;AAClD,QAAM,eAAe,OAAO,cAAc,OAAO,eAAe,SAAS;AAEzE,QAAM,mBAAmB,2BAA2B,OAAO,aAAa;AACxE,MAAI,iBAAkB,SAAQ,KAAK,gBAAgB;AAEnD,QAAM,SAAS,WAAW;AAC1B,aAAW;AAAA,IACT,GAAG;AAAA,IACH,SAAS,UAAU,OAAO;AAAA,EAC5B,CAAC;AACH;;;AO3GA,SAAS,WAAAC,gBAAe;;;ACCjB,IAAM,WAAN,cAAuB,MAAM;AAAA,EAClC,YACkB,QAChB,SACgB,MACA,MAChB;AACA,UAAM,OAAO;AALG;AAEA;AACA;AAGhB,SAAK,OAAO;AAAA,EACd;AAAA;AAAA,EAGA,IAAI,aAAsB;AACxB,WAAO,KAAK,UAAU,OAAO,KAAK,SAAS;AAAA,EAC7C;AACF;AAGO,SAAS,aAAa,KAA6B;AACxD,MAAI,EAAE,eAAe,UAAW,QAAO;AACvC,UAAQ,IAAI,QAAQ;AAAA,IAClB,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT;AACE,UAAI,IAAI,UAAU,IAAK,QAAO;AAC9B,aAAO;AAAA,EACX;AACF;AAGO,SAAS,eAAe,KAAoB;AACjD,QAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,UAAQ,MAAM,UAAU,OAAO,EAAE;AACjC,QAAM,OAAO,aAAa,GAAG;AAC7B,MAAI,KAAM,SAAQ,MAAM,IAAI;AAC9B;;;ACtCO,IAAM,YAAN,MAAgB;AAAA,EACZ;AAAA,EACD;AAAA,EAER,cAAc;AACZ,UAAM,SAAS,WAAW;AAC1B,SAAK,UAAU,OAAO;AAAA,EACxB;AAAA,EAEQ,WAAmC;AACzC,QAAI,CAAC,KAAK,cAAe,MAAK,gBAAgB,eAAe;AAC7D,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAc,cAA+C;AAC3D,UAAM,QAAQ,MAAM,KAAK,SAAS;AAClC,WAAO,QAAQ,EAAE,iBAAiB,UAAU,KAAK,GAAG,IAAI,CAAC;AAAA,EAC3D;AAAA,EAEA,MAAM,QAAqB,QAAgB,MAAc,MAA4B;AACnF,UAAM,MAAM,MAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI,IAAI;AAAA,MAChD;AAAA,MACA,SAAS;AAAA,QACP,GAAI,MAAM,KAAK,YAAY;AAAA,QAC3B,gBAAgB;AAAA,MAClB;AAAA,MACA,MAAM,OAAO,KAAK,UAAU,IAAI,IAAI;AAAA,IACtC,CAAC;AAID,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,QAAI;AACJ,QAAI,MAAM;AACR,UAAI;AACF,iBAAS,KAAK,MAAM,IAAI;AAAA,MAC1B,QAAQ;AACN,iBAAS;AAAA,MACX;AAAA,IACF;AAEA,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,IAAI;AAAA,QACR,IAAI;AAAA,QACJ,QAAQ,OAAO,WAAW,QAAQ,IAAI,MAAM;AAAA,QAC5C,QAAQ,OAAO;AAAA,QACf;AAAA,MACF;AAAA,IACF;AACA,WAAO,QAAQ;AAAA,EACjB;AAAA,EAEA,MAAM,WAAW,KAAa,MAAgB,aAAoC;AAChF,UAAM,MAAM,MAAM,MAAM,KAAK;AAAA,MAC3B,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,GAAI,MAAM,KAAK,YAAY;AAAA,QAC3B,gBAAgB;AAAA,MAClB;AAAA,MACA;AAAA,IACF,CAAC;AACD,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,IAAI,SAAS,IAAI,QAAQ,uBAAuB,IAAI,MAAM,EAAE;AAAA,IACpE;AAAA,EACF;AACF;;;AFhEO,IAAM,gBAAgB,IAAIC,SAAQ,QAAQ,EAC9C,YAAY,0CAA0C,EACtD,OAAO,YAAY;AAClB,QAAM,OAAO,MAAM,gBAAgB;AAInC,MAAI,SAAS,SAAS;AACpB,QAAI;AACF,YAAM,SAAS,IAAI,UAAU;AAC7B,YAAM,OAAO,QAAQ,QAAQ,iBAAiB;AAAA,IAChD,SAAS,KAAK;AACZ,cAAQ,KAAK,qCAAqC,eAAe,QAAQ,IAAI,UAAU,SAAS,uCAAuC;AAAA,IACzI;AAAA,EACF;AAEA,QAAM,eAAe;AACrB,UAAQ,IAAI,yBAAyB;AACvC,CAAC;;;AGvBH,SAAS,WAAAC,gBAAe;;;ACAxB,OAAO,WAAW;AAClB,OAAO,WAAW;AAIX,SAAS,aAAa,MAAe,QAA8B;AACxE,MAAI,WAAW,QAAQ;AACrB,WAAO,KAAK,UAAU,MAAM,MAAM,CAAC;AAAA,EACrC;AAEA,MAAI,MAAM,QAAQ,IAAI,GAAG;AACvB,WAAO,YAAY,IAAiC;AAAA,EACtD;AAEA,MAAI,OAAO,SAAS,YAAY,SAAS,MAAM;AAC7C,WAAO,eAAe,IAA+B;AAAA,EACvD;AAEA,SAAO,OAAO,IAAI;AACpB;AAEA,SAAS,YAAY,MAAyC;AAC5D,MAAI,KAAK,WAAW,EAAG,QAAO,MAAM,IAAI,YAAY;AAEpD,QAAM,OAAO,OAAO,KAAK,KAAK,CAAC,CAAE;AACjC,QAAM,QAAQ,IAAI,MAAM,EAAE,MAAM,KAAK,IAAI,OAAK,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;AAE9D,aAAW,OAAO,MAAM;AACtB,UAAM,KAAK,KAAK,IAAI,OAAK;AACvB,YAAM,MAAM,IAAI,CAAC;AACjB,UAAI,QAAQ,QAAQ,QAAQ,OAAW,QAAO;AAC9C,UAAI,OAAO,QAAQ,SAAU,QAAO,KAAK,UAAU,GAAG;AACtD,aAAO,OAAO,GAAG;AAAA,IACnB,CAAC,CAAC;AAAA,EACJ;AAEA,SAAO,MAAM,SAAS;AACxB;AAEA,SAAS,eAAe,KAAsC;AAC5D,QAAM,QAAQ,IAAI,MAAM;AACxB,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,GAAG,GAAG;AAC9C,UAAM,eAAe,OAAO,UAAU,WAAW,KAAK,UAAU,KAAK,IAAI,OAAO,SAAS,EAAE;AAC3F,UAAM,KAAK,EAAE,CAAC,MAAM,KAAK,GAAG,CAAC,GAAG,aAAa,CAAC;AAAA,EAChD;AACA,SAAO,MAAM,SAAS;AACxB;;;AC9CA,SAAS,gBAAAC,qBAAoB;AAItB,SAAS,UAAU,MAAuC;AAC/D,MAAI,KAAK,WAAW,GAAG,GAAG;AACxB,UAAM,UAAUA,cAAa,KAAK,MAAM,CAAC,GAAG,OAAO;AACnD,WAAO,KAAK,MAAM,OAAO;AAAA,EAC3B;AACA,SAAO,KAAK,MAAM,IAAI;AACxB;AAEO,SAAS,YAAY,KAAsB;AAEhD,MAAI,UAA0B;AAC9B,SAAO,SAAS;AACd,UAAM,KAAK,QAAQ,KAAK,EAAE;AAC1B,QAAI,GAAI,QAAO;AACf,cAAU,QAAQ;AAAA,EACpB;AACA,UAAQ,MAAM,+BAA+B;AAC7C,SAAO,QAAQ,KAAK,CAAC;AACvB;AAEO,SAAS,UAAU,KAA4B;AAOpD,MAAI,OAAgB;AACpB,SAAO,KAAK,OAAQ,QAAO,KAAK;AAChC,QAAM,OAAO,KAAK,KAAK;AAGvB,SAAO,KAAK,QAAQ,KAAK,WAAW,SAAS,SAAS;AACxD;;;ACrCA,YAAY,cAAc;AAQnB,SAAS,QAAQ,UAAkB,OAAiC,CAAC,GAAqB;AAC/F,MAAI,CAAC,cAAc,EAAG,QAAO,QAAQ,QAAQ,IAAI;AAEjD,QAAM,SAAS,KAAK,aAAa,UAAU;AAC3C,QAAM,KAAc,yBAAgB,EAAE,OAAO,QAAQ,OAAO,QAAQ,QAAQ,OAAO,CAAC;AACpF,SAAO,IAAI,QAAQ,CAAC,YAAY;AAC9B,OAAG,SAAS,GAAG,QAAQ,IAAI,MAAM,MAAM,CAAC,WAAW;AACjD,SAAG,MAAM;AACT,YAAM,IAAI,OAAO,KAAK,EAAE,YAAY;AACpC,UAAI,MAAM,GAAI,QAAO,QAAQ,QAAQ,KAAK,UAAU,CAAC;AACrD,cAAQ,MAAM,OAAO,MAAM,KAAK;AAAA,IAClC,CAAC;AAAA,EACH,CAAC;AACH;;;AHfO,IAAM,mBAAmB,IAAIC,SAAQ,WAAW,EACpD,YAAY,kBAAkB;AAEjC,iBAAiB,QAAQ,MAAM,EAC5B,YAAY,oBAAoB,EAChC,OAAO,eAAe,eAAe,EACrC,OAAO,eAA+B,MAAwB;AAC7D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,KAAK,KAAK,MAAM,QAAQ,mBAAmB,KAAK,GAAG,CAAC,KAAK;AAC/D,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,gBAAgB,EAAE,EAAE;AAC7D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,UAAU,EAChC,YAAY,gBAAgB,EAC5B,OAAO,eAA+B,IAAY;AACjD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,iBAAiB,EAAE,EAAE;AAC9D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,aAAa,EACnC,YAAY,mBAAmB,EAC/B,eAAe,iBAAiB,eAAe,EAC/C,OAAO,wBAAwB,aAAa,EAC5C,OAAO,iBAAiB,kDAAkD,EAC1E,OAAO,eAA+B,IAAY,MAA6D;AAC9G,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC;AAAA,IACpC,MAAM,KAAK;AAAA,IACX,aAAa,KAAK;AAAA,EACpB;AACA,MAAI,KAAK,MAAM;AACb,SAAK,MAAM,IAAI,KAAK,KAAK,MAAM,GAAG,EAAE,IAAI,OAAK,EAAE,KAAK,CAAC;AAAA,EACvD;AACA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,iBAAiB,EAAE,IAAI,IAAI;AACpE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,UAAU,EAChC,YAAY,wBAAwB,EACpC,eAAe,iBAAiB,kDAAkD,EAClF,OAAO,eAA+B,IAAY,MAAwB;AACzE,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,iBAAiB,EAAE,IAAI;AAAA,IAC9D,MAAM,KAAK,KAAK,MAAM,GAAG,EAAE,IAAI,OAAK,EAAE,KAAK,CAAC;AAAA,EAC9C,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,aAAa,EACnC,YAAY,mBAAmB,EAC/B,OAAO,aAAa,0BAA0B,EAC9C,OAAO,OAAO,IAAY,SAA4B;AACrD,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,oBAAoB,EAAE,2BAA2B,GAAI;AACpF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,iBAAiB,EAAE,EAAE;AACpD,UAAQ,IAAI,SAAS;AACvB,CAAC;AAIH,iBAAiB,QAAQ,gCAAgC,EACtD,YAAY,2DAA2D,EACvE,eAAe,iBAAiB,uBAAuB,EACvD,OAAO,wBAAwB,aAAa,EAC5C,OAAO,eAA+B,cAAsB,MAA8C;AACzG,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,YAAY,YAAY;AAAA,IACvE,MAAM,KAAK;AAAA,IACX,aAAa,KAAK;AAAA,EACpB,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,+BAA+B,EACrD,YAAY,kDAAkD,EAC9D,OAAO,eAA+B,cAAsB;AAC3D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,YAAY,WAAW;AACvE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,yBAAyB,EAC/C,YAAY,mEAAmE,EAC/E,eAAe,uBAAuB,4BAA4B,EAClE,OAAO,aAAa,yCAAyC,EAC7D,OAAO,uBAAuB,6CAA6C,CAAC,MAAc,EAAE,MAAM,GAAG,CAAC,EACtG,OAAO,oBAAoB,0CAA0C,CAAC,MAAc,EAAE,MAAM,GAAG,CAAC,EAChG,OAAO,iBAAiB,uCAAuC,CAAC,MAAc,EAAE,MAAM,GAAG,CAAC,EAC1F,OAAO,eAEN,cACA,MACA;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,YAAY,YAAY;AAAA,IACvE,oBAAoB,KAAK;AAAA,IACzB,SAAS,KAAK,UAAU;AAAA,IACxB,aAAa,KAAK;AAAA,IAClB,UAAU,KAAK;AAAA,IACf,OAAO,KAAK;AAAA,EACd,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,0BAA0B,EAChD,YAAY,mCAAmC,EAC/C,eAAe,8BAA8B,0BAA0B,EACvE,OAAO,eAA+B,cAAsB,MAA6B;AACxF,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,YAAY,qBAAqB;AAAA,IAChF,cAAc,KAAK;AAAA,EACrB,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,4BAA4B,EAClD,YAAY,kDAAkD,EAC9D,OAAO,eAA+B,cAAsB;AAC3D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,YAAY,aAAa;AACzE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;AIpIH,SAAS,WAAAC,gBAAe;AAMjB,IAAM,qBAAqB,IAAIC,SAAQ,aAAa,EACxD,YAAY,oBAAoB;AAEnC,mBAAmB,QAAQ,MAAM,EAC9B,YAAY,oCAAoC,EAChD,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc;AAChE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,UAAU,EAClC,YAAY,kBAAkB,EAC9B,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,gBAAgB,EAAE,EAAE;AACtE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,aAAa,EACrC,YAAY,+BAA+B,EAC3C,eAAe,iBAAiB,iBAAiB,EACjD,OAAO,wBAAwB,aAAa,EAC5C,OAAO,mBAAmB,wCAAwC,EAClE,OAAO,iBAAiB,WAAW,EACnC,OAAO,mBAAmB,WAAW,EACrC,OAAO,oBAAoB,oDAAoD,EAC/E,OAAO,eAA+B,IAAY,MAAgH;AACjK,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,MAAM,KAAK,KAAK;AACxD,MAAI,KAAK,YAAa,MAAK,aAAa,IAAI,KAAK;AACjD,MAAI,KAAK,OAAQ,MAAK,aAAa,IAAI,UAAU,KAAK,MAAM;AAC5D,MAAI,KAAK,KAAM,MAAK,MAAM,IAAI,KAAK;AACnC,MAAI,KAAK,MAAO,MAAK,OAAO,IAAI,KAAK;AACrC,MAAI,KAAK,QAAS,MAAK,SAAS,IAAI,UAAU,KAAK,OAAO;AAC1D,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,gBAAgB,EAAE,IAAI,IAAI;AAC5E,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,aAAa,EACrC,YAAY,qBAAqB,EACjC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,IAAY,MAAyB;AAC1E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,sBAAsB,EAAE,2BAA2B,GAAI;AACtF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,gBAAgB,EAAE,EAAE;AAC5D,UAAQ,IAAI,SAAS;AACvB,CAAC;;;AC5DH,SAAS,WAAAC,gBAAe;AAMjB,IAAM,mBAAmB,IAAIC,SAAQ,WAAW,EACpD,YAAY,kBAAkB;AAEjC,iBAAiB,QAAQ,qBAAqB,EAC3C,YAAY,6BAA6B,EACzC,eAAe,iBAAiB,wCAAwC,EACxE,OAAO,aAAa,wDAAwD,EAC5E,OAAO,sBAAsB,kDAAkD,EAC/E,OAAO,8BAA8B,6CAA6C,EAClF,OAAO,eAA+B,YAAoB,MAAmF;AAC5I,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,MAAM,UAAU,KAAK,IAAI,EAAE;AACnE,MAAI,KAAK,WAAY,MAAK,aAAa,IAAI,KAAK;AAChD,MAAI,KAAK,eAAgB,MAAK,iBAAiB,IAAI,KAAK;AACxD,QAAM,OAAO,KAAK,KACd,OAAO,EAAE,cAAc,UAAU,IAAI,KAAK,EAAE,KAC5C,OAAO,EAAE,cAAc,UAAU;AACrC,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,MAAM,IAAI;AACnD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,oBAAoB,EAC1C,YAAY,4EAA4E,EACxF,OAAO,mBAAmB,iGAAiG,EAC3H,OAAO,iBAAiB,iGAAiG,EACzH,OAAO,mBAAmB,kCAAkC,EAC5D,OAAO,eAAe,aAAa,EACnC,OAAO,gBAAgB,mBAAmB,EAC1C,OAAO,eAA+B,YAAoB,MAA4F;AACrJ,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,KAAK,IAAI,gBAAgB;AAC/B,MAAI,KAAK,OAAQ,IAAG,IAAI,UAAU,KAAK,UAAU,UAAU,KAAK,MAAM,CAAC,CAAC;AACxE,MAAI,KAAK,KAAM,IAAG,IAAI,QAAQ,KAAK,UAAU,UAAU,KAAK,IAAI,CAAC,CAAC;AAClE,MAAI,KAAK,OAAQ,IAAG,IAAI,UAAU,KAAK,MAAM;AAC7C,MAAI,KAAK,MAAO,IAAG,IAAI,SAAS,KAAK,KAAK;AAC1C,MAAI,KAAK,OAAQ,IAAG,IAAI,UAAU,KAAK,MAAM;AAC7C,QAAM,IAAI,GAAG,SAAS;AACtB,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,UAAU,GAAG,IAAI,IAAI,CAAC,KAAK,EAAE,EAAE;AAC/F,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,uBAAuB,EAC7C,YAAY,sBAAsB,EAClC,OAAO,eAA+B,YAAoB,IAAY;AACrE,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,EAAE;AAClF,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,0BAA0B,EAChD,YAAY,mBAAmB,EAC/B,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,YAAoB,IAAY,MAAyB;AAC9F,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,mBAAmB,UAAU,IAAI,EAAE,0BAA0B,GAAI;AAChG,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,EAAE;AACxE,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACtEH,SAAS,WAAAC,gBAAe;AACxB,SAAS,gBAAAC,qBAAoB;AAKtB,IAAM,aAAa,IAAIC,SAAQ,KAAK,EACxC,YAAY,qDAAqD,EACjE,SAAS,WAAW,yBAAyB,EAC7C,OAAO,iBAAiB,0CAA0C,EAClE,OAAO,mBAAmB,mEAAmE,EAC7F,OAAO,eAA+B,UAA8B,MAA2C;AAC9G,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAE7B,MAAI;AACJ,MAAI,KAAK,MAAM;AACb,YAAQC,cAAa,KAAK,MAAM,OAAO,EAAE,KAAK;AAAA,EAChD,WAAW,UAAU;AACnB,YAAQ;AAAA,EACV,OAAO;AACL,YAAQ,MAAM,sDAAsD;AACpE,YAAQ,KAAK,CAAC;AAAA,EAChB;AAEA,QAAM,SAAkC,CAAC;AACzC,MAAI,KAAK,OAAO;AACd,eAAW,MAAM,KAAK,OAAO;AAC3B,YAAM,QAAQ,GAAG,QAAQ,GAAG;AAC5B,UAAI,UAAU,IAAI;AAChB,gBAAQ,MAAM,gCAAgC,EAAE,uBAAuB;AACvE,gBAAQ,KAAK,CAAC;AAAA,MAChB;AACA,aAAO,GAAG,MAAM,GAAG,KAAK,CAAC,IAAI,GAAG,MAAM,QAAQ,CAAC;AAAA,IACjD;AAAA,EACF;AAEA,QAAM,OAAgC,EAAE,MAAM;AAC9C,MAAI,OAAO,KAAK,MAAM,EAAE,SAAS,EAAG,MAAK,SAAS;AAElD,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,QAAQ,IAAI;AAC/D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;AC1CH,SAAS,WAAAC,gBAAe;AAMjB,IAAM,uBAAuB,IAAIC,SAAQ,eAAe,EAC5D,YAAY,wCAAwC;AAEvD,qBAAqB,QAAQ,QAAQ,EAClC,YAAY,iCAAiC,EAC7C,eAAe,4BAA4B,iCAAiC,EAC5E,eAAe,4BAA4B,iCAAiC,EAC5E,eAAe,iBAAiB,mBAAmB,EACnD,OAAO,aAAa,iBAAiB,EACrC,OAAO,iBAAiB,kDAAkD,EAC1E,OAAO,eAA+B,MAAoF;AACzH,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,CAAC,kBAAkB,QAAQ,IAAI,KAAK,OAAO,MAAM,GAAG;AAC1D,QAAM,CAAC,kBAAkB,QAAQ,IAAI,KAAK,OAAO,MAAM,GAAG;AAC1D,QAAM,OAAgC;AAAA,IACpC,UAAU,KAAK;AAAA,IACf,mBAAmB;AAAA,IACnB,WAAW;AAAA,IACX,mBAAmB;AAAA,IACnB,WAAW;AAAA,EACb;AACA,MAAI,KAAK,GAAI,MAAK,IAAI,IAAI,KAAK;AAC/B,MAAI,KAAK,KAAM,MAAK,MAAM,IAAI,UAAU,KAAK,IAAI;AACjD,QAAM,OAAO,KAAK,KAAK,OAAO,EAAE,kBAAkB,KAAK,EAAE,KAAK,OAAO,EAAE;AACvE,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,MAAM,IAAI;AACnD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,qBAAqB,QAAQ,UAAU,EACpC,YAAY,0BAA0B,EACtC,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,kBAAkB,EAAE,EAAE;AACxE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,qBAAqB,QAAQ,aAAa,EACvC,YAAY,uBAAuB,EACnC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,IAAY,MAAyB;AAC1E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,uBAAuB,EAAE,0BAA0B,GAAI;AACtF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,kBAAkB,EAAE,EAAE;AAC9D,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACxDH,SAAS,WAAAC,gBAAe;AAMjB,IAAM,2BAA2B,IAAIC,SAAQ,oBAAoB,EACrE,YAAY,sEAAuE;AAEtF,yBAAyB,QAAQ,MAAM,EACpC,YAAY,2CAA2C,EACvD,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,qBAAqB;AACvE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,yBAAyB,QAAQ,gBAAgB,EAC9C,YAAY,yBAAyB,EACrC,OAAO,eAA+B,SAAiB;AACtD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,uBAAuB,OAAO,EAAE;AAClF,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,yBAAyB,QAAQ,mBAAmB,EACjD,YAAY,sCAAsC,EAClD,OAAO,wBAAwB,aAAa,EAC5C,OAAO,mBAAmB,2FAA2F,EACrH,OAAO,+BAA+B,qEAAqE,EAC3G,OAAO,+BAA+B,qEAAqE,EAC3G,OAAO,eAA+B,SAAiB,MAAyG;AAC/J,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,CAAC;AACvC,MAAI,KAAK,YAAa,MAAK,aAAa,IAAI,KAAK;AACjD,MAAI,KAAK,OAAQ,MAAK,aAAa,IAAI,UAAU,KAAK,MAAM;AAC5D,MAAI,KAAK,kBAAmB,MAAK,oBAAoB,IAAI,UAAU,KAAK,iBAAiB;AACzF,MAAI,KAAK,kBAAmB,MAAK,oBAAoB,IAAI,UAAU,KAAK,iBAAiB;AACzF,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,uBAAuB,OAAO,IAAI,IAAI;AACxF,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,yBAAyB,QAAQ,mBAAmB,EACjD,YAAY,4BAA4B,EACxC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,SAAiB,MAAyB;AAC/E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,6BAA6B,OAAO,2BAA2B,GAAI;AAClG,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,uBAAuB,OAAO,EAAE;AACxE,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACzDH,SAAS,WAAAC,gBAAe;AAKjB,IAAM,4BAA4B,IAAIC,SAAQ,qBAAqB,EACvE,YAAY,yBAAyB,EACrC,SAAS,gBAAgB,mCAAmC,EAC5D,SAAS,QAAQ,oBAAoB,EACrC,OAAO,iBAAiB,6BAA6B,EACrD,OAAO,qBAAqB,0CAA0C,MAAM,EAC5E,OAAO,eAAe,eAAe,IAAI,EACzC,OAAO,gBAAgB,gBAAgB,GAAG,EAC1C,OAAO,eAA+B,YAAoB,IAAY,MAA2E;AAChJ,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,IAAI,gBAAgB;AACnC,MAAI,KAAK,KAAM,QAAO,IAAI,YAAY,KAAK,IAAI;AAE/C,QAAM,eAAuC,EAAE,UAAU,UAAU,UAAU,UAAU,MAAM,OAAO;AACpG,SAAO,IAAI,aAAa,aAAa,KAAK,SAAS,KAAK,KAAK,SAAS;AACtE,SAAO,IAAI,SAAS,KAAK,KAAK;AAC9B,SAAO,IAAI,UAAU,KAAK,MAAM;AAChC,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,YAAY,OAAO,SAAS,CAAC,EAAE;AAC/G,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;ACzBH,SAAS,WAAAC,iBAAe;AACxB,SAAS,gBAAAC,qBAAoB;AAMtB,IAAM,qBAAqB,IAAIC,UAAQ,aAAa,EACxD,YAAY,6BAA6B;AAE5C,mBAAmB,QAAQ,0BAA0B,EAClD,YAAY,0GAA0G,EACtH,eAAe,qBAAqB,wCAAwC,EAC5E,OAAO,yBAAyB,aAAa,0BAA0B,EACvE,OAAO,iBAAiB,qEAAqE,EAC7F,OAAO,eAA+B,YAAoB,IAAY,MAAgE;AACrI,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,gBAAgB;AAAA,IAC/F,UAAU,KAAK;AAAA,IACf,cAAc,KAAK;AAAA,EACrB,CAAC;AAED,MAAI,KAAK,MAAM;AACb,UAAM,OAAOC,cAAa,KAAK,IAAI;AACnC,UAAM,YAAY,KAAK,WAAW,WAAW,MAAM,IAAI,KAAK,aAAa,GAAG,OAAO,OAAO,GAAG,KAAK,UAAU;AAC5G,UAAM,OAAO,WAAW,WAAW,MAAM,KAAK,WAAW;AACzD,YAAQ,IAAI,aAAa,EAAE,GAAG,MAAM,UAAU,KAAK,GAAG,UAAU,IAAI,CAAC,CAAC;AAAA,EACxE,OAAO;AACL,YAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AAAA,EACjD;AACF,CAAC;AAEH,mBAAmB,QAAQ,uBAAuB,EAC/C,YAAY,kDAAkD,EAC9D,eAAe,qBAAqB,wCAAwC,EAC5E,OAAO,eAA+B,YAAoB,IAAY,MAA4B;AACjG,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,cAAc,MAAM,OAAO,QAAgE,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,cAAc;AAC7J,QAAM,QAAQ,YAAY,KAAK,OAAK,EAAE,IAAI,SAAS,IAAI,KAAK,QAAQ,EAAE,CAAC;AACvE,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,MAAM,eAAe,KAAK,QAAQ,aAAa;AAAA,EAC3D;AACA,QAAM,cAAc,GAAG,OAAO,OAAO,OAAO,EAAE,gBAAgB,MAAM,GAAG;AACvE,UAAQ,IAAI,aAAa,EAAE,cAAc,aAAa,GAAG,MAAM,GAAG,UAAU,IAAI,CAAC,CAAC;AACpF,CAAC;AAEH,mBAAmB,QAAQ,wBAAwB,EAChD,YAAY,iCAAiC,EAC7C,OAAO,mBAAmB,oCAAoC,EAC9D,OAAO,eAA+B,YAAoB,IAAY,MAA2B;AAChG,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,QAAQ,KAAK,SAAS,WAAW,mBAAmB,KAAK,MAAM,CAAC,KAAK;AAC3E,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,eAAe,KAAK,EAAE;AACtG,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,0CAA0C,EAClE,YAAY,sBAAsB,EAClC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,YAAoB,IAAY,cAAsB,MAAyB;AACpH,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,qBAAqB,YAAY,OAAO,UAAU,IAAI,EAAE,0BAA0B,GAAI;AACrH,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,gBAAgB,YAAY,EAAE;AACpG,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACvEH,SAAS,kBAAkB;AAC3B,SAAS,WAAAC,iBAAe;AAMjB,IAAM,eAAe,IAAIC,UAAQ,OAAO,EAC5C,YAAY,kCAAkC;AAEjD,aAAa,QAAQ,QAAQ,EAC1B,YAAY,2BAA2B,EACvC,eAAe,iBAAiB,WAAW,EAC3C,eAAe,qBAAqB,oBAAoB,EACxD,OAAO,aAAa,qCAAqC,EACzD,OAAO,oCAAoC,kCAAkC,EAC7E,OAAO,eAA+B,MAA+E;AACpH,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,KAAK,MAAM,WAAW;AACrC,QAAM,OAAgC;AAAA,IACpC,MAAM,KAAK;AAAA,IACX,QAAQ,KAAK;AAAA,IACb,SAAS;AAAA,EACX;AACA,MAAI,KAAK,iBAAiB;AACxB,SAAK,kBAAkB,IAAI,KAAK,gBAAgB,MAAM,GAAG;AAAA,EAC3D;AACA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,UAAU,MAAM,IAAI,IAAI;AAC1E,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,aAAa,QAAQ,UAAU,EAC5B,YAAY,YAAY,EACxB,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,UAAU,EAAE,EAAE;AAChE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,aAAa,QAAQ,MAAM,EACxB,YAAY,gBAAgB,EAC5B,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,QAAQ;AAC1D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,aAAa,QAAQ,aAAa,EAC/B,YAAY,eAAe,EAC3B,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,IAAY,MAAyB;AAC1E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,eAAe,EAAE,0BAA0B,GAAI;AAC9E,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,UAAU,EAAE,EAAE;AACtD,UAAQ,IAAI,SAAS;AACvB,CAAC;;;AC9DH,SAAS,cAAAC,mBAAkB;AAC3B,SAAS,WAAAC,iBAAe;AAMjB,IAAM,kBAAkB,IAAIC,UAAQ,UAAU,EAClD,YAAY,0BAA0B;AAEzC,gBAAgB,QAAQ,QAAQ,EAC7B,YAAY,4BAA4B,EACxC,eAAe,iBAAiB,cAAc,EAC9C,eAAe,eAAe,YAAY,EAC1C,eAAe,qBAAqB,qBAAqB,EACzD,eAAe,qBAAqB,6BAA6B,EACjE,OAAO,aAAa,wCAAwC,EAC5D,OAAO,oCAAoC,kCAAkC,EAC7E,OAAO,mBAAmB,0BAA0B,EACpD,OAAO,eAA+B,MAA6H;AAClK,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,YAAY,KAAK,MAAMC,YAAW;AACxC,QAAM,OAAgC;AAAA,IACpC,MAAM,KAAK;AAAA,IACX,KAAK,KAAK;AAAA,IACV,QAAQ,KAAK;AAAA,IACb,QAAQ,KAAK,OAAO,MAAM,GAAG;AAAA,IAC7B,SAAS;AAAA,EACX;AACA,MAAI,KAAK,iBAAiB;AACxB,SAAK,kBAAkB,IAAI,KAAK,gBAAgB,MAAM,GAAG;AAAA,EAC3D;AACA,MAAI,KAAK,QAAQ;AACf,SAAK,QAAQ,IAAI,KAAK,MAAM,KAAK,MAAM;AAAA,EACzC;AACA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,aAAa,SAAS,IAAI,IAAI;AAChF,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,gBAAgB,QAAQ,UAAU,EAC/B,YAAY,eAAe,EAC3B,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,aAAa,EAAE,EAAE;AACnE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,gBAAgB,QAAQ,MAAM,EAC3B,YAAY,mBAAmB,EAC/B,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,WAAW;AAC7D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,gBAAgB,QAAQ,YAAY,EACjC,YAAY,0DAA0D,EACtE,OAAO,qBAAqB,wDAAwD,EACpF,OAAO,qBAAqB,sBAAsB,EAClD,OAAO,eAA+B,MAA+C;AACpF,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,IAAI,gBAAgB;AACnC,MAAI,KAAK,OAAQ,QAAO,IAAI,UAAU,KAAK,MAAM;AACjD,MAAI,KAAK,UAAW,QAAO,IAAI,cAAc,KAAK,SAAS;AAC3D,QAAM,KAAK,OAAO,SAAS;AAC3B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,uBAAuB,KAAK,IAAI,EAAE,KAAK,EAAE,EAAE;AAC7F,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,gBAAgB,QAAQ,aAAa,EAClC,YAAY,kBAAkB,EAC9B,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,IAAY,MAAyB;AAC1E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,kBAAkB,EAAE,0BAA0B,GAAI;AACjF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,aAAa,EAAE,EAAE;AACzD,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACrFH,SAAS,WAAAC,iBAAe;AAMjB,IAAM,mBAAmB,IAAIC,UAAQ,WAAW,EACpD,YAAY,8BAA8B;AAE7C,iBAAiB,QAAQ,eAAe,EACrC,YAAY,kCAAkC,EAC9C,OAAO,iBAAiB,wDAAwD,EAChF,OAAO,wBAAwB,sBAAsB,EACrD,OAAO,iBAAiB,yDAAyD,SAAS,CAAC,CAAC,EAC5F,OAAO,yBAAyB,yDAAyD,SAAS,CAAC,CAAC,EACpG,OAAO,kBAAkB,gEAAgE,SAAS,CAAC,CAAC,EACpG,OAAO,eAAe,uBAAuB,EAC7C,OAAO,mBAAmB,yHAAyH,EACnJ,OAAO,eAA+B,MAAc,MAQlD;AACD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAE7B,MAAI;AAEJ,MAAI,KAAK,QAAQ;AAEf,WAAO,KAAK,MAAM,KAAK,MAAM;AAAA,EAC/B,OAAO;AACL,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,MAAM,2DAA2D;AAAA,IAC7E;AACA,WAAO;AAAA,MACL,MAAM,KAAK;AAAA,MACX,OAAO,KAAK,KAAK,IAAI,aAAa;AAAA,IACpC;AAEA,QAAI,KAAK,YAAa,MAAK,cAAc,KAAK;AAE9C,QAAI,KAAK,aAAa,SAAS,GAAG;AAChC,WAAK,gBAAgB,KAAK,aAAa,IAAI,YAAY;AAAA,IACzD;AAEA,QAAI,KAAK,MAAM,SAAS,GAAG;AACzB,YAAM,aAAuC,CAAC;AAC9C,iBAAW,QAAQ,KAAK,OAAO;AAC7B,cAAM,SAAS,UAAU,IAAI;AAC7B,mBAAW,OAAO,GAAG,IAAI,OAAO;AAAA,MAClC;AACA,WAAK,QAAQ,EAAE,SAAS,MAAM,WAAW;AAAA,IAC3C;AAEA,QAAI,KAAK,SAAU,MAAK,YAAY;AAAA,EACtC;AAEA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,IAAI,IAAI,IAAI;AAC5E,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,YAAY,EAClC,YAAY,iBAAiB,EAC7B,OAAO,cAAc,qCAAqC,EAC1D,OAAO,eAA+B,MAAc,MAA8B;AACjF,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,KAAK,WACd,OAAO,EAAE,cAAc,IAAI,cAC3B,OAAO,EAAE,cAAc,IAAI;AAC/B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,IAAI;AAC7C,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,MAAM,EAC5B,YAAY,oBAAoB,EAChC,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,YAAY;AAC9D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,eAAe,EACrC,YAAY,oBAAoB,EAChC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,MAAc,MAAyB;AAC5E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,oBAAoB,IAAI,2BAA2B,GAAI;AACtF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,cAAc,IAAI,EAAE;AAC5D,UAAQ,IAAI,SAAS;AACvB,CAAC;AAEH,iBAAiB,QAAQ,YAAY,EAClC,YAAY,4CAA4C,EACxD,OAAO,sBAAsB,yBAAyB,KAAK,EAC3D,OAAO,CAAC,OAAe,SAAgC;AACtD,QAAM,YAAY,KAAK,cAAc,QAAQ,QAAQ;AACrD,UAAQ,IAAI,2BAA2B,KAAK,IAAI,SAAS,EAAE;AAC7D,CAAC;AAIH,SAAS,QAAQ,OAAe,UAA8B;AAC5D,SAAO,CAAC,GAAG,UAAU,KAAK;AAC5B;AAEA,SAAS,UAAU,MAA8C;AAC/D,QAAM,CAAC,KAAK,MAAM,IAAI,KAAK,MAAM,GAAG;AACpC,MAAI,CAAC,OAAO,CAAC,QAAQ;AACnB,UAAM,IAAI,MAAM,iBAAiB,IAAI,kCAAkC;AAAA,EACzE;AACA,SAAO,EAAE,KAAK,KAAK,OAAO,MAAM,GAAG,EAAE;AACvC;AAEA,SAAS,cAAc,MAAuC;AAC5D,QAAM,EAAE,KAAK,IAAI,IAAI,UAAU,IAAI;AACnC,SAAO,EAAE,YAAY,KAAK,YAAY,IAAI;AAC5C;AAEA,SAAS,aAAa,MAAuC;AAC3D,QAAM,EAAE,KAAK,IAAI,IAAI,UAAU,IAAI;AACnC,SAAO,EAAE,UAAU,KAAK,YAAY,IAAI;AAC1C;;;ACpIA,SAAS,WAAAC,iBAAe;AAKjB,IAAM,eAAe,IAAIC,UAAQ,OAAO,EAC5C,YAAY,0DAA0D,EACtE,eAAe,uBAAuB,6CAA6C,EACnF,OAAO,eAA+B,MAA8B;AACnE,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,aAAa,UAAU,KAAK,UAAU;AAC5C,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,UAAU;AAAA,IAC3D,YAAY,MAAM,QAAQ,UAAU,IAAI,aAAa,CAAC,UAAU;AAAA,EAClE,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;AChBH,SAAS,WAAAC,iBAAe;AAIxB,IAAM,kBAAkB;AAEjB,IAAM,mBAAmB,IAAIC,UAAQ,WAAW,EACpD,YAAY,6EAA6E;AAE5F,iBAAiB,QAAQ,mBAAmB,EACzC,YAAY,sDAAsD,eAAe,EAAE,EACnF,eAAe,kBAAkB,6CAA6C,EAC9E,OAAO,eAA+B,UAAkB,MAAyB;AAChF,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,QAAQ,UAAU,KAAK,KAAK;AAClC,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,cAAc,QAAQ,WAAW;AAAA,IAClF,OAAO,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC,KAAK;AAAA,EAC9C,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,mBAAmB,EACzC,YAAY,sDAAsD,eAAe,EAAE,EACnF,OAAO,uBAAuB,+CAA+C,EAC7E,OAAO,mBAAmB,sBAAsB,EAChD,OAAO,eAA+B,UAAkB,MAAiD;AACxG,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,QAAQ,KAAK,cAAc,gBAAgB,KAAK,WAAW,KAAK;AACtE,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,QAAQ,UAAU,KAAK,EAAE;AAEzF,MAAI,KAAK,QAAQ;AACf,UAAM,EAAE,eAAAC,eAAc,IAAI,MAAM,OAAO,IAAI;AAC3C,IAAAA,eAAc,KAAK,QAAQ,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AACxD,YAAQ,IAAI,cAAc,KAAK,MAAM,EAAE;AAAA,EACzC,OAAO;AACL,YAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AAAA,EACjD;AACF,CAAC;AAEH,iBAAiB,QAAQ,qCAAqC,EAC3D,YAAY,qEAAqE,eAAe,EAAE,EAClG,eAAe,iBAAiB,8DAA8D,EAC9F,OAAO,sBAAsB,mCAAmC,EAChE,OAAO,8BAA8B,4BAA4B,EACjE,OAAO,eAA+B,UAAkB,YAAoB,MAAsE;AACjJ,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,WAAW,UAAU,KAAK,IAAI;AACpC,QAAM,aAAuB,CAAC;AAC9B,MAAI,KAAK,WAAY,YAAW,KAAK,eAAe,mBAAmB,KAAK,UAAU,CAAC,EAAE;AACzF,MAAI,KAAK,eAAgB,YAAW,KAAK,mBAAmB,mBAAmB,KAAK,cAAc,CAAC,EAAE;AACrG,QAAM,KAAK,WAAW,SAAS,IAAI,WAAW,KAAK,GAAG,CAAC,KAAK;AAC5D,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,cAAc,QAAQ,cAAc,UAAU,GAAG,EAAE,IAAI,QAAQ;AAClH,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;ACxDH,SAAS,WAAAC,iBAAe;AAKjB,IAAM,gBAAgB,IAAIC,UAAQ,QAAQ,EAC9C,YAAY,mBAAmB;AAElC,cAAc,QAAQ,QAAQ,EAC3B,YAAY,2BAA2B,EACvC,eAAe,iBAAiB,YAAY,EAC5C,eAAe,mBAAmB,iCAAiC,EACnE,OAAO,uBAAuB,wDAAwD,EACtF,OAAO,eAA+B,MAA4D;AACjG,QAAM,SAAS,IAAI,UAAU;AAC7B,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,KAAK,MAAM;AAAA,EACjC,QAAQ;AACN,UAAM,IAAI,MAAM,6BAA6B;AAAA,EAC/C;AACA,QAAM,OAAgC,EAAE,MAAM,KAAK,MAAM,OAAO;AAChE,MAAI,KAAK,UAAW,MAAK,aAAa,KAAK;AAC3C,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,cAAc,IAAI;AAC5D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,cAAc,QAAQ,MAAM,EACzB,YAAY,iBAAiB,EAC7B,OAAO,iBAA+B;AACrC,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,YAAY;AACrD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,cAAc,QAAQ,mBAAmB,EACtC,YAAY,qBAAqB,EACjC,OAAO,eAA+B,SAAiB;AACtD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,cAAc,OAAO,EAAE;AACtD,UAAQ,IAAI,eAAe;AAC7B,CAAC;;;ACzCH,SAAS,WAAAC,iBAAe;AACxB,SAAS,gBAAAC,qBAAoB;AAU7B,SAAS,aAAa,MAAiD;AACrE,MAAK,KAAK,UAAU,YAAgB,KAAK,SAAS,SAAY;AAC5D,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC5D;AACA,MAAI,KAAK,SAAS,OAAW,QAAOC,cAAa,KAAK,IAAI,EAAE,SAAS,QAAQ;AAC7E,SAAO,KAAK;AACd;AAEO,IAAM,iBAAiB,IAAIC,UAAQ,SAAS,EAChD,YAAY,mCAAmC;AAElD,eAAe,QAAQ,QAAQ,EAC5B,YAAY,uEAAuE,EACnF,eAAe,iBAAiB,aAAa,EAC7C,OAAO,mBAAmB,6BAA6B,EACvD,OAAO,iBAAiB,oFAAoF,EAC5G,OAAO,yBAAyB,oDAAoD,EACpF,OAAO,uBAAuB,qFAAgF,EAC9G,OAAO,iBAAiB,sBAAsB,EAC9C,OAAO,eAA+B,MAAgH;AACrJ,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,MAAM,KAAK,MAAM,OAAO,aAAa,IAAI,EAAE;AACnF,MAAI,KAAK,YAAa,MAAK,eAAe,KAAK;AAC/C,MAAI,KAAK,UAAW,MAAK,aAAa,KAAK;AAC3C,MAAI,KAAK,KAAM,MAAK,OAAO,KAAK,KAAK,MAAM,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,OAAO;AACnF,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,qBAAqB,IAAI;AACnE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,eAAe,QAAQ,MAAM,EAC1B,YAAY,oCAAoC,EAChD,OAAO,cAAc,kDAAkD,EACvE,OAAO,cAAc,kCAAkC,IAAI,EAC3D,OAAO,eAA+B,MAA4C;AACjF,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,KAAK,WAAW,0CAA0C,mBAAmB,KAAK,IAAI,CAAC,KAAK;AACzG,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,IAAI;AAC7C,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,eAAe,QAAQ,UAAU,EAC9B,YAAY,0CAA0C,EACtD,OAAO,eAA+B,IAAY;AACjD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,qBAAqB,EAAE,EAAE;AAClE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,eAAe,QAAQ,aAAa,EACjC,YAAY,oFAAoF,EAChG,OAAO,mBAAmB,iCAAiC,EAC3D,OAAO,iBAAiB,qDAAqD,EAC7E,OAAO,uBAAuB,oDAAoD,EAClF,OAAO,eAA+B,IAAY,MAA6D;AAC9G,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,OAAO,aAAa,IAAI,EAAE;AAClE,MAAI,KAAK,UAAW,MAAK,aAAa,KAAK;AAC3C,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,qBAAqB,EAAE,WAAW,IAAI;AAChF,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,eAAe,QAAQ,aAAa,EACjC,YAAY,uBAAuB,EACnC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,IAAY,MAAyB;AAC1E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,uBAAuB,EAAE,0BAA0B,GAAI;AACtF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,qBAAqB,EAAE,EAAE;AACxD,UAAQ,IAAI,gBAAgB;AAC9B,CAAC;;;AC9EH,SAAS,WAAAC,iBAAe;AAKjB,IAAM,eAAe,IAAIC,UAAQ,OAAO,EAC5C,YAAY,+DAA+D;AAI9E,IAAM,YAAY,aAAa,QAAQ,IAAI,EAAE,YAAY,qCAAqC;AAE9F,UAAU,QAAQ,oBAAoB,EACnC,YAAY,mEAAmE,EAC/E,OAAO,eAA+B,MAAc,IAAY;AAC/D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,mBAAmB,mBAAmB,IAAI,CAAC,IAAI,mBAAmB,EAAE,CAAC;AAAA,EACvE;AACA,UAAQ,IAAI,aAAa,KAAK,QAAQ,UAAU,IAAI,CAAC,CAAC;AACxD,CAAC;AAEH,UAAU,QAAQ,0BAA0B,EACzC,YAAY,+DAA+D,EAC3E,OAAO,eAAe,kCAAkC,CAAC,MAAc,OAAO,CAAC,CAAC,EAChF,OAAO,oBAAoB,yCAAyC,EACpE,OAAO,eAEN,MACA,IACA,OACA,MACA;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,IAAI,gBAAgB,EAAE,MAAM,CAAC;AAC5C,MAAI,KAAK,UAAU,OAAW,QAAO,IAAI,SAAS,OAAO,KAAK,KAAK,CAAC;AACpE,MAAI,KAAK,UAAU,OAAW,QAAO,IAAI,UAAU,KAAK,KAAK;AAE7D,QAAM,OAAO,MAAM,OAAO;AAAA,IAMxB;AAAA,IACA,mBAAmB,mBAAmB,IAAI,CAAC,IAAI,mBAAmB,EAAE,CAAC,SAAS,MAAM;AAAA,EACtF;AAEA,QAAM,SAAS,UAAU,IAAI;AAC7B,MAAI,WAAW,QAAQ;AACrB,YAAQ,IAAI,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AACzC;AAAA,EACF;AAEA,QAAM,OAAO,KAAK,KAAK,IAAI,OAAK,OAAO,YAAY,KAAK,QAAQ,IAAI,CAAC,GAAG,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;AACzF,UAAQ,IAAI,aAAa,MAAM,MAAM,CAAC;AACtC,MAAI,KAAK,UAAW,SAAQ,IAAI,6CAAwC;AAC1E,CAAC;AAIH,IAAM,gBAAgB,aACnB,QAAQ,QAAQ,EAChB,YAAY,yEAAyE;AAaxF,cAAc,QAAQ,MAAM,EACzB,YAAY,oCAAoC,EAChD,OAAO,gBAAgB,uDAAuD,EAC9E,OAAO,gBAAgB,+CAA+C,EACtE,OAAO,wBAAwB,6BAA6B,EAC5D,OAAO,eAAe,kCAAkC,CAAC,MAAc,OAAO,CAAC,CAAC,EAChF,OAAO,gBAAgB,yBAAyB,CAAC,MAAc,OAAO,CAAC,CAAC,EACxE,OAAO,iBAAiB,2CAA2C,EACnE,OAAO,eAEN,MACA;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,IAAI,gBAAgB;AACnC,MAAI,KAAK,OAAQ,QAAO,IAAI,UAAU,KAAK,MAAM;AACjD,MAAI,KAAK,OAAQ,QAAO,IAAI,UAAU,KAAK,MAAM;AACjD,MAAI,KAAK,eAAgB,QAAO,IAAI,kBAAkB,KAAK,cAAc;AACzE,MAAI,KAAK,UAAU,OAAW,QAAO,IAAI,SAAS,OAAO,KAAK,KAAK,CAAC;AACpE,MAAI,KAAK,WAAW,OAAW,QAAO,IAAI,UAAU,OAAO,KAAK,MAAM,CAAC;AACvE,MAAI,KAAK,MAAO,QAAO,IAAI,SAAS,KAAK,KAAK;AAC9C,QAAM,KAAK,OAAO,SAAS,IAAI,IAAI,MAAM,KAAK;AAE9C,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,iBAAiB,EAAE;AAAA,EACrB;AAEA,QAAM,SAAS,UAAU,IAAI;AAC7B,MAAI,WAAW,QAAQ;AACrB,YAAQ,IAAI,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AACzC;AAAA,EACF;AACA,UAAQ,IAAI,aAAa,KAAK,MAAM,MAAM,CAAC;AAC3C,UAAQ,IAAI,IAAI,KAAK,KAAK,MAAM,OAAO,KAAK,KAAK,GAAG;AACtD,CAAC;AAEH,cAAc,QAAQ,WAAW,EAC9B,YAAY,6CAA6C,EACzD,OAAO,eAA+B,IAAY;AACjD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,EAAE,CAAC;AAAA,EAC1C;AACA,UAAQ,IAAI,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AAC3C,CAAC;AAUH,SAAS,kBAAkB,GAA4B;AACrD,UAAQ,EAAE,QAAQ;AAAA,IAChB,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO,aAAa,EAAE,UAAU,UAAU;AAAA,IAC5C,KAAK;AACH,aAAO,yBAAyB,EAAE,UAAU,mBAAmB;AAAA,IACjE,KAAK;AACH,aAAO,oCAAoC,EAAE,UAAU,SAAS;AAAA,IAClE,SAAS;AAEP,YAAM,cAAqB,EAAE;AAC7B,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,cAAc,QAAQ,sCAAsC,EACzD,YAAY,2EAA2E,EACvF,OAAO,eAA+B,aAAqB,WAAqB;AAC/E,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,WAAW,CAAC;AAAA,IACjD,EAAE,YAAY,UAAU;AAAA,EAC1B;AACA,UAAQ,IAAI,WAAW,KAAK,OAAO,oBAAoB,WAAW,EAAE;AACpE,aAAW,KAAK,KAAK,WAAW,CAAC,GAAG;AAClC,YAAQ,IAAI,aAAa,EAAE,SAAS,WAAM,kBAAkB,CAAC,CAAC,EAAE;AAAA,EAClE;AACF,CAAC;AAEH,cAAc,QAAQ,qBAAqB,EACxC,YAAY,4DAA4D,EACxE,OAAO,eAA+B,UAAkB;AACvD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,QAAQ,CAAC;AAAA,EAChD;AACA,UAAQ,IAAI,YAAY,KAAK,OAAO,SAAS,WAAM,KAAK,OAAO,MAAM,EAAE;AACzE,CAAC;AAEH,cAAc,QAAQ,eAAe,EAClC,YAAY,4DAA4D,EACxE,eAAe,cAAc,4CAA4C,EACzE,OAAO,oBAAoB,+BAA+B,EAC1D,OAAO,eAA+B,IAAY,MAAwC;AACzF,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,QAAQ,aAAa,cAAc,KAAK,GAAG;AACnF,MAAI,KAAK,QAAS,MAAK,YAAY,IAAI,KAAK;AAC5C,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,EAAE,CAAC;AAAA,IACxC;AAAA,EACF;AACA,UAAQ,IAAI,aAAa,KAAK,OAAO,SAAS,WAAM,KAAK,EAAE,EAAE;AAC/D,CAAC;AAEH,cAAc,QAAQ,gBAAgB,EACnC,YAAY,qDAAqD,EACjE,OAAO,eAA+B,IAAY;AACjD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,EAAE,CAAC;AAAA,IACxC,EAAE,QAAQ,YAAY;AAAA,EACxB;AACA,UAAQ,IAAI,aAAa,KAAK,OAAO,SAAS,iBAAiB,KAAK,oBAAoB,MAAM,mBAAmB;AACnH,CAAC;AAEH,cAAc,QAAQ,cAAc,EACjC,YAAY,6CAA6C,EACzD,eAAe,mBAAmB,+BAA+B,EACjE,OAAO,oBAAoB,+BAA+B,EAC1D,OAAO,eAA+B,IAAY,MAA4C;AAC7F,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,QAAQ,aAAa,kBAAkB,KAAK,OAAO;AAC3F,MAAI,KAAK,QAAS,MAAK,YAAY,IAAI,KAAK;AAC5C,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,EAAE,CAAC;AAAA,IACxC;AAAA,EACF;AACA,UAAQ,IAAI,aAAa,KAAK,OAAO,SAAS,aAAa,KAAK,MAAM,GAAG;AAC3E,CAAC;;;AC/NH,SAAS,WAAAC,iBAAe;AASjB,IAAM,mBAAmB,IAAIC,UAAQ,YAAY,EACrD,YAAY,0DAA0D,EACtE,eAAe,mBAAmB,eAAe,EACjD,eAAe,wBAAwB,eAAe,EACtD,OAAO,qBAAqB,wDAAwD,EACpF,OAAO,wBAAwB,+CAA+C,EAC9E,OAAO,qBAAqB,wEAAwE,EACpG,OAAO,sBAAsB,gCAAgC,EAC7D,OAAO,kBAAkB,oBAAoB,EAC7C,OAAO,0BAA0B,yBAAyB,EAC1D,OAAO,oBAAoB,wCAAwC,EACnE,OAAO,mBAAmB,sCAAsC,IAAI,EACpE,OAAO,2BAA2B,qDAAqD,EACvF,OAAO,eAEN,MAaA;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC;AAAA,IACpC,OAAO,KAAK;AAAA,IACZ,aAAa,KAAK;AAAA,IAClB,QAAQ,KAAK;AAAA,EACf;AACA,MAAI,KAAK,OAAQ,MAAK,QAAQ,IAAI,KAAK;AACvC,MAAI,KAAK,eAAgB,MAAK,gBAAgB,IAAI,KAAK;AACvD,MAAI,KAAK,SAAU,MAAK,WAAW,IAAI,KAAK;AAC5C,MAAI,KAAK,SAAU,MAAK,UAAU,IAAI,KAAK;AAC3C,MAAI,KAAK,MAAO,MAAK,OAAO,IAAI,KAAK;AACrC,MAAI,KAAK,aAAc,MAAK,eAAe,IAAI,KAAK;AACpD,MAAI,KAAK,QAAS,MAAK,SAAS,IAAI,KAAK;AACzC,MAAI,KAAK,cAAe,MAAK,gBAAgB,IAAI,KAAK;AAEtD,QAAM,OAAO,MAAM,OAAO,QAAwB,QAAQ,eAAe,IAAI;AAC7E,MAAI,KAAK,SAAS;AAChB,YAAQ,IAAI,yBAAyB,KAAK,SAAS,IAAI;AACvD,YAAQ,IAAI,kEAAkE;AAAA,EAChF,OAAO;AACL,YAAQ,IAAI,yCAAyC,KAAK,SAAS,8CAAyC;AAAA,EAC9G;AACF,CAAC;;;AC5DH,SAAS,WAAAC,iBAAe;AACxB,SAAS,oBAAoB;;;ACAtB,SAAS,eAAe,QAAgB,SAA0B;AACvE,QAAM,QAAQ,CAAC,MAAc,EAAE,QAAQ,WAAW,EAAE;AACpD,QAAM,IAAI,MAAM,MAAM,EAAE,MAAM,GAAG,EAAE,IAAI,MAAM;AAC7C,QAAM,IAAI,MAAM,OAAO,EAAE,MAAM,GAAG,EAAE,IAAI,MAAM;AAC9C,WAAS,IAAI,GAAG,IAAI,KAAK,IAAI,EAAE,QAAQ,EAAE,MAAM,GAAG,KAAK;AACrD,UAAM,KAAK,EAAE,CAAC,KAAK;AACnB,UAAM,KAAK,EAAE,CAAC,KAAK;AACnB,QAAI,OAAO,MAAM,EAAE,KAAK,OAAO,MAAM,EAAE,EAAG,QAAO;AACjD,QAAI,KAAK,GAAI,QAAO;AACpB,QAAI,KAAK,GAAI,QAAO;AAAA,EACtB;AACA,SAAO;AACT;;;ACbA,SAAS,gBAAAC,eAAc,iBAAAC,gBAAe,aAAAC,kBAAiB;AACvD,SAAS,QAAAC,aAAY;AACrB,SAAS,gBAAgB;AAMlB,IAAM,cAAc;AAC3B,IAAM,aAAaC,MAAK,YAAY,mBAAmB;AACvD,IAAM,aAAa,KAAK,KAAK,KAAK;AAOlC,SAAS,aAAsB;AAC7B,SAAO;AAAA,IACL,QAAQ,IAAI,oBAAoB,KAChC,QAAQ,IAAI,uBAAuB,KACnC,KAAK;AAAA,EACP;AACF;AAEA,SAAS,YAAiC;AACxC,MAAI;AACF,UAAM,SAAS,KAAK,MAAMC,cAAa,YAAY,OAAO,CAAC;AAC3D,QAAI,OAAO,OAAO,cAAc,SAAU,QAAO;AACjD,QAAI,OAAO,WAAW,QAAQ,OAAO,OAAO,WAAW,SAAU,QAAO;AACxE,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,WAAW,OAA2B;AAC7C,MAAI;AACF,IAAAC,WAAU,YAAY,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AACtD,IAAAC,eAAc,YAAY,KAAK,UAAU,KAAK,GAAG,EAAE,MAAM,IAAM,CAAC;AAAA,EAClE,QAAQ;AAAA,EAER;AACF;AAGO,SAAS,iBAAiB,SAAgC;AAC/D,QAAM,QAAQ,UAAU;AACxB,MAAI,CAAC,OAAO,OAAQ,QAAO;AAC3B,MAAI,KAAK,IAAI,IAAI,MAAM,YAAY,WAAY,QAAO;AACtD,SAAO,eAAe,MAAM,QAAQ,OAAO,IAAI,MAAM,SAAS;AAChE;AAEA,SAAS,OAAO,QAAgB,SAAuB;AACrD,UAAQ,MAAM;AAAA,oBAAuB,OAAO,WAAM,MAAM;AAAA,gCAAmC;AAC7F;AAOO,SAAS,gBAAgB,SAAuB;AACrD,MAAI,WAAW,EAAG;AAClB,MAAI;AACF,UAAM,QAAQ,UAAU;AAExB,QAAI,SAAS,KAAK,IAAI,IAAI,MAAM,YAAY,YAAY;AACtD,UAAI,MAAM,UAAU,eAAe,MAAM,QAAQ,OAAO,EAAG,QAAO,MAAM,QAAQ,OAAO;AACvF;AAAA,IACF;AAGA,eAAW,EAAE,WAAW,KAAK,IAAI,GAAG,QAAQ,OAAO,UAAU,KAAK,CAAC;AAGnE,UAAM,QAAQ;AAAA,MACZ;AAAA,MACA,CAAC,QAAQ,aAAa,SAAS;AAAA,MAC/B,EAAE,SAAS,KAAM,OAAO,KAAK;AAAA,MAC7B,CAAC,KAAK,WAAW;AACf,YAAI,IAAK;AACT,cAAM,SAAS,OAAO,KAAK;AAC3B,YAAI,CAAC,OAAQ;AACb,mBAAW,EAAE,WAAW,KAAK,IAAI,GAAG,OAAO,CAAC;AAC5C,YAAI,eAAe,QAAQ,OAAO,EAAG,QAAO,QAAQ,OAAO;AAAA,MAC7D;AAAA,IACF;AAEA,UAAM,MAAM;AAAA,EACd,QAAQ;AAAA,EAER;AACF;;;AC7FA;AAAA,EACE,MAAQ;AAAA,EACR,SAAW;AAAA,EACX,MAAQ;AAAA,EACR,SAAW;AAAA,IACT,MAAQ;AAAA,EACV;AAAA,EACA,KAAO;AAAA,IACL,OAAS;AAAA,EACX;AAAA,EACA,OAAS;AAAA,IACP;AAAA,EACF;AAAA,EACA,SAAW;AAAA,IACT,OAAS;AAAA,IACT,WAAa;AAAA,IACb,MAAQ;AAAA,IACR,KAAO;AAAA,EACT;AAAA,EACA,cAAgB;AAAA,IACd,oBAAoB;AAAA,IACpB,OAAS;AAAA,IACT,cAAc;AAAA,IACd,WAAa;AAAA,IACb,MAAQ;AAAA,EACV;AAAA,EACA,sBAAwB;AAAA,IACtB,gBAAgB;AAAA,EAClB;AAAA,EACA,iBAAmB;AAAA,IACjB,eAAe;AAAA,IACf,MAAQ;AAAA,IACR,YAAc;AAAA,IACd,QAAU;AAAA,EACZ;AACF;;;AH7BO,IAAM,gBAAgB,IAAIC,UAAQ,QAAQ,EAC9C,YAAY,sDAAsD,EAClE,OAAO,MAAM;AACZ,UAAQ,IAAI,oBAAoB,gBAAI,OAAO,EAAE;AAC7C,UAAQ,IAAI,yBAAyB;AACrC,MAAI;AACJ,MAAI;AAEF,aAAS,aAAa,OAAO,CAAC,QAAQ,aAAa,SAAS,GAAG,EAAE,SAAS,KAAQ,OAAO,KAAK,CAAC,EAC5F,SAAS,EACT,KAAK;AAAA,EACV,QAAQ;AACN,YAAQ,MAAM,2CAA2C;AACzD,YAAQ,MAAM,gCAAgC,WAAW,EAAE;AAC3D,YAAQ,KAAK,CAAC;AAAA,EAChB;AAEA,MAAI,CAAC,eAAe,QAAQ,gBAAI,OAAO,GAAG;AACxC,YAAQ,IAAI,kCAAkC,gBAAI,OAAO,IAAI;AAC7D;AAAA,EACF;AAEA,UAAQ,IAAI,YAAY,gBAAI,OAAO,WAAM,MAAM,KAAK;AACpD,MAAI;AACF,iBAAa,OAAO,CAAC,WAAW,MAAM,GAAG,WAAW,SAAS,GAAG;AAAA,MAC9D,SAAS;AAAA,MACT,OAAO;AAAA,MACP,OAAO;AAAA,IACT,CAAC;AACD,YAAQ,IAAI,cAAc,MAAM,GAAG;AAAA,EACrC,SAAS,KAAK;AACZ,YAAQ,MAAM,kBAAkB,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC,EAAE;AAClF,YAAQ,MAAM,gCAAgC,WAAW,EAAE;AAC3D,YAAQ,KAAK,CAAC;AAAA,EAChB;AACF,CAAC;;;AIzCH,SAAS,WAAAC,iBAAe;AAajB,IAAM,gBAAgB,IAAIC,UAAQ,QAAQ,EAC9C,YAAY,iCAAiC,EAC7C,OAAO,iBAA+B;AACrC,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,KAAK,MAAM,OAAO,QAAoB,OAAO,aAAa;AAEhE,MAAI,UAAU,IAAI,MAAM,QAAQ;AAC9B,YAAQ,IAAI,KAAK,UAAU,IAAI,MAAM,CAAC,CAAC;AACvC;AAAA,EACF;AAEA,UAAQ,IAAI,mBAAmB,GAAG,SAAS,EAAE;AAC7C,MAAI,GAAG,MAAO,SAAQ,IAAI,mBAAmB,GAAG,KAAK,EAAE;AACvD,MAAI,GAAG,QAAS,SAAQ,IAAI,mBAAmB,GAAG,OAAO,EAAE;AAC3D,MAAI,GAAG,OAAQ,SAAQ,IAAI,mBAAmB,GAAG,MAAM,EAAE;AACzD,UAAQ,IAAI,mBAAmB,GAAG,cAAc,EAAE;AAClD,MAAI,GAAG,QAAQ,GAAG,KAAK,SAAS,GAAG;AACjC,YAAQ,IAAI,gBAAgB;AAC5B,eAAW,KAAK,GAAG,MAAM;AACvB,cAAQ,IAAI,KAAK,EAAE,IAAI,KAAK,EAAE,MAAM,YAAO,EAAE,IAAI,EAAE;AAAA,IACrD;AAAA,EACF;AACF,CAAC;;;ACnCH,SAAS,WAAAC,iBAAe;AAqBjB,IAAM,gBAAgB,IAAIC,UAAQ,QAAQ,EAC9C,YAAY,sDAAsD,EAClE,OAAO,iBAA+B;AACrC,QAAM,SAAS,WAAW;AAC1B,QAAM,WAAW,MAAM,gBAAgB;AACvC,QAAM,YAAY,iBAAiB,gBAAI,OAAO;AAI9C,MAAI,aAA6B;AACjC,MAAI,KAAwB;AAC5B,MAAI,UAAU;AACZ,QAAI;AACF,WAAK,MAAM,IAAI,UAAU,EAAE,QAAoB,OAAO,aAAa;AACnE,mBAAa;AAAA,IACf,SAAS,KAAK;AACZ,UAAI,eAAe,aAAa,IAAI,WAAW,OAAO,IAAI,WAAW,KAAM,cAAa;AAAA,IAC1F;AAAA,EACF;AAEA,QAAM,WAA2B;AAAA,IAC/B,WAAW;AAAA,IACX,aAAa;AAAA,IACb,SAAS,OAAO;AAAA,IAChB,WAAW,IAAI,aAAa;AAAA,IAC5B,OAAO,IAAI,SAAS;AAAA,IACpB,QAAQ,IAAI,UAAU;AAAA,IACtB,QAAQ,IAAI,kBAAkB;AAAA,IAC9B,KAAK,EAAE,SAAS,gBAAI,SAAS,QAAQ,UAAU;AAAA,EACjD;AAEA,MAAI,UAAU,IAAI,MAAM,QAAQ;AAC9B,YAAQ,IAAI,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAC7C;AAAA,EACF;AAEA,MAAI,CAAC,UAAU;AACb,YAAQ,IAAI,mCAAmC;AAC/C,YAAQ,IAAI,QAAQ,OAAO,OAAO,EAAE;AACpC,QAAI,UAAW,SAAQ,IAAI,QAAQ,gBAAI,OAAO,aAAa,SAAS,+BAA0B;AAC9F;AAAA,EACF;AAEA,QAAM,cACJ,eAAe,OACX,gBACA,eAAe,QACb,+DACA;AACR,UAAQ,IAAI,YAAY,IAAI,QAAQ,OAAO,GAAG,KAAK,KAAK,EAAE,WAAM,WAAW,EAAE;AAC7E,UAAQ,IAAI,QAAQ,OAAO,OAAO,EAAE;AACpC,MAAI,IAAI,UAAW,SAAQ,IAAI,SAAS,GAAG,SAAS,EAAE;AACtD,MAAI,IAAI,OAAQ,SAAQ,IAAI,QAAQ,GAAG,MAAM,EAAE;AAC/C,MAAI,IAAI,eAAgB,SAAQ,IAAI,WAAW,GAAG,cAAc,EAAE;AAClE,MAAI,UAAW,SAAQ,IAAI,QAAQ,gBAAI,OAAO,aAAa,SAAS,+BAA0B;AAChG,CAAC;;;ApCnDI,IAAM,UAAU,IAAIC,UAAQ,OAAO,EACvC,YAAY,iDAA4C,EACxD,QAAQ,gBAAI,OAAO,EACnB,OAAO,mBAAmB,aAAa,EACvC,OAAO,qBAAqB,gCAAgC,OAAO,EACnE,OAAO,UAAU,6BAA6B;AAEjD,QAAQ,WAAW,YAAY;AAC/B,QAAQ,WAAW,aAAa;AAChC,QAAQ,WAAW,aAAa;AAChC,QAAQ,WAAW,aAAa;AAChC,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,kBAAkB;AACrC,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,UAAU;AAC7B,QAAQ,WAAW,oBAAoB;AACvC,QAAQ,WAAW,wBAAwB;AAC3C,QAAQ,WAAW,yBAAyB;AAC5C,QAAQ,WAAW,kBAAkB;AACrC,QAAQ,WAAW,YAAY;AAC/B,QAAQ,WAAW,eAAe;AAClC,QAAQ,WAAW,YAAY;AAC/B,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,aAAa;AAChC,QAAQ,WAAW,cAAc;AACjC,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,YAAY;AAC/B,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,aAAa;;;AqCrDhC,SAAS,WAAAC,UAAS,UAAU,YAAY;AAMxC,IAAI,SAA8B;AAElC,SAAS,SAA6B;AACpC,MAAI,QAAQ,IAAI,0BAA0B,EAAG,QAAO;AACpD,SAAO,QAAQ,IAAI,sBAAsB,KAAK;AAChD;AAaO,SAAS,UAAqC,OAAU,MAAiB;AAC9E,QAAM,OAAO,KAAK,QAAQ,WAAW,EAAE;AACvC,MAAI,CAAC,KAAM,QAAO;AAClB,QAAM,KAAK,IAAI,OAAO,KAAK,QAAQ,uBAAuB,MAAM,IAAI,iBAAiB,GAAG;AACxF,QAAM,QAAQ,CAAC,MAAsB,EAAE,QAAQ,IAAI,GAAG;AACtD,aAAW,SAAS,MAAM,WAAW,UAAU,CAAC,GAAG;AACjD,QAAI,MAAM,MAAO,OAAM,QAAQ,MAAM,MAAM,KAAK;AAChD,eAAW,SAAS,MAAM,YAAY,UAAU,CAAC,GAAG;AAClD,UAAI,MAAM,SAAU,OAAM,WAAW,MAAM,MAAM,QAAQ;AACzD,UAAI,MAAM,SAAU,OAAM,WAAW,MAAM,MAAM,QAAQ;AAAA,IAC3D;AAAA,EACF;AACA,SAAO;AACT;AAOA,eAAsB,cAAcC,UAA6B,SAAgC;AAC/F,MAAI,OAAQ;AACZ,QAAM,MAAM,OAAO;AACnB,MAAI,CAAC,IAAK;AACV,MAAI;AACF,UAAM,MAAM,MAAM,OAAO,cAAc;AACvC,UAAM,OAAOC,SAAQ;AACrB,QAAI,KAAK;AAAA,MACP;AAAA,MACA,kBAAkB;AAAA,MAClB,SAAS,aAAa,OAAO;AAAA,MAC7B,aAAa;AAAA,MACb,qBAAqB;AAAA,MACrB,YAAY,CAAC,UAAU,UAAU,OAAO,IAAI;AAAA,IAC9C,CAAC;AACD,QAAI,OAAO,WAAWD,YAAW,SAAS;AAC1C,QAAI,OAAO,gBAAgB,QAAQ,OAAO;AAC1C,QAAI,OAAO,eAAe,SAAS,CAAC;AACpC,QAAI,OAAO,WAAW,KAAK,CAAC;AAC5B,aAAS;AAAA,EACX,QAAQ;AACN,aAAS;AAAA,EACX;AACF;AAGO,SAAS,iBAAiB,KAAoB;AACnD,MAAI,CAAC,OAAQ;AACb,MAAI,eAAe,YAAY,IAAI,WAAY;AAC/C,MAAI;AACF,WAAO,iBAAiB,GAAG;AAAA,EAC7B,QAAQ;AAAA,EAER;AACF;AAGA,eAAsB,iBAAgC;AACpD,MAAI,CAAC,OAAQ;AACb,MAAI;AACF,UAAM,OAAO,MAAM,GAAI;AAAA,EACzB,QAAQ;AAAA,EAER;AACA,WAAS;AACX;;;ACnFA,IAAM,oBAAoB,CAAC,aAAa,MAAM,UAAU,MAAM,QAAQ,QAAQ;AAC9E,IAAM,UAAU,QAAQ,KAAK,CAAC;AAE9B,eAAe,OAAsB;AACnC,QAAM,cAAc,SAAS,gBAAI,OAAO;AACxC,QAAM,QAAQ,WAAW;AACzB,MAAI,WAAW,CAAC,kBAAkB,SAAS,OAAO,GAAG;AACnD,oBAAgB,gBAAI,OAAO;AAAA,EAC7B;AACF;AAEA,KAAK,EACF,KAAK,MAAM,eAAe,CAAC,EAC3B,MAAM,OAAO,QAAQ;AACpB,iBAAe,GAAG;AAClB,mBAAiB,GAAG;AACpB,QAAM,eAAe;AACrB,UAAQ,KAAK,CAAC;AAChB,CAAC;","names":["Command","Command","Command","Command","readFileSync","Command","Command","Command","Command","Command","Command","readFileSync","Command","readFileSync","Command","Command","Command","Command","Command","Command","Command","readFileSync","Command","readFileSync","Command","Command","randomUUID","Command","Command","randomUUID","Command","Command","Command","Command","Command","Command","writeFileSync","Command","Command","Command","readFileSync","readFileSync","Command","Command","Command","Command","Command","Command","readFileSync","writeFileSync","mkdirSync","join","join","readFileSync","mkdirSync","writeFileSync","Command","Command","Command","Command","Command","Command","homedir","command","homedir"]}
|