{"version":3,"file":"index.mjs","names":["claimUrl: string | undefined","apiKeysUrl: string | undefined","keylessApp: AccountlessApplication | null","claimUrl: string | undefined","apiKeysUrl: string | undefined","keylessApp: AccountlessApplication | null"],"sources":["../../../src/keyless/devCache.ts","../../../src/keyless/nodeFileStorage.ts","../../../src/keyless/service.ts","../../../src/keyless/resolveKeysWithKeylessFallback.ts"],"sourcesContent":["import { isDevelopmentEnvironment } from '../utils/runtimeEnvironment';\nimport type { AccountlessApplication, PublicKeylessApplication } from './types';\n\n// 10 minutes in milliseconds\nconst THROTTLE_DURATION_MS = 10 * 60 * 1000;\n\nexport interface ClerkDevCache {\n  __cache: Map<string, { expiresAt: number; data?: unknown }>;\n  /**\n   * Log a message with throttling to prevent spam.\n   */\n  log: (params: { cacheKey: string; msg: string }) => void;\n  /**\n   * Run an async callback with caching.\n   */\n  run: <T>(\n    callback: () => Promise<T>,\n    options: {\n      cacheKey: string;\n      onSuccessStale?: number;\n      onErrorStale?: number;\n    },\n  ) => Promise<T | undefined>;\n}\n\ndeclare global {\n  var __clerk_internal_keyless_logger: ClerkDevCache | undefined;\n}\n\n/**\n * Creates a development-only cache for keyless mode logging and API calls.\n * This prevents console spam and duplicate API requests.\n *\n * @returns The cache instance or undefined in non-development environments\n */\nexport function createClerkDevCache(): ClerkDevCache | undefined {\n  if (!isDevelopmentEnvironment()) {\n    return undefined;\n  }\n\n  if (!globalThis.__clerk_internal_keyless_logger) {\n    globalThis.__clerk_internal_keyless_logger = {\n      __cache: new Map<string, { expiresAt: number; data?: unknown }>(),\n\n      log: function ({ cacheKey, msg }) {\n        if (this.__cache.has(cacheKey) && Date.now() < (this.__cache.get(cacheKey)?.expiresAt || 0)) {\n          return;\n        }\n\n        console.log(msg);\n\n        this.__cache.set(cacheKey, {\n          expiresAt: Date.now() + THROTTLE_DURATION_MS,\n        });\n      },\n\n      run: async function (\n        callback,\n        { cacheKey, onSuccessStale = THROTTLE_DURATION_MS, onErrorStale = THROTTLE_DURATION_MS },\n      ) {\n        if (this.__cache.has(cacheKey) && Date.now() < (this.__cache.get(cacheKey)?.expiresAt || 0)) {\n          return this.__cache.get(cacheKey)?.data as ReturnType<typeof callback>;\n        }\n\n        try {\n          const result = await callback();\n\n          this.__cache.set(cacheKey, {\n            expiresAt: Date.now() + onSuccessStale,\n            data: result,\n          });\n          return result;\n        } catch (e) {\n          this.__cache.set(cacheKey, {\n            expiresAt: Date.now() + onErrorStale,\n          });\n\n          throw e;\n        }\n      },\n    };\n  }\n\n  return globalThis.__clerk_internal_keyless_logger;\n}\n\n/**\n * Creates the console message shown when running in keyless mode.\n *\n * @param keys - The keyless application keys\n * @returns Formatted console message\n */\nexport function createKeylessModeMessage(keys: AccountlessApplication | PublicKeylessApplication): string {\n  return `\\n\\x1b[35m\\n[Clerk]:\\x1b[0m You are running in keyless mode.\\nYou can \\x1b[35mclaim your keys\\x1b[0m by visiting ${keys.claimUrl}\\n`;\n}\n\n/**\n * Creates the console message shown when keys have been claimed.\n *\n * @returns Formatted console message\n */\nexport function createConfirmationMessage(): string {\n  return `\\n\\x1b[35m\\n[Clerk]:\\x1b[0m Your application is running with your claimed keys.\\nYou can safely remove the \\x1b[35m.clerk/\\x1b[0m from your project.\\n`;\n}\n\n/**\n * Shared singleton instance of the development cache.\n */\nexport const clerkDevelopmentCache = createClerkDevCache();\n","import type { KeylessStorage } from './service';\n\nconst CLERK_HIDDEN = '.clerk';\nconst CLERK_LOCK = 'clerk.lock';\nconst TEMP_DIR_NAME = '.tmp';\nconst CONFIG_FILE = 'keyless.json';\nconst README_FILE = 'README.md';\n\nexport interface NodeFileStorageOptions {\n  /**\n   * Function that returns the current working directory.\n   * Defaults to process.cwd().\n   */\n  cwd?: () => string;\n\n  /**\n   * The framework name for the README message.\n   * @example '@clerk/nextjs'\n   */\n  frameworkPackageName?: string;\n}\n\nexport interface FileSystemAdapter {\n  existsSync: (path: string) => boolean;\n  readFileSync: (path: string, options: { encoding: BufferEncoding }) => string;\n  writeFileSync: (path: string, data: string, options: { encoding: BufferEncoding; mode?: number }) => void;\n  appendFileSync: (path: string, data: string) => void;\n  mkdirSync: (path: string, options: { recursive: boolean }) => void;\n  rmSync: (path: string, options: { force?: boolean; recursive?: boolean }) => void;\n}\n\nexport interface PathAdapter {\n  join: (...paths: string[]) => string;\n}\n\n/**\n * Creates a file-based storage adapter for keyless mode.\n * This is used by Node.js-based frameworks (Next.js, TanStack Start, etc.)\n * to persist keyless configuration to the file system.\n *\n * @param fs - Node.js fs module or compatible adapter\n * @param path - Node.js path module or compatible adapter\n * @param options - Configuration options\n * @returns A KeylessStorage implementation\n */\nexport function createNodeFileStorage(\n  fs: FileSystemAdapter,\n  path: PathAdapter,\n  options: NodeFileStorageOptions = {},\n): KeylessStorage {\n  const { cwd = () => process.cwd(), frameworkPackageName = '@clerk/shared' } = options;\n\n  let inMemoryLock = false;\n\n  const getClerkDir = () => path.join(cwd(), CLERK_HIDDEN);\n  const getTempDir = () => path.join(getClerkDir(), TEMP_DIR_NAME);\n  const getConfigPath = () => path.join(getTempDir(), CONFIG_FILE);\n  const getReadmePath = () => path.join(getTempDir(), README_FILE);\n  const getLockPath = () => path.join(cwd(), CLERK_LOCK);\n\n  const isLocked = (): boolean => inMemoryLock || fs.existsSync(getLockPath());\n\n  const lock = (): boolean => {\n    if (isLocked()) {\n      return false;\n    }\n    inMemoryLock = true;\n    try {\n      fs.writeFileSync(getLockPath(), 'This file can be deleted if your app is stuck.', {\n        encoding: 'utf8',\n        mode: 0o644,\n      });\n      return true;\n    } catch {\n      inMemoryLock = false;\n      return false;\n    }\n  };\n\n  const unlock = (): void => {\n    inMemoryLock = false;\n    try {\n      if (fs.existsSync(getLockPath())) {\n        fs.rmSync(getLockPath(), { force: true });\n      }\n    } catch {\n      // Ignore\n    }\n  };\n\n  const ensureDirectoryExists = () => {\n    const tempDir = getTempDir();\n    if (!fs.existsSync(tempDir)) {\n      fs.mkdirSync(tempDir, { recursive: true });\n    }\n  };\n\n  const updateGitignore = () => {\n    const gitignorePath = path.join(cwd(), '.gitignore');\n    const entry = `/${CLERK_HIDDEN}/`;\n\n    if (!fs.existsSync(gitignorePath)) {\n      fs.writeFileSync(gitignorePath, '', { encoding: 'utf8', mode: 0o644 });\n    }\n\n    const content = fs.readFileSync(gitignorePath, { encoding: 'utf-8' });\n    if (!content.includes(entry)) {\n      fs.appendFileSync(gitignorePath, `\\n# clerk configuration (can include secrets)\\n${entry}\\n`);\n    }\n  };\n\n  const writeReadme = () => {\n    const readme = `## DO NOT COMMIT\nThis directory is auto-generated from \\`${frameworkPackageName}\\` because you are running in Keyless mode.\nAvoid committing the \\`.clerk/\\` directory as it includes the secret key of the unclaimed instance.\n`;\n    fs.writeFileSync(getReadmePath(), readme, { encoding: 'utf8', mode: 0o600 });\n  };\n\n  return {\n    read(): string {\n      try {\n        if (!fs.existsSync(getConfigPath())) {\n          return '';\n        }\n        return fs.readFileSync(getConfigPath(), { encoding: 'utf-8' });\n      } catch {\n        return '';\n      }\n    },\n\n    write(data: string): void {\n      if (!lock()) {\n        return;\n      }\n      try {\n        ensureDirectoryExists();\n        updateGitignore();\n        writeReadme();\n        fs.writeFileSync(getConfigPath(), data, { encoding: 'utf8', mode: 0o600 });\n      } finally {\n        unlock();\n      }\n    },\n\n    remove(): void {\n      if (!lock()) {\n        return;\n      }\n      try {\n        if (fs.existsSync(getClerkDir())) {\n          fs.rmSync(getClerkDir(), { recursive: true, force: true });\n        }\n      } finally {\n        unlock();\n      }\n    },\n  };\n}\n","import { clerkDevelopmentCache, createConfirmationMessage, createKeylessModeMessage } from './devCache';\nimport type { AccountlessApplication } from './types';\n\n/**\n * Storage adapter interface for keyless mode.\n * Implementations can use file system, cookies, or other storage mechanisms.\n *\n * Implementations are responsible for their own concurrency handling\n * (e.g., file locking for file-based storage).\n */\nexport interface KeylessStorage {\n  /**\n   * Reads the stored keyless configuration.\n   *\n   * @returns The JSON string of the stored config, or empty string if not found.\n   */\n  read(): string;\n\n  /**\n   * Writes the keyless configuration to storage.\n   *\n   * @param data - The JSON string to store.\n   */\n  write(data: string): void;\n\n  /**\n   * Removes the keyless configuration from storage.\n   */\n  remove(): void;\n}\n\n/**\n * API adapter for keyless mode operations.\n * This abstraction allows the service to work without depending on @clerk/backend.\n */\nexport interface KeylessAPI {\n  /**\n   * Creates a new accountless application.\n   *\n   * @param requestHeaders - Optional headers to include with the request.\n   * @returns The created AccountlessApplication or null if failed.\n   */\n  createAccountlessApplication(requestHeaders?: Headers): Promise<AccountlessApplication | null>;\n\n  /**\n   * Notifies the backend that onboarding is complete (instance has been claimed).\n   *\n   * @param requestHeaders - Optional headers to include with the request.\n   * @returns The updated AccountlessApplication or null if failed.\n   */\n  completeOnboarding(requestHeaders?: Headers): Promise<AccountlessApplication | null>;\n}\n\n/**\n * Options for creating a keyless service.\n */\nexport interface KeylessServiceOptions {\n  /**\n   * Storage adapter for reading/writing keyless configuration.\n   */\n  storage: KeylessStorage;\n\n  /**\n   * API adapter for keyless operations (create application, complete onboarding).\n   */\n  api: KeylessAPI;\n\n  /**\n   * Optional: Framework name for metadata (e.g., 'Next.js', 'TanStack Start').\n   */\n  framework?: string;\n\n  /**\n   * Optional: Framework version for metadata.\n   */\n  frameworkVersion?: string;\n}\n\n/**\n * Result type for key resolution.\n */\nexport interface KeylessResult {\n  publishableKey: string | undefined;\n  secretKey: string | undefined;\n  claimUrl: string | undefined;\n  apiKeysUrl: string | undefined;\n}\n\n/**\n * The keyless service interface.\n */\nexport interface KeylessService {\n  /**\n   * Gets existing keyless keys or creates new ones via the API.\n   */\n  getOrCreateKeys: () => Promise<AccountlessApplication | null>;\n\n  /**\n   * Reads existing keyless keys without creating new ones.\n   */\n  readKeys: () => AccountlessApplication | undefined;\n\n  /**\n   * Removes the keyless configuration.\n   */\n  removeKeys: () => void;\n\n  /**\n   * Notifies the backend that the instance has been claimed/onboarded.\n   * This should be called once when the user claims their instance.\n   */\n  completeOnboarding: () => Promise<AccountlessApplication | null>;\n\n  /**\n   * Logs a keyless mode message to the console (throttled to once per process).\n   */\n  logKeylessMessage: (claimUrl: string) => void;\n\n  /**\n   * Resolves Clerk keys, falling back to keyless mode if configured keys are missing.\n   *\n   * @param configuredPublishableKey - The publishable key from options or environment\n   * @param configuredSecretKey - The secret key from options or environment\n   * @returns The resolved keys (either configured or from keyless mode)\n   */\n  resolveKeysWithKeylessFallback: (\n    configuredPublishableKey: string | undefined,\n    configuredSecretKey: string | undefined,\n  ) => Promise<KeylessResult>;\n}\n\n/**\n * Creates metadata headers for the keyless service.\n */\nfunction createMetadataHeaders(framework?: string, frameworkVersion?: string): Headers {\n  const headers = new Headers();\n\n  if (framework) {\n    headers.set('Clerk-Framework', framework);\n  }\n  if (frameworkVersion) {\n    headers.set('Clerk-Framework-Version', frameworkVersion);\n  }\n\n  return headers;\n}\n\n/**\n * Creates a keyless service that handles accountless application creation and storage.\n * This provides a simple API for frameworks to integrate keyless mode.\n *\n * @param options - Configuration for the service including storage and API adapters\n * @returns A keyless service instance\n *\n * @example\n * ```ts\n * import { createKeylessService } from '@clerk/shared/keyless';\n *\n * const keylessService = createKeylessService({\n *   storage: createFileStorage(),\n *   api: createKeylessAPI({ secretKey }),\n *   framework: 'TanStack Start',\n * });\n *\n * const keys = await keylessService.getOrCreateKeys(request);\n * if (keys) {\n *   console.log('Publishable Key:', keys.publishableKey);\n * }\n * ```\n */\nexport function createKeylessService(options: KeylessServiceOptions): KeylessService {\n  const { storage, api, framework, frameworkVersion } = options;\n\n  let hasLoggedKeylessMessage = false;\n\n  const safeParseConfig = (): AccountlessApplication | undefined => {\n    try {\n      const data = storage.read();\n      if (!data) {\n        return undefined;\n      }\n      return JSON.parse(data) as AccountlessApplication;\n    } catch {\n      return undefined;\n    }\n  };\n\n  return {\n    async getOrCreateKeys(): Promise<AccountlessApplication | null> {\n      // Check for existing config first\n      const existingConfig = safeParseConfig();\n      if (existingConfig?.publishableKey && existingConfig?.secretKey) {\n        return existingConfig;\n      }\n\n      // Create metadata headers\n      const headers = createMetadataHeaders(framework, frameworkVersion);\n\n      // Create new keys via the API\n      const accountlessApplication = await api.createAccountlessApplication(headers);\n\n      if (accountlessApplication) {\n        storage.write(JSON.stringify(accountlessApplication));\n      }\n\n      return accountlessApplication;\n    },\n\n    readKeys(): AccountlessApplication | undefined {\n      return safeParseConfig();\n    },\n\n    removeKeys(): void {\n      storage.remove();\n    },\n\n    async completeOnboarding(): Promise<AccountlessApplication | null> {\n      const headers = createMetadataHeaders(framework, frameworkVersion);\n      return api.completeOnboarding(headers);\n    },\n\n    logKeylessMessage(claimUrl: string): void {\n      if (!hasLoggedKeylessMessage) {\n        hasLoggedKeylessMessage = true;\n        console.log(`[Clerk]: Running in keyless mode. Claim your keys at: ${claimUrl}`);\n      }\n    },\n\n    async resolveKeysWithKeylessFallback(\n      configuredPublishableKey: string | undefined,\n      configuredSecretKey: string | undefined,\n    ): Promise<KeylessResult> {\n      let publishableKey = configuredPublishableKey;\n      let secretKey = configuredSecretKey;\n      let claimUrl: string | undefined;\n      let apiKeysUrl: string | undefined;\n\n      try {\n        const locallyStoredKeys = safeParseConfig();\n\n        // Check if running with claimed keys (configured keys match locally stored keyless keys)\n        const runningWithClaimedKeys =\n          Boolean(configuredPublishableKey) && configuredPublishableKey === locallyStoredKeys?.publishableKey;\n\n        if (runningWithClaimedKeys && locallyStoredKeys) {\n          // Complete onboarding when running with claimed keys\n          try {\n            await clerkDevelopmentCache?.run(() => this.completeOnboarding(), {\n              cacheKey: `${locallyStoredKeys.publishableKey}_complete`,\n              onSuccessStale: 24 * 60 * 60 * 1000, // 24 hours\n            });\n          } catch {\n            // noop\n          }\n\n          clerkDevelopmentCache?.log({\n            cacheKey: `${locallyStoredKeys.publishableKey}_claimed`,\n            msg: createConfirmationMessage(),\n          });\n\n          return { publishableKey, secretKey, claimUrl, apiKeysUrl };\n        }\n\n        // In keyless mode, try to read/create keys from the file system\n        if (!publishableKey && !secretKey) {\n          const keylessApp: AccountlessApplication | null = await this.getOrCreateKeys();\n\n          if (keylessApp) {\n            publishableKey = keylessApp.publishableKey;\n            secretKey = keylessApp.secretKey;\n            claimUrl = keylessApp.claimUrl;\n            apiKeysUrl = keylessApp.apiKeysUrl;\n\n            clerkDevelopmentCache?.log({\n              cacheKey: keylessApp.publishableKey,\n              msg: createKeylessModeMessage(keylessApp),\n            });\n          }\n        }\n      } catch {\n        // noop - fall through to return whatever keys we have\n      }\n\n      return { publishableKey, secretKey, claimUrl, apiKeysUrl };\n    },\n  };\n}\n","import { clerkDevelopmentCache, createConfirmationMessage, createKeylessModeMessage } from './devCache';\nimport type { KeylessService } from './service';\nimport type { AccountlessApplication } from './types';\n\nexport interface KeylessResult {\n  publishableKey: string | undefined;\n  secretKey: string | undefined;\n  claimUrl: string | undefined;\n  apiKeysUrl: string | undefined;\n}\n\n/**\n * Resolves Clerk keys, falling back to keyless mode in development if configured keys are missing.\n *\n * @param configuredPublishableKey - The publishable key from options or environment\n * @param configuredSecretKey - The secret key from options or environment\n * @param keylessService - The keyless service instance (or null if unavailable)\n * @param canUseKeyless - Whether keyless mode is enabled in the current environment\n * @returns The resolved keys (either configured or from keyless mode)\n */\nexport async function resolveKeysWithKeylessFallback(\n  configuredPublishableKey: string | undefined,\n  configuredSecretKey: string | undefined,\n  keylessService: KeylessService | null,\n  canUseKeyless: boolean,\n): Promise<KeylessResult> {\n  let publishableKey = configuredPublishableKey;\n  let secretKey = configuredSecretKey;\n  let claimUrl: string | undefined;\n  let apiKeysUrl: string | undefined;\n\n  if (!canUseKeyless) {\n    return { publishableKey, secretKey, claimUrl, apiKeysUrl };\n  }\n\n  if (!keylessService) {\n    return { publishableKey, secretKey, claimUrl, apiKeysUrl };\n  }\n\n  try {\n    const locallyStoredKeys = keylessService.readKeys();\n\n    // Check if running with claimed keys (configured keys match locally stored keyless keys)\n    const runningWithClaimedKeys =\n      Boolean(configuredPublishableKey) && configuredPublishableKey === locallyStoredKeys?.publishableKey;\n\n    if (runningWithClaimedKeys && locallyStoredKeys) {\n      // Complete onboarding when running with claimed keys\n      try {\n        await clerkDevelopmentCache?.run(() => keylessService.completeOnboarding(), {\n          cacheKey: `${locallyStoredKeys.publishableKey}_complete`,\n          onSuccessStale: 24 * 60 * 60 * 1000, // 24 hours\n        });\n      } catch {\n        // noop\n      }\n\n      clerkDevelopmentCache?.log({\n        cacheKey: `${locallyStoredKeys.publishableKey}_claimed`,\n        msg: createConfirmationMessage(),\n      });\n\n      return { publishableKey, secretKey, claimUrl, apiKeysUrl };\n    }\n\n    // In keyless mode, try to read/create keys from the file system\n    if (!publishableKey && !secretKey) {\n      const keylessApp: AccountlessApplication | null = await keylessService.getOrCreateKeys();\n\n      if (keylessApp) {\n        publishableKey = keylessApp.publishableKey;\n        secretKey = keylessApp.secretKey;\n        claimUrl = keylessApp.claimUrl;\n        apiKeysUrl = keylessApp.apiKeysUrl;\n\n        clerkDevelopmentCache?.log({\n          cacheKey: keylessApp.publishableKey,\n          msg: createKeylessModeMessage(keylessApp),\n        });\n      }\n    }\n  } catch {\n    // noop - fall through to return whatever keys we have\n  }\n\n  return { publishableKey, secretKey, claimUrl, apiKeysUrl };\n}\n"],"mappings":";;;AAIA,MAAM,uBAAuB,MAAU;;;;;;;AA+BvC,SAAgB,sBAAiD;AAC/D,KAAI,CAAC,0BAA0B,CAC7B;AAGF,KAAI,CAAC,WAAW,gCACd,YAAW,kCAAkC;EAC3C,yBAAS,IAAI,KAAoD;EAEjE,KAAK,SAAU,EAAE,UAAU,OAAO;AAChC,OAAI,KAAK,QAAQ,IAAI,SAAS,IAAI,KAAK,KAAK,IAAI,KAAK,QAAQ,IAAI,SAAS,EAAE,aAAa,GACvF;AAGF,WAAQ,IAAI,IAAI;AAEhB,QAAK,QAAQ,IAAI,UAAU,EACzB,WAAW,KAAK,KAAK,GAAG,sBACzB,CAAC;;EAGJ,KAAK,eACH,UACA,EAAE,UAAU,iBAAiB,sBAAsB,eAAe,wBAClE;AACA,OAAI,KAAK,QAAQ,IAAI,SAAS,IAAI,KAAK,KAAK,IAAI,KAAK,QAAQ,IAAI,SAAS,EAAE,aAAa,GACvF,QAAO,KAAK,QAAQ,IAAI,SAAS,EAAE;AAGrC,OAAI;IACF,MAAM,SAAS,MAAM,UAAU;AAE/B,SAAK,QAAQ,IAAI,UAAU;KACzB,WAAW,KAAK,KAAK,GAAG;KACxB,MAAM;KACP,CAAC;AACF,WAAO;YACA,GAAG;AACV,SAAK,QAAQ,IAAI,UAAU,EACzB,WAAW,KAAK,KAAK,GAAG,cACzB,CAAC;AAEF,UAAM;;;EAGX;AAGH,QAAO,WAAW;;;;;;;;AASpB,SAAgB,yBAAyB,MAAiE;AACxG,QAAO,oHAAoH,KAAK,SAAS;;;;;;;AAQ3I,SAAgB,4BAAoC;AAClD,QAAO;;;;;AAMT,MAAa,wBAAwB,qBAAqB;;;;AC1G1D,MAAM,eAAe;AACrB,MAAM,aAAa;AACnB,MAAM,gBAAgB;AACtB,MAAM,cAAc;AACpB,MAAM,cAAc;;;;;;;;;;;AAuCpB,SAAgB,sBACd,IACA,MACA,UAAkC,EAAE,EACpB;CAChB,MAAM,EAAE,YAAY,QAAQ,KAAK,EAAE,uBAAuB,oBAAoB;CAE9E,IAAI,eAAe;CAEnB,MAAM,oBAAoB,KAAK,KAAK,KAAK,EAAE,aAAa;CACxD,MAAM,mBAAmB,KAAK,KAAK,aAAa,EAAE,cAAc;CAChE,MAAM,sBAAsB,KAAK,KAAK,YAAY,EAAE,YAAY;CAChE,MAAM,sBAAsB,KAAK,KAAK,YAAY,EAAE,YAAY;CAChE,MAAM,oBAAoB,KAAK,KAAK,KAAK,EAAE,WAAW;CAEtD,MAAM,iBAA0B,gBAAgB,GAAG,WAAW,aAAa,CAAC;CAE5E,MAAM,aAAsB;AAC1B,MAAI,UAAU,CACZ,QAAO;AAET,iBAAe;AACf,MAAI;AACF,MAAG,cAAc,aAAa,EAAE,kDAAkD;IAChF,UAAU;IACV,MAAM;IACP,CAAC;AACF,UAAO;UACD;AACN,kBAAe;AACf,UAAO;;;CAIX,MAAM,eAAqB;AACzB,iBAAe;AACf,MAAI;AACF,OAAI,GAAG,WAAW,aAAa,CAAC,CAC9B,IAAG,OAAO,aAAa,EAAE,EAAE,OAAO,MAAM,CAAC;UAErC;;CAKV,MAAM,8BAA8B;EAClC,MAAM,UAAU,YAAY;AAC5B,MAAI,CAAC,GAAG,WAAW,QAAQ,CACzB,IAAG,UAAU,SAAS,EAAE,WAAW,MAAM,CAAC;;CAI9C,MAAM,wBAAwB;EAC5B,MAAM,gBAAgB,KAAK,KAAK,KAAK,EAAE,aAAa;EACpD,MAAM,QAAQ,IAAI,aAAa;AAE/B,MAAI,CAAC,GAAG,WAAW,cAAc,CAC/B,IAAG,cAAc,eAAe,IAAI;GAAE,UAAU;GAAQ,MAAM;GAAO,CAAC;AAIxE,MAAI,CADY,GAAG,aAAa,eAAe,EAAE,UAAU,SAAS,CAAC,CACxD,SAAS,MAAM,CAC1B,IAAG,eAAe,eAAe,kDAAkD,MAAM,IAAI;;CAIjG,MAAM,oBAAoB;EACxB,MAAM,SAAS;0CACuB,qBAAqB;;;AAG3D,KAAG,cAAc,eAAe,EAAE,QAAQ;GAAE,UAAU;GAAQ,MAAM;GAAO,CAAC;;AAG9E,QAAO;EACL,OAAe;AACb,OAAI;AACF,QAAI,CAAC,GAAG,WAAW,eAAe,CAAC,CACjC,QAAO;AAET,WAAO,GAAG,aAAa,eAAe,EAAE,EAAE,UAAU,SAAS,CAAC;WACxD;AACN,WAAO;;;EAIX,MAAM,MAAoB;AACxB,OAAI,CAAC,MAAM,CACT;AAEF,OAAI;AACF,2BAAuB;AACvB,qBAAiB;AACjB,iBAAa;AACb,OAAG,cAAc,eAAe,EAAE,MAAM;KAAE,UAAU;KAAQ,MAAM;KAAO,CAAC;aAClE;AACR,YAAQ;;;EAIZ,SAAe;AACb,OAAI,CAAC,MAAM,CACT;AAEF,OAAI;AACF,QAAI,GAAG,WAAW,aAAa,CAAC,CAC9B,IAAG,OAAO,aAAa,EAAE;KAAE,WAAW;KAAM,OAAO;KAAM,CAAC;aAEpD;AACR,YAAQ;;;EAGb;;;;;;;;ACvBH,SAAS,sBAAsB,WAAoB,kBAAoC;CACrF,MAAM,UAAU,IAAI,SAAS;AAE7B,KAAI,UACF,SAAQ,IAAI,mBAAmB,UAAU;AAE3C,KAAI,iBACF,SAAQ,IAAI,2BAA2B,iBAAiB;AAG1D,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;AA0BT,SAAgB,qBAAqB,SAAgD;CACnF,MAAM,EAAE,SAAS,KAAK,WAAW,qBAAqB;CAEtD,IAAI,0BAA0B;CAE9B,MAAM,wBAA4D;AAChE,MAAI;GACF,MAAM,OAAO,QAAQ,MAAM;AAC3B,OAAI,CAAC,KACH;AAEF,UAAO,KAAK,MAAM,KAAK;UACjB;AACN;;;AAIJ,QAAO;EACL,MAAM,kBAA0D;GAE9D,MAAM,iBAAiB,iBAAiB;AACxC,OAAI,gBAAgB,kBAAkB,gBAAgB,UACpD,QAAO;GAIT,MAAM,UAAU,sBAAsB,WAAW,iBAAiB;GAGlE,MAAM,yBAAyB,MAAM,IAAI,6BAA6B,QAAQ;AAE9E,OAAI,uBACF,SAAQ,MAAM,KAAK,UAAU,uBAAuB,CAAC;AAGvD,UAAO;;EAGT,WAA+C;AAC7C,UAAO,iBAAiB;;EAG1B,aAAmB;AACjB,WAAQ,QAAQ;;EAGlB,MAAM,qBAA6D;GACjE,MAAM,UAAU,sBAAsB,WAAW,iBAAiB;AAClE,UAAO,IAAI,mBAAmB,QAAQ;;EAGxC,kBAAkB,UAAwB;AACxC,OAAI,CAAC,yBAAyB;AAC5B,8BAA0B;AAC1B,YAAQ,IAAI,yDAAyD,WAAW;;;EAIpF,MAAM,+BACJ,0BACA,qBACwB;GACxB,IAAI,iBAAiB;GACrB,IAAI,YAAY;GAChB,IAAIA;GACJ,IAAIC;AAEJ,OAAI;IACF,MAAM,oBAAoB,iBAAiB;AAM3C,QAFE,QAAQ,yBAAyB,IAAI,6BAA6B,mBAAmB,kBAEzD,mBAAmB;AAE/C,SAAI;AACF,YAAM,uBAAuB,UAAU,KAAK,oBAAoB,EAAE;OAChE,UAAU,GAAG,kBAAkB,eAAe;OAC9C,gBAAgB,OAAU,KAAK;OAChC,CAAC;aACI;AAIR,4BAAuB,IAAI;MACzB,UAAU,GAAG,kBAAkB,eAAe;MAC9C,KAAK,2BAA2B;MACjC,CAAC;AAEF,YAAO;MAAE;MAAgB;MAAW;MAAU;MAAY;;AAI5D,QAAI,CAAC,kBAAkB,CAAC,WAAW;KACjC,MAAMC,aAA4C,MAAM,KAAK,iBAAiB;AAE9E,SAAI,YAAY;AACd,uBAAiB,WAAW;AAC5B,kBAAY,WAAW;AACvB,iBAAW,WAAW;AACtB,mBAAa,WAAW;AAExB,6BAAuB,IAAI;OACzB,UAAU,WAAW;OACrB,KAAK,yBAAyB,WAAW;OAC1C,CAAC;;;WAGA;AAIR,UAAO;IAAE;IAAgB;IAAW;IAAU;IAAY;;EAE7D;;;;;;;;;;;;;;ACzQH,eAAsB,+BACpB,0BACA,qBACA,gBACA,eACwB;CACxB,IAAI,iBAAiB;CACrB,IAAI,YAAY;CAChB,IAAIC;CACJ,IAAIC;AAEJ,KAAI,CAAC,cACH,QAAO;EAAE;EAAgB;EAAW;EAAU;EAAY;AAG5D,KAAI,CAAC,eACH,QAAO;EAAE;EAAgB;EAAW;EAAU;EAAY;AAG5D,KAAI;EACF,MAAM,oBAAoB,eAAe,UAAU;AAMnD,MAFE,QAAQ,yBAAyB,IAAI,6BAA6B,mBAAmB,kBAEzD,mBAAmB;AAE/C,OAAI;AACF,UAAM,uBAAuB,UAAU,eAAe,oBAAoB,EAAE;KAC1E,UAAU,GAAG,kBAAkB,eAAe;KAC9C,gBAAgB,OAAU,KAAK;KAChC,CAAC;WACI;AAIR,0BAAuB,IAAI;IACzB,UAAU,GAAG,kBAAkB,eAAe;IAC9C,KAAK,2BAA2B;IACjC,CAAC;AAEF,UAAO;IAAE;IAAgB;IAAW;IAAU;IAAY;;AAI5D,MAAI,CAAC,kBAAkB,CAAC,WAAW;GACjC,MAAMC,aAA4C,MAAM,eAAe,iBAAiB;AAExF,OAAI,YAAY;AACd,qBAAiB,WAAW;AAC5B,gBAAY,WAAW;AACvB,eAAW,WAAW;AACtB,iBAAa,WAAW;AAExB,2BAAuB,IAAI;KACzB,UAAU,WAAW;KACrB,KAAK,yBAAyB,WAAW;KAC1C,CAAC;;;SAGA;AAIR,QAAO;EAAE;EAAgB;EAAW;EAAU;EAAY"}