npm - veryfront - Versions diffs - 0.0.49 → 0.0.51 - Mend

veryfront 0.0.49 → 0.0.51

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (493) hide show

package/dist/oauth/handlers.js ADDED Viewed

@@ -0,0 +1,554 @@
+// src/platform/compat/runtime.ts
+var isDeno = typeof Deno !== "undefined";
+var isNode = typeof globalThis.process !== "undefined" && globalThis.process?.versions?.node !== void 0;
+var isBun = typeof globalThis.Bun !== "undefined";
+var isCloudflare = typeof globalThis !== "undefined" && "caches" in globalThis && "WebSocketPair" in globalThis;
+// src/platform/compat/process.ts
+var nodeProcess = globalThis.process;
+var hasNodeProcess = !!nodeProcess?.versions?.node;
+function getEnv(key) {
+  if (isDeno) {
+    return process.env(key);
+  }
+  if (hasNodeProcess) {
+    return nodeProcess.env[key];
+  }
+  return void 0;
+}
+// src/core/oauth/providers/base.ts
+function generateRandomString(length) {
+  const array = new Uint8Array(length);
+  crypto.getRandomValues(array);
+  return Array.from(array, (byte) => byte.toString(16).padStart(2, "0")).join("").slice(0, length);
+}
+function generateCodeVerifier() {
+  return generateRandomString(64);
+}
+async function generateCodeChallenge(verifier) {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(verifier);
+  const hash = await crypto.subtle.digest("SHA-256", data);
+  return btoa(String.fromCharCode(...new Uint8Array(hash))).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+var OAuthProvider = class {
+  constructor(config) {
+    this.config = config;
+  }
+  /**
+   * Get client ID from environment
+   */
+  getClientId() {
+    return getEnv(this.config.clientIdEnvVar) || null;
+  }
+  /**
+   * Get client secret from environment
+   */
+  getClientSecret() {
+    return getEnv(this.config.clientSecretEnvVar) || null;
+  }
+  /**
+   * Check if provider is configured
+   */
+  isConfigured() {
+    return !!(this.getClientId() && this.getClientSecret());
+  }
+  /**
+   * Create authorization URL
+   */
+  async createAuthorizationUrl(options = {}) {
+    const clientId = this.getClientId();
+    if (!clientId) {
+      throw new Error(`${this.config.clientIdEnvVar} not configured`);
+    }
+    const state = options.state || generateRandomString(32);
+    const scopes = options.scopes || options.defaultScopes || [];
+    const redirectUri = options.redirectUri || "";
+    const usePkce = options.usePkce !== false;
+    let codeVerifier;
+    let codeChallenge;
+    if (usePkce) {
+      codeVerifier = generateCodeVerifier();
+      codeChallenge = await generateCodeChallenge(codeVerifier);
+    }
+    const params = new URLSearchParams({
+      client_id: clientId,
+      redirect_uri: redirectUri,
+      response_type: "code",
+      state,
+      ...scopes.length > 0 && { scope: scopes.join(" ") },
+      ...codeChallenge && {
+        code_challenge: codeChallenge,
+        code_challenge_method: "S256"
+      },
+      ...this.config.additionalAuthParams,
+      ...options.additionalParams
+    });
+    const oauthState = {
+      state,
+      codeVerifier,
+      redirectUri,
+      scopes,
+      createdAt: Date.now()
+    };
+    return {
+      url: `${this.config.authorizationUrl}?${params.toString()}`,
+      state: oauthState
+    };
+  }
+  /**
+   * Exchange authorization code for tokens
+   */
+  async exchangeCode(options) {
+    const clientId = this.getClientId();
+    const clientSecret = this.getClientSecret();
+    if (!clientId || !clientSecret) {
+      return {
+        success: false,
+        error: "OAuth not configured",
+        errorDescription: `Missing ${this.config.clientIdEnvVar} or ${this.config.clientSecretEnvVar}`
+      };
+    }
+    const body = new URLSearchParams({
+      grant_type: "authorization_code",
+      code: options.code,
+      redirect_uri: options.redirectUri,
+      ...options.codeVerifier && { code_verifier: options.codeVerifier },
+      ...!this.config.useBasicAuth && {
+        client_id: clientId,
+        client_secret: clientSecret
+      },
+      ...this.config.additionalTokenParams
+    });
+    const headers = {
+      "Content-Type": "application/x-www-form-urlencoded",
+      Accept: "application/json"
+    };
+    if (this.config.useBasicAuth) {
+      const credentials = btoa(`${clientId}:${clientSecret}`);
+      headers.Authorization = `Basic ${credentials}`;
+    }
+    try {
+      const response = await fetch(this.config.tokenUrl, {
+        method: "POST",
+        headers,
+        body: body.toString()
+      });
+      const data = await response.json();
+      if (!response.ok) {
+        return {
+          success: false,
+          error: data.error || "token_exchange_failed",
+          errorDescription: data.error_description || `Status ${response.status}`
+        };
+      }
+      const mapping = this.config.tokenResponseMapping || {};
+      const tokens = {
+        accessToken: data[mapping.accessToken || "access_token"],
+        refreshToken: data[mapping.refreshToken || "refresh_token"],
+        tokenType: data[mapping.tokenType || "token_type"],
+        scope: data[mapping.scope || "scope"],
+        idToken: data.id_token
+      };
+      const expiresIn = data[mapping.expiresIn || "expires_in"];
+      if (expiresIn) {
+        tokens.expiresAt = Date.now() + expiresIn * 1e3;
+      }
+      return { success: true, tokens };
+    } catch (error) {
+      return {
+        success: false,
+        error: "network_error",
+        errorDescription: error instanceof Error ? error.message : "Unknown error"
+      };
+    }
+  }
+  /**
+   * Refresh access token
+   */
+  async refreshTokens(refreshToken) {
+    const clientId = this.getClientId();
+    const clientSecret = this.getClientSecret();
+    if (!clientId || !clientSecret) {
+      return {
+        success: false,
+        error: "OAuth not configured"
+      };
+    }
+    const body = new URLSearchParams({
+      grant_type: "refresh_token",
+      refresh_token: refreshToken,
+      ...!this.config.useBasicAuth && {
+        client_id: clientId,
+        client_secret: clientSecret
+      }
+    });
+    const headers = {
+      "Content-Type": "application/x-www-form-urlencoded",
+      Accept: "application/json"
+    };
+    if (this.config.useBasicAuth) {
+      const credentials = btoa(`${clientId}:${clientSecret}`);
+      headers.Authorization = `Basic ${credentials}`;
+    }
+    try {
+      const response = await fetch(this.config.tokenUrl, {
+        method: "POST",
+        headers,
+        body: body.toString()
+      });
+      const data = await response.json();
+      if (!response.ok) {
+        return {
+          success: false,
+          error: data.error || "refresh_failed",
+          errorDescription: data.error_description
+        };
+      }
+      const mapping = this.config.tokenResponseMapping || {};
+      const tokens = {
+        accessToken: data[mapping.accessToken || "access_token"],
+        refreshToken: data[mapping.refreshToken || "refresh_token"] || refreshToken,
+        tokenType: data[mapping.tokenType || "token_type"],
+        scope: data[mapping.scope || "scope"]
+      };
+      const expiresIn = data[mapping.expiresIn || "expires_in"];
+      if (expiresIn) {
+        tokens.expiresAt = Date.now() + expiresIn * 1e3;
+      }
+      return { success: true, tokens };
+    } catch (error) {
+      return {
+        success: false,
+        error: "network_error",
+        errorDescription: error instanceof Error ? error.message : "Unknown error"
+      };
+    }
+  }
+  /**
+   * Revoke tokens
+   */
+  async revokeToken(token) {
+    if (!this.config.revocationUrl) {
+      return false;
+    }
+    try {
+      const response = await fetch(this.config.revocationUrl, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        body: new URLSearchParams({ token }).toString()
+      });
+      return response.ok;
+    } catch {
+      return false;
+    }
+  }
+};
+var OAuthService = class extends OAuthProvider {
+  constructor(config, tokenStore) {
+    super(config);
+    this.serviceConfig = config;
+    this.tokenStore = tokenStore;
+  }
+  /**
+   * Get service ID
+   */
+  get serviceId() {
+    return this.serviceConfig.serviceId;
+  }
+  /**
+   * Get API base URL
+   */
+  get apiBaseUrl() {
+    return this.serviceConfig.apiBaseUrl;
+  }
+  /**
+   * Create authorization URL with service defaults
+   */
+  createAuthorizationUrl(options = {}) {
+    return super.createAuthorizationUrl({
+      ...options,
+      defaultScopes: this.serviceConfig.defaultScopes
+    });
+  }
+  /**
+   * Get valid access token (refreshing if needed)
+   */
+  async getAccessToken() {
+    if (!this.tokenStore) {
+      return null;
+    }
+    const tokens = await this.tokenStore.getTokens(this.serviceId);
+    if (!tokens) {
+      return null;
+    }
+    if (tokens.expiresAt && Date.now() > tokens.expiresAt - 3e5) {
+      if (tokens.refreshToken) {
+        const result = await this.refreshTokens(tokens.refreshToken);
+        if (result.success && result.tokens) {
+          await this.tokenStore.setTokens(this.serviceId, result.tokens);
+          return result.tokens.accessToken;
+        }
+      }
+      return null;
+    }
+    return tokens.accessToken;
+  }
+  /**
+   * Make authenticated API request
+   */
+  async fetch(endpoint, options = {}) {
+    const token = await this.getAccessToken();
+    if (!token) {
+      throw new Error(`Not authenticated with ${this.serviceConfig.displayName}`);
+    }
+    const url = endpoint.startsWith("http") ? endpoint : `${this.apiBaseUrl}${endpoint}`;
+    const response = await fetch(url, {
+      ...options,
+      headers: {
+        Authorization: `Bearer ${token}`,
+        "Content-Type": "application/json",
+        ...options.headers
+      }
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new Error(`${this.serviceConfig.displayName} API error: ${response.status} ${error}`);
+    }
+    return response.json();
+  }
+};
+// src/core/oauth/token-store/memory.ts
+var MemoryTokenStore = class {
+  constructor() {
+    this.tokens = /* @__PURE__ */ new Map();
+    this.states = /* @__PURE__ */ new Map();
+    /** State expiration time in ms (10 minutes) */
+    this.stateExpirationMs = 10 * 60 * 1e3;
+  }
+  getTokens(serviceId) {
+    return Promise.resolve(this.tokens.get(serviceId) || null);
+  }
+  setTokens(serviceId, tokens) {
+    this.tokens.set(serviceId, tokens);
+    return Promise.resolve();
+  }
+  clearTokens(serviceId) {
+    this.tokens.delete(serviceId);
+    return Promise.resolve();
+  }
+  getState(state) {
+    const oauthState = this.states.get(state);
+    if (!oauthState) {
+      return Promise.resolve(null);
+    }
+    if (Date.now() - oauthState.createdAt > this.stateExpirationMs) {
+      this.states.delete(state);
+      return Promise.resolve(null);
+    }
+    return Promise.resolve(oauthState);
+  }
+  setState(oauthState) {
+    this.states.set(oauthState.state, oauthState);
+    this.cleanupExpiredStates();
+    return Promise.resolve();
+  }
+  clearState(state) {
+    this.states.delete(state);
+    return Promise.resolve();
+  }
+  /**
+   * Clean up expired states
+   */
+  cleanupExpiredStates() {
+    const now = Date.now();
+    for (const [state, oauthState] of this.states) {
+      if (now - oauthState.createdAt > this.stateExpirationMs) {
+        this.states.delete(state);
+      }
+    }
+  }
+  /**
+   * Get all stored service IDs
+   */
+  getConnectedServices() {
+    return Array.from(this.tokens.keys());
+  }
+  /**
+   * Check if a service is connected
+   */
+  isConnected(serviceId) {
+    const tokens = this.tokens.get(serviceId);
+    if (!tokens)
+      return false;
+    if (tokens.expiresAt && Date.now() > tokens.expiresAt) {
+      return !!tokens.refreshToken;
+    }
+    return true;
+  }
+  /**
+   * Clear all tokens
+   */
+  clearAll() {
+    this.tokens.clear();
+    this.states.clear();
+  }
+};
+var memoryTokenStore = new MemoryTokenStore();
+// src/core/oauth/handlers/callback-handler.ts
+function createOAuthCallbackHandler(config, options = {}) {
+  const {
+    tokenStore = memoryTokenStore,
+    baseUrl,
+    successRedirect = "/",
+    errorRedirect = "/",
+    onSuccess,
+    onError
+  } = options;
+  return async (request) => {
+    const url = new URL(request.url);
+    const code = url.searchParams.get("code");
+    const state = url.searchParams.get("state");
+    const error = url.searchParams.get("error");
+    const errorDescription = url.searchParams.get("error_description");
+    const appUrl = baseUrl || getEnv("APP_URL") || getEnv("NEXT_PUBLIC_APP_URL") || "http://localhost:3000";
+    if (error) {
+      console.error(`OAuth error for ${config.serviceId}:`, error, errorDescription);
+      if (onError) {
+        await onError(config.serviceId, error);
+      }
+      const errorUrl = new URL(errorRedirect, appUrl);
+      errorUrl.searchParams.set("error", error);
+      if (errorDescription) {
+        errorUrl.searchParams.set("error_description", errorDescription);
+      }
+      return Response.redirect(errorUrl.toString());
+    }
+    if (!code) {
+      if (onError) {
+        await onError(config.serviceId, "no_code");
+      }
+      const errorUrl = new URL(errorRedirect, appUrl);
+      errorUrl.searchParams.set("error", "no_code");
+      return Response.redirect(errorUrl.toString());
+    }
+    let oauthState = null;
+    if (state) {
+      oauthState = await tokenStore.getState(state);
+      if (!oauthState) {
+        console.warn(`Invalid or expired state for ${config.serviceId}`);
+      }
+    }
+    const service = new OAuthService(config, tokenStore);
+    const redirectUri = `${appUrl}/api/auth/${config.serviceId}/callback`;
+    try {
+      const result = await service.exchangeCode({
+        code,
+        redirectUri,
+        codeVerifier: oauthState?.codeVerifier
+      });
+      if (!result.success || !result.tokens) {
+        console.error(`Token exchange failed for ${config.serviceId}:`, result.error);
+        if (onError) {
+          await onError(config.serviceId, result.error || "exchange_failed");
+        }
+        const errorUrl = new URL(errorRedirect, appUrl);
+        errorUrl.searchParams.set("error", result.error || "token_exchange_failed");
+        return Response.redirect(errorUrl.toString());
+      }
+      await tokenStore.setTokens(config.serviceId, result.tokens);
+      if (state) {
+        await tokenStore.clearState(state);
+      }
+      if (onSuccess) {
+        await onSuccess(config.serviceId, result.tokens);
+      }
+      const successUrl = new URL(successRedirect, appUrl);
+      successUrl.searchParams.set("connected", config.serviceId);
+      return Response.redirect(successUrl.toString());
+    } catch (err) {
+      console.error(`OAuth callback error for ${config.serviceId}:`, err);
+      if (onError) {
+        await onError(config.serviceId, "callback_error");
+      }
+      const errorUrl = new URL(errorRedirect, appUrl);
+      errorUrl.searchParams.set("error", "callback_error");
+      return Response.redirect(errorUrl.toString());
+    }
+  };
+}
+// src/core/oauth/handlers/init-handler.ts
+function createOAuthInitHandler(config, options = {}) {
+  const { tokenStore = memoryTokenStore, baseUrl, authOptions = {} } = options;
+  return async () => {
+    const service = new OAuthService(config, tokenStore);
+    if (!service.isConfigured()) {
+      return Response.json(
+        {
+          error: `${config.displayName} OAuth not configured`,
+          details: `Missing ${config.clientIdEnvVar} or ${config.clientSecretEnvVar}`
+        },
+        { status: 500 }
+      );
+    }
+    const appUrl = baseUrl || getEnv("APP_URL") || getEnv("NEXT_PUBLIC_APP_URL") || "http://localhost:3000";
+    const redirectUri = `${appUrl}/api/auth/${config.serviceId}/callback`;
+    try {
+      const { url, state } = await service.createAuthorizationUrl({
+        ...authOptions,
+        redirectUri
+      });
+      await tokenStore.setState(state);
+      return Response.redirect(url);
+    } catch (error) {
+      console.error(`OAuth init error for ${config.serviceId}:`, error);
+      return Response.json(
+        {
+          error: "Failed to initiate OAuth flow",
+          details: error instanceof Error ? error.message : "Unknown error"
+        },
+        { status: 500 }
+      );
+    }
+  };
+}
+function createOAuthStatusHandler(config, options = {}) {
+  const { tokenStore = memoryTokenStore } = options;
+  return async () => {
+    const tokens = await tokenStore.getTokens(config.serviceId);
+    const isConnected = !!tokens?.accessToken;
+    const isExpired = tokens?.expiresAt ? Date.now() > tokens.expiresAt : false;
+    const hasRefreshToken = !!tokens?.refreshToken;
+    return Response.json({
+      service: config.serviceId,
+      displayName: config.displayName,
+      connected: isConnected && (!isExpired || hasRefreshToken),
+      configured: !!(getEnv(config.clientIdEnvVar) && getEnv(config.clientSecretEnvVar)),
+      expiresAt: tokens?.expiresAt,
+      hasRefreshToken
+    });
+  };
+}
+function createOAuthDisconnectHandler(config, options = {}) {
+  const { tokenStore = memoryTokenStore } = options;
+  return async () => {
+    await tokenStore.clearTokens(config.serviceId);
+    return Response.json({
+      success: true,
+      message: `Disconnected from ${config.displayName}`
+    });
+  };
+}
+export {
+  createOAuthCallbackHandler,
+  createOAuthDisconnectHandler,
+  createOAuthInitHandler,
+  createOAuthStatusHandler
+};
+//# sourceMappingURL=handlers.js.map

package/dist/oauth/handlers.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/platform/compat/runtime.ts", "../../../src/platform/compat/process.ts", "../../../src/core/oauth/providers/base.ts", "../../../src/core/oauth/token-store/memory.ts", "../../../src/core/oauth/handlers/callback-handler.ts", "../../../src/core/oauth/handlers/init-handler.ts"],
+  "sourcesContent": ["export const isDeno = typeof Deno !== \"undefined\";\nexport const isNode =\n  typeof (globalThis as { process?: { versions?: { node?: string } } }).process !== \"undefined\" &&\n  (globalThis as { process?: { versions?: { node?: string } } }).process?.versions?.node !==\n    undefined;\nexport const isBun = typeof (globalThis as { Bun?: unknown }).Bun !== \"undefined\";\nexport const isCloudflare = typeof globalThis !== \"undefined\" && \"caches\" in globalThis &&\n  \"WebSocketPair\" in globalThis;\n\n/**\n * Detect if running in Node.js (vs Deno)\n * Use this function instead of the constant when runtime detection needs to happen\n * at call time (e.g., when bundled with esbuild's __esm lazy initialization pattern)\n */\nexport function isNodeRuntime(): boolean {\n  // deno-lint-ignore no-explicit-any\n  const _global = globalThis as any;\n  return typeof Deno === \"undefined\" && typeof _global.process !== \"undefined\" &&\n    !!_global.process?.versions?.node;\n}\n", "import { isDeno as IS_DENO } from \"./runtime.ts\";\n\nconst nodeProcess = (globalThis as { process?: typeof import(\"node:process\") }).process;\nconst hasNodeProcess = !!nodeProcess?.versions?.node;\n\nexport function getArgs(): string[] {\n  if (IS_DENO) {\n    return Deno.args;\n  }\n  if (hasNodeProcess) {\n    return nodeProcess!.argv.slice(2);\n  }\n  return [];\n}\n\nexport function exit(code?: number): never {\n  if (IS_DENO) {\n    Deno.exit(code);\n  }\n  if (hasNodeProcess) {\n    nodeProcess!.exit(code);\n  }\n  throw new Error(\"exit() is not supported in this runtime\");\n}\n\nexport function cwd(): string {\n  if (IS_DENO) {\n    return Deno.cwd();\n  }\n  if (hasNodeProcess) {\n    return nodeProcess!.cwd();\n  }\n  throw new Error(\"cwd() is not supported in this runtime\");\n}\n\nexport function chdir(directory: string): void {\n  if (IS_DENO) {\n    Deno.chdir(directory);\n  } else {\n    if (hasNodeProcess) {\n      nodeProcess!.chdir(directory);\n      return;\n    }\n    throw new Error(\"chdir() is not supported in this runtime\");\n  }\n}\n\nexport function env(): Record<string, string> {\n  if (IS_DENO) {\n    return Deno.env.toObject();\n  }\n  if (hasNodeProcess) {\n    return nodeProcess!.env as Record<string, string>;\n  }\n  return {};\n}\n\nexport function getEnv(key: string): string | undefined {\n  if (IS_DENO) {\n    return Deno.env.get(key);\n  }\n  if (hasNodeProcess) {\n    return nodeProcess!.env[key];\n  }\n  return undefined;\n}\n\n/**\n * Get an environment variable or throw if not set\n * @throws Error if the environment variable is not set\n */\nexport function requireEnv(key: string): string {\n  const value = getEnv(key);\n  if (value === undefined) {\n    throw new Error(`Required environment variable \"${key}\" is not set`);\n  }\n  return value;\n}\n\nexport function setEnv(key: string, value: string): void {\n  if (IS_DENO) {\n    Deno.env.set(key, value);\n  } else {\n    if (hasNodeProcess) {\n      nodeProcess!.env[key] = value;\n      return;\n    }\n    throw new Error(\"setEnv() is not supported in this runtime\");\n  }\n}\n\nexport function deleteEnv(key: string): void {\n  if (IS_DENO) {\n    Deno.env.delete(key);\n  } else {\n    if (hasNodeProcess) {\n      delete nodeProcess!.env[key];\n      return;\n    }\n    throw new Error(\"deleteEnv() is not supported in this runtime\");\n  }\n}\n\nexport function pid(): number {\n  if (IS_DENO) {\n    return Deno.pid;\n  }\n  if (hasNodeProcess) {\n    return nodeProcess!.pid;\n  }\n  return 0;\n}\n\nexport function ppid(): number {\n  if (IS_DENO && \"ppid\" in Deno) {\n    return Deno.ppid || 0;\n  }\n  if (hasNodeProcess) {\n    return nodeProcess!.ppid || 0;\n  }\n  return 0;\n}\n\nexport function memoryUsage(): {\n  rss: number;\n  heapTotal: number;\n  heapUsed: number;\n  external: number;\n} {\n  if (IS_DENO) {\n    const usage = Deno.memoryUsage();\n    return {\n      rss: usage.rss,\n      heapTotal: usage.heapTotal,\n      heapUsed: usage.heapUsed,\n      external: usage.external,\n    };\n  }\n\n  if (!hasNodeProcess) {\n    throw new Error(\"memoryUsage() is not supported in this runtime\");\n  }\n\n  const usage = nodeProcess!.memoryUsage();\n  return {\n    rss: usage.rss,\n    heapTotal: usage.heapTotal,\n    heapUsed: usage.heapUsed,\n    external: usage.external || 0,\n  };\n}\n\n/**\n * Check if stdin is a TTY (terminal)\n */\nexport function isInteractive(): boolean {\n  if (IS_DENO) {\n    return Deno.stdin.isTerminal();\n  }\n  if (hasNodeProcess) {\n    return nodeProcess!.stdin.isTTY ?? false;\n  }\n  return false;\n}\n\n/**\n * Get network interfaces\n */\nexport async function getNetworkInterfaces(): Promise<\n  Array<{ name: string; address: string; family: \"IPv4\" | \"IPv6\" }>\n> {\n  if (IS_DENO) {\n    const interfaces = Deno.networkInterfaces();\n    return interfaces.map((iface) => ({\n      name: iface.name,\n      address: iface.address,\n      family: iface.family as \"IPv4\" | \"IPv6\",\n    }));\n  }\n\n  if (!hasNodeProcess) {\n    throw new Error(\"networkInterfaces() is not supported in this runtime\");\n  }\n\n  const os = await import(\"node:os\");\n  const interfaces = os.networkInterfaces();\n  const result: Array<{ name: string; address: string; family: \"IPv4\" | \"IPv6\" }> = [];\n\n  for (const [name, addrs] of Object.entries(interfaces)) {\n    if (!addrs) continue;\n    for (const addr of addrs) {\n      result.push({\n        name,\n        address: addr.address,\n        family: addr.family as \"IPv4\" | \"IPv6\",\n      });\n    }\n  }\n\n  return result;\n}\n\n/**\n * Get runtime version string\n */\nexport function getRuntimeVersion(): string {\n  if (IS_DENO) {\n    return `Deno ${Deno.version.deno}`;\n  }\n  if (\"Bun\" in globalThis) {\n    return `Bun ${(globalThis as unknown as { Bun: { version: string } }).Bun.version}`;\n  }\n  if (hasNodeProcess) {\n    return `Node.js ${nodeProcess!.version}`;\n  }\n  return \"unknown\";\n}\n\n/**\n * Register a signal handler (SIGINT, SIGTERM) for graceful shutdown\n */\nexport function onSignal(signal: \"SIGINT\" | \"SIGTERM\", handler: () => void): void {\n  if (IS_DENO) {\n    Deno.addSignalListener(signal, handler);\n  } else if (hasNodeProcess) {\n    nodeProcess!.on(signal, handler);\n  }\n}\n\n/**\n * Unreference a timer to prevent it from keeping the process alive\n */\nexport function unrefTimer(timerId: ReturnType<typeof setInterval>): void {\n  if (IS_DENO) {\n    Deno.unrefTimer(timerId as number);\n  } else if (timerId && typeof timerId === \"object\" && \"unref\" in timerId) {\n    (timerId as { unref: () => void }).unref();\n  }\n}\n\n/**\n * Get the executable path of the current runtime\n */\nexport function execPath(): string {\n  if (IS_DENO) {\n    return Deno.execPath();\n  }\n  if (hasNodeProcess) {\n    return nodeProcess!.execPath;\n  }\n  return \"\";\n}\n\n/**\n * Get process uptime in seconds\n * Returns OS uptime on Deno, process uptime on Node.js\n */\nexport function uptime(): number {\n  if (IS_DENO) {\n    // Deno.osUptime() returns system uptime in seconds\n    return Deno.osUptime?.() ?? 0;\n  }\n  if (hasNodeProcess) {\n    // process.uptime() returns process uptime in seconds\n    return nodeProcess!.uptime?.() ?? 0;\n  }\n  return 0;\n}\n\n/**\n * Get stdout stream for writing\n * Returns null if not available (e.g., in browser/workers)\n */\nexport function getStdout(): { write: (data: string) => void } | null {\n  if (IS_DENO) {\n    const encoder = new TextEncoder();\n    return {\n      write: (data: string) => {\n        Deno.stdout.writeSync(encoder.encode(data));\n      },\n    };\n  }\n  if (hasNodeProcess && nodeProcess!.stdout) {\n    return {\n      write: (data: string) => {\n        nodeProcess!.stdout.write(data);\n      },\n    };\n  }\n  return null;\n}\n\n// Cached Node.js modules for synchronous prompt\nlet cachedNodeFs: typeof import(\"node:fs\") | null = null;\n\n/**\n * Synchronous prompt function that works across Deno and Node.js\n * Displays a message and reads user input from stdin\n */\nexport function promptSync(message?: string): string | null {\n  if (IS_DENO) {\n    // Deno has a built-in prompt() function\n    return prompt(message);\n  }\n\n  if (hasNodeProcess) {\n    // Print the message\n    if (message) {\n      nodeProcess!.stdout.write(message + \" \");\n    }\n\n    // Lazy load fs module\n    if (!cachedNodeFs) {\n      // Dynamic import converted to sync require for bundling\n      // @ts-ignore - dynamic require for Node.js\n      cachedNodeFs = globalThis.require?.(\"node:fs\") || null;\n      if (!cachedNodeFs) {\n        // Try alternative approach\n        try {\n          // @ts-ignore: __require is injected by bundlers for Node.js require\n          cachedNodeFs = __require(\"node:fs\");\n        } catch {\n          return null;\n        }\n      }\n    }\n\n    if (!cachedNodeFs) {\n      return null;\n    }\n\n    // Read synchronously using fs\n    // This works by reading from file descriptor 0 (stdin)\n    // Use Uint8Array for cross-platform compatibility\n    const bufferSize = 1024;\n    const uint8Array = new Uint8Array(bufferSize);\n    let input = \"\";\n\n    try {\n      // Read from stdin (fd 0) synchronously\n      const bytesRead = cachedNodeFs.readSync(0, uint8Array, 0, bufferSize, null);\n      if (bytesRead > 0) {\n        const decoder = new TextDecoder(\"utf-8\");\n        input = decoder.decode(uint8Array.subarray(0, bytesRead)).trim();\n      }\n    } catch {\n      // If stdin is not available or EOF, return null\n      return null;\n    }\n\n    return input || null;\n  }\n\n  return null;\n}\n", "/**\n * Base OAuth Provider\n *\n * Generic OAuth 2.0 implementation that can be extended for specific providers.\n */\n\nimport type {\n  AuthorizationUrlOptions,\n  OAuthProviderConfig,\n  OAuthServiceConfig,\n  OAuthState,\n  OAuthTokens,\n  TokenExchangeOptions,\n  TokenExchangeResult,\n  TokenStore,\n} from \"../types.ts\";\nimport { getEnv } from \"../../../platform/compat/process.ts\";\n\n/**\n * Generate cryptographically secure random string\n */\nfunction generateRandomString(length: number): string {\n  const array = new Uint8Array(length);\n  crypto.getRandomValues(array);\n  return Array.from(array, (byte) => byte.toString(16).padStart(2, \"0\")).join(\"\").slice(0, length);\n}\n\n/**\n * Generate PKCE code verifier\n */\nfunction generateCodeVerifier(): string {\n  return generateRandomString(64);\n}\n\n/**\n * Generate PKCE code challenge from verifier\n */\nasync function generateCodeChallenge(verifier: string): Promise<string> {\n  const encoder = new TextEncoder();\n  const data = encoder.encode(verifier);\n  const hash = await crypto.subtle.digest(\"SHA-256\", data);\n  return btoa(String.fromCharCode(...new Uint8Array(hash)))\n    .replace(/\\+/g, \"-\")\n    .replace(/\\//g, \"_\")\n    .replace(/=+$/, \"\");\n}\n\n/**\n * Base OAuth provider class\n */\nexport class OAuthProvider {\n  protected config: OAuthProviderConfig;\n\n  constructor(config: OAuthProviderConfig) {\n    this.config = config;\n  }\n\n  /**\n   * Get client ID from environment\n   */\n  getClientId(): string | null {\n    return getEnv(this.config.clientIdEnvVar) || null;\n  }\n\n  /**\n   * Get client secret from environment\n   */\n  getClientSecret(): string | null {\n    return getEnv(this.config.clientSecretEnvVar) || null;\n  }\n\n  /**\n   * Check if provider is configured\n   */\n  isConfigured(): boolean {\n    return !!(this.getClientId() && this.getClientSecret());\n  }\n\n  /**\n   * Create authorization URL\n   */\n  async createAuthorizationUrl(\n    options: AuthorizationUrlOptions & { defaultScopes?: string[] } = {},\n  ): Promise<{ url: string; state: OAuthState }> {\n    const clientId = this.getClientId();\n    if (!clientId) {\n      throw new Error(`${this.config.clientIdEnvVar} not configured`);\n    }\n\n    const state = options.state || generateRandomString(32);\n    const scopes = options.scopes || options.defaultScopes || [];\n    const redirectUri = options.redirectUri || \"\";\n    const usePkce = options.usePkce !== false;\n\n    let codeVerifier: string | undefined;\n    let codeChallenge: string | undefined;\n\n    if (usePkce) {\n      codeVerifier = generateCodeVerifier();\n      codeChallenge = await generateCodeChallenge(codeVerifier);\n    }\n\n    const params = new URLSearchParams({\n      client_id: clientId,\n      redirect_uri: redirectUri,\n      response_type: \"code\",\n      state,\n      ...(scopes.length > 0 && { scope: scopes.join(\" \") }),\n      ...(codeChallenge && {\n        code_challenge: codeChallenge,\n        code_challenge_method: \"S256\",\n      }),\n      ...this.config.additionalAuthParams,\n      ...options.additionalParams,\n    });\n\n    const oauthState: OAuthState = {\n      state,\n      codeVerifier,\n      redirectUri,\n      scopes,\n      createdAt: Date.now(),\n    };\n\n    return {\n      url: `${this.config.authorizationUrl}?${params.toString()}`,\n      state: oauthState,\n    };\n  }\n\n  /**\n   * Exchange authorization code for tokens\n   */\n  async exchangeCode(options: TokenExchangeOptions): Promise<TokenExchangeResult> {\n    const clientId = this.getClientId();\n    const clientSecret = this.getClientSecret();\n\n    if (!clientId || !clientSecret) {\n      return {\n        success: false,\n        error: \"OAuth not configured\",\n        errorDescription:\n          `Missing ${this.config.clientIdEnvVar} or ${this.config.clientSecretEnvVar}`,\n      };\n    }\n\n    const body = new URLSearchParams({\n      grant_type: \"authorization_code\",\n      code: options.code,\n      redirect_uri: options.redirectUri,\n      ...(options.codeVerifier && { code_verifier: options.codeVerifier }),\n      ...(!this.config.useBasicAuth && {\n        client_id: clientId,\n        client_secret: clientSecret,\n      }),\n      ...this.config.additionalTokenParams,\n    });\n\n    const headers: Record<string, string> = {\n      \"Content-Type\": \"application/x-www-form-urlencoded\",\n      Accept: \"application/json\",\n    };\n\n    if (this.config.useBasicAuth) {\n      const credentials = btoa(`${clientId}:${clientSecret}`);\n      headers.Authorization = `Basic ${credentials}`;\n    }\n\n    try {\n      const response = await fetch(this.config.tokenUrl, {\n        method: \"POST\",\n        headers,\n        body: body.toString(),\n      });\n\n      const data = await response.json();\n\n      if (!response.ok) {\n        return {\n          success: false,\n          error: data.error || \"token_exchange_failed\",\n          errorDescription: data.error_description || `Status ${response.status}`,\n        };\n      }\n\n      const mapping = this.config.tokenResponseMapping || {};\n      const tokens: OAuthTokens = {\n        accessToken: data[mapping.accessToken || \"access_token\"],\n        refreshToken: data[mapping.refreshToken || \"refresh_token\"],\n        tokenType: data[mapping.tokenType || \"token_type\"],\n        scope: data[mapping.scope || \"scope\"],\n        idToken: data.id_token,\n      };\n\n      const expiresIn = data[mapping.expiresIn || \"expires_in\"];\n      if (expiresIn) {\n        tokens.expiresAt = Date.now() + expiresIn * 1000;\n      }\n\n      return { success: true, tokens };\n    } catch (error) {\n      return {\n        success: false,\n        error: \"network_error\",\n        errorDescription: error instanceof Error ? error.message : \"Unknown error\",\n      };\n    }\n  }\n\n  /**\n   * Refresh access token\n   */\n  async refreshTokens(refreshToken: string): Promise<TokenExchangeResult> {\n    const clientId = this.getClientId();\n    const clientSecret = this.getClientSecret();\n\n    if (!clientId || !clientSecret) {\n      return {\n        success: false,\n        error: \"OAuth not configured\",\n      };\n    }\n\n    const body = new URLSearchParams({\n      grant_type: \"refresh_token\",\n      refresh_token: refreshToken,\n      ...(!this.config.useBasicAuth && {\n        client_id: clientId,\n        client_secret: clientSecret,\n      }),\n    });\n\n    const headers: Record<string, string> = {\n      \"Content-Type\": \"application/x-www-form-urlencoded\",\n      Accept: \"application/json\",\n    };\n\n    if (this.config.useBasicAuth) {\n      const credentials = btoa(`${clientId}:${clientSecret}`);\n      headers.Authorization = `Basic ${credentials}`;\n    }\n\n    try {\n      const response = await fetch(this.config.tokenUrl, {\n        method: \"POST\",\n        headers,\n        body: body.toString(),\n      });\n\n      const data = await response.json();\n\n      if (!response.ok) {\n        return {\n          success: false,\n          error: data.error || \"refresh_failed\",\n          errorDescription: data.error_description,\n        };\n      }\n\n      const mapping = this.config.tokenResponseMapping || {};\n      const tokens: OAuthTokens = {\n        accessToken: data[mapping.accessToken || \"access_token\"],\n        refreshToken: data[mapping.refreshToken || \"refresh_token\"] || refreshToken,\n        tokenType: data[mapping.tokenType || \"token_type\"],\n        scope: data[mapping.scope || \"scope\"],\n      };\n\n      const expiresIn = data[mapping.expiresIn || \"expires_in\"];\n      if (expiresIn) {\n        tokens.expiresAt = Date.now() + expiresIn * 1000;\n      }\n\n      return { success: true, tokens };\n    } catch (error) {\n      return {\n        success: false,\n        error: \"network_error\",\n        errorDescription: error instanceof Error ? error.message : \"Unknown error\",\n      };\n    }\n  }\n\n  /**\n   * Revoke tokens\n   */\n  async revokeToken(token: string): Promise<boolean> {\n    if (!this.config.revocationUrl) {\n      return false;\n    }\n\n    try {\n      const response = await fetch(this.config.revocationUrl, {\n        method: \"POST\",\n        headers: {\n          \"Content-Type\": \"application/x-www-form-urlencoded\",\n        },\n        body: new URLSearchParams({ token }).toString(),\n      });\n\n      return response.ok;\n    } catch {\n      return false;\n    }\n  }\n}\n\n/**\n * Service-specific OAuth handler\n */\nexport class OAuthService extends OAuthProvider {\n  protected serviceConfig: OAuthServiceConfig;\n  protected tokenStore?: TokenStore;\n\n  constructor(config: OAuthServiceConfig, tokenStore?: TokenStore) {\n    super(config);\n    this.serviceConfig = config;\n    this.tokenStore = tokenStore;\n  }\n\n  /**\n   * Get service ID\n   */\n  get serviceId(): string {\n    return this.serviceConfig.serviceId;\n  }\n\n  /**\n   * Get API base URL\n   */\n  get apiBaseUrl(): string {\n    return this.serviceConfig.apiBaseUrl;\n  }\n\n  /**\n   * Create authorization URL with service defaults\n   */\n  override createAuthorizationUrl(\n    options: AuthorizationUrlOptions = {},\n  ): Promise<{ url: string; state: OAuthState }> {\n    return super.createAuthorizationUrl({\n      ...options,\n      defaultScopes: this.serviceConfig.defaultScopes,\n    });\n  }\n\n  /**\n   * Get valid access token (refreshing if needed)\n   */\n  async getAccessToken(): Promise<string | null> {\n    if (!this.tokenStore) {\n      return null;\n    }\n\n    const tokens = await this.tokenStore.getTokens(this.serviceId);\n    if (!tokens) {\n      return null;\n    }\n\n    // Check if token is expired (with 5 min buffer)\n    if (tokens.expiresAt && Date.now() > tokens.expiresAt - 300000) {\n      if (tokens.refreshToken) {\n        const result = await this.refreshTokens(tokens.refreshToken);\n        if (result.success && result.tokens) {\n          await this.tokenStore.setTokens(this.serviceId, result.tokens);\n          return result.tokens.accessToken;\n        }\n      }\n      return null;\n    }\n\n    return tokens.accessToken;\n  }\n\n  /**\n   * Make authenticated API request\n   */\n  async fetch<T>(\n    endpoint: string,\n    options: RequestInit = {},\n  ): Promise<T> {\n    const token = await this.getAccessToken();\n    if (!token) {\n      throw new Error(`Not authenticated with ${this.serviceConfig.displayName}`);\n    }\n\n    const url = endpoint.startsWith(\"http\") ? endpoint : `${this.apiBaseUrl}${endpoint}`;\n\n    const response = await fetch(url, {\n      ...options,\n      headers: {\n        Authorization: `Bearer ${token}`,\n        \"Content-Type\": \"application/json\",\n        ...options.headers,\n      },\n    });\n\n    if (!response.ok) {\n      const error = await response.text();\n      throw new Error(`${this.serviceConfig.displayName} API error: ${response.status} ${error}`);\n    }\n\n    return response.json();\n  }\n}\n", "/**\n * In-Memory Token Store\n *\n * Simple in-memory storage for OAuth tokens and state.\n * Suitable for development and single-instance deployments.\n */\n\nimport type { OAuthState, OAuthTokens, TokenStore } from \"../types.ts\";\n\n/**\n * In-memory token store implementation\n */\nexport class MemoryTokenStore implements TokenStore {\n  private tokens: Map<string, OAuthTokens> = new Map();\n  private states: Map<string, OAuthState> = new Map();\n\n  /** State expiration time in ms (10 minutes) */\n  private stateExpirationMs = 10 * 60 * 1000;\n\n  getTokens(serviceId: string): Promise<OAuthTokens | null> {\n    return Promise.resolve(this.tokens.get(serviceId) || null);\n  }\n\n  setTokens(serviceId: string, tokens: OAuthTokens): Promise<void> {\n    this.tokens.set(serviceId, tokens);\n    return Promise.resolve();\n  }\n\n  clearTokens(serviceId: string): Promise<void> {\n    this.tokens.delete(serviceId);\n    return Promise.resolve();\n  }\n\n  getState(state: string): Promise<OAuthState | null> {\n    const oauthState = this.states.get(state);\n    if (!oauthState) {\n      return Promise.resolve(null);\n    }\n\n    // Check if state has expired\n    if (Date.now() - oauthState.createdAt > this.stateExpirationMs) {\n      this.states.delete(state);\n      return Promise.resolve(null);\n    }\n\n    return Promise.resolve(oauthState);\n  }\n\n  setState(oauthState: OAuthState): Promise<void> {\n    this.states.set(oauthState.state, oauthState);\n    this.cleanupExpiredStates();\n    return Promise.resolve();\n  }\n\n  clearState(state: string): Promise<void> {\n    this.states.delete(state);\n    return Promise.resolve();\n  }\n\n  /**\n   * Clean up expired states\n   */\n  private cleanupExpiredStates(): void {\n    const now = Date.now();\n    for (const [state, oauthState] of this.states) {\n      if (now - oauthState.createdAt > this.stateExpirationMs) {\n        this.states.delete(state);\n      }\n    }\n  }\n\n  /**\n   * Get all stored service IDs\n   */\n  getConnectedServices(): string[] {\n    return Array.from(this.tokens.keys());\n  }\n\n  /**\n   * Check if a service is connected\n   */\n  isConnected(serviceId: string): boolean {\n    const tokens = this.tokens.get(serviceId);\n    if (!tokens) return false;\n\n    // Check if token is expired\n    if (tokens.expiresAt && Date.now() > tokens.expiresAt) {\n      // Token expired, but might be refreshable\n      return !!tokens.refreshToken;\n    }\n\n    return true;\n  }\n\n  /**\n   * Clear all tokens\n   */\n  clearAll(): void {\n    this.tokens.clear();\n    this.states.clear();\n  }\n}\n\n/**\n * Default in-memory token store instance\n */\nexport const memoryTokenStore = new MemoryTokenStore();\n", "/**\n * OAuth Callback Handler\n *\n * Reusable handler for OAuth callback routes.\n */\n\nimport { OAuthService } from \"../providers/base.ts\";\nimport type { OAuthServiceConfig, TokenStore } from \"../types.ts\";\nimport { memoryTokenStore } from \"../token-store/memory.ts\";\nimport { getEnv } from \"../../../platform/compat/process.ts\";\n\nexport interface OAuthCallbackHandlerOptions {\n  /** Token store to use (defaults to memory store) */\n  tokenStore?: TokenStore;\n\n  /** Base URL for redirects (defaults to APP_URL or localhost) */\n  baseUrl?: string;\n\n  /** Success redirect path */\n  successRedirect?: string;\n\n  /** Error redirect path */\n  errorRedirect?: string;\n\n  /** Custom success callback */\n  onSuccess?: (serviceId: string, tokens: unknown) => void | Promise<void>;\n\n  /** Custom error callback */\n  onError?: (serviceId: string, error: string) => void | Promise<void>;\n}\n\n/**\n * Create an OAuth callback route handler\n *\n * @example\n * ```typescript\n * // app/api/auth/gmail/callback/route.ts\n * import { createOAuthCallbackHandler } from \"veryfront/oauth\";\n * import { gmailConfig } from \"veryfront/oauth/providers\";\n *\n * export const GET = createOAuthCallbackHandler(gmailConfig);\n * ```\n */\nexport function createOAuthCallbackHandler(\n  config: OAuthServiceConfig,\n  options: OAuthCallbackHandlerOptions = {},\n): (request: Request) => Promise<Response> {\n  const {\n    tokenStore = memoryTokenStore,\n    baseUrl,\n    successRedirect = \"/\",\n    errorRedirect = \"/\",\n    onSuccess,\n    onError,\n  } = options;\n\n  return async (request: Request): Promise<Response> => {\n    const url = new URL(request.url);\n    const code = url.searchParams.get(\"code\");\n    const state = url.searchParams.get(\"state\");\n    const error = url.searchParams.get(\"error\");\n    const errorDescription = url.searchParams.get(\"error_description\");\n\n    const appUrl = baseUrl ||\n      getEnv(\"APP_URL\") ||\n      getEnv(\"NEXT_PUBLIC_APP_URL\") ||\n      \"http://localhost:3000\";\n\n    // Handle OAuth errors\n    if (error) {\n      console.error(`OAuth error for ${config.serviceId}:`, error, errorDescription);\n      if (onError) {\n        await onError(config.serviceId, error);\n      }\n      const errorUrl = new URL(errorRedirect, appUrl);\n      errorUrl.searchParams.set(\"error\", error);\n      if (errorDescription) {\n        errorUrl.searchParams.set(\"error_description\", errorDescription);\n      }\n      return Response.redirect(errorUrl.toString());\n    }\n\n    // Validate code\n    if (!code) {\n      if (onError) {\n        await onError(config.serviceId, \"no_code\");\n      }\n      const errorUrl = new URL(errorRedirect, appUrl);\n      errorUrl.searchParams.set(\"error\", \"no_code\");\n      return Response.redirect(errorUrl.toString());\n    }\n\n    // Validate and retrieve state\n    let oauthState = null;\n    if (state) {\n      oauthState = await tokenStore.getState(state);\n      if (!oauthState) {\n        console.warn(`Invalid or expired state for ${config.serviceId}`);\n        // Continue anyway - some providers don't properly return state\n      }\n    }\n\n    const service = new OAuthService(config, tokenStore);\n    const redirectUri = `${appUrl}/api/auth/${config.serviceId}/callback`;\n\n    try {\n      const result = await service.exchangeCode({\n        code,\n        redirectUri,\n        codeVerifier: oauthState?.codeVerifier,\n      });\n\n      if (!result.success || !result.tokens) {\n        console.error(`Token exchange failed for ${config.serviceId}:`, result.error);\n        if (onError) {\n          await onError(config.serviceId, result.error || \"exchange_failed\");\n        }\n        const errorUrl = new URL(errorRedirect, appUrl);\n        errorUrl.searchParams.set(\"error\", result.error || \"token_exchange_failed\");\n        return Response.redirect(errorUrl.toString());\n      }\n\n      // Store tokens\n      await tokenStore.setTokens(config.serviceId, result.tokens);\n\n      // Clear state\n      if (state) {\n        await tokenStore.clearState(state);\n      }\n\n      // Call success callback\n      if (onSuccess) {\n        await onSuccess(config.serviceId, result.tokens);\n      }\n\n      // Redirect to success URL\n      const successUrl = new URL(successRedirect, appUrl);\n      successUrl.searchParams.set(\"connected\", config.serviceId);\n      return Response.redirect(successUrl.toString());\n    } catch (err) {\n      console.error(`OAuth callback error for ${config.serviceId}:`, err);\n      if (onError) {\n        await onError(config.serviceId, \"callback_error\");\n      }\n      const errorUrl = new URL(errorRedirect, appUrl);\n      errorUrl.searchParams.set(\"error\", \"callback_error\");\n      return Response.redirect(errorUrl.toString());\n    }\n  };\n}\n", "/**\n * OAuth Init Handler\n *\n * Reusable handler for initiating OAuth flows.\n */\n\nimport { OAuthService } from \"../providers/base.ts\";\nimport type { AuthorizationUrlOptions, OAuthServiceConfig, TokenStore } from \"../types.ts\";\nimport { memoryTokenStore } from \"../token-store/memory.ts\";\nimport { getEnv } from \"../../../platform/compat/process.ts\";\n\nexport interface OAuthInitHandlerOptions {\n  /** Token store to use (defaults to memory store) */\n  tokenStore?: TokenStore;\n\n  /** Base URL for callbacks (defaults to APP_URL or localhost) */\n  baseUrl?: string;\n\n  /** Additional authorization options */\n  authOptions?: AuthorizationUrlOptions;\n}\n\n/**\n * Create an OAuth init route handler\n *\n * @example\n * ```typescript\n * // app/api/auth/gmail/route.ts\n * import { createOAuthInitHandler } from \"veryfront/oauth\";\n * import { gmailConfig } from \"veryfront/oauth/providers\";\n *\n * export const GET = createOAuthInitHandler(gmailConfig);\n * ```\n */\nexport function createOAuthInitHandler(\n  config: OAuthServiceConfig,\n  options: OAuthInitHandlerOptions = {},\n): () => Promise<Response> {\n  const { tokenStore = memoryTokenStore, baseUrl, authOptions = {} } = options;\n\n  return async (): Promise<Response> => {\n    const service = new OAuthService(config, tokenStore);\n\n    if (!service.isConfigured()) {\n      return Response.json(\n        {\n          error: `${config.displayName} OAuth not configured`,\n          details: `Missing ${config.clientIdEnvVar} or ${config.clientSecretEnvVar}`,\n        },\n        { status: 500 },\n      );\n    }\n\n    const appUrl = baseUrl ||\n      getEnv(\"APP_URL\") ||\n      getEnv(\"NEXT_PUBLIC_APP_URL\") ||\n      \"http://localhost:3000\";\n\n    const redirectUri = `${appUrl}/api/auth/${config.serviceId}/callback`;\n\n    try {\n      const { url, state } = await service.createAuthorizationUrl({\n        ...authOptions,\n        redirectUri,\n      });\n\n      // Store state for CSRF protection\n      await tokenStore.setState(state);\n\n      return Response.redirect(url);\n    } catch (error) {\n      console.error(`OAuth init error for ${config.serviceId}:`, error);\n      return Response.json(\n        {\n          error: \"Failed to initiate OAuth flow\",\n          details: error instanceof Error ? error.message : \"Unknown error\",\n        },\n        { status: 500 },\n      );\n    }\n  };\n}\n\n/**\n * Create an OAuth status check handler\n *\n * @example\n * ```typescript\n * // app/api/auth/gmail/status/route.ts\n * import { createOAuthStatusHandler } from \"veryfront/oauth\";\n * import { gmailConfig } from \"veryfront/oauth/providers\";\n *\n * export const GET = createOAuthStatusHandler(gmailConfig);\n * ```\n */\nexport function createOAuthStatusHandler(\n  config: OAuthServiceConfig,\n  options: { tokenStore?: TokenStore } = {},\n): () => Promise<Response> {\n  const { tokenStore = memoryTokenStore } = options;\n\n  return async (): Promise<Response> => {\n    const tokens = await tokenStore.getTokens(config.serviceId);\n\n    const isConnected = !!tokens?.accessToken;\n    const isExpired = tokens?.expiresAt ? Date.now() > tokens.expiresAt : false;\n    const hasRefreshToken = !!tokens?.refreshToken;\n\n    return Response.json({\n      service: config.serviceId,\n      displayName: config.displayName,\n      connected: isConnected && (!isExpired || hasRefreshToken),\n      configured: !!(getEnv(config.clientIdEnvVar) && getEnv(config.clientSecretEnvVar)),\n      expiresAt: tokens?.expiresAt,\n      hasRefreshToken,\n    });\n  };\n}\n\n/**\n * Create an OAuth disconnect handler\n *\n * @example\n * ```typescript\n * // app/api/auth/gmail/route.ts\n * import { createOAuthDisconnectHandler } from \"veryfront/oauth\";\n * import { gmailConfig } from \"veryfront/oauth/providers\";\n *\n * export const DELETE = createOAuthDisconnectHandler(gmailConfig);\n * ```\n */\nexport function createOAuthDisconnectHandler(\n  config: OAuthServiceConfig,\n  options: { tokenStore?: TokenStore } = {},\n): () => Promise<Response> {\n  const { tokenStore = memoryTokenStore } = options;\n\n  return async (): Promise<Response> => {\n    await tokenStore.clearTokens(config.serviceId);\n\n    return Response.json({\n      success: true,\n      message: `Disconnected from ${config.displayName}`,\n    });\n  };\n}\n"],
+  "mappings": ";AAAO,IAAM,SAAS,OAAO,SAAS;AAC/B,IAAM,SACX,OAAQ,WAA8D,YAAY,eACjF,WAA8D,SAAS,UAAU,SAChF;AACG,IAAM,QAAQ,OAAQ,WAAiC,QAAQ;AAC/D,IAAM,eAAe,OAAO,eAAe,eAAe,YAAY,cAC3E,mBAAmB;;;ACLrB,IAAM,cAAe,WAA2D;AAChF,IAAM,iBAAiB,CAAC,CAAC,aAAa,UAAU;AAsDzC,SAAS,OAAO,KAAiC;AACtD,MAAI,QAAS;AACX,WAAO,YAAa,GAAG;AAAA,EACzB;AACA,MAAI,gBAAgB;AAClB,WAAO,YAAa,IAAI,GAAG;AAAA,EAC7B;AACA,SAAO;AACT;;;AC5CA,SAAS,qBAAqB,QAAwB;AACpD,QAAM,QAAQ,IAAI,WAAW,MAAM;AACnC,SAAO,gBAAgB,KAAK;AAC5B,SAAO,MAAM,KAAK,OAAO,CAAC,SAAS,KAAK,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE,EAAE,MAAM,GAAG,MAAM;AACjG;AAKA,SAAS,uBAA+B;AACtC,SAAO,qBAAqB,EAAE;AAChC;AAKA,eAAe,sBAAsB,UAAmC;AACtE,QAAM,UAAU,IAAI,YAAY;AAChC,QAAM,OAAO,QAAQ,OAAO,QAAQ;AACpC,QAAM,OAAO,MAAM,OAAO,OAAO,OAAO,WAAW,IAAI;AACvD,SAAO,KAAK,OAAO,aAAa,GAAG,IAAI,WAAW,IAAI,CAAC,CAAC,EACrD,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,EAAE;AACtB;AAKO,IAAM,gBAAN,MAAoB;AAAA,EAGzB,YAAY,QAA6B;AACvC,SAAK,SAAS;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAKA,cAA6B;AAC3B,WAAO,OAAO,KAAK,OAAO,cAAc,KAAK;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA,EAKA,kBAAiC;AAC/B,WAAO,OAAO,KAAK,OAAO,kBAAkB,KAAK;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA,EAKA,eAAwB;AACtB,WAAO,CAAC,EAAE,KAAK,YAAY,KAAK,KAAK,gBAAgB;AAAA,EACvD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,uBACJ,UAAkE,CAAC,GACtB;AAC7C,UAAM,WAAW,KAAK,YAAY;AAClC,QAAI,CAAC,UAAU;AACb,YAAM,IAAI,MAAM,GAAG,KAAK,OAAO,cAAc,iBAAiB;AAAA,IAChE;AAEA,UAAM,QAAQ,QAAQ,SAAS,qBAAqB,EAAE;AACtD,UAAM,SAAS,QAAQ,UAAU,QAAQ,iBAAiB,CAAC;AAC3D,UAAM,cAAc,QAAQ,eAAe;AAC3C,UAAM,UAAU,QAAQ,YAAY;AAEpC,QAAI;AACJ,QAAI;AAEJ,QAAI,SAAS;AACX,qBAAe,qBAAqB;AACpC,sBAAgB,MAAM,sBAAsB,YAAY;AAAA,IAC1D;AAEA,UAAM,SAAS,IAAI,gBAAgB;AAAA,MACjC,WAAW;AAAA,MACX,cAAc;AAAA,MACd,eAAe;AAAA,MACf;AAAA,MACA,GAAI,OAAO,SAAS,KAAK,EAAE,OAAO,OAAO,KAAK,GAAG,EAAE;AAAA,MACnD,GAAI,iBAAiB;AAAA,QACnB,gBAAgB;AAAA,QAChB,uBAAuB;AAAA,MACzB;AAAA,MACA,GAAG,KAAK,OAAO;AAAA,MACf,GAAG,QAAQ;AAAA,IACb,CAAC;AAED,UAAM,aAAyB;AAAA,MAC7B;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,WAAW,KAAK,IAAI;AAAA,IACtB;AAEA,WAAO;AAAA,MACL,KAAK,GAAG,KAAK,OAAO,gBAAgB,IAAI,OAAO,SAAS,CAAC;AAAA,MACzD,OAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa,SAA6D;AAC9E,UAAM,WAAW,KAAK,YAAY;AAClC,UAAM,eAAe,KAAK,gBAAgB;AAE1C,QAAI,CAAC,YAAY,CAAC,cAAc;AAC9B,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,kBACE,WAAW,KAAK,OAAO,cAAc,OAAO,KAAK,OAAO,kBAAkB;AAAA,MAC9E;AAAA,IACF;AAEA,UAAM,OAAO,IAAI,gBAAgB;AAAA,MAC/B,YAAY;AAAA,MACZ,MAAM,QAAQ;AAAA,MACd,cAAc,QAAQ;AAAA,MACtB,GAAI,QAAQ,gBAAgB,EAAE,eAAe,QAAQ,aAAa;AAAA,MAClE,GAAI,CAAC,KAAK,OAAO,gBAAgB;AAAA,QAC/B,WAAW;AAAA,QACX,eAAe;AAAA,MACjB;AAAA,MACA,GAAG,KAAK,OAAO;AAAA,IACjB,CAAC;AAED,UAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,MAChB,QAAQ;AAAA,IACV;AAEA,QAAI,KAAK,OAAO,cAAc;AAC5B,YAAM,cAAc,KAAK,GAAG,QAAQ,IAAI,YAAY,EAAE;AACtD,cAAQ,gBAAgB,SAAS,WAAW;AAAA,IAC9C;AAEA,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,KAAK,OAAO,UAAU;AAAA,QACjD,QAAQ;AAAA,QACR;AAAA,QACA,MAAM,KAAK,SAAS;AAAA,MACtB,CAAC;AAED,YAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,UAAI,CAAC,SAAS,IAAI;AAChB,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,KAAK,SAAS;AAAA,UACrB,kBAAkB,KAAK,qBAAqB,UAAU,SAAS,MAAM;AAAA,QACvE;AAAA,MACF;AAEA,YAAM,UAAU,KAAK,OAAO,wBAAwB,CAAC;AACrD,YAAM,SAAsB;AAAA,QAC1B,aAAa,KAAK,QAAQ,eAAe,cAAc;AAAA,QACvD,cAAc,KAAK,QAAQ,gBAAgB,eAAe;AAAA,QAC1D,WAAW,KAAK,QAAQ,aAAa,YAAY;AAAA,QACjD,OAAO,KAAK,QAAQ,SAAS,OAAO;AAAA,QACpC,SAAS,KAAK;AAAA,MAChB;AAEA,YAAM,YAAY,KAAK,QAAQ,aAAa,YAAY;AACxD,UAAI,WAAW;AACb,eAAO,YAAY,KAAK,IAAI,IAAI,YAAY;AAAA,MAC9C;AAEA,aAAO,EAAE,SAAS,MAAM,OAAO;AAAA,IACjC,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,kBAAkB,iBAAiB,QAAQ,MAAM,UAAU;AAAA,MAC7D;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,cAAc,cAAoD;AACtE,UAAM,WAAW,KAAK,YAAY;AAClC,UAAM,eAAe,KAAK,gBAAgB;AAE1C,QAAI,CAAC,YAAY,CAAC,cAAc;AAC9B,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,MACT;AAAA,IACF;AAEA,UAAM,OAAO,IAAI,gBAAgB;AAAA,MAC/B,YAAY;AAAA,MACZ,eAAe;AAAA,MACf,GAAI,CAAC,KAAK,OAAO,gBAAgB;AAAA,QAC/B,WAAW;AAAA,QACX,eAAe;AAAA,MACjB;AAAA,IACF,CAAC;AAED,UAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,MAChB,QAAQ;AAAA,IACV;AAEA,QAAI,KAAK,OAAO,cAAc;AAC5B,YAAM,cAAc,KAAK,GAAG,QAAQ,IAAI,YAAY,EAAE;AACtD,cAAQ,gBAAgB,SAAS,WAAW;AAAA,IAC9C;AAEA,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,KAAK,OAAO,UAAU;AAAA,QACjD,QAAQ;AAAA,QACR;AAAA,QACA,MAAM,KAAK,SAAS;AAAA,MACtB,CAAC;AAED,YAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,UAAI,CAAC,SAAS,IAAI;AAChB,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,KAAK,SAAS;AAAA,UACrB,kBAAkB,KAAK;AAAA,QACzB;AAAA,MACF;AAEA,YAAM,UAAU,KAAK,OAAO,wBAAwB,CAAC;AACrD,YAAM,SAAsB;AAAA,QAC1B,aAAa,KAAK,QAAQ,eAAe,cAAc;AAAA,QACvD,cAAc,KAAK,QAAQ,gBAAgB,eAAe,KAAK;AAAA,QAC/D,WAAW,KAAK,QAAQ,aAAa,YAAY;AAAA,QACjD,OAAO,KAAK,QAAQ,SAAS,OAAO;AAAA,MACtC;AAEA,YAAM,YAAY,KAAK,QAAQ,aAAa,YAAY;AACxD,UAAI,WAAW;AACb,eAAO,YAAY,KAAK,IAAI,IAAI,YAAY;AAAA,MAC9C;AAEA,aAAO,EAAE,SAAS,MAAM,OAAO;AAAA,IACjC,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,kBAAkB,iBAAiB,QAAQ,MAAM,UAAU;AAAA,MAC7D;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAY,OAAiC;AACjD,QAAI,CAAC,KAAK,OAAO,eAAe;AAC9B,aAAO;AAAA,IACT;AAEA,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,KAAK,OAAO,eAAe;AAAA,QACtD,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,QACA,MAAM,IAAI,gBAAgB,EAAE,MAAM,CAAC,EAAE,SAAS;AAAA,MAChD,CAAC;AAED,aAAO,SAAS;AAAA,IAClB,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAKO,IAAM,eAAN,cAA2B,cAAc;AAAA,EAI9C,YAAY,QAA4B,YAAyB;AAC/D,UAAM,MAAM;AACZ,SAAK,gBAAgB;AACrB,SAAK,aAAa;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,YAAoB;AACtB,WAAO,KAAK,cAAc;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,aAAqB;AACvB,WAAO,KAAK,cAAc;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA,EAKS,uBACP,UAAmC,CAAC,GACS;AAC7C,WAAO,MAAM,uBAAuB;AAAA,MAClC,GAAG;AAAA,MACH,eAAe,KAAK,cAAc;AAAA,IACpC,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBAAyC;AAC7C,QAAI,CAAC,KAAK,YAAY;AACpB,aAAO;AAAA,IACT;AAEA,UAAM,SAAS,MAAM,KAAK,WAAW,UAAU,KAAK,SAAS;AAC7D,QAAI,CAAC,QAAQ;AACX,aAAO;AAAA,IACT;AAGA,QAAI,OAAO,aAAa,KAAK,IAAI,IAAI,OAAO,YAAY,KAAQ;AAC9D,UAAI,OAAO,cAAc;AACvB,cAAM,SAAS,MAAM,KAAK,cAAc,OAAO,YAAY;AAC3D,YAAI,OAAO,WAAW,OAAO,QAAQ;AACnC,gBAAM,KAAK,WAAW,UAAU,KAAK,WAAW,OAAO,MAAM;AAC7D,iBAAO,OAAO,OAAO;AAAA,QACvB;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAEA,WAAO,OAAO;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,MACJ,UACA,UAAuB,CAAC,GACZ;AACZ,UAAM,QAAQ,MAAM,KAAK,eAAe;AACxC,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,MAAM,0BAA0B,KAAK,cAAc,WAAW,EAAE;AAAA,IAC5E;AAEA,UAAM,MAAM,SAAS,WAAW,MAAM,IAAI,WAAW,GAAG,KAAK,UAAU,GAAG,QAAQ;AAElF,UAAM,WAAW,MAAM,MAAM,KAAK;AAAA,MAChC,GAAG;AAAA,MACH,SAAS;AAAA,QACP,eAAe,UAAU,KAAK;AAAA,QAC9B,gBAAgB;AAAA,QAChB,GAAG,QAAQ;AAAA,MACb;AAAA,IACF,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,QAAQ,MAAM,SAAS,KAAK;AAClC,YAAM,IAAI,MAAM,GAAG,KAAK,cAAc,WAAW,eAAe,SAAS,MAAM,IAAI,KAAK,EAAE;AAAA,IAC5F;AAEA,WAAO,SAAS,KAAK;AAAA,EACvB;AACF;;;ACvYO,IAAM,mBAAN,MAA6C;AAAA,EAA7C;AACL,SAAQ,SAAmC,oBAAI,IAAI;AACnD,SAAQ,SAAkC,oBAAI,IAAI;AAGlD;AAAA,SAAQ,oBAAoB,KAAK,KAAK;AAAA;AAAA,EAEtC,UAAU,WAAgD;AACxD,WAAO,QAAQ,QAAQ,KAAK,OAAO,IAAI,SAAS,KAAK,IAAI;AAAA,EAC3D;AAAA,EAEA,UAAU,WAAmB,QAAoC;AAC/D,SAAK,OAAO,IAAI,WAAW,MAAM;AACjC,WAAO,QAAQ,QAAQ;AAAA,EACzB;AAAA,EAEA,YAAY,WAAkC;AAC5C,SAAK,OAAO,OAAO,SAAS;AAC5B,WAAO,QAAQ,QAAQ;AAAA,EACzB;AAAA,EAEA,SAAS,OAA2C;AAClD,UAAM,aAAa,KAAK,OAAO,IAAI,KAAK;AACxC,QAAI,CAAC,YAAY;AACf,aAAO,QAAQ,QAAQ,IAAI;AAAA,IAC7B;AAGA,QAAI,KAAK,IAAI,IAAI,WAAW,YAAY,KAAK,mBAAmB;AAC9D,WAAK,OAAO,OAAO,KAAK;AACxB,aAAO,QAAQ,QAAQ,IAAI;AAAA,IAC7B;AAEA,WAAO,QAAQ,QAAQ,UAAU;AAAA,EACnC;AAAA,EAEA,SAAS,YAAuC;AAC9C,SAAK,OAAO,IAAI,WAAW,OAAO,UAAU;AAC5C,SAAK,qBAAqB;AAC1B,WAAO,QAAQ,QAAQ;AAAA,EACzB;AAAA,EAEA,WAAW,OAA8B;AACvC,SAAK,OAAO,OAAO,KAAK;AACxB,WAAO,QAAQ,QAAQ;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA,EAKQ,uBAA6B;AACnC,UAAM,MAAM,KAAK,IAAI;AACrB,eAAW,CAAC,OAAO,UAAU,KAAK,KAAK,QAAQ;AAC7C,UAAI,MAAM,WAAW,YAAY,KAAK,mBAAmB;AACvD,aAAK,OAAO,OAAO,KAAK;AAAA,MAC1B;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,uBAAiC;AAC/B,WAAO,MAAM,KAAK,KAAK,OAAO,KAAK,CAAC;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA,EAKA,YAAY,WAA4B;AACtC,UAAM,SAAS,KAAK,OAAO,IAAI,SAAS;AACxC,QAAI,CAAC;AAAQ,aAAO;AAGpB,QAAI,OAAO,aAAa,KAAK,IAAI,IAAI,OAAO,WAAW;AAErD,aAAO,CAAC,CAAC,OAAO;AAAA,IAClB;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,WAAiB;AACf,SAAK,OAAO,MAAM;AAClB,SAAK,OAAO,MAAM;AAAA,EACpB;AACF;AAKO,IAAM,mBAAmB,IAAI,iBAAiB;;;AC/D9C,SAAS,2BACd,QACA,UAAuC,CAAC,GACC;AACzC,QAAM;AAAA,IACJ,aAAa;AAAA,IACb;AAAA,IACA,kBAAkB;AAAA,IAClB,gBAAgB;AAAA,IAChB;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,SAAO,OAAO,YAAwC;AACpD,UAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAC/B,UAAM,OAAO,IAAI,aAAa,IAAI,MAAM;AACxC,UAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,UAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,UAAM,mBAAmB,IAAI,aAAa,IAAI,mBAAmB;AAEjE,UAAM,SAAS,WACb,OAAO,SAAS,KAChB,OAAO,qBAAqB,KAC5B;AAGF,QAAI,OAAO;AACT,cAAQ,MAAM,mBAAmB,OAAO,SAAS,KAAK,OAAO,gBAAgB;AAC7E,UAAI,SAAS;AACX,cAAM,QAAQ,OAAO,WAAW,KAAK;AAAA,MACvC;AACA,YAAM,WAAW,IAAI,IAAI,eAAe,MAAM;AAC9C,eAAS,aAAa,IAAI,SAAS,KAAK;AACxC,UAAI,kBAAkB;AACpB,iBAAS,aAAa,IAAI,qBAAqB,gBAAgB;AAAA,MACjE;AACA,aAAO,SAAS,SAAS,SAAS,SAAS,CAAC;AAAA,IAC9C;AAGA,QAAI,CAAC,MAAM;AACT,UAAI,SAAS;AACX,cAAM,QAAQ,OAAO,WAAW,SAAS;AAAA,MAC3C;AACA,YAAM,WAAW,IAAI,IAAI,eAAe,MAAM;AAC9C,eAAS,aAAa,IAAI,SAAS,SAAS;AAC5C,aAAO,SAAS,SAAS,SAAS,SAAS,CAAC;AAAA,IAC9C;AAGA,QAAI,aAAa;AACjB,QAAI,OAAO;AACT,mBAAa,MAAM,WAAW,SAAS,KAAK;AAC5C,UAAI,CAAC,YAAY;AACf,gBAAQ,KAAK,gCAAgC,OAAO,SAAS,EAAE;AAAA,MAEjE;AAAA,IACF;AAEA,UAAM,UAAU,IAAI,aAAa,QAAQ,UAAU;AACnD,UAAM,cAAc,GAAG,MAAM,aAAa,OAAO,SAAS;AAE1D,QAAI;AACF,YAAM,SAAS,MAAM,QAAQ,aAAa;AAAA,QACxC;AAAA,QACA;AAAA,QACA,cAAc,YAAY;AAAA,MAC5B,CAAC;AAED,UAAI,CAAC,OAAO,WAAW,CAAC,OAAO,QAAQ;AACrC,gBAAQ,MAAM,6BAA6B,OAAO,SAAS,KAAK,OAAO,KAAK;AAC5E,YAAI,SAAS;AACX,gBAAM,QAAQ,OAAO,WAAW,OAAO,SAAS,iBAAiB;AAAA,QACnE;AACA,cAAM,WAAW,IAAI,IAAI,eAAe,MAAM;AAC9C,iBAAS,aAAa,IAAI,SAAS,OAAO,SAAS,uBAAuB;AAC1E,eAAO,SAAS,SAAS,SAAS,SAAS,CAAC;AAAA,MAC9C;AAGA,YAAM,WAAW,UAAU,OAAO,WAAW,OAAO,MAAM;AAG1D,UAAI,OAAO;AACT,cAAM,WAAW,WAAW,KAAK;AAAA,MACnC;AAGA,UAAI,WAAW;AACb,cAAM,UAAU,OAAO,WAAW,OAAO,MAAM;AAAA,MACjD;AAGA,YAAM,aAAa,IAAI,IAAI,iBAAiB,MAAM;AAClD,iBAAW,aAAa,IAAI,aAAa,OAAO,SAAS;AACzD,aAAO,SAAS,SAAS,WAAW,SAAS,CAAC;AAAA,IAChD,SAAS,KAAK;AACZ,cAAQ,MAAM,4BAA4B,OAAO,SAAS,KAAK,GAAG;AAClE,UAAI,SAAS;AACX,cAAM,QAAQ,OAAO,WAAW,gBAAgB;AAAA,MAClD;AACA,YAAM,WAAW,IAAI,IAAI,eAAe,MAAM;AAC9C,eAAS,aAAa,IAAI,SAAS,gBAAgB;AACnD,aAAO,SAAS,SAAS,SAAS,SAAS,CAAC;AAAA,IAC9C;AAAA,EACF;AACF;;;ACnHO,SAAS,uBACd,QACA,UAAmC,CAAC,GACX;AACzB,QAAM,EAAE,aAAa,kBAAkB,SAAS,cAAc,CAAC,EAAE,IAAI;AAErE,SAAO,YAA+B;AACpC,UAAM,UAAU,IAAI,aAAa,QAAQ,UAAU;AAEnD,QAAI,CAAC,QAAQ,aAAa,GAAG;AAC3B,aAAO,SAAS;AAAA,QACd;AAAA,UACE,OAAO,GAAG,OAAO,WAAW;AAAA,UAC5B,SAAS,WAAW,OAAO,cAAc,OAAO,OAAO,kBAAkB;AAAA,QAC3E;AAAA,QACA,EAAE,QAAQ,IAAI;AAAA,MAChB;AAAA,IACF;AAEA,UAAM,SAAS,WACb,OAAO,SAAS,KAChB,OAAO,qBAAqB,KAC5B;AAEF,UAAM,cAAc,GAAG,MAAM,aAAa,OAAO,SAAS;AAE1D,QAAI;AACF,YAAM,EAAE,KAAK,MAAM,IAAI,MAAM,QAAQ,uBAAuB;AAAA,QAC1D,GAAG;AAAA,QACH;AAAA,MACF,CAAC;AAGD,YAAM,WAAW,SAAS,KAAK;AAE/B,aAAO,SAAS,SAAS,GAAG;AAAA,IAC9B,SAAS,OAAO;AACd,cAAQ,MAAM,wBAAwB,OAAO,SAAS,KAAK,KAAK;AAChE,aAAO,SAAS;AAAA,QACd;AAAA,UACE,OAAO;AAAA,UACP,SAAS,iBAAiB,QAAQ,MAAM,UAAU;AAAA,QACpD;AAAA,QACA,EAAE,QAAQ,IAAI;AAAA,MAChB;AAAA,IACF;AAAA,EACF;AACF;AAcO,SAAS,yBACd,QACA,UAAuC,CAAC,GACf;AACzB,QAAM,EAAE,aAAa,iBAAiB,IAAI;AAE1C,SAAO,YAA+B;AACpC,UAAM,SAAS,MAAM,WAAW,UAAU,OAAO,SAAS;AAE1D,UAAM,cAAc,CAAC,CAAC,QAAQ;AAC9B,UAAM,YAAY,QAAQ,YAAY,KAAK,IAAI,IAAI,OAAO,YAAY;AACtE,UAAM,kBAAkB,CAAC,CAAC,QAAQ;AAElC,WAAO,SAAS,KAAK;AAAA,MACnB,SAAS,OAAO;AAAA,MAChB,aAAa,OAAO;AAAA,MACpB,WAAW,gBAAgB,CAAC,aAAa;AAAA,MACzC,YAAY,CAAC,EAAE,OAAO,OAAO,cAAc,KAAK,OAAO,OAAO,kBAAkB;AAAA,MAChF,WAAW,QAAQ;AAAA,MACnB;AAAA,IACF,CAAC;AAAA,EACH;AACF;AAcO,SAAS,6BACd,QACA,UAAuC,CAAC,GACf;AACzB,QAAM,EAAE,aAAa,iBAAiB,IAAI;AAE1C,SAAO,YAA+B;AACpC,UAAM,WAAW,YAAY,OAAO,SAAS;AAE7C,WAAO,SAAS,KAAK;AAAA,MACnB,SAAS;AAAA,MACT,SAAS,qBAAqB,OAAO,WAAW;AAAA,IAClD,CAAC;AAAA,EACH;AACF;",
+  "names": []
+}