rekor-cli 0.1.38 → 0.1.40

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.js +26 -7
  2. package/dist/index.js.map +1 -1
  3. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -12,19 +12,20 @@ import { join } from "path";
12
12
  import { homedir } from "os";
13
13
  var CONFIG_DIR = join(homedir(), ".config", "rekor");
14
14
  var CONFIG_FILE = join(CONFIG_DIR, "config.json");
15
+ var DEFAULT_API_URL = "https://api.rekor.pro";
15
16
  function loadConfig() {
16
17
  const envUrl = process.env["REKOR_API_URL"];
17
18
  try {
18
19
  const raw = readFileSync(CONFIG_FILE, "utf-8");
19
20
  const stored = JSON.parse(raw);
20
21
  return {
21
- api_url: envUrl ?? stored.api_url ?? "http://localhost:8787",
22
+ api_url: envUrl ?? stored.api_url ?? DEFAULT_API_URL,
22
23
  default_database: stored.default_database,
23
24
  org_id: stored.org_id
24
25
  };
25
26
  } catch {
26
27
  return {
27
- api_url: envUrl ?? "http://localhost:8787"
28
+ api_url: envUrl ?? DEFAULT_API_URL
28
29
  };
29
30
  }
30
31
  }
@@ -628,11 +629,12 @@ import { Command as Command2 } from "commander";
628
629
 
629
630
  // src/errors.ts
630
631
  var ApiError = class extends Error {
631
- constructor(status, message, code, body) {
632
+ constructor(status, message, code, body, baseUrl) {
632
633
  super(message);
633
634
  this.status = status;
634
635
  this.code = code;
635
636
  this.body = body;
637
+ this.baseUrl = baseUrl;
636
638
  this.name = "ApiError";
637
639
  }
638
640
  /** 4xx are user-facing (bad input, auth, quota) — not bugs worth reporting. */
@@ -640,11 +642,27 @@ var ApiError = class extends Error {
640
642
  return this.status >= 400 && this.status < 500;
641
643
  }
642
644
  };
645
+ function issuerMismatch(err) {
646
+ const details = err.body?.error?.details;
647
+ if (details && typeof details === "object" && details.reason === "issuer_not_trusted") {
648
+ const expected = details.expected_issuer;
649
+ return { expectedIssuer: typeof expected === "string" ? expected : void 0 };
650
+ }
651
+ if (/issuer not recognized|signing key not found/i.test(err.message)) return {};
652
+ return null;
653
+ }
643
654
  function friendlyHint(err) {
644
655
  if (!(err instanceof ApiError)) return null;
645
656
  switch (err.status) {
646
- case 401:
647
- return "Authentication failed or session expired. Run `rekor login`.";
657
+ case 401: {
658
+ const at = err.baseUrl ? ` at ${err.baseUrl}` : "";
659
+ const mismatch = issuerMismatch(err);
660
+ if (mismatch) {
661
+ const trusts = mismatch.expectedIssuer ? ` It trusts tokens from ${mismatch.expectedIssuer}.` : "";
662
+ return `The backend${at} does not recognize your token's issuer \u2014 your login likely belongs to a different environment than this backend.${trusts} Check REKOR_API_URL (and your configured api_url), then run \`rekor login\` against the matching environment.`;
663
+ }
664
+ return `Authentication failed or session expired${at}. Run \`rekor login\`.`;
665
+ }
648
666
  case 402:
649
667
  return "Quota exceeded for your plan. Review usage or upgrade your plan.";
650
668
  case 403:
@@ -702,7 +720,8 @@ var ApiClient = class {
702
720
  res.status,
703
721
  parsed?.error?.message ?? `HTTP ${res.status}`,
704
722
  parsed?.error?.code,
705
- parsed
723
+ parsed,
724
+ this.baseUrl
706
725
  );
707
726
  }
708
727
  return parsed?.data;
@@ -1698,7 +1717,7 @@ function checkForUpdates(current) {
1698
1717
  // package.json
1699
1718
  var package_default = {
1700
1719
  name: "rekor-cli",
1701
- version: "0.1.38",
1720
+ version: "0.1.40",
1702
1721
  type: "module",
1703
1722
  engines: {
1704
1723
  node: ">=20.0.0"
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/program.ts","../src/commands/login.ts","../src/config.ts","../src/token-store.ts","../src/oauth.ts","../src/auth.ts","../src/pkce.ts","../src/env.ts","../src/commands/logout.ts","../src/errors.ts","../src/client.ts","../src/commands/databases.ts","../src/output.ts","../src/helpers.ts","../src/prompt.ts","../src/commands/collections.ts","../src/commands/documents.ts","../src/commands/sql.ts","../src/commands/relationships.ts","../src/commands/relationship-types.ts","../src/commands/query-relationships.ts","../src/commands/attachments.ts","../src/commands/hooks.ts","../src/commands/triggers.ts","../src/commands/endpoints.ts","../src/commands/batch.ts","../src/commands/providers.ts","../src/commands/tokens.ts","../src/commands/secrets.ts","../src/commands/admin.ts","../src/commands/report.ts","../src/commands/update.ts","../src/version.ts","../src/version-check.ts","../package.json","../src/commands/whoami.ts","../src/commands/status.ts","../src/telemetry.ts","../src/index.ts"],"sourcesContent":["import { Command } from 'commander';\nimport { loginCommand } from './commands/login.js';\nimport { logoutCommand } from './commands/logout.js';\nimport { databasesCommand } from './commands/databases.js';\nimport { collectionsCommand } from './commands/collections.js';\nimport { documentsCommand } from './commands/documents.js';\nimport { sqlCommand } from './commands/sql.js';\nimport { relationshipsCommand } from './commands/relationships.js';\nimport { relationshipTypesCommand } from './commands/relationship-types.js';\nimport { queryRelationshipsCommand } from './commands/query-relationships.js';\nimport { attachmentsCommand } from './commands/attachments.js';\nimport { hooksCommand } from './commands/hooks.js';\nimport { triggersCommand } from './commands/triggers.js';\nimport { endpointsCommand } from './commands/endpoints.js';\nimport { batchCommand } from './commands/batch.js';\nimport { providersCommand } from './commands/providers.js';\nimport { tokensCommand } from './commands/tokens.js';\nimport { secretsCommand } from './commands/secrets.js';\nimport { adminCommand } from './commands/admin.js';\nimport { reportCommand } from './commands/report.js';\nimport { updateCommand } from './commands/update.js';\nimport { whoamiCommand } from './commands/whoami.js';\nimport { statusCommand } from './commands/status.js';\nimport pkg from '../package.json' with { type: 'json' };\n\nexport const program = new Command('rekor')\n .description('Rekor CLI — System of Record for AI agents')\n .version(pkg.version)\n .option('--database <id>', 'Database ID')\n .option('--output <format>', 'Output format: json or table', 'table')\n .option('--json', 'Shorthand for --output json');\n\nprogram.addCommand(loginCommand);\nprogram.addCommand(logoutCommand);\nprogram.addCommand(whoamiCommand);\nprogram.addCommand(statusCommand);\nprogram.addCommand(databasesCommand);\nprogram.addCommand(collectionsCommand);\nprogram.addCommand(documentsCommand);\nprogram.addCommand(sqlCommand);\nprogram.addCommand(relationshipsCommand);\nprogram.addCommand(relationshipTypesCommand);\nprogram.addCommand(queryRelationshipsCommand);\nprogram.addCommand(attachmentsCommand);\nprogram.addCommand(hooksCommand);\nprogram.addCommand(triggersCommand);\nprogram.addCommand(batchCommand);\nprogram.addCommand(providersCommand);\nprogram.addCommand(tokensCommand);\nprogram.addCommand(secretsCommand);\nprogram.addCommand(endpointsCommand);\nprogram.addCommand(adminCommand);\nprogram.addCommand(reportCommand);\nprogram.addCommand(updateCommand);\n","import { Command } from 'commander';\nimport { login } from '../auth.js';\nimport { loadConfig, saveConfig } from '../config.js';\nimport {\n exchangeCodeForTokens,\n expiresInToIso,\n refreshTokenMissingWarning,\n startCallbackServer,\n getAuthKitDomain,\n getAuthKitClientId,\n OAUTH_CALLBACK_PORT,\n} from '../oauth.js';\nimport {\n generateCodeVerifier,\n generateCodeChallenge,\n generateState,\n} from '../pkce.js';\nimport { setOAuthTokens } from '../token-store.js';\nimport { isSSH } from '../env.js';\n\nconst FALLBACK_URL_DELAY_MS = 5_000;\n\nexport const loginCommand = new Command('login')\n .description('Authenticate with Rekor')\n .option('--token <token>', 'API key for headless/CI authentication (rec_...)')\n .option('--api-url <url>', 'API base URL')\n .action(async (opts: { token?: string; apiUrl?: string }) => {\n if (opts.token) {\n await login(opts.token, opts.apiUrl);\n console.log('Authenticated successfully');\n return;\n }\n\n // Let failures propagate to the top-level handler so the error prints cleanly and\n // telemetry flushes (a local process.exit here would bypass both).\n await browserLoginPkce(opts.apiUrl);\n console.log('Authenticated successfully');\n });\n\nasync function browserLoginPkce(apiUrl?: string): Promise<void> {\n const codeVerifier = generateCodeVerifier();\n const codeChallenge = generateCodeChallenge(codeVerifier);\n const state = generateState();\n\n const port = OAUTH_CALLBACK_PORT;\n const redirectUri = `http://127.0.0.1:${port}/callback`;\n\n const authkitDomain = getAuthKitDomain();\n const clientId = getAuthKitClientId();\n\n const authorizeUrl = new URL(`${authkitDomain}/oauth2/authorize`);\n authorizeUrl.searchParams.set('client_id', clientId);\n authorizeUrl.searchParams.set('redirect_uri', redirectUri);\n authorizeUrl.searchParams.set('response_type', 'code');\n authorizeUrl.searchParams.set('code_challenge', codeChallenge);\n authorizeUrl.searchParams.set('code_challenge_method', 'S256');\n authorizeUrl.searchParams.set('state', state);\n // offline_access asks AuthKit to issue a refresh_token alongside the access_token —\n // without it the CLI would re-prompt every ~1h when the access token expires.\n authorizeUrl.searchParams.set('scope', 'openid profile email offline_access');\n\n // Start the callback server first so the redirect can land.\n const callbackPromise = startCallbackServer(port, state);\n\n let fallbackTimer: ReturnType<typeof setTimeout> | undefined;\n if (isSSH()) {\n // No usable browser over SSH — print the URL up front instead of auto-opening.\n console.log('SSH session detected. Open this URL in a browser to authenticate:');\n console.log(authorizeUrl.toString());\n } else {\n console.log('Opening browser for authentication...');\n const open = await import('open').then(m => m.default);\n\n // open() resolves on spawn, not browser launch — print a fallback URL after a delay.\n let fallbackPrinted = false;\n fallbackTimer = setTimeout(() => {\n fallbackPrinted = true;\n console.log(`If the browser didn't open, visit: ${authorizeUrl.toString()}`);\n }, FALLBACK_URL_DELAY_MS);\n\n open(authorizeUrl.toString()).catch(() => {\n if (fallbackPrinted) return;\n clearTimeout(fallbackTimer);\n console.log('Could not open browser automatically.');\n console.log(`Visit: ${authorizeUrl.toString()}`);\n });\n }\n\n let code: string;\n try {\n ({ code } = await callbackPromise);\n } finally {\n if (fallbackTimer) clearTimeout(fallbackTimer);\n }\n\n const tokens = await exchangeCodeForTokens(authkitDomain, clientId, code, codeVerifier, redirectUri);\n const expiresAt = expiresInToIso(tokens.expires_in);\n await setOAuthTokens(tokens.access_token, tokens.refresh_token, expiresAt);\n\n const noRefreshWarning = refreshTokenMissingWarning(tokens.refresh_token);\n if (noRefreshWarning) console.warn(noRefreshWarning);\n\n const config = loadConfig();\n saveConfig({\n ...config,\n api_url: apiUrl ?? config.api_url,\n });\n}\n","import { readFileSync, writeFileSync, mkdirSync } from 'fs';\nimport { join } from 'path';\nimport { homedir } from 'os';\n\nconst CONFIG_DIR = join(homedir(), '.config', 'rekor');\nconst CONFIG_FILE = join(CONFIG_DIR, 'config.json');\n\nexport interface Config {\n api_url: string;\n default_database?: string;\n org_id?: string;\n}\n\ninterface ConfigFile extends Config {\n // Tokens may linger here from older CLI versions until token-store migrates them.\n token?: string;\n [key: string]: unknown;\n}\n\nexport function loadConfig(): Config {\n const envUrl = process.env['REKOR_API_URL'];\n\n try {\n const raw = readFileSync(CONFIG_FILE, 'utf-8');\n const stored = JSON.parse(raw) as ConfigFile;\n return {\n api_url: envUrl ?? stored.api_url ?? 'http://localhost:8787',\n default_database: stored.default_database,\n org_id: stored.org_id,\n };\n } catch {\n return {\n api_url: envUrl ?? 'http://localhost:8787',\n };\n }\n}\n\nexport function saveConfig(config: Config): void {\n mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });\n let existing: ConfigFile = {} as ConfigFile;\n try {\n existing = JSON.parse(readFileSync(CONFIG_FILE, 'utf-8')) as ConfigFile;\n } catch {\n existing = {} as ConfigFile;\n }\n const merged: ConfigFile = { ...existing, ...config };\n writeFileSync(CONFIG_FILE, JSON.stringify(merged, null, 2), { mode: 0o600 });\n}\n\nexport { CONFIG_DIR, CONFIG_FILE };\n","import * as fs from 'node:fs';\nimport { CONFIG_DIR, CONFIG_FILE } from './config.js';\n\nconst KEYRING_SERVICE = 'rekor';\nconst KEY_REC = 'rec_token';\nconst KEY_OAUTH_ACCESS = 'oauth_access_token';\nconst KEY_OAUTH_REFRESH = 'oauth_refresh_token';\n\ninterface KeyringBinding {\n getPassword(service: string, account: string): Promise<string | null>;\n setPassword(service: string, account: string, password: string): Promise<void>;\n deletePassword(service: string, account: string): Promise<boolean>;\n}\n\nlet keyringCache: KeyringBinding | null | undefined;\n\nasync function getKeyring(): Promise<KeyringBinding | null> {\n if (keyringCache !== undefined) return keyringCache;\n try {\n const mod = await import('@napi-rs/keyring');\n const Entry = mod.Entry;\n keyringCache = {\n async getPassword(service, account) {\n try { return new Entry(service, account).getPassword(); } catch { return null; }\n },\n async setPassword(service, account, password) {\n new Entry(service, account).setPassword(password);\n },\n async deletePassword(service, account) {\n try { return new Entry(service, account).deletePassword(); } catch { return false; }\n },\n };\n } catch {\n keyringCache = null;\n }\n return keyringCache;\n}\n\nfunction manualCleanupCommand(account: string): string {\n if (process.platform === 'darwin') {\n return `security delete-generic-password -s ${KEYRING_SERVICE} -a ${account}`;\n }\n if (process.platform === 'win32') {\n return `cmdkey /delete:${KEYRING_SERVICE}/${account}`;\n }\n if (process.platform === 'linux') {\n return `secret-tool clear service ${KEYRING_SERVICE} account ${account}`;\n }\n return `(remove service=\"${KEYRING_SERVICE}\" account=\"${account}\" from your OS credential store)`;\n}\n\ninterface LegacyConfigFile {\n api_url?: string;\n token?: string;\n access_token?: string;\n refresh_token?: string;\n token_expires_at?: string;\n default_database?: string;\n org_id?: string;\n [key: string]: unknown;\n}\n\nfunction readConfigFile(): LegacyConfigFile | null {\n if (!fs.existsSync(CONFIG_FILE)) return null;\n try {\n return JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf-8')) as LegacyConfigFile;\n } catch {\n return null;\n }\n}\n\nfunction writeConfigFile(data: LegacyConfigFile): void {\n if (!fs.existsSync(CONFIG_DIR)) {\n fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });\n }\n fs.writeFileSync(CONFIG_FILE, JSON.stringify(data, null, 2), { mode: 0o600 });\n}\n\n// Delete reported success but get still returned a value — the keychain ignored the delete.\nexport class StaleKeyringSlotError extends Error {\n constructor(public readonly account: string) {\n super(\n `Stale credential remains in OS keychain slot \"${account}\" after delete. ` +\n `Clean it up manually and retry:\\n ${manualCleanupCommand(account)}`,\n );\n this.name = 'StaleKeyringSlotError';\n }\n}\n\nasync function clearSlot(keyring: KeyringBinding, account: string): Promise<boolean> {\n await keyring.deletePassword(KEYRING_SERVICE, account);\n try {\n return (await keyring.getPassword(KEYRING_SERVICE, account)) === null;\n } catch {\n return false;\n }\n}\n\nexport type ResolvedToken =\n | { kind: 'rec'; token: string }\n | { kind: 'oauth'; access_token: string; refresh_token?: string; expires_at?: string };\n\nfunction stripTokenFieldsFromFile(): void {\n const existing = readConfigFile();\n if (!existing) return;\n if (existing.token === undefined && existing.access_token === undefined && existing.refresh_token === undefined) return;\n delete existing.token;\n delete existing.access_token;\n delete existing.refresh_token;\n writeConfigFile(existing);\n}\n\nfunction readMetadataExpiresAt(): string | undefined {\n return readConfigFile()?.token_expires_at;\n}\n\nfunction writeMetadataExpiresAt(value: string | undefined): void {\n const existing = readConfigFile() ?? {};\n if (value === undefined) {\n delete existing.token_expires_at;\n } else {\n existing.token_expires_at = value;\n }\n writeConfigFile(existing);\n}\n\nasync function migrateLegacyFileToken(keyring: KeyringBinding | null): Promise<ResolvedToken | null> {\n const existing = readConfigFile();\n if (!existing) return null;\n\n // Prefer OAuth fields if present (newer file-fallback format), else legacy `token`.\n if (existing.access_token) {\n const out: ResolvedToken = {\n kind: 'oauth',\n access_token: existing.access_token,\n refresh_token: existing.refresh_token,\n expires_at: existing.token_expires_at,\n };\n if (keyring) {\n try {\n // Keyring wins on conflict — only migrate if slots are empty.\n const accessExisting = await keyring.getPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS);\n if (!accessExisting) {\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS, existing.access_token);\n if (existing.refresh_token) {\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_REFRESH, existing.refresh_token);\n }\n }\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip legacy OAuth tokens from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n } catch (err) {\n console.warn(`rekor: OAuth migration to keychain failed (${(err as Error).message}); continuing with file-backed.`);\n }\n }\n return out;\n }\n\n if (existing.token) {\n const token = existing.token;\n if (!keyring) return { kind: 'rec', token };\n try {\n const recExisting = await keyring.getPassword(KEYRING_SERVICE, KEY_REC);\n if (recExisting) {\n // Keyring wins — strip stale file copy.\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip stale token from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n return null;\n }\n await keyring.setPassword(KEYRING_SERVICE, KEY_REC, token);\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip legacy token from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n } catch (err) {\n console.warn(`rekor: keychain migration failed (${(err as Error).message}); continuing with file-backed token.`);\n }\n return { kind: 'rec', token };\n }\n\n return null;\n}\n\n// Read order: REKOR_TOKEN env → rec_ slot → OAuth slot. rec_ wins so an OAuth fallback can't silently switch identities.\nexport async function getResolvedToken(): Promise<ResolvedToken | null> {\n const envToken = process.env['REKOR_TOKEN'];\n if (envToken) {\n // Always rec-kind — preserves `REKOR_TOKEN=dev` for DEV_BYPASS_AUTH and avoids the OAuth refresh path on plain strings.\n return { kind: 'rec', token: envToken };\n }\n\n const keyring = await getKeyring();\n const migrated = await migrateLegacyFileToken(keyring);\n if (migrated) return migrated;\n\n if (keyring) {\n // All three slots in parallel — rec_ wins read precedence but probing sequentially would block on empty slots.\n const [rec, access, refresh] = await Promise.all([\n keyring.getPassword(KEYRING_SERVICE, KEY_REC),\n keyring.getPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS),\n keyring.getPassword(KEYRING_SERVICE, KEY_OAUTH_REFRESH),\n ]);\n if (rec) return { kind: 'rec', token: rec };\n if (access) {\n const out: ResolvedToken = { kind: 'oauth', access_token: access };\n if (refresh) out.refresh_token = refresh;\n const expiresAt = readMetadataExpiresAt();\n if (expiresAt) out.expires_at = expiresAt;\n return out;\n }\n }\n\n return null;\n}\n\n// Backwards-compatible single-string accessor for callers that don't need the kind.\nexport async function getToken(): Promise<string | null> {\n const resolved = await getResolvedToken();\n if (!resolved) return null;\n return resolved.kind === 'rec' ? resolved.token : resolved.access_token;\n}\n\nexport async function setToken(token: string): Promise<void> {\n await setRecToken(token);\n}\n\nexport async function setRecToken(token: string): Promise<void> {\n const keyring = await getKeyring();\n if (keyring) {\n try {\n // Clear OAuth slots first — a stale OAuth would survive `rekor logout` and confuse mode-switch debugging.\n const [accessCleared, refreshCleared] = await Promise.all([\n clearSlot(keyring, KEY_OAUTH_ACCESS),\n clearSlot(keyring, KEY_OAUTH_REFRESH),\n ]);\n const stuck = [\n accessCleared ? null : KEY_OAUTH_ACCESS,\n refreshCleared ? null : KEY_OAUTH_REFRESH,\n ].filter((a): a is string => a !== null);\n if (stuck.length > 0) {\n console.warn(\n [\n `rekor: stale OAuth credential remains in OS keychain after delete. Commands work but logout won't fully clear. Manually:`,\n ...stuck.map(a => ` ${manualCleanupCommand(a)}`),\n ].join('\\n'),\n );\n }\n await keyring.setPassword(KEYRING_SERVICE, KEY_REC, token);\n writeMetadataExpiresAt(undefined);\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip stale tokens from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n return;\n } catch (err) {\n if (err instanceof StaleKeyringSlotError) throw err;\n console.warn(`rekor: keychain write failed (${(err as Error).message}); falling back to file storage.`);\n }\n }\n const existing = readConfigFile() ?? {};\n delete existing.access_token;\n delete existing.refresh_token;\n delete existing.token_expires_at;\n existing.token = token;\n writeConfigFile(existing);\n}\n\nexport async function setOAuthTokens(\n accessToken: string,\n refreshToken: string | undefined,\n expiresAt: string,\n): Promise<void> {\n const keyring = await getKeyring();\n if (keyring) {\n try {\n // rec_ wins the read race — a leftover would mask new OAuth tokens; verify empty after delete and fail loudly.\n if (!(await clearSlot(keyring, KEY_REC))) {\n throw new StaleKeyringSlotError(KEY_REC);\n }\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS, accessToken);\n if (refreshToken) {\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_REFRESH, refreshToken);\n } else {\n // Best-effort clear of any stale refresh slot when the new pair has none.\n await clearSlot(keyring, KEY_OAUTH_REFRESH);\n }\n writeMetadataExpiresAt(expiresAt);\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip stale tokens from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n return;\n } catch (err) {\n // StaleKeyringSlotError propagates — file fallback won't help if the keyring still holds rec_.\n if (err instanceof StaleKeyringSlotError) throw err;\n console.warn(`rekor: keychain write failed (${(err as Error).message}); falling back to file storage.`);\n }\n }\n const existing = readConfigFile() ?? {};\n delete existing.token;\n existing.access_token = accessToken;\n if (refreshToken) existing.refresh_token = refreshToken;\n existing.token_expires_at = expiresAt;\n writeConfigFile(existing);\n}\n\nexport async function clearToken(): Promise<void> {\n await clearAllTokens();\n}\n\nexport async function clearAllTokens(): Promise<void> {\n const keyring = await getKeyring();\n if (keyring) {\n const slots = [KEY_REC, KEY_OAUTH_ACCESS, KEY_OAUTH_REFRESH] as const;\n const cleared = await Promise.all(slots.map(s => clearSlot(keyring, s)));\n for (const [i, ok] of cleared.entries()) {\n if (!ok) {\n const account = slots[i]!;\n console.warn(\n `rekor: could not clear keychain slot \"${account}\". Subsequent commands may still pick the stale token. Manually:\\n ${manualCleanupCommand(account)}`,\n );\n }\n }\n }\n const existing = readConfigFile();\n if (existing) {\n let dirty = false;\n for (const k of ['token', 'access_token', 'refresh_token', 'token_expires_at'] as const) {\n if (existing[k] !== undefined) {\n delete existing[k];\n dirty = true;\n }\n }\n if (dirty) writeConfigFile(existing);\n }\n}\n\nexport function __setKeyringForTesting(binding: KeyringBinding | null): void {\n keyringCache = binding;\n}\n\nexport function __resetKeyringForTesting(): void {\n keyringCache = undefined;\n}\n","import * as http from 'node:http';\n\n// Fixed port for the OAuth redirect URI — must match what's registered in WorkOS AuthKit.\nexport const OAUTH_CALLBACK_PORT = 3927;\n\nconst DEFAULT_AUTHKIT_DOMAIN = 'https://engaging-tip-62.authkit.app';\nconst DEFAULT_AUTHKIT_CLIENT_ID = 'client_01KSMZJ6YN7VAKTP2BW41V56SZ';\n\nexport function getAuthKitDomain(): string {\n return process.env['REKOR_AUTHKIT_DOMAIN'] || DEFAULT_AUTHKIT_DOMAIN;\n}\n\nexport function getAuthKitClientId(): string {\n return process.env['REKOR_AUTHKIT_CLIENT_ID'] || DEFAULT_AUTHKIT_CLIENT_ID;\n}\n\nexport interface TokenResponse {\n access_token: string;\n refresh_token?: string;\n expires_in: number;\n}\n\nexport function expiresInToIso(expiresInSeconds: number): string {\n return new Date(Date.now() + expiresInSeconds * 1000).toISOString();\n}\n\n// AuthKit only returns a refresh_token when the app is configured to issue them (offline_access).\n// Without one, the short-lived access token can't be silently renewed — the session dies within\n// minutes and every command fails until the next `rekor login`. Surface that at login time rather\n// than letting the user discover it via a confusing mid-session auth failure.\nexport function refreshTokenMissingWarning(refreshToken: string | undefined): string | null {\n if (refreshToken) return null;\n return (\n 'Signed in, but no refresh token was issued — this session will expire shortly and you will ' +\n 'need to run `rekor login` again. Enable refresh tokens (offline_access) on the WorkOS AuthKit ' +\n 'application to keep CLI sessions alive.'\n );\n}\n\nfunction asTokenResponse(value: unknown): TokenResponse {\n if (typeof value !== 'object' || value === null) {\n throw new Error('AuthKit returned a non-object token payload');\n }\n const v = value as Partial<TokenResponse>;\n if (typeof v.access_token !== 'string' || typeof v.expires_in !== 'number') {\n throw new Error('AuthKit token payload missing required fields');\n }\n const out: TokenResponse = { access_token: v.access_token, expires_in: v.expires_in };\n if (typeof v.refresh_token === 'string') out.refresh_token = v.refresh_token;\n return out;\n}\n\nexport async function exchangeCodeForTokens(\n authkitDomain: string,\n clientId: string,\n code: string,\n codeVerifier: string,\n redirectUri: string,\n): Promise<TokenResponse> {\n const response = await fetch(`${authkitDomain}/oauth2/token`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: new URLSearchParams({\n grant_type: 'authorization_code',\n code,\n code_verifier: codeVerifier,\n redirect_uri: redirectUri,\n client_id: clientId,\n }).toString(),\n });\n\n if (!response.ok) {\n const body = await response.text();\n throw new Error(`Token exchange failed (${response.status}): ${body}`);\n }\n\n return asTokenResponse(await response.json());\n}\n\nexport class SessionExpiredError extends Error {\n constructor() {\n super('SESSION_EXPIRED');\n this.name = 'SessionExpiredError';\n }\n}\n\nexport async function refreshAccessToken(\n authkitDomain: string,\n clientId: string,\n refreshToken: string,\n): Promise<TokenResponse> {\n const response = await fetch(`${authkitDomain}/oauth2/token`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: new URLSearchParams({\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n client_id: clientId,\n }).toString(),\n });\n\n if (!response.ok) {\n const status = response.status;\n const body = await response.text();\n\n if (status === 400 || status === 401) {\n try {\n const parsed = JSON.parse(body) as { error?: string };\n if (parsed.error === 'invalid_grant') throw new SessionExpiredError();\n } catch (err) {\n if (err instanceof SessionExpiredError) throw err;\n // Non-JSON body — fall through to generic error.\n }\n }\n\n throw new Error(`Token refresh failed (${status}): ${body}`);\n }\n\n return asTokenResponse(await response.json());\n}\n\nexport function startCallbackServer(\n port: number,\n expectedState: string,\n timeoutMs: number = 120_000,\n): Promise<{ code: string }> {\n return new Promise((resolve, reject) => {\n let handled = false;\n const server = http.createServer((req, res) => {\n const url = new URL(req.url || '/', `http://127.0.0.1:${port}`);\n if (url.pathname !== '/callback') {\n res.writeHead(404);\n res.end();\n return;\n }\n\n if (handled) {\n res.writeHead(409);\n res.end();\n return;\n }\n\n const code = url.searchParams.get('code');\n const state = url.searchParams.get('state');\n const error = url.searchParams.get('error');\n const errorDescription = url.searchParams.get('error_description');\n\n if (error) {\n handled = true;\n res.writeHead(400, { 'Content-Type': 'text/html' });\n res.end(errorPage(errorDescription || error));\n cleanup();\n reject(new Error(`OAuth error: ${errorDescription || error}`));\n return;\n }\n\n if (state !== expectedState) {\n handled = true;\n res.writeHead(400, { 'Content-Type': 'text/html' });\n res.end(errorPage('Invalid state parameter'));\n cleanup();\n reject(new Error('OAuth state mismatch — possible CSRF attempt'));\n return;\n }\n\n if (!code) {\n handled = true;\n res.writeHead(400, { 'Content-Type': 'text/html' });\n res.end(errorPage('No authorization code received'));\n cleanup();\n reject(new Error('No authorization code received'));\n return;\n }\n\n handled = true;\n res.writeHead(200, { 'Content-Type': 'text/html' });\n res.end(successPage());\n cleanup();\n resolve({ code });\n });\n\n const timeout = setTimeout(() => {\n cleanup();\n reject(new Error('Timed out waiting for login. Run `rekor login` again.'));\n }, timeoutMs);\n\n function cleanup(): void {\n clearTimeout(timeout);\n server.close();\n }\n\n server.on('error', (err: NodeJS.ErrnoException) => {\n cleanup();\n if (err.code === 'EADDRINUSE') {\n reject(new Error(`Port ${port} is in use. Close the other process and retry.`));\n } else {\n reject(err);\n }\n });\n\n server.listen(port, '127.0.0.1');\n });\n}\n\nfunction successPage(): string {\n return `<!DOCTYPE html>\n<html><head><title>Rekor CLI</title></head>\n<body style=\"font-family: system-ui, sans-serif; display: flex; align-items: center; justify-content: center; min-height: 100vh; margin: 0; background: #fafafa;\">\n <div style=\"text-align: center;\">\n <h1 style=\"font-size: 1.25rem; font-weight: 600;\">Authentication successful</h1>\n <p style=\"color: #666; margin-top: 0.5rem;\">You can close this tab and return to your terminal.</p>\n </div>\n</body></html>`;\n}\n\n// `message` comes from OAuth redirect params — encode so a compromised IdP can't inject HTML into the localhost page.\nfunction escapeHtml(input: string): string {\n return input\n .replace(/&/g, '&amp;')\n .replace(/</g, '&lt;')\n .replace(/>/g, '&gt;')\n .replace(/\"/g, '&quot;')\n .replace(/'/g, '&#39;');\n}\n\nfunction errorPage(message: string): string {\n return `<!DOCTYPE html>\n<html><head><title>Rekor CLI</title></head>\n<body style=\"font-family: system-ui, sans-serif; display: flex; align-items: center; justify-content: center; min-height: 100vh; margin: 0; background: #fafafa;\">\n <div style=\"text-align: center;\">\n <h1 style=\"font-size: 1.25rem; font-weight: 600; color: #dc2626;\">Authentication failed</h1>\n <p style=\"color: #666; margin-top: 0.5rem;\">${escapeHtml(message)}</p>\n </div>\n</body></html>`;\n}\n","import { loadConfig, saveConfig } from './config.js';\nimport { getResolvedToken, setRecToken, setOAuthTokens, clearAllTokens, type ResolvedToken } from './token-store.js';\nimport { refreshAccessToken, expiresInToIso, getAuthKitDomain, getAuthKitClientId, SessionExpiredError } from './oauth.js';\n\n/** Persist a pasted rec_ token (CI / headless path). */\nexport async function login(token: string, apiUrl?: string): Promise<void> {\n await setRecToken(token);\n const config = loadConfig();\n saveConfig({\n ...config,\n api_url: apiUrl ?? config.api_url,\n });\n}\n\nconst REFRESH_LEEWAY_MS = 60_000;\n\n// Returns a valid access token; silently refreshes OAuth tokens within 60s of expiry.\nexport async function getAccessToken(): Promise<string | null> {\n const resolved = await getResolvedToken();\n if (!resolved) return null;\n\n if (resolved.kind === 'rec') return resolved.token;\n\n // OAuth path — refresh if near expiry. Missing/unparseable expires_at: assume valid, let the API surface a real 401.\n const expiresAtMs = resolved.expires_at ? new Date(resolved.expires_at).getTime() : Number.NaN;\n if (!Number.isFinite(expiresAtMs) || expiresAtMs > Date.now() + REFRESH_LEEWAY_MS) {\n return resolved.access_token;\n }\n if (!resolved.refresh_token) {\n throw new Error('Access token expired and no refresh token available. Run `rekor login` again.');\n }\n\n try {\n const result = await refreshAccessToken(getAuthKitDomain(), getAuthKitClientId(), resolved.refresh_token);\n const newExpiresAt = expiresInToIso(result.expires_in);\n await setOAuthTokens(result.access_token, result.refresh_token ?? resolved.refresh_token, newExpiresAt);\n return result.access_token;\n } catch (err) {\n if (err instanceof SessionExpiredError) {\n await clearAllTokens();\n throw new Error('Session expired. Run `rekor login` again.');\n }\n throw err;\n }\n}\n\n/** Auth kind for the current credential, without resolving the token itself. Used by logout to decide if it should call the revoke endpoint. */\nexport async function currentAuthKind(): Promise<ResolvedToken['kind'] | null> {\n const resolved = await getResolvedToken();\n return resolved?.kind ?? null;\n}\n\nexport async function isAuthenticated(): Promise<boolean> {\n return (await getResolvedToken()) !== null;\n}\n","import * as crypto from 'node:crypto';\n\nexport function generateCodeVerifier(): string {\n return crypto.randomBytes(32).toString('base64url');\n}\n\nexport function generateCodeChallenge(verifier: string): string {\n return crypto.createHash('sha256').update(verifier).digest().toString('base64url');\n}\n\nexport function generateState(): string {\n return crypto.randomBytes(16).toString('base64url');\n}\n","/** Environment detection helpers for adapting CLI UX to CI, pipes, and remote sessions. */\n\nexport function isCI(): boolean {\n return Boolean(process.env['CI']);\n}\n\n/** True when both stdin and stdout are TTYs — safe to render interactive prompts. */\nexport function isInteractive(): boolean {\n return Boolean(process.stdin.isTTY && process.stdout.isTTY);\n}\n\n/** True when running inside an SSH session — browser auto-open won't reach the user. */\nexport function isSSH(): boolean {\n return Boolean(process.env['SSH_CONNECTION'] || process.env['SSH_TTY']);\n}\n","import { Command } from 'commander';\nimport { clearAllTokens } from '../token-store.js';\nimport { currentAuthKind } from '../auth.js';\nimport { ApiClient } from '../client.js';\n\nexport const logoutCommand = new Command('logout')\n .description('Remove stored authentication credentials')\n .action(async () => {\n const kind = await currentAuthKind();\n\n // For OAuth sessions, ask the backend to revoke the WorkOS session so cross-device\n // logout works. Best-effort — errors don't block local credential cleanup.\n if (kind === 'oauth') {\n try {\n const client = new ApiClient();\n await client.request('POST', '/v1/auth/logout');\n } catch (err) {\n console.warn(`rekor: server-side logout failed (${err instanceof Error ? err.message : 'unknown'}); clearing local credentials anyway.`);\n }\n }\n\n await clearAllTokens();\n console.log('Logged out successfully');\n });\n","/** Error raised by the API client carrying the HTTP status so callers can branch and hint. */\nexport class ApiError extends Error {\n constructor(\n public readonly status: number,\n message: string,\n public readonly code?: string,\n public readonly body?: unknown,\n ) {\n super(message);\n this.name = 'ApiError';\n }\n\n /** 4xx are user-facing (bad input, auth, quota) — not bugs worth reporting. */\n get isExpected(): boolean {\n return this.status >= 400 && this.status < 500;\n }\n}\n\n/** A short actionable line for a known failure, or null when the raw message is enough. */\nexport function friendlyHint(err: unknown): string | null {\n if (!(err instanceof ApiError)) return null;\n switch (err.status) {\n case 401:\n return 'Authentication failed or session expired. Run `rekor login`.';\n case 402:\n return 'Quota exceeded for your plan. Review usage or upgrade your plan.';\n case 403:\n return 'Access denied. Your token may lack permission for this resource.';\n case 429:\n return 'Rate limited. Wait a moment and try again.';\n default:\n if (err.status >= 500) return 'Rekor server error. Try again shortly.';\n return null;\n }\n}\n\n/** Print a clean `Error: …` line plus a hint when we have one. Never prints a stack trace. */\nexport function handleCliError(err: unknown): void {\n const message = err instanceof Error ? err.message : String(err);\n console.error(`Error: ${message}`);\n const hint = friendlyHint(err);\n if (hint) console.error(hint);\n}\n","import { loadConfig } from './config.js';\nimport { getAccessToken } from './auth.js';\nimport { ApiError } from './errors.js';\n\nexport class ApiClient {\n readonly baseUrl: string;\n private _tokenPromise: Promise<string | null> | undefined;\n\n constructor() {\n const config = loadConfig();\n this.baseUrl = config.api_url;\n }\n\n private getToken(): Promise<string | null> {\n if (!this._tokenPromise) this._tokenPromise = getAccessToken();\n return this._tokenPromise;\n }\n\n private async authHeaders(): Promise<Record<string, string>> {\n const token = await this.getToken();\n return token ? { 'Authorization': `Bearer ${token}` } : {};\n }\n\n async request<T = unknown>(method: string, path: string, body?: unknown): Promise<T> {\n const res = await fetch(`${this.baseUrl}${path}`, {\n method,\n headers: {\n ...(await this.authHeaders()),\n 'Content-Type': 'application/json',\n },\n body: body ? JSON.stringify(body) : undefined,\n });\n\n // Read the body once as text — error/204 responses may be empty or non-JSON, and\n // an unconditional res.json() would throw before we can map the status to an ApiError.\n const text = await res.text();\n let parsed: { data?: T; error?: { message?: string; code?: string } } | undefined;\n if (text) {\n try {\n parsed = JSON.parse(text) as typeof parsed;\n } catch {\n parsed = undefined;\n }\n }\n\n if (!res.ok) {\n throw new ApiError(\n res.status,\n parsed?.error?.message ?? `HTTP ${res.status}`,\n parsed?.error?.code,\n parsed,\n );\n }\n return parsed?.data as T;\n }\n\n async uploadFile(url: string, body: BodyInit, contentType: string): Promise<void> {\n const res = await fetch(url, {\n method: 'PUT',\n headers: {\n ...(await this.authHeaders()),\n 'Content-Type': contentType,\n },\n body,\n });\n if (!res.ok) {\n throw new ApiError(res.status, `Upload failed: HTTP ${res.status}`);\n }\n }\n}\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const databasesCommand = new Command('databases')\n .description('Manage databases');\n\ndatabasesCommand.command('list')\n .description('List all databases')\n .option('--tag <tag>', 'Filter by tag')\n .action(async function (this: Command, opts: { tag?: string }) {\n const client = new ApiClient();\n const qs = opts.tag ? `?tag=${encodeURIComponent(opts.tag)}` : '';\n const data = await client.request('GET', `/v1/databases${qs}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('get <id>')\n .description('Get a database')\n .action(async function (this: Command, id: string) {\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/databases/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('create <id>')\n .description('Create a database')\n .requiredOption('--name <name>', 'Database name')\n .option('--description <desc>', 'Description')\n .option('--tags <tags>', 'Comma-separated tags (e.g., client:acme,billing)')\n .action(async function (this: Command, id: string, opts: { name: string; description?: string; tags?: string }) {\n const client = new ApiClient();\n const body: Record<string, unknown> = {\n name: opts.name,\n description: opts.description,\n };\n if (opts.tags) {\n body['tags'] = opts.tags.split(',').map(t => t.trim());\n }\n const data = await client.request('PUT', `/v1/databases/${id}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('tag <id>')\n .description('Set tags on a database')\n .requiredOption('--tags <tags>', 'Comma-separated tags (e.g., client:acme,billing)')\n .action(async function (this: Command, id: string, opts: { tags: string }) {\n const client = new ApiClient();\n const data = await client.request('PUT', `/v1/databases/${id}`, {\n tags: opts.tags.split(',').map(t => t.trim()),\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('delete <id>')\n .description('Delete a database')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async (id: string, opts: { yes?: boolean }) => {\n if (!opts.yes && !(await confirm(`Delete database \"${id}\"? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const client = new ApiClient();\n await client.request('DELETE', `/v1/databases/${id}`);\n console.log('Deleted');\n });\n\n// --- Environment commands ---\n\ndatabasesCommand.command('create-preview <production-id>')\n .description('Create a preview database linked to a production database')\n .requiredOption('--name <name>', 'Preview database name')\n .option('--description <desc>', 'Description')\n .action(async function (this: Command, productionId: string, opts: { name: string; description?: string }) {\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${productionId}/preview`, {\n name: opts.name,\n description: opts.description,\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('list-previews <production-id>')\n .description('List preview databases for a production database')\n .action(async function (this: Command, productionId: string) {\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${productionId}/previews`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('promote <production-id>')\n .description('Promote config from a preview database to production (human-only)')\n .requiredOption('--from <preview-id>', 'Source preview database ID')\n .option('--dry-run', 'Show what would change without applying')\n .option('--collections <ids>', 'Comma-separated collection IDs to promote', (v: string) => v.split(','))\n .option('--triggers <ids>', 'Comma-separated trigger IDs to promote', (v: string) => v.split(','))\n .option('--hooks <ids>', 'Comma-separated hook IDs to promote', (v: string) => v.split(','))\n .action(async function (\n this: Command,\n productionId: string,\n opts: { from: string; dryRun?: boolean; collections?: string[]; triggers?: string[]; hooks?: string[] },\n ) {\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${productionId}/promote`, {\n source_database_id: opts.from,\n dry_run: opts.dryRun ?? false,\n collections: opts.collections,\n triggers: opts.triggers,\n hooks: opts.hooks,\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('rollback <production-id>')\n .description('Rollback a promotion (human-only)')\n .requiredOption('--promotion <promotion-id>', 'Promotion ID to rollback')\n .action(async function (this: Command, productionId: string, opts: { promotion: string }) {\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${productionId}/promote/rollback`, {\n promotion_id: opts.promotion,\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('promotions <production-id>')\n .description('List promotion history for a production database')\n .action(async function (this: Command, productionId: string) {\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${productionId}/promotions`);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import chalk from 'chalk';\nimport Table from 'cli-table3';\n\nexport type OutputFormat = 'json' | 'table';\n\nexport function formatOutput(data: unknown, format: OutputFormat): string {\n if (format === 'json') {\n return JSON.stringify(data, null, 2);\n }\n\n if (Array.isArray(data)) {\n return formatTable(data as Record<string, unknown>[]);\n }\n\n if (typeof data === 'object' && data !== null) {\n return formatKeyValue(data as Record<string, unknown>);\n }\n\n return String(data);\n}\n\nfunction formatTable(rows: Record<string, unknown>[]): string {\n if (rows.length === 0) return chalk.dim('No results');\n\n const keys = Object.keys(rows[0]!);\n const table = new Table({ head: keys.map(k => chalk.bold(k)) });\n\n for (const row of rows) {\n table.push(keys.map(k => {\n const val = row[k];\n if (val === null || val === undefined) return '';\n if (typeof val === 'object') return JSON.stringify(val);\n return String(val);\n }));\n }\n\n return table.toString();\n}\n\nfunction formatKeyValue(obj: Record<string, unknown>): string {\n const table = new Table();\n for (const [key, value] of Object.entries(obj)) {\n const displayValue = typeof value === 'object' ? JSON.stringify(value) : String(value ?? '');\n table.push({ [chalk.bold(key)]: displayValue });\n }\n return table.toString();\n}\n","import { readFileSync } from 'fs';\nimport { Command } from 'commander';\nimport { type OutputFormat } from './output.js';\n\nexport function parseData(data: string): Record<string, unknown> {\n if (data.startsWith('@')) {\n const content = readFileSync(data.slice(1), 'utf-8');\n return JSON.parse(content) as Record<string, unknown>;\n }\n return JSON.parse(data) as Record<string, unknown>;\n}\n\nexport function getDatabase(cmd: Command): string {\n // Walk up the command chain to find --database on the root program\n let current: Command | null = cmd;\n while (current) {\n const ws = current.opts().database as string | undefined;\n if (ws) return ws;\n current = current.parent;\n }\n console.error('Error: --database is required');\n return process.exit(1);\n}\n\nexport function getFormat(cmd: Command): OutputFormat {\n // The global --output / --json flags live only on the root program. Commander\n // routes them to the root regardless of nesting depth or whether they appear\n // before or after the subcommand, so we resolve from the root rather than a\n // fixed parent.parent walk (which missed the root on 4-level commands like\n // `admin report list`). Reading the root also avoids picking up a subcommand's\n // own same-named --output (e.g. `providers export --output <file>`).\n let root: Command = cmd;\n while (root.parent) root = root.parent;\n const opts = root.opts();\n // Compare against 'json' rather than casting opts.output through, so an\n // unrecognized --output value falls back to 'table' instead of a bogus format.\n return opts.json || opts.output === 'json' ? 'json' : 'table';\n}\n","import * as readline from 'node:readline';\nimport { isInteractive } from './env.js';\n\n/**\n * Yes/no confirmation. When stdin/stdout aren't a TTY (pipes, CI) it resolves to `true`\n * immediately so non-interactive callers keep their existing non-blocking behavior — guard\n * destructive paths with an explicit `--yes` flag, not this prompt, for scripts.\n */\nexport function confirm(question: string, opts: { defaultYes?: boolean } = {}): Promise<boolean> {\n if (!isInteractive()) return Promise.resolve(true);\n\n const suffix = opts.defaultYes ? '[Y/n]' : '[y/N]';\n const rl = readline.createInterface({ input: process.stdin, output: process.stdout });\n return new Promise((resolve) => {\n rl.question(`${question} ${suffix}: `, (answer) => {\n rl.close();\n const a = answer.trim().toLowerCase();\n if (a === '') return resolve(Boolean(opts.defaultYes));\n resolve(a === 'y' || a === 'yes');\n });\n });\n}\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const collectionsCommand = new Command('collections')\n .description('Manage collections');\n\ncollectionsCommand.command('list')\n .description('List all collections in a database')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/collections`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ncollectionsCommand.command('get <id>')\n .description('Get a collection')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/collections/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ncollectionsCommand.command('upsert <id>')\n .description('Create or update a collection')\n .requiredOption('--name <name>', 'Collection name')\n .option('--description <desc>', 'Description')\n .option('--schema <json>', 'JSON Schema (inline JSON or @filename)')\n .option('--icon <icon>', 'Icon name')\n .option('--color <color>', 'Hex color')\n .option('--sources <json>', 'External sources config (inline JSON or @filename)')\n .action(async function (this: Command, id: string, opts: { name: string; description?: string; schema?: string; icon?: string; color?: string; sources?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const body: Record<string, unknown> = { name: opts.name };\n if (opts.description) body['description'] = opts.description;\n if (opts.schema) body['json_schema'] = parseData(opts.schema);\n if (opts.icon) body['icon'] = opts.icon;\n if (opts.color) body['color'] = opts.color;\n if (opts.sources) body['sources'] = parseData(opts.sources);\n const data = await client.request('PUT', `/v1/${ws}/collections/${id}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ncollectionsCommand.command('delete <id>')\n .description('Delete a collection')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete collection \"${id}\"? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/collections/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const documentsCommand = new Command('documents')\n .description('Manage documents');\n\ndocumentsCommand.command('upsert <collection>')\n .description('Create or update a document')\n .requiredOption('--data <json>', 'Record data (inline JSON or @filename)')\n .option('--id <id>', 'Internal document ID (UUID) to update a known document')\n .option('--external-id <id>', 'External/agent-supplied ID for idempotent upsert')\n .option('--external-source <source>', 'Source system for external_id (e.g. stripe)')\n .action(async function (this: Command, collection: string, opts: { data: string; id?: string; externalId?: string; externalSource?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const body: Record<string, unknown> = { data: parseData(opts.data) };\n if (opts.externalId) body['external_id'] = opts.externalId;\n if (opts.externalSource) body['external_source'] = opts.externalSource;\n const path = opts.id\n ? `/v1/${ws}/documents/${collection}/${opts.id}`\n : `/v1/${ws}/documents/${collection}`;\n const data = await client.request('PUT', path, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndocumentsCommand.command('query <collection>')\n .description('List/search documents: exact filters + fuzzy `search`, sorting, pagination')\n .option('--filter <json>', 'Filter DSL expression (inline JSON or @filename). Use the `search` operator for fuzzy matching.')\n .option('--sort <json>', 'Sort expressions (inline JSON or @filename), e.g. [{\"field\":\"data.created\",\"direction\":\"desc\"}]')\n .option('--fields <list>', 'Comma-separated field projection')\n .option('--limit <n>', 'Max results')\n .option('--offset <n>', 'Pagination offset')\n .action(async function (this: Command, collection: string, opts: { filter?: string; sort?: string; fields?: string; limit?: string; offset?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const qs = new URLSearchParams();\n if (opts.filter) qs.set('filter', JSON.stringify(parseData(opts.filter)));\n if (opts.sort) qs.set('sort', JSON.stringify(parseData(opts.sort)));\n if (opts.fields) qs.set('fields', opts.fields);\n if (opts.limit) qs.set('limit', opts.limit);\n if (opts.offset) qs.set('offset', opts.offset);\n const q = qs.toString();\n const data = await client.request('GET', `/v1/${ws}/documents/${collection}${q ? `?${q}` : ''}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndocumentsCommand.command('get <collection> <id>')\n .description('Get a document by ID')\n .action(async function (this: Command, collection: string, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/documents/${collection}/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndocumentsCommand.command('delete <collection> <id>')\n .description('Delete a document')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, collection: string, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete document ${collection}/${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/documents/${collection}/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { readFileSync } from 'fs';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\n\nexport const sqlCommand = new Command('sql')\n .description('Execute a read-only SQL query against database data')\n .argument('[query]', 'SQL query (SELECT only)')\n .option('--file <path>', 'Read SQL from a file instead of argument')\n .option('--param <kv...>', 'Named parameters as key=value pairs (e.g., --param status=issued)')\n .action(async function (this: Command, queryArg: string | undefined, opts: { file?: string; param?: string[] }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n\n let query: string;\n if (opts.file) {\n query = readFileSync(opts.file, 'utf-8').trim();\n } else if (queryArg) {\n query = queryArg;\n } else {\n console.error('Error: provide a SQL query as argument or via --file');\n process.exit(1);\n }\n\n const params: Record<string, unknown> = {};\n if (opts.param) {\n for (const kv of opts.param) {\n const eqIdx = kv.indexOf('=');\n if (eqIdx === -1) {\n console.error(`Error: invalid param format \"${kv}\", expected key=value`);\n process.exit(1);\n }\n params[kv.slice(0, eqIdx)] = kv.slice(eqIdx + 1);\n }\n }\n\n const body: Record<string, unknown> = { query };\n if (Object.keys(params).length > 0) body.params = params;\n\n const data = await client.request('POST', `/v1/${ws}/sql`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const relationshipsCommand = new Command('relationships')\n .description('Manage relationships between documents');\n\nrelationshipsCommand.command('upsert')\n .description('Create or update a relationship')\n .requiredOption('--source <collection/id>', 'Source document (collection/id)')\n .requiredOption('--target <collection/id>', 'Target document (collection/id)')\n .requiredOption('--type <type>', 'Relationship type')\n .option('--id <id>', 'Relationship ID')\n .option('--data <json>', 'Relationship metadata (inline JSON or @filename)')\n .action(async function (this: Command, opts: { source: string; target: string; type: string; id?: string; data?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const [sourceCollection, sourceId] = opts.source.split('/');\n const [targetCollection, targetId] = opts.target.split('/');\n const body: Record<string, unknown> = {\n rel_type: opts.type,\n source_collection: sourceCollection,\n source_id: sourceId,\n target_collection: targetCollection,\n target_id: targetId,\n };\n if (opts.id) body['id'] = opts.id;\n if (opts.data) body['data'] = parseData(opts.data);\n const path = opts.id ? `/v1/${ws}/relationships/${opts.id}` : `/v1/${ws}/relationships`;\n const data = await client.request('PUT', path, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nrelationshipsCommand.command('get <id>')\n .description('Get a relationship by ID')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/relationships/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nrelationshipsCommand.command('delete <id>')\n .description('Delete a relationship')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete relationship ${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/relationships/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const relationshipTypesCommand = new Command('relationship-types')\n .description('Manage relationship types (the schema for a relationship\\'s metadata)');\n\nrelationshipTypesCommand.command('list')\n .description('List all relationship types in a database')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/relationship-types`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nrelationshipTypesCommand.command('get <rel_type>')\n .description('Get a relationship type')\n .action(async function (this: Command, relType: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/relationship-types/${relType}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nrelationshipTypesCommand.command('upsert <rel_type>')\n .description('Create or update a relationship type')\n .option('--description <desc>', 'Description')\n .option('--schema <json>', 'JSON Schema for the relationship data (inline JSON or @filename). Omit to allow any data.')\n .option('--source-collections <json>', 'JSON array of allowed source collections (inline JSON or @filename)')\n .option('--target-collections <json>', 'JSON array of allowed target collections (inline JSON or @filename)')\n .action(async function (this: Command, relType: string, opts: { description?: string; schema?: string; sourceCollections?: string; targetCollections?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const body: Record<string, unknown> = {};\n if (opts.description) body['description'] = opts.description;\n if (opts.schema) body['data_schema'] = parseData(opts.schema);\n if (opts.sourceCollections) body['source_collections'] = parseData(opts.sourceCollections);\n if (opts.targetCollections) body['target_collections'] = parseData(opts.targetCollections);\n const data = await client.request('PUT', `/v1/${ws}/relationship-types/${relType}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nrelationshipTypesCommand.command('delete <rel_type>')\n .description('Delete a relationship type')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, relType: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete relationship type \"${relType}\"? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/relationship-types/${relType}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\n\nexport const queryRelationshipsCommand = new Command('query-relationships')\n .description('Query related documents')\n .argument('<collection>', 'Collection of the source document')\n .argument('<id>', 'Source document ID')\n .option('--type <type>', 'Filter by relationship type')\n .option('--direction <dir>', 'Direction: outgoing, incoming, or both', 'both')\n .option('--limit <n>', 'Max results', '50')\n .option('--offset <n>', 'Skip results', '0')\n .action(async function (this: Command, collection: string, id: string, opts: { type?: string; direction: string; limit: string; offset: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const params = new URLSearchParams();\n if (opts.type) params.set('rel_type', opts.type);\n // Map user-friendly direction names to backend API terms\n const directionMap: Record<string, string> = { outgoing: 'source', incoming: 'target', both: 'both' };\n params.set('direction', directionMap[opts.direction] ?? opts.direction);\n params.set('limit', opts.limit);\n params.set('offset', opts.offset);\n const data = await client.request('GET', `/v1/${ws}/documents/${collection}/${id}/related?${params.toString()}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { readFileSync } from 'node:fs';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const attachmentsCommand = new Command('attachments')\n .description('Manage document attachments');\n\nattachmentsCommand.command('upload <collection> <id>')\n .description('Get a presigned upload URL for a document attachment. With --file, uploads the file content in one step.')\n .requiredOption('--filename <name>', 'File name or path (e.g. docs/guide.md)')\n .option('--content-type <type>', 'MIME type', 'application/octet-stream')\n .option('--file <path>', 'Local file to upload (skips presigned URL output, uploads directly)')\n .action(async function (this: Command, collection: string, id: string, opts: { filename: string; contentType: string; file?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${ws}/documents/${collection}/${id}/attachments`, {\n filename: opts.filename,\n content_type: opts.contentType,\n }) as { upload_url: string; [key: string]: unknown };\n\n if (opts.file) {\n const body = readFileSync(opts.file);\n const uploadUrl = data.upload_url.startsWith('http') ? data.upload_url : `${client.baseUrl}${data.upload_url}`;\n await client.uploadFile(uploadUrl, body, opts.contentType);\n console.log(formatOutput({ ...data, uploaded: true }, getFormat(this)));\n } else {\n console.log(formatOutput(data, getFormat(this)));\n }\n });\n\nattachmentsCommand.command('url <collection> <id>')\n .description('Get a download URL for an attachment by filename')\n .requiredOption('--filename <name>', 'File name or path (e.g. docs/guide.md)')\n .action(async function (this: Command, collection: string, id: string, opts: { filename: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const attachments = await client.request<Array<{ key: string; size: number; uploaded: string }>>('GET', `/v1/${ws}/documents/${collection}/${id}/attachments`);\n const match = attachments.find(a => a.key.endsWith(`/${opts.filename}`));\n if (!match) {\n throw new Error(`Attachment \"${opts.filename}\" not found`);\n }\n const downloadUrl = `${client.baseUrl}/v1/${ws}/attachments/${match.key}`;\n console.log(formatOutput({ download_url: downloadUrl, ...match }, getFormat(this)));\n });\n\nattachmentsCommand.command('list <collection> <id>')\n .description('List attachments for a document')\n .option('--prefix <path>', 'Filter by path prefix (e.g. docs/)')\n .action(async function (this: Command, collection: string, id: string, opts: { prefix?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const query = opts.prefix ? `?prefix=${encodeURIComponent(opts.prefix)}` : '';\n const data = await client.request('GET', `/v1/${ws}/documents/${collection}/${id}/attachments${query}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nattachmentsCommand.command('delete <collection> <id> <attachment-id>')\n .description('Delete an attachment')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, collection: string, id: string, attachmentId: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete attachment ${attachmentId} on ${collection}/${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/documents/${collection}/${id}/attachments/${attachmentId}`);\n console.log('Deleted');\n });\n","import { randomUUID } from 'crypto';\nimport { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const hooksCommand = new Command('hooks')\n .description('Manage inbound webhook endpoints');\n\nhooksCommand.command('create')\n .description('Create a new inbound hook')\n .requiredOption('--name <name>', 'Hook name')\n .requiredOption('--secret <secret>', 'HMAC shared secret')\n .option('--id <id>', 'Hook ID (auto-generated if omitted)')\n .option('--collection-scope <collections>', 'Comma-separated collection scope')\n .action(async function (this: Command, opts: { name: string; secret: string; id?: string; collectionScope?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const hookId = opts.id ?? randomUUID();\n const body: Record<string, unknown> = {\n name: opts.name,\n secret: opts.secret,\n enabled: true,\n };\n if (opts.collectionScope) {\n body['collection_scope'] = opts.collectionScope.split(',');\n }\n const data = await client.request('PUT', `/v1/${ws}/hooks/${hookId}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nhooksCommand.command('get <id>')\n .description('Get a hook')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/hooks/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nhooksCommand.command('list')\n .description('List all hooks')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/hooks`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nhooksCommand.command('delete <id>')\n .description('Delete a hook')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete hook ${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/hooks/${id}`);\n console.log('Deleted');\n });\n","import { randomUUID } from 'crypto';\nimport { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const triggersCommand = new Command('triggers')\n .description('Manage outbound triggers');\n\ntriggersCommand.command('create')\n .description('Create an outbound trigger')\n .requiredOption('--name <name>', 'Trigger name')\n .requiredOption('--url <url>', 'Target URL')\n .requiredOption('--secret <secret>', 'HMAC signing secret')\n .requiredOption('--events <events>', 'Comma-separated event types')\n .option('--id <id>', 'Trigger ID (auto-generated if omitted)')\n .option('--collection-scope <collections>', 'Comma-separated collection scope')\n .option('--filter <json>', 'Filter expression (JSON)')\n .action(async function (this: Command, opts: { name: string; url: string; secret: string; events: string; id?: string; collectionScope?: string; filter?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const triggerId = opts.id ?? randomUUID();\n const body: Record<string, unknown> = {\n name: opts.name,\n url: opts.url,\n secret: opts.secret,\n events: opts.events.split(','),\n enabled: true,\n };\n if (opts.collectionScope) {\n body['collection_scope'] = opts.collectionScope.split(',');\n }\n if (opts.filter) {\n body['filter'] = JSON.parse(opts.filter);\n }\n const data = await client.request('PUT', `/v1/${ws}/triggers/${triggerId}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntriggersCommand.command('get <id>')\n .description('Get a trigger')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/triggers/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntriggersCommand.command('list')\n .description('List all triggers')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/triggers`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntriggersCommand.command('deliveries')\n .description('List trigger delivery attempts (status, retries, errors)')\n .option('--status <status>', 'Filter by status (pending | delivered | failed | dead)')\n .option('--trigger-id <id>', 'Filter by trigger id')\n .action(async function (this: Command, opts: { status?: string; triggerId?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const params = new URLSearchParams();\n if (opts.status) params.set('status', opts.status);\n if (opts.triggerId) params.set('trigger_id', opts.triggerId);\n const qs = params.toString();\n const data = await client.request('GET', `/v1/${ws}/triggers/deliveries${qs ? `?${qs}` : ''}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntriggersCommand.command('delete <id>')\n .description('Delete a trigger')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete trigger ${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/triggers/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const endpointsCommand = new Command('endpoints')\n .description('Manage MCP Factory endpoints');\n\nendpointsCommand.command('upsert <slug>')\n .description('Create or update an MCP endpoint')\n .option('--name <name>', 'Endpoint display name (required unless using --config)')\n .option('--description <desc>', 'Endpoint description')\n .option('--tool <spec>', 'Collection tool spec: collection:op1,op2 (repeatable)', collect, [])\n .option('--relationship <spec>', 'Relationship tool spec: rel_type:op1,op2 (repeatable)', collect, [])\n .option('--batch <spec>', 'Batch operation spec: collection_or_rel:op1,op2 (repeatable)', collect, [])\n .option('--sql-query', 'Enable sql_query tool')\n .option('--config <json>', 'Full endpoint config as JSON (supports name_override, description_override per tool). Use @file.json to read from file.')\n .action(async function (this: Command, slug: string, opts: {\n name?: string;\n description?: string;\n tool: string[];\n relationship: string[];\n batch: string[];\n sqlQuery?: boolean;\n config?: string;\n }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n\n let body: Record<string, unknown>;\n\n if (opts.config) {\n // Full JSON config — supports name_override, description_override per tool\n body = JSON.parse(opts.config);\n } else {\n if (!opts.name) {\n throw new Error('--name is required (or use --config for full JSON config)');\n }\n body = {\n name: opts.name,\n tools: opts.tool.map(parseToolSpec),\n };\n\n if (opts.description) body.description = opts.description;\n\n if (opts.relationship.length > 0) {\n body.relationships = opts.relationship.map(parseRelSpec);\n }\n\n if (opts.batch.length > 0) {\n const operations: Record<string, string[]> = {};\n for (const spec of opts.batch) {\n const parsed = parseSpec(spec);\n operations[parsed.key] = parsed.ops;\n }\n body.batch = { enabled: true, operations };\n }\n\n if (opts.sqlQuery) body.sql_query = true;\n }\n\n const data = await client.request('PUT', `/v1/${ws}/endpoints/${slug}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nendpointsCommand.command('get <slug>')\n .description('Get an endpoint')\n .option('--resolved', 'Include resolved collection schemas')\n .action(async function (this: Command, slug: string, opts: { resolved?: boolean }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const path = opts.resolved\n ? `/v1/${ws}/endpoints/${slug}/resolved`\n : `/v1/${ws}/endpoints/${slug}`;\n const data = await client.request('GET', path);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nendpointsCommand.command('list')\n .description('List all endpoints')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/endpoints`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nendpointsCommand.command('delete <slug>')\n .description('Delete an endpoint')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, slug: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete endpoint \"${slug}\"? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/endpoints/${slug}`);\n console.log('Deleted');\n });\n\nendpointsCommand.command('url <slug>')\n .description('Get the MCP connection URL for an endpoint')\n .option('--transport <type>', 'Transport: mcp or sse', 'mcp')\n .action((_slug: string, opts: { transport: string }) => {\n const transport = opts.transport === 'sse' ? 'sse' : 'mcp';\n console.log(`https://mcp.rekor.pro/e/${_slug}/${transport}`);\n });\n\n// ---- Helpers ----\n\nfunction collect(value: string, previous: string[]): string[] {\n return [...previous, value];\n}\n\nfunction parseSpec(spec: string): { key: string; ops: string[] } {\n const [key, opsStr] = spec.split(':');\n if (!key || !opsStr) {\n throw new Error(`Invalid spec '${spec}'. Expected format: name:op1,op2`);\n }\n return { key, ops: opsStr.split(',') };\n}\n\nfunction parseToolSpec(spec: string): Record<string, unknown> {\n const { key, ops } = parseSpec(spec);\n return { collection: key, operations: ops };\n}\n\nfunction parseRelSpec(spec: string): Record<string, unknown> {\n const { key, ops } = parseSpec(spec);\n return { rel_type: key, operations: ops };\n}\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\n\nexport const batchCommand = new Command('batch')\n .description('Execute atomic batch operations (up to 1,000 operations)')\n .requiredOption('--operations <json>', 'Operations array (inline JSON or @filename)')\n .action(async function (this: Command, opts: { operations: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const operations = parseData(opts.operations);\n const data = await client.request('POST', `/v1/${ws}/batch`, {\n operations: Array.isArray(operations) ? operations : [operations],\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\nconst VALID_PROVIDERS = 'openai, anthropic, google, mcp';\n\nexport const providersCommand = new Command('providers')\n .description('Import/export tool definitions between LLM providers and Record collections');\n\nprovidersCommand.command('import <provider>')\n .description(`Import tool definitions as collections. Providers: ${VALID_PROVIDERS}`)\n .requiredOption('--tools <json>', 'Tool definitions (inline JSON or @filename)')\n .action(async function (this: Command, provider: string, opts: { tools: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const tools = parseData(opts.tools);\n const data = await client.request('POST', `/v1/${ws}/providers/${provider}/import`, {\n tools: Array.isArray(tools) ? tools : [tools],\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\nprovidersCommand.command('export <provider>')\n .description(`Export collections as tool definitions. Providers: ${VALID_PROVIDERS}`)\n .option('--collections <ids>', 'Comma-separated collection IDs (omit for all)')\n .option('--output <file>', 'Write output to file')\n .action(async function (this: Command, provider: string, opts: { collections?: string; output?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const query = opts.collections ? `?collections=${opts.collections}` : '';\n const data = await client.request('GET', `/v1/${ws}/providers/${provider}/export${query}`);\n\n if (opts.output) {\n const { writeFileSync } = await import('fs');\n writeFileSync(opts.output, JSON.stringify(data, null, 2));\n console.log(`Written to ${opts.output}`);\n } else {\n console.log(formatOutput(data, getFormat(this)));\n }\n });\n\nprovidersCommand.command('import-call <provider> <collection>')\n .description(`Create a document from a tool call in provider format. Providers: ${VALID_PROVIDERS}`)\n .requiredOption('--data <json>', 'Tool call data in provider format (inline JSON or @filename)')\n .option('--external-id <id>', 'External ID for idempotent upsert')\n .option('--external-source <source>', 'External source identifier')\n .action(async function (this: Command, provider: string, collection: string, opts: { data: string; externalId?: string; externalSource?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const callData = parseData(opts.data);\n const queryParts: string[] = [];\n if (opts.externalId) queryParts.push(`external_id=${encodeURIComponent(opts.externalId)}`);\n if (opts.externalSource) queryParts.push(`external_source=${encodeURIComponent(opts.externalSource)}`);\n const qs = queryParts.length ? `?${queryParts.join('&')}` : '';\n const data = await client.request('POST', `/v1/${ws}/providers/${provider}/documents/${collection}${qs}`, callData);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getFormat } from '../helpers.js';\n\nexport const tokensCommand = new Command('tokens')\n .description('Manage API tokens');\n\ntokensCommand.command('create')\n .description('Create a scoped API token')\n .requiredOption('--name <name>', 'Token name')\n .requiredOption('--grants <json>', 'Grant definitions as JSON array')\n .option('--expires-at <date>', 'Expiration date (ISO 8601, e.g., 2026-06-01T00:00:00Z)')\n .action(async function (this: Command, opts: { name: string; grants: string; expiresAt?: string }) {\n const client = new ApiClient();\n let grants: unknown;\n try {\n grants = JSON.parse(opts.grants);\n } catch {\n throw new Error('--grants must be valid JSON');\n }\n const body: Record<string, unknown> = { name: opts.name, grants };\n if (opts.expiresAt) body.expires_at = opts.expiresAt;\n const data = await client.request('POST', '/v1/tokens', body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntokensCommand.command('list')\n .description('List API tokens')\n .action(async function (this: Command) {\n const client = new ApiClient();\n const data = await client.request('GET', '/v1/tokens');\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntokensCommand.command('revoke <token_id>')\n .description('Revoke an API token')\n .action(async function (this: Command, tokenId: string) {\n const client = new ApiClient();\n await client.request('DELETE', `/v1/tokens/${tokenId}`);\n console.log('Token revoked');\n });\n","import { Command } from 'commander';\nimport { readFileSync } from 'node:fs';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\n/**\n * Resolve a secret value from exactly one of `--value` (a plain string) or `--file` (the file's bytes,\n * base64-encoded — for certificates, keystores, or service-account JSON). Throws if neither or both given.\n */\nfunction resolveValue(opts: { value?: string; file?: string }): string {\n if ((opts.value === undefined) === (opts.file === undefined)) {\n throw new Error('provide exactly one of --value or --file');\n }\n if (opts.file !== undefined) return readFileSync(opts.file).toString('base64');\n return opts.value!;\n}\n\nexport const secretsCommand = new Command('secrets')\n .description('Manage organization vault secrets');\n\nsecretsCommand.command('create')\n .description('Store a vault secret (a string value, or a file via --file as base64)')\n .requiredOption('--name <name>', 'Secret name')\n .option('--value <value>', 'Secret value (plain string)')\n .option('--file <path>', 'Read the value from a file and base64-encode it (certificates, keystores, SA JSON)')\n .option('--content-type <mime>', 'MIME type of the value (e.g. application/x-pkcs12)')\n .option('--expires-at <date>', 'Expiry as ISO-8601 (e.g. 2027-01-01T00:00:00Z) — surfaced by `list --expiring`')\n .option('--tags <tags>', 'Comma-separated tags')\n .action(async function (this: Command, opts: { name: string; value?: string; file?: string; contentType?: string; expiresAt?: string; tags?: string }) {\n const client = new ApiClient();\n const body: Record<string, unknown> = { name: opts.name, value: resolveValue(opts) };\n if (opts.contentType) body.content_type = opts.contentType;\n if (opts.expiresAt) body.expires_at = opts.expiresAt;\n if (opts.tags) body.tags = opts.tags.split(',').map((t) => t.trim()).filter(Boolean);\n const data = await client.request('POST', '/v1/vault/secrets', body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nsecretsCommand.command('list')\n .description('List vault secrets (values masked)')\n .option('--expiring', 'Only secrets expiring within --days (default 30)')\n .option('--days <n>', 'Window for --expiring, in days', '30')\n .action(async function (this: Command, opts: { expiring?: boolean; days: string }) {\n const client = new ApiClient();\n const path = opts.expiring ? `/v1/vault/secrets?expiring_within_days=${encodeURIComponent(opts.days)}` : '/v1/vault/secrets';\n const data = await client.request('GET', path);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nsecretsCommand.command('get <id>')\n .description('Get vault secret metadata (value masked)')\n .action(async function (this: Command, id: string) {\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/vault/secrets/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nsecretsCommand.command('rotate <id>')\n .description('Rotate a secret by installing a new caller-supplied value (from --value or --file)')\n .option('--value <value>', 'New secret value (plain string)')\n .option('--file <path>', 'Read the new value from a file and base64-encode it')\n .option('--expires-at <date>', \"Set the rotated credential's new expiry (ISO-8601)\")\n .action(async function (this: Command, id: string, opts: { value?: string; file?: string; expiresAt?: string }) {\n const client = new ApiClient();\n const body: Record<string, unknown> = { value: resolveValue(opts) };\n if (opts.expiresAt) body.expires_at = opts.expiresAt;\n const data = await client.request('POST', `/v1/vault/secrets/${id}/rotate`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nsecretsCommand.command('delete <id>')\n .description('Delete a vault secret')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete vault secret ${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const client = new ApiClient();\n await client.request('DELETE', `/v1/vault/secrets/${id}`);\n console.log('Secret deleted');\n });\n","// Platform-admin commands. Backed by /admin/* on the backend, which requires\n// the `platform:admin` permission (granted to JWT auth when the WorkOS email is\n// in PLATFORM_ADMIN_EMAILS). All reads are audit-logged and rate-limited.\n\nimport { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getFormat } from '../helpers.js';\n\nexport const adminCommand = new Command('admin')\n .description('Platform-admin commands (requires platform:admin grant)');\n\n// --- do ---\n\nconst doCommand = adminCommand.command('do').description('Inspect live database storage state');\n\ndoCommand.command('tables <type> <id>')\n .description('List internal tables and row counts. Types: database | org | user')\n .action(async function (this: Command, type: string, id: string) {\n const client = new ApiClient();\n const data = await client.request<{ type: string; id: string; tables: { name: string; row_count: number }[] }>(\n 'GET',\n `/admin/do/${encodeURIComponent(type)}/${encodeURIComponent(id)}/tables`,\n );\n console.log(formatOutput(data.tables, getFormat(this)));\n });\n\ndoCommand.command('read <type> <id> <table>')\n .description('Read rows from an internal table (sensitive columns redacted)')\n .option('--limit <n>', 'Max rows (default 20, cap 100)', (v: string) => Number(v))\n .option('--row-id <value>', 'Filter to a single row by its id column')\n .action(async function (\n this: Command,\n type: string,\n id: string,\n table: string,\n opts: { limit?: number; rowId?: string },\n ) {\n const client = new ApiClient();\n const params = new URLSearchParams({ table });\n if (opts.limit !== undefined) params.set('limit', String(opts.limit));\n if (opts.rowId !== undefined) params.set('row_id', opts.rowId);\n\n const data = await client.request<{\n table: string;\n columns: string[];\n rows: unknown[][];\n truncated: boolean;\n }>(\n 'GET',\n `/admin/do/${encodeURIComponent(type)}/${encodeURIComponent(id)}/read?${params}`,\n );\n\n const format = getFormat(this);\n if (format === 'json') {\n console.log(JSON.stringify(data, null, 2));\n return;\n }\n // Reshape columns/rows into row objects for table display.\n const objs = data.rows.map(r => Object.fromEntries(data.columns.map((c, i) => [c, r[i]])));\n console.log(formatOutput(objs, format));\n if (data.truncated) console.log('(truncated — pass --limit to see more)');\n });\n\n// --- report (platform_report triage queue) ---\n\nconst adminReportCommand = adminCommand\n .command('report')\n .description('Inspect and triage the platform_report queue (Sentry + CLI bug reports)');\n\ninterface PlatformReportRow {\n report_id: string;\n source: 'sentry' | 'cli_report' | 'review' | 'security_audit';\n classification: 'bug' | 'flaky_test' | 'security' | null;\n status: 'pending' | 'grouped' | 'escalated' | 'addressed' | 'dismissed';\n fingerprint: string;\n gh_issue_url: string | null;\n reporter_email: string | null;\n created_at: string;\n}\n\nadminReportCommand.command('list')\n .description('List reports with optional filters')\n .option('--status <s>', 'pending | grouped | escalated | addressed | dismissed')\n .option('--source <s>', 'sentry | cli_report | review | security_audit')\n .option('--classification <c>', 'bug | flaky_test | security')\n .option('--limit <n>', 'Max rows (default 50, cap 200)', (v: string) => Number(v))\n .option('--offset <n>', 'Offset for pagination', (v: string) => Number(v))\n .option('--since <iso>', 'Lower bound on created_at (ISO timestamp)')\n .action(async function (\n this: Command,\n opts: { status?: string; source?: string; classification?: string; limit?: number; offset?: number; since?: string },\n ) {\n const client = new ApiClient();\n const params = new URLSearchParams();\n if (opts.status) params.set('status', opts.status);\n if (opts.source) params.set('source', opts.source);\n if (opts.classification) params.set('classification', opts.classification);\n if (opts.limit !== undefined) params.set('limit', String(opts.limit));\n if (opts.offset !== undefined) params.set('offset', String(opts.offset));\n if (opts.since) params.set('since', opts.since);\n const qs = params.toString() ? `?${params}` : '';\n\n const data = await client.request<{ rows: PlatformReportRow[]; total: number }>(\n 'GET',\n `/admin/reports${qs}`,\n );\n\n const format = getFormat(this);\n if (format === 'json') {\n console.log(JSON.stringify(data, null, 2));\n return;\n }\n console.log(formatOutput(data.rows, format));\n console.log(`(${data.rows.length} of ${data.total})`);\n });\n\nadminReportCommand.command('show <id>')\n .description('Show a single report with its group members')\n .action(async function (this: Command, id: string) {\n const client = new ApiClient();\n const data = await client.request<{ report: PlatformReportRow; members: PlatformReportRow[] }>(\n 'GET',\n `/admin/reports/${encodeURIComponent(id)}`,\n );\n console.log(JSON.stringify(data, null, 2));\n });\n\n// Local copy: the CLI is a separate package and can't import backend internals\n// (mirrors the local PlatformReportRow above).\ninterface GroupReportSkip {\n report_id: string;\n reason: 'not_found' | 'terminal' | 'grouped_elsewhere' | 'different_gh_issue';\n detail?: string;\n}\n\nfunction describeGroupSkip(s: GroupReportSkip): string {\n switch (s.reason) {\n case 'not_found':\n return 'not found';\n case 'terminal':\n return `terminal (${s.detail ?? 'resolved'})`;\n case 'grouped_elsewhere':\n return `already grouped under ${s.detail ?? 'another canonical'}`;\n case 'different_gh_issue':\n return `tracks a different GitHub issue (${s.detail ?? 'unknown'})`;\n default: {\n // Compile-time exhaustiveness: a new skip reason must be handled here.\n const _exhaustive: never = s.reason;\n return _exhaustive;\n }\n }\n}\n\nadminReportCommand.command('group <canonical_id> <member_ids...>')\n .description('Fold member_ids under canonical_id (members must be pending or escalated)')\n .action(async function (this: Command, canonicalId: string, memberIds: string[]) {\n const client = new ApiClient();\n const data = await client.request<{ grouped: number; skipped: GroupReportSkip[] }>(\n 'POST',\n `/admin/reports/${encodeURIComponent(canonicalId)}/group`,\n { member_ids: memberIds },\n );\n console.log(`Grouped ${data.grouped} member(s) under ${canonicalId}`);\n for (const s of data.skipped ?? []) {\n console.log(` skipped ${s.report_id} — ${describeGroupSkip(s)}`);\n }\n });\n\nadminReportCommand.command('ungroup <member_id>')\n .description('Detach a grouped member back to pending (inverse of group)')\n .action(async function (this: Command, memberId: string) {\n const client = new ApiClient();\n const data = await client.request<{ report: PlatformReportRow }>(\n 'POST',\n `/admin/reports/${encodeURIComponent(memberId)}/ungroup`,\n );\n console.log(`Detached ${data.report.report_id} → ${data.report.status}`);\n });\n\nadminReportCommand.command('escalate <id>')\n .description('Mark a pending report as escalated and link a GitHub issue')\n .requiredOption('--gh <url>', 'GitHub issue URL the triage routine opened')\n .option('--verdict <text>', 'AI verdict / triage rationale')\n .action(async function (this: Command, id: string, opts: { gh: string; verdict?: string }) {\n const client = new ApiClient();\n const body: Record<string, unknown> = { target: 'escalated', gh_issue_url: opts.gh };\n if (opts.verdict) body['ai_verdict'] = opts.verdict;\n const data = await client.request<{ report: PlatformReportRow; cascaded_report_ids: string[] }>(\n 'PATCH',\n `/admin/reports/${encodeURIComponent(id)}/transition`,\n body,\n );\n console.log(`Escalated ${data.report.report_id} → ${opts.gh}`);\n });\n\nadminReportCommand.command('addressed <id>')\n .description('Mark an escalated report as addressed (fix shipped)')\n .action(async function (this: Command, id: string) {\n const client = new ApiClient();\n const data = await client.request<{ report: PlatformReportRow; cascaded_report_ids: string[] }>(\n 'PATCH',\n `/admin/reports/${encodeURIComponent(id)}/transition`,\n { target: 'addressed' },\n );\n console.log(`Addressed ${data.report.report_id} (cascaded to ${data.cascaded_report_ids.length} group member(s))`);\n });\n\nadminReportCommand.command('dismiss <id>')\n .description('Mark a report as dismissed (not actionable)')\n .requiredOption('--reason <text>', 'Why this report was dismissed')\n .option('--verdict <text>', 'AI verdict / triage rationale')\n .action(async function (this: Command, id: string, opts: { reason: string; verdict?: string }) {\n const client = new ApiClient();\n const body: Record<string, unknown> = { target: 'dismissed', dismissal_reason: opts.reason };\n if (opts.verdict) body['ai_verdict'] = opts.verdict;\n const data = await client.request<{ report: PlatformReportRow; cascaded_report_ids: string[] }>(\n 'PATCH',\n `/admin/reports/${encodeURIComponent(id)}/transition`,\n body,\n );\n console.log(`Dismissed ${data.report.report_id} (reason: ${opts.reason})`);\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\n\ninterface ReportResponse {\n report_id: string;\n created: boolean;\n fingerprint: string;\n}\n\nexport const reportCommand = new Command('report')\n .description('File a report to the Rekor triage queue');\n\nreportCommand.command('create')\n .description('Submit a report to the Rekor triage queue (deduplicated)')\n .requiredOption('--title <title>', 'Short summary')\n .requiredOption('--description <text>', 'What happened')\n .option('--source <source>', 'Origin: cli_report (default) | review | security_audit')\n .option('--classification <c>', 'Nature: bug (default) | flaky_test | security')\n .option('--dedup-key <key>', 'Stable dedup key (e.g. \"<file>::<test>\"); collapses repeat occurrences')\n .option('--severity <level>', 'low | medium | high | critical')\n .option('--steps <text>', 'Steps to reproduce')\n .option('--error-message <text>', 'Exact error text if any')\n .option('--context <text>', 'Additional context (logs, request IDs)')\n .option('--locale <code>', 'Notification locale (en | pt | es)', 'en')\n .option('--reporter-email <addr>', 'Override reporter email (defaults to session email)')\n .action(async function (\n this: Command,\n opts: {\n title: string;\n description: string;\n source?: string;\n classification?: string;\n dedupKey?: string;\n severity?: string;\n steps?: string;\n errorMessage?: string;\n context?: string;\n locale?: string;\n reporterEmail?: string;\n },\n ) {\n const client = new ApiClient();\n const body: Record<string, unknown> = {\n title: opts.title,\n description: opts.description,\n locale: opts.locale,\n };\n if (opts.source) body['source'] = opts.source;\n if (opts.classification) body['classification'] = opts.classification;\n if (opts.dedupKey) body['dedup_key'] = opts.dedupKey;\n if (opts.severity) body['severity'] = opts.severity;\n if (opts.steps) body['steps'] = opts.steps;\n if (opts.errorMessage) body['error_message'] = opts.errorMessage;\n if (opts.context) body['context'] = opts.context;\n if (opts.reporterEmail) body['reporter_email'] = opts.reporterEmail;\n\n const data = await client.request<ReportResponse>('POST', '/v1/reports', body);\n if (data.created) {\n console.log(`Report submitted (id: ${data.report_id}).`);\n console.log('Our team will review and follow up by email if you provided one.');\n } else {\n console.log(`A matching report already exists (id: ${data.report_id}) — your submission was merged into it.`);\n }\n });\n","import { Command } from 'commander';\nimport { execFileSync } from 'node:child_process';\nimport { isNewerVersion } from '../version.js';\nimport { NPM_PACKAGE } from '../version-check.js';\nimport pkg from '../../package.json' with { type: 'json' };\n\nexport const updateCommand = new Command('update')\n .description('Update the Rekor CLI to the latest published version')\n .action(() => {\n console.log(`Current version: ${pkg.version}`);\n console.log('Checking for updates...');\n let latest: string;\n try {\n // shell: true is required on Windows where npm is a .cmd shim.\n latest = execFileSync('npm', ['view', NPM_PACKAGE, 'version'], { timeout: 10_000, shell: true })\n .toString()\n .trim();\n } catch {\n console.error(`Could not reach npm to check for updates.`);\n console.error(`Try manually: npm install -g ${NPM_PACKAGE}`);\n process.exit(1);\n }\n\n if (!isNewerVersion(latest, pkg.version)) {\n console.log(`Already on the latest version (${pkg.version}).`);\n return;\n }\n\n console.log(`Updating ${pkg.version} → ${latest}...`);\n try {\n execFileSync('npm', ['install', '-g', `${NPM_PACKAGE}@latest`], {\n timeout: 120_000,\n shell: true,\n stdio: 'inherit',\n });\n console.log(`Updated to ${latest}.`);\n } catch (err) {\n console.error(`Update failed: ${err instanceof Error ? err.message : String(err)}`);\n console.error(`Try manually: npm install -g ${NPM_PACKAGE}`);\n process.exit(1);\n }\n });\n","/** Returns true if `latest` is a newer semver than `current`. Prerelease/build metadata is stripped. */\nexport function isNewerVersion(latest: string, current: string): boolean {\n const strip = (v: string) => v.replace(/[-+].*$/, '');\n const l = strip(latest).split('.').map(Number);\n const c = strip(current).split('.').map(Number);\n for (let i = 0; i < Math.max(l.length, c.length); i++) {\n const lv = l[i] ?? 0;\n const cv = c[i] ?? 0;\n if (Number.isNaN(lv) || Number.isNaN(cv)) return false;\n if (lv > cv) return true;\n if (lv < cv) return false;\n }\n return false;\n}\n","import { readFileSync, writeFileSync, mkdirSync } from 'node:fs';\nimport { join } from 'node:path';\nimport { execFile } from 'node:child_process';\nimport { CONFIG_DIR } from './config.js';\nimport { isNewerVersion } from './version.js';\nimport { isCI } from './env.js';\n\n/** npm package name — shared with the `update` command. */\nexport const NPM_PACKAGE = 'rekor-cli';\nconst CACHE_FILE = join(CONFIG_DIR, 'update-check.json');\nconst MAX_AGE_MS = 24 * 60 * 60 * 1000; // 24h\n\ninterface VersionCache {\n lastCheck: number;\n latest: string | null;\n}\n\nfunction isDisabled(): boolean {\n return Boolean(\n process.env['NO_UPDATE_NOTIFIER'] ||\n process.env['REKOR_NO_UPDATE_CHECK'] ||\n isCI(),\n );\n}\n\nfunction readCache(): VersionCache | null {\n try {\n const parsed = JSON.parse(readFileSync(CACHE_FILE, 'utf-8')) as VersionCache;\n if (typeof parsed.lastCheck !== 'number') return null;\n if (parsed.latest !== null && typeof parsed.latest !== 'string') return null;\n return parsed;\n } catch {\n return null;\n }\n}\n\nfunction writeCache(cache: VersionCache): void {\n try {\n mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });\n writeFileSync(CACHE_FILE, JSON.stringify(cache), { mode: 0o600 });\n } catch {\n // Cache write failures just mean we re-check next run — never fatal.\n }\n}\n\n/** Latest known version from cache if it's fresh and newer than `current`, else null. */\nexport function readCachedLatest(current: string): string | null {\n const cache = readCache();\n if (!cache?.latest) return null;\n if (Date.now() - cache.lastCheck > MAX_AGE_MS) return null;\n return isNewerVersion(cache.latest, current) ? cache.latest : null;\n}\n\nfunction notify(latest: string, current: string): void {\n console.error(`\\nUpdate available: ${current} → ${latest}\\nRun \\`rekor update\\` to update.`);\n}\n\n/**\n * Non-blocking update check. Prints a nudge to stderr from a fresh cache; otherwise spawns a\n * detached `npm view` to populate the cache for next time. Wrapped so it can never throw or\n * delay CLI exit (the spawned child is unref'd).\n */\nexport function checkForUpdates(current: string): void {\n if (isDisabled()) return;\n try {\n const cache = readCache();\n\n if (cache && Date.now() - cache.lastCheck < MAX_AGE_MS) {\n if (cache.latest && isNewerVersion(cache.latest, current)) notify(cache.latest, current);\n return;\n }\n\n // Sentinel write first so concurrent/rapid runs don't all spawn npm.\n writeCache({ lastCheck: Date.now(), latest: cache?.latest ?? null });\n\n // shell: true is required on Windows where npm is a .cmd shim.\n const child = execFile(\n 'npm',\n ['view', NPM_PACKAGE, 'version'],\n { timeout: 5000, shell: true },\n (err, stdout) => {\n if (err) return;\n const latest = stdout.trim();\n if (!latest) return;\n writeCache({ lastCheck: Date.now(), latest });\n if (isNewerVersion(latest, current)) notify(latest, current);\n },\n );\n // Let the CLI exit immediately; the refresh runs detached.\n child.unref();\n } catch {\n // Never block the CLI on an update check.\n }\n}\n","{\n \"name\": \"rekor-cli\",\n \"version\": \"0.1.38\",\n \"type\": \"module\",\n \"engines\": {\n \"node\": \">=20.0.0\"\n },\n \"bin\": {\n \"rekor\": \"dist/index.js\"\n },\n \"files\": [\n \"dist\"\n ],\n \"scripts\": {\n \"build\": \"tsup\",\n \"typecheck\": \"tsc --noEmit\",\n \"test\": \"vitest run\",\n \"dev\": \"tsup --watch\"\n },\n \"dependencies\": {\n \"@napi-rs/keyring\": \"^1.1.6\",\n \"chalk\": \"^5.4.1\",\n \"cli-table3\": \"^0.6.5\",\n \"commander\": \"^13.1.0\",\n \"open\": \"^11.0.0\"\n },\n \"optionalDependencies\": {\n \"@sentry/node\": \"^10.0.0\"\n },\n \"devDependencies\": {\n \"@types/node\": \"^25.5.0\",\n \"tsup\": \"^8.4.0\",\n \"typescript\": \"^5.8.2\",\n \"vitest\": \"~3.0.9\"\n }\n}\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { getFormat } from '../helpers.js';\n\nexport interface MeResponse {\n auth_kind: string;\n grants_summary: string;\n org_id?: string;\n user_id?: string;\n email?: string;\n orgs?: Array<{ org_id: string; name: string; role: string }>;\n}\n\nexport const whoamiCommand = new Command('whoami')\n .description('Show the authenticated identity')\n .action(async function (this: Command) {\n const client = new ApiClient();\n const me = await client.request<MeResponse>('GET', '/v1/auth/me');\n\n if (getFormat(this) === 'json') {\n console.log(JSON.stringify(me, null, 2));\n return;\n }\n\n console.log(`auth_kind: ${me.auth_kind}`);\n if (me.email) console.log(`email: ${me.email}`);\n if (me.user_id) console.log(`user_id: ${me.user_id}`);\n if (me.org_id) console.log(`org_id: ${me.org_id}`);\n console.log(`grants: ${me.grants_summary}`);\n if (me.orgs && me.orgs.length > 0) {\n console.log('organizations:');\n for (const o of me.orgs) {\n console.log(` ${o.name} (${o.org_id}) — ${o.role}`);\n }\n }\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { ApiError } from '../errors.js';\nimport { loadConfig } from '../config.js';\nimport { isAuthenticated } from '../auth.js';\nimport { getFormat } from '../helpers.js';\nimport { readCachedLatest } from '../version-check.js';\nimport type { MeResponse } from './whoami.js';\nimport pkg from '../../package.json' with { type: 'json' };\n\ninterface StatusSnapshot {\n logged_in: boolean;\n token_valid: boolean | null;\n api_url: string;\n auth_kind: string | null;\n email: string | null;\n org_id: string | null;\n grants: string | null;\n cli: { version: string; latest: string | null };\n}\n\nexport const statusCommand = new Command('status')\n .description('Show auth, connectivity, and CLI version diagnostics')\n .action(async function (this: Command) {\n const config = loadConfig();\n const loggedIn = await isAuthenticated();\n const cliLatest = readCachedLatest(pkg.version);\n\n // null means \"not determined\" (never set false just because no credential exists) —\n // it flips to false only on a real 401/403 rejection, avoiding a misleading verdict.\n let tokenValid: boolean | null = null;\n let me: MeResponse | null = null;\n if (loggedIn) {\n try {\n me = await new ApiClient().request<MeResponse>('GET', '/v1/auth/me');\n tokenValid = true;\n } catch (err) {\n if (err instanceof ApiError && (err.status === 401 || err.status === 403)) tokenValid = false;\n }\n }\n\n const snapshot: StatusSnapshot = {\n logged_in: loggedIn,\n token_valid: tokenValid,\n api_url: config.api_url,\n auth_kind: me?.auth_kind ?? null,\n email: me?.email ?? null,\n org_id: me?.org_id ?? null,\n grants: me?.grants_summary ?? null,\n cli: { version: pkg.version, latest: cliLatest },\n };\n\n if (getFormat(this) === 'json') {\n console.log(JSON.stringify(snapshot, null, 2));\n return;\n }\n\n if (!loggedIn) {\n console.log('Not logged in. Run `rekor login`.');\n console.log(`API: ${config.api_url}`);\n if (cliLatest) console.log(`CLI: ${pkg.version} (latest: ${cliLatest} — run \\`rekor update\\`)`);\n return;\n }\n\n const tokenStatus =\n tokenValid === true\n ? 'token valid'\n : tokenValid === false\n ? 'token rejected — run `rekor login` to re-authenticate'\n : 'token validity unknown — backend unreachable';\n console.log(`Logged in${me?.email ? ` as ${me.email}` : ''} — ${tokenStatus}`);\n console.log(`API: ${config.api_url}`);\n if (me?.auth_kind) console.log(`Auth: ${me.auth_kind}`);\n if (me?.org_id) console.log(`Org: ${me.org_id}`);\n if (me?.grants_summary) console.log(`Grants: ${me.grants_summary}`);\n if (cliLatest) console.log(`CLI: ${pkg.version} (latest: ${cliLatest} — run \\`rekor update\\`)`);\n });\n","import { homedir, platform, arch } from 'node:os';\nimport { ApiError } from './errors.js';\n\n// Optional dependency — loaded lazily and only when a DSN is configured.\ntype SentryModule = typeof import('@sentry/node');\n\nlet sentry: SentryModule | null = null;\n\nfunction getDsn(): string | undefined {\n if (process.env['REKOR_TELEMETRY_DISABLED']) return undefined;\n return process.env['REKOR_CLI_SENTRY_DSN'] || undefined;\n}\n\n// Structural subset — keeps scrubHome decoupled from the optional @sentry/node types.\ninterface ScrubbableEvent {\n exception?: {\n values?: Array<{\n value?: string;\n stacktrace?: { frames?: Array<{ filename?: string; abs_path?: string }> };\n }>;\n };\n}\n\n// Redact the home dir wherever it leaks — fs-error messages embed it, not just stack frames.\nexport function scrubHome<T extends ScrubbableEvent>(event: T, home: string): T {\n const root = home.replace(/[\\\\/]+$/, '');\n if (!root) return event;\n const re = new RegExp(root.replace(/[.*+?^${}()|[\\]\\\\]/g, '\\\\$&') + '(?=[\\\\\\\\/]|$)', 'g');\n const scrub = (s: string): string => s.replace(re, '~');\n for (const value of event.exception?.values ?? []) {\n if (value.value) value.value = scrub(value.value);\n for (const frame of value.stacktrace?.frames ?? []) {\n if (frame.filename) frame.filename = scrub(frame.filename);\n if (frame.abs_path) frame.abs_path = scrub(frame.abs_path);\n }\n }\n return event;\n}\n\n/**\n * Initialize crash reporting. No-op unless `REKOR_CLI_SENTRY_DSN` is set and\n * `REKOR_TELEMETRY_DISABLED` is unset. The `@sentry/node` import is guarded so a missing\n * optional dependency degrades to silence rather than crashing.\n */\nexport async function initTelemetry(command: string | undefined, version: string): Promise<void> {\n if (sentry) return;\n const dsn = getDsn();\n if (!dsn) return;\n try {\n const mod = await import('@sentry/node');\n const home = homedir();\n mod.init({\n dsn,\n tracesSampleRate: 0,\n release: `rekor-cli@${version}`,\n environment: 'production',\n defaultIntegrations: false,\n beforeSend: (event) => scrubHome(event, home),\n });\n mod.setTag('command', command || 'unknown');\n mod.setTag('node_version', process.version);\n mod.setTag('os_platform', platform());\n mod.setTag('os_arch', arch());\n sentry = mod;\n } catch {\n sentry = null;\n }\n}\n\n/** Report an unexpected error. Skips when telemetry is off and skips expected (4xx) API errors. */\nexport function captureException(err: unknown): void {\n if (!sentry) return;\n if (err instanceof ApiError && err.isExpected) return;\n try {\n sentry.captureException(err);\n } catch {\n // Best-effort.\n }\n}\n\n/** Flush and close. Safe to call when telemetry was never initialized. */\nexport async function closeTelemetry(): Promise<void> {\n if (!sentry) return;\n try {\n await sentry.close(2000);\n } catch {\n // Best-effort.\n }\n sentry = null;\n}\n","import { program } from './program.js';\nimport { checkForUpdates } from './version-check.js';\nimport { handleCliError } from './errors.js';\nimport { initTelemetry, captureException, closeTelemetry } from './telemetry.js';\nimport pkg from '../package.json' with { type: 'json' };\n\nconst SKIP_UPDATE_CHECK = ['--version', '-v', '--help', '-h', 'help', 'update'];\nconst command = process.argv[2];\n\nasync function main(): Promise<void> {\n await initTelemetry(command, pkg.version);\n await program.parseAsync();\n if (command && !SKIP_UPDATE_CHECK.includes(command)) {\n checkForUpdates(pkg.version);\n }\n}\n\nmain()\n .then(() => closeTelemetry())\n .catch(async (err) => {\n handleCliError(err);\n captureException(err);\n await closeTelemetry();\n process.exit(1);\n });\n"],"mappings":";;;AAAA,SAAS,WAAAA,iBAAe;;;ACAxB,SAAS,eAAe;;;ACAxB,SAAS,cAAc,eAAe,iBAAiB;AACvD,SAAS,YAAY;AACrB,SAAS,eAAe;AAExB,IAAM,aAAa,KAAK,QAAQ,GAAG,WAAW,OAAO;AACrD,IAAM,cAAc,KAAK,YAAY,aAAa;AAc3C,SAAS,aAAqB;AACnC,QAAM,SAAS,QAAQ,IAAI,eAAe;AAE1C,MAAI;AACF,UAAM,MAAM,aAAa,aAAa,OAAO;AAC7C,UAAM,SAAS,KAAK,MAAM,GAAG;AAC7B,WAAO;AAAA,MACL,SAAS,UAAU,OAAO,WAAW;AAAA,MACrC,kBAAkB,OAAO;AAAA,MACzB,QAAQ,OAAO;AAAA,IACjB;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,MACL,SAAS,UAAU;AAAA,IACrB;AAAA,EACF;AACF;AAEO,SAAS,WAAW,QAAsB;AAC/C,YAAU,YAAY,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AACtD,MAAI,WAAuB,CAAC;AAC5B,MAAI;AACF,eAAW,KAAK,MAAM,aAAa,aAAa,OAAO,CAAC;AAAA,EAC1D,QAAQ;AACN,eAAW,CAAC;AAAA,EACd;AACA,QAAM,SAAqB,EAAE,GAAG,UAAU,GAAG,OAAO;AACpD,gBAAc,aAAa,KAAK,UAAU,QAAQ,MAAM,CAAC,GAAG,EAAE,MAAM,IAAM,CAAC;AAC7E;;;AC/CA,YAAY,QAAQ;AAGpB,IAAM,kBAAkB;AACxB,IAAM,UAAU;AAChB,IAAM,mBAAmB;AACzB,IAAM,oBAAoB;AAQ1B,IAAI;AAEJ,eAAe,aAA6C;AAC1D,MAAI,iBAAiB,OAAW,QAAO;AACvC,MAAI;AACF,UAAM,MAAM,MAAM,OAAO,kBAAkB;AAC3C,UAAM,QAAQ,IAAI;AAClB,mBAAe;AAAA,MACb,MAAM,YAAY,SAAS,SAAS;AAClC,YAAI;AAAE,iBAAO,IAAI,MAAM,SAAS,OAAO,EAAE,YAAY;AAAA,QAAG,QAAQ;AAAE,iBAAO;AAAA,QAAM;AAAA,MACjF;AAAA,MACA,MAAM,YAAY,SAAS,SAAS,UAAU;AAC5C,YAAI,MAAM,SAAS,OAAO,EAAE,YAAY,QAAQ;AAAA,MAClD;AAAA,MACA,MAAM,eAAe,SAAS,SAAS;AACrC,YAAI;AAAE,iBAAO,IAAI,MAAM,SAAS,OAAO,EAAE,eAAe;AAAA,QAAG,QAAQ;AAAE,iBAAO;AAAA,QAAO;AAAA,MACrF;AAAA,IACF;AAAA,EACF,QAAQ;AACN,mBAAe;AAAA,EACjB;AACA,SAAO;AACT;AAEA,SAAS,qBAAqB,SAAyB;AACrD,MAAI,QAAQ,aAAa,UAAU;AACjC,WAAO,uCAAuC,eAAe,OAAO,OAAO;AAAA,EAC7E;AACA,MAAI,QAAQ,aAAa,SAAS;AAChC,WAAO,kBAAkB,eAAe,IAAI,OAAO;AAAA,EACrD;AACA,MAAI,QAAQ,aAAa,SAAS;AAChC,WAAO,6BAA6B,eAAe,YAAY,OAAO;AAAA,EACxE;AACA,SAAO,oBAAoB,eAAe,cAAc,OAAO;AACjE;AAaA,SAAS,iBAA0C;AACjD,MAAI,CAAI,cAAW,WAAW,EAAG,QAAO;AACxC,MAAI;AACF,WAAO,KAAK,MAAS,gBAAa,aAAa,OAAO,CAAC;AAAA,EACzD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,gBAAgB,MAA8B;AACrD,MAAI,CAAI,cAAW,UAAU,GAAG;AAC9B,IAAG,aAAU,YAAY,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AAAA,EAC3D;AACA,EAAG,iBAAc,aAAa,KAAK,UAAU,MAAM,MAAM,CAAC,GAAG,EAAE,MAAM,IAAM,CAAC;AAC9E;AAGO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAC/C,YAA4B,SAAiB;AAC3C;AAAA,MACE,iDAAiD,OAAO;AAAA,IAClB,qBAAqB,OAAO,CAAC;AAAA,IACrE;AAJ0B;AAK1B,SAAK,OAAO;AAAA,EACd;AACF;AAEA,eAAe,UAAU,SAAyB,SAAmC;AACnF,QAAM,QAAQ,eAAe,iBAAiB,OAAO;AACrD,MAAI;AACF,WAAQ,MAAM,QAAQ,YAAY,iBAAiB,OAAO,MAAO;AAAA,EACnE,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAMA,SAAS,2BAAiC;AACxC,QAAM,WAAW,eAAe;AAChC,MAAI,CAAC,SAAU;AACf,MAAI,SAAS,UAAU,UAAa,SAAS,iBAAiB,UAAa,SAAS,kBAAkB,OAAW;AACjH,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,kBAAgB,QAAQ;AAC1B;AAEA,SAAS,wBAA4C;AACnD,SAAO,eAAe,GAAG;AAC3B;AAEA,SAAS,uBAAuB,OAAiC;AAC/D,QAAM,WAAW,eAAe,KAAK,CAAC;AACtC,MAAI,UAAU,QAAW;AACvB,WAAO,SAAS;AAAA,EAClB,OAAO;AACL,aAAS,mBAAmB;AAAA,EAC9B;AACA,kBAAgB,QAAQ;AAC1B;AAEA,eAAe,uBAAuB,SAA+D;AACnG,QAAM,WAAW,eAAe;AAChC,MAAI,CAAC,SAAU,QAAO;AAGtB,MAAI,SAAS,cAAc;AACzB,UAAM,MAAqB;AAAA,MACzB,MAAM;AAAA,MACN,cAAc,SAAS;AAAA,MACvB,eAAe,SAAS;AAAA,MACxB,YAAY,SAAS;AAAA,IACvB;AACA,QAAI,SAAS;AACX,UAAI;AAEF,cAAM,iBAAiB,MAAM,QAAQ,YAAY,iBAAiB,gBAAgB;AAClF,YAAI,CAAC,gBAAgB;AACnB,gBAAM,QAAQ,YAAY,iBAAiB,kBAAkB,SAAS,YAAY;AAClF,cAAI,SAAS,eAAe;AAC1B,kBAAM,QAAQ,YAAY,iBAAiB,mBAAmB,SAAS,aAAa;AAAA,UACtF;AAAA,QACF;AACA,YAAI;AAAE,mCAAyB;AAAA,QAAG,SAAS,KAAK;AAC9C,kBAAQ,KAAK,mDAAmD,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,QAC5G;AAAA,MACF,SAAS,KAAK;AACZ,gBAAQ,KAAK,8CAA+C,IAAc,OAAO,iCAAiC;AAAA,MACpH;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,MAAI,SAAS,OAAO;AAClB,UAAM,QAAQ,SAAS;AACvB,QAAI,CAAC,QAAS,QAAO,EAAE,MAAM,OAAO,MAAM;AAC1C,QAAI;AACF,YAAM,cAAc,MAAM,QAAQ,YAAY,iBAAiB,OAAO;AACtE,UAAI,aAAa;AAEf,YAAI;AAAE,mCAAyB;AAAA,QAAG,SAAS,KAAK;AAC9C,kBAAQ,KAAK,2CAA2C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,QACpG;AACA,eAAO;AAAA,MACT;AACA,YAAM,QAAQ,YAAY,iBAAiB,SAAS,KAAK;AACzD,UAAI;AAAE,iCAAyB;AAAA,MAAG,SAAS,KAAK;AAC9C,gBAAQ,KAAK,4CAA4C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,MACrG;AAAA,IACF,SAAS,KAAK;AACZ,cAAQ,KAAK,qCAAsC,IAAc,OAAO,uCAAuC;AAAA,IACjH;AACA,WAAO,EAAE,MAAM,OAAO,MAAM;AAAA,EAC9B;AAEA,SAAO;AACT;AAGA,eAAsB,mBAAkD;AACtE,QAAM,WAAW,QAAQ,IAAI,aAAa;AAC1C,MAAI,UAAU;AAEZ,WAAO,EAAE,MAAM,OAAO,OAAO,SAAS;AAAA,EACxC;AAEA,QAAM,UAAU,MAAM,WAAW;AACjC,QAAM,WAAW,MAAM,uBAAuB,OAAO;AACrD,MAAI,SAAU,QAAO;AAErB,MAAI,SAAS;AAEX,UAAM,CAAC,KAAK,QAAQ,OAAO,IAAI,MAAM,QAAQ,IAAI;AAAA,MAC/C,QAAQ,YAAY,iBAAiB,OAAO;AAAA,MAC5C,QAAQ,YAAY,iBAAiB,gBAAgB;AAAA,MACrD,QAAQ,YAAY,iBAAiB,iBAAiB;AAAA,IACxD,CAAC;AACD,QAAI,IAAK,QAAO,EAAE,MAAM,OAAO,OAAO,IAAI;AAC1C,QAAI,QAAQ;AACV,YAAM,MAAqB,EAAE,MAAM,SAAS,cAAc,OAAO;AACjE,UAAI,QAAS,KAAI,gBAAgB;AACjC,YAAM,YAAY,sBAAsB;AACxC,UAAI,UAAW,KAAI,aAAa;AAChC,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAaA,eAAsB,YAAY,OAA8B;AAC9D,QAAM,UAAU,MAAM,WAAW;AACjC,MAAI,SAAS;AACX,QAAI;AAEF,YAAM,CAAC,eAAe,cAAc,IAAI,MAAM,QAAQ,IAAI;AAAA,QACxD,UAAU,SAAS,gBAAgB;AAAA,QACnC,UAAU,SAAS,iBAAiB;AAAA,MACtC,CAAC;AACD,YAAM,QAAQ;AAAA,QACZ,gBAAgB,OAAO;AAAA,QACvB,iBAAiB,OAAO;AAAA,MAC1B,EAAE,OAAO,CAAC,MAAmB,MAAM,IAAI;AACvC,UAAI,MAAM,SAAS,GAAG;AACpB,gBAAQ;AAAA,UACN;AAAA,YACE;AAAA,YACA,GAAG,MAAM,IAAI,OAAK,KAAK,qBAAqB,CAAC,CAAC,EAAE;AAAA,UAClD,EAAE,KAAK,IAAI;AAAA,QACb;AAAA,MACF;AACA,YAAM,QAAQ,YAAY,iBAAiB,SAAS,KAAK;AACzD,6BAAuB,MAAS;AAChC,UAAI;AAAE,iCAAyB;AAAA,MAAG,SAAS,KAAK;AAC9C,gBAAQ,KAAK,4CAA4C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,MACrG;AACA;AAAA,IACF,SAAS,KAAK;AACZ,UAAI,eAAe,sBAAuB,OAAM;AAChD,cAAQ,KAAK,iCAAkC,IAAc,OAAO,kCAAkC;AAAA,IACxG;AAAA,EACF;AACA,QAAM,WAAW,eAAe,KAAK,CAAC;AACtC,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,WAAS,QAAQ;AACjB,kBAAgB,QAAQ;AAC1B;AAEA,eAAsB,eACpB,aACA,cACA,WACe;AACf,QAAM,UAAU,MAAM,WAAW;AACjC,MAAI,SAAS;AACX,QAAI;AAEF,UAAI,CAAE,MAAM,UAAU,SAAS,OAAO,GAAI;AACxC,cAAM,IAAI,sBAAsB,OAAO;AAAA,MACzC;AACA,YAAM,QAAQ,YAAY,iBAAiB,kBAAkB,WAAW;AACxE,UAAI,cAAc;AAChB,cAAM,QAAQ,YAAY,iBAAiB,mBAAmB,YAAY;AAAA,MAC5E,OAAO;AAEL,cAAM,UAAU,SAAS,iBAAiB;AAAA,MAC5C;AACA,6BAAuB,SAAS;AAChC,UAAI;AAAE,iCAAyB;AAAA,MAAG,SAAS,KAAK;AAC9C,gBAAQ,KAAK,4CAA4C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,MACrG;AACA;AAAA,IACF,SAAS,KAAK;AAEZ,UAAI,eAAe,sBAAuB,OAAM;AAChD,cAAQ,KAAK,iCAAkC,IAAc,OAAO,kCAAkC;AAAA,IACxG;AAAA,EACF;AACA,QAAM,WAAW,eAAe,KAAK,CAAC;AACtC,SAAO,SAAS;AAChB,WAAS,eAAe;AACxB,MAAI,aAAc,UAAS,gBAAgB;AAC3C,WAAS,mBAAmB;AAC5B,kBAAgB,QAAQ;AAC1B;AAMA,eAAsB,iBAAgC;AACpD,QAAM,UAAU,MAAM,WAAW;AACjC,MAAI,SAAS;AACX,UAAM,QAAQ,CAAC,SAAS,kBAAkB,iBAAiB;AAC3D,UAAM,UAAU,MAAM,QAAQ,IAAI,MAAM,IAAI,OAAK,UAAU,SAAS,CAAC,CAAC,CAAC;AACvE,eAAW,CAAC,GAAG,EAAE,KAAK,QAAQ,QAAQ,GAAG;AACvC,UAAI,CAAC,IAAI;AACP,cAAM,UAAU,MAAM,CAAC;AACvB,gBAAQ;AAAA,UACN,yCAAyC,OAAO;AAAA,IAAuE,qBAAqB,OAAO,CAAC;AAAA,QACtJ;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,QAAM,WAAW,eAAe;AAChC,MAAI,UAAU;AACZ,QAAI,QAAQ;AACZ,eAAW,KAAK,CAAC,SAAS,gBAAgB,iBAAiB,kBAAkB,GAAY;AACvF,UAAI,SAAS,CAAC,MAAM,QAAW;AAC7B,eAAO,SAAS,CAAC;AACjB,gBAAQ;AAAA,MACV;AAAA,IACF;AACA,QAAI,MAAO,iBAAgB,QAAQ;AAAA,EACrC;AACF;;;AC7UA,YAAY,UAAU;AAGf,IAAM,sBAAsB;AAEnC,IAAM,yBAAyB;AAC/B,IAAM,4BAA4B;AAE3B,SAAS,mBAA2B;AACzC,SAAO,QAAQ,IAAI,sBAAsB,KAAK;AAChD;AAEO,SAAS,qBAA6B;AAC3C,SAAO,QAAQ,IAAI,yBAAyB,KAAK;AACnD;AAQO,SAAS,eAAe,kBAAkC;AAC/D,SAAO,IAAI,KAAK,KAAK,IAAI,IAAI,mBAAmB,GAAI,EAAE,YAAY;AACpE;AAMO,SAAS,2BAA2B,cAAiD;AAC1F,MAAI,aAAc,QAAO;AACzB,SACE;AAIJ;AAEA,SAAS,gBAAgB,OAA+B;AACtD,MAAI,OAAO,UAAU,YAAY,UAAU,MAAM;AAC/C,UAAM,IAAI,MAAM,6CAA6C;AAAA,EAC/D;AACA,QAAM,IAAI;AACV,MAAI,OAAO,EAAE,iBAAiB,YAAY,OAAO,EAAE,eAAe,UAAU;AAC1E,UAAM,IAAI,MAAM,+CAA+C;AAAA,EACjE;AACA,QAAM,MAAqB,EAAE,cAAc,EAAE,cAAc,YAAY,EAAE,WAAW;AACpF,MAAI,OAAO,EAAE,kBAAkB,SAAU,KAAI,gBAAgB,EAAE;AAC/D,SAAO;AACT;AAEA,eAAsB,sBACpB,eACA,UACA,MACA,cACA,aACwB;AACxB,QAAM,WAAW,MAAM,MAAM,GAAG,aAAa,iBAAiB;AAAA,IAC5D,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,IAC/D,MAAM,IAAI,gBAAgB;AAAA,MACxB,YAAY;AAAA,MACZ;AAAA,MACA,eAAe;AAAA,MACf,cAAc;AAAA,MACd,WAAW;AAAA,IACb,CAAC,EAAE,SAAS;AAAA,EACd,CAAC;AAED,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,UAAM,IAAI,MAAM,0BAA0B,SAAS,MAAM,MAAM,IAAI,EAAE;AAAA,EACvE;AAEA,SAAO,gBAAgB,MAAM,SAAS,KAAK,CAAC;AAC9C;AAEO,IAAM,sBAAN,cAAkC,MAAM;AAAA,EAC7C,cAAc;AACZ,UAAM,iBAAiB;AACvB,SAAK,OAAO;AAAA,EACd;AACF;AAEA,eAAsB,mBACpB,eACA,UACA,cACwB;AACxB,QAAM,WAAW,MAAM,MAAM,GAAG,aAAa,iBAAiB;AAAA,IAC5D,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,IAC/D,MAAM,IAAI,gBAAgB;AAAA,MACxB,YAAY;AAAA,MACZ,eAAe;AAAA,MACf,WAAW;AAAA,IACb,CAAC,EAAE,SAAS;AAAA,EACd,CAAC;AAED,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,SAAS,SAAS;AACxB,UAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,QAAI,WAAW,OAAO,WAAW,KAAK;AACpC,UAAI;AACF,cAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,YAAI,OAAO,UAAU,gBAAiB,OAAM,IAAI,oBAAoB;AAAA,MACtE,SAAS,KAAK;AACZ,YAAI,eAAe,oBAAqB,OAAM;AAAA,MAEhD;AAAA,IACF;AAEA,UAAM,IAAI,MAAM,yBAAyB,MAAM,MAAM,IAAI,EAAE;AAAA,EAC7D;AAEA,SAAO,gBAAgB,MAAM,SAAS,KAAK,CAAC;AAC9C;AAEO,SAAS,oBACd,MACA,eACA,YAAoB,MACO;AAC3B,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,QAAI,UAAU;AACd,UAAM,SAAc,kBAAa,CAAC,KAAK,QAAQ;AAC7C,YAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,oBAAoB,IAAI,EAAE;AAC9D,UAAI,IAAI,aAAa,aAAa;AAChC,YAAI,UAAU,GAAG;AACjB,YAAI,IAAI;AACR;AAAA,MACF;AAEA,UAAI,SAAS;AACX,YAAI,UAAU,GAAG;AACjB,YAAI,IAAI;AACR;AAAA,MACF;AAEA,YAAM,OAAO,IAAI,aAAa,IAAI,MAAM;AACxC,YAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,YAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,YAAM,mBAAmB,IAAI,aAAa,IAAI,mBAAmB;AAEjE,UAAI,OAAO;AACT,kBAAU;AACV,YAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,YAAI,IAAI,UAAU,oBAAoB,KAAK,CAAC;AAC5C,gBAAQ;AACR,eAAO,IAAI,MAAM,gBAAgB,oBAAoB,KAAK,EAAE,CAAC;AAC7D;AAAA,MACF;AAEA,UAAI,UAAU,eAAe;AAC3B,kBAAU;AACV,YAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,YAAI,IAAI,UAAU,yBAAyB,CAAC;AAC5C,gBAAQ;AACR,eAAO,IAAI,MAAM,mDAA8C,CAAC;AAChE;AAAA,MACF;AAEA,UAAI,CAAC,MAAM;AACT,kBAAU;AACV,YAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,YAAI,IAAI,UAAU,gCAAgC,CAAC;AACnD,gBAAQ;AACR,eAAO,IAAI,MAAM,gCAAgC,CAAC;AAClD;AAAA,MACF;AAEA,gBAAU;AACV,UAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,UAAI,IAAI,YAAY,CAAC;AACrB,cAAQ;AACR,cAAQ,EAAE,KAAK,CAAC;AAAA,IAClB,CAAC;AAED,UAAM,UAAU,WAAW,MAAM;AAC/B,cAAQ;AACR,aAAO,IAAI,MAAM,uDAAuD,CAAC;AAAA,IAC3E,GAAG,SAAS;AAEZ,aAAS,UAAgB;AACvB,mBAAa,OAAO;AACpB,aAAO,MAAM;AAAA,IACf;AAEA,WAAO,GAAG,SAAS,CAAC,QAA+B;AACjD,cAAQ;AACR,UAAI,IAAI,SAAS,cAAc;AAC7B,eAAO,IAAI,MAAM,QAAQ,IAAI,gDAAgD,CAAC;AAAA,MAChF,OAAO;AACL,eAAO,GAAG;AAAA,MACZ;AAAA,IACF,CAAC;AAED,WAAO,OAAO,MAAM,WAAW;AAAA,EACjC,CAAC;AACH;AAEA,SAAS,cAAsB;AAC7B,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAQT;AAGA,SAAS,WAAW,OAAuB;AACzC,SAAO,MACJ,QAAQ,MAAM,OAAO,EACrB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,QAAQ,EACtB,QAAQ,MAAM,OAAO;AAC1B;AAEA,SAAS,UAAU,SAAyB;AAC1C,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA,kDAKyC,WAAW,OAAO,CAAC;AAAA;AAAA;AAGrE;;;ACrOA,eAAsB,MAAM,OAAe,QAAgC;AACzE,QAAM,YAAY,KAAK;AACvB,QAAM,SAAS,WAAW;AAC1B,aAAW;AAAA,IACT,GAAG;AAAA,IACH,SAAS,UAAU,OAAO;AAAA,EAC5B,CAAC;AACH;AAEA,IAAM,oBAAoB;AAG1B,eAAsB,iBAAyC;AAC7D,QAAM,WAAW,MAAM,iBAAiB;AACxC,MAAI,CAAC,SAAU,QAAO;AAEtB,MAAI,SAAS,SAAS,MAAO,QAAO,SAAS;AAG7C,QAAM,cAAc,SAAS,aAAa,IAAI,KAAK,SAAS,UAAU,EAAE,QAAQ,IAAI,OAAO;AAC3F,MAAI,CAAC,OAAO,SAAS,WAAW,KAAK,cAAc,KAAK,IAAI,IAAI,mBAAmB;AACjF,WAAO,SAAS;AAAA,EAClB;AACA,MAAI,CAAC,SAAS,eAAe;AAC3B,UAAM,IAAI,MAAM,+EAA+E;AAAA,EACjG;AAEA,MAAI;AACF,UAAM,SAAS,MAAM,mBAAmB,iBAAiB,GAAG,mBAAmB,GAAG,SAAS,aAAa;AACxG,UAAM,eAAe,eAAe,OAAO,UAAU;AACrD,UAAM,eAAe,OAAO,cAAc,OAAO,iBAAiB,SAAS,eAAe,YAAY;AACtG,WAAO,OAAO;AAAA,EAChB,SAAS,KAAK;AACZ,QAAI,eAAe,qBAAqB;AACtC,YAAM,eAAe;AACrB,YAAM,IAAI,MAAM,2CAA2C;AAAA,IAC7D;AACA,UAAM;AAAA,EACR;AACF;AAGA,eAAsB,kBAAyD;AAC7E,QAAM,WAAW,MAAM,iBAAiB;AACxC,SAAO,UAAU,QAAQ;AAC3B;AAEA,eAAsB,kBAAoC;AACxD,SAAQ,MAAM,iBAAiB,MAAO;AACxC;;;ACtDA,YAAY,YAAY;AAEjB,SAAS,uBAA+B;AAC7C,SAAc,mBAAY,EAAE,EAAE,SAAS,WAAW;AACpD;AAEO,SAAS,sBAAsB,UAA0B;AAC9D,SAAc,kBAAW,QAAQ,EAAE,OAAO,QAAQ,EAAE,OAAO,EAAE,SAAS,WAAW;AACnF;AAEO,SAAS,gBAAwB;AACtC,SAAc,mBAAY,EAAE,EAAE,SAAS,WAAW;AACpD;;;ACVO,SAAS,OAAgB;AAC9B,SAAO,QAAQ,QAAQ,IAAI,IAAI,CAAC;AAClC;AAGO,SAAS,gBAAyB;AACvC,SAAO,QAAQ,QAAQ,MAAM,SAAS,QAAQ,OAAO,KAAK;AAC5D;AAGO,SAAS,QAAiB;AAC/B,SAAO,QAAQ,QAAQ,IAAI,gBAAgB,KAAK,QAAQ,IAAI,SAAS,CAAC;AACxE;;;ANMA,IAAM,wBAAwB;AAEvB,IAAM,eAAe,IAAI,QAAQ,OAAO,EAC5C,YAAY,yBAAyB,EACrC,OAAO,mBAAmB,kDAAkD,EAC5E,OAAO,mBAAmB,cAAc,EACxC,OAAO,OAAO,SAA8C;AAC3D,MAAI,KAAK,OAAO;AACd,UAAM,MAAM,KAAK,OAAO,KAAK,MAAM;AACnC,YAAQ,IAAI,4BAA4B;AACxC;AAAA,EACF;AAIA,QAAM,iBAAiB,KAAK,MAAM;AAClC,UAAQ,IAAI,4BAA4B;AAC1C,CAAC;AAEH,eAAe,iBAAiB,QAAgC;AAC9D,QAAM,eAAe,qBAAqB;AAC1C,QAAM,gBAAgB,sBAAsB,YAAY;AACxD,QAAM,QAAQ,cAAc;AAE5B,QAAM,OAAO;AACb,QAAM,cAAc,oBAAoB,IAAI;AAE5C,QAAM,gBAAgB,iBAAiB;AACvC,QAAM,WAAW,mBAAmB;AAEpC,QAAM,eAAe,IAAI,IAAI,GAAG,aAAa,mBAAmB;AAChE,eAAa,aAAa,IAAI,aAAa,QAAQ;AACnD,eAAa,aAAa,IAAI,gBAAgB,WAAW;AACzD,eAAa,aAAa,IAAI,iBAAiB,MAAM;AACrD,eAAa,aAAa,IAAI,kBAAkB,aAAa;AAC7D,eAAa,aAAa,IAAI,yBAAyB,MAAM;AAC7D,eAAa,aAAa,IAAI,SAAS,KAAK;AAG5C,eAAa,aAAa,IAAI,SAAS,qCAAqC;AAG5E,QAAM,kBAAkB,oBAAoB,MAAM,KAAK;AAEvD,MAAI;AACJ,MAAI,MAAM,GAAG;AAEX,YAAQ,IAAI,mEAAmE;AAC/E,YAAQ,IAAI,aAAa,SAAS,CAAC;AAAA,EACrC,OAAO;AACL,YAAQ,IAAI,uCAAuC;AACnD,UAAM,OAAO,MAAM,OAAO,MAAM,EAAE,KAAK,OAAK,EAAE,OAAO;AAGrD,QAAI,kBAAkB;AACtB,oBAAgB,WAAW,MAAM;AAC/B,wBAAkB;AAClB,cAAQ,IAAI,sCAAsC,aAAa,SAAS,CAAC,EAAE;AAAA,IAC7E,GAAG,qBAAqB;AAExB,SAAK,aAAa,SAAS,CAAC,EAAE,MAAM,MAAM;AACxC,UAAI,gBAAiB;AACrB,mBAAa,aAAa;AAC1B,cAAQ,IAAI,uCAAuC;AACnD,cAAQ,IAAI,UAAU,aAAa,SAAS,CAAC,EAAE;AAAA,IACjD,CAAC;AAAA,EACH;AAEA,MAAI;AACJ,MAAI;AACF,KAAC,EAAE,KAAK,IAAI,MAAM;AAAA,EACpB,UAAE;AACA,QAAI,cAAe,cAAa,aAAa;AAAA,EAC/C;AAEA,QAAM,SAAS,MAAM,sBAAsB,eAAe,UAAU,MAAM,cAAc,WAAW;AACnG,QAAM,YAAY,eAAe,OAAO,UAAU;AAClD,QAAM,eAAe,OAAO,cAAc,OAAO,eAAe,SAAS;AAEzE,QAAM,mBAAmB,2BAA2B,OAAO,aAAa;AACxE,MAAI,iBAAkB,SAAQ,KAAK,gBAAgB;AAEnD,QAAM,SAAS,WAAW;AAC1B,aAAW;AAAA,IACT,GAAG;AAAA,IACH,SAAS,UAAU,OAAO;AAAA,EAC5B,CAAC;AACH;;;AO3GA,SAAS,WAAAC,gBAAe;;;ACCjB,IAAM,WAAN,cAAuB,MAAM;AAAA,EAClC,YACkB,QAChB,SACgB,MACA,MAChB;AACA,UAAM,OAAO;AALG;AAEA;AACA;AAGhB,SAAK,OAAO;AAAA,EACd;AAAA;AAAA,EAGA,IAAI,aAAsB;AACxB,WAAO,KAAK,UAAU,OAAO,KAAK,SAAS;AAAA,EAC7C;AACF;AAGO,SAAS,aAAa,KAA6B;AACxD,MAAI,EAAE,eAAe,UAAW,QAAO;AACvC,UAAQ,IAAI,QAAQ;AAAA,IAClB,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT;AACE,UAAI,IAAI,UAAU,IAAK,QAAO;AAC9B,aAAO;AAAA,EACX;AACF;AAGO,SAAS,eAAe,KAAoB;AACjD,QAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,UAAQ,MAAM,UAAU,OAAO,EAAE;AACjC,QAAM,OAAO,aAAa,GAAG;AAC7B,MAAI,KAAM,SAAQ,MAAM,IAAI;AAC9B;;;ACtCO,IAAM,YAAN,MAAgB;AAAA,EACZ;AAAA,EACD;AAAA,EAER,cAAc;AACZ,UAAM,SAAS,WAAW;AAC1B,SAAK,UAAU,OAAO;AAAA,EACxB;AAAA,EAEQ,WAAmC;AACzC,QAAI,CAAC,KAAK,cAAe,MAAK,gBAAgB,eAAe;AAC7D,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAc,cAA+C;AAC3D,UAAM,QAAQ,MAAM,KAAK,SAAS;AAClC,WAAO,QAAQ,EAAE,iBAAiB,UAAU,KAAK,GAAG,IAAI,CAAC;AAAA,EAC3D;AAAA,EAEA,MAAM,QAAqB,QAAgB,MAAc,MAA4B;AACnF,UAAM,MAAM,MAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI,IAAI;AAAA,MAChD;AAAA,MACA,SAAS;AAAA,QACP,GAAI,MAAM,KAAK,YAAY;AAAA,QAC3B,gBAAgB;AAAA,MAClB;AAAA,MACA,MAAM,OAAO,KAAK,UAAU,IAAI,IAAI;AAAA,IACtC,CAAC;AAID,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,QAAI;AACJ,QAAI,MAAM;AACR,UAAI;AACF,iBAAS,KAAK,MAAM,IAAI;AAAA,MAC1B,QAAQ;AACN,iBAAS;AAAA,MACX;AAAA,IACF;AAEA,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,IAAI;AAAA,QACR,IAAI;AAAA,QACJ,QAAQ,OAAO,WAAW,QAAQ,IAAI,MAAM;AAAA,QAC5C,QAAQ,OAAO;AAAA,QACf;AAAA,MACF;AAAA,IACF;AACA,WAAO,QAAQ;AAAA,EACjB;AAAA,EAEA,MAAM,WAAW,KAAa,MAAgB,aAAoC;AAChF,UAAM,MAAM,MAAM,MAAM,KAAK;AAAA,MAC3B,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,GAAI,MAAM,KAAK,YAAY;AAAA,QAC3B,gBAAgB;AAAA,MAClB;AAAA,MACA;AAAA,IACF,CAAC;AACD,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,IAAI,SAAS,IAAI,QAAQ,uBAAuB,IAAI,MAAM,EAAE;AAAA,IACpE;AAAA,EACF;AACF;;;AFhEO,IAAM,gBAAgB,IAAIC,SAAQ,QAAQ,EAC9C,YAAY,0CAA0C,EACtD,OAAO,YAAY;AAClB,QAAM,OAAO,MAAM,gBAAgB;AAInC,MAAI,SAAS,SAAS;AACpB,QAAI;AACF,YAAM,SAAS,IAAI,UAAU;AAC7B,YAAM,OAAO,QAAQ,QAAQ,iBAAiB;AAAA,IAChD,SAAS,KAAK;AACZ,cAAQ,KAAK,qCAAqC,eAAe,QAAQ,IAAI,UAAU,SAAS,uCAAuC;AAAA,IACzI;AAAA,EACF;AAEA,QAAM,eAAe;AACrB,UAAQ,IAAI,yBAAyB;AACvC,CAAC;;;AGvBH,SAAS,WAAAC,gBAAe;;;ACAxB,OAAO,WAAW;AAClB,OAAO,WAAW;AAIX,SAAS,aAAa,MAAe,QAA8B;AACxE,MAAI,WAAW,QAAQ;AACrB,WAAO,KAAK,UAAU,MAAM,MAAM,CAAC;AAAA,EACrC;AAEA,MAAI,MAAM,QAAQ,IAAI,GAAG;AACvB,WAAO,YAAY,IAAiC;AAAA,EACtD;AAEA,MAAI,OAAO,SAAS,YAAY,SAAS,MAAM;AAC7C,WAAO,eAAe,IAA+B;AAAA,EACvD;AAEA,SAAO,OAAO,IAAI;AACpB;AAEA,SAAS,YAAY,MAAyC;AAC5D,MAAI,KAAK,WAAW,EAAG,QAAO,MAAM,IAAI,YAAY;AAEpD,QAAM,OAAO,OAAO,KAAK,KAAK,CAAC,CAAE;AACjC,QAAM,QAAQ,IAAI,MAAM,EAAE,MAAM,KAAK,IAAI,OAAK,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;AAE9D,aAAW,OAAO,MAAM;AACtB,UAAM,KAAK,KAAK,IAAI,OAAK;AACvB,YAAM,MAAM,IAAI,CAAC;AACjB,UAAI,QAAQ,QAAQ,QAAQ,OAAW,QAAO;AAC9C,UAAI,OAAO,QAAQ,SAAU,QAAO,KAAK,UAAU,GAAG;AACtD,aAAO,OAAO,GAAG;AAAA,IACnB,CAAC,CAAC;AAAA,EACJ;AAEA,SAAO,MAAM,SAAS;AACxB;AAEA,SAAS,eAAe,KAAsC;AAC5D,QAAM,QAAQ,IAAI,MAAM;AACxB,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,GAAG,GAAG;AAC9C,UAAM,eAAe,OAAO,UAAU,WAAW,KAAK,UAAU,KAAK,IAAI,OAAO,SAAS,EAAE;AAC3F,UAAM,KAAK,EAAE,CAAC,MAAM,KAAK,GAAG,CAAC,GAAG,aAAa,CAAC;AAAA,EAChD;AACA,SAAO,MAAM,SAAS;AACxB;;;AC9CA,SAAS,gBAAAC,qBAAoB;AAItB,SAAS,UAAU,MAAuC;AAC/D,MAAI,KAAK,WAAW,GAAG,GAAG;AACxB,UAAM,UAAUA,cAAa,KAAK,MAAM,CAAC,GAAG,OAAO;AACnD,WAAO,KAAK,MAAM,OAAO;AAAA,EAC3B;AACA,SAAO,KAAK,MAAM,IAAI;AACxB;AAEO,SAAS,YAAY,KAAsB;AAEhD,MAAI,UAA0B;AAC9B,SAAO,SAAS;AACd,UAAM,KAAK,QAAQ,KAAK,EAAE;AAC1B,QAAI,GAAI,QAAO;AACf,cAAU,QAAQ;AAAA,EACpB;AACA,UAAQ,MAAM,+BAA+B;AAC7C,SAAO,QAAQ,KAAK,CAAC;AACvB;AAEO,SAAS,UAAU,KAA4B;AAOpD,MAAI,OAAgB;AACpB,SAAO,KAAK,OAAQ,QAAO,KAAK;AAChC,QAAM,OAAO,KAAK,KAAK;AAGvB,SAAO,KAAK,QAAQ,KAAK,WAAW,SAAS,SAAS;AACxD;;;ACrCA,YAAY,cAAc;AAQnB,SAAS,QAAQ,UAAkB,OAAiC,CAAC,GAAqB;AAC/F,MAAI,CAAC,cAAc,EAAG,QAAO,QAAQ,QAAQ,IAAI;AAEjD,QAAM,SAAS,KAAK,aAAa,UAAU;AAC3C,QAAM,KAAc,yBAAgB,EAAE,OAAO,QAAQ,OAAO,QAAQ,QAAQ,OAAO,CAAC;AACpF,SAAO,IAAI,QAAQ,CAAC,YAAY;AAC9B,OAAG,SAAS,GAAG,QAAQ,IAAI,MAAM,MAAM,CAAC,WAAW;AACjD,SAAG,MAAM;AACT,YAAM,IAAI,OAAO,KAAK,EAAE,YAAY;AACpC,UAAI,MAAM,GAAI,QAAO,QAAQ,QAAQ,KAAK,UAAU,CAAC;AACrD,cAAQ,MAAM,OAAO,MAAM,KAAK;AAAA,IAClC,CAAC;AAAA,EACH,CAAC;AACH;;;AHfO,IAAM,mBAAmB,IAAIC,SAAQ,WAAW,EACpD,YAAY,kBAAkB;AAEjC,iBAAiB,QAAQ,MAAM,EAC5B,YAAY,oBAAoB,EAChC,OAAO,eAAe,eAAe,EACrC,OAAO,eAA+B,MAAwB;AAC7D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,KAAK,KAAK,MAAM,QAAQ,mBAAmB,KAAK,GAAG,CAAC,KAAK;AAC/D,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,gBAAgB,EAAE,EAAE;AAC7D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,UAAU,EAChC,YAAY,gBAAgB,EAC5B,OAAO,eAA+B,IAAY;AACjD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,iBAAiB,EAAE,EAAE;AAC9D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,aAAa,EACnC,YAAY,mBAAmB,EAC/B,eAAe,iBAAiB,eAAe,EAC/C,OAAO,wBAAwB,aAAa,EAC5C,OAAO,iBAAiB,kDAAkD,EAC1E,OAAO,eAA+B,IAAY,MAA6D;AAC9G,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC;AAAA,IACpC,MAAM,KAAK;AAAA,IACX,aAAa,KAAK;AAAA,EACpB;AACA,MAAI,KAAK,MAAM;AACb,SAAK,MAAM,IAAI,KAAK,KAAK,MAAM,GAAG,EAAE,IAAI,OAAK,EAAE,KAAK,CAAC;AAAA,EACvD;AACA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,iBAAiB,EAAE,IAAI,IAAI;AACpE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,UAAU,EAChC,YAAY,wBAAwB,EACpC,eAAe,iBAAiB,kDAAkD,EAClF,OAAO,eAA+B,IAAY,MAAwB;AACzE,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,iBAAiB,EAAE,IAAI;AAAA,IAC9D,MAAM,KAAK,KAAK,MAAM,GAAG,EAAE,IAAI,OAAK,EAAE,KAAK,CAAC;AAAA,EAC9C,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,aAAa,EACnC,YAAY,mBAAmB,EAC/B,OAAO,aAAa,0BAA0B,EAC9C,OAAO,OAAO,IAAY,SAA4B;AACrD,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,oBAAoB,EAAE,2BAA2B,GAAI;AACpF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,iBAAiB,EAAE,EAAE;AACpD,UAAQ,IAAI,SAAS;AACvB,CAAC;AAIH,iBAAiB,QAAQ,gCAAgC,EACtD,YAAY,2DAA2D,EACvE,eAAe,iBAAiB,uBAAuB,EACvD,OAAO,wBAAwB,aAAa,EAC5C,OAAO,eAA+B,cAAsB,MAA8C;AACzG,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,YAAY,YAAY;AAAA,IACvE,MAAM,KAAK;AAAA,IACX,aAAa,KAAK;AAAA,EACpB,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,+BAA+B,EACrD,YAAY,kDAAkD,EAC9D,OAAO,eAA+B,cAAsB;AAC3D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,YAAY,WAAW;AACvE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,yBAAyB,EAC/C,YAAY,mEAAmE,EAC/E,eAAe,uBAAuB,4BAA4B,EAClE,OAAO,aAAa,yCAAyC,EAC7D,OAAO,uBAAuB,6CAA6C,CAAC,MAAc,EAAE,MAAM,GAAG,CAAC,EACtG,OAAO,oBAAoB,0CAA0C,CAAC,MAAc,EAAE,MAAM,GAAG,CAAC,EAChG,OAAO,iBAAiB,uCAAuC,CAAC,MAAc,EAAE,MAAM,GAAG,CAAC,EAC1F,OAAO,eAEN,cACA,MACA;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,YAAY,YAAY;AAAA,IACvE,oBAAoB,KAAK;AAAA,IACzB,SAAS,KAAK,UAAU;AAAA,IACxB,aAAa,KAAK;AAAA,IAClB,UAAU,KAAK;AAAA,IACf,OAAO,KAAK;AAAA,EACd,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,0BAA0B,EAChD,YAAY,mCAAmC,EAC/C,eAAe,8BAA8B,0BAA0B,EACvE,OAAO,eAA+B,cAAsB,MAA6B;AACxF,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,YAAY,qBAAqB;AAAA,IAChF,cAAc,KAAK;AAAA,EACrB,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,4BAA4B,EAClD,YAAY,kDAAkD,EAC9D,OAAO,eAA+B,cAAsB;AAC3D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,YAAY,aAAa;AACzE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;AIpIH,SAAS,WAAAC,gBAAe;AAMjB,IAAM,qBAAqB,IAAIC,SAAQ,aAAa,EACxD,YAAY,oBAAoB;AAEnC,mBAAmB,QAAQ,MAAM,EAC9B,YAAY,oCAAoC,EAChD,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc;AAChE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,UAAU,EAClC,YAAY,kBAAkB,EAC9B,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,gBAAgB,EAAE,EAAE;AACtE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,aAAa,EACrC,YAAY,+BAA+B,EAC3C,eAAe,iBAAiB,iBAAiB,EACjD,OAAO,wBAAwB,aAAa,EAC5C,OAAO,mBAAmB,wCAAwC,EAClE,OAAO,iBAAiB,WAAW,EACnC,OAAO,mBAAmB,WAAW,EACrC,OAAO,oBAAoB,oDAAoD,EAC/E,OAAO,eAA+B,IAAY,MAAgH;AACjK,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,MAAM,KAAK,KAAK;AACxD,MAAI,KAAK,YAAa,MAAK,aAAa,IAAI,KAAK;AACjD,MAAI,KAAK,OAAQ,MAAK,aAAa,IAAI,UAAU,KAAK,MAAM;AAC5D,MAAI,KAAK,KAAM,MAAK,MAAM,IAAI,KAAK;AACnC,MAAI,KAAK,MAAO,MAAK,OAAO,IAAI,KAAK;AACrC,MAAI,KAAK,QAAS,MAAK,SAAS,IAAI,UAAU,KAAK,OAAO;AAC1D,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,gBAAgB,EAAE,IAAI,IAAI;AAC5E,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,aAAa,EACrC,YAAY,qBAAqB,EACjC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,IAAY,MAAyB;AAC1E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,sBAAsB,EAAE,2BAA2B,GAAI;AACtF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,gBAAgB,EAAE,EAAE;AAC5D,UAAQ,IAAI,SAAS;AACvB,CAAC;;;AC5DH,SAAS,WAAAC,gBAAe;AAMjB,IAAM,mBAAmB,IAAIC,SAAQ,WAAW,EACpD,YAAY,kBAAkB;AAEjC,iBAAiB,QAAQ,qBAAqB,EAC3C,YAAY,6BAA6B,EACzC,eAAe,iBAAiB,wCAAwC,EACxE,OAAO,aAAa,wDAAwD,EAC5E,OAAO,sBAAsB,kDAAkD,EAC/E,OAAO,8BAA8B,6CAA6C,EAClF,OAAO,eAA+B,YAAoB,MAAmF;AAC5I,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,MAAM,UAAU,KAAK,IAAI,EAAE;AACnE,MAAI,KAAK,WAAY,MAAK,aAAa,IAAI,KAAK;AAChD,MAAI,KAAK,eAAgB,MAAK,iBAAiB,IAAI,KAAK;AACxD,QAAM,OAAO,KAAK,KACd,OAAO,EAAE,cAAc,UAAU,IAAI,KAAK,EAAE,KAC5C,OAAO,EAAE,cAAc,UAAU;AACrC,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,MAAM,IAAI;AACnD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,oBAAoB,EAC1C,YAAY,4EAA4E,EACxF,OAAO,mBAAmB,iGAAiG,EAC3H,OAAO,iBAAiB,iGAAiG,EACzH,OAAO,mBAAmB,kCAAkC,EAC5D,OAAO,eAAe,aAAa,EACnC,OAAO,gBAAgB,mBAAmB,EAC1C,OAAO,eAA+B,YAAoB,MAA4F;AACrJ,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,KAAK,IAAI,gBAAgB;AAC/B,MAAI,KAAK,OAAQ,IAAG,IAAI,UAAU,KAAK,UAAU,UAAU,KAAK,MAAM,CAAC,CAAC;AACxE,MAAI,KAAK,KAAM,IAAG,IAAI,QAAQ,KAAK,UAAU,UAAU,KAAK,IAAI,CAAC,CAAC;AAClE,MAAI,KAAK,OAAQ,IAAG,IAAI,UAAU,KAAK,MAAM;AAC7C,MAAI,KAAK,MAAO,IAAG,IAAI,SAAS,KAAK,KAAK;AAC1C,MAAI,KAAK,OAAQ,IAAG,IAAI,UAAU,KAAK,MAAM;AAC7C,QAAM,IAAI,GAAG,SAAS;AACtB,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,UAAU,GAAG,IAAI,IAAI,CAAC,KAAK,EAAE,EAAE;AAC/F,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,uBAAuB,EAC7C,YAAY,sBAAsB,EAClC,OAAO,eAA+B,YAAoB,IAAY;AACrE,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,EAAE;AAClF,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,0BAA0B,EAChD,YAAY,mBAAmB,EAC/B,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,YAAoB,IAAY,MAAyB;AAC9F,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,mBAAmB,UAAU,IAAI,EAAE,0BAA0B,GAAI;AAChG,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,EAAE;AACxE,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACtEH,SAAS,WAAAC,gBAAe;AACxB,SAAS,gBAAAC,qBAAoB;AAKtB,IAAM,aAAa,IAAIC,SAAQ,KAAK,EACxC,YAAY,qDAAqD,EACjE,SAAS,WAAW,yBAAyB,EAC7C,OAAO,iBAAiB,0CAA0C,EAClE,OAAO,mBAAmB,mEAAmE,EAC7F,OAAO,eAA+B,UAA8B,MAA2C;AAC9G,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAE7B,MAAI;AACJ,MAAI,KAAK,MAAM;AACb,YAAQC,cAAa,KAAK,MAAM,OAAO,EAAE,KAAK;AAAA,EAChD,WAAW,UAAU;AACnB,YAAQ;AAAA,EACV,OAAO;AACL,YAAQ,MAAM,sDAAsD;AACpE,YAAQ,KAAK,CAAC;AAAA,EAChB;AAEA,QAAM,SAAkC,CAAC;AACzC,MAAI,KAAK,OAAO;AACd,eAAW,MAAM,KAAK,OAAO;AAC3B,YAAM,QAAQ,GAAG,QAAQ,GAAG;AAC5B,UAAI,UAAU,IAAI;AAChB,gBAAQ,MAAM,gCAAgC,EAAE,uBAAuB;AACvE,gBAAQ,KAAK,CAAC;AAAA,MAChB;AACA,aAAO,GAAG,MAAM,GAAG,KAAK,CAAC,IAAI,GAAG,MAAM,QAAQ,CAAC;AAAA,IACjD;AAAA,EACF;AAEA,QAAM,OAAgC,EAAE,MAAM;AAC9C,MAAI,OAAO,KAAK,MAAM,EAAE,SAAS,EAAG,MAAK,SAAS;AAElD,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,QAAQ,IAAI;AAC/D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;AC1CH,SAAS,WAAAC,gBAAe;AAMjB,IAAM,uBAAuB,IAAIC,SAAQ,eAAe,EAC5D,YAAY,wCAAwC;AAEvD,qBAAqB,QAAQ,QAAQ,EAClC,YAAY,iCAAiC,EAC7C,eAAe,4BAA4B,iCAAiC,EAC5E,eAAe,4BAA4B,iCAAiC,EAC5E,eAAe,iBAAiB,mBAAmB,EACnD,OAAO,aAAa,iBAAiB,EACrC,OAAO,iBAAiB,kDAAkD,EAC1E,OAAO,eAA+B,MAAoF;AACzH,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,CAAC,kBAAkB,QAAQ,IAAI,KAAK,OAAO,MAAM,GAAG;AAC1D,QAAM,CAAC,kBAAkB,QAAQ,IAAI,KAAK,OAAO,MAAM,GAAG;AAC1D,QAAM,OAAgC;AAAA,IACpC,UAAU,KAAK;AAAA,IACf,mBAAmB;AAAA,IACnB,WAAW;AAAA,IACX,mBAAmB;AAAA,IACnB,WAAW;AAAA,EACb;AACA,MAAI,KAAK,GAAI,MAAK,IAAI,IAAI,KAAK;AAC/B,MAAI,KAAK,KAAM,MAAK,MAAM,IAAI,UAAU,KAAK,IAAI;AACjD,QAAM,OAAO,KAAK,KAAK,OAAO,EAAE,kBAAkB,KAAK,EAAE,KAAK,OAAO,EAAE;AACvE,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,MAAM,IAAI;AACnD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,qBAAqB,QAAQ,UAAU,EACpC,YAAY,0BAA0B,EACtC,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,kBAAkB,EAAE,EAAE;AACxE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,qBAAqB,QAAQ,aAAa,EACvC,YAAY,uBAAuB,EACnC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,IAAY,MAAyB;AAC1E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,uBAAuB,EAAE,0BAA0B,GAAI;AACtF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,kBAAkB,EAAE,EAAE;AAC9D,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACxDH,SAAS,WAAAC,gBAAe;AAMjB,IAAM,2BAA2B,IAAIC,SAAQ,oBAAoB,EACrE,YAAY,sEAAuE;AAEtF,yBAAyB,QAAQ,MAAM,EACpC,YAAY,2CAA2C,EACvD,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,qBAAqB;AACvE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,yBAAyB,QAAQ,gBAAgB,EAC9C,YAAY,yBAAyB,EACrC,OAAO,eAA+B,SAAiB;AACtD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,uBAAuB,OAAO,EAAE;AAClF,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,yBAAyB,QAAQ,mBAAmB,EACjD,YAAY,sCAAsC,EAClD,OAAO,wBAAwB,aAAa,EAC5C,OAAO,mBAAmB,2FAA2F,EACrH,OAAO,+BAA+B,qEAAqE,EAC3G,OAAO,+BAA+B,qEAAqE,EAC3G,OAAO,eAA+B,SAAiB,MAAyG;AAC/J,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,CAAC;AACvC,MAAI,KAAK,YAAa,MAAK,aAAa,IAAI,KAAK;AACjD,MAAI,KAAK,OAAQ,MAAK,aAAa,IAAI,UAAU,KAAK,MAAM;AAC5D,MAAI,KAAK,kBAAmB,MAAK,oBAAoB,IAAI,UAAU,KAAK,iBAAiB;AACzF,MAAI,KAAK,kBAAmB,MAAK,oBAAoB,IAAI,UAAU,KAAK,iBAAiB;AACzF,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,uBAAuB,OAAO,IAAI,IAAI;AACxF,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,yBAAyB,QAAQ,mBAAmB,EACjD,YAAY,4BAA4B,EACxC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,SAAiB,MAAyB;AAC/E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,6BAA6B,OAAO,2BAA2B,GAAI;AAClG,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,uBAAuB,OAAO,EAAE;AACxE,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACzDH,SAAS,WAAAC,gBAAe;AAKjB,IAAM,4BAA4B,IAAIC,SAAQ,qBAAqB,EACvE,YAAY,yBAAyB,EACrC,SAAS,gBAAgB,mCAAmC,EAC5D,SAAS,QAAQ,oBAAoB,EACrC,OAAO,iBAAiB,6BAA6B,EACrD,OAAO,qBAAqB,0CAA0C,MAAM,EAC5E,OAAO,eAAe,eAAe,IAAI,EACzC,OAAO,gBAAgB,gBAAgB,GAAG,EAC1C,OAAO,eAA+B,YAAoB,IAAY,MAA2E;AAChJ,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,IAAI,gBAAgB;AACnC,MAAI,KAAK,KAAM,QAAO,IAAI,YAAY,KAAK,IAAI;AAE/C,QAAM,eAAuC,EAAE,UAAU,UAAU,UAAU,UAAU,MAAM,OAAO;AACpG,SAAO,IAAI,aAAa,aAAa,KAAK,SAAS,KAAK,KAAK,SAAS;AACtE,SAAO,IAAI,SAAS,KAAK,KAAK;AAC9B,SAAO,IAAI,UAAU,KAAK,MAAM;AAChC,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,YAAY,OAAO,SAAS,CAAC,EAAE;AAC/G,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;ACzBH,SAAS,WAAAC,iBAAe;AACxB,SAAS,gBAAAC,qBAAoB;AAMtB,IAAM,qBAAqB,IAAIC,UAAQ,aAAa,EACxD,YAAY,6BAA6B;AAE5C,mBAAmB,QAAQ,0BAA0B,EAClD,YAAY,0GAA0G,EACtH,eAAe,qBAAqB,wCAAwC,EAC5E,OAAO,yBAAyB,aAAa,0BAA0B,EACvE,OAAO,iBAAiB,qEAAqE,EAC7F,OAAO,eAA+B,YAAoB,IAAY,MAAgE;AACrI,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,gBAAgB;AAAA,IAC/F,UAAU,KAAK;AAAA,IACf,cAAc,KAAK;AAAA,EACrB,CAAC;AAED,MAAI,KAAK,MAAM;AACb,UAAM,OAAOC,cAAa,KAAK,IAAI;AACnC,UAAM,YAAY,KAAK,WAAW,WAAW,MAAM,IAAI,KAAK,aAAa,GAAG,OAAO,OAAO,GAAG,KAAK,UAAU;AAC5G,UAAM,OAAO,WAAW,WAAW,MAAM,KAAK,WAAW;AACzD,YAAQ,IAAI,aAAa,EAAE,GAAG,MAAM,UAAU,KAAK,GAAG,UAAU,IAAI,CAAC,CAAC;AAAA,EACxE,OAAO;AACL,YAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AAAA,EACjD;AACF,CAAC;AAEH,mBAAmB,QAAQ,uBAAuB,EAC/C,YAAY,kDAAkD,EAC9D,eAAe,qBAAqB,wCAAwC,EAC5E,OAAO,eAA+B,YAAoB,IAAY,MAA4B;AACjG,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,cAAc,MAAM,OAAO,QAAgE,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,cAAc;AAC7J,QAAM,QAAQ,YAAY,KAAK,OAAK,EAAE,IAAI,SAAS,IAAI,KAAK,QAAQ,EAAE,CAAC;AACvE,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,MAAM,eAAe,KAAK,QAAQ,aAAa;AAAA,EAC3D;AACA,QAAM,cAAc,GAAG,OAAO,OAAO,OAAO,EAAE,gBAAgB,MAAM,GAAG;AACvE,UAAQ,IAAI,aAAa,EAAE,cAAc,aAAa,GAAG,MAAM,GAAG,UAAU,IAAI,CAAC,CAAC;AACpF,CAAC;AAEH,mBAAmB,QAAQ,wBAAwB,EAChD,YAAY,iCAAiC,EAC7C,OAAO,mBAAmB,oCAAoC,EAC9D,OAAO,eAA+B,YAAoB,IAAY,MAA2B;AAChG,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,QAAQ,KAAK,SAAS,WAAW,mBAAmB,KAAK,MAAM,CAAC,KAAK;AAC3E,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,eAAe,KAAK,EAAE;AACtG,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,0CAA0C,EAClE,YAAY,sBAAsB,EAClC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,YAAoB,IAAY,cAAsB,MAAyB;AACpH,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,qBAAqB,YAAY,OAAO,UAAU,IAAI,EAAE,0BAA0B,GAAI;AACrH,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,gBAAgB,YAAY,EAAE;AACpG,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACvEH,SAAS,kBAAkB;AAC3B,SAAS,WAAAC,iBAAe;AAMjB,IAAM,eAAe,IAAIC,UAAQ,OAAO,EAC5C,YAAY,kCAAkC;AAEjD,aAAa,QAAQ,QAAQ,EAC1B,YAAY,2BAA2B,EACvC,eAAe,iBAAiB,WAAW,EAC3C,eAAe,qBAAqB,oBAAoB,EACxD,OAAO,aAAa,qCAAqC,EACzD,OAAO,oCAAoC,kCAAkC,EAC7E,OAAO,eAA+B,MAA+E;AACpH,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,KAAK,MAAM,WAAW;AACrC,QAAM,OAAgC;AAAA,IACpC,MAAM,KAAK;AAAA,IACX,QAAQ,KAAK;AAAA,IACb,SAAS;AAAA,EACX;AACA,MAAI,KAAK,iBAAiB;AACxB,SAAK,kBAAkB,IAAI,KAAK,gBAAgB,MAAM,GAAG;AAAA,EAC3D;AACA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,UAAU,MAAM,IAAI,IAAI;AAC1E,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,aAAa,QAAQ,UAAU,EAC5B,YAAY,YAAY,EACxB,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,UAAU,EAAE,EAAE;AAChE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,aAAa,QAAQ,MAAM,EACxB,YAAY,gBAAgB,EAC5B,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,QAAQ;AAC1D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,aAAa,QAAQ,aAAa,EAC/B,YAAY,eAAe,EAC3B,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,IAAY,MAAyB;AAC1E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,eAAe,EAAE,0BAA0B,GAAI;AAC9E,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,UAAU,EAAE,EAAE;AACtD,UAAQ,IAAI,SAAS;AACvB,CAAC;;;AC9DH,SAAS,cAAAC,mBAAkB;AAC3B,SAAS,WAAAC,iBAAe;AAMjB,IAAM,kBAAkB,IAAIC,UAAQ,UAAU,EAClD,YAAY,0BAA0B;AAEzC,gBAAgB,QAAQ,QAAQ,EAC7B,YAAY,4BAA4B,EACxC,eAAe,iBAAiB,cAAc,EAC9C,eAAe,eAAe,YAAY,EAC1C,eAAe,qBAAqB,qBAAqB,EACzD,eAAe,qBAAqB,6BAA6B,EACjE,OAAO,aAAa,wCAAwC,EAC5D,OAAO,oCAAoC,kCAAkC,EAC7E,OAAO,mBAAmB,0BAA0B,EACpD,OAAO,eAA+B,MAA6H;AAClK,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,YAAY,KAAK,MAAMC,YAAW;AACxC,QAAM,OAAgC;AAAA,IACpC,MAAM,KAAK;AAAA,IACX,KAAK,KAAK;AAAA,IACV,QAAQ,KAAK;AAAA,IACb,QAAQ,KAAK,OAAO,MAAM,GAAG;AAAA,IAC7B,SAAS;AAAA,EACX;AACA,MAAI,KAAK,iBAAiB;AACxB,SAAK,kBAAkB,IAAI,KAAK,gBAAgB,MAAM,GAAG;AAAA,EAC3D;AACA,MAAI,KAAK,QAAQ;AACf,SAAK,QAAQ,IAAI,KAAK,MAAM,KAAK,MAAM;AAAA,EACzC;AACA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,aAAa,SAAS,IAAI,IAAI;AAChF,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,gBAAgB,QAAQ,UAAU,EAC/B,YAAY,eAAe,EAC3B,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,aAAa,EAAE,EAAE;AACnE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,gBAAgB,QAAQ,MAAM,EAC3B,YAAY,mBAAmB,EAC/B,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,WAAW;AAC7D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,gBAAgB,QAAQ,YAAY,EACjC,YAAY,0DAA0D,EACtE,OAAO,qBAAqB,wDAAwD,EACpF,OAAO,qBAAqB,sBAAsB,EAClD,OAAO,eAA+B,MAA+C;AACpF,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,IAAI,gBAAgB;AACnC,MAAI,KAAK,OAAQ,QAAO,IAAI,UAAU,KAAK,MAAM;AACjD,MAAI,KAAK,UAAW,QAAO,IAAI,cAAc,KAAK,SAAS;AAC3D,QAAM,KAAK,OAAO,SAAS;AAC3B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,uBAAuB,KAAK,IAAI,EAAE,KAAK,EAAE,EAAE;AAC7F,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,gBAAgB,QAAQ,aAAa,EAClC,YAAY,kBAAkB,EAC9B,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,IAAY,MAAyB;AAC1E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,kBAAkB,EAAE,0BAA0B,GAAI;AACjF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,aAAa,EAAE,EAAE;AACzD,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACrFH,SAAS,WAAAC,iBAAe;AAMjB,IAAM,mBAAmB,IAAIC,UAAQ,WAAW,EACpD,YAAY,8BAA8B;AAE7C,iBAAiB,QAAQ,eAAe,EACrC,YAAY,kCAAkC,EAC9C,OAAO,iBAAiB,wDAAwD,EAChF,OAAO,wBAAwB,sBAAsB,EACrD,OAAO,iBAAiB,yDAAyD,SAAS,CAAC,CAAC,EAC5F,OAAO,yBAAyB,yDAAyD,SAAS,CAAC,CAAC,EACpG,OAAO,kBAAkB,gEAAgE,SAAS,CAAC,CAAC,EACpG,OAAO,eAAe,uBAAuB,EAC7C,OAAO,mBAAmB,yHAAyH,EACnJ,OAAO,eAA+B,MAAc,MAQlD;AACD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAE7B,MAAI;AAEJ,MAAI,KAAK,QAAQ;AAEf,WAAO,KAAK,MAAM,KAAK,MAAM;AAAA,EAC/B,OAAO;AACL,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,MAAM,2DAA2D;AAAA,IAC7E;AACA,WAAO;AAAA,MACL,MAAM,KAAK;AAAA,MACX,OAAO,KAAK,KAAK,IAAI,aAAa;AAAA,IACpC;AAEA,QAAI,KAAK,YAAa,MAAK,cAAc,KAAK;AAE9C,QAAI,KAAK,aAAa,SAAS,GAAG;AAChC,WAAK,gBAAgB,KAAK,aAAa,IAAI,YAAY;AAAA,IACzD;AAEA,QAAI,KAAK,MAAM,SAAS,GAAG;AACzB,YAAM,aAAuC,CAAC;AAC9C,iBAAW,QAAQ,KAAK,OAAO;AAC7B,cAAM,SAAS,UAAU,IAAI;AAC7B,mBAAW,OAAO,GAAG,IAAI,OAAO;AAAA,MAClC;AACA,WAAK,QAAQ,EAAE,SAAS,MAAM,WAAW;AAAA,IAC3C;AAEA,QAAI,KAAK,SAAU,MAAK,YAAY;AAAA,EACtC;AAEA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,IAAI,IAAI,IAAI;AAC5E,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,YAAY,EAClC,YAAY,iBAAiB,EAC7B,OAAO,cAAc,qCAAqC,EAC1D,OAAO,eAA+B,MAAc,MAA8B;AACjF,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,KAAK,WACd,OAAO,EAAE,cAAc,IAAI,cAC3B,OAAO,EAAE,cAAc,IAAI;AAC/B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,IAAI;AAC7C,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,MAAM,EAC5B,YAAY,oBAAoB,EAChC,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,YAAY;AAC9D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,eAAe,EACrC,YAAY,oBAAoB,EAChC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,MAAc,MAAyB;AAC5E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,oBAAoB,IAAI,2BAA2B,GAAI;AACtF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,cAAc,IAAI,EAAE;AAC5D,UAAQ,IAAI,SAAS;AACvB,CAAC;AAEH,iBAAiB,QAAQ,YAAY,EAClC,YAAY,4CAA4C,EACxD,OAAO,sBAAsB,yBAAyB,KAAK,EAC3D,OAAO,CAAC,OAAe,SAAgC;AACtD,QAAM,YAAY,KAAK,cAAc,QAAQ,QAAQ;AACrD,UAAQ,IAAI,2BAA2B,KAAK,IAAI,SAAS,EAAE;AAC7D,CAAC;AAIH,SAAS,QAAQ,OAAe,UAA8B;AAC5D,SAAO,CAAC,GAAG,UAAU,KAAK;AAC5B;AAEA,SAAS,UAAU,MAA8C;AAC/D,QAAM,CAAC,KAAK,MAAM,IAAI,KAAK,MAAM,GAAG;AACpC,MAAI,CAAC,OAAO,CAAC,QAAQ;AACnB,UAAM,IAAI,MAAM,iBAAiB,IAAI,kCAAkC;AAAA,EACzE;AACA,SAAO,EAAE,KAAK,KAAK,OAAO,MAAM,GAAG,EAAE;AACvC;AAEA,SAAS,cAAc,MAAuC;AAC5D,QAAM,EAAE,KAAK,IAAI,IAAI,UAAU,IAAI;AACnC,SAAO,EAAE,YAAY,KAAK,YAAY,IAAI;AAC5C;AAEA,SAAS,aAAa,MAAuC;AAC3D,QAAM,EAAE,KAAK,IAAI,IAAI,UAAU,IAAI;AACnC,SAAO,EAAE,UAAU,KAAK,YAAY,IAAI;AAC1C;;;ACpIA,SAAS,WAAAC,iBAAe;AAKjB,IAAM,eAAe,IAAIC,UAAQ,OAAO,EAC5C,YAAY,0DAA0D,EACtE,eAAe,uBAAuB,6CAA6C,EACnF,OAAO,eAA+B,MAA8B;AACnE,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,aAAa,UAAU,KAAK,UAAU;AAC5C,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,UAAU;AAAA,IAC3D,YAAY,MAAM,QAAQ,UAAU,IAAI,aAAa,CAAC,UAAU;AAAA,EAClE,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;AChBH,SAAS,WAAAC,iBAAe;AAIxB,IAAM,kBAAkB;AAEjB,IAAM,mBAAmB,IAAIC,UAAQ,WAAW,EACpD,YAAY,6EAA6E;AAE5F,iBAAiB,QAAQ,mBAAmB,EACzC,YAAY,sDAAsD,eAAe,EAAE,EACnF,eAAe,kBAAkB,6CAA6C,EAC9E,OAAO,eAA+B,UAAkB,MAAyB;AAChF,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,QAAQ,UAAU,KAAK,KAAK;AAClC,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,cAAc,QAAQ,WAAW;AAAA,IAClF,OAAO,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC,KAAK;AAAA,EAC9C,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,mBAAmB,EACzC,YAAY,sDAAsD,eAAe,EAAE,EACnF,OAAO,uBAAuB,+CAA+C,EAC7E,OAAO,mBAAmB,sBAAsB,EAChD,OAAO,eAA+B,UAAkB,MAAiD;AACxG,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,QAAQ,KAAK,cAAc,gBAAgB,KAAK,WAAW,KAAK;AACtE,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,QAAQ,UAAU,KAAK,EAAE;AAEzF,MAAI,KAAK,QAAQ;AACf,UAAM,EAAE,eAAAC,eAAc,IAAI,MAAM,OAAO,IAAI;AAC3C,IAAAA,eAAc,KAAK,QAAQ,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AACxD,YAAQ,IAAI,cAAc,KAAK,MAAM,EAAE;AAAA,EACzC,OAAO;AACL,YAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AAAA,EACjD;AACF,CAAC;AAEH,iBAAiB,QAAQ,qCAAqC,EAC3D,YAAY,qEAAqE,eAAe,EAAE,EAClG,eAAe,iBAAiB,8DAA8D,EAC9F,OAAO,sBAAsB,mCAAmC,EAChE,OAAO,8BAA8B,4BAA4B,EACjE,OAAO,eAA+B,UAAkB,YAAoB,MAAsE;AACjJ,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,WAAW,UAAU,KAAK,IAAI;AACpC,QAAM,aAAuB,CAAC;AAC9B,MAAI,KAAK,WAAY,YAAW,KAAK,eAAe,mBAAmB,KAAK,UAAU,CAAC,EAAE;AACzF,MAAI,KAAK,eAAgB,YAAW,KAAK,mBAAmB,mBAAmB,KAAK,cAAc,CAAC,EAAE;AACrG,QAAM,KAAK,WAAW,SAAS,IAAI,WAAW,KAAK,GAAG,CAAC,KAAK;AAC5D,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,cAAc,QAAQ,cAAc,UAAU,GAAG,EAAE,IAAI,QAAQ;AAClH,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;ACxDH,SAAS,WAAAC,iBAAe;AAKjB,IAAM,gBAAgB,IAAIC,UAAQ,QAAQ,EAC9C,YAAY,mBAAmB;AAElC,cAAc,QAAQ,QAAQ,EAC3B,YAAY,2BAA2B,EACvC,eAAe,iBAAiB,YAAY,EAC5C,eAAe,mBAAmB,iCAAiC,EACnE,OAAO,uBAAuB,wDAAwD,EACtF,OAAO,eAA+B,MAA4D;AACjG,QAAM,SAAS,IAAI,UAAU;AAC7B,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,KAAK,MAAM;AAAA,EACjC,QAAQ;AACN,UAAM,IAAI,MAAM,6BAA6B;AAAA,EAC/C;AACA,QAAM,OAAgC,EAAE,MAAM,KAAK,MAAM,OAAO;AAChE,MAAI,KAAK,UAAW,MAAK,aAAa,KAAK;AAC3C,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,cAAc,IAAI;AAC5D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,cAAc,QAAQ,MAAM,EACzB,YAAY,iBAAiB,EAC7B,OAAO,iBAA+B;AACrC,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,YAAY;AACrD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,cAAc,QAAQ,mBAAmB,EACtC,YAAY,qBAAqB,EACjC,OAAO,eAA+B,SAAiB;AACtD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,cAAc,OAAO,EAAE;AACtD,UAAQ,IAAI,eAAe;AAC7B,CAAC;;;ACzCH,SAAS,WAAAC,iBAAe;AACxB,SAAS,gBAAAC,qBAAoB;AAU7B,SAAS,aAAa,MAAiD;AACrE,MAAK,KAAK,UAAU,YAAgB,KAAK,SAAS,SAAY;AAC5D,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC5D;AACA,MAAI,KAAK,SAAS,OAAW,QAAOC,cAAa,KAAK,IAAI,EAAE,SAAS,QAAQ;AAC7E,SAAO,KAAK;AACd;AAEO,IAAM,iBAAiB,IAAIC,UAAQ,SAAS,EAChD,YAAY,mCAAmC;AAElD,eAAe,QAAQ,QAAQ,EAC5B,YAAY,uEAAuE,EACnF,eAAe,iBAAiB,aAAa,EAC7C,OAAO,mBAAmB,6BAA6B,EACvD,OAAO,iBAAiB,oFAAoF,EAC5G,OAAO,yBAAyB,oDAAoD,EACpF,OAAO,uBAAuB,qFAAgF,EAC9G,OAAO,iBAAiB,sBAAsB,EAC9C,OAAO,eAA+B,MAAgH;AACrJ,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,MAAM,KAAK,MAAM,OAAO,aAAa,IAAI,EAAE;AACnF,MAAI,KAAK,YAAa,MAAK,eAAe,KAAK;AAC/C,MAAI,KAAK,UAAW,MAAK,aAAa,KAAK;AAC3C,MAAI,KAAK,KAAM,MAAK,OAAO,KAAK,KAAK,MAAM,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,OAAO;AACnF,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,qBAAqB,IAAI;AACnE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,eAAe,QAAQ,MAAM,EAC1B,YAAY,oCAAoC,EAChD,OAAO,cAAc,kDAAkD,EACvE,OAAO,cAAc,kCAAkC,IAAI,EAC3D,OAAO,eAA+B,MAA4C;AACjF,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,KAAK,WAAW,0CAA0C,mBAAmB,KAAK,IAAI,CAAC,KAAK;AACzG,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,IAAI;AAC7C,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,eAAe,QAAQ,UAAU,EAC9B,YAAY,0CAA0C,EACtD,OAAO,eAA+B,IAAY;AACjD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,qBAAqB,EAAE,EAAE;AAClE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,eAAe,QAAQ,aAAa,EACjC,YAAY,oFAAoF,EAChG,OAAO,mBAAmB,iCAAiC,EAC3D,OAAO,iBAAiB,qDAAqD,EAC7E,OAAO,uBAAuB,oDAAoD,EAClF,OAAO,eAA+B,IAAY,MAA6D;AAC9G,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,OAAO,aAAa,IAAI,EAAE;AAClE,MAAI,KAAK,UAAW,MAAK,aAAa,KAAK;AAC3C,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,qBAAqB,EAAE,WAAW,IAAI;AAChF,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,eAAe,QAAQ,aAAa,EACjC,YAAY,uBAAuB,EACnC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,IAAY,MAAyB;AAC1E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,uBAAuB,EAAE,0BAA0B,GAAI;AACtF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,qBAAqB,EAAE,EAAE;AACxD,UAAQ,IAAI,gBAAgB;AAC9B,CAAC;;;AC/EH,SAAS,WAAAC,iBAAe;AAKjB,IAAM,eAAe,IAAIC,UAAQ,OAAO,EAC5C,YAAY,yDAAyD;AAIxE,IAAM,YAAY,aAAa,QAAQ,IAAI,EAAE,YAAY,qCAAqC;AAE9F,UAAU,QAAQ,oBAAoB,EACnC,YAAY,mEAAmE,EAC/E,OAAO,eAA+B,MAAc,IAAY;AAC/D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,aAAa,mBAAmB,IAAI,CAAC,IAAI,mBAAmB,EAAE,CAAC;AAAA,EACjE;AACA,UAAQ,IAAI,aAAa,KAAK,QAAQ,UAAU,IAAI,CAAC,CAAC;AACxD,CAAC;AAEH,UAAU,QAAQ,0BAA0B,EACzC,YAAY,+DAA+D,EAC3E,OAAO,eAAe,kCAAkC,CAAC,MAAc,OAAO,CAAC,CAAC,EAChF,OAAO,oBAAoB,yCAAyC,EACpE,OAAO,eAEN,MACA,IACA,OACA,MACA;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,IAAI,gBAAgB,EAAE,MAAM,CAAC;AAC5C,MAAI,KAAK,UAAU,OAAW,QAAO,IAAI,SAAS,OAAO,KAAK,KAAK,CAAC;AACpE,MAAI,KAAK,UAAU,OAAW,QAAO,IAAI,UAAU,KAAK,KAAK;AAE7D,QAAM,OAAO,MAAM,OAAO;AAAA,IAMxB;AAAA,IACA,aAAa,mBAAmB,IAAI,CAAC,IAAI,mBAAmB,EAAE,CAAC,SAAS,MAAM;AAAA,EAChF;AAEA,QAAM,SAAS,UAAU,IAAI;AAC7B,MAAI,WAAW,QAAQ;AACrB,YAAQ,IAAI,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AACzC;AAAA,EACF;AAEA,QAAM,OAAO,KAAK,KAAK,IAAI,OAAK,OAAO,YAAY,KAAK,QAAQ,IAAI,CAAC,GAAG,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;AACzF,UAAQ,IAAI,aAAa,MAAM,MAAM,CAAC;AACtC,MAAI,KAAK,UAAW,SAAQ,IAAI,6CAAwC;AAC1E,CAAC;AAIH,IAAM,qBAAqB,aACxB,QAAQ,QAAQ,EAChB,YAAY,yEAAyE;AAaxF,mBAAmB,QAAQ,MAAM,EAC9B,YAAY,oCAAoC,EAChD,OAAO,gBAAgB,uDAAuD,EAC9E,OAAO,gBAAgB,+CAA+C,EACtE,OAAO,wBAAwB,6BAA6B,EAC5D,OAAO,eAAe,kCAAkC,CAAC,MAAc,OAAO,CAAC,CAAC,EAChF,OAAO,gBAAgB,yBAAyB,CAAC,MAAc,OAAO,CAAC,CAAC,EACxE,OAAO,iBAAiB,2CAA2C,EACnE,OAAO,eAEN,MACA;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,IAAI,gBAAgB;AACnC,MAAI,KAAK,OAAQ,QAAO,IAAI,UAAU,KAAK,MAAM;AACjD,MAAI,KAAK,OAAQ,QAAO,IAAI,UAAU,KAAK,MAAM;AACjD,MAAI,KAAK,eAAgB,QAAO,IAAI,kBAAkB,KAAK,cAAc;AACzE,MAAI,KAAK,UAAU,OAAW,QAAO,IAAI,SAAS,OAAO,KAAK,KAAK,CAAC;AACpE,MAAI,KAAK,WAAW,OAAW,QAAO,IAAI,UAAU,OAAO,KAAK,MAAM,CAAC;AACvE,MAAI,KAAK,MAAO,QAAO,IAAI,SAAS,KAAK,KAAK;AAC9C,QAAM,KAAK,OAAO,SAAS,IAAI,IAAI,MAAM,KAAK;AAE9C,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,iBAAiB,EAAE;AAAA,EACrB;AAEA,QAAM,SAAS,UAAU,IAAI;AAC7B,MAAI,WAAW,QAAQ;AACrB,YAAQ,IAAI,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AACzC;AAAA,EACF;AACA,UAAQ,IAAI,aAAa,KAAK,MAAM,MAAM,CAAC;AAC3C,UAAQ,IAAI,IAAI,KAAK,KAAK,MAAM,OAAO,KAAK,KAAK,GAAG;AACtD,CAAC;AAEH,mBAAmB,QAAQ,WAAW,EACnC,YAAY,6CAA6C,EACzD,OAAO,eAA+B,IAAY;AACjD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,EAAE,CAAC;AAAA,EAC1C;AACA,UAAQ,IAAI,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AAC3C,CAAC;AAUH,SAAS,kBAAkB,GAA4B;AACrD,UAAQ,EAAE,QAAQ;AAAA,IAChB,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO,aAAa,EAAE,UAAU,UAAU;AAAA,IAC5C,KAAK;AACH,aAAO,yBAAyB,EAAE,UAAU,mBAAmB;AAAA,IACjE,KAAK;AACH,aAAO,oCAAoC,EAAE,UAAU,SAAS;AAAA,IAClE,SAAS;AAEP,YAAM,cAAqB,EAAE;AAC7B,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,mBAAmB,QAAQ,sCAAsC,EAC9D,YAAY,2EAA2E,EACvF,OAAO,eAA+B,aAAqB,WAAqB;AAC/E,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,WAAW,CAAC;AAAA,IACjD,EAAE,YAAY,UAAU;AAAA,EAC1B;AACA,UAAQ,IAAI,WAAW,KAAK,OAAO,oBAAoB,WAAW,EAAE;AACpE,aAAW,KAAK,KAAK,WAAW,CAAC,GAAG;AAClC,YAAQ,IAAI,aAAa,EAAE,SAAS,WAAM,kBAAkB,CAAC,CAAC,EAAE;AAAA,EAClE;AACF,CAAC;AAEH,mBAAmB,QAAQ,qBAAqB,EAC7C,YAAY,4DAA4D,EACxE,OAAO,eAA+B,UAAkB;AACvD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,QAAQ,CAAC;AAAA,EAChD;AACA,UAAQ,IAAI,YAAY,KAAK,OAAO,SAAS,WAAM,KAAK,OAAO,MAAM,EAAE;AACzE,CAAC;AAEH,mBAAmB,QAAQ,eAAe,EACvC,YAAY,4DAA4D,EACxE,eAAe,cAAc,4CAA4C,EACzE,OAAO,oBAAoB,+BAA+B,EAC1D,OAAO,eAA+B,IAAY,MAAwC;AACzF,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,QAAQ,aAAa,cAAc,KAAK,GAAG;AACnF,MAAI,KAAK,QAAS,MAAK,YAAY,IAAI,KAAK;AAC5C,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,EAAE,CAAC;AAAA,IACxC;AAAA,EACF;AACA,UAAQ,IAAI,aAAa,KAAK,OAAO,SAAS,WAAM,KAAK,EAAE,EAAE;AAC/D,CAAC;AAEH,mBAAmB,QAAQ,gBAAgB,EACxC,YAAY,qDAAqD,EACjE,OAAO,eAA+B,IAAY;AACjD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,EAAE,CAAC;AAAA,IACxC,EAAE,QAAQ,YAAY;AAAA,EACxB;AACA,UAAQ,IAAI,aAAa,KAAK,OAAO,SAAS,iBAAiB,KAAK,oBAAoB,MAAM,mBAAmB;AACnH,CAAC;AAEH,mBAAmB,QAAQ,cAAc,EACtC,YAAY,6CAA6C,EACzD,eAAe,mBAAmB,+BAA+B,EACjE,OAAO,oBAAoB,+BAA+B,EAC1D,OAAO,eAA+B,IAAY,MAA4C;AAC7F,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,QAAQ,aAAa,kBAAkB,KAAK,OAAO;AAC3F,MAAI,KAAK,QAAS,MAAK,YAAY,IAAI,KAAK;AAC5C,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,EAAE,CAAC;AAAA,IACxC;AAAA,EACF;AACA,UAAQ,IAAI,aAAa,KAAK,OAAO,SAAS,aAAa,KAAK,MAAM,GAAG;AAC3E,CAAC;;;AC9NH,SAAS,WAAAC,iBAAe;AASjB,IAAM,gBAAgB,IAAIC,UAAQ,QAAQ,EAC9C,YAAY,yCAAyC;AAExD,cAAc,QAAQ,QAAQ,EAC3B,YAAY,0DAA0D,EACtE,eAAe,mBAAmB,eAAe,EACjD,eAAe,wBAAwB,eAAe,EACtD,OAAO,qBAAqB,wDAAwD,EACpF,OAAO,wBAAwB,+CAA+C,EAC9E,OAAO,qBAAqB,wEAAwE,EACpG,OAAO,sBAAsB,gCAAgC,EAC7D,OAAO,kBAAkB,oBAAoB,EAC7C,OAAO,0BAA0B,yBAAyB,EAC1D,OAAO,oBAAoB,wCAAwC,EACnE,OAAO,mBAAmB,sCAAsC,IAAI,EACpE,OAAO,2BAA2B,qDAAqD,EACvF,OAAO,eAEN,MAaA;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC;AAAA,IACpC,OAAO,KAAK;AAAA,IACZ,aAAa,KAAK;AAAA,IAClB,QAAQ,KAAK;AAAA,EACf;AACA,MAAI,KAAK,OAAQ,MAAK,QAAQ,IAAI,KAAK;AACvC,MAAI,KAAK,eAAgB,MAAK,gBAAgB,IAAI,KAAK;AACvD,MAAI,KAAK,SAAU,MAAK,WAAW,IAAI,KAAK;AAC5C,MAAI,KAAK,SAAU,MAAK,UAAU,IAAI,KAAK;AAC3C,MAAI,KAAK,MAAO,MAAK,OAAO,IAAI,KAAK;AACrC,MAAI,KAAK,aAAc,MAAK,eAAe,IAAI,KAAK;AACpD,MAAI,KAAK,QAAS,MAAK,SAAS,IAAI,KAAK;AACzC,MAAI,KAAK,cAAe,MAAK,gBAAgB,IAAI,KAAK;AAEtD,QAAM,OAAO,MAAM,OAAO,QAAwB,QAAQ,eAAe,IAAI;AAC7E,MAAI,KAAK,SAAS;AAChB,YAAQ,IAAI,yBAAyB,KAAK,SAAS,IAAI;AACvD,YAAQ,IAAI,kEAAkE;AAAA,EAChF,OAAO;AACL,YAAQ,IAAI,yCAAyC,KAAK,SAAS,8CAAyC;AAAA,EAC9G;AACF,CAAC;;;AC/DH,SAAS,WAAAC,iBAAe;AACxB,SAAS,oBAAoB;;;ACAtB,SAAS,eAAe,QAAgB,SAA0B;AACvE,QAAM,QAAQ,CAAC,MAAc,EAAE,QAAQ,WAAW,EAAE;AACpD,QAAM,IAAI,MAAM,MAAM,EAAE,MAAM,GAAG,EAAE,IAAI,MAAM;AAC7C,QAAM,IAAI,MAAM,OAAO,EAAE,MAAM,GAAG,EAAE,IAAI,MAAM;AAC9C,WAAS,IAAI,GAAG,IAAI,KAAK,IAAI,EAAE,QAAQ,EAAE,MAAM,GAAG,KAAK;AACrD,UAAM,KAAK,EAAE,CAAC,KAAK;AACnB,UAAM,KAAK,EAAE,CAAC,KAAK;AACnB,QAAI,OAAO,MAAM,EAAE,KAAK,OAAO,MAAM,EAAE,EAAG,QAAO;AACjD,QAAI,KAAK,GAAI,QAAO;AACpB,QAAI,KAAK,GAAI,QAAO;AAAA,EACtB;AACA,SAAO;AACT;;;ACbA,SAAS,gBAAAC,eAAc,iBAAAC,gBAAe,aAAAC,kBAAiB;AACvD,SAAS,QAAAC,aAAY;AACrB,SAAS,gBAAgB;AAMlB,IAAM,cAAc;AAC3B,IAAM,aAAaC,MAAK,YAAY,mBAAmB;AACvD,IAAM,aAAa,KAAK,KAAK,KAAK;AAOlC,SAAS,aAAsB;AAC7B,SAAO;AAAA,IACL,QAAQ,IAAI,oBAAoB,KAChC,QAAQ,IAAI,uBAAuB,KACnC,KAAK;AAAA,EACP;AACF;AAEA,SAAS,YAAiC;AACxC,MAAI;AACF,UAAM,SAAS,KAAK,MAAMC,cAAa,YAAY,OAAO,CAAC;AAC3D,QAAI,OAAO,OAAO,cAAc,SAAU,QAAO;AACjD,QAAI,OAAO,WAAW,QAAQ,OAAO,OAAO,WAAW,SAAU,QAAO;AACxE,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,WAAW,OAA2B;AAC7C,MAAI;AACF,IAAAC,WAAU,YAAY,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AACtD,IAAAC,eAAc,YAAY,KAAK,UAAU,KAAK,GAAG,EAAE,MAAM,IAAM,CAAC;AAAA,EAClE,QAAQ;AAAA,EAER;AACF;AAGO,SAAS,iBAAiB,SAAgC;AAC/D,QAAM,QAAQ,UAAU;AACxB,MAAI,CAAC,OAAO,OAAQ,QAAO;AAC3B,MAAI,KAAK,IAAI,IAAI,MAAM,YAAY,WAAY,QAAO;AACtD,SAAO,eAAe,MAAM,QAAQ,OAAO,IAAI,MAAM,SAAS;AAChE;AAEA,SAAS,OAAO,QAAgB,SAAuB;AACrD,UAAQ,MAAM;AAAA,oBAAuB,OAAO,WAAM,MAAM;AAAA,gCAAmC;AAC7F;AAOO,SAAS,gBAAgB,SAAuB;AACrD,MAAI,WAAW,EAAG;AAClB,MAAI;AACF,UAAM,QAAQ,UAAU;AAExB,QAAI,SAAS,KAAK,IAAI,IAAI,MAAM,YAAY,YAAY;AACtD,UAAI,MAAM,UAAU,eAAe,MAAM,QAAQ,OAAO,EAAG,QAAO,MAAM,QAAQ,OAAO;AACvF;AAAA,IACF;AAGA,eAAW,EAAE,WAAW,KAAK,IAAI,GAAG,QAAQ,OAAO,UAAU,KAAK,CAAC;AAGnE,UAAM,QAAQ;AAAA,MACZ;AAAA,MACA,CAAC,QAAQ,aAAa,SAAS;AAAA,MAC/B,EAAE,SAAS,KAAM,OAAO,KAAK;AAAA,MAC7B,CAAC,KAAK,WAAW;AACf,YAAI,IAAK;AACT,cAAM,SAAS,OAAO,KAAK;AAC3B,YAAI,CAAC,OAAQ;AACb,mBAAW,EAAE,WAAW,KAAK,IAAI,GAAG,OAAO,CAAC;AAC5C,YAAI,eAAe,QAAQ,OAAO,EAAG,QAAO,QAAQ,OAAO;AAAA,MAC7D;AAAA,IACF;AAEA,UAAM,MAAM;AAAA,EACd,QAAQ;AAAA,EAER;AACF;;;AC7FA;AAAA,EACE,MAAQ;AAAA,EACR,SAAW;AAAA,EACX,MAAQ;AAAA,EACR,SAAW;AAAA,IACT,MAAQ;AAAA,EACV;AAAA,EACA,KAAO;AAAA,IACL,OAAS;AAAA,EACX;AAAA,EACA,OAAS;AAAA,IACP;AAAA,EACF;AAAA,EACA,SAAW;AAAA,IACT,OAAS;AAAA,IACT,WAAa;AAAA,IACb,MAAQ;AAAA,IACR,KAAO;AAAA,EACT;AAAA,EACA,cAAgB;AAAA,IACd,oBAAoB;AAAA,IACpB,OAAS;AAAA,IACT,cAAc;AAAA,IACd,WAAa;AAAA,IACb,MAAQ;AAAA,EACV;AAAA,EACA,sBAAwB;AAAA,IACtB,gBAAgB;AAAA,EAClB;AAAA,EACA,iBAAmB;AAAA,IACjB,eAAe;AAAA,IACf,MAAQ;AAAA,IACR,YAAc;AAAA,IACd,QAAU;AAAA,EACZ;AACF;;;AH7BO,IAAM,gBAAgB,IAAIC,UAAQ,QAAQ,EAC9C,YAAY,sDAAsD,EAClE,OAAO,MAAM;AACZ,UAAQ,IAAI,oBAAoB,gBAAI,OAAO,EAAE;AAC7C,UAAQ,IAAI,yBAAyB;AACrC,MAAI;AACJ,MAAI;AAEF,aAAS,aAAa,OAAO,CAAC,QAAQ,aAAa,SAAS,GAAG,EAAE,SAAS,KAAQ,OAAO,KAAK,CAAC,EAC5F,SAAS,EACT,KAAK;AAAA,EACV,QAAQ;AACN,YAAQ,MAAM,2CAA2C;AACzD,YAAQ,MAAM,gCAAgC,WAAW,EAAE;AAC3D,YAAQ,KAAK,CAAC;AAAA,EAChB;AAEA,MAAI,CAAC,eAAe,QAAQ,gBAAI,OAAO,GAAG;AACxC,YAAQ,IAAI,kCAAkC,gBAAI,OAAO,IAAI;AAC7D;AAAA,EACF;AAEA,UAAQ,IAAI,YAAY,gBAAI,OAAO,WAAM,MAAM,KAAK;AACpD,MAAI;AACF,iBAAa,OAAO,CAAC,WAAW,MAAM,GAAG,WAAW,SAAS,GAAG;AAAA,MAC9D,SAAS;AAAA,MACT,OAAO;AAAA,MACP,OAAO;AAAA,IACT,CAAC;AACD,YAAQ,IAAI,cAAc,MAAM,GAAG;AAAA,EACrC,SAAS,KAAK;AACZ,YAAQ,MAAM,kBAAkB,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC,EAAE;AAClF,YAAQ,MAAM,gCAAgC,WAAW,EAAE;AAC3D,YAAQ,KAAK,CAAC;AAAA,EAChB;AACF,CAAC;;;AIzCH,SAAS,WAAAC,iBAAe;AAajB,IAAM,gBAAgB,IAAIC,UAAQ,QAAQ,EAC9C,YAAY,iCAAiC,EAC7C,OAAO,iBAA+B;AACrC,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,KAAK,MAAM,OAAO,QAAoB,OAAO,aAAa;AAEhE,MAAI,UAAU,IAAI,MAAM,QAAQ;AAC9B,YAAQ,IAAI,KAAK,UAAU,IAAI,MAAM,CAAC,CAAC;AACvC;AAAA,EACF;AAEA,UAAQ,IAAI,mBAAmB,GAAG,SAAS,EAAE;AAC7C,MAAI,GAAG,MAAO,SAAQ,IAAI,mBAAmB,GAAG,KAAK,EAAE;AACvD,MAAI,GAAG,QAAS,SAAQ,IAAI,mBAAmB,GAAG,OAAO,EAAE;AAC3D,MAAI,GAAG,OAAQ,SAAQ,IAAI,mBAAmB,GAAG,MAAM,EAAE;AACzD,UAAQ,IAAI,mBAAmB,GAAG,cAAc,EAAE;AAClD,MAAI,GAAG,QAAQ,GAAG,KAAK,SAAS,GAAG;AACjC,YAAQ,IAAI,gBAAgB;AAC5B,eAAW,KAAK,GAAG,MAAM;AACvB,cAAQ,IAAI,KAAK,EAAE,IAAI,KAAK,EAAE,MAAM,YAAO,EAAE,IAAI,EAAE;AAAA,IACrD;AAAA,EACF;AACF,CAAC;;;ACnCH,SAAS,WAAAC,iBAAe;AAqBjB,IAAM,gBAAgB,IAAIC,UAAQ,QAAQ,EAC9C,YAAY,sDAAsD,EAClE,OAAO,iBAA+B;AACrC,QAAM,SAAS,WAAW;AAC1B,QAAM,WAAW,MAAM,gBAAgB;AACvC,QAAM,YAAY,iBAAiB,gBAAI,OAAO;AAI9C,MAAI,aAA6B;AACjC,MAAI,KAAwB;AAC5B,MAAI,UAAU;AACZ,QAAI;AACF,WAAK,MAAM,IAAI,UAAU,EAAE,QAAoB,OAAO,aAAa;AACnE,mBAAa;AAAA,IACf,SAAS,KAAK;AACZ,UAAI,eAAe,aAAa,IAAI,WAAW,OAAO,IAAI,WAAW,KAAM,cAAa;AAAA,IAC1F;AAAA,EACF;AAEA,QAAM,WAA2B;AAAA,IAC/B,WAAW;AAAA,IACX,aAAa;AAAA,IACb,SAAS,OAAO;AAAA,IAChB,WAAW,IAAI,aAAa;AAAA,IAC5B,OAAO,IAAI,SAAS;AAAA,IACpB,QAAQ,IAAI,UAAU;AAAA,IACtB,QAAQ,IAAI,kBAAkB;AAAA,IAC9B,KAAK,EAAE,SAAS,gBAAI,SAAS,QAAQ,UAAU;AAAA,EACjD;AAEA,MAAI,UAAU,IAAI,MAAM,QAAQ;AAC9B,YAAQ,IAAI,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAC7C;AAAA,EACF;AAEA,MAAI,CAAC,UAAU;AACb,YAAQ,IAAI,mCAAmC;AAC/C,YAAQ,IAAI,QAAQ,OAAO,OAAO,EAAE;AACpC,QAAI,UAAW,SAAQ,IAAI,QAAQ,gBAAI,OAAO,aAAa,SAAS,+BAA0B;AAC9F;AAAA,EACF;AAEA,QAAM,cACJ,eAAe,OACX,gBACA,eAAe,QACb,+DACA;AACR,UAAQ,IAAI,YAAY,IAAI,QAAQ,OAAO,GAAG,KAAK,KAAK,EAAE,WAAM,WAAW,EAAE;AAC7E,UAAQ,IAAI,QAAQ,OAAO,OAAO,EAAE;AACpC,MAAI,IAAI,UAAW,SAAQ,IAAI,SAAS,GAAG,SAAS,EAAE;AACtD,MAAI,IAAI,OAAQ,SAAQ,IAAI,QAAQ,GAAG,MAAM,EAAE;AAC/C,MAAI,IAAI,eAAgB,SAAQ,IAAI,WAAW,GAAG,cAAc,EAAE;AAClE,MAAI,UAAW,SAAQ,IAAI,QAAQ,gBAAI,OAAO,aAAa,SAAS,+BAA0B;AAChG,CAAC;;;ApCnDI,IAAM,UAAU,IAAIC,UAAQ,OAAO,EACvC,YAAY,iDAA4C,EACxD,QAAQ,gBAAI,OAAO,EACnB,OAAO,mBAAmB,aAAa,EACvC,OAAO,qBAAqB,gCAAgC,OAAO,EACnE,OAAO,UAAU,6BAA6B;AAEjD,QAAQ,WAAW,YAAY;AAC/B,QAAQ,WAAW,aAAa;AAChC,QAAQ,WAAW,aAAa;AAChC,QAAQ,WAAW,aAAa;AAChC,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,kBAAkB;AACrC,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,UAAU;AAC7B,QAAQ,WAAW,oBAAoB;AACvC,QAAQ,WAAW,wBAAwB;AAC3C,QAAQ,WAAW,yBAAyB;AAC5C,QAAQ,WAAW,kBAAkB;AACrC,QAAQ,WAAW,YAAY;AAC/B,QAAQ,WAAW,eAAe;AAClC,QAAQ,WAAW,YAAY;AAC/B,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,aAAa;AAChC,QAAQ,WAAW,cAAc;AACjC,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,YAAY;AAC/B,QAAQ,WAAW,aAAa;AAChC,QAAQ,WAAW,aAAa;;;AqCrDhC,SAAS,WAAAC,UAAS,UAAU,YAAY;AAMxC,IAAI,SAA8B;AAElC,SAAS,SAA6B;AACpC,MAAI,QAAQ,IAAI,0BAA0B,EAAG,QAAO;AACpD,SAAO,QAAQ,IAAI,sBAAsB,KAAK;AAChD;AAaO,SAAS,UAAqC,OAAU,MAAiB;AAC9E,QAAM,OAAO,KAAK,QAAQ,WAAW,EAAE;AACvC,MAAI,CAAC,KAAM,QAAO;AAClB,QAAM,KAAK,IAAI,OAAO,KAAK,QAAQ,uBAAuB,MAAM,IAAI,iBAAiB,GAAG;AACxF,QAAM,QAAQ,CAAC,MAAsB,EAAE,QAAQ,IAAI,GAAG;AACtD,aAAW,SAAS,MAAM,WAAW,UAAU,CAAC,GAAG;AACjD,QAAI,MAAM,MAAO,OAAM,QAAQ,MAAM,MAAM,KAAK;AAChD,eAAW,SAAS,MAAM,YAAY,UAAU,CAAC,GAAG;AAClD,UAAI,MAAM,SAAU,OAAM,WAAW,MAAM,MAAM,QAAQ;AACzD,UAAI,MAAM,SAAU,OAAM,WAAW,MAAM,MAAM,QAAQ;AAAA,IAC3D;AAAA,EACF;AACA,SAAO;AACT;AAOA,eAAsB,cAAcC,UAA6B,SAAgC;AAC/F,MAAI,OAAQ;AACZ,QAAM,MAAM,OAAO;AACnB,MAAI,CAAC,IAAK;AACV,MAAI;AACF,UAAM,MAAM,MAAM,OAAO,cAAc;AACvC,UAAM,OAAOC,SAAQ;AACrB,QAAI,KAAK;AAAA,MACP;AAAA,MACA,kBAAkB;AAAA,MAClB,SAAS,aAAa,OAAO;AAAA,MAC7B,aAAa;AAAA,MACb,qBAAqB;AAAA,MACrB,YAAY,CAAC,UAAU,UAAU,OAAO,IAAI;AAAA,IAC9C,CAAC;AACD,QAAI,OAAO,WAAWD,YAAW,SAAS;AAC1C,QAAI,OAAO,gBAAgB,QAAQ,OAAO;AAC1C,QAAI,OAAO,eAAe,SAAS,CAAC;AACpC,QAAI,OAAO,WAAW,KAAK,CAAC;AAC5B,aAAS;AAAA,EACX,QAAQ;AACN,aAAS;AAAA,EACX;AACF;AAGO,SAAS,iBAAiB,KAAoB;AACnD,MAAI,CAAC,OAAQ;AACb,MAAI,eAAe,YAAY,IAAI,WAAY;AAC/C,MAAI;AACF,WAAO,iBAAiB,GAAG;AAAA,EAC7B,QAAQ;AAAA,EAER;AACF;AAGA,eAAsB,iBAAgC;AACpD,MAAI,CAAC,OAAQ;AACb,MAAI;AACF,UAAM,OAAO,MAAM,GAAI;AAAA,EACzB,QAAQ;AAAA,EAER;AACA,WAAS;AACX;;;ACnFA,IAAM,oBAAoB,CAAC,aAAa,MAAM,UAAU,MAAM,QAAQ,QAAQ;AAC9E,IAAM,UAAU,QAAQ,KAAK,CAAC;AAE9B,eAAe,OAAsB;AACnC,QAAM,cAAc,SAAS,gBAAI,OAAO;AACxC,QAAM,QAAQ,WAAW;AACzB,MAAI,WAAW,CAAC,kBAAkB,SAAS,OAAO,GAAG;AACnD,oBAAgB,gBAAI,OAAO;AAAA,EAC7B;AACF;AAEA,KAAK,EACF,KAAK,MAAM,eAAe,CAAC,EAC3B,MAAM,OAAO,QAAQ;AACpB,iBAAe,GAAG;AAClB,mBAAiB,GAAG;AACpB,QAAM,eAAe;AACrB,UAAQ,KAAK,CAAC;AAChB,CAAC;","names":["Command","Command","Command","Command","readFileSync","Command","Command","Command","Command","Command","Command","readFileSync","Command","readFileSync","Command","Command","Command","Command","Command","Command","Command","readFileSync","Command","readFileSync","Command","Command","randomUUID","Command","Command","randomUUID","Command","Command","Command","Command","Command","Command","writeFileSync","Command","Command","Command","readFileSync","readFileSync","Command","Command","Command","Command","Command","Command","readFileSync","writeFileSync","mkdirSync","join","join","readFileSync","mkdirSync","writeFileSync","Command","Command","Command","Command","Command","Command","homedir","command","homedir"]}
1
+ {"version":3,"sources":["../src/program.ts","../src/commands/login.ts","../src/config.ts","../src/token-store.ts","../src/oauth.ts","../src/auth.ts","../src/pkce.ts","../src/env.ts","../src/commands/logout.ts","../src/errors.ts","../src/client.ts","../src/commands/databases.ts","../src/output.ts","../src/helpers.ts","../src/prompt.ts","../src/commands/collections.ts","../src/commands/documents.ts","../src/commands/sql.ts","../src/commands/relationships.ts","../src/commands/relationship-types.ts","../src/commands/query-relationships.ts","../src/commands/attachments.ts","../src/commands/hooks.ts","../src/commands/triggers.ts","../src/commands/endpoints.ts","../src/commands/batch.ts","../src/commands/providers.ts","../src/commands/tokens.ts","../src/commands/secrets.ts","../src/commands/admin.ts","../src/commands/report.ts","../src/commands/update.ts","../src/version.ts","../src/version-check.ts","../package.json","../src/commands/whoami.ts","../src/commands/status.ts","../src/telemetry.ts","../src/index.ts"],"sourcesContent":["import { Command } from 'commander';\nimport { loginCommand } from './commands/login.js';\nimport { logoutCommand } from './commands/logout.js';\nimport { databasesCommand } from './commands/databases.js';\nimport { collectionsCommand } from './commands/collections.js';\nimport { documentsCommand } from './commands/documents.js';\nimport { sqlCommand } from './commands/sql.js';\nimport { relationshipsCommand } from './commands/relationships.js';\nimport { relationshipTypesCommand } from './commands/relationship-types.js';\nimport { queryRelationshipsCommand } from './commands/query-relationships.js';\nimport { attachmentsCommand } from './commands/attachments.js';\nimport { hooksCommand } from './commands/hooks.js';\nimport { triggersCommand } from './commands/triggers.js';\nimport { endpointsCommand } from './commands/endpoints.js';\nimport { batchCommand } from './commands/batch.js';\nimport { providersCommand } from './commands/providers.js';\nimport { tokensCommand } from './commands/tokens.js';\nimport { secretsCommand } from './commands/secrets.js';\nimport { adminCommand } from './commands/admin.js';\nimport { reportCommand } from './commands/report.js';\nimport { updateCommand } from './commands/update.js';\nimport { whoamiCommand } from './commands/whoami.js';\nimport { statusCommand } from './commands/status.js';\nimport pkg from '../package.json' with { type: 'json' };\n\nexport const program = new Command('rekor')\n .description('Rekor CLI — System of Record for AI agents')\n .version(pkg.version)\n .option('--database <id>', 'Database ID')\n .option('--output <format>', 'Output format: json or table', 'table')\n .option('--json', 'Shorthand for --output json');\n\nprogram.addCommand(loginCommand);\nprogram.addCommand(logoutCommand);\nprogram.addCommand(whoamiCommand);\nprogram.addCommand(statusCommand);\nprogram.addCommand(databasesCommand);\nprogram.addCommand(collectionsCommand);\nprogram.addCommand(documentsCommand);\nprogram.addCommand(sqlCommand);\nprogram.addCommand(relationshipsCommand);\nprogram.addCommand(relationshipTypesCommand);\nprogram.addCommand(queryRelationshipsCommand);\nprogram.addCommand(attachmentsCommand);\nprogram.addCommand(hooksCommand);\nprogram.addCommand(triggersCommand);\nprogram.addCommand(batchCommand);\nprogram.addCommand(providersCommand);\nprogram.addCommand(tokensCommand);\nprogram.addCommand(secretsCommand);\nprogram.addCommand(endpointsCommand);\nprogram.addCommand(adminCommand);\nprogram.addCommand(reportCommand);\nprogram.addCommand(updateCommand);\n","import { Command } from 'commander';\nimport { login } from '../auth.js';\nimport { loadConfig, saveConfig } from '../config.js';\nimport {\n exchangeCodeForTokens,\n expiresInToIso,\n refreshTokenMissingWarning,\n startCallbackServer,\n getAuthKitDomain,\n getAuthKitClientId,\n OAUTH_CALLBACK_PORT,\n} from '../oauth.js';\nimport {\n generateCodeVerifier,\n generateCodeChallenge,\n generateState,\n} from '../pkce.js';\nimport { setOAuthTokens } from '../token-store.js';\nimport { isSSH } from '../env.js';\n\nconst FALLBACK_URL_DELAY_MS = 5_000;\n\nexport const loginCommand = new Command('login')\n .description('Authenticate with Rekor')\n .option('--token <token>', 'API key for headless/CI authentication (rec_...)')\n .option('--api-url <url>', 'API base URL')\n .action(async (opts: { token?: string; apiUrl?: string }) => {\n if (opts.token) {\n await login(opts.token, opts.apiUrl);\n console.log('Authenticated successfully');\n return;\n }\n\n // Let failures propagate to the top-level handler so the error prints cleanly and\n // telemetry flushes (a local process.exit here would bypass both).\n await browserLoginPkce(opts.apiUrl);\n console.log('Authenticated successfully');\n });\n\nasync function browserLoginPkce(apiUrl?: string): Promise<void> {\n const codeVerifier = generateCodeVerifier();\n const codeChallenge = generateCodeChallenge(codeVerifier);\n const state = generateState();\n\n const port = OAUTH_CALLBACK_PORT;\n const redirectUri = `http://127.0.0.1:${port}/callback`;\n\n const authkitDomain = getAuthKitDomain();\n const clientId = getAuthKitClientId();\n\n const authorizeUrl = new URL(`${authkitDomain}/oauth2/authorize`);\n authorizeUrl.searchParams.set('client_id', clientId);\n authorizeUrl.searchParams.set('redirect_uri', redirectUri);\n authorizeUrl.searchParams.set('response_type', 'code');\n authorizeUrl.searchParams.set('code_challenge', codeChallenge);\n authorizeUrl.searchParams.set('code_challenge_method', 'S256');\n authorizeUrl.searchParams.set('state', state);\n // offline_access asks AuthKit to issue a refresh_token alongside the access_token —\n // without it the CLI would re-prompt every ~1h when the access token expires.\n authorizeUrl.searchParams.set('scope', 'openid profile email offline_access');\n\n // Start the callback server first so the redirect can land.\n const callbackPromise = startCallbackServer(port, state);\n\n let fallbackTimer: ReturnType<typeof setTimeout> | undefined;\n if (isSSH()) {\n // No usable browser over SSH — print the URL up front instead of auto-opening.\n console.log('SSH session detected. Open this URL in a browser to authenticate:');\n console.log(authorizeUrl.toString());\n } else {\n console.log('Opening browser for authentication...');\n const open = await import('open').then(m => m.default);\n\n // open() resolves on spawn, not browser launch — print a fallback URL after a delay.\n let fallbackPrinted = false;\n fallbackTimer = setTimeout(() => {\n fallbackPrinted = true;\n console.log(`If the browser didn't open, visit: ${authorizeUrl.toString()}`);\n }, FALLBACK_URL_DELAY_MS);\n\n open(authorizeUrl.toString()).catch(() => {\n if (fallbackPrinted) return;\n clearTimeout(fallbackTimer);\n console.log('Could not open browser automatically.');\n console.log(`Visit: ${authorizeUrl.toString()}`);\n });\n }\n\n let code: string;\n try {\n ({ code } = await callbackPromise);\n } finally {\n if (fallbackTimer) clearTimeout(fallbackTimer);\n }\n\n const tokens = await exchangeCodeForTokens(authkitDomain, clientId, code, codeVerifier, redirectUri);\n const expiresAt = expiresInToIso(tokens.expires_in);\n await setOAuthTokens(tokens.access_token, tokens.refresh_token, expiresAt);\n\n const noRefreshWarning = refreshTokenMissingWarning(tokens.refresh_token);\n if (noRefreshWarning) console.warn(noRefreshWarning);\n\n const config = loadConfig();\n saveConfig({\n ...config,\n api_url: apiUrl ?? config.api_url,\n });\n}\n","import { readFileSync, writeFileSync, mkdirSync } from 'fs';\nimport { join } from 'path';\nimport { homedir } from 'os';\n\nconst CONFIG_DIR = join(homedir(), '.config', 'rekor');\nconst CONFIG_FILE = join(CONFIG_DIR, 'config.json');\n\n// A freshly-installed CLI talks to production by default. Local development opts out\n// with REKOR_API_URL=http://localhost:8787 (the dev knob, per CLAUDE.md).\nconst DEFAULT_API_URL = 'https://api.rekor.pro';\n\nexport interface Config {\n api_url: string;\n default_database?: string;\n org_id?: string;\n}\n\ninterface ConfigFile extends Config {\n // Tokens may linger here from older CLI versions until token-store migrates them.\n token?: string;\n [key: string]: unknown;\n}\n\nexport function loadConfig(): Config {\n const envUrl = process.env['REKOR_API_URL'];\n\n try {\n const raw = readFileSync(CONFIG_FILE, 'utf-8');\n const stored = JSON.parse(raw) as ConfigFile;\n return {\n api_url: envUrl ?? stored.api_url ?? DEFAULT_API_URL,\n default_database: stored.default_database,\n org_id: stored.org_id,\n };\n } catch {\n return {\n api_url: envUrl ?? DEFAULT_API_URL,\n };\n }\n}\n\nexport function saveConfig(config: Config): void {\n mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });\n let existing: ConfigFile = {} as ConfigFile;\n try {\n existing = JSON.parse(readFileSync(CONFIG_FILE, 'utf-8')) as ConfigFile;\n } catch {\n existing = {} as ConfigFile;\n }\n const merged: ConfigFile = { ...existing, ...config };\n writeFileSync(CONFIG_FILE, JSON.stringify(merged, null, 2), { mode: 0o600 });\n}\n\nexport { CONFIG_DIR, CONFIG_FILE };\n","import * as fs from 'node:fs';\nimport { CONFIG_DIR, CONFIG_FILE } from './config.js';\n\nconst KEYRING_SERVICE = 'rekor';\nconst KEY_REC = 'rec_token';\nconst KEY_OAUTH_ACCESS = 'oauth_access_token';\nconst KEY_OAUTH_REFRESH = 'oauth_refresh_token';\n\ninterface KeyringBinding {\n getPassword(service: string, account: string): Promise<string | null>;\n setPassword(service: string, account: string, password: string): Promise<void>;\n deletePassword(service: string, account: string): Promise<boolean>;\n}\n\nlet keyringCache: KeyringBinding | null | undefined;\n\nasync function getKeyring(): Promise<KeyringBinding | null> {\n if (keyringCache !== undefined) return keyringCache;\n try {\n const mod = await import('@napi-rs/keyring');\n const Entry = mod.Entry;\n keyringCache = {\n async getPassword(service, account) {\n try { return new Entry(service, account).getPassword(); } catch { return null; }\n },\n async setPassword(service, account, password) {\n new Entry(service, account).setPassword(password);\n },\n async deletePassword(service, account) {\n try { return new Entry(service, account).deletePassword(); } catch { return false; }\n },\n };\n } catch {\n keyringCache = null;\n }\n return keyringCache;\n}\n\nfunction manualCleanupCommand(account: string): string {\n if (process.platform === 'darwin') {\n return `security delete-generic-password -s ${KEYRING_SERVICE} -a ${account}`;\n }\n if (process.platform === 'win32') {\n return `cmdkey /delete:${KEYRING_SERVICE}/${account}`;\n }\n if (process.platform === 'linux') {\n return `secret-tool clear service ${KEYRING_SERVICE} account ${account}`;\n }\n return `(remove service=\"${KEYRING_SERVICE}\" account=\"${account}\" from your OS credential store)`;\n}\n\ninterface LegacyConfigFile {\n api_url?: string;\n token?: string;\n access_token?: string;\n refresh_token?: string;\n token_expires_at?: string;\n default_database?: string;\n org_id?: string;\n [key: string]: unknown;\n}\n\nfunction readConfigFile(): LegacyConfigFile | null {\n if (!fs.existsSync(CONFIG_FILE)) return null;\n try {\n return JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf-8')) as LegacyConfigFile;\n } catch {\n return null;\n }\n}\n\nfunction writeConfigFile(data: LegacyConfigFile): void {\n if (!fs.existsSync(CONFIG_DIR)) {\n fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });\n }\n fs.writeFileSync(CONFIG_FILE, JSON.stringify(data, null, 2), { mode: 0o600 });\n}\n\n// Delete reported success but get still returned a value — the keychain ignored the delete.\nexport class StaleKeyringSlotError extends Error {\n constructor(public readonly account: string) {\n super(\n `Stale credential remains in OS keychain slot \"${account}\" after delete. ` +\n `Clean it up manually and retry:\\n ${manualCleanupCommand(account)}`,\n );\n this.name = 'StaleKeyringSlotError';\n }\n}\n\nasync function clearSlot(keyring: KeyringBinding, account: string): Promise<boolean> {\n await keyring.deletePassword(KEYRING_SERVICE, account);\n try {\n return (await keyring.getPassword(KEYRING_SERVICE, account)) === null;\n } catch {\n return false;\n }\n}\n\nexport type ResolvedToken =\n | { kind: 'rec'; token: string }\n | { kind: 'oauth'; access_token: string; refresh_token?: string; expires_at?: string };\n\nfunction stripTokenFieldsFromFile(): void {\n const existing = readConfigFile();\n if (!existing) return;\n if (existing.token === undefined && existing.access_token === undefined && existing.refresh_token === undefined) return;\n delete existing.token;\n delete existing.access_token;\n delete existing.refresh_token;\n writeConfigFile(existing);\n}\n\nfunction readMetadataExpiresAt(): string | undefined {\n return readConfigFile()?.token_expires_at;\n}\n\nfunction writeMetadataExpiresAt(value: string | undefined): void {\n const existing = readConfigFile() ?? {};\n if (value === undefined) {\n delete existing.token_expires_at;\n } else {\n existing.token_expires_at = value;\n }\n writeConfigFile(existing);\n}\n\nasync function migrateLegacyFileToken(keyring: KeyringBinding | null): Promise<ResolvedToken | null> {\n const existing = readConfigFile();\n if (!existing) return null;\n\n // Prefer OAuth fields if present (newer file-fallback format), else legacy `token`.\n if (existing.access_token) {\n const out: ResolvedToken = {\n kind: 'oauth',\n access_token: existing.access_token,\n refresh_token: existing.refresh_token,\n expires_at: existing.token_expires_at,\n };\n if (keyring) {\n try {\n // Keyring wins on conflict — only migrate if slots are empty.\n const accessExisting = await keyring.getPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS);\n if (!accessExisting) {\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS, existing.access_token);\n if (existing.refresh_token) {\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_REFRESH, existing.refresh_token);\n }\n }\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip legacy OAuth tokens from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n } catch (err) {\n console.warn(`rekor: OAuth migration to keychain failed (${(err as Error).message}); continuing with file-backed.`);\n }\n }\n return out;\n }\n\n if (existing.token) {\n const token = existing.token;\n if (!keyring) return { kind: 'rec', token };\n try {\n const recExisting = await keyring.getPassword(KEYRING_SERVICE, KEY_REC);\n if (recExisting) {\n // Keyring wins — strip stale file copy.\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip stale token from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n return null;\n }\n await keyring.setPassword(KEYRING_SERVICE, KEY_REC, token);\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip legacy token from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n } catch (err) {\n console.warn(`rekor: keychain migration failed (${(err as Error).message}); continuing with file-backed token.`);\n }\n return { kind: 'rec', token };\n }\n\n return null;\n}\n\n// Read order: REKOR_TOKEN env → rec_ slot → OAuth slot. rec_ wins so an OAuth fallback can't silently switch identities.\nexport async function getResolvedToken(): Promise<ResolvedToken | null> {\n const envToken = process.env['REKOR_TOKEN'];\n if (envToken) {\n // Always rec-kind — preserves `REKOR_TOKEN=dev` for DEV_BYPASS_AUTH and avoids the OAuth refresh path on plain strings.\n return { kind: 'rec', token: envToken };\n }\n\n const keyring = await getKeyring();\n const migrated = await migrateLegacyFileToken(keyring);\n if (migrated) return migrated;\n\n if (keyring) {\n // All three slots in parallel — rec_ wins read precedence but probing sequentially would block on empty slots.\n const [rec, access, refresh] = await Promise.all([\n keyring.getPassword(KEYRING_SERVICE, KEY_REC),\n keyring.getPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS),\n keyring.getPassword(KEYRING_SERVICE, KEY_OAUTH_REFRESH),\n ]);\n if (rec) return { kind: 'rec', token: rec };\n if (access) {\n const out: ResolvedToken = { kind: 'oauth', access_token: access };\n if (refresh) out.refresh_token = refresh;\n const expiresAt = readMetadataExpiresAt();\n if (expiresAt) out.expires_at = expiresAt;\n return out;\n }\n }\n\n return null;\n}\n\n// Backwards-compatible single-string accessor for callers that don't need the kind.\nexport async function getToken(): Promise<string | null> {\n const resolved = await getResolvedToken();\n if (!resolved) return null;\n return resolved.kind === 'rec' ? resolved.token : resolved.access_token;\n}\n\nexport async function setToken(token: string): Promise<void> {\n await setRecToken(token);\n}\n\nexport async function setRecToken(token: string): Promise<void> {\n const keyring = await getKeyring();\n if (keyring) {\n try {\n // Clear OAuth slots first — a stale OAuth would survive `rekor logout` and confuse mode-switch debugging.\n const [accessCleared, refreshCleared] = await Promise.all([\n clearSlot(keyring, KEY_OAUTH_ACCESS),\n clearSlot(keyring, KEY_OAUTH_REFRESH),\n ]);\n const stuck = [\n accessCleared ? null : KEY_OAUTH_ACCESS,\n refreshCleared ? null : KEY_OAUTH_REFRESH,\n ].filter((a): a is string => a !== null);\n if (stuck.length > 0) {\n console.warn(\n [\n `rekor: stale OAuth credential remains in OS keychain after delete. Commands work but logout won't fully clear. Manually:`,\n ...stuck.map(a => ` ${manualCleanupCommand(a)}`),\n ].join('\\n'),\n );\n }\n await keyring.setPassword(KEYRING_SERVICE, KEY_REC, token);\n writeMetadataExpiresAt(undefined);\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip stale tokens from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n return;\n } catch (err) {\n if (err instanceof StaleKeyringSlotError) throw err;\n console.warn(`rekor: keychain write failed (${(err as Error).message}); falling back to file storage.`);\n }\n }\n const existing = readConfigFile() ?? {};\n delete existing.access_token;\n delete existing.refresh_token;\n delete existing.token_expires_at;\n existing.token = token;\n writeConfigFile(existing);\n}\n\nexport async function setOAuthTokens(\n accessToken: string,\n refreshToken: string | undefined,\n expiresAt: string,\n): Promise<void> {\n const keyring = await getKeyring();\n if (keyring) {\n try {\n // rec_ wins the read race — a leftover would mask new OAuth tokens; verify empty after delete and fail loudly.\n if (!(await clearSlot(keyring, KEY_REC))) {\n throw new StaleKeyringSlotError(KEY_REC);\n }\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_ACCESS, accessToken);\n if (refreshToken) {\n await keyring.setPassword(KEYRING_SERVICE, KEY_OAUTH_REFRESH, refreshToken);\n } else {\n // Best-effort clear of any stale refresh slot when the new pair has none.\n await clearSlot(keyring, KEY_OAUTH_REFRESH);\n }\n writeMetadataExpiresAt(expiresAt);\n try { stripTokenFieldsFromFile(); } catch (err) {\n console.warn(`rekor: failed to strip stale tokens from ${CONFIG_FILE} (${(err as Error).message}).`);\n }\n return;\n } catch (err) {\n // StaleKeyringSlotError propagates — file fallback won't help if the keyring still holds rec_.\n if (err instanceof StaleKeyringSlotError) throw err;\n console.warn(`rekor: keychain write failed (${(err as Error).message}); falling back to file storage.`);\n }\n }\n const existing = readConfigFile() ?? {};\n delete existing.token;\n existing.access_token = accessToken;\n if (refreshToken) existing.refresh_token = refreshToken;\n existing.token_expires_at = expiresAt;\n writeConfigFile(existing);\n}\n\nexport async function clearToken(): Promise<void> {\n await clearAllTokens();\n}\n\nexport async function clearAllTokens(): Promise<void> {\n const keyring = await getKeyring();\n if (keyring) {\n const slots = [KEY_REC, KEY_OAUTH_ACCESS, KEY_OAUTH_REFRESH] as const;\n const cleared = await Promise.all(slots.map(s => clearSlot(keyring, s)));\n for (const [i, ok] of cleared.entries()) {\n if (!ok) {\n const account = slots[i]!;\n console.warn(\n `rekor: could not clear keychain slot \"${account}\". Subsequent commands may still pick the stale token. Manually:\\n ${manualCleanupCommand(account)}`,\n );\n }\n }\n }\n const existing = readConfigFile();\n if (existing) {\n let dirty = false;\n for (const k of ['token', 'access_token', 'refresh_token', 'token_expires_at'] as const) {\n if (existing[k] !== undefined) {\n delete existing[k];\n dirty = true;\n }\n }\n if (dirty) writeConfigFile(existing);\n }\n}\n\nexport function __setKeyringForTesting(binding: KeyringBinding | null): void {\n keyringCache = binding;\n}\n\nexport function __resetKeyringForTesting(): void {\n keyringCache = undefined;\n}\n","import * as http from 'node:http';\n\n// Fixed port for the OAuth redirect URI — must match what's registered in WorkOS AuthKit.\nexport const OAUTH_CALLBACK_PORT = 3927;\n\nconst DEFAULT_AUTHKIT_DOMAIN = 'https://engaging-tip-62.authkit.app';\nconst DEFAULT_AUTHKIT_CLIENT_ID = 'client_01KSMZJ6YN7VAKTP2BW41V56SZ';\n\nexport function getAuthKitDomain(): string {\n return process.env['REKOR_AUTHKIT_DOMAIN'] || DEFAULT_AUTHKIT_DOMAIN;\n}\n\nexport function getAuthKitClientId(): string {\n return process.env['REKOR_AUTHKIT_CLIENT_ID'] || DEFAULT_AUTHKIT_CLIENT_ID;\n}\n\nexport interface TokenResponse {\n access_token: string;\n refresh_token?: string;\n expires_in: number;\n}\n\nexport function expiresInToIso(expiresInSeconds: number): string {\n return new Date(Date.now() + expiresInSeconds * 1000).toISOString();\n}\n\n// AuthKit only returns a refresh_token when the app is configured to issue them (offline_access).\n// Without one, the short-lived access token can't be silently renewed — the session dies within\n// minutes and every command fails until the next `rekor login`. Surface that at login time rather\n// than letting the user discover it via a confusing mid-session auth failure.\nexport function refreshTokenMissingWarning(refreshToken: string | undefined): string | null {\n if (refreshToken) return null;\n return (\n 'Signed in, but no refresh token was issued — this session will expire shortly and you will ' +\n 'need to run `rekor login` again. Enable refresh tokens (offline_access) on the WorkOS AuthKit ' +\n 'application to keep CLI sessions alive.'\n );\n}\n\nfunction asTokenResponse(value: unknown): TokenResponse {\n if (typeof value !== 'object' || value === null) {\n throw new Error('AuthKit returned a non-object token payload');\n }\n const v = value as Partial<TokenResponse>;\n if (typeof v.access_token !== 'string' || typeof v.expires_in !== 'number') {\n throw new Error('AuthKit token payload missing required fields');\n }\n const out: TokenResponse = { access_token: v.access_token, expires_in: v.expires_in };\n if (typeof v.refresh_token === 'string') out.refresh_token = v.refresh_token;\n return out;\n}\n\nexport async function exchangeCodeForTokens(\n authkitDomain: string,\n clientId: string,\n code: string,\n codeVerifier: string,\n redirectUri: string,\n): Promise<TokenResponse> {\n const response = await fetch(`${authkitDomain}/oauth2/token`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: new URLSearchParams({\n grant_type: 'authorization_code',\n code,\n code_verifier: codeVerifier,\n redirect_uri: redirectUri,\n client_id: clientId,\n }).toString(),\n });\n\n if (!response.ok) {\n const body = await response.text();\n throw new Error(`Token exchange failed (${response.status}): ${body}`);\n }\n\n return asTokenResponse(await response.json());\n}\n\nexport class SessionExpiredError extends Error {\n constructor() {\n super('SESSION_EXPIRED');\n this.name = 'SessionExpiredError';\n }\n}\n\nexport async function refreshAccessToken(\n authkitDomain: string,\n clientId: string,\n refreshToken: string,\n): Promise<TokenResponse> {\n const response = await fetch(`${authkitDomain}/oauth2/token`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: new URLSearchParams({\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n client_id: clientId,\n }).toString(),\n });\n\n if (!response.ok) {\n const status = response.status;\n const body = await response.text();\n\n if (status === 400 || status === 401) {\n try {\n const parsed = JSON.parse(body) as { error?: string };\n if (parsed.error === 'invalid_grant') throw new SessionExpiredError();\n } catch (err) {\n if (err instanceof SessionExpiredError) throw err;\n // Non-JSON body — fall through to generic error.\n }\n }\n\n throw new Error(`Token refresh failed (${status}): ${body}`);\n }\n\n return asTokenResponse(await response.json());\n}\n\nexport function startCallbackServer(\n port: number,\n expectedState: string,\n timeoutMs: number = 120_000,\n): Promise<{ code: string }> {\n return new Promise((resolve, reject) => {\n let handled = false;\n const server = http.createServer((req, res) => {\n const url = new URL(req.url || '/', `http://127.0.0.1:${port}`);\n if (url.pathname !== '/callback') {\n res.writeHead(404);\n res.end();\n return;\n }\n\n if (handled) {\n res.writeHead(409);\n res.end();\n return;\n }\n\n const code = url.searchParams.get('code');\n const state = url.searchParams.get('state');\n const error = url.searchParams.get('error');\n const errorDescription = url.searchParams.get('error_description');\n\n if (error) {\n handled = true;\n res.writeHead(400, { 'Content-Type': 'text/html' });\n res.end(errorPage(errorDescription || error));\n cleanup();\n reject(new Error(`OAuth error: ${errorDescription || error}`));\n return;\n }\n\n if (state !== expectedState) {\n handled = true;\n res.writeHead(400, { 'Content-Type': 'text/html' });\n res.end(errorPage('Invalid state parameter'));\n cleanup();\n reject(new Error('OAuth state mismatch — possible CSRF attempt'));\n return;\n }\n\n if (!code) {\n handled = true;\n res.writeHead(400, { 'Content-Type': 'text/html' });\n res.end(errorPage('No authorization code received'));\n cleanup();\n reject(new Error('No authorization code received'));\n return;\n }\n\n handled = true;\n res.writeHead(200, { 'Content-Type': 'text/html' });\n res.end(successPage());\n cleanup();\n resolve({ code });\n });\n\n const timeout = setTimeout(() => {\n cleanup();\n reject(new Error('Timed out waiting for login. Run `rekor login` again.'));\n }, timeoutMs);\n\n function cleanup(): void {\n clearTimeout(timeout);\n server.close();\n }\n\n server.on('error', (err: NodeJS.ErrnoException) => {\n cleanup();\n if (err.code === 'EADDRINUSE') {\n reject(new Error(`Port ${port} is in use. Close the other process and retry.`));\n } else {\n reject(err);\n }\n });\n\n server.listen(port, '127.0.0.1');\n });\n}\n\nfunction successPage(): string {\n return `<!DOCTYPE html>\n<html><head><title>Rekor CLI</title></head>\n<body style=\"font-family: system-ui, sans-serif; display: flex; align-items: center; justify-content: center; min-height: 100vh; margin: 0; background: #fafafa;\">\n <div style=\"text-align: center;\">\n <h1 style=\"font-size: 1.25rem; font-weight: 600;\">Authentication successful</h1>\n <p style=\"color: #666; margin-top: 0.5rem;\">You can close this tab and return to your terminal.</p>\n </div>\n</body></html>`;\n}\n\n// `message` comes from OAuth redirect params — encode so a compromised IdP can't inject HTML into the localhost page.\nfunction escapeHtml(input: string): string {\n return input\n .replace(/&/g, '&amp;')\n .replace(/</g, '&lt;')\n .replace(/>/g, '&gt;')\n .replace(/\"/g, '&quot;')\n .replace(/'/g, '&#39;');\n}\n\nfunction errorPage(message: string): string {\n return `<!DOCTYPE html>\n<html><head><title>Rekor CLI</title></head>\n<body style=\"font-family: system-ui, sans-serif; display: flex; align-items: center; justify-content: center; min-height: 100vh; margin: 0; background: #fafafa;\">\n <div style=\"text-align: center;\">\n <h1 style=\"font-size: 1.25rem; font-weight: 600; color: #dc2626;\">Authentication failed</h1>\n <p style=\"color: #666; margin-top: 0.5rem;\">${escapeHtml(message)}</p>\n </div>\n</body></html>`;\n}\n","import { loadConfig, saveConfig } from './config.js';\nimport { getResolvedToken, setRecToken, setOAuthTokens, clearAllTokens, type ResolvedToken } from './token-store.js';\nimport { refreshAccessToken, expiresInToIso, getAuthKitDomain, getAuthKitClientId, SessionExpiredError } from './oauth.js';\n\n/** Persist a pasted rec_ token (CI / headless path). */\nexport async function login(token: string, apiUrl?: string): Promise<void> {\n await setRecToken(token);\n const config = loadConfig();\n saveConfig({\n ...config,\n api_url: apiUrl ?? config.api_url,\n });\n}\n\nconst REFRESH_LEEWAY_MS = 60_000;\n\n// Returns a valid access token; silently refreshes OAuth tokens within 60s of expiry.\nexport async function getAccessToken(): Promise<string | null> {\n const resolved = await getResolvedToken();\n if (!resolved) return null;\n\n if (resolved.kind === 'rec') return resolved.token;\n\n // OAuth path — refresh if near expiry. Missing/unparseable expires_at: assume valid, let the API surface a real 401.\n const expiresAtMs = resolved.expires_at ? new Date(resolved.expires_at).getTime() : Number.NaN;\n if (!Number.isFinite(expiresAtMs) || expiresAtMs > Date.now() + REFRESH_LEEWAY_MS) {\n return resolved.access_token;\n }\n if (!resolved.refresh_token) {\n throw new Error('Access token expired and no refresh token available. Run `rekor login` again.');\n }\n\n try {\n const result = await refreshAccessToken(getAuthKitDomain(), getAuthKitClientId(), resolved.refresh_token);\n const newExpiresAt = expiresInToIso(result.expires_in);\n await setOAuthTokens(result.access_token, result.refresh_token ?? resolved.refresh_token, newExpiresAt);\n return result.access_token;\n } catch (err) {\n if (err instanceof SessionExpiredError) {\n await clearAllTokens();\n throw new Error('Session expired. Run `rekor login` again.');\n }\n throw err;\n }\n}\n\n/** Auth kind for the current credential, without resolving the token itself. Used by logout to decide if it should call the revoke endpoint. */\nexport async function currentAuthKind(): Promise<ResolvedToken['kind'] | null> {\n const resolved = await getResolvedToken();\n return resolved?.kind ?? null;\n}\n\nexport async function isAuthenticated(): Promise<boolean> {\n return (await getResolvedToken()) !== null;\n}\n","import * as crypto from 'node:crypto';\n\nexport function generateCodeVerifier(): string {\n return crypto.randomBytes(32).toString('base64url');\n}\n\nexport function generateCodeChallenge(verifier: string): string {\n return crypto.createHash('sha256').update(verifier).digest().toString('base64url');\n}\n\nexport function generateState(): string {\n return crypto.randomBytes(16).toString('base64url');\n}\n","/** Environment detection helpers for adapting CLI UX to CI, pipes, and remote sessions. */\n\nexport function isCI(): boolean {\n return Boolean(process.env['CI']);\n}\n\n/** True when both stdin and stdout are TTYs — safe to render interactive prompts. */\nexport function isInteractive(): boolean {\n return Boolean(process.stdin.isTTY && process.stdout.isTTY);\n}\n\n/** True when running inside an SSH session — browser auto-open won't reach the user. */\nexport function isSSH(): boolean {\n return Boolean(process.env['SSH_CONNECTION'] || process.env['SSH_TTY']);\n}\n","import { Command } from 'commander';\nimport { clearAllTokens } from '../token-store.js';\nimport { currentAuthKind } from '../auth.js';\nimport { ApiClient } from '../client.js';\n\nexport const logoutCommand = new Command('logout')\n .description('Remove stored authentication credentials')\n .action(async () => {\n const kind = await currentAuthKind();\n\n // For OAuth sessions, ask the backend to revoke the WorkOS session so cross-device\n // logout works. Best-effort — errors don't block local credential cleanup.\n if (kind === 'oauth') {\n try {\n const client = new ApiClient();\n await client.request('POST', '/v1/auth/logout');\n } catch (err) {\n console.warn(`rekor: server-side logout failed (${err instanceof Error ? err.message : 'unknown'}); clearing local credentials anyway.`);\n }\n }\n\n await clearAllTokens();\n console.log('Logged out successfully');\n });\n","/** Error raised by the API client carrying the HTTP status so callers can branch and hint. */\nexport class ApiError extends Error {\n constructor(\n public readonly status: number,\n message: string,\n public readonly code?: string,\n public readonly body?: unknown,\n /** Base URL the failing request was sent to — lets hints name which backend rejected. */\n public readonly baseUrl?: string,\n ) {\n super(message);\n this.name = 'ApiError';\n }\n\n /** 4xx are user-facing (bad input, auth, quota) — not bugs worth reporting. */\n get isExpected(): boolean {\n return this.status >= 400 && this.status < 500;\n }\n}\n\n/**\n * A 401 can mean two very different things: the session genuinely expired, or the token is valid\n * but for a different environment than the backend you're pointed at trusts (e.g. a production\n * login hitting the dev backend). The backend tags the latter with `details.reason ===\n * 'issuer_not_trusted'`; we also fall back to the message text so older backends still trigger\n * the right hint. Telling these apart matters because \"run `rekor login`\" can never fix a\n * wrong-environment mismatch — it just re-mints a token the same backend still won't accept.\n */\nfunction issuerMismatch(err: ApiError): { expectedIssuer?: string } | null {\n const details = (err.body as { error?: { details?: unknown } } | undefined)?.error?.details;\n if (details && typeof details === 'object' && (details as { reason?: unknown }).reason === 'issuer_not_trusted') {\n const expected = (details as { expected_issuer?: unknown }).expected_issuer;\n return { expectedIssuer: typeof expected === 'string' ? expected : undefined };\n }\n if (/issuer not recognized|signing key not found/i.test(err.message)) return {};\n return null;\n}\n\n/** A short actionable line for a known failure, or null when the raw message is enough. */\nexport function friendlyHint(err: unknown): string | null {\n if (!(err instanceof ApiError)) return null;\n switch (err.status) {\n case 401: {\n const at = err.baseUrl ? ` at ${err.baseUrl}` : '';\n const mismatch = issuerMismatch(err);\n if (mismatch) {\n const trusts = mismatch.expectedIssuer ? ` It trusts tokens from ${mismatch.expectedIssuer}.` : '';\n return (\n `The backend${at} does not recognize your token's issuer — your login likely belongs to a ` +\n `different environment than this backend.${trusts} Check REKOR_API_URL (and your configured ` +\n 'api_url), then run `rekor login` against the matching environment.'\n );\n }\n return `Authentication failed or session expired${at}. Run \\`rekor login\\`.`;\n }\n case 402:\n return 'Quota exceeded for your plan. Review usage or upgrade your plan.';\n case 403:\n return 'Access denied. Your token may lack permission for this resource.';\n case 429:\n return 'Rate limited. Wait a moment and try again.';\n default:\n if (err.status >= 500) return 'Rekor server error. Try again shortly.';\n return null;\n }\n}\n\n/** Print a clean `Error: …` line plus a hint when we have one. Never prints a stack trace. */\nexport function handleCliError(err: unknown): void {\n const message = err instanceof Error ? err.message : String(err);\n console.error(`Error: ${message}`);\n const hint = friendlyHint(err);\n if (hint) console.error(hint);\n}\n","import { loadConfig } from './config.js';\nimport { getAccessToken } from './auth.js';\nimport { ApiError } from './errors.js';\n\nexport class ApiClient {\n readonly baseUrl: string;\n private _tokenPromise: Promise<string | null> | undefined;\n\n constructor() {\n const config = loadConfig();\n this.baseUrl = config.api_url;\n }\n\n private getToken(): Promise<string | null> {\n if (!this._tokenPromise) this._tokenPromise = getAccessToken();\n return this._tokenPromise;\n }\n\n private async authHeaders(): Promise<Record<string, string>> {\n const token = await this.getToken();\n return token ? { 'Authorization': `Bearer ${token}` } : {};\n }\n\n async request<T = unknown>(method: string, path: string, body?: unknown): Promise<T> {\n const res = await fetch(`${this.baseUrl}${path}`, {\n method,\n headers: {\n ...(await this.authHeaders()),\n 'Content-Type': 'application/json',\n },\n body: body ? JSON.stringify(body) : undefined,\n });\n\n // Read the body once as text — error/204 responses may be empty or non-JSON, and\n // an unconditional res.json() would throw before we can map the status to an ApiError.\n const text = await res.text();\n let parsed: { data?: T; error?: { message?: string; code?: string } } | undefined;\n if (text) {\n try {\n parsed = JSON.parse(text) as typeof parsed;\n } catch {\n parsed = undefined;\n }\n }\n\n if (!res.ok) {\n throw new ApiError(\n res.status,\n parsed?.error?.message ?? `HTTP ${res.status}`,\n parsed?.error?.code,\n parsed,\n this.baseUrl,\n );\n }\n return parsed?.data as T;\n }\n\n async uploadFile(url: string, body: BodyInit, contentType: string): Promise<void> {\n const res = await fetch(url, {\n method: 'PUT',\n headers: {\n ...(await this.authHeaders()),\n 'Content-Type': contentType,\n },\n body,\n });\n if (!res.ok) {\n throw new ApiError(res.status, `Upload failed: HTTP ${res.status}`);\n }\n }\n}\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const databasesCommand = new Command('databases')\n .description('Manage databases');\n\ndatabasesCommand.command('list')\n .description('List all databases')\n .option('--tag <tag>', 'Filter by tag')\n .action(async function (this: Command, opts: { tag?: string }) {\n const client = new ApiClient();\n const qs = opts.tag ? `?tag=${encodeURIComponent(opts.tag)}` : '';\n const data = await client.request('GET', `/v1/databases${qs}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('get <id>')\n .description('Get a database')\n .action(async function (this: Command, id: string) {\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/databases/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('create <id>')\n .description('Create a database')\n .requiredOption('--name <name>', 'Database name')\n .option('--description <desc>', 'Description')\n .option('--tags <tags>', 'Comma-separated tags (e.g., client:acme,billing)')\n .action(async function (this: Command, id: string, opts: { name: string; description?: string; tags?: string }) {\n const client = new ApiClient();\n const body: Record<string, unknown> = {\n name: opts.name,\n description: opts.description,\n };\n if (opts.tags) {\n body['tags'] = opts.tags.split(',').map(t => t.trim());\n }\n const data = await client.request('PUT', `/v1/databases/${id}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('tag <id>')\n .description('Set tags on a database')\n .requiredOption('--tags <tags>', 'Comma-separated tags (e.g., client:acme,billing)')\n .action(async function (this: Command, id: string, opts: { tags: string }) {\n const client = new ApiClient();\n const data = await client.request('PUT', `/v1/databases/${id}`, {\n tags: opts.tags.split(',').map(t => t.trim()),\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('delete <id>')\n .description('Delete a database')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async (id: string, opts: { yes?: boolean }) => {\n if (!opts.yes && !(await confirm(`Delete database \"${id}\"? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const client = new ApiClient();\n await client.request('DELETE', `/v1/databases/${id}`);\n console.log('Deleted');\n });\n\n// --- Environment commands ---\n\ndatabasesCommand.command('create-preview <production-id>')\n .description('Create a preview database linked to a production database')\n .requiredOption('--name <name>', 'Preview database name')\n .option('--description <desc>', 'Description')\n .action(async function (this: Command, productionId: string, opts: { name: string; description?: string }) {\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${productionId}/preview`, {\n name: opts.name,\n description: opts.description,\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('list-previews <production-id>')\n .description('List preview databases for a production database')\n .action(async function (this: Command, productionId: string) {\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${productionId}/previews`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('promote <production-id>')\n .description('Promote config from a preview database to production (human-only)')\n .requiredOption('--from <preview-id>', 'Source preview database ID')\n .option('--dry-run', 'Show what would change without applying')\n .option('--collections <ids>', 'Comma-separated collection IDs to promote', (v: string) => v.split(','))\n .option('--triggers <ids>', 'Comma-separated trigger IDs to promote', (v: string) => v.split(','))\n .option('--hooks <ids>', 'Comma-separated hook IDs to promote', (v: string) => v.split(','))\n .action(async function (\n this: Command,\n productionId: string,\n opts: { from: string; dryRun?: boolean; collections?: string[]; triggers?: string[]; hooks?: string[] },\n ) {\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${productionId}/promote`, {\n source_database_id: opts.from,\n dry_run: opts.dryRun ?? false,\n collections: opts.collections,\n triggers: opts.triggers,\n hooks: opts.hooks,\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('rollback <production-id>')\n .description('Rollback a promotion (human-only)')\n .requiredOption('--promotion <promotion-id>', 'Promotion ID to rollback')\n .action(async function (this: Command, productionId: string, opts: { promotion: string }) {\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${productionId}/promote/rollback`, {\n promotion_id: opts.promotion,\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndatabasesCommand.command('promotions <production-id>')\n .description('List promotion history for a production database')\n .action(async function (this: Command, productionId: string) {\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${productionId}/promotions`);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import chalk from 'chalk';\nimport Table from 'cli-table3';\n\nexport type OutputFormat = 'json' | 'table';\n\nexport function formatOutput(data: unknown, format: OutputFormat): string {\n if (format === 'json') {\n return JSON.stringify(data, null, 2);\n }\n\n if (Array.isArray(data)) {\n return formatTable(data as Record<string, unknown>[]);\n }\n\n if (typeof data === 'object' && data !== null) {\n return formatKeyValue(data as Record<string, unknown>);\n }\n\n return String(data);\n}\n\nfunction formatTable(rows: Record<string, unknown>[]): string {\n if (rows.length === 0) return chalk.dim('No results');\n\n const keys = Object.keys(rows[0]!);\n const table = new Table({ head: keys.map(k => chalk.bold(k)) });\n\n for (const row of rows) {\n table.push(keys.map(k => {\n const val = row[k];\n if (val === null || val === undefined) return '';\n if (typeof val === 'object') return JSON.stringify(val);\n return String(val);\n }));\n }\n\n return table.toString();\n}\n\nfunction formatKeyValue(obj: Record<string, unknown>): string {\n const table = new Table();\n for (const [key, value] of Object.entries(obj)) {\n const displayValue = typeof value === 'object' ? JSON.stringify(value) : String(value ?? '');\n table.push({ [chalk.bold(key)]: displayValue });\n }\n return table.toString();\n}\n","import { readFileSync } from 'fs';\nimport { Command } from 'commander';\nimport { type OutputFormat } from './output.js';\n\nexport function parseData(data: string): Record<string, unknown> {\n if (data.startsWith('@')) {\n const content = readFileSync(data.slice(1), 'utf-8');\n return JSON.parse(content) as Record<string, unknown>;\n }\n return JSON.parse(data) as Record<string, unknown>;\n}\n\nexport function getDatabase(cmd: Command): string {\n // Walk up the command chain to find --database on the root program\n let current: Command | null = cmd;\n while (current) {\n const ws = current.opts().database as string | undefined;\n if (ws) return ws;\n current = current.parent;\n }\n console.error('Error: --database is required');\n return process.exit(1);\n}\n\nexport function getFormat(cmd: Command): OutputFormat {\n // The global --output / --json flags live only on the root program. Commander\n // routes them to the root regardless of nesting depth or whether they appear\n // before or after the subcommand, so we resolve from the root rather than a\n // fixed parent.parent walk (which missed the root on 4-level commands like\n // `admin report list`). Reading the root also avoids picking up a subcommand's\n // own same-named --output (e.g. `providers export --output <file>`).\n let root: Command = cmd;\n while (root.parent) root = root.parent;\n const opts = root.opts();\n // Compare against 'json' rather than casting opts.output through, so an\n // unrecognized --output value falls back to 'table' instead of a bogus format.\n return opts.json || opts.output === 'json' ? 'json' : 'table';\n}\n","import * as readline from 'node:readline';\nimport { isInteractive } from './env.js';\n\n/**\n * Yes/no confirmation. When stdin/stdout aren't a TTY (pipes, CI) it resolves to `true`\n * immediately so non-interactive callers keep their existing non-blocking behavior — guard\n * destructive paths with an explicit `--yes` flag, not this prompt, for scripts.\n */\nexport function confirm(question: string, opts: { defaultYes?: boolean } = {}): Promise<boolean> {\n if (!isInteractive()) return Promise.resolve(true);\n\n const suffix = opts.defaultYes ? '[Y/n]' : '[y/N]';\n const rl = readline.createInterface({ input: process.stdin, output: process.stdout });\n return new Promise((resolve) => {\n rl.question(`${question} ${suffix}: `, (answer) => {\n rl.close();\n const a = answer.trim().toLowerCase();\n if (a === '') return resolve(Boolean(opts.defaultYes));\n resolve(a === 'y' || a === 'yes');\n });\n });\n}\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const collectionsCommand = new Command('collections')\n .description('Manage collections');\n\ncollectionsCommand.command('list')\n .description('List all collections in a database')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/collections`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ncollectionsCommand.command('get <id>')\n .description('Get a collection')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/collections/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ncollectionsCommand.command('upsert <id>')\n .description('Create or update a collection')\n .requiredOption('--name <name>', 'Collection name')\n .option('--description <desc>', 'Description')\n .option('--schema <json>', 'JSON Schema (inline JSON or @filename)')\n .option('--icon <icon>', 'Icon name')\n .option('--color <color>', 'Hex color')\n .option('--sources <json>', 'External sources config (inline JSON or @filename)')\n .action(async function (this: Command, id: string, opts: { name: string; description?: string; schema?: string; icon?: string; color?: string; sources?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const body: Record<string, unknown> = { name: opts.name };\n if (opts.description) body['description'] = opts.description;\n if (opts.schema) body['json_schema'] = parseData(opts.schema);\n if (opts.icon) body['icon'] = opts.icon;\n if (opts.color) body['color'] = opts.color;\n if (opts.sources) body['sources'] = parseData(opts.sources);\n const data = await client.request('PUT', `/v1/${ws}/collections/${id}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ncollectionsCommand.command('delete <id>')\n .description('Delete a collection')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete collection \"${id}\"? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/collections/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const documentsCommand = new Command('documents')\n .description('Manage documents');\n\ndocumentsCommand.command('upsert <collection>')\n .description('Create or update a document')\n .requiredOption('--data <json>', 'Record data (inline JSON or @filename)')\n .option('--id <id>', 'Internal document ID (UUID) to update a known document')\n .option('--external-id <id>', 'External/agent-supplied ID for idempotent upsert')\n .option('--external-source <source>', 'Source system for external_id (e.g. stripe)')\n .action(async function (this: Command, collection: string, opts: { data: string; id?: string; externalId?: string; externalSource?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const body: Record<string, unknown> = { data: parseData(opts.data) };\n if (opts.externalId) body['external_id'] = opts.externalId;\n if (opts.externalSource) body['external_source'] = opts.externalSource;\n const path = opts.id\n ? `/v1/${ws}/documents/${collection}/${opts.id}`\n : `/v1/${ws}/documents/${collection}`;\n const data = await client.request('PUT', path, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndocumentsCommand.command('query <collection>')\n .description('List/search documents: exact filters + fuzzy `search`, sorting, pagination')\n .option('--filter <json>', 'Filter DSL expression (inline JSON or @filename). Use the `search` operator for fuzzy matching.')\n .option('--sort <json>', 'Sort expressions (inline JSON or @filename), e.g. [{\"field\":\"data.created\",\"direction\":\"desc\"}]')\n .option('--fields <list>', 'Comma-separated field projection')\n .option('--limit <n>', 'Max results')\n .option('--offset <n>', 'Pagination offset')\n .action(async function (this: Command, collection: string, opts: { filter?: string; sort?: string; fields?: string; limit?: string; offset?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const qs = new URLSearchParams();\n if (opts.filter) qs.set('filter', JSON.stringify(parseData(opts.filter)));\n if (opts.sort) qs.set('sort', JSON.stringify(parseData(opts.sort)));\n if (opts.fields) qs.set('fields', opts.fields);\n if (opts.limit) qs.set('limit', opts.limit);\n if (opts.offset) qs.set('offset', opts.offset);\n const q = qs.toString();\n const data = await client.request('GET', `/v1/${ws}/documents/${collection}${q ? `?${q}` : ''}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndocumentsCommand.command('get <collection> <id>')\n .description('Get a document by ID')\n .action(async function (this: Command, collection: string, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/documents/${collection}/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ndocumentsCommand.command('delete <collection> <id>')\n .description('Delete a document')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, collection: string, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete document ${collection}/${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/documents/${collection}/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { readFileSync } from 'fs';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\n\nexport const sqlCommand = new Command('sql')\n .description('Execute a read-only SQL query against database data')\n .argument('[query]', 'SQL query (SELECT only)')\n .option('--file <path>', 'Read SQL from a file instead of argument')\n .option('--param <kv...>', 'Named parameters as key=value pairs (e.g., --param status=issued)')\n .action(async function (this: Command, queryArg: string | undefined, opts: { file?: string; param?: string[] }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n\n let query: string;\n if (opts.file) {\n query = readFileSync(opts.file, 'utf-8').trim();\n } else if (queryArg) {\n query = queryArg;\n } else {\n console.error('Error: provide a SQL query as argument or via --file');\n process.exit(1);\n }\n\n const params: Record<string, unknown> = {};\n if (opts.param) {\n for (const kv of opts.param) {\n const eqIdx = kv.indexOf('=');\n if (eqIdx === -1) {\n console.error(`Error: invalid param format \"${kv}\", expected key=value`);\n process.exit(1);\n }\n params[kv.slice(0, eqIdx)] = kv.slice(eqIdx + 1);\n }\n }\n\n const body: Record<string, unknown> = { query };\n if (Object.keys(params).length > 0) body.params = params;\n\n const data = await client.request('POST', `/v1/${ws}/sql`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const relationshipsCommand = new Command('relationships')\n .description('Manage relationships between documents');\n\nrelationshipsCommand.command('upsert')\n .description('Create or update a relationship')\n .requiredOption('--source <collection/id>', 'Source document (collection/id)')\n .requiredOption('--target <collection/id>', 'Target document (collection/id)')\n .requiredOption('--type <type>', 'Relationship type')\n .option('--id <id>', 'Relationship ID')\n .option('--data <json>', 'Relationship metadata (inline JSON or @filename)')\n .action(async function (this: Command, opts: { source: string; target: string; type: string; id?: string; data?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const [sourceCollection, sourceId] = opts.source.split('/');\n const [targetCollection, targetId] = opts.target.split('/');\n const body: Record<string, unknown> = {\n rel_type: opts.type,\n source_collection: sourceCollection,\n source_id: sourceId,\n target_collection: targetCollection,\n target_id: targetId,\n };\n if (opts.id) body['id'] = opts.id;\n if (opts.data) body['data'] = parseData(opts.data);\n const path = opts.id ? `/v1/${ws}/relationships/${opts.id}` : `/v1/${ws}/relationships`;\n const data = await client.request('PUT', path, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nrelationshipsCommand.command('get <id>')\n .description('Get a relationship by ID')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/relationships/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nrelationshipsCommand.command('delete <id>')\n .description('Delete a relationship')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete relationship ${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/relationships/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const relationshipTypesCommand = new Command('relationship-types')\n .description('Manage relationship types (the schema for a relationship\\'s metadata)');\n\nrelationshipTypesCommand.command('list')\n .description('List all relationship types in a database')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/relationship-types`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nrelationshipTypesCommand.command('get <rel_type>')\n .description('Get a relationship type')\n .action(async function (this: Command, relType: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/relationship-types/${relType}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nrelationshipTypesCommand.command('upsert <rel_type>')\n .description('Create or update a relationship type')\n .option('--description <desc>', 'Description')\n .option('--schema <json>', 'JSON Schema for the relationship data (inline JSON or @filename). Omit to allow any data.')\n .option('--source-collections <json>', 'JSON array of allowed source collections (inline JSON or @filename)')\n .option('--target-collections <json>', 'JSON array of allowed target collections (inline JSON or @filename)')\n .action(async function (this: Command, relType: string, opts: { description?: string; schema?: string; sourceCollections?: string; targetCollections?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const body: Record<string, unknown> = {};\n if (opts.description) body['description'] = opts.description;\n if (opts.schema) body['data_schema'] = parseData(opts.schema);\n if (opts.sourceCollections) body['source_collections'] = parseData(opts.sourceCollections);\n if (opts.targetCollections) body['target_collections'] = parseData(opts.targetCollections);\n const data = await client.request('PUT', `/v1/${ws}/relationship-types/${relType}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nrelationshipTypesCommand.command('delete <rel_type>')\n .description('Delete a relationship type')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, relType: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete relationship type \"${relType}\"? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/relationship-types/${relType}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\n\nexport const queryRelationshipsCommand = new Command('query-relationships')\n .description('Query related documents')\n .argument('<collection>', 'Collection of the source document')\n .argument('<id>', 'Source document ID')\n .option('--type <type>', 'Filter by relationship type')\n .option('--direction <dir>', 'Direction: outgoing, incoming, or both', 'both')\n .option('--limit <n>', 'Max results', '50')\n .option('--offset <n>', 'Skip results', '0')\n .action(async function (this: Command, collection: string, id: string, opts: { type?: string; direction: string; limit: string; offset: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const params = new URLSearchParams();\n if (opts.type) params.set('rel_type', opts.type);\n // Map user-friendly direction names to backend API terms\n const directionMap: Record<string, string> = { outgoing: 'source', incoming: 'target', both: 'both' };\n params.set('direction', directionMap[opts.direction] ?? opts.direction);\n params.set('limit', opts.limit);\n params.set('offset', opts.offset);\n const data = await client.request('GET', `/v1/${ws}/documents/${collection}/${id}/related?${params.toString()}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { readFileSync } from 'node:fs';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const attachmentsCommand = new Command('attachments')\n .description('Manage document attachments');\n\nattachmentsCommand.command('upload <collection> <id>')\n .description('Get a presigned upload URL for a document attachment. With --file, uploads the file content in one step.')\n .requiredOption('--filename <name>', 'File name or path (e.g. docs/guide.md)')\n .option('--content-type <type>', 'MIME type', 'application/octet-stream')\n .option('--file <path>', 'Local file to upload (skips presigned URL output, uploads directly)')\n .action(async function (this: Command, collection: string, id: string, opts: { filename: string; contentType: string; file?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('POST', `/v1/${ws}/documents/${collection}/${id}/attachments`, {\n filename: opts.filename,\n content_type: opts.contentType,\n }) as { upload_url: string; [key: string]: unknown };\n\n if (opts.file) {\n const body = readFileSync(opts.file);\n const uploadUrl = data.upload_url.startsWith('http') ? data.upload_url : `${client.baseUrl}${data.upload_url}`;\n await client.uploadFile(uploadUrl, body, opts.contentType);\n console.log(formatOutput({ ...data, uploaded: true }, getFormat(this)));\n } else {\n console.log(formatOutput(data, getFormat(this)));\n }\n });\n\nattachmentsCommand.command('url <collection> <id>')\n .description('Get a download URL for an attachment by filename')\n .requiredOption('--filename <name>', 'File name or path (e.g. docs/guide.md)')\n .action(async function (this: Command, collection: string, id: string, opts: { filename: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const attachments = await client.request<Array<{ key: string; size: number; uploaded: string }>>('GET', `/v1/${ws}/documents/${collection}/${id}/attachments`);\n const match = attachments.find(a => a.key.endsWith(`/${opts.filename}`));\n if (!match) {\n throw new Error(`Attachment \"${opts.filename}\" not found`);\n }\n const downloadUrl = `${client.baseUrl}/v1/${ws}/attachments/${match.key}`;\n console.log(formatOutput({ download_url: downloadUrl, ...match }, getFormat(this)));\n });\n\nattachmentsCommand.command('list <collection> <id>')\n .description('List attachments for a document')\n .option('--prefix <path>', 'Filter by path prefix (e.g. docs/)')\n .action(async function (this: Command, collection: string, id: string, opts: { prefix?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const query = opts.prefix ? `?prefix=${encodeURIComponent(opts.prefix)}` : '';\n const data = await client.request('GET', `/v1/${ws}/documents/${collection}/${id}/attachments${query}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nattachmentsCommand.command('delete <collection> <id> <attachment-id>')\n .description('Delete an attachment')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, collection: string, id: string, attachmentId: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete attachment ${attachmentId} on ${collection}/${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/documents/${collection}/${id}/attachments/${attachmentId}`);\n console.log('Deleted');\n });\n","import { randomUUID } from 'crypto';\nimport { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const hooksCommand = new Command('hooks')\n .description('Manage inbound webhook endpoints');\n\nhooksCommand.command('create')\n .description('Create a new inbound hook')\n .requiredOption('--name <name>', 'Hook name')\n .requiredOption('--secret <secret>', 'HMAC shared secret')\n .option('--id <id>', 'Hook ID (auto-generated if omitted)')\n .option('--collection-scope <collections>', 'Comma-separated collection scope')\n .action(async function (this: Command, opts: { name: string; secret: string; id?: string; collectionScope?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const hookId = opts.id ?? randomUUID();\n const body: Record<string, unknown> = {\n name: opts.name,\n secret: opts.secret,\n enabled: true,\n };\n if (opts.collectionScope) {\n body['collection_scope'] = opts.collectionScope.split(',');\n }\n const data = await client.request('PUT', `/v1/${ws}/hooks/${hookId}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nhooksCommand.command('get <id>')\n .description('Get a hook')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/hooks/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nhooksCommand.command('list')\n .description('List all hooks')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/hooks`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nhooksCommand.command('delete <id>')\n .description('Delete a hook')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete hook ${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/hooks/${id}`);\n console.log('Deleted');\n });\n","import { randomUUID } from 'crypto';\nimport { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const triggersCommand = new Command('triggers')\n .description('Manage outbound triggers');\n\ntriggersCommand.command('create')\n .description('Create an outbound trigger')\n .requiredOption('--name <name>', 'Trigger name')\n .requiredOption('--url <url>', 'Target URL')\n .requiredOption('--secret <secret>', 'HMAC signing secret')\n .requiredOption('--events <events>', 'Comma-separated event types')\n .option('--id <id>', 'Trigger ID (auto-generated if omitted)')\n .option('--collection-scope <collections>', 'Comma-separated collection scope')\n .option('--filter <json>', 'Filter expression (JSON)')\n .action(async function (this: Command, opts: { name: string; url: string; secret: string; events: string; id?: string; collectionScope?: string; filter?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const triggerId = opts.id ?? randomUUID();\n const body: Record<string, unknown> = {\n name: opts.name,\n url: opts.url,\n secret: opts.secret,\n events: opts.events.split(','),\n enabled: true,\n };\n if (opts.collectionScope) {\n body['collection_scope'] = opts.collectionScope.split(',');\n }\n if (opts.filter) {\n body['filter'] = JSON.parse(opts.filter);\n }\n const data = await client.request('PUT', `/v1/${ws}/triggers/${triggerId}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntriggersCommand.command('get <id>')\n .description('Get a trigger')\n .action(async function (this: Command, id: string) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/triggers/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntriggersCommand.command('list')\n .description('List all triggers')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/triggers`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntriggersCommand.command('deliveries')\n .description('List trigger delivery attempts (status, retries, errors)')\n .option('--status <status>', 'Filter by status (pending | delivered | failed | dead)')\n .option('--trigger-id <id>', 'Filter by trigger id')\n .action(async function (this: Command, opts: { status?: string; triggerId?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const params = new URLSearchParams();\n if (opts.status) params.set('status', opts.status);\n if (opts.triggerId) params.set('trigger_id', opts.triggerId);\n const qs = params.toString();\n const data = await client.request('GET', `/v1/${ws}/triggers/deliveries${qs ? `?${qs}` : ''}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntriggersCommand.command('delete <id>')\n .description('Delete a trigger')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete trigger ${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/triggers/${id}`);\n console.log('Deleted');\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getDatabase, getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\nexport const endpointsCommand = new Command('endpoints')\n .description('Manage MCP Factory endpoints');\n\nendpointsCommand.command('upsert <slug>')\n .description('Create or update an MCP endpoint')\n .option('--name <name>', 'Endpoint display name (required unless using --config)')\n .option('--description <desc>', 'Endpoint description')\n .option('--tool <spec>', 'Collection tool spec: collection:op1,op2 (repeatable)', collect, [])\n .option('--relationship <spec>', 'Relationship tool spec: rel_type:op1,op2 (repeatable)', collect, [])\n .option('--batch <spec>', 'Batch operation spec: collection_or_rel:op1,op2 (repeatable)', collect, [])\n .option('--sql-query', 'Enable sql_query tool')\n .option('--config <json>', 'Full endpoint config as JSON (supports name_override, description_override per tool). Use @file.json to read from file.')\n .action(async function (this: Command, slug: string, opts: {\n name?: string;\n description?: string;\n tool: string[];\n relationship: string[];\n batch: string[];\n sqlQuery?: boolean;\n config?: string;\n }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n\n let body: Record<string, unknown>;\n\n if (opts.config) {\n // Full JSON config — supports name_override, description_override per tool\n body = JSON.parse(opts.config);\n } else {\n if (!opts.name) {\n throw new Error('--name is required (or use --config for full JSON config)');\n }\n body = {\n name: opts.name,\n tools: opts.tool.map(parseToolSpec),\n };\n\n if (opts.description) body.description = opts.description;\n\n if (opts.relationship.length > 0) {\n body.relationships = opts.relationship.map(parseRelSpec);\n }\n\n if (opts.batch.length > 0) {\n const operations: Record<string, string[]> = {};\n for (const spec of opts.batch) {\n const parsed = parseSpec(spec);\n operations[parsed.key] = parsed.ops;\n }\n body.batch = { enabled: true, operations };\n }\n\n if (opts.sqlQuery) body.sql_query = true;\n }\n\n const data = await client.request('PUT', `/v1/${ws}/endpoints/${slug}`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nendpointsCommand.command('get <slug>')\n .description('Get an endpoint')\n .option('--resolved', 'Include resolved collection schemas')\n .action(async function (this: Command, slug: string, opts: { resolved?: boolean }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const path = opts.resolved\n ? `/v1/${ws}/endpoints/${slug}/resolved`\n : `/v1/${ws}/endpoints/${slug}`;\n const data = await client.request('GET', path);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nendpointsCommand.command('list')\n .description('List all endpoints')\n .action(async function (this: Command) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/${ws}/endpoints`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nendpointsCommand.command('delete <slug>')\n .description('Delete an endpoint')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, slug: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete endpoint \"${slug}\"? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const ws = getDatabase(this);\n const client = new ApiClient();\n await client.request('DELETE', `/v1/${ws}/endpoints/${slug}`);\n console.log('Deleted');\n });\n\nendpointsCommand.command('url <slug>')\n .description('Get the MCP connection URL for an endpoint')\n .option('--transport <type>', 'Transport: mcp or sse', 'mcp')\n .action((_slug: string, opts: { transport: string }) => {\n const transport = opts.transport === 'sse' ? 'sse' : 'mcp';\n console.log(`https://mcp.rekor.pro/e/${_slug}/${transport}`);\n });\n\n// ---- Helpers ----\n\nfunction collect(value: string, previous: string[]): string[] {\n return [...previous, value];\n}\n\nfunction parseSpec(spec: string): { key: string; ops: string[] } {\n const [key, opsStr] = spec.split(':');\n if (!key || !opsStr) {\n throw new Error(`Invalid spec '${spec}'. Expected format: name:op1,op2`);\n }\n return { key, ops: opsStr.split(',') };\n}\n\nfunction parseToolSpec(spec: string): Record<string, unknown> {\n const { key, ops } = parseSpec(spec);\n return { collection: key, operations: ops };\n}\n\nfunction parseRelSpec(spec: string): Record<string, unknown> {\n const { key, ops } = parseSpec(spec);\n return { rel_type: key, operations: ops };\n}\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\n\nexport const batchCommand = new Command('batch')\n .description('Execute atomic batch operations (up to 1,000 operations)')\n .requiredOption('--operations <json>', 'Operations array (inline JSON or @filename)')\n .action(async function (this: Command, opts: { operations: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const operations = parseData(opts.operations);\n const data = await client.request('POST', `/v1/${ws}/batch`, {\n operations: Array.isArray(operations) ? operations : [operations],\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { parseData, getDatabase, getFormat } from '../helpers.js';\nconst VALID_PROVIDERS = 'openai, anthropic, google, mcp';\n\nexport const providersCommand = new Command('providers')\n .description('Import/export tool definitions between LLM providers and Record collections');\n\nprovidersCommand.command('import <provider>')\n .description(`Import tool definitions as collections. Providers: ${VALID_PROVIDERS}`)\n .requiredOption('--tools <json>', 'Tool definitions (inline JSON or @filename)')\n .action(async function (this: Command, provider: string, opts: { tools: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const tools = parseData(opts.tools);\n const data = await client.request('POST', `/v1/${ws}/providers/${provider}/import`, {\n tools: Array.isArray(tools) ? tools : [tools],\n });\n console.log(formatOutput(data, getFormat(this)));\n });\n\nprovidersCommand.command('export <provider>')\n .description(`Export collections as tool definitions. Providers: ${VALID_PROVIDERS}`)\n .option('--collections <ids>', 'Comma-separated collection IDs (omit for all)')\n .option('--output <file>', 'Write output to file')\n .action(async function (this: Command, provider: string, opts: { collections?: string; output?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const query = opts.collections ? `?collections=${opts.collections}` : '';\n const data = await client.request('GET', `/v1/${ws}/providers/${provider}/export${query}`);\n\n if (opts.output) {\n const { writeFileSync } = await import('fs');\n writeFileSync(opts.output, JSON.stringify(data, null, 2));\n console.log(`Written to ${opts.output}`);\n } else {\n console.log(formatOutput(data, getFormat(this)));\n }\n });\n\nprovidersCommand.command('import-call <provider> <collection>')\n .description(`Create a document from a tool call in provider format. Providers: ${VALID_PROVIDERS}`)\n .requiredOption('--data <json>', 'Tool call data in provider format (inline JSON or @filename)')\n .option('--external-id <id>', 'External ID for idempotent upsert')\n .option('--external-source <source>', 'External source identifier')\n .action(async function (this: Command, provider: string, collection: string, opts: { data: string; externalId?: string; externalSource?: string }) {\n const ws = getDatabase(this);\n const client = new ApiClient();\n const callData = parseData(opts.data);\n const queryParts: string[] = [];\n if (opts.externalId) queryParts.push(`external_id=${encodeURIComponent(opts.externalId)}`);\n if (opts.externalSource) queryParts.push(`external_source=${encodeURIComponent(opts.externalSource)}`);\n const qs = queryParts.length ? `?${queryParts.join('&')}` : '';\n const data = await client.request('POST', `/v1/${ws}/providers/${provider}/documents/${collection}${qs}`, callData);\n console.log(formatOutput(data, getFormat(this)));\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getFormat } from '../helpers.js';\n\nexport const tokensCommand = new Command('tokens')\n .description('Manage API tokens');\n\ntokensCommand.command('create')\n .description('Create a scoped API token')\n .requiredOption('--name <name>', 'Token name')\n .requiredOption('--grants <json>', 'Grant definitions as JSON array')\n .option('--expires-at <date>', 'Expiration date (ISO 8601, e.g., 2026-06-01T00:00:00Z)')\n .action(async function (this: Command, opts: { name: string; grants: string; expiresAt?: string }) {\n const client = new ApiClient();\n let grants: unknown;\n try {\n grants = JSON.parse(opts.grants);\n } catch {\n throw new Error('--grants must be valid JSON');\n }\n const body: Record<string, unknown> = { name: opts.name, grants };\n if (opts.expiresAt) body.expires_at = opts.expiresAt;\n const data = await client.request('POST', '/v1/tokens', body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntokensCommand.command('list')\n .description('List API tokens')\n .action(async function (this: Command) {\n const client = new ApiClient();\n const data = await client.request('GET', '/v1/tokens');\n console.log(formatOutput(data, getFormat(this)));\n });\n\ntokensCommand.command('revoke <token_id>')\n .description('Revoke an API token')\n .action(async function (this: Command, tokenId: string) {\n const client = new ApiClient();\n await client.request('DELETE', `/v1/tokens/${tokenId}`);\n console.log('Token revoked');\n });\n","import { Command } from 'commander';\nimport { readFileSync } from 'node:fs';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getFormat } from '../helpers.js';\nimport { confirm } from '../prompt.js';\n\n/**\n * Resolve a secret value from exactly one of `--value` (a plain string) or `--file` (the file's bytes,\n * base64-encoded — for certificates, keystores, or service-account JSON). Throws if neither or both given.\n */\nfunction resolveValue(opts: { value?: string; file?: string }): string {\n if ((opts.value === undefined) === (opts.file === undefined)) {\n throw new Error('provide exactly one of --value or --file');\n }\n if (opts.file !== undefined) return readFileSync(opts.file).toString('base64');\n return opts.value!;\n}\n\nexport const secretsCommand = new Command('secrets')\n .description('Manage organization vault secrets');\n\nsecretsCommand.command('create')\n .description('Store a vault secret (a string value, or a file via --file as base64)')\n .requiredOption('--name <name>', 'Secret name')\n .option('--value <value>', 'Secret value (plain string)')\n .option('--file <path>', 'Read the value from a file and base64-encode it (certificates, keystores, SA JSON)')\n .option('--content-type <mime>', 'MIME type of the value (e.g. application/x-pkcs12)')\n .option('--expires-at <date>', 'Expiry as ISO-8601 (e.g. 2027-01-01T00:00:00Z) — surfaced by `list --expiring`')\n .option('--tags <tags>', 'Comma-separated tags')\n .action(async function (this: Command, opts: { name: string; value?: string; file?: string; contentType?: string; expiresAt?: string; tags?: string }) {\n const client = new ApiClient();\n const body: Record<string, unknown> = { name: opts.name, value: resolveValue(opts) };\n if (opts.contentType) body.content_type = opts.contentType;\n if (opts.expiresAt) body.expires_at = opts.expiresAt;\n if (opts.tags) body.tags = opts.tags.split(',').map((t) => t.trim()).filter(Boolean);\n const data = await client.request('POST', '/v1/vault/secrets', body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nsecretsCommand.command('list')\n .description('List vault secrets (values masked)')\n .option('--expiring', 'Only secrets expiring within --days (default 30)')\n .option('--days <n>', 'Window for --expiring, in days', '30')\n .action(async function (this: Command, opts: { expiring?: boolean; days: string }) {\n const client = new ApiClient();\n const path = opts.expiring ? `/v1/vault/secrets?expiring_within_days=${encodeURIComponent(opts.days)}` : '/v1/vault/secrets';\n const data = await client.request('GET', path);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nsecretsCommand.command('get <id>')\n .description('Get vault secret metadata (value masked)')\n .action(async function (this: Command, id: string) {\n const client = new ApiClient();\n const data = await client.request('GET', `/v1/vault/secrets/${id}`);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nsecretsCommand.command('rotate <id>')\n .description('Rotate a secret by installing a new caller-supplied value (from --value or --file)')\n .option('--value <value>', 'New secret value (plain string)')\n .option('--file <path>', 'Read the new value from a file and base64-encode it')\n .option('--expires-at <date>', \"Set the rotated credential's new expiry (ISO-8601)\")\n .action(async function (this: Command, id: string, opts: { value?: string; file?: string; expiresAt?: string }) {\n const client = new ApiClient();\n const body: Record<string, unknown> = { value: resolveValue(opts) };\n if (opts.expiresAt) body.expires_at = opts.expiresAt;\n const data = await client.request('POST', `/v1/vault/secrets/${id}/rotate`, body);\n console.log(formatOutput(data, getFormat(this)));\n });\n\nsecretsCommand.command('delete <id>')\n .description('Delete a vault secret')\n .option('-y, --yes', 'Skip confirmation prompt')\n .action(async function (this: Command, id: string, opts: { yes?: boolean }) {\n if (!opts.yes && !(await confirm(`Delete vault secret ${id}? This cannot be undone.`))) {\n console.log('Aborted');\n return;\n }\n const client = new ApiClient();\n await client.request('DELETE', `/v1/vault/secrets/${id}`);\n console.log('Secret deleted');\n });\n","// Platform-admin commands. Backed by /admin/* on the backend, which requires\n// the `platform:admin` permission (granted to JWT auth when the WorkOS email is\n// in PLATFORM_ADMIN_EMAILS). All reads are audit-logged and rate-limited.\n\nimport { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { formatOutput } from '../output.js';\nimport { getFormat } from '../helpers.js';\n\nexport const adminCommand = new Command('admin')\n .description('Platform-admin commands (requires platform:admin grant)');\n\n// --- do ---\n\nconst doCommand = adminCommand.command('do').description('Inspect live database storage state');\n\ndoCommand.command('tables <type> <id>')\n .description('List internal tables and row counts. Types: database | org | user')\n .action(async function (this: Command, type: string, id: string) {\n const client = new ApiClient();\n const data = await client.request<{ type: string; id: string; tables: { name: string; row_count: number }[] }>(\n 'GET',\n `/admin/do/${encodeURIComponent(type)}/${encodeURIComponent(id)}/tables`,\n );\n console.log(formatOutput(data.tables, getFormat(this)));\n });\n\ndoCommand.command('read <type> <id> <table>')\n .description('Read rows from an internal table (sensitive columns redacted)')\n .option('--limit <n>', 'Max rows (default 20, cap 100)', (v: string) => Number(v))\n .option('--row-id <value>', 'Filter to a single row by its id column')\n .action(async function (\n this: Command,\n type: string,\n id: string,\n table: string,\n opts: { limit?: number; rowId?: string },\n ) {\n const client = new ApiClient();\n const params = new URLSearchParams({ table });\n if (opts.limit !== undefined) params.set('limit', String(opts.limit));\n if (opts.rowId !== undefined) params.set('row_id', opts.rowId);\n\n const data = await client.request<{\n table: string;\n columns: string[];\n rows: unknown[][];\n truncated: boolean;\n }>(\n 'GET',\n `/admin/do/${encodeURIComponent(type)}/${encodeURIComponent(id)}/read?${params}`,\n );\n\n const format = getFormat(this);\n if (format === 'json') {\n console.log(JSON.stringify(data, null, 2));\n return;\n }\n // Reshape columns/rows into row objects for table display.\n const objs = data.rows.map(r => Object.fromEntries(data.columns.map((c, i) => [c, r[i]])));\n console.log(formatOutput(objs, format));\n if (data.truncated) console.log('(truncated — pass --limit to see more)');\n });\n\n// --- report (platform_report triage queue) ---\n\nconst adminReportCommand = adminCommand\n .command('report')\n .description('Inspect and triage the platform_report queue (Sentry + CLI bug reports)');\n\ninterface PlatformReportRow {\n report_id: string;\n source: 'sentry' | 'cli_report' | 'review' | 'security_audit';\n classification: 'bug' | 'flaky_test' | 'security' | null;\n status: 'pending' | 'grouped' | 'escalated' | 'addressed' | 'dismissed';\n fingerprint: string;\n gh_issue_url: string | null;\n reporter_email: string | null;\n created_at: string;\n}\n\nadminReportCommand.command('list')\n .description('List reports with optional filters')\n .option('--status <s>', 'pending | grouped | escalated | addressed | dismissed')\n .option('--source <s>', 'sentry | cli_report | review | security_audit')\n .option('--classification <c>', 'bug | flaky_test | security')\n .option('--limit <n>', 'Max rows (default 50, cap 200)', (v: string) => Number(v))\n .option('--offset <n>', 'Offset for pagination', (v: string) => Number(v))\n .option('--since <iso>', 'Lower bound on created_at (ISO timestamp)')\n .action(async function (\n this: Command,\n opts: { status?: string; source?: string; classification?: string; limit?: number; offset?: number; since?: string },\n ) {\n const client = new ApiClient();\n const params = new URLSearchParams();\n if (opts.status) params.set('status', opts.status);\n if (opts.source) params.set('source', opts.source);\n if (opts.classification) params.set('classification', opts.classification);\n if (opts.limit !== undefined) params.set('limit', String(opts.limit));\n if (opts.offset !== undefined) params.set('offset', String(opts.offset));\n if (opts.since) params.set('since', opts.since);\n const qs = params.toString() ? `?${params}` : '';\n\n const data = await client.request<{ rows: PlatformReportRow[]; total: number }>(\n 'GET',\n `/admin/reports${qs}`,\n );\n\n const format = getFormat(this);\n if (format === 'json') {\n console.log(JSON.stringify(data, null, 2));\n return;\n }\n console.log(formatOutput(data.rows, format));\n console.log(`(${data.rows.length} of ${data.total})`);\n });\n\nadminReportCommand.command('show <id>')\n .description('Show a single report with its group members')\n .action(async function (this: Command, id: string) {\n const client = new ApiClient();\n const data = await client.request<{ report: PlatformReportRow; members: PlatformReportRow[] }>(\n 'GET',\n `/admin/reports/${encodeURIComponent(id)}`,\n );\n console.log(JSON.stringify(data, null, 2));\n });\n\n// Local copy: the CLI is a separate package and can't import backend internals\n// (mirrors the local PlatformReportRow above).\ninterface GroupReportSkip {\n report_id: string;\n reason: 'not_found' | 'terminal' | 'grouped_elsewhere' | 'different_gh_issue';\n detail?: string;\n}\n\nfunction describeGroupSkip(s: GroupReportSkip): string {\n switch (s.reason) {\n case 'not_found':\n return 'not found';\n case 'terminal':\n return `terminal (${s.detail ?? 'resolved'})`;\n case 'grouped_elsewhere':\n return `already grouped under ${s.detail ?? 'another canonical'}`;\n case 'different_gh_issue':\n return `tracks a different GitHub issue (${s.detail ?? 'unknown'})`;\n default: {\n // Compile-time exhaustiveness: a new skip reason must be handled here.\n const _exhaustive: never = s.reason;\n return _exhaustive;\n }\n }\n}\n\nadminReportCommand.command('group <canonical_id> <member_ids...>')\n .description('Fold member_ids under canonical_id (members must be pending or escalated)')\n .action(async function (this: Command, canonicalId: string, memberIds: string[]) {\n const client = new ApiClient();\n const data = await client.request<{ grouped: number; skipped: GroupReportSkip[] }>(\n 'POST',\n `/admin/reports/${encodeURIComponent(canonicalId)}/group`,\n { member_ids: memberIds },\n );\n console.log(`Grouped ${data.grouped} member(s) under ${canonicalId}`);\n for (const s of data.skipped ?? []) {\n console.log(` skipped ${s.report_id} — ${describeGroupSkip(s)}`);\n }\n });\n\nadminReportCommand.command('ungroup <member_id>')\n .description('Detach a grouped member back to pending (inverse of group)')\n .action(async function (this: Command, memberId: string) {\n const client = new ApiClient();\n const data = await client.request<{ report: PlatformReportRow }>(\n 'POST',\n `/admin/reports/${encodeURIComponent(memberId)}/ungroup`,\n );\n console.log(`Detached ${data.report.report_id} → ${data.report.status}`);\n });\n\nadminReportCommand.command('escalate <id>')\n .description('Mark a pending report as escalated and link a GitHub issue')\n .requiredOption('--gh <url>', 'GitHub issue URL the triage routine opened')\n .option('--verdict <text>', 'AI verdict / triage rationale')\n .action(async function (this: Command, id: string, opts: { gh: string; verdict?: string }) {\n const client = new ApiClient();\n const body: Record<string, unknown> = { target: 'escalated', gh_issue_url: opts.gh };\n if (opts.verdict) body['ai_verdict'] = opts.verdict;\n const data = await client.request<{ report: PlatformReportRow; cascaded_report_ids: string[] }>(\n 'PATCH',\n `/admin/reports/${encodeURIComponent(id)}/transition`,\n body,\n );\n console.log(`Escalated ${data.report.report_id} → ${opts.gh}`);\n });\n\nadminReportCommand.command('addressed <id>')\n .description('Mark an escalated report as addressed (fix shipped)')\n .action(async function (this: Command, id: string) {\n const client = new ApiClient();\n const data = await client.request<{ report: PlatformReportRow; cascaded_report_ids: string[] }>(\n 'PATCH',\n `/admin/reports/${encodeURIComponent(id)}/transition`,\n { target: 'addressed' },\n );\n console.log(`Addressed ${data.report.report_id} (cascaded to ${data.cascaded_report_ids.length} group member(s))`);\n });\n\nadminReportCommand.command('dismiss <id>')\n .description('Mark a report as dismissed (not actionable)')\n .requiredOption('--reason <text>', 'Why this report was dismissed')\n .option('--verdict <text>', 'AI verdict / triage rationale')\n .action(async function (this: Command, id: string, opts: { reason: string; verdict?: string }) {\n const client = new ApiClient();\n const body: Record<string, unknown> = { target: 'dismissed', dismissal_reason: opts.reason };\n if (opts.verdict) body['ai_verdict'] = opts.verdict;\n const data = await client.request<{ report: PlatformReportRow; cascaded_report_ids: string[] }>(\n 'PATCH',\n `/admin/reports/${encodeURIComponent(id)}/transition`,\n body,\n );\n console.log(`Dismissed ${data.report.report_id} (reason: ${opts.reason})`);\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\n\ninterface ReportResponse {\n report_id: string;\n created: boolean;\n fingerprint: string;\n}\n\nexport const reportCommand = new Command('report')\n .description('File a report to the Rekor triage queue');\n\nreportCommand.command('create')\n .description('Submit a report to the Rekor triage queue (deduplicated)')\n .requiredOption('--title <title>', 'Short summary')\n .requiredOption('--description <text>', 'What happened')\n .option('--source <source>', 'Origin: cli_report (default) | review | security_audit')\n .option('--classification <c>', 'Nature: bug (default) | flaky_test | security')\n .option('--dedup-key <key>', 'Stable dedup key (e.g. \"<file>::<test>\"); collapses repeat occurrences')\n .option('--severity <level>', 'low | medium | high | critical')\n .option('--steps <text>', 'Steps to reproduce')\n .option('--error-message <text>', 'Exact error text if any')\n .option('--context <text>', 'Additional context (logs, request IDs)')\n .option('--locale <code>', 'Notification locale (en | pt | es)', 'en')\n .option('--reporter-email <addr>', 'Override reporter email (defaults to session email)')\n .action(async function (\n this: Command,\n opts: {\n title: string;\n description: string;\n source?: string;\n classification?: string;\n dedupKey?: string;\n severity?: string;\n steps?: string;\n errorMessage?: string;\n context?: string;\n locale?: string;\n reporterEmail?: string;\n },\n ) {\n const client = new ApiClient();\n const body: Record<string, unknown> = {\n title: opts.title,\n description: opts.description,\n locale: opts.locale,\n };\n if (opts.source) body['source'] = opts.source;\n if (opts.classification) body['classification'] = opts.classification;\n if (opts.dedupKey) body['dedup_key'] = opts.dedupKey;\n if (opts.severity) body['severity'] = opts.severity;\n if (opts.steps) body['steps'] = opts.steps;\n if (opts.errorMessage) body['error_message'] = opts.errorMessage;\n if (opts.context) body['context'] = opts.context;\n if (opts.reporterEmail) body['reporter_email'] = opts.reporterEmail;\n\n const data = await client.request<ReportResponse>('POST', '/v1/reports', body);\n if (data.created) {\n console.log(`Report submitted (id: ${data.report_id}).`);\n console.log('Our team will review and follow up by email if you provided one.');\n } else {\n console.log(`A matching report already exists (id: ${data.report_id}) — your submission was merged into it.`);\n }\n });\n","import { Command } from 'commander';\nimport { execFileSync } from 'node:child_process';\nimport { isNewerVersion } from '../version.js';\nimport { NPM_PACKAGE } from '../version-check.js';\nimport pkg from '../../package.json' with { type: 'json' };\n\nexport const updateCommand = new Command('update')\n .description('Update the Rekor CLI to the latest published version')\n .action(() => {\n console.log(`Current version: ${pkg.version}`);\n console.log('Checking for updates...');\n let latest: string;\n try {\n // shell: true is required on Windows where npm is a .cmd shim.\n latest = execFileSync('npm', ['view', NPM_PACKAGE, 'version'], { timeout: 10_000, shell: true })\n .toString()\n .trim();\n } catch {\n console.error(`Could not reach npm to check for updates.`);\n console.error(`Try manually: npm install -g ${NPM_PACKAGE}`);\n process.exit(1);\n }\n\n if (!isNewerVersion(latest, pkg.version)) {\n console.log(`Already on the latest version (${pkg.version}).`);\n return;\n }\n\n console.log(`Updating ${pkg.version} → ${latest}...`);\n try {\n execFileSync('npm', ['install', '-g', `${NPM_PACKAGE}@latest`], {\n timeout: 120_000,\n shell: true,\n stdio: 'inherit',\n });\n console.log(`Updated to ${latest}.`);\n } catch (err) {\n console.error(`Update failed: ${err instanceof Error ? err.message : String(err)}`);\n console.error(`Try manually: npm install -g ${NPM_PACKAGE}`);\n process.exit(1);\n }\n });\n","/** Returns true if `latest` is a newer semver than `current`. Prerelease/build metadata is stripped. */\nexport function isNewerVersion(latest: string, current: string): boolean {\n const strip = (v: string) => v.replace(/[-+].*$/, '');\n const l = strip(latest).split('.').map(Number);\n const c = strip(current).split('.').map(Number);\n for (let i = 0; i < Math.max(l.length, c.length); i++) {\n const lv = l[i] ?? 0;\n const cv = c[i] ?? 0;\n if (Number.isNaN(lv) || Number.isNaN(cv)) return false;\n if (lv > cv) return true;\n if (lv < cv) return false;\n }\n return false;\n}\n","import { readFileSync, writeFileSync, mkdirSync } from 'node:fs';\nimport { join } from 'node:path';\nimport { execFile } from 'node:child_process';\nimport { CONFIG_DIR } from './config.js';\nimport { isNewerVersion } from './version.js';\nimport { isCI } from './env.js';\n\n/** npm package name — shared with the `update` command. */\nexport const NPM_PACKAGE = 'rekor-cli';\nconst CACHE_FILE = join(CONFIG_DIR, 'update-check.json');\nconst MAX_AGE_MS = 24 * 60 * 60 * 1000; // 24h\n\ninterface VersionCache {\n lastCheck: number;\n latest: string | null;\n}\n\nfunction isDisabled(): boolean {\n return Boolean(\n process.env['NO_UPDATE_NOTIFIER'] ||\n process.env['REKOR_NO_UPDATE_CHECK'] ||\n isCI(),\n );\n}\n\nfunction readCache(): VersionCache | null {\n try {\n const parsed = JSON.parse(readFileSync(CACHE_FILE, 'utf-8')) as VersionCache;\n if (typeof parsed.lastCheck !== 'number') return null;\n if (parsed.latest !== null && typeof parsed.latest !== 'string') return null;\n return parsed;\n } catch {\n return null;\n }\n}\n\nfunction writeCache(cache: VersionCache): void {\n try {\n mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });\n writeFileSync(CACHE_FILE, JSON.stringify(cache), { mode: 0o600 });\n } catch {\n // Cache write failures just mean we re-check next run — never fatal.\n }\n}\n\n/** Latest known version from cache if it's fresh and newer than `current`, else null. */\nexport function readCachedLatest(current: string): string | null {\n const cache = readCache();\n if (!cache?.latest) return null;\n if (Date.now() - cache.lastCheck > MAX_AGE_MS) return null;\n return isNewerVersion(cache.latest, current) ? cache.latest : null;\n}\n\nfunction notify(latest: string, current: string): void {\n console.error(`\\nUpdate available: ${current} → ${latest}\\nRun \\`rekor update\\` to update.`);\n}\n\n/**\n * Non-blocking update check. Prints a nudge to stderr from a fresh cache; otherwise spawns a\n * detached `npm view` to populate the cache for next time. Wrapped so it can never throw or\n * delay CLI exit (the spawned child is unref'd).\n */\nexport function checkForUpdates(current: string): void {\n if (isDisabled()) return;\n try {\n const cache = readCache();\n\n if (cache && Date.now() - cache.lastCheck < MAX_AGE_MS) {\n if (cache.latest && isNewerVersion(cache.latest, current)) notify(cache.latest, current);\n return;\n }\n\n // Sentinel write first so concurrent/rapid runs don't all spawn npm.\n writeCache({ lastCheck: Date.now(), latest: cache?.latest ?? null });\n\n // shell: true is required on Windows where npm is a .cmd shim.\n const child = execFile(\n 'npm',\n ['view', NPM_PACKAGE, 'version'],\n { timeout: 5000, shell: true },\n (err, stdout) => {\n if (err) return;\n const latest = stdout.trim();\n if (!latest) return;\n writeCache({ lastCheck: Date.now(), latest });\n if (isNewerVersion(latest, current)) notify(latest, current);\n },\n );\n // Let the CLI exit immediately; the refresh runs detached.\n child.unref();\n } catch {\n // Never block the CLI on an update check.\n }\n}\n","{\n \"name\": \"rekor-cli\",\n \"version\": \"0.1.40\",\n \"type\": \"module\",\n \"engines\": {\n \"node\": \">=20.0.0\"\n },\n \"bin\": {\n \"rekor\": \"dist/index.js\"\n },\n \"files\": [\n \"dist\"\n ],\n \"scripts\": {\n \"build\": \"tsup\",\n \"typecheck\": \"tsc --noEmit\",\n \"test\": \"vitest run\",\n \"dev\": \"tsup --watch\"\n },\n \"dependencies\": {\n \"@napi-rs/keyring\": \"^1.1.6\",\n \"chalk\": \"^5.4.1\",\n \"cli-table3\": \"^0.6.5\",\n \"commander\": \"^13.1.0\",\n \"open\": \"^11.0.0\"\n },\n \"optionalDependencies\": {\n \"@sentry/node\": \"^10.0.0\"\n },\n \"devDependencies\": {\n \"@types/node\": \"^25.5.0\",\n \"tsup\": \"^8.4.0\",\n \"typescript\": \"^5.8.2\",\n \"vitest\": \"~3.0.9\"\n }\n}\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { getFormat } from '../helpers.js';\n\nexport interface MeResponse {\n auth_kind: string;\n grants_summary: string;\n org_id?: string;\n user_id?: string;\n email?: string;\n orgs?: Array<{ org_id: string; name: string; role: string }>;\n}\n\nexport const whoamiCommand = new Command('whoami')\n .description('Show the authenticated identity')\n .action(async function (this: Command) {\n const client = new ApiClient();\n const me = await client.request<MeResponse>('GET', '/v1/auth/me');\n\n if (getFormat(this) === 'json') {\n console.log(JSON.stringify(me, null, 2));\n return;\n }\n\n console.log(`auth_kind: ${me.auth_kind}`);\n if (me.email) console.log(`email: ${me.email}`);\n if (me.user_id) console.log(`user_id: ${me.user_id}`);\n if (me.org_id) console.log(`org_id: ${me.org_id}`);\n console.log(`grants: ${me.grants_summary}`);\n if (me.orgs && me.orgs.length > 0) {\n console.log('organizations:');\n for (const o of me.orgs) {\n console.log(` ${o.name} (${o.org_id}) — ${o.role}`);\n }\n }\n });\n","import { Command } from 'commander';\nimport { ApiClient } from '../client.js';\nimport { ApiError } from '../errors.js';\nimport { loadConfig } from '../config.js';\nimport { isAuthenticated } from '../auth.js';\nimport { getFormat } from '../helpers.js';\nimport { readCachedLatest } from '../version-check.js';\nimport type { MeResponse } from './whoami.js';\nimport pkg from '../../package.json' with { type: 'json' };\n\ninterface StatusSnapshot {\n logged_in: boolean;\n token_valid: boolean | null;\n api_url: string;\n auth_kind: string | null;\n email: string | null;\n org_id: string | null;\n grants: string | null;\n cli: { version: string; latest: string | null };\n}\n\nexport const statusCommand = new Command('status')\n .description('Show auth, connectivity, and CLI version diagnostics')\n .action(async function (this: Command) {\n const config = loadConfig();\n const loggedIn = await isAuthenticated();\n const cliLatest = readCachedLatest(pkg.version);\n\n // null means \"not determined\" (never set false just because no credential exists) —\n // it flips to false only on a real 401/403 rejection, avoiding a misleading verdict.\n let tokenValid: boolean | null = null;\n let me: MeResponse | null = null;\n if (loggedIn) {\n try {\n me = await new ApiClient().request<MeResponse>('GET', '/v1/auth/me');\n tokenValid = true;\n } catch (err) {\n if (err instanceof ApiError && (err.status === 401 || err.status === 403)) tokenValid = false;\n }\n }\n\n const snapshot: StatusSnapshot = {\n logged_in: loggedIn,\n token_valid: tokenValid,\n api_url: config.api_url,\n auth_kind: me?.auth_kind ?? null,\n email: me?.email ?? null,\n org_id: me?.org_id ?? null,\n grants: me?.grants_summary ?? null,\n cli: { version: pkg.version, latest: cliLatest },\n };\n\n if (getFormat(this) === 'json') {\n console.log(JSON.stringify(snapshot, null, 2));\n return;\n }\n\n if (!loggedIn) {\n console.log('Not logged in. Run `rekor login`.');\n console.log(`API: ${config.api_url}`);\n if (cliLatest) console.log(`CLI: ${pkg.version} (latest: ${cliLatest} — run \\`rekor update\\`)`);\n return;\n }\n\n const tokenStatus =\n tokenValid === true\n ? 'token valid'\n : tokenValid === false\n ? 'token rejected — run `rekor login` to re-authenticate'\n : 'token validity unknown — backend unreachable';\n console.log(`Logged in${me?.email ? ` as ${me.email}` : ''} — ${tokenStatus}`);\n console.log(`API: ${config.api_url}`);\n if (me?.auth_kind) console.log(`Auth: ${me.auth_kind}`);\n if (me?.org_id) console.log(`Org: ${me.org_id}`);\n if (me?.grants_summary) console.log(`Grants: ${me.grants_summary}`);\n if (cliLatest) console.log(`CLI: ${pkg.version} (latest: ${cliLatest} — run \\`rekor update\\`)`);\n });\n","import { homedir, platform, arch } from 'node:os';\nimport { ApiError } from './errors.js';\n\n// Optional dependency — loaded lazily and only when a DSN is configured.\ntype SentryModule = typeof import('@sentry/node');\n\nlet sentry: SentryModule | null = null;\n\nfunction getDsn(): string | undefined {\n if (process.env['REKOR_TELEMETRY_DISABLED']) return undefined;\n return process.env['REKOR_CLI_SENTRY_DSN'] || undefined;\n}\n\n// Structural subset — keeps scrubHome decoupled from the optional @sentry/node types.\ninterface ScrubbableEvent {\n exception?: {\n values?: Array<{\n value?: string;\n stacktrace?: { frames?: Array<{ filename?: string; abs_path?: string }> };\n }>;\n };\n}\n\n// Redact the home dir wherever it leaks — fs-error messages embed it, not just stack frames.\nexport function scrubHome<T extends ScrubbableEvent>(event: T, home: string): T {\n const root = home.replace(/[\\\\/]+$/, '');\n if (!root) return event;\n const re = new RegExp(root.replace(/[.*+?^${}()|[\\]\\\\]/g, '\\\\$&') + '(?=[\\\\\\\\/]|$)', 'g');\n const scrub = (s: string): string => s.replace(re, '~');\n for (const value of event.exception?.values ?? []) {\n if (value.value) value.value = scrub(value.value);\n for (const frame of value.stacktrace?.frames ?? []) {\n if (frame.filename) frame.filename = scrub(frame.filename);\n if (frame.abs_path) frame.abs_path = scrub(frame.abs_path);\n }\n }\n return event;\n}\n\n/**\n * Initialize crash reporting. No-op unless `REKOR_CLI_SENTRY_DSN` is set and\n * `REKOR_TELEMETRY_DISABLED` is unset. The `@sentry/node` import is guarded so a missing\n * optional dependency degrades to silence rather than crashing.\n */\nexport async function initTelemetry(command: string | undefined, version: string): Promise<void> {\n if (sentry) return;\n const dsn = getDsn();\n if (!dsn) return;\n try {\n const mod = await import('@sentry/node');\n const home = homedir();\n mod.init({\n dsn,\n tracesSampleRate: 0,\n release: `rekor-cli@${version}`,\n environment: 'production',\n defaultIntegrations: false,\n beforeSend: (event) => scrubHome(event, home),\n });\n mod.setTag('command', command || 'unknown');\n mod.setTag('node_version', process.version);\n mod.setTag('os_platform', platform());\n mod.setTag('os_arch', arch());\n sentry = mod;\n } catch {\n sentry = null;\n }\n}\n\n/** Report an unexpected error. Skips when telemetry is off and skips expected (4xx) API errors. */\nexport function captureException(err: unknown): void {\n if (!sentry) return;\n if (err instanceof ApiError && err.isExpected) return;\n try {\n sentry.captureException(err);\n } catch {\n // Best-effort.\n }\n}\n\n/** Flush and close. Safe to call when telemetry was never initialized. */\nexport async function closeTelemetry(): Promise<void> {\n if (!sentry) return;\n try {\n await sentry.close(2000);\n } catch {\n // Best-effort.\n }\n sentry = null;\n}\n","import { program } from './program.js';\nimport { checkForUpdates } from './version-check.js';\nimport { handleCliError } from './errors.js';\nimport { initTelemetry, captureException, closeTelemetry } from './telemetry.js';\nimport pkg from '../package.json' with { type: 'json' };\n\nconst SKIP_UPDATE_CHECK = ['--version', '-v', '--help', '-h', 'help', 'update'];\nconst command = process.argv[2];\n\nasync function main(): Promise<void> {\n await initTelemetry(command, pkg.version);\n await program.parseAsync();\n if (command && !SKIP_UPDATE_CHECK.includes(command)) {\n checkForUpdates(pkg.version);\n }\n}\n\nmain()\n .then(() => closeTelemetry())\n .catch(async (err) => {\n handleCliError(err);\n captureException(err);\n await closeTelemetry();\n process.exit(1);\n });\n"],"mappings":";;;AAAA,SAAS,WAAAA,iBAAe;;;ACAxB,SAAS,eAAe;;;ACAxB,SAAS,cAAc,eAAe,iBAAiB;AACvD,SAAS,YAAY;AACrB,SAAS,eAAe;AAExB,IAAM,aAAa,KAAK,QAAQ,GAAG,WAAW,OAAO;AACrD,IAAM,cAAc,KAAK,YAAY,aAAa;AAIlD,IAAM,kBAAkB;AAcjB,SAAS,aAAqB;AACnC,QAAM,SAAS,QAAQ,IAAI,eAAe;AAE1C,MAAI;AACF,UAAM,MAAM,aAAa,aAAa,OAAO;AAC7C,UAAM,SAAS,KAAK,MAAM,GAAG;AAC7B,WAAO;AAAA,MACL,SAAS,UAAU,OAAO,WAAW;AAAA,MACrC,kBAAkB,OAAO;AAAA,MACzB,QAAQ,OAAO;AAAA,IACjB;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,MACL,SAAS,UAAU;AAAA,IACrB;AAAA,EACF;AACF;AAEO,SAAS,WAAW,QAAsB;AAC/C,YAAU,YAAY,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AACtD,MAAI,WAAuB,CAAC;AAC5B,MAAI;AACF,eAAW,KAAK,MAAM,aAAa,aAAa,OAAO,CAAC;AAAA,EAC1D,QAAQ;AACN,eAAW,CAAC;AAAA,EACd;AACA,QAAM,SAAqB,EAAE,GAAG,UAAU,GAAG,OAAO;AACpD,gBAAc,aAAa,KAAK,UAAU,QAAQ,MAAM,CAAC,GAAG,EAAE,MAAM,IAAM,CAAC;AAC7E;;;ACnDA,YAAY,QAAQ;AAGpB,IAAM,kBAAkB;AACxB,IAAM,UAAU;AAChB,IAAM,mBAAmB;AACzB,IAAM,oBAAoB;AAQ1B,IAAI;AAEJ,eAAe,aAA6C;AAC1D,MAAI,iBAAiB,OAAW,QAAO;AACvC,MAAI;AACF,UAAM,MAAM,MAAM,OAAO,kBAAkB;AAC3C,UAAM,QAAQ,IAAI;AAClB,mBAAe;AAAA,MACb,MAAM,YAAY,SAAS,SAAS;AAClC,YAAI;AAAE,iBAAO,IAAI,MAAM,SAAS,OAAO,EAAE,YAAY;AAAA,QAAG,QAAQ;AAAE,iBAAO;AAAA,QAAM;AAAA,MACjF;AAAA,MACA,MAAM,YAAY,SAAS,SAAS,UAAU;AAC5C,YAAI,MAAM,SAAS,OAAO,EAAE,YAAY,QAAQ;AAAA,MAClD;AAAA,MACA,MAAM,eAAe,SAAS,SAAS;AACrC,YAAI;AAAE,iBAAO,IAAI,MAAM,SAAS,OAAO,EAAE,eAAe;AAAA,QAAG,QAAQ;AAAE,iBAAO;AAAA,QAAO;AAAA,MACrF;AAAA,IACF;AAAA,EACF,QAAQ;AACN,mBAAe;AAAA,EACjB;AACA,SAAO;AACT;AAEA,SAAS,qBAAqB,SAAyB;AACrD,MAAI,QAAQ,aAAa,UAAU;AACjC,WAAO,uCAAuC,eAAe,OAAO,OAAO;AAAA,EAC7E;AACA,MAAI,QAAQ,aAAa,SAAS;AAChC,WAAO,kBAAkB,eAAe,IAAI,OAAO;AAAA,EACrD;AACA,MAAI,QAAQ,aAAa,SAAS;AAChC,WAAO,6BAA6B,eAAe,YAAY,OAAO;AAAA,EACxE;AACA,SAAO,oBAAoB,eAAe,cAAc,OAAO;AACjE;AAaA,SAAS,iBAA0C;AACjD,MAAI,CAAI,cAAW,WAAW,EAAG,QAAO;AACxC,MAAI;AACF,WAAO,KAAK,MAAS,gBAAa,aAAa,OAAO,CAAC;AAAA,EACzD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,gBAAgB,MAA8B;AACrD,MAAI,CAAI,cAAW,UAAU,GAAG;AAC9B,IAAG,aAAU,YAAY,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AAAA,EAC3D;AACA,EAAG,iBAAc,aAAa,KAAK,UAAU,MAAM,MAAM,CAAC,GAAG,EAAE,MAAM,IAAM,CAAC;AAC9E;AAGO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAC/C,YAA4B,SAAiB;AAC3C;AAAA,MACE,iDAAiD,OAAO;AAAA,IAClB,qBAAqB,OAAO,CAAC;AAAA,IACrE;AAJ0B;AAK1B,SAAK,OAAO;AAAA,EACd;AACF;AAEA,eAAe,UAAU,SAAyB,SAAmC;AACnF,QAAM,QAAQ,eAAe,iBAAiB,OAAO;AACrD,MAAI;AACF,WAAQ,MAAM,QAAQ,YAAY,iBAAiB,OAAO,MAAO;AAAA,EACnE,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAMA,SAAS,2BAAiC;AACxC,QAAM,WAAW,eAAe;AAChC,MAAI,CAAC,SAAU;AACf,MAAI,SAAS,UAAU,UAAa,SAAS,iBAAiB,UAAa,SAAS,kBAAkB,OAAW;AACjH,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,kBAAgB,QAAQ;AAC1B;AAEA,SAAS,wBAA4C;AACnD,SAAO,eAAe,GAAG;AAC3B;AAEA,SAAS,uBAAuB,OAAiC;AAC/D,QAAM,WAAW,eAAe,KAAK,CAAC;AACtC,MAAI,UAAU,QAAW;AACvB,WAAO,SAAS;AAAA,EAClB,OAAO;AACL,aAAS,mBAAmB;AAAA,EAC9B;AACA,kBAAgB,QAAQ;AAC1B;AAEA,eAAe,uBAAuB,SAA+D;AACnG,QAAM,WAAW,eAAe;AAChC,MAAI,CAAC,SAAU,QAAO;AAGtB,MAAI,SAAS,cAAc;AACzB,UAAM,MAAqB;AAAA,MACzB,MAAM;AAAA,MACN,cAAc,SAAS;AAAA,MACvB,eAAe,SAAS;AAAA,MACxB,YAAY,SAAS;AAAA,IACvB;AACA,QAAI,SAAS;AACX,UAAI;AAEF,cAAM,iBAAiB,MAAM,QAAQ,YAAY,iBAAiB,gBAAgB;AAClF,YAAI,CAAC,gBAAgB;AACnB,gBAAM,QAAQ,YAAY,iBAAiB,kBAAkB,SAAS,YAAY;AAClF,cAAI,SAAS,eAAe;AAC1B,kBAAM,QAAQ,YAAY,iBAAiB,mBAAmB,SAAS,aAAa;AAAA,UACtF;AAAA,QACF;AACA,YAAI;AAAE,mCAAyB;AAAA,QAAG,SAAS,KAAK;AAC9C,kBAAQ,KAAK,mDAAmD,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,QAC5G;AAAA,MACF,SAAS,KAAK;AACZ,gBAAQ,KAAK,8CAA+C,IAAc,OAAO,iCAAiC;AAAA,MACpH;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,MAAI,SAAS,OAAO;AAClB,UAAM,QAAQ,SAAS;AACvB,QAAI,CAAC,QAAS,QAAO,EAAE,MAAM,OAAO,MAAM;AAC1C,QAAI;AACF,YAAM,cAAc,MAAM,QAAQ,YAAY,iBAAiB,OAAO;AACtE,UAAI,aAAa;AAEf,YAAI;AAAE,mCAAyB;AAAA,QAAG,SAAS,KAAK;AAC9C,kBAAQ,KAAK,2CAA2C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,QACpG;AACA,eAAO;AAAA,MACT;AACA,YAAM,QAAQ,YAAY,iBAAiB,SAAS,KAAK;AACzD,UAAI;AAAE,iCAAyB;AAAA,MAAG,SAAS,KAAK;AAC9C,gBAAQ,KAAK,4CAA4C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,MACrG;AAAA,IACF,SAAS,KAAK;AACZ,cAAQ,KAAK,qCAAsC,IAAc,OAAO,uCAAuC;AAAA,IACjH;AACA,WAAO,EAAE,MAAM,OAAO,MAAM;AAAA,EAC9B;AAEA,SAAO;AACT;AAGA,eAAsB,mBAAkD;AACtE,QAAM,WAAW,QAAQ,IAAI,aAAa;AAC1C,MAAI,UAAU;AAEZ,WAAO,EAAE,MAAM,OAAO,OAAO,SAAS;AAAA,EACxC;AAEA,QAAM,UAAU,MAAM,WAAW;AACjC,QAAM,WAAW,MAAM,uBAAuB,OAAO;AACrD,MAAI,SAAU,QAAO;AAErB,MAAI,SAAS;AAEX,UAAM,CAAC,KAAK,QAAQ,OAAO,IAAI,MAAM,QAAQ,IAAI;AAAA,MAC/C,QAAQ,YAAY,iBAAiB,OAAO;AAAA,MAC5C,QAAQ,YAAY,iBAAiB,gBAAgB;AAAA,MACrD,QAAQ,YAAY,iBAAiB,iBAAiB;AAAA,IACxD,CAAC;AACD,QAAI,IAAK,QAAO,EAAE,MAAM,OAAO,OAAO,IAAI;AAC1C,QAAI,QAAQ;AACV,YAAM,MAAqB,EAAE,MAAM,SAAS,cAAc,OAAO;AACjE,UAAI,QAAS,KAAI,gBAAgB;AACjC,YAAM,YAAY,sBAAsB;AACxC,UAAI,UAAW,KAAI,aAAa;AAChC,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAaA,eAAsB,YAAY,OAA8B;AAC9D,QAAM,UAAU,MAAM,WAAW;AACjC,MAAI,SAAS;AACX,QAAI;AAEF,YAAM,CAAC,eAAe,cAAc,IAAI,MAAM,QAAQ,IAAI;AAAA,QACxD,UAAU,SAAS,gBAAgB;AAAA,QACnC,UAAU,SAAS,iBAAiB;AAAA,MACtC,CAAC;AACD,YAAM,QAAQ;AAAA,QACZ,gBAAgB,OAAO;AAAA,QACvB,iBAAiB,OAAO;AAAA,MAC1B,EAAE,OAAO,CAAC,MAAmB,MAAM,IAAI;AACvC,UAAI,MAAM,SAAS,GAAG;AACpB,gBAAQ;AAAA,UACN;AAAA,YACE;AAAA,YACA,GAAG,MAAM,IAAI,OAAK,KAAK,qBAAqB,CAAC,CAAC,EAAE;AAAA,UAClD,EAAE,KAAK,IAAI;AAAA,QACb;AAAA,MACF;AACA,YAAM,QAAQ,YAAY,iBAAiB,SAAS,KAAK;AACzD,6BAAuB,MAAS;AAChC,UAAI;AAAE,iCAAyB;AAAA,MAAG,SAAS,KAAK;AAC9C,gBAAQ,KAAK,4CAA4C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,MACrG;AACA;AAAA,IACF,SAAS,KAAK;AACZ,UAAI,eAAe,sBAAuB,OAAM;AAChD,cAAQ,KAAK,iCAAkC,IAAc,OAAO,kCAAkC;AAAA,IACxG;AAAA,EACF;AACA,QAAM,WAAW,eAAe,KAAK,CAAC;AACtC,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,SAAO,SAAS;AAChB,WAAS,QAAQ;AACjB,kBAAgB,QAAQ;AAC1B;AAEA,eAAsB,eACpB,aACA,cACA,WACe;AACf,QAAM,UAAU,MAAM,WAAW;AACjC,MAAI,SAAS;AACX,QAAI;AAEF,UAAI,CAAE,MAAM,UAAU,SAAS,OAAO,GAAI;AACxC,cAAM,IAAI,sBAAsB,OAAO;AAAA,MACzC;AACA,YAAM,QAAQ,YAAY,iBAAiB,kBAAkB,WAAW;AACxE,UAAI,cAAc;AAChB,cAAM,QAAQ,YAAY,iBAAiB,mBAAmB,YAAY;AAAA,MAC5E,OAAO;AAEL,cAAM,UAAU,SAAS,iBAAiB;AAAA,MAC5C;AACA,6BAAuB,SAAS;AAChC,UAAI;AAAE,iCAAyB;AAAA,MAAG,SAAS,KAAK;AAC9C,gBAAQ,KAAK,4CAA4C,WAAW,KAAM,IAAc,OAAO,IAAI;AAAA,MACrG;AACA;AAAA,IACF,SAAS,KAAK;AAEZ,UAAI,eAAe,sBAAuB,OAAM;AAChD,cAAQ,KAAK,iCAAkC,IAAc,OAAO,kCAAkC;AAAA,IACxG;AAAA,EACF;AACA,QAAM,WAAW,eAAe,KAAK,CAAC;AACtC,SAAO,SAAS;AAChB,WAAS,eAAe;AACxB,MAAI,aAAc,UAAS,gBAAgB;AAC3C,WAAS,mBAAmB;AAC5B,kBAAgB,QAAQ;AAC1B;AAMA,eAAsB,iBAAgC;AACpD,QAAM,UAAU,MAAM,WAAW;AACjC,MAAI,SAAS;AACX,UAAM,QAAQ,CAAC,SAAS,kBAAkB,iBAAiB;AAC3D,UAAM,UAAU,MAAM,QAAQ,IAAI,MAAM,IAAI,OAAK,UAAU,SAAS,CAAC,CAAC,CAAC;AACvE,eAAW,CAAC,GAAG,EAAE,KAAK,QAAQ,QAAQ,GAAG;AACvC,UAAI,CAAC,IAAI;AACP,cAAM,UAAU,MAAM,CAAC;AACvB,gBAAQ;AAAA,UACN,yCAAyC,OAAO;AAAA,IAAuE,qBAAqB,OAAO,CAAC;AAAA,QACtJ;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,QAAM,WAAW,eAAe;AAChC,MAAI,UAAU;AACZ,QAAI,QAAQ;AACZ,eAAW,KAAK,CAAC,SAAS,gBAAgB,iBAAiB,kBAAkB,GAAY;AACvF,UAAI,SAAS,CAAC,MAAM,QAAW;AAC7B,eAAO,SAAS,CAAC;AACjB,gBAAQ;AAAA,MACV;AAAA,IACF;AACA,QAAI,MAAO,iBAAgB,QAAQ;AAAA,EACrC;AACF;;;AC7UA,YAAY,UAAU;AAGf,IAAM,sBAAsB;AAEnC,IAAM,yBAAyB;AAC/B,IAAM,4BAA4B;AAE3B,SAAS,mBAA2B;AACzC,SAAO,QAAQ,IAAI,sBAAsB,KAAK;AAChD;AAEO,SAAS,qBAA6B;AAC3C,SAAO,QAAQ,IAAI,yBAAyB,KAAK;AACnD;AAQO,SAAS,eAAe,kBAAkC;AAC/D,SAAO,IAAI,KAAK,KAAK,IAAI,IAAI,mBAAmB,GAAI,EAAE,YAAY;AACpE;AAMO,SAAS,2BAA2B,cAAiD;AAC1F,MAAI,aAAc,QAAO;AACzB,SACE;AAIJ;AAEA,SAAS,gBAAgB,OAA+B;AACtD,MAAI,OAAO,UAAU,YAAY,UAAU,MAAM;AAC/C,UAAM,IAAI,MAAM,6CAA6C;AAAA,EAC/D;AACA,QAAM,IAAI;AACV,MAAI,OAAO,EAAE,iBAAiB,YAAY,OAAO,EAAE,eAAe,UAAU;AAC1E,UAAM,IAAI,MAAM,+CAA+C;AAAA,EACjE;AACA,QAAM,MAAqB,EAAE,cAAc,EAAE,cAAc,YAAY,EAAE,WAAW;AACpF,MAAI,OAAO,EAAE,kBAAkB,SAAU,KAAI,gBAAgB,EAAE;AAC/D,SAAO;AACT;AAEA,eAAsB,sBACpB,eACA,UACA,MACA,cACA,aACwB;AACxB,QAAM,WAAW,MAAM,MAAM,GAAG,aAAa,iBAAiB;AAAA,IAC5D,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,IAC/D,MAAM,IAAI,gBAAgB;AAAA,MACxB,YAAY;AAAA,MACZ;AAAA,MACA,eAAe;AAAA,MACf,cAAc;AAAA,MACd,WAAW;AAAA,IACb,CAAC,EAAE,SAAS;AAAA,EACd,CAAC;AAED,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,UAAM,IAAI,MAAM,0BAA0B,SAAS,MAAM,MAAM,IAAI,EAAE;AAAA,EACvE;AAEA,SAAO,gBAAgB,MAAM,SAAS,KAAK,CAAC;AAC9C;AAEO,IAAM,sBAAN,cAAkC,MAAM;AAAA,EAC7C,cAAc;AACZ,UAAM,iBAAiB;AACvB,SAAK,OAAO;AAAA,EACd;AACF;AAEA,eAAsB,mBACpB,eACA,UACA,cACwB;AACxB,QAAM,WAAW,MAAM,MAAM,GAAG,aAAa,iBAAiB;AAAA,IAC5D,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,IAC/D,MAAM,IAAI,gBAAgB;AAAA,MACxB,YAAY;AAAA,MACZ,eAAe;AAAA,MACf,WAAW;AAAA,IACb,CAAC,EAAE,SAAS;AAAA,EACd,CAAC;AAED,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,SAAS,SAAS;AACxB,UAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,QAAI,WAAW,OAAO,WAAW,KAAK;AACpC,UAAI;AACF,cAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,YAAI,OAAO,UAAU,gBAAiB,OAAM,IAAI,oBAAoB;AAAA,MACtE,SAAS,KAAK;AACZ,YAAI,eAAe,oBAAqB,OAAM;AAAA,MAEhD;AAAA,IACF;AAEA,UAAM,IAAI,MAAM,yBAAyB,MAAM,MAAM,IAAI,EAAE;AAAA,EAC7D;AAEA,SAAO,gBAAgB,MAAM,SAAS,KAAK,CAAC;AAC9C;AAEO,SAAS,oBACd,MACA,eACA,YAAoB,MACO;AAC3B,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,QAAI,UAAU;AACd,UAAM,SAAc,kBAAa,CAAC,KAAK,QAAQ;AAC7C,YAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,oBAAoB,IAAI,EAAE;AAC9D,UAAI,IAAI,aAAa,aAAa;AAChC,YAAI,UAAU,GAAG;AACjB,YAAI,IAAI;AACR;AAAA,MACF;AAEA,UAAI,SAAS;AACX,YAAI,UAAU,GAAG;AACjB,YAAI,IAAI;AACR;AAAA,MACF;AAEA,YAAM,OAAO,IAAI,aAAa,IAAI,MAAM;AACxC,YAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,YAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,YAAM,mBAAmB,IAAI,aAAa,IAAI,mBAAmB;AAEjE,UAAI,OAAO;AACT,kBAAU;AACV,YAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,YAAI,IAAI,UAAU,oBAAoB,KAAK,CAAC;AAC5C,gBAAQ;AACR,eAAO,IAAI,MAAM,gBAAgB,oBAAoB,KAAK,EAAE,CAAC;AAC7D;AAAA,MACF;AAEA,UAAI,UAAU,eAAe;AAC3B,kBAAU;AACV,YAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,YAAI,IAAI,UAAU,yBAAyB,CAAC;AAC5C,gBAAQ;AACR,eAAO,IAAI,MAAM,mDAA8C,CAAC;AAChE;AAAA,MACF;AAEA,UAAI,CAAC,MAAM;AACT,kBAAU;AACV,YAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,YAAI,IAAI,UAAU,gCAAgC,CAAC;AACnD,gBAAQ;AACR,eAAO,IAAI,MAAM,gCAAgC,CAAC;AAClD;AAAA,MACF;AAEA,gBAAU;AACV,UAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,UAAI,IAAI,YAAY,CAAC;AACrB,cAAQ;AACR,cAAQ,EAAE,KAAK,CAAC;AAAA,IAClB,CAAC;AAED,UAAM,UAAU,WAAW,MAAM;AAC/B,cAAQ;AACR,aAAO,IAAI,MAAM,uDAAuD,CAAC;AAAA,IAC3E,GAAG,SAAS;AAEZ,aAAS,UAAgB;AACvB,mBAAa,OAAO;AACpB,aAAO,MAAM;AAAA,IACf;AAEA,WAAO,GAAG,SAAS,CAAC,QAA+B;AACjD,cAAQ;AACR,UAAI,IAAI,SAAS,cAAc;AAC7B,eAAO,IAAI,MAAM,QAAQ,IAAI,gDAAgD,CAAC;AAAA,MAChF,OAAO;AACL,eAAO,GAAG;AAAA,MACZ;AAAA,IACF,CAAC;AAED,WAAO,OAAO,MAAM,WAAW;AAAA,EACjC,CAAC;AACH;AAEA,SAAS,cAAsB;AAC7B,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAQT;AAGA,SAAS,WAAW,OAAuB;AACzC,SAAO,MACJ,QAAQ,MAAM,OAAO,EACrB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,QAAQ,EACtB,QAAQ,MAAM,OAAO;AAC1B;AAEA,SAAS,UAAU,SAAyB;AAC1C,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA,kDAKyC,WAAW,OAAO,CAAC;AAAA;AAAA;AAGrE;;;ACrOA,eAAsB,MAAM,OAAe,QAAgC;AACzE,QAAM,YAAY,KAAK;AACvB,QAAM,SAAS,WAAW;AAC1B,aAAW;AAAA,IACT,GAAG;AAAA,IACH,SAAS,UAAU,OAAO;AAAA,EAC5B,CAAC;AACH;AAEA,IAAM,oBAAoB;AAG1B,eAAsB,iBAAyC;AAC7D,QAAM,WAAW,MAAM,iBAAiB;AACxC,MAAI,CAAC,SAAU,QAAO;AAEtB,MAAI,SAAS,SAAS,MAAO,QAAO,SAAS;AAG7C,QAAM,cAAc,SAAS,aAAa,IAAI,KAAK,SAAS,UAAU,EAAE,QAAQ,IAAI,OAAO;AAC3F,MAAI,CAAC,OAAO,SAAS,WAAW,KAAK,cAAc,KAAK,IAAI,IAAI,mBAAmB;AACjF,WAAO,SAAS;AAAA,EAClB;AACA,MAAI,CAAC,SAAS,eAAe;AAC3B,UAAM,IAAI,MAAM,+EAA+E;AAAA,EACjG;AAEA,MAAI;AACF,UAAM,SAAS,MAAM,mBAAmB,iBAAiB,GAAG,mBAAmB,GAAG,SAAS,aAAa;AACxG,UAAM,eAAe,eAAe,OAAO,UAAU;AACrD,UAAM,eAAe,OAAO,cAAc,OAAO,iBAAiB,SAAS,eAAe,YAAY;AACtG,WAAO,OAAO;AAAA,EAChB,SAAS,KAAK;AACZ,QAAI,eAAe,qBAAqB;AACtC,YAAM,eAAe;AACrB,YAAM,IAAI,MAAM,2CAA2C;AAAA,IAC7D;AACA,UAAM;AAAA,EACR;AACF;AAGA,eAAsB,kBAAyD;AAC7E,QAAM,WAAW,MAAM,iBAAiB;AACxC,SAAO,UAAU,QAAQ;AAC3B;AAEA,eAAsB,kBAAoC;AACxD,SAAQ,MAAM,iBAAiB,MAAO;AACxC;;;ACtDA,YAAY,YAAY;AAEjB,SAAS,uBAA+B;AAC7C,SAAc,mBAAY,EAAE,EAAE,SAAS,WAAW;AACpD;AAEO,SAAS,sBAAsB,UAA0B;AAC9D,SAAc,kBAAW,QAAQ,EAAE,OAAO,QAAQ,EAAE,OAAO,EAAE,SAAS,WAAW;AACnF;AAEO,SAAS,gBAAwB;AACtC,SAAc,mBAAY,EAAE,EAAE,SAAS,WAAW;AACpD;;;ACVO,SAAS,OAAgB;AAC9B,SAAO,QAAQ,QAAQ,IAAI,IAAI,CAAC;AAClC;AAGO,SAAS,gBAAyB;AACvC,SAAO,QAAQ,QAAQ,MAAM,SAAS,QAAQ,OAAO,KAAK;AAC5D;AAGO,SAAS,QAAiB;AAC/B,SAAO,QAAQ,QAAQ,IAAI,gBAAgB,KAAK,QAAQ,IAAI,SAAS,CAAC;AACxE;;;ANMA,IAAM,wBAAwB;AAEvB,IAAM,eAAe,IAAI,QAAQ,OAAO,EAC5C,YAAY,yBAAyB,EACrC,OAAO,mBAAmB,kDAAkD,EAC5E,OAAO,mBAAmB,cAAc,EACxC,OAAO,OAAO,SAA8C;AAC3D,MAAI,KAAK,OAAO;AACd,UAAM,MAAM,KAAK,OAAO,KAAK,MAAM;AACnC,YAAQ,IAAI,4BAA4B;AACxC;AAAA,EACF;AAIA,QAAM,iBAAiB,KAAK,MAAM;AAClC,UAAQ,IAAI,4BAA4B;AAC1C,CAAC;AAEH,eAAe,iBAAiB,QAAgC;AAC9D,QAAM,eAAe,qBAAqB;AAC1C,QAAM,gBAAgB,sBAAsB,YAAY;AACxD,QAAM,QAAQ,cAAc;AAE5B,QAAM,OAAO;AACb,QAAM,cAAc,oBAAoB,IAAI;AAE5C,QAAM,gBAAgB,iBAAiB;AACvC,QAAM,WAAW,mBAAmB;AAEpC,QAAM,eAAe,IAAI,IAAI,GAAG,aAAa,mBAAmB;AAChE,eAAa,aAAa,IAAI,aAAa,QAAQ;AACnD,eAAa,aAAa,IAAI,gBAAgB,WAAW;AACzD,eAAa,aAAa,IAAI,iBAAiB,MAAM;AACrD,eAAa,aAAa,IAAI,kBAAkB,aAAa;AAC7D,eAAa,aAAa,IAAI,yBAAyB,MAAM;AAC7D,eAAa,aAAa,IAAI,SAAS,KAAK;AAG5C,eAAa,aAAa,IAAI,SAAS,qCAAqC;AAG5E,QAAM,kBAAkB,oBAAoB,MAAM,KAAK;AAEvD,MAAI;AACJ,MAAI,MAAM,GAAG;AAEX,YAAQ,IAAI,mEAAmE;AAC/E,YAAQ,IAAI,aAAa,SAAS,CAAC;AAAA,EACrC,OAAO;AACL,YAAQ,IAAI,uCAAuC;AACnD,UAAM,OAAO,MAAM,OAAO,MAAM,EAAE,KAAK,OAAK,EAAE,OAAO;AAGrD,QAAI,kBAAkB;AACtB,oBAAgB,WAAW,MAAM;AAC/B,wBAAkB;AAClB,cAAQ,IAAI,sCAAsC,aAAa,SAAS,CAAC,EAAE;AAAA,IAC7E,GAAG,qBAAqB;AAExB,SAAK,aAAa,SAAS,CAAC,EAAE,MAAM,MAAM;AACxC,UAAI,gBAAiB;AACrB,mBAAa,aAAa;AAC1B,cAAQ,IAAI,uCAAuC;AACnD,cAAQ,IAAI,UAAU,aAAa,SAAS,CAAC,EAAE;AAAA,IACjD,CAAC;AAAA,EACH;AAEA,MAAI;AACJ,MAAI;AACF,KAAC,EAAE,KAAK,IAAI,MAAM;AAAA,EACpB,UAAE;AACA,QAAI,cAAe,cAAa,aAAa;AAAA,EAC/C;AAEA,QAAM,SAAS,MAAM,sBAAsB,eAAe,UAAU,MAAM,cAAc,WAAW;AACnG,QAAM,YAAY,eAAe,OAAO,UAAU;AAClD,QAAM,eAAe,OAAO,cAAc,OAAO,eAAe,SAAS;AAEzE,QAAM,mBAAmB,2BAA2B,OAAO,aAAa;AACxE,MAAI,iBAAkB,SAAQ,KAAK,gBAAgB;AAEnD,QAAM,SAAS,WAAW;AAC1B,aAAW;AAAA,IACT,GAAG;AAAA,IACH,SAAS,UAAU,OAAO;AAAA,EAC5B,CAAC;AACH;;;AO3GA,SAAS,WAAAC,gBAAe;;;ACCjB,IAAM,WAAN,cAAuB,MAAM;AAAA,EAClC,YACkB,QAChB,SACgB,MACA,MAEA,SAChB;AACA,UAAM,OAAO;AAPG;AAEA;AACA;AAEA;AAGhB,SAAK,OAAO;AAAA,EACd;AAAA;AAAA,EAGA,IAAI,aAAsB;AACxB,WAAO,KAAK,UAAU,OAAO,KAAK,SAAS;AAAA,EAC7C;AACF;AAUA,SAAS,eAAe,KAAmD;AACzE,QAAM,UAAW,IAAI,MAAwD,OAAO;AACpF,MAAI,WAAW,OAAO,YAAY,YAAa,QAAiC,WAAW,sBAAsB;AAC/G,UAAM,WAAY,QAA0C;AAC5D,WAAO,EAAE,gBAAgB,OAAO,aAAa,WAAW,WAAW,OAAU;AAAA,EAC/E;AACA,MAAI,+CAA+C,KAAK,IAAI,OAAO,EAAG,QAAO,CAAC;AAC9E,SAAO;AACT;AAGO,SAAS,aAAa,KAA6B;AACxD,MAAI,EAAE,eAAe,UAAW,QAAO;AACvC,UAAQ,IAAI,QAAQ;AAAA,IAClB,KAAK,KAAK;AACR,YAAM,KAAK,IAAI,UAAU,OAAO,IAAI,OAAO,KAAK;AAChD,YAAM,WAAW,eAAe,GAAG;AACnC,UAAI,UAAU;AACZ,cAAM,SAAS,SAAS,iBAAiB,0BAA0B,SAAS,cAAc,MAAM;AAChG,eACE,cAAc,EAAE,yHAC2B,MAAM;AAAA,MAGrD;AACA,aAAO,2CAA2C,EAAE;AAAA,IACtD;AAAA,IACA,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT;AACE,UAAI,IAAI,UAAU,IAAK,QAAO;AAC9B,aAAO;AAAA,EACX;AACF;AAGO,SAAS,eAAe,KAAoB;AACjD,QAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,UAAQ,MAAM,UAAU,OAAO,EAAE;AACjC,QAAM,OAAO,aAAa,GAAG;AAC7B,MAAI,KAAM,SAAQ,MAAM,IAAI;AAC9B;;;ACrEO,IAAM,YAAN,MAAgB;AAAA,EACZ;AAAA,EACD;AAAA,EAER,cAAc;AACZ,UAAM,SAAS,WAAW;AAC1B,SAAK,UAAU,OAAO;AAAA,EACxB;AAAA,EAEQ,WAAmC;AACzC,QAAI,CAAC,KAAK,cAAe,MAAK,gBAAgB,eAAe;AAC7D,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAc,cAA+C;AAC3D,UAAM,QAAQ,MAAM,KAAK,SAAS;AAClC,WAAO,QAAQ,EAAE,iBAAiB,UAAU,KAAK,GAAG,IAAI,CAAC;AAAA,EAC3D;AAAA,EAEA,MAAM,QAAqB,QAAgB,MAAc,MAA4B;AACnF,UAAM,MAAM,MAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI,IAAI;AAAA,MAChD;AAAA,MACA,SAAS;AAAA,QACP,GAAI,MAAM,KAAK,YAAY;AAAA,QAC3B,gBAAgB;AAAA,MAClB;AAAA,MACA,MAAM,OAAO,KAAK,UAAU,IAAI,IAAI;AAAA,IACtC,CAAC;AAID,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,QAAI;AACJ,QAAI,MAAM;AACR,UAAI;AACF,iBAAS,KAAK,MAAM,IAAI;AAAA,MAC1B,QAAQ;AACN,iBAAS;AAAA,MACX;AAAA,IACF;AAEA,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,IAAI;AAAA,QACR,IAAI;AAAA,QACJ,QAAQ,OAAO,WAAW,QAAQ,IAAI,MAAM;AAAA,QAC5C,QAAQ,OAAO;AAAA,QACf;AAAA,QACA,KAAK;AAAA,MACP;AAAA,IACF;AACA,WAAO,QAAQ;AAAA,EACjB;AAAA,EAEA,MAAM,WAAW,KAAa,MAAgB,aAAoC;AAChF,UAAM,MAAM,MAAM,MAAM,KAAK;AAAA,MAC3B,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,GAAI,MAAM,KAAK,YAAY;AAAA,QAC3B,gBAAgB;AAAA,MAClB;AAAA,MACA;AAAA,IACF,CAAC;AACD,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,IAAI,SAAS,IAAI,QAAQ,uBAAuB,IAAI,MAAM,EAAE;AAAA,IACpE;AAAA,EACF;AACF;;;AFjEO,IAAM,gBAAgB,IAAIC,SAAQ,QAAQ,EAC9C,YAAY,0CAA0C,EACtD,OAAO,YAAY;AAClB,QAAM,OAAO,MAAM,gBAAgB;AAInC,MAAI,SAAS,SAAS;AACpB,QAAI;AACF,YAAM,SAAS,IAAI,UAAU;AAC7B,YAAM,OAAO,QAAQ,QAAQ,iBAAiB;AAAA,IAChD,SAAS,KAAK;AACZ,cAAQ,KAAK,qCAAqC,eAAe,QAAQ,IAAI,UAAU,SAAS,uCAAuC;AAAA,IACzI;AAAA,EACF;AAEA,QAAM,eAAe;AACrB,UAAQ,IAAI,yBAAyB;AACvC,CAAC;;;AGvBH,SAAS,WAAAC,gBAAe;;;ACAxB,OAAO,WAAW;AAClB,OAAO,WAAW;AAIX,SAAS,aAAa,MAAe,QAA8B;AACxE,MAAI,WAAW,QAAQ;AACrB,WAAO,KAAK,UAAU,MAAM,MAAM,CAAC;AAAA,EACrC;AAEA,MAAI,MAAM,QAAQ,IAAI,GAAG;AACvB,WAAO,YAAY,IAAiC;AAAA,EACtD;AAEA,MAAI,OAAO,SAAS,YAAY,SAAS,MAAM;AAC7C,WAAO,eAAe,IAA+B;AAAA,EACvD;AAEA,SAAO,OAAO,IAAI;AACpB;AAEA,SAAS,YAAY,MAAyC;AAC5D,MAAI,KAAK,WAAW,EAAG,QAAO,MAAM,IAAI,YAAY;AAEpD,QAAM,OAAO,OAAO,KAAK,KAAK,CAAC,CAAE;AACjC,QAAM,QAAQ,IAAI,MAAM,EAAE,MAAM,KAAK,IAAI,OAAK,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;AAE9D,aAAW,OAAO,MAAM;AACtB,UAAM,KAAK,KAAK,IAAI,OAAK;AACvB,YAAM,MAAM,IAAI,CAAC;AACjB,UAAI,QAAQ,QAAQ,QAAQ,OAAW,QAAO;AAC9C,UAAI,OAAO,QAAQ,SAAU,QAAO,KAAK,UAAU,GAAG;AACtD,aAAO,OAAO,GAAG;AAAA,IACnB,CAAC,CAAC;AAAA,EACJ;AAEA,SAAO,MAAM,SAAS;AACxB;AAEA,SAAS,eAAe,KAAsC;AAC5D,QAAM,QAAQ,IAAI,MAAM;AACxB,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,GAAG,GAAG;AAC9C,UAAM,eAAe,OAAO,UAAU,WAAW,KAAK,UAAU,KAAK,IAAI,OAAO,SAAS,EAAE;AAC3F,UAAM,KAAK,EAAE,CAAC,MAAM,KAAK,GAAG,CAAC,GAAG,aAAa,CAAC;AAAA,EAChD;AACA,SAAO,MAAM,SAAS;AACxB;;;AC9CA,SAAS,gBAAAC,qBAAoB;AAItB,SAAS,UAAU,MAAuC;AAC/D,MAAI,KAAK,WAAW,GAAG,GAAG;AACxB,UAAM,UAAUA,cAAa,KAAK,MAAM,CAAC,GAAG,OAAO;AACnD,WAAO,KAAK,MAAM,OAAO;AAAA,EAC3B;AACA,SAAO,KAAK,MAAM,IAAI;AACxB;AAEO,SAAS,YAAY,KAAsB;AAEhD,MAAI,UAA0B;AAC9B,SAAO,SAAS;AACd,UAAM,KAAK,QAAQ,KAAK,EAAE;AAC1B,QAAI,GAAI,QAAO;AACf,cAAU,QAAQ;AAAA,EACpB;AACA,UAAQ,MAAM,+BAA+B;AAC7C,SAAO,QAAQ,KAAK,CAAC;AACvB;AAEO,SAAS,UAAU,KAA4B;AAOpD,MAAI,OAAgB;AACpB,SAAO,KAAK,OAAQ,QAAO,KAAK;AAChC,QAAM,OAAO,KAAK,KAAK;AAGvB,SAAO,KAAK,QAAQ,KAAK,WAAW,SAAS,SAAS;AACxD;;;ACrCA,YAAY,cAAc;AAQnB,SAAS,QAAQ,UAAkB,OAAiC,CAAC,GAAqB;AAC/F,MAAI,CAAC,cAAc,EAAG,QAAO,QAAQ,QAAQ,IAAI;AAEjD,QAAM,SAAS,KAAK,aAAa,UAAU;AAC3C,QAAM,KAAc,yBAAgB,EAAE,OAAO,QAAQ,OAAO,QAAQ,QAAQ,OAAO,CAAC;AACpF,SAAO,IAAI,QAAQ,CAAC,YAAY;AAC9B,OAAG,SAAS,GAAG,QAAQ,IAAI,MAAM,MAAM,CAAC,WAAW;AACjD,SAAG,MAAM;AACT,YAAM,IAAI,OAAO,KAAK,EAAE,YAAY;AACpC,UAAI,MAAM,GAAI,QAAO,QAAQ,QAAQ,KAAK,UAAU,CAAC;AACrD,cAAQ,MAAM,OAAO,MAAM,KAAK;AAAA,IAClC,CAAC;AAAA,EACH,CAAC;AACH;;;AHfO,IAAM,mBAAmB,IAAIC,SAAQ,WAAW,EACpD,YAAY,kBAAkB;AAEjC,iBAAiB,QAAQ,MAAM,EAC5B,YAAY,oBAAoB,EAChC,OAAO,eAAe,eAAe,EACrC,OAAO,eAA+B,MAAwB;AAC7D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,KAAK,KAAK,MAAM,QAAQ,mBAAmB,KAAK,GAAG,CAAC,KAAK;AAC/D,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,gBAAgB,EAAE,EAAE;AAC7D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,UAAU,EAChC,YAAY,gBAAgB,EAC5B,OAAO,eAA+B,IAAY;AACjD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,iBAAiB,EAAE,EAAE;AAC9D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,aAAa,EACnC,YAAY,mBAAmB,EAC/B,eAAe,iBAAiB,eAAe,EAC/C,OAAO,wBAAwB,aAAa,EAC5C,OAAO,iBAAiB,kDAAkD,EAC1E,OAAO,eAA+B,IAAY,MAA6D;AAC9G,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC;AAAA,IACpC,MAAM,KAAK;AAAA,IACX,aAAa,KAAK;AAAA,EACpB;AACA,MAAI,KAAK,MAAM;AACb,SAAK,MAAM,IAAI,KAAK,KAAK,MAAM,GAAG,EAAE,IAAI,OAAK,EAAE,KAAK,CAAC;AAAA,EACvD;AACA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,iBAAiB,EAAE,IAAI,IAAI;AACpE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,UAAU,EAChC,YAAY,wBAAwB,EACpC,eAAe,iBAAiB,kDAAkD,EAClF,OAAO,eAA+B,IAAY,MAAwB;AACzE,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,iBAAiB,EAAE,IAAI;AAAA,IAC9D,MAAM,KAAK,KAAK,MAAM,GAAG,EAAE,IAAI,OAAK,EAAE,KAAK,CAAC;AAAA,EAC9C,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,aAAa,EACnC,YAAY,mBAAmB,EAC/B,OAAO,aAAa,0BAA0B,EAC9C,OAAO,OAAO,IAAY,SAA4B;AACrD,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,oBAAoB,EAAE,2BAA2B,GAAI;AACpF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,iBAAiB,EAAE,EAAE;AACpD,UAAQ,IAAI,SAAS;AACvB,CAAC;AAIH,iBAAiB,QAAQ,gCAAgC,EACtD,YAAY,2DAA2D,EACvE,eAAe,iBAAiB,uBAAuB,EACvD,OAAO,wBAAwB,aAAa,EAC5C,OAAO,eAA+B,cAAsB,MAA8C;AACzG,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,YAAY,YAAY;AAAA,IACvE,MAAM,KAAK;AAAA,IACX,aAAa,KAAK;AAAA,EACpB,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,+BAA+B,EACrD,YAAY,kDAAkD,EAC9D,OAAO,eAA+B,cAAsB;AAC3D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,YAAY,WAAW;AACvE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,yBAAyB,EAC/C,YAAY,mEAAmE,EAC/E,eAAe,uBAAuB,4BAA4B,EAClE,OAAO,aAAa,yCAAyC,EAC7D,OAAO,uBAAuB,6CAA6C,CAAC,MAAc,EAAE,MAAM,GAAG,CAAC,EACtG,OAAO,oBAAoB,0CAA0C,CAAC,MAAc,EAAE,MAAM,GAAG,CAAC,EAChG,OAAO,iBAAiB,uCAAuC,CAAC,MAAc,EAAE,MAAM,GAAG,CAAC,EAC1F,OAAO,eAEN,cACA,MACA;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,YAAY,YAAY;AAAA,IACvE,oBAAoB,KAAK;AAAA,IACzB,SAAS,KAAK,UAAU;AAAA,IACxB,aAAa,KAAK;AAAA,IAClB,UAAU,KAAK;AAAA,IACf,OAAO,KAAK;AAAA,EACd,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,0BAA0B,EAChD,YAAY,mCAAmC,EAC/C,eAAe,8BAA8B,0BAA0B,EACvE,OAAO,eAA+B,cAAsB,MAA6B;AACxF,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,YAAY,qBAAqB;AAAA,IAChF,cAAc,KAAK;AAAA,EACrB,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,4BAA4B,EAClD,YAAY,kDAAkD,EAC9D,OAAO,eAA+B,cAAsB;AAC3D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,YAAY,aAAa;AACzE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;AIpIH,SAAS,WAAAC,gBAAe;AAMjB,IAAM,qBAAqB,IAAIC,SAAQ,aAAa,EACxD,YAAY,oBAAoB;AAEnC,mBAAmB,QAAQ,MAAM,EAC9B,YAAY,oCAAoC,EAChD,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc;AAChE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,UAAU,EAClC,YAAY,kBAAkB,EAC9B,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,gBAAgB,EAAE,EAAE;AACtE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,aAAa,EACrC,YAAY,+BAA+B,EAC3C,eAAe,iBAAiB,iBAAiB,EACjD,OAAO,wBAAwB,aAAa,EAC5C,OAAO,mBAAmB,wCAAwC,EAClE,OAAO,iBAAiB,WAAW,EACnC,OAAO,mBAAmB,WAAW,EACrC,OAAO,oBAAoB,oDAAoD,EAC/E,OAAO,eAA+B,IAAY,MAAgH;AACjK,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,MAAM,KAAK,KAAK;AACxD,MAAI,KAAK,YAAa,MAAK,aAAa,IAAI,KAAK;AACjD,MAAI,KAAK,OAAQ,MAAK,aAAa,IAAI,UAAU,KAAK,MAAM;AAC5D,MAAI,KAAK,KAAM,MAAK,MAAM,IAAI,KAAK;AACnC,MAAI,KAAK,MAAO,MAAK,OAAO,IAAI,KAAK;AACrC,MAAI,KAAK,QAAS,MAAK,SAAS,IAAI,UAAU,KAAK,OAAO;AAC1D,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,gBAAgB,EAAE,IAAI,IAAI;AAC5E,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,aAAa,EACrC,YAAY,qBAAqB,EACjC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,IAAY,MAAyB;AAC1E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,sBAAsB,EAAE,2BAA2B,GAAI;AACtF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,gBAAgB,EAAE,EAAE;AAC5D,UAAQ,IAAI,SAAS;AACvB,CAAC;;;AC5DH,SAAS,WAAAC,gBAAe;AAMjB,IAAM,mBAAmB,IAAIC,SAAQ,WAAW,EACpD,YAAY,kBAAkB;AAEjC,iBAAiB,QAAQ,qBAAqB,EAC3C,YAAY,6BAA6B,EACzC,eAAe,iBAAiB,wCAAwC,EACxE,OAAO,aAAa,wDAAwD,EAC5E,OAAO,sBAAsB,kDAAkD,EAC/E,OAAO,8BAA8B,6CAA6C,EAClF,OAAO,eAA+B,YAAoB,MAAmF;AAC5I,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,MAAM,UAAU,KAAK,IAAI,EAAE;AACnE,MAAI,KAAK,WAAY,MAAK,aAAa,IAAI,KAAK;AAChD,MAAI,KAAK,eAAgB,MAAK,iBAAiB,IAAI,KAAK;AACxD,QAAM,OAAO,KAAK,KACd,OAAO,EAAE,cAAc,UAAU,IAAI,KAAK,EAAE,KAC5C,OAAO,EAAE,cAAc,UAAU;AACrC,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,MAAM,IAAI;AACnD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,oBAAoB,EAC1C,YAAY,4EAA4E,EACxF,OAAO,mBAAmB,iGAAiG,EAC3H,OAAO,iBAAiB,iGAAiG,EACzH,OAAO,mBAAmB,kCAAkC,EAC5D,OAAO,eAAe,aAAa,EACnC,OAAO,gBAAgB,mBAAmB,EAC1C,OAAO,eAA+B,YAAoB,MAA4F;AACrJ,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,KAAK,IAAI,gBAAgB;AAC/B,MAAI,KAAK,OAAQ,IAAG,IAAI,UAAU,KAAK,UAAU,UAAU,KAAK,MAAM,CAAC,CAAC;AACxE,MAAI,KAAK,KAAM,IAAG,IAAI,QAAQ,KAAK,UAAU,UAAU,KAAK,IAAI,CAAC,CAAC;AAClE,MAAI,KAAK,OAAQ,IAAG,IAAI,UAAU,KAAK,MAAM;AAC7C,MAAI,KAAK,MAAO,IAAG,IAAI,SAAS,KAAK,KAAK;AAC1C,MAAI,KAAK,OAAQ,IAAG,IAAI,UAAU,KAAK,MAAM;AAC7C,QAAM,IAAI,GAAG,SAAS;AACtB,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,UAAU,GAAG,IAAI,IAAI,CAAC,KAAK,EAAE,EAAE;AAC/F,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,uBAAuB,EAC7C,YAAY,sBAAsB,EAClC,OAAO,eAA+B,YAAoB,IAAY;AACrE,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,EAAE;AAClF,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,0BAA0B,EAChD,YAAY,mBAAmB,EAC/B,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,YAAoB,IAAY,MAAyB;AAC9F,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,mBAAmB,UAAU,IAAI,EAAE,0BAA0B,GAAI;AAChG,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,EAAE;AACxE,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACtEH,SAAS,WAAAC,gBAAe;AACxB,SAAS,gBAAAC,qBAAoB;AAKtB,IAAM,aAAa,IAAIC,SAAQ,KAAK,EACxC,YAAY,qDAAqD,EACjE,SAAS,WAAW,yBAAyB,EAC7C,OAAO,iBAAiB,0CAA0C,EAClE,OAAO,mBAAmB,mEAAmE,EAC7F,OAAO,eAA+B,UAA8B,MAA2C;AAC9G,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAE7B,MAAI;AACJ,MAAI,KAAK,MAAM;AACb,YAAQC,cAAa,KAAK,MAAM,OAAO,EAAE,KAAK;AAAA,EAChD,WAAW,UAAU;AACnB,YAAQ;AAAA,EACV,OAAO;AACL,YAAQ,MAAM,sDAAsD;AACpE,YAAQ,KAAK,CAAC;AAAA,EAChB;AAEA,QAAM,SAAkC,CAAC;AACzC,MAAI,KAAK,OAAO;AACd,eAAW,MAAM,KAAK,OAAO;AAC3B,YAAM,QAAQ,GAAG,QAAQ,GAAG;AAC5B,UAAI,UAAU,IAAI;AAChB,gBAAQ,MAAM,gCAAgC,EAAE,uBAAuB;AACvE,gBAAQ,KAAK,CAAC;AAAA,MAChB;AACA,aAAO,GAAG,MAAM,GAAG,KAAK,CAAC,IAAI,GAAG,MAAM,QAAQ,CAAC;AAAA,IACjD;AAAA,EACF;AAEA,QAAM,OAAgC,EAAE,MAAM;AAC9C,MAAI,OAAO,KAAK,MAAM,EAAE,SAAS,EAAG,MAAK,SAAS;AAElD,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,QAAQ,IAAI;AAC/D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;AC1CH,SAAS,WAAAC,gBAAe;AAMjB,IAAM,uBAAuB,IAAIC,SAAQ,eAAe,EAC5D,YAAY,wCAAwC;AAEvD,qBAAqB,QAAQ,QAAQ,EAClC,YAAY,iCAAiC,EAC7C,eAAe,4BAA4B,iCAAiC,EAC5E,eAAe,4BAA4B,iCAAiC,EAC5E,eAAe,iBAAiB,mBAAmB,EACnD,OAAO,aAAa,iBAAiB,EACrC,OAAO,iBAAiB,kDAAkD,EAC1E,OAAO,eAA+B,MAAoF;AACzH,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,CAAC,kBAAkB,QAAQ,IAAI,KAAK,OAAO,MAAM,GAAG;AAC1D,QAAM,CAAC,kBAAkB,QAAQ,IAAI,KAAK,OAAO,MAAM,GAAG;AAC1D,QAAM,OAAgC;AAAA,IACpC,UAAU,KAAK;AAAA,IACf,mBAAmB;AAAA,IACnB,WAAW;AAAA,IACX,mBAAmB;AAAA,IACnB,WAAW;AAAA,EACb;AACA,MAAI,KAAK,GAAI,MAAK,IAAI,IAAI,KAAK;AAC/B,MAAI,KAAK,KAAM,MAAK,MAAM,IAAI,UAAU,KAAK,IAAI;AACjD,QAAM,OAAO,KAAK,KAAK,OAAO,EAAE,kBAAkB,KAAK,EAAE,KAAK,OAAO,EAAE;AACvE,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,MAAM,IAAI;AACnD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,qBAAqB,QAAQ,UAAU,EACpC,YAAY,0BAA0B,EACtC,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,kBAAkB,EAAE,EAAE;AACxE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,qBAAqB,QAAQ,aAAa,EACvC,YAAY,uBAAuB,EACnC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,IAAY,MAAyB;AAC1E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,uBAAuB,EAAE,0BAA0B,GAAI;AACtF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,kBAAkB,EAAE,EAAE;AAC9D,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACxDH,SAAS,WAAAC,gBAAe;AAMjB,IAAM,2BAA2B,IAAIC,SAAQ,oBAAoB,EACrE,YAAY,sEAAuE;AAEtF,yBAAyB,QAAQ,MAAM,EACpC,YAAY,2CAA2C,EACvD,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,qBAAqB;AACvE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,yBAAyB,QAAQ,gBAAgB,EAC9C,YAAY,yBAAyB,EACrC,OAAO,eAA+B,SAAiB;AACtD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,uBAAuB,OAAO,EAAE;AAClF,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,yBAAyB,QAAQ,mBAAmB,EACjD,YAAY,sCAAsC,EAClD,OAAO,wBAAwB,aAAa,EAC5C,OAAO,mBAAmB,2FAA2F,EACrH,OAAO,+BAA+B,qEAAqE,EAC3G,OAAO,+BAA+B,qEAAqE,EAC3G,OAAO,eAA+B,SAAiB,MAAyG;AAC/J,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,CAAC;AACvC,MAAI,KAAK,YAAa,MAAK,aAAa,IAAI,KAAK;AACjD,MAAI,KAAK,OAAQ,MAAK,aAAa,IAAI,UAAU,KAAK,MAAM;AAC5D,MAAI,KAAK,kBAAmB,MAAK,oBAAoB,IAAI,UAAU,KAAK,iBAAiB;AACzF,MAAI,KAAK,kBAAmB,MAAK,oBAAoB,IAAI,UAAU,KAAK,iBAAiB;AACzF,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,uBAAuB,OAAO,IAAI,IAAI;AACxF,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,yBAAyB,QAAQ,mBAAmB,EACjD,YAAY,4BAA4B,EACxC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,SAAiB,MAAyB;AAC/E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,6BAA6B,OAAO,2BAA2B,GAAI;AAClG,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,uBAAuB,OAAO,EAAE;AACxE,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACzDH,SAAS,WAAAC,gBAAe;AAKjB,IAAM,4BAA4B,IAAIC,SAAQ,qBAAqB,EACvE,YAAY,yBAAyB,EACrC,SAAS,gBAAgB,mCAAmC,EAC5D,SAAS,QAAQ,oBAAoB,EACrC,OAAO,iBAAiB,6BAA6B,EACrD,OAAO,qBAAqB,0CAA0C,MAAM,EAC5E,OAAO,eAAe,eAAe,IAAI,EACzC,OAAO,gBAAgB,gBAAgB,GAAG,EAC1C,OAAO,eAA+B,YAAoB,IAAY,MAA2E;AAChJ,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,IAAI,gBAAgB;AACnC,MAAI,KAAK,KAAM,QAAO,IAAI,YAAY,KAAK,IAAI;AAE/C,QAAM,eAAuC,EAAE,UAAU,UAAU,UAAU,UAAU,MAAM,OAAO;AACpG,SAAO,IAAI,aAAa,aAAa,KAAK,SAAS,KAAK,KAAK,SAAS;AACtE,SAAO,IAAI,SAAS,KAAK,KAAK;AAC9B,SAAO,IAAI,UAAU,KAAK,MAAM;AAChC,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,YAAY,OAAO,SAAS,CAAC,EAAE;AAC/G,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;ACzBH,SAAS,WAAAC,iBAAe;AACxB,SAAS,gBAAAC,qBAAoB;AAMtB,IAAM,qBAAqB,IAAIC,UAAQ,aAAa,EACxD,YAAY,6BAA6B;AAE5C,mBAAmB,QAAQ,0BAA0B,EAClD,YAAY,0GAA0G,EACtH,eAAe,qBAAqB,wCAAwC,EAC5E,OAAO,yBAAyB,aAAa,0BAA0B,EACvE,OAAO,iBAAiB,qEAAqE,EAC7F,OAAO,eAA+B,YAAoB,IAAY,MAAgE;AACrI,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,gBAAgB;AAAA,IAC/F,UAAU,KAAK;AAAA,IACf,cAAc,KAAK;AAAA,EACrB,CAAC;AAED,MAAI,KAAK,MAAM;AACb,UAAM,OAAOC,cAAa,KAAK,IAAI;AACnC,UAAM,YAAY,KAAK,WAAW,WAAW,MAAM,IAAI,KAAK,aAAa,GAAG,OAAO,OAAO,GAAG,KAAK,UAAU;AAC5G,UAAM,OAAO,WAAW,WAAW,MAAM,KAAK,WAAW;AACzD,YAAQ,IAAI,aAAa,EAAE,GAAG,MAAM,UAAU,KAAK,GAAG,UAAU,IAAI,CAAC,CAAC;AAAA,EACxE,OAAO;AACL,YAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AAAA,EACjD;AACF,CAAC;AAEH,mBAAmB,QAAQ,uBAAuB,EAC/C,YAAY,kDAAkD,EAC9D,eAAe,qBAAqB,wCAAwC,EAC5E,OAAO,eAA+B,YAAoB,IAAY,MAA4B;AACjG,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,cAAc,MAAM,OAAO,QAAgE,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,cAAc;AAC7J,QAAM,QAAQ,YAAY,KAAK,OAAK,EAAE,IAAI,SAAS,IAAI,KAAK,QAAQ,EAAE,CAAC;AACvE,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,MAAM,eAAe,KAAK,QAAQ,aAAa;AAAA,EAC3D;AACA,QAAM,cAAc,GAAG,OAAO,OAAO,OAAO,EAAE,gBAAgB,MAAM,GAAG;AACvE,UAAQ,IAAI,aAAa,EAAE,cAAc,aAAa,GAAG,MAAM,GAAG,UAAU,IAAI,CAAC,CAAC;AACpF,CAAC;AAEH,mBAAmB,QAAQ,wBAAwB,EAChD,YAAY,iCAAiC,EAC7C,OAAO,mBAAmB,oCAAoC,EAC9D,OAAO,eAA+B,YAAoB,IAAY,MAA2B;AAChG,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,QAAQ,KAAK,SAAS,WAAW,mBAAmB,KAAK,MAAM,CAAC,KAAK;AAC3E,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,eAAe,KAAK,EAAE;AACtG,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,mBAAmB,QAAQ,0CAA0C,EAClE,YAAY,sBAAsB,EAClC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,YAAoB,IAAY,cAAsB,MAAyB;AACpH,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,qBAAqB,YAAY,OAAO,UAAU,IAAI,EAAE,0BAA0B,GAAI;AACrH,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,cAAc,UAAU,IAAI,EAAE,gBAAgB,YAAY,EAAE;AACpG,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACvEH,SAAS,kBAAkB;AAC3B,SAAS,WAAAC,iBAAe;AAMjB,IAAM,eAAe,IAAIC,UAAQ,OAAO,EAC5C,YAAY,kCAAkC;AAEjD,aAAa,QAAQ,QAAQ,EAC1B,YAAY,2BAA2B,EACvC,eAAe,iBAAiB,WAAW,EAC3C,eAAe,qBAAqB,oBAAoB,EACxD,OAAO,aAAa,qCAAqC,EACzD,OAAO,oCAAoC,kCAAkC,EAC7E,OAAO,eAA+B,MAA+E;AACpH,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,KAAK,MAAM,WAAW;AACrC,QAAM,OAAgC;AAAA,IACpC,MAAM,KAAK;AAAA,IACX,QAAQ,KAAK;AAAA,IACb,SAAS;AAAA,EACX;AACA,MAAI,KAAK,iBAAiB;AACxB,SAAK,kBAAkB,IAAI,KAAK,gBAAgB,MAAM,GAAG;AAAA,EAC3D;AACA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,UAAU,MAAM,IAAI,IAAI;AAC1E,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,aAAa,QAAQ,UAAU,EAC5B,YAAY,YAAY,EACxB,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,UAAU,EAAE,EAAE;AAChE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,aAAa,QAAQ,MAAM,EACxB,YAAY,gBAAgB,EAC5B,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,QAAQ;AAC1D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,aAAa,QAAQ,aAAa,EAC/B,YAAY,eAAe,EAC3B,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,IAAY,MAAyB;AAC1E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,eAAe,EAAE,0BAA0B,GAAI;AAC9E,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,UAAU,EAAE,EAAE;AACtD,UAAQ,IAAI,SAAS;AACvB,CAAC;;;AC9DH,SAAS,cAAAC,mBAAkB;AAC3B,SAAS,WAAAC,iBAAe;AAMjB,IAAM,kBAAkB,IAAIC,UAAQ,UAAU,EAClD,YAAY,0BAA0B;AAEzC,gBAAgB,QAAQ,QAAQ,EAC7B,YAAY,4BAA4B,EACxC,eAAe,iBAAiB,cAAc,EAC9C,eAAe,eAAe,YAAY,EAC1C,eAAe,qBAAqB,qBAAqB,EACzD,eAAe,qBAAqB,6BAA6B,EACjE,OAAO,aAAa,wCAAwC,EAC5D,OAAO,oCAAoC,kCAAkC,EAC7E,OAAO,mBAAmB,0BAA0B,EACpD,OAAO,eAA+B,MAA6H;AAClK,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,YAAY,KAAK,MAAMC,YAAW;AACxC,QAAM,OAAgC;AAAA,IACpC,MAAM,KAAK;AAAA,IACX,KAAK,KAAK;AAAA,IACV,QAAQ,KAAK;AAAA,IACb,QAAQ,KAAK,OAAO,MAAM,GAAG;AAAA,IAC7B,SAAS;AAAA,EACX;AACA,MAAI,KAAK,iBAAiB;AACxB,SAAK,kBAAkB,IAAI,KAAK,gBAAgB,MAAM,GAAG;AAAA,EAC3D;AACA,MAAI,KAAK,QAAQ;AACf,SAAK,QAAQ,IAAI,KAAK,MAAM,KAAK,MAAM;AAAA,EACzC;AACA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,aAAa,SAAS,IAAI,IAAI;AAChF,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,gBAAgB,QAAQ,UAAU,EAC/B,YAAY,eAAe,EAC3B,OAAO,eAA+B,IAAY;AACjD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,aAAa,EAAE,EAAE;AACnE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,gBAAgB,QAAQ,MAAM,EAC3B,YAAY,mBAAmB,EAC/B,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,WAAW;AAC7D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,gBAAgB,QAAQ,YAAY,EACjC,YAAY,0DAA0D,EACtE,OAAO,qBAAqB,wDAAwD,EACpF,OAAO,qBAAqB,sBAAsB,EAClD,OAAO,eAA+B,MAA+C;AACpF,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,IAAI,gBAAgB;AACnC,MAAI,KAAK,OAAQ,QAAO,IAAI,UAAU,KAAK,MAAM;AACjD,MAAI,KAAK,UAAW,QAAO,IAAI,cAAc,KAAK,SAAS;AAC3D,QAAM,KAAK,OAAO,SAAS;AAC3B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,uBAAuB,KAAK,IAAI,EAAE,KAAK,EAAE,EAAE;AAC7F,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,gBAAgB,QAAQ,aAAa,EAClC,YAAY,kBAAkB,EAC9B,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,IAAY,MAAyB;AAC1E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,kBAAkB,EAAE,0BAA0B,GAAI;AACjF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,aAAa,EAAE,EAAE;AACzD,UAAQ,IAAI,SAAS;AACvB,CAAC;;;ACrFH,SAAS,WAAAC,iBAAe;AAMjB,IAAM,mBAAmB,IAAIC,UAAQ,WAAW,EACpD,YAAY,8BAA8B;AAE7C,iBAAiB,QAAQ,eAAe,EACrC,YAAY,kCAAkC,EAC9C,OAAO,iBAAiB,wDAAwD,EAChF,OAAO,wBAAwB,sBAAsB,EACrD,OAAO,iBAAiB,yDAAyD,SAAS,CAAC,CAAC,EAC5F,OAAO,yBAAyB,yDAAyD,SAAS,CAAC,CAAC,EACpG,OAAO,kBAAkB,gEAAgE,SAAS,CAAC,CAAC,EACpG,OAAO,eAAe,uBAAuB,EAC7C,OAAO,mBAAmB,yHAAyH,EACnJ,OAAO,eAA+B,MAAc,MAQlD;AACD,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAE7B,MAAI;AAEJ,MAAI,KAAK,QAAQ;AAEf,WAAO,KAAK,MAAM,KAAK,MAAM;AAAA,EAC/B,OAAO;AACL,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,MAAM,2DAA2D;AAAA,IAC7E;AACA,WAAO;AAAA,MACL,MAAM,KAAK;AAAA,MACX,OAAO,KAAK,KAAK,IAAI,aAAa;AAAA,IACpC;AAEA,QAAI,KAAK,YAAa,MAAK,cAAc,KAAK;AAE9C,QAAI,KAAK,aAAa,SAAS,GAAG;AAChC,WAAK,gBAAgB,KAAK,aAAa,IAAI,YAAY;AAAA,IACzD;AAEA,QAAI,KAAK,MAAM,SAAS,GAAG;AACzB,YAAM,aAAuC,CAAC;AAC9C,iBAAW,QAAQ,KAAK,OAAO;AAC7B,cAAM,SAAS,UAAU,IAAI;AAC7B,mBAAW,OAAO,GAAG,IAAI,OAAO;AAAA,MAClC;AACA,WAAK,QAAQ,EAAE,SAAS,MAAM,WAAW;AAAA,IAC3C;AAEA,QAAI,KAAK,SAAU,MAAK,YAAY;AAAA,EACtC;AAEA,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,IAAI,IAAI,IAAI;AAC5E,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,YAAY,EAClC,YAAY,iBAAiB,EAC7B,OAAO,cAAc,qCAAqC,EAC1D,OAAO,eAA+B,MAAc,MAA8B;AACjF,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,KAAK,WACd,OAAO,EAAE,cAAc,IAAI,cAC3B,OAAO,EAAE,cAAc,IAAI;AAC/B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,IAAI;AAC7C,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,MAAM,EAC5B,YAAY,oBAAoB,EAChC,OAAO,iBAA+B;AACrC,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,YAAY;AAC9D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,eAAe,EACrC,YAAY,oBAAoB,EAChC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,MAAc,MAAyB;AAC5E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,oBAAoB,IAAI,2BAA2B,GAAI;AACtF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,OAAO,EAAE,cAAc,IAAI,EAAE;AAC5D,UAAQ,IAAI,SAAS;AACvB,CAAC;AAEH,iBAAiB,QAAQ,YAAY,EAClC,YAAY,4CAA4C,EACxD,OAAO,sBAAsB,yBAAyB,KAAK,EAC3D,OAAO,CAAC,OAAe,SAAgC;AACtD,QAAM,YAAY,KAAK,cAAc,QAAQ,QAAQ;AACrD,UAAQ,IAAI,2BAA2B,KAAK,IAAI,SAAS,EAAE;AAC7D,CAAC;AAIH,SAAS,QAAQ,OAAe,UAA8B;AAC5D,SAAO,CAAC,GAAG,UAAU,KAAK;AAC5B;AAEA,SAAS,UAAU,MAA8C;AAC/D,QAAM,CAAC,KAAK,MAAM,IAAI,KAAK,MAAM,GAAG;AACpC,MAAI,CAAC,OAAO,CAAC,QAAQ;AACnB,UAAM,IAAI,MAAM,iBAAiB,IAAI,kCAAkC;AAAA,EACzE;AACA,SAAO,EAAE,KAAK,KAAK,OAAO,MAAM,GAAG,EAAE;AACvC;AAEA,SAAS,cAAc,MAAuC;AAC5D,QAAM,EAAE,KAAK,IAAI,IAAI,UAAU,IAAI;AACnC,SAAO,EAAE,YAAY,KAAK,YAAY,IAAI;AAC5C;AAEA,SAAS,aAAa,MAAuC;AAC3D,QAAM,EAAE,KAAK,IAAI,IAAI,UAAU,IAAI;AACnC,SAAO,EAAE,UAAU,KAAK,YAAY,IAAI;AAC1C;;;ACpIA,SAAS,WAAAC,iBAAe;AAKjB,IAAM,eAAe,IAAIC,UAAQ,OAAO,EAC5C,YAAY,0DAA0D,EACtE,eAAe,uBAAuB,6CAA6C,EACnF,OAAO,eAA+B,MAA8B;AACnE,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,aAAa,UAAU,KAAK,UAAU;AAC5C,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,UAAU;AAAA,IAC3D,YAAY,MAAM,QAAQ,UAAU,IAAI,aAAa,CAAC,UAAU;AAAA,EAClE,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;AChBH,SAAS,WAAAC,iBAAe;AAIxB,IAAM,kBAAkB;AAEjB,IAAM,mBAAmB,IAAIC,UAAQ,WAAW,EACpD,YAAY,6EAA6E;AAE5F,iBAAiB,QAAQ,mBAAmB,EACzC,YAAY,sDAAsD,eAAe,EAAE,EACnF,eAAe,kBAAkB,6CAA6C,EAC9E,OAAO,eAA+B,UAAkB,MAAyB;AAChF,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,QAAQ,UAAU,KAAK,KAAK;AAClC,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,cAAc,QAAQ,WAAW;AAAA,IAClF,OAAO,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC,KAAK;AAAA,EAC9C,CAAC;AACD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,iBAAiB,QAAQ,mBAAmB,EACzC,YAAY,sDAAsD,eAAe,EAAE,EACnF,OAAO,uBAAuB,+CAA+C,EAC7E,OAAO,mBAAmB,sBAAsB,EAChD,OAAO,eAA+B,UAAkB,MAAiD;AACxG,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,QAAQ,KAAK,cAAc,gBAAgB,KAAK,WAAW,KAAK;AACtE,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,OAAO,EAAE,cAAc,QAAQ,UAAU,KAAK,EAAE;AAEzF,MAAI,KAAK,QAAQ;AACf,UAAM,EAAE,eAAAC,eAAc,IAAI,MAAM,OAAO,IAAI;AAC3C,IAAAA,eAAc,KAAK,QAAQ,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AACxD,YAAQ,IAAI,cAAc,KAAK,MAAM,EAAE;AAAA,EACzC,OAAO;AACL,YAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AAAA,EACjD;AACF,CAAC;AAEH,iBAAiB,QAAQ,qCAAqC,EAC3D,YAAY,qEAAqE,eAAe,EAAE,EAClG,eAAe,iBAAiB,8DAA8D,EAC9F,OAAO,sBAAsB,mCAAmC,EAChE,OAAO,8BAA8B,4BAA4B,EACjE,OAAO,eAA+B,UAAkB,YAAoB,MAAsE;AACjJ,QAAM,KAAK,YAAY,IAAI;AAC3B,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,WAAW,UAAU,KAAK,IAAI;AACpC,QAAM,aAAuB,CAAC;AAC9B,MAAI,KAAK,WAAY,YAAW,KAAK,eAAe,mBAAmB,KAAK,UAAU,CAAC,EAAE;AACzF,MAAI,KAAK,eAAgB,YAAW,KAAK,mBAAmB,mBAAmB,KAAK,cAAc,CAAC,EAAE;AACrG,QAAM,KAAK,WAAW,SAAS,IAAI,WAAW,KAAK,GAAG,CAAC,KAAK;AAC5D,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAE,cAAc,QAAQ,cAAc,UAAU,GAAG,EAAE,IAAI,QAAQ;AAClH,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;;;ACxDH,SAAS,WAAAC,iBAAe;AAKjB,IAAM,gBAAgB,IAAIC,UAAQ,QAAQ,EAC9C,YAAY,mBAAmB;AAElC,cAAc,QAAQ,QAAQ,EAC3B,YAAY,2BAA2B,EACvC,eAAe,iBAAiB,YAAY,EAC5C,eAAe,mBAAmB,iCAAiC,EACnE,OAAO,uBAAuB,wDAAwD,EACtF,OAAO,eAA+B,MAA4D;AACjG,QAAM,SAAS,IAAI,UAAU;AAC7B,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,KAAK,MAAM;AAAA,EACjC,QAAQ;AACN,UAAM,IAAI,MAAM,6BAA6B;AAAA,EAC/C;AACA,QAAM,OAAgC,EAAE,MAAM,KAAK,MAAM,OAAO;AAChE,MAAI,KAAK,UAAW,MAAK,aAAa,KAAK;AAC3C,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,cAAc,IAAI;AAC5D,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,cAAc,QAAQ,MAAM,EACzB,YAAY,iBAAiB,EAC7B,OAAO,iBAA+B;AACrC,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,YAAY;AACrD,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,cAAc,QAAQ,mBAAmB,EACtC,YAAY,qBAAqB,EACjC,OAAO,eAA+B,SAAiB;AACtD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,cAAc,OAAO,EAAE;AACtD,UAAQ,IAAI,eAAe;AAC7B,CAAC;;;ACzCH,SAAS,WAAAC,iBAAe;AACxB,SAAS,gBAAAC,qBAAoB;AAU7B,SAAS,aAAa,MAAiD;AACrE,MAAK,KAAK,UAAU,YAAgB,KAAK,SAAS,SAAY;AAC5D,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC5D;AACA,MAAI,KAAK,SAAS,OAAW,QAAOC,cAAa,KAAK,IAAI,EAAE,SAAS,QAAQ;AAC7E,SAAO,KAAK;AACd;AAEO,IAAM,iBAAiB,IAAIC,UAAQ,SAAS,EAChD,YAAY,mCAAmC;AAElD,eAAe,QAAQ,QAAQ,EAC5B,YAAY,uEAAuE,EACnF,eAAe,iBAAiB,aAAa,EAC7C,OAAO,mBAAmB,6BAA6B,EACvD,OAAO,iBAAiB,oFAAoF,EAC5G,OAAO,yBAAyB,oDAAoD,EACpF,OAAO,uBAAuB,qFAAgF,EAC9G,OAAO,iBAAiB,sBAAsB,EAC9C,OAAO,eAA+B,MAAgH;AACrJ,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,MAAM,KAAK,MAAM,OAAO,aAAa,IAAI,EAAE;AACnF,MAAI,KAAK,YAAa,MAAK,eAAe,KAAK;AAC/C,MAAI,KAAK,UAAW,MAAK,aAAa,KAAK;AAC3C,MAAI,KAAK,KAAM,MAAK,OAAO,KAAK,KAAK,MAAM,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,OAAO;AACnF,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,qBAAqB,IAAI;AACnE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,eAAe,QAAQ,MAAM,EAC1B,YAAY,oCAAoC,EAChD,OAAO,cAAc,kDAAkD,EACvE,OAAO,cAAc,kCAAkC,IAAI,EAC3D,OAAO,eAA+B,MAA4C;AACjF,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,KAAK,WAAW,0CAA0C,mBAAmB,KAAK,IAAI,CAAC,KAAK;AACzG,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,IAAI;AAC7C,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,eAAe,QAAQ,UAAU,EAC9B,YAAY,0CAA0C,EACtD,OAAO,eAA+B,IAAY;AACjD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO,QAAQ,OAAO,qBAAqB,EAAE,EAAE;AAClE,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,eAAe,QAAQ,aAAa,EACjC,YAAY,oFAAoF,EAChG,OAAO,mBAAmB,iCAAiC,EAC3D,OAAO,iBAAiB,qDAAqD,EAC7E,OAAO,uBAAuB,oDAAoD,EAClF,OAAO,eAA+B,IAAY,MAA6D;AAC9G,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,OAAO,aAAa,IAAI,EAAE;AAClE,MAAI,KAAK,UAAW,MAAK,aAAa,KAAK;AAC3C,QAAM,OAAO,MAAM,OAAO,QAAQ,QAAQ,qBAAqB,EAAE,WAAW,IAAI;AAChF,UAAQ,IAAI,aAAa,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,CAAC;AAEH,eAAe,QAAQ,aAAa,EACjC,YAAY,uBAAuB,EACnC,OAAO,aAAa,0BAA0B,EAC9C,OAAO,eAA+B,IAAY,MAAyB;AAC1E,MAAI,CAAC,KAAK,OAAO,CAAE,MAAM,QAAQ,uBAAuB,EAAE,0BAA0B,GAAI;AACtF,YAAQ,IAAI,SAAS;AACrB;AAAA,EACF;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,QAAQ,UAAU,qBAAqB,EAAE,EAAE;AACxD,UAAQ,IAAI,gBAAgB;AAC9B,CAAC;;;AC/EH,SAAS,WAAAC,iBAAe;AAKjB,IAAM,eAAe,IAAIC,UAAQ,OAAO,EAC5C,YAAY,yDAAyD;AAIxE,IAAM,YAAY,aAAa,QAAQ,IAAI,EAAE,YAAY,qCAAqC;AAE9F,UAAU,QAAQ,oBAAoB,EACnC,YAAY,mEAAmE,EAC/E,OAAO,eAA+B,MAAc,IAAY;AAC/D,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,aAAa,mBAAmB,IAAI,CAAC,IAAI,mBAAmB,EAAE,CAAC;AAAA,EACjE;AACA,UAAQ,IAAI,aAAa,KAAK,QAAQ,UAAU,IAAI,CAAC,CAAC;AACxD,CAAC;AAEH,UAAU,QAAQ,0BAA0B,EACzC,YAAY,+DAA+D,EAC3E,OAAO,eAAe,kCAAkC,CAAC,MAAc,OAAO,CAAC,CAAC,EAChF,OAAO,oBAAoB,yCAAyC,EACpE,OAAO,eAEN,MACA,IACA,OACA,MACA;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,IAAI,gBAAgB,EAAE,MAAM,CAAC;AAC5C,MAAI,KAAK,UAAU,OAAW,QAAO,IAAI,SAAS,OAAO,KAAK,KAAK,CAAC;AACpE,MAAI,KAAK,UAAU,OAAW,QAAO,IAAI,UAAU,KAAK,KAAK;AAE7D,QAAM,OAAO,MAAM,OAAO;AAAA,IAMxB;AAAA,IACA,aAAa,mBAAmB,IAAI,CAAC,IAAI,mBAAmB,EAAE,CAAC,SAAS,MAAM;AAAA,EAChF;AAEA,QAAM,SAAS,UAAU,IAAI;AAC7B,MAAI,WAAW,QAAQ;AACrB,YAAQ,IAAI,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AACzC;AAAA,EACF;AAEA,QAAM,OAAO,KAAK,KAAK,IAAI,OAAK,OAAO,YAAY,KAAK,QAAQ,IAAI,CAAC,GAAG,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;AACzF,UAAQ,IAAI,aAAa,MAAM,MAAM,CAAC;AACtC,MAAI,KAAK,UAAW,SAAQ,IAAI,6CAAwC;AAC1E,CAAC;AAIH,IAAM,qBAAqB,aACxB,QAAQ,QAAQ,EAChB,YAAY,yEAAyE;AAaxF,mBAAmB,QAAQ,MAAM,EAC9B,YAAY,oCAAoC,EAChD,OAAO,gBAAgB,uDAAuD,EAC9E,OAAO,gBAAgB,+CAA+C,EACtE,OAAO,wBAAwB,6BAA6B,EAC5D,OAAO,eAAe,kCAAkC,CAAC,MAAc,OAAO,CAAC,CAAC,EAChF,OAAO,gBAAgB,yBAAyB,CAAC,MAAc,OAAO,CAAC,CAAC,EACxE,OAAO,iBAAiB,2CAA2C,EACnE,OAAO,eAEN,MACA;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,SAAS,IAAI,gBAAgB;AACnC,MAAI,KAAK,OAAQ,QAAO,IAAI,UAAU,KAAK,MAAM;AACjD,MAAI,KAAK,OAAQ,QAAO,IAAI,UAAU,KAAK,MAAM;AACjD,MAAI,KAAK,eAAgB,QAAO,IAAI,kBAAkB,KAAK,cAAc;AACzE,MAAI,KAAK,UAAU,OAAW,QAAO,IAAI,SAAS,OAAO,KAAK,KAAK,CAAC;AACpE,MAAI,KAAK,WAAW,OAAW,QAAO,IAAI,UAAU,OAAO,KAAK,MAAM,CAAC;AACvE,MAAI,KAAK,MAAO,QAAO,IAAI,SAAS,KAAK,KAAK;AAC9C,QAAM,KAAK,OAAO,SAAS,IAAI,IAAI,MAAM,KAAK;AAE9C,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,iBAAiB,EAAE;AAAA,EACrB;AAEA,QAAM,SAAS,UAAU,IAAI;AAC7B,MAAI,WAAW,QAAQ;AACrB,YAAQ,IAAI,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AACzC;AAAA,EACF;AACA,UAAQ,IAAI,aAAa,KAAK,MAAM,MAAM,CAAC;AAC3C,UAAQ,IAAI,IAAI,KAAK,KAAK,MAAM,OAAO,KAAK,KAAK,GAAG;AACtD,CAAC;AAEH,mBAAmB,QAAQ,WAAW,EACnC,YAAY,6CAA6C,EACzD,OAAO,eAA+B,IAAY;AACjD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,EAAE,CAAC;AAAA,EAC1C;AACA,UAAQ,IAAI,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AAC3C,CAAC;AAUH,SAAS,kBAAkB,GAA4B;AACrD,UAAQ,EAAE,QAAQ;AAAA,IAChB,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO,aAAa,EAAE,UAAU,UAAU;AAAA,IAC5C,KAAK;AACH,aAAO,yBAAyB,EAAE,UAAU,mBAAmB;AAAA,IACjE,KAAK;AACH,aAAO,oCAAoC,EAAE,UAAU,SAAS;AAAA,IAClE,SAAS;AAEP,YAAM,cAAqB,EAAE;AAC7B,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,mBAAmB,QAAQ,sCAAsC,EAC9D,YAAY,2EAA2E,EACvF,OAAO,eAA+B,aAAqB,WAAqB;AAC/E,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,WAAW,CAAC;AAAA,IACjD,EAAE,YAAY,UAAU;AAAA,EAC1B;AACA,UAAQ,IAAI,WAAW,KAAK,OAAO,oBAAoB,WAAW,EAAE;AACpE,aAAW,KAAK,KAAK,WAAW,CAAC,GAAG;AAClC,YAAQ,IAAI,aAAa,EAAE,SAAS,WAAM,kBAAkB,CAAC,CAAC,EAAE;AAAA,EAClE;AACF,CAAC;AAEH,mBAAmB,QAAQ,qBAAqB,EAC7C,YAAY,4DAA4D,EACxE,OAAO,eAA+B,UAAkB;AACvD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,QAAQ,CAAC;AAAA,EAChD;AACA,UAAQ,IAAI,YAAY,KAAK,OAAO,SAAS,WAAM,KAAK,OAAO,MAAM,EAAE;AACzE,CAAC;AAEH,mBAAmB,QAAQ,eAAe,EACvC,YAAY,4DAA4D,EACxE,eAAe,cAAc,4CAA4C,EACzE,OAAO,oBAAoB,+BAA+B,EAC1D,OAAO,eAA+B,IAAY,MAAwC;AACzF,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,QAAQ,aAAa,cAAc,KAAK,GAAG;AACnF,MAAI,KAAK,QAAS,MAAK,YAAY,IAAI,KAAK;AAC5C,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,EAAE,CAAC;AAAA,IACxC;AAAA,EACF;AACA,UAAQ,IAAI,aAAa,KAAK,OAAO,SAAS,WAAM,KAAK,EAAE,EAAE;AAC/D,CAAC;AAEH,mBAAmB,QAAQ,gBAAgB,EACxC,YAAY,qDAAqD,EACjE,OAAO,eAA+B,IAAY;AACjD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,EAAE,CAAC;AAAA,IACxC,EAAE,QAAQ,YAAY;AAAA,EACxB;AACA,UAAQ,IAAI,aAAa,KAAK,OAAO,SAAS,iBAAiB,KAAK,oBAAoB,MAAM,mBAAmB;AACnH,CAAC;AAEH,mBAAmB,QAAQ,cAAc,EACtC,YAAY,6CAA6C,EACzD,eAAe,mBAAmB,+BAA+B,EACjE,OAAO,oBAAoB,+BAA+B,EAC1D,OAAO,eAA+B,IAAY,MAA4C;AAC7F,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC,EAAE,QAAQ,aAAa,kBAAkB,KAAK,OAAO;AAC3F,MAAI,KAAK,QAAS,MAAK,YAAY,IAAI,KAAK;AAC5C,QAAM,OAAO,MAAM,OAAO;AAAA,IACxB;AAAA,IACA,kBAAkB,mBAAmB,EAAE,CAAC;AAAA,IACxC;AAAA,EACF;AACA,UAAQ,IAAI,aAAa,KAAK,OAAO,SAAS,aAAa,KAAK,MAAM,GAAG;AAC3E,CAAC;;;AC9NH,SAAS,WAAAC,iBAAe;AASjB,IAAM,gBAAgB,IAAIC,UAAQ,QAAQ,EAC9C,YAAY,yCAAyC;AAExD,cAAc,QAAQ,QAAQ,EAC3B,YAAY,0DAA0D,EACtE,eAAe,mBAAmB,eAAe,EACjD,eAAe,wBAAwB,eAAe,EACtD,OAAO,qBAAqB,wDAAwD,EACpF,OAAO,wBAAwB,+CAA+C,EAC9E,OAAO,qBAAqB,wEAAwE,EACpG,OAAO,sBAAsB,gCAAgC,EAC7D,OAAO,kBAAkB,oBAAoB,EAC7C,OAAO,0BAA0B,yBAAyB,EAC1D,OAAO,oBAAoB,wCAAwC,EACnE,OAAO,mBAAmB,sCAAsC,IAAI,EACpE,OAAO,2BAA2B,qDAAqD,EACvF,OAAO,eAEN,MAaA;AACA,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,OAAgC;AAAA,IACpC,OAAO,KAAK;AAAA,IACZ,aAAa,KAAK;AAAA,IAClB,QAAQ,KAAK;AAAA,EACf;AACA,MAAI,KAAK,OAAQ,MAAK,QAAQ,IAAI,KAAK;AACvC,MAAI,KAAK,eAAgB,MAAK,gBAAgB,IAAI,KAAK;AACvD,MAAI,KAAK,SAAU,MAAK,WAAW,IAAI,KAAK;AAC5C,MAAI,KAAK,SAAU,MAAK,UAAU,IAAI,KAAK;AAC3C,MAAI,KAAK,MAAO,MAAK,OAAO,IAAI,KAAK;AACrC,MAAI,KAAK,aAAc,MAAK,eAAe,IAAI,KAAK;AACpD,MAAI,KAAK,QAAS,MAAK,SAAS,IAAI,KAAK;AACzC,MAAI,KAAK,cAAe,MAAK,gBAAgB,IAAI,KAAK;AAEtD,QAAM,OAAO,MAAM,OAAO,QAAwB,QAAQ,eAAe,IAAI;AAC7E,MAAI,KAAK,SAAS;AAChB,YAAQ,IAAI,yBAAyB,KAAK,SAAS,IAAI;AACvD,YAAQ,IAAI,kEAAkE;AAAA,EAChF,OAAO;AACL,YAAQ,IAAI,yCAAyC,KAAK,SAAS,8CAAyC;AAAA,EAC9G;AACF,CAAC;;;AC/DH,SAAS,WAAAC,iBAAe;AACxB,SAAS,oBAAoB;;;ACAtB,SAAS,eAAe,QAAgB,SAA0B;AACvE,QAAM,QAAQ,CAAC,MAAc,EAAE,QAAQ,WAAW,EAAE;AACpD,QAAM,IAAI,MAAM,MAAM,EAAE,MAAM,GAAG,EAAE,IAAI,MAAM;AAC7C,QAAM,IAAI,MAAM,OAAO,EAAE,MAAM,GAAG,EAAE,IAAI,MAAM;AAC9C,WAAS,IAAI,GAAG,IAAI,KAAK,IAAI,EAAE,QAAQ,EAAE,MAAM,GAAG,KAAK;AACrD,UAAM,KAAK,EAAE,CAAC,KAAK;AACnB,UAAM,KAAK,EAAE,CAAC,KAAK;AACnB,QAAI,OAAO,MAAM,EAAE,KAAK,OAAO,MAAM,EAAE,EAAG,QAAO;AACjD,QAAI,KAAK,GAAI,QAAO;AACpB,QAAI,KAAK,GAAI,QAAO;AAAA,EACtB;AACA,SAAO;AACT;;;ACbA,SAAS,gBAAAC,eAAc,iBAAAC,gBAAe,aAAAC,kBAAiB;AACvD,SAAS,QAAAC,aAAY;AACrB,SAAS,gBAAgB;AAMlB,IAAM,cAAc;AAC3B,IAAM,aAAaC,MAAK,YAAY,mBAAmB;AACvD,IAAM,aAAa,KAAK,KAAK,KAAK;AAOlC,SAAS,aAAsB;AAC7B,SAAO;AAAA,IACL,QAAQ,IAAI,oBAAoB,KAChC,QAAQ,IAAI,uBAAuB,KACnC,KAAK;AAAA,EACP;AACF;AAEA,SAAS,YAAiC;AACxC,MAAI;AACF,UAAM,SAAS,KAAK,MAAMC,cAAa,YAAY,OAAO,CAAC;AAC3D,QAAI,OAAO,OAAO,cAAc,SAAU,QAAO;AACjD,QAAI,OAAO,WAAW,QAAQ,OAAO,OAAO,WAAW,SAAU,QAAO;AACxE,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,WAAW,OAA2B;AAC7C,MAAI;AACF,IAAAC,WAAU,YAAY,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AACtD,IAAAC,eAAc,YAAY,KAAK,UAAU,KAAK,GAAG,EAAE,MAAM,IAAM,CAAC;AAAA,EAClE,QAAQ;AAAA,EAER;AACF;AAGO,SAAS,iBAAiB,SAAgC;AAC/D,QAAM,QAAQ,UAAU;AACxB,MAAI,CAAC,OAAO,OAAQ,QAAO;AAC3B,MAAI,KAAK,IAAI,IAAI,MAAM,YAAY,WAAY,QAAO;AACtD,SAAO,eAAe,MAAM,QAAQ,OAAO,IAAI,MAAM,SAAS;AAChE;AAEA,SAAS,OAAO,QAAgB,SAAuB;AACrD,UAAQ,MAAM;AAAA,oBAAuB,OAAO,WAAM,MAAM;AAAA,gCAAmC;AAC7F;AAOO,SAAS,gBAAgB,SAAuB;AACrD,MAAI,WAAW,EAAG;AAClB,MAAI;AACF,UAAM,QAAQ,UAAU;AAExB,QAAI,SAAS,KAAK,IAAI,IAAI,MAAM,YAAY,YAAY;AACtD,UAAI,MAAM,UAAU,eAAe,MAAM,QAAQ,OAAO,EAAG,QAAO,MAAM,QAAQ,OAAO;AACvF;AAAA,IACF;AAGA,eAAW,EAAE,WAAW,KAAK,IAAI,GAAG,QAAQ,OAAO,UAAU,KAAK,CAAC;AAGnE,UAAM,QAAQ;AAAA,MACZ;AAAA,MACA,CAAC,QAAQ,aAAa,SAAS;AAAA,MAC/B,EAAE,SAAS,KAAM,OAAO,KAAK;AAAA,MAC7B,CAAC,KAAK,WAAW;AACf,YAAI,IAAK;AACT,cAAM,SAAS,OAAO,KAAK;AAC3B,YAAI,CAAC,OAAQ;AACb,mBAAW,EAAE,WAAW,KAAK,IAAI,GAAG,OAAO,CAAC;AAC5C,YAAI,eAAe,QAAQ,OAAO,EAAG,QAAO,QAAQ,OAAO;AAAA,MAC7D;AAAA,IACF;AAEA,UAAM,MAAM;AAAA,EACd,QAAQ;AAAA,EAER;AACF;;;AC7FA;AAAA,EACE,MAAQ;AAAA,EACR,SAAW;AAAA,EACX,MAAQ;AAAA,EACR,SAAW;AAAA,IACT,MAAQ;AAAA,EACV;AAAA,EACA,KAAO;AAAA,IACL,OAAS;AAAA,EACX;AAAA,EACA,OAAS;AAAA,IACP;AAAA,EACF;AAAA,EACA,SAAW;AAAA,IACT,OAAS;AAAA,IACT,WAAa;AAAA,IACb,MAAQ;AAAA,IACR,KAAO;AAAA,EACT;AAAA,EACA,cAAgB;AAAA,IACd,oBAAoB;AAAA,IACpB,OAAS;AAAA,IACT,cAAc;AAAA,IACd,WAAa;AAAA,IACb,MAAQ;AAAA,EACV;AAAA,EACA,sBAAwB;AAAA,IACtB,gBAAgB;AAAA,EAClB;AAAA,EACA,iBAAmB;AAAA,IACjB,eAAe;AAAA,IACf,MAAQ;AAAA,IACR,YAAc;AAAA,IACd,QAAU;AAAA,EACZ;AACF;;;AH7BO,IAAM,gBAAgB,IAAIC,UAAQ,QAAQ,EAC9C,YAAY,sDAAsD,EAClE,OAAO,MAAM;AACZ,UAAQ,IAAI,oBAAoB,gBAAI,OAAO,EAAE;AAC7C,UAAQ,IAAI,yBAAyB;AACrC,MAAI;AACJ,MAAI;AAEF,aAAS,aAAa,OAAO,CAAC,QAAQ,aAAa,SAAS,GAAG,EAAE,SAAS,KAAQ,OAAO,KAAK,CAAC,EAC5F,SAAS,EACT,KAAK;AAAA,EACV,QAAQ;AACN,YAAQ,MAAM,2CAA2C;AACzD,YAAQ,MAAM,gCAAgC,WAAW,EAAE;AAC3D,YAAQ,KAAK,CAAC;AAAA,EAChB;AAEA,MAAI,CAAC,eAAe,QAAQ,gBAAI,OAAO,GAAG;AACxC,YAAQ,IAAI,kCAAkC,gBAAI,OAAO,IAAI;AAC7D;AAAA,EACF;AAEA,UAAQ,IAAI,YAAY,gBAAI,OAAO,WAAM,MAAM,KAAK;AACpD,MAAI;AACF,iBAAa,OAAO,CAAC,WAAW,MAAM,GAAG,WAAW,SAAS,GAAG;AAAA,MAC9D,SAAS;AAAA,MACT,OAAO;AAAA,MACP,OAAO;AAAA,IACT,CAAC;AACD,YAAQ,IAAI,cAAc,MAAM,GAAG;AAAA,EACrC,SAAS,KAAK;AACZ,YAAQ,MAAM,kBAAkB,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC,EAAE;AAClF,YAAQ,MAAM,gCAAgC,WAAW,EAAE;AAC3D,YAAQ,KAAK,CAAC;AAAA,EAChB;AACF,CAAC;;;AIzCH,SAAS,WAAAC,iBAAe;AAajB,IAAM,gBAAgB,IAAIC,UAAQ,QAAQ,EAC9C,YAAY,iCAAiC,EAC7C,OAAO,iBAA+B;AACrC,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,KAAK,MAAM,OAAO,QAAoB,OAAO,aAAa;AAEhE,MAAI,UAAU,IAAI,MAAM,QAAQ;AAC9B,YAAQ,IAAI,KAAK,UAAU,IAAI,MAAM,CAAC,CAAC;AACvC;AAAA,EACF;AAEA,UAAQ,IAAI,mBAAmB,GAAG,SAAS,EAAE;AAC7C,MAAI,GAAG,MAAO,SAAQ,IAAI,mBAAmB,GAAG,KAAK,EAAE;AACvD,MAAI,GAAG,QAAS,SAAQ,IAAI,mBAAmB,GAAG,OAAO,EAAE;AAC3D,MAAI,GAAG,OAAQ,SAAQ,IAAI,mBAAmB,GAAG,MAAM,EAAE;AACzD,UAAQ,IAAI,mBAAmB,GAAG,cAAc,EAAE;AAClD,MAAI,GAAG,QAAQ,GAAG,KAAK,SAAS,GAAG;AACjC,YAAQ,IAAI,gBAAgB;AAC5B,eAAW,KAAK,GAAG,MAAM;AACvB,cAAQ,IAAI,KAAK,EAAE,IAAI,KAAK,EAAE,MAAM,YAAO,EAAE,IAAI,EAAE;AAAA,IACrD;AAAA,EACF;AACF,CAAC;;;ACnCH,SAAS,WAAAC,iBAAe;AAqBjB,IAAM,gBAAgB,IAAIC,UAAQ,QAAQ,EAC9C,YAAY,sDAAsD,EAClE,OAAO,iBAA+B;AACrC,QAAM,SAAS,WAAW;AAC1B,QAAM,WAAW,MAAM,gBAAgB;AACvC,QAAM,YAAY,iBAAiB,gBAAI,OAAO;AAI9C,MAAI,aAA6B;AACjC,MAAI,KAAwB;AAC5B,MAAI,UAAU;AACZ,QAAI;AACF,WAAK,MAAM,IAAI,UAAU,EAAE,QAAoB,OAAO,aAAa;AACnE,mBAAa;AAAA,IACf,SAAS,KAAK;AACZ,UAAI,eAAe,aAAa,IAAI,WAAW,OAAO,IAAI,WAAW,KAAM,cAAa;AAAA,IAC1F;AAAA,EACF;AAEA,QAAM,WAA2B;AAAA,IAC/B,WAAW;AAAA,IACX,aAAa;AAAA,IACb,SAAS,OAAO;AAAA,IAChB,WAAW,IAAI,aAAa;AAAA,IAC5B,OAAO,IAAI,SAAS;AAAA,IACpB,QAAQ,IAAI,UAAU;AAAA,IACtB,QAAQ,IAAI,kBAAkB;AAAA,IAC9B,KAAK,EAAE,SAAS,gBAAI,SAAS,QAAQ,UAAU;AAAA,EACjD;AAEA,MAAI,UAAU,IAAI,MAAM,QAAQ;AAC9B,YAAQ,IAAI,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAC7C;AAAA,EACF;AAEA,MAAI,CAAC,UAAU;AACb,YAAQ,IAAI,mCAAmC;AAC/C,YAAQ,IAAI,QAAQ,OAAO,OAAO,EAAE;AACpC,QAAI,UAAW,SAAQ,IAAI,QAAQ,gBAAI,OAAO,aAAa,SAAS,+BAA0B;AAC9F;AAAA,EACF;AAEA,QAAM,cACJ,eAAe,OACX,gBACA,eAAe,QACb,+DACA;AACR,UAAQ,IAAI,YAAY,IAAI,QAAQ,OAAO,GAAG,KAAK,KAAK,EAAE,WAAM,WAAW,EAAE;AAC7E,UAAQ,IAAI,QAAQ,OAAO,OAAO,EAAE;AACpC,MAAI,IAAI,UAAW,SAAQ,IAAI,SAAS,GAAG,SAAS,EAAE;AACtD,MAAI,IAAI,OAAQ,SAAQ,IAAI,QAAQ,GAAG,MAAM,EAAE;AAC/C,MAAI,IAAI,eAAgB,SAAQ,IAAI,WAAW,GAAG,cAAc,EAAE;AAClE,MAAI,UAAW,SAAQ,IAAI,QAAQ,gBAAI,OAAO,aAAa,SAAS,+BAA0B;AAChG,CAAC;;;ApCnDI,IAAM,UAAU,IAAIC,UAAQ,OAAO,EACvC,YAAY,iDAA4C,EACxD,QAAQ,gBAAI,OAAO,EACnB,OAAO,mBAAmB,aAAa,EACvC,OAAO,qBAAqB,gCAAgC,OAAO,EACnE,OAAO,UAAU,6BAA6B;AAEjD,QAAQ,WAAW,YAAY;AAC/B,QAAQ,WAAW,aAAa;AAChC,QAAQ,WAAW,aAAa;AAChC,QAAQ,WAAW,aAAa;AAChC,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,kBAAkB;AACrC,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,UAAU;AAC7B,QAAQ,WAAW,oBAAoB;AACvC,QAAQ,WAAW,wBAAwB;AAC3C,QAAQ,WAAW,yBAAyB;AAC5C,QAAQ,WAAW,kBAAkB;AACrC,QAAQ,WAAW,YAAY;AAC/B,QAAQ,WAAW,eAAe;AAClC,QAAQ,WAAW,YAAY;AAC/B,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,aAAa;AAChC,QAAQ,WAAW,cAAc;AACjC,QAAQ,WAAW,gBAAgB;AACnC,QAAQ,WAAW,YAAY;AAC/B,QAAQ,WAAW,aAAa;AAChC,QAAQ,WAAW,aAAa;;;AqCrDhC,SAAS,WAAAC,UAAS,UAAU,YAAY;AAMxC,IAAI,SAA8B;AAElC,SAAS,SAA6B;AACpC,MAAI,QAAQ,IAAI,0BAA0B,EAAG,QAAO;AACpD,SAAO,QAAQ,IAAI,sBAAsB,KAAK;AAChD;AAaO,SAAS,UAAqC,OAAU,MAAiB;AAC9E,QAAM,OAAO,KAAK,QAAQ,WAAW,EAAE;AACvC,MAAI,CAAC,KAAM,QAAO;AAClB,QAAM,KAAK,IAAI,OAAO,KAAK,QAAQ,uBAAuB,MAAM,IAAI,iBAAiB,GAAG;AACxF,QAAM,QAAQ,CAAC,MAAsB,EAAE,QAAQ,IAAI,GAAG;AACtD,aAAW,SAAS,MAAM,WAAW,UAAU,CAAC,GAAG;AACjD,QAAI,MAAM,MAAO,OAAM,QAAQ,MAAM,MAAM,KAAK;AAChD,eAAW,SAAS,MAAM,YAAY,UAAU,CAAC,GAAG;AAClD,UAAI,MAAM,SAAU,OAAM,WAAW,MAAM,MAAM,QAAQ;AACzD,UAAI,MAAM,SAAU,OAAM,WAAW,MAAM,MAAM,QAAQ;AAAA,IAC3D;AAAA,EACF;AACA,SAAO;AACT;AAOA,eAAsB,cAAcC,UAA6B,SAAgC;AAC/F,MAAI,OAAQ;AACZ,QAAM,MAAM,OAAO;AACnB,MAAI,CAAC,IAAK;AACV,MAAI;AACF,UAAM,MAAM,MAAM,OAAO,cAAc;AACvC,UAAM,OAAOC,SAAQ;AACrB,QAAI,KAAK;AAAA,MACP;AAAA,MACA,kBAAkB;AAAA,MAClB,SAAS,aAAa,OAAO;AAAA,MAC7B,aAAa;AAAA,MACb,qBAAqB;AAAA,MACrB,YAAY,CAAC,UAAU,UAAU,OAAO,IAAI;AAAA,IAC9C,CAAC;AACD,QAAI,OAAO,WAAWD,YAAW,SAAS;AAC1C,QAAI,OAAO,gBAAgB,QAAQ,OAAO;AAC1C,QAAI,OAAO,eAAe,SAAS,CAAC;AACpC,QAAI,OAAO,WAAW,KAAK,CAAC;AAC5B,aAAS;AAAA,EACX,QAAQ;AACN,aAAS;AAAA,EACX;AACF;AAGO,SAAS,iBAAiB,KAAoB;AACnD,MAAI,CAAC,OAAQ;AACb,MAAI,eAAe,YAAY,IAAI,WAAY;AAC/C,MAAI;AACF,WAAO,iBAAiB,GAAG;AAAA,EAC7B,QAAQ;AAAA,EAER;AACF;AAGA,eAAsB,iBAAgC;AACpD,MAAI,CAAC,OAAQ;AACb,MAAI;AACF,UAAM,OAAO,MAAM,GAAI;AAAA,EACzB,QAAQ;AAAA,EAER;AACA,WAAS;AACX;;;ACnFA,IAAM,oBAAoB,CAAC,aAAa,MAAM,UAAU,MAAM,QAAQ,QAAQ;AAC9E,IAAM,UAAU,QAAQ,KAAK,CAAC;AAE9B,eAAe,OAAsB;AACnC,QAAM,cAAc,SAAS,gBAAI,OAAO;AACxC,QAAM,QAAQ,WAAW;AACzB,MAAI,WAAW,CAAC,kBAAkB,SAAS,OAAO,GAAG;AACnD,oBAAgB,gBAAI,OAAO;AAAA,EAC7B;AACF;AAEA,KAAK,EACF,KAAK,MAAM,eAAe,CAAC,EAC3B,MAAM,OAAO,QAAQ;AACpB,iBAAe,GAAG;AAClB,mBAAiB,GAAG;AACpB,QAAM,eAAe;AACrB,UAAQ,KAAK,CAAC;AAChB,CAAC;","names":["Command","Command","Command","Command","readFileSync","Command","Command","Command","Command","Command","Command","readFileSync","Command","readFileSync","Command","Command","Command","Command","Command","Command","Command","readFileSync","Command","readFileSync","Command","Command","randomUUID","Command","Command","randomUUID","Command","Command","Command","Command","Command","Command","writeFileSync","Command","Command","Command","readFileSync","readFileSync","Command","Command","Command","Command","Command","Command","readFileSync","writeFileSync","mkdirSync","join","join","readFileSync","mkdirSync","writeFileSync","Command","Command","Command","Command","Command","Command","homedir","command","homedir"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "rekor-cli",
3
- "version": "0.1.38",
3
+ "version": "0.1.40",
4
4
  "type": "module",
5
5
  "engines": {
6
6
  "node": ">=20.0.0"