run402-mcp 2.39.4 → 2.41.0

package/core/dist/control-plane-session.d.ts

@@ -0,0 +1,53 @@
+/**
+ * A cached **control-plane session** — the human principal's *write-capable*
+ * bearer, minted by the loopback-PKCE flow (`run402 operator login --loopback`).
+ * Distinct from the device-flow {@link OperatorSession} (read-only): this one
+ * carries `provenance` (`loopback_pkce`) and `amr`, and is accepted everywhere a
+ * SIWX wallet is. Cached at the BASE config dir (email/principal-scoped, shared
+ * across local named wallets), mode 0600 — the token is as sensitive as the
+ * allowance key.
+ *
+ * Stored shape vs the gateway payload: the gateway returns a relative
+ * `expires_in` (seconds); we persist the absolute `expires_at` (epoch ms) so a
+ * cached session can be expiry-checked without knowing when it was written.
+ */
+export interface ControlPlaneSessionCache {
+    control_plane_session_token: string;
+    token_type: string;
+    provenance: string;
+    principal_id: string;
+    amr: string[];
+    /** Epoch ms when the session expires (issued_at + expires_in). */
+    expires_at: number;
+}
+/** The token payload returned by `POST /agent/v1/control-plane/cli/token`. */
+export interface ControlPlaneSessionTokenResponse {
+    control_plane_session_token: string;
+    token_type?: string;
+    provenance?: string;
+    principal_id?: string;
+    amr?: string[];
+    expires_in?: number;
+}
+/**
+ * Path to the cached control-plane session: `{base}/control-plane-session.json`.
+ * `RUN402_CONTROL_PLANE_SESSION_PATH` overrides for testing.
+ */
+export declare function getControlPlaneSessionPath(): string;
+/**
+ * Load the cached control-plane session. Returns `null` for the "no session"
+ * cases (absent, unreadable, unparseable). Throws when the file parses as JSON
+ * but the shape is wrong, so a corrupted cache surfaces a clear fix-it.
+ */
+export declare function readControlPlaneSession(path?: string): ControlPlaneSessionCache | null;
+/** Persist a control-plane session atomically (temp-file + rename), mode 0600. */
+export declare function saveControlPlaneSession(data: ControlPlaneSessionCache, path?: string): void;
+/** Delete the cached control-plane session — local half of `operator logout`. Idempotent. */
+export declare function clearControlPlaneSession(path?: string): void;
+/** Whether a cached session is past its usable life (with a small skew buffer). */
+export declare function isControlPlaneSessionExpired(session: ControlPlaneSessionCache, nowMs?: number, skewMs?: number): boolean;
+/** Read the cached session and return it only if still usable; `null` if absent or expired. */
+export declare function loadLiveControlPlaneSession(path?: string, nowMs?: number): ControlPlaneSessionCache | null;
+/** Map a gateway token payload (relative `expires_in`) into the cached shape (absolute `expires_at`). */
+export declare function controlPlaneSessionFromTokenResponse(resp: ControlPlaneSessionTokenResponse, nowMs?: number): ControlPlaneSessionCache;
+//# sourceMappingURL=control-plane-session.d.ts.map

package/core/dist/control-plane-session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"control-plane-session.d.ts","sourceRoot":"","sources":["../src/control-plane-session.ts"],"names":[],"mappings":"AAcA;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,wBAAwB;IACvC,2BAA2B,EAAE,MAAM,CAAC;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,GAAG,EAAE,MAAM,EAAE,CAAC;IACd,kEAAkE;IAClE,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,8EAA8E;AAC9E,MAAM,WAAW,gCAAgC;IAC/C,2BAA2B,EAAE,MAAM,CAAC;IACpC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,IAAI,MAAM,CAKnD;AAkBD;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,wBAAwB,GAAG,IAAI,CA2CtF;AAED,kFAAkF;AAClF,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,wBAAwB,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAQ3F;AAED,6FAA6F;AAC7F,wBAAgB,wBAAwB,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAO5D;AAED,mFAAmF;AACnF,wBAAgB,4BAA4B,CAC1C,OAAO,EAAE,wBAAwB,EACjC,KAAK,GAAE,MAAmB,EAC1B,MAAM,SAAS,GACd,OAAO,CAET;AAED,+FAA+F;AAC/F,wBAAgB,2BAA2B,CACzC,IAAI,CAAC,EAAE,MAAM,EACb,KAAK,GAAE,MAAmB,GACzB,wBAAwB,GAAG,IAAI,CAIjC;AAED,yGAAyG;AACzG,wBAAgB,oCAAoC,CAClD,IAAI,EAAE,gCAAgC,EACtC,KAAK,GAAE,MAAmB,GACzB,wBAAwB,CAS1B"}

package/core/dist/control-plane-session.js

@@ -0,0 +1,114 @@
+import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync, renameSync, statSync, rmSync, } from "node:fs";
+import { dirname, join } from "node:path";
+import { randomBytes } from "node:crypto";
+import { getConfigBaseDir } from "./config.js";
+/**
+ * Path to the cached control-plane session: `{base}/control-plane-session.json`.
+ * `RUN402_CONTROL_PLANE_SESSION_PATH` overrides for testing.
+ */
+export function getControlPlaneSessionPath() {
+    return (process.env.RUN402_CONTROL_PLANE_SESSION_PATH ||
+        join(getConfigBaseDir(), "control-plane-session.json"));
+}
+/** Tighten 0600 if group/other-readable, warning once. Best-effort, POSIX-only. */
+function selfHealPermissions(p) {
+    if (process.platform === "win32")
+        return;
+    try {
+        const mode = statSync(p).mode & 0o777;
+        if ((mode & 0o077) !== 0) {
+            chmodSync(p, 0o600);
+            process.stderr.write(`warning: tightened permissions on ${p} from ${mode.toString(8)} to 600 (was readable by other users).\n`);
+        }
+    }
+    catch {
+        // Best-effort; never block a read on a chmod/stat failure.
+    }
+}
+/**
+ * Load the cached control-plane session. Returns `null` for the "no session"
+ * cases (absent, unreadable, unparseable). Throws when the file parses as JSON
+ * but the shape is wrong, so a corrupted cache surfaces a clear fix-it.
+ */
+export function readControlPlaneSession(path) {
+    const p = path ?? getControlPlaneSessionPath();
+    if (!existsSync(p))
+        return null;
+    selfHealPermissions(p);
+    let raw;
+    try {
+        raw = readFileSync(p, "utf-8");
+    }
+    catch {
+        return null;
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+    if (parsed === null || typeof parsed !== "object" || Array.isArray(parsed)) {
+        throw new Error("control-plane-session.json must contain a JSON object. Delete it and run 'run402 operator login --loopback' to recreate it.");
+    }
+    const data = parsed;
+    if (typeof data.control_plane_session_token !== "string" ||
+        data.control_plane_session_token.length === 0) {
+        throw new Error("control-plane-session.json missing valid 'control_plane_session_token'. Run 'run402 operator login --loopback' to refresh it.");
+    }
+    if (typeof data.expires_at !== "number" || !Number.isFinite(data.expires_at)) {
+        throw new Error("control-plane-session.json missing valid 'expires_at'. Run 'run402 operator login --loopback' to refresh it.");
+    }
+    return {
+        control_plane_session_token: data.control_plane_session_token,
+        token_type: typeof data.token_type === "string" ? data.token_type : "Bearer",
+        provenance: typeof data.provenance === "string" ? data.provenance : "loopback_pkce",
+        principal_id: typeof data.principal_id === "string" ? data.principal_id : "",
+        amr: Array.isArray(data.amr) ? data.amr.filter((a) => typeof a === "string") : [],
+        expires_at: data.expires_at,
+    };
+}
+/** Persist a control-plane session atomically (temp-file + rename), mode 0600. */
+export function saveControlPlaneSession(data, path) {
+    const p = path ?? getControlPlaneSessionPath();
+    const dir = dirname(p);
+    mkdirSync(dir, { recursive: true });
+    const tmp = join(dir, `.control-plane-session.${randomBytes(4).toString("hex")}.tmp`);
+    writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 0o600 });
+    renameSync(tmp, p);
+    chmodSync(p, 0o600);
+}
+/** Delete the cached control-plane session — local half of `operator logout`. Idempotent. */
+export function clearControlPlaneSession(path) {
+    const p = path ?? getControlPlaneSessionPath();
+    try {
+        rmSync(p, { force: true });
+    }
+    catch {
+        // Best-effort: a failed unlink should never crash logout.
+    }
+}
+/** Whether a cached session is past its usable life (with a small skew buffer). */
+export function isControlPlaneSessionExpired(session, nowMs = Date.now(), skewMs = 10_000) {
+    return nowMs + skewMs >= session.expires_at;
+}
+/** Read the cached session and return it only if still usable; `null` if absent or expired. */
+export function loadLiveControlPlaneSession(path, nowMs = Date.now()) {
+    const s = readControlPlaneSession(path);
+    if (!s)
+        return null;
+    return isControlPlaneSessionExpired(s, nowMs) ? null : s;
+}
+/** Map a gateway token payload (relative `expires_in`) into the cached shape (absolute `expires_at`). */
+export function controlPlaneSessionFromTokenResponse(resp, nowMs = Date.now()) {
+    return {
+        control_plane_session_token: resp.control_plane_session_token,
+        token_type: resp.token_type ?? "Bearer",
+        provenance: resp.provenance ?? "loopback_pkce",
+        principal_id: resp.principal_id ?? "",
+        amr: Array.isArray(resp.amr) ? resp.amr.filter((a) => typeof a === "string") : [],
+        expires_at: nowMs + (typeof resp.expires_in === "number" ? resp.expires_in : 0) * 1000,
+    };
+}
+//# sourceMappingURL=control-plane-session.js.map

package/core/dist/control-plane-session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"control-plane-session.js","sourceRoot":"","sources":["../src/control-plane-session.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,aAAa,EACb,SAAS,EACT,UAAU,EACV,SAAS,EACT,UAAU,EACV,QAAQ,EACR,MAAM,GACP,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAmC/C;;;GAGG;AACH,MAAM,UAAU,0BAA0B;IACxC,OAAO,CACL,OAAO,CAAC,GAAG,CAAC,iCAAiC;QAC7C,IAAI,CAAC,gBAAgB,EAAE,EAAE,4BAA4B,CAAC,CACvD,CAAC;AACJ,CAAC;AAED,mFAAmF;AACnF,SAAS,mBAAmB,CAAC,CAAS;IACpC,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO;QAAE,OAAO;IACzC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,KAAK,CAAC;QACtC,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;YACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,qCAAqC,CAAC,SAAS,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,0CAA0C,CAC1G,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2DAA2D;IAC7D,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CAAC,IAAa;IACnD,MAAM,CAAC,GAAG,IAAI,IAAI,0BAA0B,EAAE,CAAC;IAC/C,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAChC,mBAAmB,CAAC,CAAC,CAAC,CAAC;IACvB,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,MAAM,KAAK,IAAI,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3E,MAAM,IAAI,KAAK,CACb,6HAA6H,CAC9H,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,MAA2C,CAAC;IACzD,IACE,OAAO,IAAI,CAAC,2BAA2B,KAAK,QAAQ;QACpD,IAAI,CAAC,2BAA2B,CAAC,MAAM,KAAK,CAAC,EAC7C,CAAC;QACD,MAAM,IAAI,KAAK,CACb,+HAA+H,CAChI,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;QAC7E,MAAM,IAAI,KAAK,CACb,8GAA8G,CAC/G,CAAC;IACJ,CAAC;IACD,OAAO;QACL,2BAA2B,EAAE,IAAI,CAAC,2BAA2B;QAC7D,UAAU,EAAE,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ;QAC5E,UAAU,EAAE,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,eAAe;QACnF,YAAY,EAAE,OAAO,IAAI,CAAC,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE;QAC5E,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE;QAC9F,UAAU,EAAE,IAAI,CAAC,UAAU;KAC5B,CAAC;AACJ,CAAC;AAED,kFAAkF;AAClF,MAAM,UAAU,uBAAuB,CAAC,IAA8B,EAAE,IAAa;IACnF,MAAM,CAAC,GAAG,IAAI,IAAI,0BAA0B,EAAE,CAAC;IAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IACvB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,0BAA0B,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACtF,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACnE,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IACnB,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;AACtB,CAAC;AAED,6FAA6F;AAC7F,MAAM,UAAU,wBAAwB,CAAC,IAAa;IACpD,MAAM,CAAC,GAAG,IAAI,IAAI,0BAA0B,EAAE,CAAC;IAC/C,IAAI,CAAC;QACH,MAAM,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,0DAA0D;IAC5D,CAAC;AACH,CAAC;AAED,mFAAmF;AACnF,MAAM,UAAU,4BAA4B,CAC1C,OAAiC,EACjC,QAAgB,IAAI,CAAC,GAAG,EAAE,EAC1B,MAAM,GAAG,MAAM;IAEf,OAAO,KAAK,GAAG,MAAM,IAAI,OAAO,CAAC,UAAU,CAAC;AAC9C,CAAC;AAED,+FAA+F;AAC/F,MAAM,UAAU,2BAA2B,CACzC,IAAa,EACb,QAAgB,IAAI,CAAC,GAAG,EAAE;IAE1B,MAAM,CAAC,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACpB,OAAO,4BAA4B,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED,yGAAyG;AACzG,MAAM,UAAU,oCAAoC,CAClD,IAAsC,EACtC,QAAgB,IAAI,CAAC,GAAG,EAAE;IAE1B,OAAO;QACL,2BAA2B,EAAE,IAAI,CAAC,2BAA2B;QAC7D,UAAU,EAAE,IAAI,CAAC,UAAU,IAAI,QAAQ;QACvC,UAAU,EAAE,IAAI,CAAC,UAAU,IAAI,eAAe;QAC9C,YAAY,EAAE,IAAI,CAAC,YAAY,IAAI,EAAE;QACrC,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE;QAC9F,UAAU,EAAE,KAAK,GAAG,CAAC,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI;KACvF,CAAC;AACJ,CAAC"}

package/dist/tools/orgs.js

@@ -51,7 +51,7 @@ export const listOrgMembersSchema = {
 };
 export async function handleListOrgMembers(args) {
     try {
-        const members = await getSdk().org.members(args.billing_account_id);
+        const members = await getSdk().org.members.list(args.billing_account_id);
         if (members.length === 0) {
             return { content: [{ type: "text", text: `No members in \`${args.billing_account_id}\`.` }] };
         }
@@ -73,7 +73,7 @@ export const addOrgMemberSchema = {
 };
 export async function handleAddOrgMember(args) {
     try {
-        const res = await getSdk().org.addMember(args.billing_account_id, {
+        const res = await getSdk().org.members.add(args.billing_account_id, {
             wallet: args.wallet,
             role: args.role,
         });
@@ -98,7 +98,7 @@ export const setOrgMemberRoleSchema = {
 };
 export async function handleSetOrgMemberRole(args) {
     try {
-        const res = await getSdk().org.setRole(args.billing_account_id, args.principal_id, args.role);
+        const res = await getSdk().org.members.setRole(args.billing_account_id, args.principal_id, args.role);
         return {
             content: [{ type: "text", text: `Principal \`${res.principal_id}\` is now ${res.role}.` }],
         };
@@ -114,7 +114,7 @@ export const removeOrgMemberSchema = {
 };
 export async function handleRemoveOrgMember(args) {
     try {
-        const res = await getSdk().org.removeMember(args.billing_account_id, args.principal_id);
+        const res = await getSdk().org.members.revoke(args.billing_account_id, args.principal_id);
         return {
             content: [{ type: "text", text: `Removed principal \`${res.principal_id}\` from \`${args.billing_account_id}\`.` }],
         };

package/dist/tools/orgs.js.map

@@ -1 +1 @@
-{"version":3,"file":"orgs.js","sourceRoot":"","sources":["../../src/tools/orgs.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AACnC,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAK3C,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC;AAE1E,+EAA+E;AAE/E,MAAM,CAAC,MAAM,YAAY,GAAG,EAAE,CAAC;AAE/B,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,MAAM,MAAM,EAAE,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG;YACZ,eAAe,EAAE,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC,SAAS,CAAC,IAAI,GAAG,EAAE,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI;YAC5H,yBAAyB,EAAE,CAAC,gBAAgB,IAAI;YAChD,kBAAkB,EAAE,CAAC,WAAW,CAAC,MAAM,IAAI;YAC3C,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,CACnB,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,kBAAkB,aAAa,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,GAAG,CAC5E;SACF,CAAC;QACF,IAAI,EAAE,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC;YAAE,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,qBAAqB,CAAC;QACjF,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;IACjE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,WAAW,CAAC,GAAG,EAAE,8BAA8B,CAAC,CAAC;IAC1D,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E,MAAM,CAAC,MAAM,cAAc,GAAG,EAAE,CAAC;AAEjC,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACvC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtB,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,kCAAkC,EAAE,CAAC,EAAE,CAAC;QACnF,CAAC;QACD,MAAM,KAAK,GAAG;YACZ,kBAAkB,IAAI,CAAC,MAAM,IAAI;YACjC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,kBAAkB,aAAa,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC;SACnF,CAAC;QACF,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;IACjE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,WAAW,CAAC,GAAG,EAAE,uBAAuB,CAAC,CAAC;IACnD,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E,MAAM,CAAC,MAAM,oBAAoB,GAAG;IAClC,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,8CAA8C,CAAC;CACxF,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,IAAoC;IAC7E,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACpE,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,mBAAmB,IAAI,CAAC,kBAAkB,KAAK,EAAE,CAAC,EAAE,CAAC;QAChG,CAAC;QACD,MAAM,KAAK,GAAG;YACZ,gBAAgB,IAAI,CAAC,kBAAkB,OAAO,OAAO,CAAC,MAAM,IAAI;YAChE,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,YAAY,aAAa,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC;SAChF,CAAC;QACF,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;IACjE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,WAAW,CAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC;IACjD,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oDAAoD,CAAC;IAC7F,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iGAAiG,CAAC;IAC9H,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2FAA2F,CAAC;CAC5H,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,IAIxC;IACC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,MAAM,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,kBAAkB,EAAE;YAChE,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE,IAAI,CAAC,IAAI;SAChB,CAAC,CAAC;QACH,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,qBAAqB,GAAG,CAAC,YAAY,WAAW,IAAI,CAAC,kBAAkB,SAAS,GAAG,CAAC,IAAI,GAAG;iBAClG;aACF;SACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,WAAW,CAAC,GAAG,EAAE,mBAAmB,CAAC,CAAC;IAC/C,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,+BAA+B,CAAC;IACxE,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oEAAoE,CAAC;IACvG,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,+FAA+F,CAAC;CACrH,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,IAI5C;IACC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,MAAM,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9F,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,eAAe,GAAG,CAAC,YAAY,aAAa,GAAG,CAAC,IAAI,GAAG,EAAE,CAAC;SAC3F,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,WAAW,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC;IACrD,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,+BAA+B,CAAC;IACxE,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,sGAAsG,CAAC;CAC1I,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,IAG3C;IACC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,MAAM,EAAE,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QACxF,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,uBAAuB,GAAG,CAAC,YAAY,aAAa,IAAI,CAAC,kBAAkB,KAAK,EAAE,CAAC;SACpH,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,WAAW,CAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC;IACjD,CAAC;AACH,CAAC"}
+{"version":3,"file":"orgs.js","sourceRoot":"","sources":["../../src/tools/orgs.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AACnC,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAK3C,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC;AAE1E,+EAA+E;AAE/E,MAAM,CAAC,MAAM,YAAY,GAAG,EAAE,CAAC;AAE/B,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,MAAM,MAAM,EAAE,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG;YACZ,eAAe,EAAE,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC,SAAS,CAAC,IAAI,GAAG,EAAE,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI;YAC5H,yBAAyB,EAAE,CAAC,gBAAgB,IAAI;YAChD,kBAAkB,EAAE,CAAC,WAAW,CAAC,MAAM,IAAI;YAC3C,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,CACnB,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,kBAAkB,aAAa,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,GAAG,CAC5E;SACF,CAAC;QACF,IAAI,EAAE,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC;YAAE,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,qBAAqB,CAAC;QACjF,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;IACjE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,WAAW,CAAC,GAAG,EAAE,8BAA8B,CAAC,CAAC;IAC1D,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E,MAAM,CAAC,MAAM,cAAc,GAAG,EAAE,CAAC;AAEjC,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACvC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtB,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,kCAAkC,EAAE,CAAC,EAAE,CAAC;QACnF,CAAC;QACD,MAAM,KAAK,GAAG;YACZ,kBAAkB,IAAI,CAAC,MAAM,IAAI;YACjC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,kBAAkB,aAAa,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC;SACnF,CAAC;QACF,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;IACjE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,WAAW,CAAC,GAAG,EAAE,uBAAuB,CAAC,CAAC;IACnD,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E,MAAM,CAAC,MAAM,oBAAoB,GAAG;IAClC,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,8CAA8C,CAAC;CACxF,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,IAAoC;IAC7E,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACzE,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,mBAAmB,IAAI,CAAC,kBAAkB,KAAK,EAAE,CAAC,EAAE,CAAC;QAChG,CAAC;QACD,MAAM,KAAK,GAAG;YACZ,gBAAgB,IAAI,CAAC,kBAAkB,OAAO,OAAO,CAAC,MAAM,IAAI;YAChE,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,YAAY,aAAa,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC;SAChF,CAAC;QACF,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;IACjE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,WAAW,CAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC;IACjD,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oDAAoD,CAAC;IAC7F,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iGAAiG,CAAC;IAC9H,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2FAA2F,CAAC;CAC5H,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,IAIxC;IACC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,MAAM,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,kBAAkB,EAAE;YAClE,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE,IAAI,CAAC,IAAI;SAChB,CAAC,CAAC;QACH,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,qBAAqB,GAAG,CAAC,YAAY,WAAW,IAAI,CAAC,kBAAkB,SAAS,GAAG,CAAC,IAAI,GAAG;iBAClG;aACF;SACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,WAAW,CAAC,GAAG,EAAE,mBAAmB,CAAC,CAAC;IAC/C,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,+BAA+B,CAAC;IACxE,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oEAAoE,CAAC;IACvG,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,+FAA+F,CAAC;CACrH,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,IAI5C;IACC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,MAAM,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACtG,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,eAAe,GAAG,CAAC,YAAY,aAAa,GAAG,CAAC,IAAI,GAAG,EAAE,CAAC;SAC3F,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,WAAW,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC;IACrD,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,+BAA+B,CAAC;IACxE,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,sGAAsG,CAAC;CAC1I,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,IAG3C;IACC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,MAAM,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QAC1F,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,uBAAuB,GAAG,CAAC,YAAY,aAAa,IAAI,CAAC,kBAAkB,KAAK,EAAE,CAAC;SACpH,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,WAAW,CAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC;IACjD,CAAC;AACH,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "run402-mcp",
-  "version": "2.39.4",
+  "version": "2.41.0",
   "description": "MCP server for Run402 — AI-native Postgres databases with REST API, auth, storage, and row-level security. Pay with x402 USDC micropayments.",
   "type": "module",
   "main": "dist/index.js",

package/sdk/README.md

@@ -81,7 +81,7 @@ The `CredentialsProvider` interface has two required methods (`getAuth`, `getPro
 | `allowance` | `status`, `create`, `export`, `faucet` |
 | `service` | `status`, `health` (no auth, no setup — works on a fresh install) |
 | `admin` | Operator/admin endpoints: messages/contact, per-project finance (`getProjectFinance`) |
-| `operator` | **The human / email principal** — the *operator session*, distinct from the agent's per-wallet SIWX identity (and from platform-`admin`). `deviceStart`, `devicePoll`, `overview({ token })`, `revoke({ token })`: browser-delegated device-authorization (RFC 8628, the `aws sso login` model). `overview` returns the email-union across every wallet that verified the email; a single wallet's own view stays `run402 status`. Drives `run402 operator login/overview/whoami/logout`. No MCP tool by design — MCP authenticates as the agent, not the human. |
+| `operator` | **The human / email principal** — distinct from the agent's per-wallet SIWX identity (and from platform-`admin`). Read session: `deviceStart`, `devicePoll`, `overview({ token })`, `revoke({ token })` — browser-delegated device-authorization (RFC 8628, the `aws sso login` model); `overview` returns the email-union across every wallet that verified the email. Write session (v1.78): `buildCliAuthorizeUrl`/`exchangeCliToken` (loopback-PKCE CLI login) + the hosted `operator.session.*` surface (email magic-link / passkey / OAuth login, `whoami`/`refresh`/`revoke`, step-up, authenticators, recovery) — carry a minted session SDK-wide with `controlPlaneSessionCredentials({ token })`. Drives `run402 operator login[/--loopback]/overview/whoami/logout`. No MCP tool by design — MCP authenticates as the agent, not the human. |
 
 CLI-style aliases are available for agent ergonomics: `r.image` aliases `r.ai`,
 and common command names such as `r.billing.balance`, `r.auth.magicLink`,

package/sdk/core-dist/control-plane-session.d.ts

@@ -0,0 +1,53 @@
+/**
+ * A cached **control-plane session** — the human principal's *write-capable*
+ * bearer, minted by the loopback-PKCE flow (`run402 operator login --loopback`).
+ * Distinct from the device-flow {@link OperatorSession} (read-only): this one
+ * carries `provenance` (`loopback_pkce`) and `amr`, and is accepted everywhere a
+ * SIWX wallet is. Cached at the BASE config dir (email/principal-scoped, shared
+ * across local named wallets), mode 0600 — the token is as sensitive as the
+ * allowance key.
+ *
+ * Stored shape vs the gateway payload: the gateway returns a relative
+ * `expires_in` (seconds); we persist the absolute `expires_at` (epoch ms) so a
+ * cached session can be expiry-checked without knowing when it was written.
+ */
+export interface ControlPlaneSessionCache {
+    control_plane_session_token: string;
+    token_type: string;
+    provenance: string;
+    principal_id: string;
+    amr: string[];
+    /** Epoch ms when the session expires (issued_at + expires_in). */
+    expires_at: number;
+}
+/** The token payload returned by `POST /agent/v1/control-plane/cli/token`. */
+export interface ControlPlaneSessionTokenResponse {
+    control_plane_session_token: string;
+    token_type?: string;
+    provenance?: string;
+    principal_id?: string;
+    amr?: string[];
+    expires_in?: number;
+}
+/**
+ * Path to the cached control-plane session: `{base}/control-plane-session.json`.
+ * `RUN402_CONTROL_PLANE_SESSION_PATH` overrides for testing.
+ */
+export declare function getControlPlaneSessionPath(): string;
+/**
+ * Load the cached control-plane session. Returns `null` for the "no session"
+ * cases (absent, unreadable, unparseable). Throws when the file parses as JSON
+ * but the shape is wrong, so a corrupted cache surfaces a clear fix-it.
+ */
+export declare function readControlPlaneSession(path?: string): ControlPlaneSessionCache | null;
+/** Persist a control-plane session atomically (temp-file + rename), mode 0600. */
+export declare function saveControlPlaneSession(data: ControlPlaneSessionCache, path?: string): void;
+/** Delete the cached control-plane session — local half of `operator logout`. Idempotent. */
+export declare function clearControlPlaneSession(path?: string): void;
+/** Whether a cached session is past its usable life (with a small skew buffer). */
+export declare function isControlPlaneSessionExpired(session: ControlPlaneSessionCache, nowMs?: number, skewMs?: number): boolean;
+/** Read the cached session and return it only if still usable; `null` if absent or expired. */
+export declare function loadLiveControlPlaneSession(path?: string, nowMs?: number): ControlPlaneSessionCache | null;
+/** Map a gateway token payload (relative `expires_in`) into the cached shape (absolute `expires_at`). */
+export declare function controlPlaneSessionFromTokenResponse(resp: ControlPlaneSessionTokenResponse, nowMs?: number): ControlPlaneSessionCache;
+//# sourceMappingURL=control-plane-session.d.ts.map

package/sdk/core-dist/control-plane-session.js

@@ -0,0 +1,114 @@
+import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync, renameSync, statSync, rmSync, } from "node:fs";
+import { dirname, join } from "node:path";
+import { randomBytes } from "node:crypto";
+import { getConfigBaseDir } from "./config.js";
+/**
+ * Path to the cached control-plane session: `{base}/control-plane-session.json`.
+ * `RUN402_CONTROL_PLANE_SESSION_PATH` overrides for testing.
+ */
+export function getControlPlaneSessionPath() {
+    return (process.env.RUN402_CONTROL_PLANE_SESSION_PATH ||
+        join(getConfigBaseDir(), "control-plane-session.json"));
+}
+/** Tighten 0600 if group/other-readable, warning once. Best-effort, POSIX-only. */
+function selfHealPermissions(p) {
+    if (process.platform === "win32")
+        return;
+    try {
+        const mode = statSync(p).mode & 0o777;
+        if ((mode & 0o077) !== 0) {
+            chmodSync(p, 0o600);
+            process.stderr.write(`warning: tightened permissions on ${p} from ${mode.toString(8)} to 600 (was readable by other users).\n`);
+        }
+    }
+    catch {
+        // Best-effort; never block a read on a chmod/stat failure.
+    }
+}
+/**
+ * Load the cached control-plane session. Returns `null` for the "no session"
+ * cases (absent, unreadable, unparseable). Throws when the file parses as JSON
+ * but the shape is wrong, so a corrupted cache surfaces a clear fix-it.
+ */
+export function readControlPlaneSession(path) {
+    const p = path ?? getControlPlaneSessionPath();
+    if (!existsSync(p))
+        return null;
+    selfHealPermissions(p);
+    let raw;
+    try {
+        raw = readFileSync(p, "utf-8");
+    }
+    catch {
+        return null;
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+    if (parsed === null || typeof parsed !== "object" || Array.isArray(parsed)) {
+        throw new Error("control-plane-session.json must contain a JSON object. Delete it and run 'run402 operator login --loopback' to recreate it.");
+    }
+    const data = parsed;
+    if (typeof data.control_plane_session_token !== "string" ||
+        data.control_plane_session_token.length === 0) {
+        throw new Error("control-plane-session.json missing valid 'control_plane_session_token'. Run 'run402 operator login --loopback' to refresh it.");
+    }
+    if (typeof data.expires_at !== "number" || !Number.isFinite(data.expires_at)) {
+        throw new Error("control-plane-session.json missing valid 'expires_at'. Run 'run402 operator login --loopback' to refresh it.");
+    }
+    return {
+        control_plane_session_token: data.control_plane_session_token,
+        token_type: typeof data.token_type === "string" ? data.token_type : "Bearer",
+        provenance: typeof data.provenance === "string" ? data.provenance : "loopback_pkce",
+        principal_id: typeof data.principal_id === "string" ? data.principal_id : "",
+        amr: Array.isArray(data.amr) ? data.amr.filter((a) => typeof a === "string") : [],
+        expires_at: data.expires_at,
+    };
+}
+/** Persist a control-plane session atomically (temp-file + rename), mode 0600. */
+export function saveControlPlaneSession(data, path) {
+    const p = path ?? getControlPlaneSessionPath();
+    const dir = dirname(p);
+    mkdirSync(dir, { recursive: true });
+    const tmp = join(dir, `.control-plane-session.${randomBytes(4).toString("hex")}.tmp`);
+    writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 0o600 });
+    renameSync(tmp, p);
+    chmodSync(p, 0o600);
+}
+/** Delete the cached control-plane session — local half of `operator logout`. Idempotent. */
+export function clearControlPlaneSession(path) {
+    const p = path ?? getControlPlaneSessionPath();
+    try {
+        rmSync(p, { force: true });
+    }
+    catch {
+        // Best-effort: a failed unlink should never crash logout.
+    }
+}
+/** Whether a cached session is past its usable life (with a small skew buffer). */
+export function isControlPlaneSessionExpired(session, nowMs = Date.now(), skewMs = 10_000) {
+    return nowMs + skewMs >= session.expires_at;
+}
+/** Read the cached session and return it only if still usable; `null` if absent or expired. */
+export function loadLiveControlPlaneSession(path, nowMs = Date.now()) {
+    const s = readControlPlaneSession(path);
+    if (!s)
+        return null;
+    return isControlPlaneSessionExpired(s, nowMs) ? null : s;
+}
+/** Map a gateway token payload (relative `expires_in`) into the cached shape (absolute `expires_at`). */
+export function controlPlaneSessionFromTokenResponse(resp, nowMs = Date.now()) {
+    return {
+        control_plane_session_token: resp.control_plane_session_token,
+        token_type: resp.token_type ?? "Bearer",
+        provenance: resp.provenance ?? "loopback_pkce",
+        principal_id: resp.principal_id ?? "",
+        amr: Array.isArray(resp.amr) ? resp.amr.filter((a) => typeof a === "string") : [],
+        expires_at: nowMs + (typeof resp.expires_in === "number" ? resp.expires_in : 0) * 1000,
+    };
+}
+//# sourceMappingURL=control-plane-session.js.map

package/sdk/dist/control-plane-credentials.d.ts

@@ -0,0 +1,45 @@
+/**
+ * Control-plane **session** credential provider (gateway v1.78). Carries a
+ * write-capable `control_plane_session` bearer so the whole SDK authenticates as
+ * the human principal — the token is "accepted everywhere a SIWX wallet is", so
+ * `r.org.*`, `r.admin.transfers.*`, and `r.operator.session.*` all act as that
+ * principal.
+ *
+ * Isomorphic — no Node APIs. Mint a session with `r.operator.session.verifyEmail`
+ * / `passkeyVerify` / the loopback-PKCE `exchangeCliToken`, then:
+ *
+ *   const r = run402({ credentials: controlPlaneSessionCredentials({ token }) });
+ *   await r.org.whoami();            // resolves the principal + memberships
+ *
+ * High-stakes writes still require a fresh passkey — an `email`/`oauth` session
+ * gets {@link StepUpRequiredError}; run the step-up ceremony
+ * (`r.operator.session.stepUpOptions`/`stepUpVerify`) and retry.
+ *
+ * This credential authenticates control-plane operations only; it carries no
+ * project anon/service keys, so {@link CredentialsProvider.getProject} returns
+ * null (project-key operations need the keystore/wallet).
+ */
+import type { CredentialsProvider } from "./credentials.js";
+/** Brand marking a provider as control-plane-session-backed. */
+export declare const CONTROL_PLANE_SESSION_CREDENTIALS: unique symbol;
+export interface ControlPlaneSessionMarkedCredentialsProvider extends CredentialsProvider {
+    readonly [CONTROL_PLANE_SESSION_CREDENTIALS]: true;
+}
+export interface ControlPlaneSessionCredentialsOptions {
+    /** A `control_plane_session` bearer token. Provide this OR `getToken`. */
+    token?: string;
+    /**
+     * Lazily resolve the current token (e.g. read a cache, or rotate via
+     * `r.operator.session.refresh`). Called before every authenticated request.
+     */
+    getToken?: () => string | Promise<string>;
+}
+/** True if `credentials` was created by {@link controlPlaneSessionCredentials}. */
+export declare function isControlPlaneSessionCredentials(credentials: CredentialsProvider): credentials is ControlPlaneSessionMarkedCredentialsProvider;
+/**
+ * Build a {@link CredentialsProvider} that authenticates every request with a
+ * `control_plane_session` bearer. Pass a static `token`, or a `getToken`
+ * resolver for rotation.
+ */
+export declare function controlPlaneSessionCredentials(opts: ControlPlaneSessionCredentialsOptions): ControlPlaneSessionMarkedCredentialsProvider;
+//# sourceMappingURL=control-plane-credentials.d.ts.map

package/sdk/dist/control-plane-credentials.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"control-plane-credentials.d.ts","sourceRoot":"","sources":["../src/control-plane-credentials.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,KAAK,EAAE,mBAAmB,EAAe,MAAM,kBAAkB,CAAC;AAGzE,gEAAgE;AAChE,eAAO,MAAM,iCAAiC,eAE7C,CAAC;AAEF,MAAM,WAAW,4CAA6C,SAAQ,mBAAmB;IACvF,QAAQ,CAAC,CAAC,iCAAiC,CAAC,EAAE,IAAI,CAAC;CACpD;AAED,MAAM,WAAW,qCAAqC;IACpD,0EAA0E;IAC1E,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC3C;AAED,mFAAmF;AACnF,wBAAgB,gCAAgC,CAC9C,WAAW,EAAE,mBAAmB,GAC/B,WAAW,IAAI,4CAA4C,CAM7D;AAED;;;;GAIG;AACH,wBAAgB,8BAA8B,CAC5C,IAAI,EAAE,qCAAqC,GAC1C,4CAA4C,CA8B9C"}

package/sdk/dist/control-plane-credentials.js

@@ -0,0 +1,57 @@
+/**
+ * Control-plane **session** credential provider (gateway v1.78). Carries a
+ * write-capable `control_plane_session` bearer so the whole SDK authenticates as
+ * the human principal — the token is "accepted everywhere a SIWX wallet is", so
+ * `r.org.*`, `r.admin.transfers.*`, and `r.operator.session.*` all act as that
+ * principal.
+ *
+ * Isomorphic — no Node APIs. Mint a session with `r.operator.session.verifyEmail`
+ * / `passkeyVerify` / the loopback-PKCE `exchangeCliToken`, then:
+ *
+ *   const r = run402({ credentials: controlPlaneSessionCredentials({ token }) });
+ *   await r.org.whoami();            // resolves the principal + memberships
+ *
+ * High-stakes writes still require a fresh passkey — an `email`/`oauth` session
+ * gets {@link StepUpRequiredError}; run the step-up ceremony
+ * (`r.operator.session.stepUpOptions`/`stepUpVerify`) and retry.
+ *
+ * This credential authenticates control-plane operations only; it carries no
+ * project anon/service keys, so {@link CredentialsProvider.getProject} returns
+ * null (project-key operations need the keystore/wallet).
+ */
+import { LocalError } from "./errors.js";
+/** Brand marking a provider as control-plane-session-backed. */
+export const CONTROL_PLANE_SESSION_CREDENTIALS = Symbol.for("@run402/sdk/control-plane-session-credentials");
+/** True if `credentials` was created by {@link controlPlaneSessionCredentials}. */
+export function isControlPlaneSessionCredentials(credentials) {
+    return Boolean(credentials[CONTROL_PLANE_SESSION_CREDENTIALS]);
+}
+/**
+ * Build a {@link CredentialsProvider} that authenticates every request with a
+ * `control_plane_session` bearer. Pass a static `token`, or a `getToken`
+ * resolver for rotation.
+ */
+export function controlPlaneSessionCredentials(opts) {
+    if (!opts?.token && !opts?.getToken) {
+        throw new LocalError("controlPlaneSessionCredentials requires token or getToken", "creating control-plane session credentials");
+    }
+    const provider = {
+        async getAuth() {
+            const token = opts.getToken ? await opts.getToken() : opts.token;
+            if (!token) {
+                throw new LocalError("control-plane session credentials did not return a token", "authenticating with control-plane session");
+            }
+            return { Authorization: `Bearer ${token}` };
+        },
+        async getProject() {
+            // A control-plane session carries no project anon/service keys.
+            return null;
+        },
+    };
+    Object.defineProperty(provider, CONTROL_PLANE_SESSION_CREDENTIALS, {
+        value: true,
+        enumerable: false,
+    });
+    return provider;
+}
+//# sourceMappingURL=control-plane-credentials.js.map

package/sdk/dist/control-plane-credentials.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"control-plane-credentials.js","sourceRoot":"","sources":["../src/control-plane-credentials.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAGH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,gEAAgE;AAChE,MAAM,CAAC,MAAM,iCAAiC,GAAG,MAAM,CAAC,GAAG,CACzD,+CAA+C,CAChD,CAAC;AAgBF,mFAAmF;AACnF,MAAM,UAAU,gCAAgC,CAC9C,WAAgC;IAEhC,OAAO,OAAO,CACX,WAAqE,CACpE,iCAAiC,CAClC,CACF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,8BAA8B,CAC5C,IAA2C;IAE3C,IAAI,CAAC,IAAI,EAAE,KAAK,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC;QACpC,MAAM,IAAI,UAAU,CAClB,2DAA2D,EAC3D,4CAA4C,CAC7C,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAwB;QACpC,KAAK,CAAC,OAAO;YACX,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC;YACjE,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,UAAU,CAClB,0DAA0D,EAC1D,2CAA2C,CAC5C,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE,CAAC;QAC9C,CAAC;QACD,KAAK,CAAC,UAAU;YACd,gEAAgE;YAChE,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAC;IAEF,MAAM,CAAC,cAAc,CAAC,QAAQ,EAAE,iCAAiC,EAAE;QACjE,KAAK,EAAE,IAAI;QACX,UAAU,EAAE,KAAK;KAClB,CAAC,CAAC;IACH,OAAO,QAAwD,CAAC;AAClE,CAAC"}

package/sdk/dist/errors.d.ts

@@ -15,7 +15,7 @@
  * (or the exported `is*` guards) to branch on errors safely across SDK copies
  * and realms — value comparison, no class-identity dependency.
  */
-export type Run402ErrorKind = "payment_required" | "project_not_found" | "unauthorized" | "not_authorized" | "api_error" | "network_error" | "local_error" | "deploy_error" | "transfer_freeze";
+export type Run402ErrorKind = "payment_required" | "project_not_found" | "unauthorized" | "not_authorized" | "api_error" | "network_error" | "local_error" | "deploy_error" | "transfer_freeze" | "step_up_required";
 /**
  * Quota-denial scope discriminator (v1.46+). Indicates whether a quota-related
  * denial was enforced against the pooled billing-account total (`"account"`)
@@ -252,6 +252,34 @@ export declare class TransferFreezeError extends Run402Error {
     readonly projectId: string | null;
     constructor(message: string, status: number, body: unknown, context: string);
 }
+/**
+ * HTTP 403 `STEP_UP_REQUIRED` — the gateway requires a fresh, same-client
+ * step-up (a recent `passkey` AMR) before this high-stakes control-plane
+ * operation (delete / transfer / membership / invite / payment drain·rotate)
+ * may proceed. A `device_flow`-minted session can never satisfy it; the caller
+ * must complete the challenge at {@link challengeUrl} (e.g. via
+ * `run402 operator login --step-up`) on the same client and retry.
+ *
+ * Typed fields are lifted from the gateway `details` envelope; the same
+ * remediation pointer is also present in {@link Run402Error.nextActions} as an
+ * `authenticate` action.
+ */
+export declare class StepUpRequiredError extends Run402Error {
+    static readonly DEFAULT_CODE = "STEP_UP_REQUIRED";
+    static readonly DEFAULT_CATEGORY = "auth";
+    static readonly DEFAULT_RETRYABLE = false;
+    readonly kind: "step_up_required";
+    /** AMRs that would satisfy the step-up (e.g. `["passkey"]`). Empty when the gateway omitted it. */
+    readonly requiredAmr: string[];
+    /** Max age in seconds the satisfying auth may be; null when the gateway omitted it. */
+    readonly maxAgeSeconds: number | null;
+    /** Where to run the step-up challenge; null when the gateway omitted it. */
+    readonly challengeUrl: string | null;
+    /** Why the step-up was demanded (e.g. `"device_flow_forbidden"`); null when absent. */
+    readonly reason: string | null;
+    constructor(message: string, status: number, body: unknown, context: string);
+    toJSON(): Record<string, unknown>;
+}
 /** True if `e` is any {@link Run402Error} subclass instance, regardless of which SDK copy created it. */
 export declare function isRun402Error(e: unknown): e is Run402Error;
 /** True if `e` is a {@link PaymentRequired}. Survives duplicate SDK copies and realms. */
@@ -272,6 +300,8 @@ export declare function isLocalError(e: unknown): e is LocalError;
 export declare function isDeployError(e: unknown): e is Run402DeployError;
 /** True if `e` is a {@link TransferFreezeError}. */
 export declare function isTransferFreezeError(e: unknown): e is TransferFreezeError;
+/** True if `e` is a {@link StepUpRequiredError}. Survives duplicate SDK copies and realms. */
+export declare function isStepUpRequired(e: unknown): e is StepUpRequiredError;
 /**
  * Extract the v1.46+ quota-denial scope from an error. Returns `"account"`
  * for pooled denials, `"project"` for the orphan fallback, or `undefined`

package/sdk/dist/errors.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH;;;;GAIG;AACH,MAAM,MAAM,eAAe,GACvB,kBAAkB,GAClB,mBAAmB,GACnB,cAAc,GACd,gBAAgB,GAChB,WAAW,GACX,eAAe,GACf,aAAa,GACb,cAAc,GACd,iBAAiB,CAAC;AAEtB;;;;;;GAMG;AACH,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,SAAS,CAAC;AAErD,8BAAsB,WAAY,SAAQ,KAAK;IAC7C;;;;;OAKG;IACH,QAAQ,CAAC,aAAa,EAAG,IAAI,CAAU;IACvC;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAC;IACxC,iFAAiF;IACjF,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,+DAA+D;IAC/D,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB,2FAA2F;IAC3F,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,mFAAmF;IACnF,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,+DAA+D;IAC/D,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,kDAAkD;IAClD,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC;IAC7B,yFAAyF;IACzF,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC;IAC/B,sEAAsE;IACtE,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,+CAA+C;IAC/C,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,mFAAmF;IACnF,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B,oFAAoF;IACpF,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,EAAE,CAAC;IACjC;;;;;;OAMG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,gBAAgB,CAAC;gBAE3B,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM;IAgClF;;;;;;OAMG;IACH,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;CAmBlC;AAkBD,oGAAoG;AACpG,qBAAa,eAAgB,SAAQ,WAAW;IAC9C,MAAM,CAAC,QAAQ,CAAC,YAAY,sBAAsB;IAClD,MAAM,CAAC,QAAQ,CAAC,gBAAgB,sBAAsB;IACtD,MAAM,CAAC,QAAQ,CAAC,iBAAiB,SAAS;IAC1C,QAAQ,CAAC,IAAI,EAAG,kBAAkB,CAAU;CAC7C;AAED,qGAAqG;AACrG,qBAAa,eAAgB,SAAQ,WAAW;IAC9C,MAAM,CAAC,QAAQ,CAAC,YAAY,uBAAuB;IACnD,MAAM,CAAC,QAAQ,CAAC,gBAAgB,eAAe;IAC/C,MAAM,CAAC,QAAQ,CAAC,iBAAiB,SAAS;IAC1C,QAAQ,CAAC,IAAI,EAAG,mBAAmB,CAAU;IAC7C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;gBACf,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,GAAE,MAAM,GAAG,IAAW,EAAE,IAAI,GAAE,OAAc;CAInG;AAED,4FAA4F;AAC5F,qBAAa,YAAa,SAAQ,WAAW;IAC3C,MAAM,CAAC,QAAQ,CAAC,YAAY,kBAAkB;IAC9C,MAAM,CAAC,QAAQ,CAAC,gBAAgB,UAAU;IAC1C,MAAM,CAAC,QAAQ,CAAC,iBAAiB,SAAS;IAC1C,QAAQ,CAAC,IAAI,EAAG,cAAc,CAAU;CACzC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,kBAAmB,SAAQ,WAAW;IACjD,MAAM,CAAC,QAAQ,CAAC,YAAY,oBAAoB;IAChD,MAAM,CAAC,QAAQ,CAAC,gBAAgB,UAAU;IAC1C,MAAM,CAAC,QAAQ,CAAC,iBAAiB,SAAS;IAC1C,QAAQ,CAAC,IAAI,EAAG,gBAAgB,CAAU;IAC1C,4EAA4E;IAC5E,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,sGAAsG;IACtG,QAAQ,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,gGAAgG;IAChG,QAAQ,CAAC,kBAAkB,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3C;;;;;OAKG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;gBAEnB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM;IAuBlE,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;CAS3C;AAED,wDAAwD;AACxD,qBAAa,QAAS,SAAQ,WAAW;IACvC,MAAM,CAAC,QAAQ,CAAC,YAAY,eAAe;IAC3C,MAAM,CAAC,QAAQ,CAAC,gBAAgB,SAAS;IACzC,MAAM,CAAC,QAAQ,CAAC,iBAAiB,SAAS;IAC1C,QAAQ,CAAC,IAAI,EAAG,WAAW,CAAU;CACtC;AAED,iGAAiG;AACjG,qBAAa,YAAa,SAAQ,WAAW;IAC3C,MAAM,CAAC,QAAQ,CAAC,YAAY,mBAAmB;IAC/C,MAAM,CAAC,QAAQ,CAAC,gBAAgB,aAAa;IAC7C,MAAM,CAAC,QAAQ,CAAC,iBAAiB,QAAQ;IACzC,QAAQ,CAAC,IAAI,EAAG,eAAe,CAAU;IACzC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;gBACZ,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM;CAI7D;AAED,iGAAiG;AACjG,qBAAa,UAAW,SAAQ,WAAW;IACzC,MAAM,CAAC,QAAQ,CAAC,YAAY,iBAAiB;IAC7C,MAAM,CAAC,QAAQ,CAAC,gBAAgB,WAAW;IAC3C,MAAM,CAAC,QAAQ,CAAC,iBAAiB,SAAS;IAC1C,QAAQ,CAAC,IAAI,EAAG,aAAa,CAAU;IACvC,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;IACzB;;;;;;;OAOG;gBAED,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,IAAI,CAAC,EAAE,OAAO,GAAG;QAAE,KAAK,CAAC,EAAE,OAAO,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,OAAO,CAAA;KAAE;CAsBzE;AAED;;;;;;;;;GASG;AACH,MAAM,MAAM,qBAAqB,GAC7B,kBAAkB,GAClB,6BAA6B,GAC7B,yBAAyB,GACzB,uBAAuB,GACvB,kBAAkB,GAClB,+BAA+B,GAC/B,uBAAuB,GACvB,mBAAmB,GACnB,qBAAqB,GACrB,mBAAmB,GACnB,uBAAuB,GACvB,uBAAuB,GACvB,cAAc,GACd,qBAAqB,GACrB,gBAAgB,GAChB,qBAAqB,GACrB,eAAe,GACf,eAAe,GACf,eAAe,GACf,gBAAgB,GAChB,eAAe,GACf,mBAAmB,GACnB,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAElB,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,qBAAa,iBAAkB,SAAQ,WAAW;IAChD,QAAQ,CAAC,IAAI,EAAG,cAAc,CAAU;IACxC,QAAQ,CAAC,IAAI,EAAE,qBAAqB,CAAC;IACrC,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC;IAC5B,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,QAAQ,CAAC,GAAG,EAAE,oBAAoB,GAAG,IAAI,CAAC;IAC1C,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAC/B,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC;IAC7B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,aAAa,CAAC,EAAE,qBAAqB,CAAC;gBAG7C,OAAO,EAAE,MAAM,EACf,IAAI,EAAE;QACJ,IAAI,EAAE,qBAAqB,CAAC;QAC5B,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACtB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACzB,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC5B,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACvB,GAAG,CAAC,EAAE,oBAAoB,GAAG,IAAI,CAAC;QAClC,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;QACvB,UAAU,CAAC,EAAE,OAAO,CAAC;QACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,aAAa,CAAC,EAAE,qBAAqB,CAAC;QACtC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACvB,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;KACjB;IAiBM,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;CAgB3C;AAED;;;;;;;;;;;;GAYG;AACH,qBAAa,mBAAoB,SAAQ,WAAW;IAClD,MAAM,CAAC,QAAQ,CAAC,YAAY,kCAAkC;IAC9D,MAAM,CAAC,QAAQ,CAAC,gBAAgB,gBAAgB;IAChD,MAAM,CAAC,QAAQ,CAAC,iBAAiB,SAAS;IAC1C,QAAQ,CAAC,IAAI,EAAG,iBAAiB,CAAU;IAC3C,6DAA6D;IAC7D,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,wFAAwF;IACxF,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,qDAAqD;IACrD,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;gBAEtB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM;CAgB5E;AAoBD,yGAAyG;AACzG,wBAAgB,aAAa,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,WAAW,CAM1D;AAED,0FAA0F;AAC1F,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,eAAe,CAElE;AAED,gDAAgD;AAChD,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,eAAe,CAElE;AAED,8CAA8C;AAC9C,wBAAgB,cAAc,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,YAAY,CAE5D;AAED,oGAAoG;AACpG,wBAAgB,eAAe,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,kBAAkB,CAEnE;AAED,0CAA0C;AAC1C,wBAAgB,UAAU,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,QAAQ,CAEpD;AAED,6CAA6C;AAC7C,wBAAgB,cAAc,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,YAAY,CAE5D;AAED,2CAA2C;AAC3C,wBAAgB,YAAY,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,UAAU,CAExD;AAED,kDAAkD;AAClD,wBAAgB,aAAa,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,iBAAiB,CAEhE;AAED,oDAAoD;AACpD,wBAAgB,qBAAqB,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,mBAAmB,CAE1E;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,CAAC,EAAE,OAAO,GAAG,gBAAgB,GAAG,SAAS,CAEtE;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,sBAAsB,CAAC,CAAC,EAAE,OAAO,GAAG,OAAO,CAU1D"}
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH;;;;GAIG;AACH,MAAM,MAAM,eAAe,GACvB,kBAAkB,GAClB,mBAAmB,GACnB,cAAc,GACd,gBAAgB,GAChB,WAAW,GACX,eAAe,GACf,aAAa,GACb,cAAc,GACd,iBAAiB,GACjB,kBAAkB,CAAC;AAEvB;;;;;;GAMG;AACH,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,SAAS,CAAC;AAErD,8BAAsB,WAAY,SAAQ,KAAK;IAC7C;;;;;OAKG;IACH,QAAQ,CAAC,aAAa,EAAG,IAAI,CAAU;IACvC;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAC;IACxC,iFAAiF;IACjF,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,+DAA+D;IAC/D,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB,2FAA2F;IAC3F,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,mFAAmF;IACnF,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,+DAA+D;IAC/D,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,kDAAkD;IAClD,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC;IAC7B,yFAAyF;IACzF,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC;IAC/B,sEAAsE;IACtE,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,+CAA+C;IAC/C,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,mFAAmF;IACnF,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B,oFAAoF;IACpF,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,EAAE,CAAC;IACjC;;;;;;OAMG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,gBAAgB,CAAC;gBAE3B,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM;IAgClF;;;;;;OAMG;IACH,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;CAmBlC;AAkBD,oGAAoG;AACpG,qBAAa,eAAgB,SAAQ,WAAW;IAC9C,MAAM,CAAC,QAAQ,CAAC,YAAY,sBAAsB;IAClD,MAAM,CAAC,QAAQ,CAAC,gBAAgB,sBAAsB;IACtD,MAAM,CAAC,QAAQ,CAAC,iBAAiB,SAAS;IAC1C,QAAQ,CAAC,IAAI,EAAG,kBAAkB,CAAU;CAC7C;AAED,qGAAqG;AACrG,qBAAa,eAAgB,SAAQ,WAAW;IAC9C,MAAM,CAAC,QAAQ,CAAC,YAAY,uBAAuB;IACnD,MAAM,CAAC,QAAQ,CAAC,gBAAgB,eAAe;IAC/C,MAAM,CAAC,QAAQ,CAAC,iBAAiB,SAAS;IAC1C,QAAQ,CAAC,IAAI,EAAG,mBAAmB,CAAU;IAC7C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;gBACf,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,GAAE,MAAM,GAAG,IAAW,EAAE,IAAI,GAAE,OAAc;CAInG;AAED,4FAA4F;AAC5F,qBAAa,YAAa,SAAQ,WAAW;IAC3C,MAAM,CAAC,QAAQ,CAAC,YAAY,kBAAkB;IAC9C,MAAM,CAAC,QAAQ,CAAC,gBAAgB,UAAU;IAC1C,MAAM,CAAC,QAAQ,CAAC,iBAAiB,SAAS;IAC1C,QAAQ,CAAC,IAAI,EAAG,cAAc,CAAU;CACzC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,kBAAmB,SAAQ,WAAW;IACjD,MAAM,CAAC,QAAQ,CAAC,YAAY,oBAAoB;IAChD,MAAM,CAAC,QAAQ,CAAC,gBAAgB,UAAU;IAC1C,MAAM,CAAC,QAAQ,CAAC,iBAAiB,SAAS;IAC1C,QAAQ,CAAC,IAAI,EAAG,gBAAgB,CAAU;IAC1C,4EAA4E;IAC5E,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,sGAAsG;IACtG,QAAQ,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,gGAAgG;IAChG,QAAQ,CAAC,kBAAkB,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3C;;;;;OAKG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;gBAEnB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM;IAuBlE,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;CAS3C;AAED,wDAAwD;AACxD,qBAAa,QAAS,SAAQ,WAAW;IACvC,MAAM,CAAC,QAAQ,CAAC,YAAY,eAAe;IAC3C,MAAM,CAAC,QAAQ,CAAC,gBAAgB,SAAS;IACzC,MAAM,CAAC,QAAQ,CAAC,iBAAiB,SAAS;IAC1C,QAAQ,CAAC,IAAI,EAAG,WAAW,CAAU;CACtC;AAED,iGAAiG;AACjG,qBAAa,YAAa,SAAQ,WAAW;IAC3C,MAAM,CAAC,QAAQ,CAAC,YAAY,mBAAmB;IAC/C,MAAM,CAAC,QAAQ,CAAC,gBAAgB,aAAa;IAC7C,MAAM,CAAC,QAAQ,CAAC,iBAAiB,QAAQ;IACzC,QAAQ,CAAC,IAAI,EAAG,eAAe,CAAU;IACzC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;gBACZ,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM;CAI7D;AAED,iGAAiG;AACjG,qBAAa,UAAW,SAAQ,WAAW;IACzC,MAAM,CAAC,QAAQ,CAAC,YAAY,iBAAiB;IAC7C,MAAM,CAAC,QAAQ,CAAC,gBAAgB,WAAW;IAC3C,MAAM,CAAC,QAAQ,CAAC,iBAAiB,SAAS;IAC1C,QAAQ,CAAC,IAAI,EAAG,aAAa,CAAU;IACvC,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;IACzB;;;;;;;OAOG;gBAED,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,IAAI,CAAC,EAAE,OAAO,GAAG;QAAE,KAAK,CAAC,EAAE,OAAO,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,OAAO,CAAA;KAAE;CAsBzE;AAED;;;;;;;;;GASG;AACH,MAAM,MAAM,qBAAqB,GAC7B,kBAAkB,GAClB,6BAA6B,GAC7B,yBAAyB,GACzB,uBAAuB,GACvB,kBAAkB,GAClB,+BAA+B,GAC/B,uBAAuB,GACvB,mBAAmB,GACnB,qBAAqB,GACrB,mBAAmB,GACnB,uBAAuB,GACvB,uBAAuB,GACvB,cAAc,GACd,qBAAqB,GACrB,gBAAgB,GAChB,qBAAqB,GACrB,eAAe,GACf,eAAe,GACf,eAAe,GACf,gBAAgB,GAChB,eAAe,GACf,mBAAmB,GACnB,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAElB,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,qBAAa,iBAAkB,SAAQ,WAAW;IAChD,QAAQ,CAAC,IAAI,EAAG,cAAc,CAAU;IACxC,QAAQ,CAAC,IAAI,EAAE,qBAAqB,CAAC;IACrC,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC;IAC5B,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,QAAQ,CAAC,GAAG,EAAE,oBAAoB,GAAG,IAAI,CAAC;IAC1C,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAC/B,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC;IAC7B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,aAAa,CAAC,EAAE,qBAAqB,CAAC;gBAG7C,OAAO,EAAE,MAAM,EACf,IAAI,EAAE;QACJ,IAAI,EAAE,qBAAqB,CAAC;QAC5B,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACtB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACzB,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC5B,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACvB,GAAG,CAAC,EAAE,oBAAoB,GAAG,IAAI,CAAC;QAClC,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;QACvB,UAAU,CAAC,EAAE,OAAO,CAAC;QACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,aAAa,CAAC,EAAE,qBAAqB,CAAC;QACtC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACvB,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;KACjB;IAiBM,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;CAgB3C;AAED;;;;;;;;;;;;GAYG;AACH,qBAAa,mBAAoB,SAAQ,WAAW;IAClD,MAAM,CAAC,QAAQ,CAAC,YAAY,kCAAkC;IAC9D,MAAM,CAAC,QAAQ,CAAC,gBAAgB,gBAAgB;IAChD,MAAM,CAAC,QAAQ,CAAC,iBAAiB,SAAS;IAC1C,QAAQ,CAAC,IAAI,EAAG,iBAAiB,CAAU;IAC3C,6DAA6D;IAC7D,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,wFAAwF;IACxF,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,qDAAqD;IACrD,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;gBAEtB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM;CAgB5E;AAYD;;;;;;;;;;;GAWG;AACH,qBAAa,mBAAoB,SAAQ,WAAW;IAClD,MAAM,CAAC,QAAQ,CAAC,YAAY,sBAAsB;IAClD,MAAM,CAAC,QAAQ,CAAC,gBAAgB,UAAU;IAC1C,MAAM,CAAC,QAAQ,CAAC,iBAAiB,SAAS;IAC1C,QAAQ,CAAC,IAAI,EAAG,kBAAkB,CAAU;IAC5C,mGAAmG;IACnG,QAAQ,CAAC,WAAW,EAAE,MAAM,EAAE,CAAC;IAC/B,uFAAuF;IACvF,QAAQ,CAAC,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,4EAA4E;IAC5E,QAAQ,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,uFAAuF;IACvF,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;gBAEnB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM;IAuBlE,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;CAS3C;AAUD,yGAAyG;AACzG,wBAAgB,aAAa,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,WAAW,CAM1D;AAED,0FAA0F;AAC1F,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,eAAe,CAElE;AAED,gDAAgD;AAChD,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,eAAe,CAElE;AAED,8CAA8C;AAC9C,wBAAgB,cAAc,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,YAAY,CAE5D;AAED,oGAAoG;AACpG,wBAAgB,eAAe,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,kBAAkB,CAEnE;AAED,0CAA0C;AAC1C,wBAAgB,UAAU,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,QAAQ,CAEpD;AAED,6CAA6C;AAC7C,wBAAgB,cAAc,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,YAAY,CAE5D;AAED,2CAA2C;AAC3C,wBAAgB,YAAY,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,UAAU,CAExD;AAED,kDAAkD;AAClD,wBAAgB,aAAa,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,iBAAiB,CAEhE;AAED,oDAAoD;AACpD,wBAAgB,qBAAqB,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,mBAAmB,CAE1E;AAED,8FAA8F;AAC9F,wBAAgB,gBAAgB,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,mBAAmB,CAErE;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,CAAC,EAAE,OAAO,GAAG,gBAAgB,GAAG,SAAS,CAEtE;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,sBAAsB,CAAC,CAAC,EAAE,OAAO,GAAG,OAAO,CAU1D"}