{"version":3,"file":"index.js","sources":["../src/errors.ts","../src/util/identityTokenEndpoint.ts","../src/constants.ts","../src/util/tracing.ts","../src/util/logging.ts","../src/client/identityClient.ts","../src/util/checkTenantId.ts","../src/util/resolveTenantId.ts","../src/msal/utils.ts","../src/util/validateMultiTenant.ts","../src/regionalAuthority.ts","../src/msal/nodeFlows/msalNodeCommon.ts","../src/credentials/visualStudioCodeCredential.ts","../src/plugins/consumer.ts","../src/credentials/chainedTokenCredential.ts","../src/util/scopeUtils.ts","../src/credentials/azureCliCredential.ts","../src/util/processUtils.ts","../src/credentials/azurePowerShellCredential.ts","../src/msal/nodeFlows/msalClientSecret.ts","../src/credentials/clientSecretCredential.ts","../src/msal/nodeFlows/msalClientCertificate.ts","../src/credentials/clientCertificateCredential.ts","../src/msal/nodeFlows/msalUsernamePassword.ts","../src/credentials/usernamePasswordCredential.ts","../src/credentials/environmentCredential.ts","../src/credentials/managedIdentityCredential/constants.ts","../src/credentials/managedIdentityCredential/utils.ts","../src/credentials/managedIdentityCredential/appServiceMsi2017.ts","../src/credentials/managedIdentityCredential/cloudShellMsi.ts","../src/credentials/managedIdentityCredential/imdsMsi.ts","../src/credentials/managedIdentityCredential/arcMsi.ts","../src/credentials/managedIdentityCredential/tokenExchangeMsi.ts","../src/credentials/managedIdentityCredential/fabricMsi.ts","../src/credentials/managedIdentityCredential/appServiceMsi2019.ts","../src/credentials/managedIdentityCredential/index.ts","../src/credentials/defaultAzureCredential.ts","../src/msal/nodeFlows/msalClientAssertion.ts","../src/credentials/clientAssertionCredential.ts","../src/msal/nodeFlows/msalOpenBrowser.ts","../src/credentials/interactiveBrowserCredential.ts","../src/msal/nodeFlows/msalDeviceCode.ts","../src/credentials/deviceCodeCredential.ts","../src/msal/nodeFlows/msalAuthorizationCode.ts","../src/credentials/authorizationCodeCredential.ts","../src/msal/nodeFlows/msalOnBehalfOf.ts","../src/credentials/onBehalfOfCredential.ts","../src/index.ts"],"sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * See the official documentation for more details:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1\n *\n * NOTE: This documentation is for v1 OAuth support but the same error\n * response details still apply to v2.\n */\nexport interface ErrorResponse {\n /**\n * The string identifier for the error.\n */\n error: string;\n\n /**\n * The error's description.\n */\n errorDescription: string;\n\n /**\n * An array of codes pertaining to the error(s) that occurred.\n */\n errorCodes?: number[];\n\n /**\n * The timestamp at which the error occurred.\n */\n timestamp?: string;\n\n /**\n * The trace identifier for this error occurrence.\n */\n traceId?: string;\n\n /**\n * The correlation ID to be used for tracking the source of the error.\n */\n correlationId?: string;\n}\n\n/**\n * Used for internal deserialization of OAuth responses. Public model is ErrorResponse\n * @internal\n */\nexport interface OAuthErrorResponse {\n error: string;\n error_description: string;\n error_codes?: number[];\n timestamp?: string;\n trace_id?: string;\n correlation_id?: string;\n}\n\nfunction isErrorResponse(errorResponse: any): errorResponse is OAuthErrorResponse {\n return (\n errorResponse &&\n typeof errorResponse.error === \"string\" &&\n typeof errorResponse.error_description === \"string\"\n );\n}\n\n/**\n * The Error.name value of an CredentialUnavailable\n */\nexport const CredentialUnavailableErrorName = \"CredentialUnavailableError\";\n\n/**\n * This signifies that the credential that was tried in a chained credential\n * was not available to be used as the credential. Rather than treating this as\n * an error that should halt the chain, it's caught and the chain continues\n */\nexport class CredentialUnavailableError extends Error {\n constructor(message?: string) {\n super(message);\n this.name = CredentialUnavailableErrorName;\n }\n}\n\n/**\n * The Error.name value of an AuthenticationError\n */\nexport const AuthenticationErrorName = \"AuthenticationError\";\n\n/**\n * Provides details about a failure to authenticate with Azure Active\n * Directory. The `errorResponse` field contains more details about\n * the specific failure.\n */\nexport class AuthenticationError extends Error {\n /**\n * The HTTP status code returned from the authentication request.\n */\n public readonly statusCode: number;\n\n /**\n * The error response details.\n */\n public readonly errorResponse: ErrorResponse;\n\n // eslint-disable-next-line @typescript-eslint/ban-types\n constructor(statusCode: number, errorBody: object | string | undefined | null) {\n let errorResponse: ErrorResponse = {\n error: \"unknown\",\n errorDescription: \"An unknown error occurred and no additional details are available.\",\n };\n\n if (isErrorResponse(errorBody)) {\n errorResponse = convertOAuthErrorResponseToErrorResponse(errorBody);\n } else if (typeof errorBody === \"string\") {\n try {\n // Most error responses will contain JSON-formatted error details\n // in the response body\n const oauthErrorResponse: OAuthErrorResponse = JSON.parse(errorBody);\n errorResponse = convertOAuthErrorResponseToErrorResponse(oauthErrorResponse);\n } catch (e: any) {\n if (statusCode === 400) {\n errorResponse = {\n error: \"authority_not_found\",\n errorDescription: \"The specified authority URL was not found.\",\n };\n } else {\n errorResponse = {\n error: \"unknown_error\",\n errorDescription: `An unknown error has occurred. Response body:\\n\\n${errorBody}`,\n };\n }\n }\n } else {\n errorResponse = {\n error: \"unknown_error\",\n errorDescription: \"An unknown error occurred and no additional details are available.\",\n };\n }\n\n super(\n `${errorResponse.error} Status code: ${statusCode}\\nMore details:\\n${errorResponse.errorDescription}`\n );\n this.statusCode = statusCode;\n this.errorResponse = errorResponse;\n\n // Ensure that this type reports the correct name\n this.name = AuthenticationErrorName;\n }\n}\n\n/**\n * The Error.name value of an AggregateAuthenticationError\n */\nexport const AggregateAuthenticationErrorName = \"AggregateAuthenticationError\";\n\n/**\n * Provides an `errors` array containing {@link AuthenticationError} instance\n * for authentication failures from credentials in a {@link ChainedTokenCredential}.\n */\nexport class AggregateAuthenticationError extends Error {\n /**\n * The array of error objects that were thrown while trying to authenticate\n * with the credentials in a {@link ChainedTokenCredential}.\n */\n public errors: any[];\n\n constructor(errors: any[], errorMessage?: string) {\n const errorDetail = errors.join(\"\\n\");\n super(`${errorMessage}\\n${errorDetail}`);\n this.errors = errors;\n\n // Ensure that this type reports the correct name\n this.name = AggregateAuthenticationErrorName;\n }\n}\n\nfunction convertOAuthErrorResponseToErrorResponse(errorBody: OAuthErrorResponse): ErrorResponse {\n return {\n error: errorBody.error,\n errorDescription: errorBody.error_description,\n correlationId: errorBody.correlation_id,\n errorCodes: errorBody.error_codes,\n timestamp: errorBody.timestamp,\n traceId: errorBody.trace_id,\n };\n}\n\n/**\n * Optional parameters to the {@link AuthenticationRequiredError}\n */\nexport interface AuthenticationRequiredErrorOptions {\n /**\n * The list of scopes for which the token will have access.\n */\n scopes: string[];\n /**\n * The options passed to the getToken request.\n */\n getTokenOptions?: GetTokenOptions;\n /**\n * The message of the error.\n */\n message?: string;\n}\n\n/**\n * Error used to enforce authentication after trying to retrieve a token silently.\n */\nexport class AuthenticationRequiredError extends Error {\n /**\n * The list of scopes for which the token will have access.\n */\n public scopes: string[];\n /**\n * The options passed to the getToken request.\n */\n public getTokenOptions?: GetTokenOptions;\n\n constructor(\n /**\n * Optional parameters. A message can be specified. The {@link GetTokenOptions} of the request can also be specified to more easily associate the error with the received parameters.\n */\n options: AuthenticationRequiredErrorOptions\n ) {\n super(options.message);\n this.scopes = options.scopes;\n this.getTokenOptions = options.getTokenOptions;\n this.name = \"AuthenticationRequiredError\";\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nexport function getIdentityTokenEndpointSuffix(tenantId: string): string {\n if (tenantId === \"adfs\") {\n return \"oauth2/token\";\n } else {\n return \"oauth2/v2.0/token\";\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/**\n * Current version of the `@azure/identity` package.\n */\nexport const SDK_VERSION = `2.1.0`;\n\n/**\n * The default client ID for authentication\n * @internal\n */\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/**\n * The default tenant for authentication\n * @internal\n */\nexport const DefaultTenantId = \"common\";\n\n/**\n * A list of known Azure authority hosts\n */\nexport enum AzureAuthorityHosts {\n /**\n * China-based Azure Authority Host\n */\n AzureChina = \"https://login.chinacloudapi.cn\",\n /**\n * Germany-based Azure Authority Host\n */\n AzureGermany = \"https://login.microsoftonline.de\",\n /**\n * US Government Azure Authority Host\n */\n AzureGovernment = \"https://login.microsoftonline.us\",\n /**\n * Public Cloud Azure Authority Host\n */\n AzurePublicCloud = \"https://login.microsoftonline.com\",\n}\n\n/**\n * The default authority host.\n */\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { createTracingClient } from \"@azure/core-tracing\";\nimport { SDK_VERSION } from \"../constants\";\n\n/**\n * Creates a span using the global tracer.\n * @internal\n */\nexport const tracingClient = createTracingClient({\n namespace: \"Microsoft.AAD\",\n packageName: \"@azure/identity\",\n packageVersion: SDK_VERSION,\n});\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AzureLogger, createClientLogger } from \"@azure/logger\";\n\n/**\n * The AzureLogger used for all clients within the identity package\n */\nexport const logger = createClientLogger(\"identity\");\n\ninterface EnvironmentAccumulator {\n missing: string[];\n assigned: string[];\n}\n\n/**\n * Separates a list of environment variable names into a plain object with two arrays: an array of missing environment variables and another array with assigned environment variables.\n * @param supportedEnvVars - List of environment variable names\n */\nexport function processEnvVars(supportedEnvVars: string[]): EnvironmentAccumulator {\n return supportedEnvVars.reduce(\n (acc: EnvironmentAccumulator, envVariable: string) => {\n if (process.env[envVariable]) {\n acc.assigned.push(envVariable);\n } else {\n acc.missing.push(envVariable);\n }\n return acc;\n },\n { missing: [], assigned: [] }\n );\n}\n\n/**\n * Based on a given list of environment variable names,\n * logs the environment variables currently assigned during the usage of a credential that goes by the given name.\n * @param credentialName - Name of the credential in use\n * @param supportedEnvVars - List of environment variables supported by that credential\n */\nexport function logEnvVars(credentialName: string, supportedEnvVars: string[]): void {\n const { assigned } = processEnvVars(supportedEnvVars);\n logger.info(\n `${credentialName} => Found the following environment variables: ${assigned.join(\", \")}`\n );\n}\n\n/**\n * Formatting the success event on the credentials\n */\nexport function formatSuccess(scope: string | string[]): string {\n return `SUCCESS. Scopes: ${Array.isArray(scope) ? scope.join(\", \") : scope}.`;\n}\n\n/**\n * Formatting the success event on the credentials\n */\nexport function formatError(scope: string | string[] | undefined, error: Error | string): string {\n let message = \"ERROR.\";\n if (scope?.length) {\n message += ` Scopes: ${Array.isArray(scope) ? scope.join(\", \") : scope}.`;\n }\n return `${message} Error message: ${typeof error === \"string\" ? error : error.message}.`;\n}\n\n/**\n * A CredentialLoggerInstance is a logger properly formatted to work in a credential's constructor, and its methods.\n */\nexport interface CredentialLoggerInstance {\n title: string;\n fullTitle: string;\n info(message: string): void;\n warning(message: string): void;\n /**\n * The logging functions for warning and error are intentionally left out, since we want the identity logging to be at the info level.\n * Otherwise, they would look like:\n *\n * warning(message: string): void;\n * error(err: Error): void;\n */\n}\n\n/**\n * Generates a CredentialLoggerInstance.\n *\n * It logs with the format:\n *\n * `[title] => [message]`\n *\n */\nexport function credentialLoggerInstance(\n title: string,\n parent?: CredentialLoggerInstance,\n log: AzureLogger = logger\n): CredentialLoggerInstance {\n const fullTitle = parent ? `${parent.fullTitle} ${title}` : title;\n\n function info(message: string): void {\n log.info(`${fullTitle} =>`, message);\n }\n\n function warning(message: string): void {\n log.warning(`${fullTitle} =>`, message);\n }\n return {\n title,\n fullTitle,\n info,\n warning,\n };\n}\n\n/**\n * A CredentialLogger is a logger declared at the credential's constructor, and used at any point in the credential.\n * It has all the properties of a CredentialLoggerInstance, plus other logger instances, one per method.\n */\nexport interface CredentialLogger extends CredentialLoggerInstance {\n parent: AzureLogger;\n getToken: CredentialLoggerInstance;\n}\n\n/**\n * Generates a CredentialLogger, which is a logger declared at the credential's constructor, and used at any point in the credential.\n * It has all the properties of a CredentialLoggerInstance, plus other logger instances, one per method.\n *\n * It logs with the format:\n *\n * `[title] => [message]`\n * `[title] => getToken() => [message]`\n *\n */\nexport function credentialLogger(title: string, log: AzureLogger = logger): CredentialLogger {\n const credLogger = credentialLoggerInstance(title, undefined, log);\n return {\n ...credLogger,\n parent: log,\n getToken: credentialLoggerInstance(\"=> getToken()\", credLogger, log),\n };\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { INetworkModule, NetworkRequestOptions, NetworkResponse } from \"@azure/msal-common\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { ServiceClient } from \"@azure/core-client\";\nimport { isNode } from \"@azure/core-util\";\nimport {\n PipelineRequest,\n PipelineResponse,\n createHttpHeaders,\n createPipelineRequest,\n} from \"@azure/core-rest-pipeline\";\nimport { AbortController, AbortSignalLike } from \"@azure/abort-controller\";\nimport { AuthenticationError, AuthenticationErrorName } from \"../errors\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { DefaultAuthorityHost, SDK_VERSION } from \"../constants\";\nimport { tracingClient } from \"../util/tracing\";\nimport { logger } from \"../util/logging\";\nimport { TokenCredentialOptions } from \"../tokenCredentialOptions\";\n\nconst noCorrelationId = \"noCorrelationId\";\n\n/**\n * An internal type used to communicate details of a token request's\n * response that should not be sent back as part of the access token.\n */\nexport interface TokenResponse {\n /**\n * The AccessToken to be returned from getToken.\n */\n accessToken: AccessToken;\n\n /**\n * The refresh token if the 'offline_access' scope was used.\n */\n refreshToken?: string;\n}\n\n/**\n * Internal type roughly matching the raw responses of the authentication endpoints.\n *\n * @internal\n */\nexport interface TokenResponseParsedBody {\n token?: string;\n access_token?: string;\n refresh_token?: string;\n expires_in: number;\n expires_on?: number | string;\n}\n\n/**\n * @internal\n */\nexport function getIdentityClientAuthorityHost(options?: TokenCredentialOptions): string {\n // The authorityHost can come from options or from the AZURE_AUTHORITY_HOST environment variable.\n let authorityHost = options?.authorityHost;\n\n // The AZURE_AUTHORITY_HOST environment variable can only be provided in Node.js.\n if (isNode) {\n authorityHost = authorityHost ?? process.env.AZURE_AUTHORITY_HOST;\n }\n\n // If the authorityHost is not provided, we use the default one from the public cloud: https://login.microsoftonline.com\n return authorityHost ?? DefaultAuthorityHost;\n}\n\n/**\n * The network module used by the Identity credentials.\n *\n * It allows for credentials to abort any pending request independently of the MSAL flow,\n * by calling to the `abortRequests()` method.\n *\n */\nexport class IdentityClient extends ServiceClient implements INetworkModule {\n public authorityHost: string;\n private allowLoggingAccountIdentifiers?: boolean;\n private abortControllers: Map;\n\n constructor(options?: TokenCredentialOptions) {\n const packageDetails = `azsdk-js-identity/${SDK_VERSION}`;\n const userAgentPrefix = options?.userAgentOptions?.userAgentPrefix\n ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`\n : `${packageDetails}`;\n\n const baseUri = getIdentityClientAuthorityHost(options);\n if (!baseUri.startsWith(\"https:\")) {\n throw new Error(\"The authorityHost address must use the 'https' protocol.\");\n }\n\n super({\n requestContentType: \"application/json; charset=utf-8\",\n retryOptions: {\n maxRetries: 3,\n },\n ...options,\n userAgentOptions: {\n userAgentPrefix,\n },\n baseUri,\n });\n\n this.authorityHost = baseUri;\n this.abortControllers = new Map();\n this.allowLoggingAccountIdentifiers = options?.loggingOptions?.allowLoggingAccountIdentifiers;\n }\n\n async sendTokenRequest(\n request: PipelineRequest,\n expiresOnParser?: (responseBody: TokenResponseParsedBody) => number\n ): Promise {\n logger.info(`IdentityClient: sending token request to [${request.url}]`);\n const response = await this.sendRequest(request);\n\n expiresOnParser =\n expiresOnParser ||\n ((responseBody: TokenResponseParsedBody) => {\n return Date.now() + responseBody.expires_in * 1000;\n });\n\n if (response.bodyAsText && (response.status === 200 || response.status === 201)) {\n const parsedBody: TokenResponseParsedBody = JSON.parse(response.bodyAsText);\n\n if (!parsedBody.access_token) {\n return null;\n }\n\n this.logIdentifiers(response);\n\n const token = {\n accessToken: {\n token: parsedBody.access_token,\n expiresOnTimestamp: expiresOnParser(parsedBody),\n },\n refreshToken: parsedBody.refresh_token,\n };\n\n logger.info(\n `IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`\n );\n return token;\n } else {\n const error = new AuthenticationError(response.status, response.bodyAsText);\n logger.warning(\n `IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`\n );\n throw error;\n }\n }\n\n async refreshAccessToken(\n tenantId: string,\n clientId: string,\n scopes: string,\n refreshToken: string | undefined,\n clientSecret: string | undefined,\n expiresOnParser?: (responseBody: TokenResponseParsedBody) => number,\n options: GetTokenOptions = {}\n ): Promise {\n if (refreshToken === undefined) {\n return null;\n }\n logger.info(\n `IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`\n );\n\n const refreshParams = {\n grant_type: \"refresh_token\",\n client_id: clientId,\n refresh_token: refreshToken,\n scope: scopes,\n };\n\n if (clientSecret !== undefined) {\n (refreshParams as any).client_secret = clientSecret;\n }\n\n const query = new URLSearchParams(refreshParams);\n\n return tracingClient.withSpan(\n \"IdentityClient.refreshAccessToken\",\n options,\n async (updatedOptions) => {\n try {\n const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);\n const request = createPipelineRequest({\n url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,\n method: \"POST\",\n body: query.toString(),\n abortSignal: options.abortSignal,\n headers: createHttpHeaders({\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n }),\n tracingOptions: updatedOptions.tracingOptions,\n });\n\n const response = await this.sendTokenRequest(request, expiresOnParser);\n logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);\n return response;\n } catch (err: any) {\n if (\n err.name === AuthenticationErrorName &&\n err.errorResponse.error === \"interaction_required\"\n ) {\n // It's likely that the refresh token has expired, so\n // return null so that the credential implementation will\n // initiate the authentication flow again.\n logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);\n return null;\n } else {\n logger.warning(\n `IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`\n );\n throw err;\n }\n }\n }\n );\n }\n\n // Here is a custom layer that allows us to abort requests that go through MSAL,\n // since MSAL doesn't allow us to pass options all the way through.\n\n generateAbortSignal(correlationId: string): AbortSignalLike {\n const controller = new AbortController();\n const controllers = this.abortControllers.get(correlationId) || [];\n controllers.push(controller);\n this.abortControllers.set(correlationId, controllers);\n const existingOnAbort = controller.signal.onabort;\n controller.signal.onabort = (...params) => {\n this.abortControllers.set(correlationId, undefined);\n if (existingOnAbort) {\n existingOnAbort(...params);\n }\n };\n return controller.signal;\n }\n\n abortRequests(correlationId?: string): void {\n const key = correlationId || noCorrelationId;\n const controllers = [\n ...(this.abortControllers.get(key) || []),\n // MSAL passes no correlation ID to the get requests...\n ...(this.abortControllers.get(noCorrelationId) || []),\n ];\n if (!controllers.length) {\n return;\n }\n for (const controller of controllers) {\n controller.abort();\n }\n this.abortControllers.set(key, undefined);\n }\n\n getCorrelationId(options?: NetworkRequestOptions): string {\n const parameter = options?.body\n ?.split(\"&\")\n .map((part) => part.split(\"=\"))\n .find(([key]) => key === \"client-request-id\");\n return parameter && parameter.length ? parameter[1] || noCorrelationId : noCorrelationId;\n }\n\n // The MSAL network module methods follow\n\n async sendGetRequestAsync(\n url: string,\n options?: NetworkRequestOptions\n ): Promise> {\n const request = createPipelineRequest({\n url,\n method: \"GET\",\n body: options?.body,\n headers: createHttpHeaders(options?.headers),\n abortSignal: this.generateAbortSignal(noCorrelationId),\n });\n\n const response = await this.sendRequest(request);\n\n this.logIdentifiers(response);\n\n return {\n body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,\n headers: response.headers.toJSON(),\n status: response.status,\n };\n }\n\n async sendPostRequestAsync(\n url: string,\n options?: NetworkRequestOptions\n ): Promise> {\n const request = createPipelineRequest({\n url,\n method: \"POST\",\n body: options?.body,\n headers: createHttpHeaders(options?.headers),\n // MSAL doesn't send the correlation ID on the get requests.\n abortSignal: this.generateAbortSignal(this.getCorrelationId(options)),\n });\n\n const response = await this.sendRequest(request);\n\n this.logIdentifiers(response);\n\n return {\n body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,\n headers: response.headers.toJSON(),\n status: response.status,\n };\n }\n\n /**\n * If allowLoggingAccountIdentifiers was set on the constructor options\n * we try to log the account identifiers by parsing the received access token.\n *\n * The account identifiers we try to log are:\n * - `appid`: The application or Client Identifier.\n * - `upn`: User Principal Name.\n * - It might not be available in some authentication scenarios.\n * - If it's not available, we put a placeholder: \"No User Principal Name available\".\n * - `tid`: Tenant Identifier.\n * - `oid`: Object Identifier of the authenticated user.\n */\n private logIdentifiers(response: PipelineResponse): void {\n if (!this.allowLoggingAccountIdentifiers || !response.bodyAsText) {\n return;\n }\n const unavailableUpn = \"No User Principal Name available\";\n try {\n const parsed = (response as any).parsedBody || JSON.parse(response.bodyAsText);\n const accessToken = parsed.access_token;\n if (!accessToken) {\n // Without an access token allowLoggingAccountIdentifiers isn't useful.\n return;\n }\n const base64Metadata = accessToken.split(\".\")[1];\n const { appid, upn, tid, oid } = JSON.parse(\n Buffer.from(base64Metadata, \"base64\").toString(\"utf8\")\n );\n\n logger.info(\n `[Authenticated account] Client ID: ${appid}. Tenant ID: ${tid}. User Principal Name: ${\n upn || unavailableUpn\n }. Object ID (user): ${oid}`\n );\n } catch (e: any) {\n logger.warning(\n \"allowLoggingAccountIdentifiers was set, but we couldn't log the account information. Error:\",\n e.message\n );\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { CredentialLogger, formatError } from \"../util/logging\";\n\nexport function checkTenantId(logger: CredentialLogger, tenantId: string): void {\n if (!tenantId.match(/^[0-9a-zA-Z-.:/]+$/)) {\n const error = new Error(\n \"Invalid tenant id provided. You can locate your tenant id by following the instructions listed here: https://docs.microsoft.com/partner-center/find-ids-and-domain-names.\"\n );\n logger.info(formatError(\"\", error));\n throw error;\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { DeveloperSignOnClientId } from \"../constants\";\nimport { checkTenantId } from \"./checkTenantId\";\nimport { CredentialLogger } from \"./logging\";\n\nexport function resolveTenantId(\n logger: CredentialLogger,\n tenantId?: string,\n clientId?: string\n): string {\n if (tenantId) {\n checkTenantId(logger, tenantId);\n return tenantId;\n }\n if (!clientId) {\n clientId = DeveloperSignOnClientId;\n }\n if (clientId !== DeveloperSignOnClientId) {\n return \"common\";\n }\n return \"organizations\";\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalCommon from \"@azure/msal-common\";\nimport { isNode } from \"@azure/core-util\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { AbortError } from \"@azure/abort-controller\";\n\nimport { v4 as uuidv4 } from \"uuid\";\nimport { CredentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../errors\";\nimport { DefaultAuthorityHost, DefaultTenantId } from \"../constants\";\nimport { AuthenticationRecord, MsalAccountInfo, MsalResult, MsalToken } from \"./types\";\nimport { MsalFlowOptions } from \"./flows\";\n\n/**\n * Latest AuthenticationRecord version\n * @internal\n */\nconst LatestAuthenticationRecordVersion = \"1.0\";\n\n/**\n * Ensures the validity of the MSAL token\n * @internal\n */\nexport function ensureValidMsalToken(\n scopes: string | string[],\n logger: CredentialLogger,\n msalToken?: MsalToken,\n getTokenOptions?: GetTokenOptions\n): void {\n const error = (message: string): Error => {\n logger.getToken.info(message);\n return new AuthenticationRequiredError({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n getTokenOptions,\n message,\n });\n };\n if (!msalToken) {\n throw error(\"No response\");\n }\n if (!msalToken.expiresOn) {\n throw error(`Response had no \"expiresOn\" property.`);\n }\n if (!msalToken.accessToken) {\n throw error(`Response had no \"accessToken\" property.`);\n }\n}\n\n/**\n * Generates a valid authority by combining a host with a tenantId.\n * @internal\n */\nexport function getAuthority(tenantId: string, host?: string): string {\n if (!host) {\n host = DefaultAuthorityHost;\n }\n if (new RegExp(`${tenantId}/?$`).test(host)) {\n return host;\n }\n if (host.endsWith(\"/\")) {\n return host + tenantId;\n } else {\n return `${host}/${tenantId}`;\n }\n}\n\n/**\n * Generates the known authorities.\n * If the Tenant Id is `adfs`, the authority can't be validated since the format won't match the expected one.\n * For that reason, we have to force MSAL to disable validating the authority\n * by sending it within the known authorities in the MSAL configuration.\n * @internal\n */\nexport function getKnownAuthorities(tenantId: string, authorityHost: string): string[] {\n if (tenantId === \"adfs\" && authorityHost) {\n return [authorityHost];\n }\n return [];\n}\n\n/**\n * Generates a logger that can be passed to the MSAL clients.\n * @param logger - The logger of the credential.\n * @internal\n */\nexport const defaultLoggerCallback: (\n logger: CredentialLogger,\n platform?: \"Node\" | \"Browser\"\n) => msalCommon.ILoggerCallback =\n (logger: CredentialLogger, platform: \"Node\" | \"Browser\" = isNode ? \"Node\" : \"Browser\") =>\n (level, message, containsPii): void => {\n if (containsPii) {\n return;\n }\n switch (level) {\n case msalCommon.LogLevel.Error:\n logger.info(`MSAL ${platform} V2 error: ${message}`);\n return;\n case msalCommon.LogLevel.Info:\n logger.info(`MSAL ${platform} V2 info message: ${message}`);\n return;\n case msalCommon.LogLevel.Verbose:\n logger.info(`MSAL ${platform} V2 verbose message: ${message}`);\n return;\n case msalCommon.LogLevel.Warning:\n logger.info(`MSAL ${platform} V2 warning: ${message}`);\n return;\n }\n };\n\n/**\n * The common utility functions for the MSAL clients.\n * Defined as a class so that the classes extending this one can have access to its methods and protected properties.\n *\n * It keeps track of a logger and an in-memory copy of the AuthenticationRecord.\n *\n * @internal\n */\nexport class MsalBaseUtilities {\n protected logger: CredentialLogger;\n protected account: AuthenticationRecord | undefined;\n\n constructor(options: MsalFlowOptions) {\n this.logger = options.logger;\n this.account = options.authenticationRecord;\n }\n\n /**\n * Generates a UUID\n */\n generateUuid(): string {\n return uuidv4();\n }\n\n /**\n * Handles the MSAL authentication result.\n * If the result has an account, we update the local account reference.\n * If the token received is invalid, an error will be thrown depending on what's missing.\n */\n protected handleResult(\n scopes: string | string[],\n clientId: string,\n result?: MsalResult,\n getTokenOptions?: GetTokenOptions\n ): AccessToken {\n if (result?.account) {\n this.account = msalToPublic(clientId, result.account);\n }\n ensureValidMsalToken(scopes, this.logger, result, getTokenOptions);\n this.logger.getToken.info(formatSuccess(scopes));\n return {\n token: result!.accessToken!,\n expiresOnTimestamp: result!.expiresOn!.getTime(),\n };\n }\n\n /**\n * Handles MSAL errors.\n */\n protected handleError(scopes: string[], error: Error, getTokenOptions?: GetTokenOptions): Error {\n if (\n error.name === \"AuthError\" ||\n error.name === \"ClientAuthError\" ||\n error.name === \"BrowserAuthError\"\n ) {\n const msalError = error as msalCommon.AuthError;\n switch (msalError.errorCode) {\n case \"endpoints_resolution_error\":\n this.logger.info(formatError(scopes, error.message));\n return new CredentialUnavailableError(error.message);\n case \"device_code_polling_cancelled\":\n return new AbortError(\"The authentication has been aborted by the caller.\");\n case \"consent_required\":\n case \"interaction_required\":\n case \"login_required\":\n this.logger.info(\n formatError(scopes, `Authentication returned errorCode ${msalError.errorCode}`)\n );\n break;\n default:\n this.logger.info(formatError(scopes, `Failed to acquire token: ${error.message}`));\n break;\n }\n }\n if (\n error.name === \"ClientConfigurationError\" ||\n error.name === \"BrowserConfigurationAuthError\" ||\n error.name === \"AbortError\"\n ) {\n return error;\n }\n return new AuthenticationRequiredError({ scopes, getTokenOptions, message: error.message });\n }\n}\n\n// transformations.ts\n\nexport function publicToMsal(account: AuthenticationRecord): msalCommon.AccountInfo {\n const [environment] = account.authority.match(/([a-z]*\\.[a-z]*\\.[a-z]*)/) || [];\n return {\n ...account,\n localAccountId: account.homeAccountId,\n environment,\n };\n}\n\nexport function msalToPublic(clientId: string, account: MsalAccountInfo): AuthenticationRecord {\n const record = {\n authority: getAuthority(account.tenantId, account.environment),\n homeAccountId: account.homeAccountId,\n tenantId: account.tenantId || DefaultTenantId,\n username: account.username,\n clientId,\n version: LatestAuthenticationRecordVersion,\n };\n return record;\n}\n\n/**\n * Serializes an `AuthenticationRecord` into a string.\n *\n * The output of a serialized authentication record will contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * To later convert this string to a serialized `AuthenticationRecord`, please use the exported function `deserializeAuthenticationRecord()`.\n */\nexport function serializeAuthenticationRecord(record: AuthenticationRecord): string {\n return JSON.stringify(record);\n}\n\n/**\n * Deserializes a previously serialized authentication record from a string into an object.\n *\n * The input string must contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * If the version we receive is unsupported, an error will be thrown.\n *\n * At the moment, the only available version is: \"1.0\", which is always set when the authentication record is serialized.\n *\n * @param serializedRecord - Authentication record previously serialized into string.\n * @returns AuthenticationRecord.\n */\nexport function deserializeAuthenticationRecord(serializedRecord: string): AuthenticationRecord {\n const parsed: AuthenticationRecord & { version?: string } = JSON.parse(serializedRecord);\n\n if (parsed.version && parsed.version !== LatestAuthenticationRecordVersion) {\n throw Error(\"Unsupported AuthenticationRecord version\");\n }\n\n return parsed;\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * @internal\n */\nexport const multiTenantDisabledErrorMessage =\n \"A getToken request was attempted with a tenant different than the tenant configured at the initialization of the credential, but multi-tenant authentication has been disabled by the environment variable AZURE_IDENTITY_DISABLE_MULTITENANTAUTH.\";\n\n/**\n * @internal\n */\nexport const multiTenantADFSErrorMessage =\n \"A new tenant Id can't be assigned through the GetTokenOptions when a credential has been originally configured to use the tenant `adfs`.\";\n\n/**\n * Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,\n * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),\n * or unless the original tenant Id is `adfs`.\n * @internal\n */\nexport function processMultiTenantRequest(\n tenantId?: string,\n getTokenOptions?: GetTokenOptions\n): string | undefined {\n if (!getTokenOptions?.tenantId) {\n return tenantId;\n }\n if (process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH) {\n throw new Error(multiTenantDisabledErrorMessage);\n }\n if (tenantId === \"adfs\") {\n throw new Error(multiTenantADFSErrorMessage);\n }\n return getTokenOptions?.tenantId;\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/**\n * Helps specify a regional authority, or \"AutoDiscoverRegion\" to auto-detect the region.\n */\nexport enum RegionalAuthority {\n /** Instructs MSAL to attempt to discover the region */\n AutoDiscoverRegion = \"AutoDiscoverRegion\",\n /** Uses the {@link RegionalAuthority} for the Azure 'westus' region. */\n USWest = \"westus\",\n /** Uses the {@link RegionalAuthority} for the Azure 'westus2' region. */\n USWest2 = \"westus2\",\n /** Uses the {@link RegionalAuthority} for the Azure 'centralus' region. */\n USCentral = \"centralus\",\n /** Uses the {@link RegionalAuthority} for the Azure 'eastus' region. */\n USEast = \"eastus\",\n /** Uses the {@link RegionalAuthority} for the Azure 'eastus2' region. */\n USEast2 = \"eastus2\",\n /** Uses the {@link RegionalAuthority} for the Azure 'northcentralus' region. */\n USNorthCentral = \"northcentralus\",\n /** Uses the {@link RegionalAuthority} for the Azure 'southcentralus' region. */\n USSouthCentral = \"southcentralus\",\n /** Uses the {@link RegionalAuthority} for the Azure 'westcentralus' region. */\n USWestCentral = \"westcentralus\",\n /** Uses the {@link RegionalAuthority} for the Azure 'canadacentral' region. */\n CanadaCentral = \"canadacentral\",\n /** Uses the {@link RegionalAuthority} for the Azure 'canadaeast' region. */\n CanadaEast = \"canadaeast\",\n /** Uses the {@link RegionalAuthority} for the Azure 'brazilsouth' region. */\n BrazilSouth = \"brazilsouth\",\n /** Uses the {@link RegionalAuthority} for the Azure 'northeurope' region. */\n EuropeNorth = \"northeurope\",\n /** Uses the {@link RegionalAuthority} for the Azure 'westeurope' region. */\n EuropeWest = \"westeurope\",\n /** Uses the {@link RegionalAuthority} for the Azure 'uksouth' region. */\n UKSouth = \"uksouth\",\n /** Uses the {@link RegionalAuthority} for the Azure 'ukwest' region. */\n UKWest = \"ukwest\",\n /** Uses the {@link RegionalAuthority} for the Azure 'francecentral' region. */\n FranceCentral = \"francecentral\",\n /** Uses the {@link RegionalAuthority} for the Azure 'francesouth' region. */\n FranceSouth = \"francesouth\",\n /** Uses the {@link RegionalAuthority} for the Azure 'switzerlandnorth' region. */\n SwitzerlandNorth = \"switzerlandnorth\",\n /** Uses the {@link RegionalAuthority} for the Azure 'switzerlandwest' region. */\n SwitzerlandWest = \"switzerlandwest\",\n /** Uses the {@link RegionalAuthority} for the Azure 'germanynorth' region. */\n GermanyNorth = \"germanynorth\",\n /** Uses the {@link RegionalAuthority} for the Azure 'germanywestcentral' region. */\n GermanyWestCentral = \"germanywestcentral\",\n /** Uses the {@link RegionalAuthority} for the Azure 'norwaywest' region. */\n NorwayWest = \"norwaywest\",\n /** Uses the {@link RegionalAuthority} for the Azure 'norwayeast' region. */\n NorwayEast = \"norwayeast\",\n /** Uses the {@link RegionalAuthority} for the Azure 'eastasia' region. */\n AsiaEast = \"eastasia\",\n /** Uses the {@link RegionalAuthority} for the Azure 'southeastasia' region. */\n AsiaSouthEast = \"southeastasia\",\n /** Uses the {@link RegionalAuthority} for the Azure 'japaneast' region. */\n JapanEast = \"japaneast\",\n /** Uses the {@link RegionalAuthority} for the Azure 'japanwest' region. */\n JapanWest = \"japanwest\",\n /** Uses the {@link RegionalAuthority} for the Azure 'australiaeast' region. */\n AustraliaEast = \"australiaeast\",\n /** Uses the {@link RegionalAuthority} for the Azure 'australiasoutheast' region. */\n AustraliaSouthEast = \"australiasoutheast\",\n /** Uses the {@link RegionalAuthority} for the Azure 'australiacentral' region. */\n AustraliaCentral = \"australiacentral\",\n /** Uses the {@link RegionalAuthority} for the Azure 'australiacentral2' region. */\n AustraliaCentral2 = \"australiacentral2\",\n /** Uses the {@link RegionalAuthority} for the Azure 'centralindia' region. */\n IndiaCentral = \"centralindia\",\n /** Uses the {@link RegionalAuthority} for the Azure 'southindia' region. */\n IndiaSouth = \"southindia\",\n /** Uses the {@link RegionalAuthority} for the Azure 'westindia' region. */\n IndiaWest = \"westindia\",\n /** Uses the {@link RegionalAuthority} for the Azure 'koreasouth' region. */\n KoreaSouth = \"koreasouth\",\n /** Uses the {@link RegionalAuthority} for the Azure 'koreacentral' region. */\n KoreaCentral = \"koreacentral\",\n /** Uses the {@link RegionalAuthority} for the Azure 'uaecentral' region. */\n UAECentral = \"uaecentral\",\n /** Uses the {@link RegionalAuthority} for the Azure 'uaenorth' region. */\n UAENorth = \"uaenorth\",\n /** Uses the {@link RegionalAuthority} for the Azure 'southafricanorth' region. */\n SouthAfricaNorth = \"southafricanorth\",\n /** Uses the {@link RegionalAuthority} for the Azure 'southafricawest' region. */\n SouthAfricaWest = \"southafricawest\",\n /** Uses the {@link RegionalAuthority} for the Azure 'chinanorth' region. */\n ChinaNorth = \"chinanorth\",\n /** Uses the {@link RegionalAuthority} for the Azure 'chinaeast' region. */\n ChinaEast = \"chinaeast\",\n /** Uses the {@link RegionalAuthority} for the Azure 'chinanorth2' region. */\n ChinaNorth2 = \"chinanorth2\",\n /** Uses the {@link RegionalAuthority} for the Azure 'chinaeast2' region. */\n ChinaEast2 = \"chinaeast2\",\n /** Uses the {@link RegionalAuthority} for the Azure 'germanycentral' region. */\n GermanyCentral = \"germanycentral\",\n /** Uses the {@link RegionalAuthority} for the Azure 'germanynortheast' region. */\n GermanyNorthEast = \"germanynortheast\",\n /** Uses the {@link RegionalAuthority} for the Azure 'usgovvirginia' region. */\n GovernmentUSVirginia = \"usgovvirginia\",\n /** Uses the {@link RegionalAuthority} for the Azure 'usgoviowa' region. */\n GovernmentUSIowa = \"usgoviowa\",\n /** Uses the {@link RegionalAuthority} for the Azure 'usgovarizona' region. */\n GovernmentUSArizona = \"usgovarizona\",\n /** Uses the {@link RegionalAuthority} for the Azure 'usgovtexas' region. */\n GovernmentUSTexas = \"usgovtexas\",\n /** Uses the {@link RegionalAuthority} for the Azure 'usdodeast' region. */\n GovernmentUSDodEast = \"usdodeast\",\n /** Uses the {@link RegionalAuthority} for the Azure 'usdodcentral' region. */\n GovernmentUSDodCentral = \"usdodcentral\",\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\nimport * as msalCommon from \"@azure/msal-common\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { AbortSignalLike } from \"@azure/abort-controller\";\nimport { LogPolicyOptions } from \"@azure/core-rest-pipeline\";\n\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { TokenCredentialOptions } from \"../../tokenCredentialOptions\";\nimport { DeveloperSignOnClientId } from \"../../constants\";\nimport { resolveTenantId } from \"../../util/resolveTenantId\";\nimport { AuthenticationRequiredError } from \"../../errors\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { MsalFlow, MsalFlowOptions } from \"../flows\";\nimport { AuthenticationRecord } from \"../types\";\nimport {\n MsalBaseUtilities,\n defaultLoggerCallback,\n getAuthority,\n getKnownAuthorities,\n msalToPublic,\n publicToMsal,\n} from \"../utils\";\nimport { TokenCachePersistenceOptions } from \"./tokenCachePersistenceOptions\";\nimport { processMultiTenantRequest } from \"../../util/validateMultiTenant\";\nimport { RegionalAuthority } from \"../../regionalAuthority\";\n\n/**\n * Union of the constructor parameters that all MSAL flow types for Node.\n * @internal\n */\nexport interface MsalNodeOptions extends MsalFlowOptions {\n tokenCachePersistenceOptions?: TokenCachePersistenceOptions;\n tokenCredentialOptions: TokenCredentialOptions;\n /**\n * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values.\n * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint.\n * If the property is not specified, uses a non-regional authority endpoint.\n */\n regionalAuthority?: string;\n /**\n * Allows logging account information once the authentication flow succeeds.\n */\n loggingOptions?: LogPolicyOptions & {\n allowLoggingAccountIdentifiers?: boolean;\n };\n}\n\n/**\n * The current persistence provider, undefined by default.\n * @internal\n */\nlet persistenceProvider:\n | ((options?: TokenCachePersistenceOptions) => Promise)\n | undefined = undefined;\n\n/**\n * An object that allows setting the persistence provider.\n * @internal\n */\nexport const msalNodeFlowCacheControl = {\n setPersistence(pluginProvider: Exclude): void {\n persistenceProvider = pluginProvider;\n },\n};\n\n/**\n * MSAL partial base client for Node.js.\n *\n * It completes the input configuration with some default values.\n * It also provides with utility protected methods that can be used from any of the clients,\n * which includes handlers for successful responses and errors.\n *\n * @internal\n */\nexport abstract class MsalNode extends MsalBaseUtilities implements MsalFlow {\n protected publicApp: msalNode.PublicClientApplication | undefined;\n protected confidentialApp: msalNode.ConfidentialClientApplication | undefined;\n protected msalConfig: msalNode.Configuration;\n protected clientId: string;\n protected tenantId: string;\n protected authorityHost?: string;\n protected identityClient?: IdentityClient;\n protected requiresConfidential: boolean = false;\n protected azureRegion?: string;\n protected createCachePlugin: (() => Promise) | undefined;\n\n /**\n * MSAL currently caches the tokens depending on the claims used to retrieve them.\n * In cases like CAE, in which we use claims to update the tokens, trying to retrieve the token without the claims will yield the original token.\n * To ensure we always get the latest token, we have to keep track of the claims.\n */\n private cachedClaims: string | undefined;\n\n protected getAssertion: (() => Promise) | undefined;\n constructor(options: MsalNodeOptions) {\n super(options);\n this.msalConfig = this.defaultNodeMsalConfig(options);\n this.tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n this.clientId = this.msalConfig.auth.clientId;\n if (options?.getAssertion) {\n this.getAssertion = options.getAssertion;\n }\n\n // If persistence has been configured\n if (persistenceProvider !== undefined && options.tokenCachePersistenceOptions?.enabled) {\n this.createCachePlugin = () => persistenceProvider!(options.tokenCachePersistenceOptions);\n } else if (options.tokenCachePersistenceOptions?.enabled) {\n throw new Error(\n [\n \"Persistent token caching was requested, but no persistence provider was configured.\",\n \"You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)\",\n \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n \"`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`.\",\n ].join(\" \")\n );\n }\n\n this.azureRegion = options.regionalAuthority ?? process.env.AZURE_REGIONAL_AUTHORITY_NAME;\n if (this.azureRegion === RegionalAuthority.AutoDiscoverRegion) {\n this.azureRegion = \"AUTO_DISCOVER\";\n }\n }\n\n /**\n * Generates a MSAL configuration that generally works for Node.js\n */\n protected defaultNodeMsalConfig(options: MsalNodeOptions): msalNode.Configuration {\n const clientId = options.clientId || DeveloperSignOnClientId;\n const tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n\n this.authorityHost = options.authorityHost || process.env.AZURE_AUTHORITY_HOST;\n const authority = getAuthority(tenantId, this.authorityHost);\n\n this.identityClient = new IdentityClient({\n ...options.tokenCredentialOptions,\n authorityHost: authority,\n loggingOptions: options.loggingOptions,\n });\n\n let clientCapabilities: string[] = [\"cp1\"];\n if (process.env.AZURE_IDENTITY_DISABLE_CP1) {\n clientCapabilities = [];\n }\n\n return {\n auth: {\n clientId,\n authority,\n knownAuthorities: getKnownAuthorities(tenantId, authority),\n clientCapabilities,\n },\n // Cache is defined in this.prepare();\n system: {\n networkClient: this.identityClient,\n loggerOptions: {\n loggerCallback: defaultLoggerCallback(options.logger),\n },\n },\n };\n }\n\n /**\n * Prepares the MSAL applications.\n */\n async init(options?: CredentialFlowGetTokenOptions): Promise {\n if (options?.abortSignal) {\n options.abortSignal.addEventListener(\"abort\", () => {\n // This will abort any pending request in the IdentityClient,\n // based on the received or generated correlationId\n this.identityClient!.abortRequests(options.correlationId);\n });\n }\n\n if (this.publicApp || this.confidentialApp) {\n return;\n }\n\n if (this.createCachePlugin !== undefined) {\n this.msalConfig.cache = {\n cachePlugin: await this.createCachePlugin(),\n };\n }\n\n this.publicApp = new msalNode.PublicClientApplication(this.msalConfig);\n if (this.getAssertion) {\n this.msalConfig.auth.clientAssertion = await this.getAssertion();\n }\n // The confidential client requires either a secret, assertion or certificate.\n if (\n this.msalConfig.auth.clientSecret ||\n this.msalConfig.auth.clientAssertion ||\n this.msalConfig.auth.clientCertificate\n ) {\n this.confidentialApp = new msalNode.ConfidentialClientApplication(this.msalConfig);\n } else {\n if (this.requiresConfidential) {\n throw new Error(\n \"Unable to generate the MSAL confidential client. Missing either the client's secret, certificate or assertion.\"\n );\n }\n }\n }\n\n /**\n * Allows the cancellation of a MSAL request.\n */\n protected withCancellation(\n promise: Promise,\n abortSignal?: AbortSignalLike,\n onCancel?: () => void\n ): Promise {\n return new Promise((resolve, reject) => {\n promise\n .then((msalToken) => {\n return resolve(msalToken!);\n })\n .catch(reject);\n if (abortSignal) {\n abortSignal.addEventListener(\"abort\", () => {\n onCancel?.();\n });\n }\n });\n }\n\n /**\n * Returns the existing account, attempts to load the account from MSAL.\n */\n async getActiveAccount(): Promise {\n if (this.account) {\n return this.account;\n }\n const cache = this.confidentialApp?.getTokenCache() ?? this.publicApp?.getTokenCache();\n const accountsByTenant = await cache?.getAllAccounts();\n\n if (!accountsByTenant) {\n return;\n }\n\n if (accountsByTenant.length === 1) {\n this.account = msalToPublic(this.clientId, accountsByTenant[0]);\n } else {\n this.logger\n .info(`More than one account was found authenticated for this Client ID and Tenant ID.\nHowever, no \"authenticationRecord\" has been provided for this credential,\ntherefore we're unable to pick between these accounts.\nA new login attempt will be requested, to ensure the correct account is picked.\nTo work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing a credential to prevent this from happening.`);\n return;\n }\n\n return this.account;\n }\n\n /**\n * Attempts to retrieve a token from cache.\n */\n async getTokenSilent(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise {\n await this.getActiveAccount();\n if (!this.account) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions: options,\n message:\n \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n });\n }\n\n const silentRequest: msalNode.SilentFlowRequest = {\n // To be able to re-use the account, the Token Cache must also have been provided.\n account: publicToMsal(this.account),\n correlationId: options?.correlationId,\n scopes,\n authority: options?.authority,\n claims: options?.claims,\n };\n\n try {\n this.logger.info(\"Attempting to acquire token silently\");\n const response =\n (await this.confidentialApp?.acquireTokenSilent(silentRequest)) ??\n (await this.publicApp!.acquireTokenSilent(silentRequest));\n return this.handleResult(scopes, this.clientId, response || undefined);\n } catch (err: any) {\n throw this.handleError(scopes, err, options);\n }\n }\n\n /**\n * Attempts to retrieve an authenticated token from MSAL.\n */\n protected abstract doGetToken(scopes: string[], options?: GetTokenOptions): Promise;\n\n /**\n * Wrapper around each MSAL flow get token operation: doGetToken.\n * If disableAutomaticAuthentication is sent through the constructor, it will prevent MSAL from requesting the user input.\n */\n public async getToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise {\n const tenantId = processMultiTenantRequest(this.tenantId, options) || this.tenantId;\n\n options.authority = getAuthority(tenantId, this.authorityHost);\n\n options.correlationId = options?.correlationId || this.generateUuid();\n await this.init(options);\n\n try {\n // MSAL now caches tokens based on their claims,\n // so now one has to keep track fo claims in order to retrieve the newer tokens from acquireTokenSilent\n // This update happened on PR: https://github.com/AzureAD/microsoft-authentication-library-for-js/pull/4533\n const optionsClaims = (options as any).claims;\n if (optionsClaims) {\n this.cachedClaims = optionsClaims;\n }\n if (this.cachedClaims && !optionsClaims) {\n (options as any).claims = this.cachedClaims;\n }\n // We don't return the promise since we want to catch errors right here.\n return await this.getTokenSilent(scopes, options);\n } catch (err: any) {\n if (err.name !== \"AuthenticationRequiredError\") {\n throw err;\n }\n if (options?.disableAutomaticAuthentication) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions: options,\n message:\n \"Automatic authentication has been disabled. You may call the authentication() method.\",\n });\n }\n this.logger.info(`Silent authentication failed, falling back to interactive method.`);\n return this.doGetToken(scopes, options);\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport fs from \"fs\";\nimport os from \"os\";\nimport path from \"path\";\n\nimport { AzureAuthorityHosts } from \"../constants\";\nimport { checkTenantId } from \"../util/checkTenantId\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport { IdentityClient } from \"../client/identityClient\";\nimport { TokenCredentialOptions } from \"../tokenCredentialOptions\";\nimport { processMultiTenantRequest } from \"../util/validateMultiTenant\";\nimport { VSCodeCredentialFinder } from \"./visualStudioCodeCredentialPlugin\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\n\nconst CommonTenantId = \"common\";\nconst AzureAccountClientId = \"aebc6443-996d-45c2-90f0-388ff96faa56\"; // VSC: 'aebc6443-996d-45c2-90f0-388ff96faa56'\nconst logger = credentialLogger(\"VisualStudioCodeCredential\");\n\nlet findCredentials: VSCodeCredentialFinder | undefined = undefined;\n\nexport const vsCodeCredentialControl = {\n setVsCodeCredentialFinder(finder: VSCodeCredentialFinder): void {\n findCredentials = finder;\n },\n};\n\n// Map of unsupported Tenant IDs and the errors we will be throwing.\nconst unsupportedTenantIds: Record = {\n adfs: \"The VisualStudioCodeCredential does not support authentication with ADFS tenants.\",\n};\n\nfunction checkUnsupportedTenant(tenantId: string): void {\n // If the Tenant ID isn't supported, we throw.\n const unsupportedTenantError = unsupportedTenantIds[tenantId];\n if (unsupportedTenantError) {\n throw new CredentialUnavailableError(unsupportedTenantError);\n }\n}\n\ntype VSCodeCloudNames = \"AzureCloud\" | \"AzureChina\" | \"AzureGermanCloud\" | \"AzureUSGovernment\";\n\nconst mapVSCodeAuthorityHosts: Record = {\n AzureCloud: AzureAuthorityHosts.AzurePublicCloud,\n AzureChina: AzureAuthorityHosts.AzureChina,\n AzureGermanCloud: AzureAuthorityHosts.AzureGermany,\n AzureUSGovernment: AzureAuthorityHosts.AzureGovernment,\n};\n\n/**\n * Attempts to load a specific property from the VSCode configurations of the current OS.\n * If it fails at any point, returns undefined.\n */\nexport function getPropertyFromVSCode(property: string): string | undefined {\n const settingsPath = [\"User\", \"settings.json\"];\n // Eventually we can add more folders for more versions of VSCode.\n const vsCodeFolder = \"Code\";\n const homedir = os.homedir();\n\n function loadProperty(...pathSegments: string[]): string | undefined {\n const fullPath = path.join(...pathSegments, vsCodeFolder, ...settingsPath);\n const settings = JSON.parse(fs.readFileSync(fullPath, { encoding: \"utf8\" }));\n return settings[property];\n }\n\n try {\n let appData: string;\n switch (process.platform) {\n case \"win32\":\n appData = process.env.APPDATA!;\n return appData ? loadProperty(appData) : undefined;\n case \"darwin\":\n return loadProperty(homedir, \"Library\", \"Application Support\");\n case \"linux\":\n return loadProperty(homedir, \".config\");\n default:\n return;\n }\n } catch (e: any) {\n logger.info(`Failed to load the Visual Studio Code configuration file. Error: ${e.message}`);\n return;\n }\n}\n\n/**\n * Provides options to configure the Visual Studio Code credential.\n */\nexport interface VisualStudioCodeCredentialOptions extends TokenCredentialOptions {\n /**\n * Optionally pass in a Tenant ID to be used as part of the credential\n */\n tenantId?: string;\n}\n\n/**\n * Connects to Azure using the credential provided by the VSCode extension 'Azure Account'.\n * Once the user has logged in via the extension, this credential can share the same refresh token\n * that is cached by the extension.\n */\nexport class VisualStudioCodeCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private cloudName: VSCodeCloudNames;\n\n /**\n * Creates an instance of VisualStudioCodeCredential to use for automatically authenticating via VSCode.\n *\n * **Note**: `VisualStudioCodeCredential` is provided by a plugin package:\n * `@azure/identity-vscode`. If this package is not installed and registered\n * using the plugin API (`useIdentityPlugin`), then authentication using\n * `VisualStudioCodeCredential` will not be available.\n *\n * @param options - Options for configuring the client which makes the authentication request.\n */\n constructor(options?: VisualStudioCodeCredentialOptions) {\n // We want to make sure we use the one assigned by the user on the VSCode settings.\n // Or just `AzureCloud` by default.\n this.cloudName = (getPropertyFromVSCode(\"azure.cloud\") || \"AzureCloud\") as VSCodeCloudNames;\n\n // Picking an authority host based on the cloud name.\n const authorityHost = mapVSCodeAuthorityHosts[this.cloudName];\n\n this.identityClient = new IdentityClient({\n authorityHost,\n ...options,\n });\n\n if (options && options.tenantId) {\n checkTenantId(logger, options.tenantId);\n this.tenantId = options.tenantId;\n } else {\n this.tenantId = CommonTenantId;\n }\n\n checkUnsupportedTenant(this.tenantId);\n }\n\n /**\n * Runs preparations for any further getToken request.\n */\n private async prepare(): Promise {\n // Attempts to load the tenant from the VSCode configuration file.\n const settingsTenant = getPropertyFromVSCode(\"azure.tenant\");\n if (settingsTenant) {\n this.tenantId = settingsTenant;\n }\n checkUnsupportedTenant(this.tenantId);\n }\n\n /**\n * The promise of the single preparation that will be executed at the first getToken request for an instance of this class.\n */\n private preparePromise: Promise | undefined;\n\n /**\n * Runs preparations for any further getToken, but only once.\n */\n private prepareOnce(): Promise | undefined {\n if (!this.preparePromise) {\n this.preparePromise = this.prepare();\n }\n return this.preparePromise;\n }\n\n /**\n * Returns the token found by searching VSCode's authentication cache or\n * returns null if no token could be found.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * `TokenCredential` implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options?: GetTokenOptions\n ): Promise {\n await this.prepareOnce();\n\n const tenantId = processMultiTenantRequest(this.tenantId, options) || this.tenantId;\n\n if (findCredentials === undefined) {\n throw new CredentialUnavailableError(\n [\n \"No implementation of `VisualStudioCodeCredential` is available.\",\n \"You must install the identity-vscode plugin package (`npm install --save-dev @azure/identity-vscode`)\",\n \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n \"`useIdentityPlugin(vsCodePlugin)` before creating a `VisualStudioCodeCredential`.\",\n ].join(\" \")\n );\n }\n\n let scopeString = typeof scopes === \"string\" ? scopes : scopes.join(\" \");\n\n // Check to make sure the scope we get back is a valid scope\n if (!scopeString.match(/^[0-9a-zA-Z-.:/]+$/)) {\n const error = new Error(\"Invalid scope was specified by the user or calling client\");\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n if (scopeString.indexOf(\"offline_access\") < 0) {\n scopeString += \" offline_access\";\n }\n\n // findCredentials returns an array similar to:\n // [\n // {\n // account: \"\",\n // password: \"\",\n // },\n // /* ... */\n // ]\n const credentials = await findCredentials();\n\n // If we can't find the credential based on the name, we'll pick the first one available.\n const { password: refreshToken } =\n credentials.find(({ account }) => account === this.cloudName) ?? credentials[0] ?? {};\n\n if (refreshToken) {\n const tokenResponse = await this.identityClient.refreshAccessToken(\n tenantId,\n AzureAccountClientId,\n scopeString,\n refreshToken,\n undefined\n );\n\n if (tokenResponse) {\n logger.getToken.info(formatSuccess(scopes));\n return tokenResponse.accessToken;\n } else {\n const error = new CredentialUnavailableError(\n \"Could not retrieve the token associated with Visual Studio Code. Have you connected using the 'Azure Account' extension recently? To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n } else {\n const error = new CredentialUnavailableError(\n \"Could not retrieve the token associated with Visual Studio Code. Did you connect using the 'Azure Account' extension? To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AzurePluginContext, IdentityPlugin } from \"./provider\";\nimport { msalNodeFlowCacheControl } from \"../msal/nodeFlows/msalNodeCommon\";\nimport { vsCodeCredentialControl } from \"../credentials/visualStudioCodeCredential\";\n\n/**\n * The context passed to an Identity plugin. This contains objects that\n * plugins can use to set backend implementations.\n * @internal\n */\nconst pluginContext: AzurePluginContext = {\n cachePluginControl: msalNodeFlowCacheControl,\n vsCodeCredentialControl: vsCodeCredentialControl,\n};\n\n/**\n * Extend Azure Identity with additional functionality. Pass a plugin from\n * a plugin package, such as:\n *\n * - `@azure/identity-cache-persistence`: provides persistent token caching\n * - `@azure/identity-vscode`: provides the dependencies of\n * `VisualStudioCodeCredential` and enables it\n *\n * Example:\n *\n * ```javascript\n * import { cachePersistencePlugin } from \"@azure/identity-cache-persistence\";\n *\n * import { useIdentityPlugin, DefaultAzureCredential } from \"@azure/identity\";\n * useIdentityPlugin(cachePersistencePlugin);\n *\n * // The plugin has the capability to extend `DefaultAzureCredential` and to\n * // add middleware to the underlying credentials, such as persistence.\n * const credential = new DefaultAzureCredential({\n * tokenCachePersistenceOptions: {\n * enabled: true\n * }\n * });\n * ```\n *\n * @param plugin - the plugin to register\n */\nexport function useIdentityPlugin(plugin: IdentityPlugin): void {\n plugin(pluginContext);\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { AggregateAuthenticationError, CredentialUnavailableError } from \"../errors\";\nimport { tracingClient } from \"../util/tracing\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\n\n/**\n * @internal\n */\nexport const logger = credentialLogger(\"ChainedTokenCredential\");\n\n/**\n * Enables multiple `TokenCredential` implementations to be tried in order\n * until one of the getToken methods returns an access token.\n */\nexport class ChainedTokenCredential implements TokenCredential {\n /**\n * The message to use when the chained token fails to get a token\n */\n protected UnavailableMessage =\n \"ChainedTokenCredential => failed to retrieve a token from the included credentials\";\n\n private _sources: TokenCredential[] = [];\n\n /**\n * Creates an instance of ChainedTokenCredential using the given credentials.\n *\n * @param sources - `TokenCredential` implementations to be tried in order.\n *\n * Example usage:\n * ```javascript\n * const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);\n * const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);\n * const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);\n * ```\n */\n constructor(...sources: TokenCredential[]) {\n this._sources = sources;\n }\n\n /**\n * Returns the first access token returned by one of the chained\n * `TokenCredential` implementations. Throws an {@link AggregateAuthenticationError}\n * when one or more credentials throws an {@link AuthenticationError} and\n * no credentials have returned an access token.\n *\n * This method is called automatically by Azure SDK client libraries. You may call this method\n * directly, but you must also handle token caching and token refreshing.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * `TokenCredential` implementation might make.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise {\n let token: AccessToken | null = null;\n let successfulCredentialName = \"\";\n const errors: Error[] = [];\n\n return tracingClient.withSpan(\n \"ChainedTokenCredential.getToken\",\n options,\n async (updatedOptions) => {\n for (let i = 0; i < this._sources.length && token === null; i++) {\n try {\n token = await this._sources[i].getToken(scopes, updatedOptions);\n successfulCredentialName = this._sources[i].constructor.name;\n } catch (err: any) {\n if (\n err.name === \"CredentialUnavailableError\" ||\n err.name === \"AuthenticationRequiredError\"\n ) {\n errors.push(err);\n } else {\n logger.getToken.info(formatError(scopes, err));\n throw err;\n }\n }\n }\n\n if (!token && errors.length > 0) {\n const err = new AggregateAuthenticationError(\n errors,\n \"ChainedTokenCredential authentication failed.\"\n );\n logger.getToken.info(formatError(scopes, err));\n throw err;\n }\n\n logger.getToken.info(`Result for ${successfulCredentialName}: ${formatSuccess(scopes)}`);\n\n if (token === null) {\n throw new CredentialUnavailableError(\"Failed to retrieve a valid token\");\n }\n return token;\n }\n );\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { CredentialLogger, formatError } from \"./logging\";\n\n/**\n * Throws if the received scope is not valid.\n * @internal\n */\nexport function ensureValidScope(scope: string, logger: CredentialLogger): void {\n if (!scope.match(/^[0-9a-zA-Z-.:/]+$/)) {\n const error = new Error(\"Invalid scope was specified by the user or calling client\");\n logger.getToken.info(formatError(scope, error));\n throw error;\n }\n}\n\n/**\n * Returns the resource out of a scope.\n * @internal\n */\nexport function getScopeResource(scope: string): string {\n return scope.replace(/\\/.default$/, \"\");\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { tracingClient } from \"../util/tracing\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport child_process from \"child_process\";\nimport { ensureValidScope, getScopeResource } from \"../util/scopeUtils\";\nimport { AzureCliCredentialOptions } from \"./azureCliCredentialOptions\";\nimport { processMultiTenantRequest } from \"../util/validateMultiTenant\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\n/**\n * Mockable reference to the CLI credential cliCredentialFunctions\n * @internal\n */\nexport const cliCredentialInternals = {\n /**\n * @internal\n */\n getSafeWorkingDir(): string {\n if (process.platform === \"win32\") {\n if (!process.env.SystemRoot) {\n throw new Error(\"Azure CLI credential expects a 'SystemRoot' environment variable\");\n }\n return process.env.SystemRoot;\n } else {\n return \"/bin\";\n }\n },\n\n /**\n * Gets the access token from Azure CLI\n * @param resource - The resource to use when getting the token\n * @internal\n */\n async getAzureCliAccessToken(\n resource: string,\n tenantId?: string\n ): Promise<{ stdout: string; stderr: string; error: Error | null }> {\n let tenantSection: string[] = [];\n if (tenantId) {\n tenantSection = [\"--tenant\", tenantId];\n }\n return new Promise((resolve, reject) => {\n try {\n child_process.execFile(\n \"az\",\n [\n \"account\",\n \"get-access-token\",\n \"--output\",\n \"json\",\n \"--resource\",\n resource,\n ...tenantSection,\n ],\n { cwd: cliCredentialInternals.getSafeWorkingDir(), shell: true },\n (error, stdout, stderr) => {\n resolve({ stdout: stdout, stderr: stderr, error });\n }\n );\n } catch (err: any) {\n reject(err);\n }\n });\n },\n};\n\nconst logger = credentialLogger(\"AzureCliCredential\");\n\n/**\n * This credential will use the currently logged-in user login information\n * via the Azure CLI ('az') commandline tool.\n * To do so, it will read the user access token and expire time\n * with Azure CLI command \"az account get-access-token\".\n */\nexport class AzureCliCredential implements TokenCredential {\n private tenantId?: string;\n\n /**\n * Creates an instance of the {@link AzureCliCredential}.\n *\n * To use this credential, ensure that you have already logged\n * in via the 'az' tool using the command \"az login\" from the commandline.\n *\n * @param options - Options, to optionally allow multi-tenant requests.\n */\n constructor(options?: AzureCliCredentialOptions) {\n this.tenantId = options?.tenantId;\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options: GetTokenOptions = {}\n ): Promise {\n const tenantId = processMultiTenantRequest(this.tenantId, options);\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n\n const scope = typeof scopes === \"string\" ? scopes : scopes[0];\n logger.getToken.info(`Using the scope ${scope}`);\n ensureValidScope(scope, logger);\n const resource = getScopeResource(scope);\n\n return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {\n try {\n const obj = await cliCredentialInternals.getAzureCliAccessToken(resource, tenantId);\n const specificScope = obj.stderr?.match(\"(.*)az login --scope(.*)\");\n const isLoginError = obj.stderr?.match(\"(.*)az login(.*)\") && !specificScope;\n const isNotInstallError =\n obj.stderr?.match(\"az:(.*)not found\") || obj.stderr?.startsWith(\"'az' is not recognized\");\n\n if (isNotInstallError) {\n const error = new CredentialUnavailableError(\n \"Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n if (isLoginError) {\n const error = new CredentialUnavailableError(\n \"Please run 'az login' from a command prompt to authenticate before using this credential.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n try {\n const responseData = obj.stdout;\n const response: { accessToken: string; expiresOn: string } = JSON.parse(responseData);\n logger.getToken.info(formatSuccess(scopes));\n const returnValue = {\n token: response.accessToken,\n expiresOnTimestamp: new Date(response.expiresOn).getTime(),\n };\n return returnValue;\n } catch (e: any) {\n if (obj.stderr) {\n throw new CredentialUnavailableError(obj.stderr);\n }\n throw e;\n }\n } catch (err: any) {\n const error =\n err.name === \"CredentialUnavailableError\"\n ? err\n : new CredentialUnavailableError(\n (err as Error).message || \"Unknown error while trying to retrieve the access token\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n });\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as childProcess from \"child_process\";\n\n/**\n * Easy to mock childProcess utils.\n * @internal\n */\nexport const processUtils = {\n /**\n * Promisifying childProcess.execFile\n * @internal\n */\n execFile(\n file: string,\n params: string[],\n options?: childProcess.ExecFileOptionsWithStringEncoding\n ): Promise {\n return new Promise((resolve, reject) => {\n childProcess.execFile(file, params, options, (error, stdout, stderr) => {\n if (Buffer.isBuffer(stdout)) {\n stdout = stdout.toString(\"utf8\");\n }\n if (Buffer.isBuffer(stderr)) {\n stderr = stderr.toString(\"utf8\");\n }\n if (stderr || error) {\n reject(stderr ? new Error(stderr) : error);\n } else {\n resolve(stdout);\n }\n });\n });\n },\n};\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { CredentialUnavailableError } from \"../errors\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { tracingClient } from \"../util/tracing\";\nimport { ensureValidScope, getScopeResource } from \"../util/scopeUtils\";\nimport { processUtils } from \"../util/processUtils\";\nimport { AzurePowerShellCredentialOptions } from \"./azurePowerShellCredentialOptions\";\nimport { processMultiTenantRequest } from \"../util/validateMultiTenant\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\nconst logger = credentialLogger(\"AzurePowerShellCredential\");\n\nconst isWindows = process.platform === \"win32\";\n\n/**\n * Returns a platform-appropriate command name by appending \".exe\" on Windows.\n *\n * @internal\n */\nexport function formatCommand(commandName: string): string {\n if (isWindows) {\n return `${commandName}.exe`;\n } else {\n return commandName;\n }\n}\n\n/**\n * Receives a list of commands to run, executes them, then returns the outputs.\n * If anything fails, an error is thrown.\n * @internal\n */\nasync function runCommands(commands: string[][]): Promise {\n const results: string[] = [];\n\n for (const command of commands) {\n const [file, ...parameters] = command;\n const result = (await processUtils.execFile(file, parameters, { encoding: \"utf8\" })) as string;\n results.push(result);\n }\n\n return results;\n}\n\n/**\n * Known PowerShell errors\n * @internal\n */\nexport const powerShellErrors = {\n login: \"Run Connect-AzAccount to login\",\n installed:\n \"The specified module 'Az.Accounts' with version '2.2.0' was not loaded because no valid module file was found in any module directory\",\n};\n\n/**\n * Messages to use when throwing in this credential.\n * @internal\n */\nexport const powerShellPublicErrorMessages = {\n login:\n \"Please run 'Connect-AzAccount' from PowerShell to authenticate before using this credential.\",\n installed: `The 'Az.Account' module >= 2.2.0 is not installed. Install the Azure Az PowerShell module with: \"Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force\".`,\n troubleshoot: `To troubleshoot, visit https://aka.ms/azsdk/js/identity/powershellcredential/troubleshoot.`,\n};\n\n// PowerShell Azure User not logged in error check.\nconst isLoginError = (err: Error) => err.message.match(`(.*)${powerShellErrors.login}(.*)`);\n\n// Az Module not Installed in Azure PowerShell check.\nconst isNotInstalledError = (err: Error) => err.message.match(powerShellErrors.installed);\n\n/**\n * The PowerShell commands to be tried, in order.\n *\n * @internal\n */\nexport const commandStack = [formatCommand(\"pwsh\")];\n\nif (isWindows) {\n commandStack.push(formatCommand(\"powershell\"));\n}\n\n/**\n * This credential will use the currently logged-in user information from the\n * Azure PowerShell module. To do so, it will read the user access token and\n * expire time with Azure PowerShell command `Get-AzAccessToken -ResourceUrl {ResourceScope}`\n */\nexport class AzurePowerShellCredential implements TokenCredential {\n private tenantId?: string;\n\n /**\n * Creates an instance of the {@link AzurePowerShellCredential}.\n *\n * To use this credential:\n * - Install the Azure Az PowerShell module with:\n * `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`.\n * - You have already logged in to Azure PowerShell using the command\n * `Connect-AzAccount` from the command line.\n *\n * @param options - Options, to optionally allow multi-tenant requests.\n */\n constructor(options?: AzurePowerShellCredentialOptions) {\n this.tenantId = options?.tenantId;\n }\n\n /**\n * Gets the access token from Azure PowerShell\n * @param resource - The resource to use when getting the token\n */\n private async getAzurePowerShellAccessToken(\n resource: string,\n tenantId?: string\n ): Promise<{ Token: string; ExpiresOn: string }> {\n // Clone the stack to avoid mutating it while iterating\n for (const powerShellCommand of [...commandStack]) {\n try {\n await runCommands([[powerShellCommand, \"/?\"]]);\n } catch (e: any) {\n // Remove this credential from the original stack so that we don't try it again.\n commandStack.shift();\n continue;\n }\n\n let tenantSection = \"\";\n if (tenantId) {\n tenantSection = `-TenantId \"${tenantId}\"`;\n }\n\n const results = await runCommands([\n [\n powerShellCommand,\n \"-Command\",\n \"Import-Module Az.Accounts -MinimumVersion 2.2.0 -PassThru\",\n ],\n [\n powerShellCommand,\n \"-Command\",\n `Get-AzAccessToken ${tenantSection} -ResourceUrl \"${resource}\" | ConvertTo-Json`,\n ],\n ]);\n\n const result = results[1];\n try {\n return JSON.parse(result);\n } catch (e: any) {\n throw new Error(`Unable to parse the output of PowerShell. Received output: ${result}`);\n }\n }\n\n throw new Error(`Unable to execute PowerShell. Ensure that it is installed in your system`);\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if successful.\n * If the authentication cannot be performed through PowerShell, a {@link CredentialUnavailableError} will be thrown.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options: GetTokenOptions = {}\n ): Promise {\n return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {\n const tenantId = processMultiTenantRequest(this.tenantId, options);\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n\n const scope = typeof scopes === \"string\" ? scopes : scopes[0];\n ensureValidScope(scope, logger);\n logger.getToken.info(`Using the scope ${scope}`);\n const resource = getScopeResource(scope);\n\n try {\n const response = await this.getAzurePowerShellAccessToken(resource, tenantId);\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: response.Token,\n expiresOnTimestamp: new Date(response.ExpiresOn).getTime(),\n };\n } catch (err: any) {\n if (isNotInstalledError(err)) {\n const error = new CredentialUnavailableError(powerShellPublicErrorMessages.installed);\n logger.getToken.info(formatError(scope, error));\n throw error;\n } else if (isLoginError(err)) {\n const error = new CredentialUnavailableError(powerShellPublicErrorMessages.login);\n logger.getToken.info(formatError(scope, error));\n throw error;\n }\n const error = new CredentialUnavailableError(\n `${err}. ${powerShellPublicErrorMessages.troubleshoot}`\n );\n logger.getToken.info(formatError(scope, error));\n throw error;\n }\n });\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\n\n/**\n * Options that can be passed to configure MSAL to handle client secrets.\n * @internal\n */\nexport interface MSALClientSecretOptions extends MsalNodeOptions {\n /**\n * A client secret that was generated for the App Registration.\n */\n clientSecret: string;\n}\n\n/**\n * MSAL client secret client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.\n * @internal\n */\nexport class MsalClientSecret extends MsalNode {\n constructor(options: MSALClientSecretOptions) {\n super(options);\n this.requiresConfidential = true;\n this.msalConfig.auth.clientSecret = options.clientSecret;\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise {\n try {\n const result = await this.confidentialApp!.acquireTokenByClientCredential({\n scopes,\n correlationId: options.correlationId,\n azureRegion: this.azureRegion,\n authority: options.authority,\n claims: options.claims,\n });\n // The Client Credential flow does not return an account,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (err: any) {\n throw this.handleError(scopes, err, options);\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { MsalClientSecret } from \"../msal/nodeFlows/msalClientSecret\";\nimport { credentialLogger } from \"../util/logging\";\nimport { tracingClient } from \"../util/tracing\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { ClientSecretCredentialOptions } from \"./clientSecretCredentialOptions\";\n\nconst logger = credentialLogger(\"ClientSecretCredential\");\n\n/**\n * Enables authentication to Azure Active Directory using a client secret\n * that was generated for an App Registration. More information on how\n * to configure a client secret can be found here:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application\n *\n */\nexport class ClientSecretCredential implements TokenCredential {\n private msalFlow: MsalFlow;\n\n /**\n * Creates an instance of the ClientSecretCredential with the details\n * needed to authenticate against Azure Active Directory with a client\n * secret.\n *\n * @param tenantId - The Azure Active Directory tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param clientSecret - A client secret that was generated for the App Registration.\n * @param options - Options for configuring the client which makes the authentication request.\n */\n constructor(\n tenantId: string,\n clientId: string,\n clientSecret: string,\n options: ClientSecretCredentialOptions = {}\n ) {\n if (!tenantId || !clientId || !clientSecret) {\n throw new Error(\n \"ClientSecretCredential: tenantId, clientId, and clientSecret are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.\"\n );\n }\n this.msalFlow = new MsalClientSecret({\n ...options,\n logger,\n clientId,\n tenantId,\n clientSecret,\n tokenCredentialOptions: options,\n });\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n return this.msalFlow.getToken(arrayScopes, newOptions);\n }\n );\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { readFile } from \"fs\";\nimport { createHash } from \"crypto\";\nimport { promisify } from \"util\";\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\nimport { formatError } from \"../../util/logging\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport {\n ClientCertificateCredentialPEMConfiguration,\n ClientCertificatePEMCertificate,\n ClientCertificatePEMCertificatePath,\n} from \"../../credentials/clientCertificateCredential\";\nimport { ClientCredentialRequest } from \"@azure/msal-node\";\n\nconst readFileAsync = promisify(readFile);\n\n/**\n * Options that can be passed to configure MSAL to handle client certificates.\n * @internal\n */\nexport interface MSALClientCertificateOptions extends MsalNodeOptions {\n /**\n * Location of the PEM certificate.\n */\n configuration: ClientCertificateCredentialPEMConfiguration;\n /**\n * Option to include x5c header for SubjectName and Issuer name authorization.\n * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n */\n sendCertificateChain?: boolean;\n}\n\n/**\n * Parts of a certificate, as understood by MSAL.\n * @internal\n */\ninterface CertificateParts {\n /**\n * Hex encoded X.509 SHA-1 thumbprint of the certificate\n */\n thumbprint: string;\n /**\n * The PEM encoded private key (string should contain -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY-----\n */\n certificateContents: string;\n /**\n * x5c header.\n */\n x5c: string;\n}\n\n/**\n * Tries to asynchronously load a certificate from the given path.\n *\n * @param configuration - Either the PEM value or the path to the certificate.\n * @param sendCertificateChain - Option to include x5c header for SubjectName and Issuer name authorization.\n * @returns - The certificate parts, or `undefined` if the certificate could not be loaded.\n * @internal\n */\nexport async function parseCertificate(\n configuration: ClientCertificateCredentialPEMConfiguration,\n sendCertificateChain?: boolean\n): Promise {\n const certificateParts: Partial = {};\n\n const certificate: string | undefined = (configuration as ClientCertificatePEMCertificate)\n .certificate;\n const certificatePath: string | undefined = (configuration as ClientCertificatePEMCertificatePath)\n .certificatePath;\n certificateParts.certificateContents =\n certificate || (await readFileAsync(certificatePath!, \"utf8\"));\n if (sendCertificateChain) {\n certificateParts.x5c = certificateParts.certificateContents;\n }\n\n const certificatePattern =\n /(-+BEGIN CERTIFICATE-+)(\\n\\r?|\\r\\n?)([A-Za-z0-9+/\\n\\r]+=*)(\\n\\r?|\\r\\n?)(-+END CERTIFICATE-+)/g;\n const publicKeys: string[] = [];\n\n // Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c\n let match;\n do {\n match = certificatePattern.exec(certificateParts.certificateContents);\n if (match) {\n publicKeys.push(match[3]);\n }\n } while (match);\n\n if (publicKeys.length === 0) {\n throw new Error(\"The file at the specified path does not contain a PEM-encoded certificate.\");\n }\n\n certificateParts.thumbprint = createHash(\"sha1\")\n .update(Buffer.from(publicKeys[0], \"base64\"))\n .digest(\"hex\")\n .toUpperCase();\n\n return certificateParts as CertificateParts;\n}\n\n/**\n * MSAL client certificate client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.\n * @internal\n */\nexport class MsalClientCertificate extends MsalNode {\n private configuration: ClientCertificateCredentialPEMConfiguration;\n private sendCertificateChain?: boolean;\n\n constructor(options: MSALClientCertificateOptions) {\n super(options);\n this.requiresConfidential = true;\n this.configuration = options.configuration;\n this.sendCertificateChain = options.sendCertificateChain;\n }\n\n // Changing the MSAL configuration asynchronously\n async init(options?: CredentialFlowGetTokenOptions): Promise {\n try {\n const parts = await parseCertificate(this.configuration, this.sendCertificateChain);\n this.msalConfig.auth.clientCertificate = {\n thumbprint: parts.thumbprint,\n privateKey: parts.certificateContents,\n x5c: parts.x5c,\n };\n } catch (error: any) {\n this.logger.info(formatError(\"\", error));\n throw error;\n }\n return super.init(options);\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise {\n try {\n const clientCredReq: ClientCredentialRequest = {\n scopes,\n correlationId: options.correlationId,\n azureRegion: this.azureRegion,\n authority: options.authority,\n claims: options.claims,\n };\n const result = await this.confidentialApp!.acquireTokenByClientCredential(clientCredReq);\n // Even though we're providing the same default in memory persistence cache that we use for DeviceCodeCredential,\n // The Client Credential flow does not return the account information from the authentication service,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (err: any) {\n throw this.handleError(scopes, err, options);\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { MsalClientCertificate } from \"../msal/nodeFlows/msalClientCertificate\";\nimport { credentialLogger } from \"../util/logging\";\nimport { tracingClient } from \"../util/tracing\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { ClientCertificateCredentialOptions } from \"./clientCertificateCredentialOptions\";\n\nconst credentialName = \"ClientCertificateCredential\";\nconst logger = credentialLogger(credentialName);\n\n/**\n * Required configuration options for the {@link ClientCertificateCredential}, with the string contents of a PEM certificate\n */\nexport interface ClientCertificatePEMCertificate {\n /**\n * The PEM-encoded public/private key certificate on the filesystem.\n */\n certificate: string;\n}\n/**\n * Required configuration options for the {@link ClientCertificateCredential}, with the path to a PEM certificate.\n */\nexport interface ClientCertificatePEMCertificatePath {\n /**\n * The path to the PEM-encoded public/private key certificate on the filesystem.\n */\n certificatePath: string;\n}\n/**\n * Required configuration options for the {@link ClientCertificateCredential}, with either the string contents of a PEM certificate, or the path to a PEM certificate.\n */\nexport type ClientCertificateCredentialPEMConfiguration =\n | ClientCertificatePEMCertificate\n | ClientCertificatePEMCertificatePath;\n\n/**\n * Enables authentication to Azure Active Directory using a PEM-encoded\n * certificate that is assigned to an App Registration. More information\n * on how to configure certificate authentication can be found here:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad\n *\n */\nexport class ClientCertificateCredential implements TokenCredential {\n private msalFlow: MsalFlow;\n\n /**\n * Creates an instance of the ClientCertificateCredential with the details\n * needed to authenticate against Azure Active Directory with a certificate.\n *\n * @param tenantId - The Azure Active Directory tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param certificatePath - The path to a PEM-encoded public/private key certificate on the filesystem.\n * @param options - Options for configuring the client which makes the authentication request.\n */\n constructor(\n tenantId: string,\n clientId: string,\n certificatePath: string,\n options?: ClientCertificateCredentialOptions\n );\n /**\n * Creates an instance of the ClientCertificateCredential with the details\n * needed to authenticate against Azure Active Directory with a certificate.\n *\n * @param tenantId - The Azure Active Directory tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param configuration - Other parameters required, including the path of the certificate on the filesystem.\n * If the type is ignored, we will throw the value of the path to a PEM certificate.\n * @param options - Options for configuring the client which makes the authentication request.\n */\n constructor(\n tenantId: string,\n clientId: string,\n configuration: ClientCertificatePEMCertificatePath,\n options?: ClientCertificateCredentialOptions\n );\n /**\n * Creates an instance of the ClientCertificateCredential with the details\n * needed to authenticate against Azure Active Directory with a certificate.\n *\n * @param tenantId - The Azure Active Directory tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param configuration - Other parameters required, including the PEM-encoded certificate as a string.\n * If the type is ignored, we will throw the value of the PEM-encoded certificate.\n * @param options - Options for configuring the client which makes the authentication request.\n */\n constructor(\n tenantId: string,\n clientId: string,\n configuration: ClientCertificatePEMCertificate,\n options?: ClientCertificateCredentialOptions\n );\n constructor(\n tenantId: string,\n clientId: string,\n certificatePathOrConfiguration: string | ClientCertificateCredentialPEMConfiguration,\n options: ClientCertificateCredentialOptions = {}\n ) {\n if (!tenantId || !clientId) {\n throw new Error(`${credentialName}: tenantId and clientId are required parameters.`);\n }\n const configuration: ClientCertificateCredentialPEMConfiguration = {\n ...(typeof certificatePathOrConfiguration === \"string\"\n ? {\n certificatePath: certificatePathOrConfiguration,\n }\n : certificatePathOrConfiguration),\n };\n const certificate: string | undefined = (configuration as ClientCertificatePEMCertificate)\n .certificate;\n const certificatePath: string | undefined = (\n configuration as ClientCertificatePEMCertificatePath\n ).certificatePath;\n if (!configuration || !(certificate || certificatePath)) {\n throw new Error(\n `${credentialName}: Provide either a PEM certificate in string form, or the path to that certificate in the filesystem. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`\n );\n }\n if (certificate && certificatePath) {\n throw new Error(\n `${credentialName}: To avoid unexpected behaviors, providing both the contents of a PEM certificate and the path to a PEM certificate is forbidden. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`\n );\n }\n this.msalFlow = new MsalClientCertificate({\n ...options,\n configuration,\n logger,\n clientId,\n tenantId,\n sendCertificateChain: options.sendCertificateChain,\n tokenCredentialOptions: options,\n });\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise {\n return tracingClient.withSpan(`${credentialName}.getToken`, options, async (newOptions) => {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n return this.msalFlow.getToken(arrayScopes, newOptions);\n });\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through username and password.\n * @internal\n */\nexport interface MSALUsernamePasswordOptions extends MsalNodeOptions {\n username: string;\n password: string;\n}\n\n/**\n * MSAL username and password client. Calls to the MSAL's public application's `acquireTokenByUsernamePassword` during `doGetToken`.\n * @internal\n */\nexport class MsalUsernamePassword extends MsalNode {\n private username: string;\n private password: string;\n\n constructor(options: MSALUsernamePasswordOptions) {\n super(options);\n this.username = options.username;\n this.password = options.password;\n }\n\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise {\n try {\n const requestOptions: msalNode.UsernamePasswordRequest = {\n scopes,\n username: this.username,\n password: this.password,\n correlationId: options?.correlationId,\n authority: options?.authority,\n claims: options?.claims,\n };\n const result = await this.publicApp!.acquireTokenByUsernamePassword(requestOptions);\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (error: any) {\n throw this.handleError(scopes, error, options);\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { credentialLogger } from \"../util/logging\";\nimport { MsalUsernamePassword } from \"../msal/nodeFlows/msalUsernamePassword\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { tracingClient } from \"../util/tracing\";\nimport { UsernamePasswordCredentialOptions } from \"./usernamePasswordCredentialOptions\";\n\nconst logger = credentialLogger(\"UsernamePasswordCredential\");\n\n/**\n * Enables authentication to Azure Active Directory with a user's\n * username and password. This credential requires a high degree of\n * trust so you should only use it when other, more secure credential\n * types can't be used.\n */\nexport class UsernamePasswordCredential implements TokenCredential {\n private msalFlow: MsalFlow;\n\n /**\n * Creates an instance of the UsernamePasswordCredential with the details\n * needed to authenticate against Azure Active Directory with a username\n * and password.\n *\n * @param tenantId - The Azure Active Directory tenant (directory).\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param username - The user account's e-mail address (user name).\n * @param password - The user account's account password\n * @param options - Options for configuring the client which makes the authentication request.\n */\n constructor(\n tenantId: string,\n clientId: string,\n username: string,\n password: string,\n options: UsernamePasswordCredentialOptions = {}\n ) {\n if (!tenantId || !clientId || !username || !password) {\n throw new Error(\n \"UsernamePasswordCredential: tenantId, clientId, username and password are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\"\n );\n }\n this.msalFlow = new MsalUsernamePassword({\n ...options,\n logger,\n clientId,\n tenantId,\n username,\n password,\n tokenCredentialOptions: options || {},\n });\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * If the user provided the option `disableAutomaticAuthentication`,\n * once the token can't be retrieved silently,\n * this method won't attempt to request user interaction to retrieve the token.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n return this.msalFlow.getToken(arrayScopes, newOptions);\n }\n );\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { credentialLogger, formatError, formatSuccess, processEnvVars } from \"../util/logging\";\nimport { TokenCredentialOptions } from \"../tokenCredentialOptions\";\nimport { ClientSecretCredential } from \"./clientSecretCredential\";\nimport { AuthenticationError, CredentialUnavailableError } from \"../errors\";\nimport { checkTenantId } from \"../util/checkTenantId\";\nimport { tracingClient } from \"../util/tracing\";\nimport { ClientCertificateCredential } from \"./clientCertificateCredential\";\nimport { UsernamePasswordCredential } from \"./usernamePasswordCredential\";\n\n/**\n * Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n *\n * @internal\n */\nexport const AllSupportedEnvironmentVariables = [\n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_CLIENT_SECRET\",\n \"AZURE_CLIENT_CERTIFICATE_PATH\",\n \"AZURE_USERNAME\",\n \"AZURE_PASSWORD\",\n];\n\nconst credentialName = \"EnvironmentCredential\";\nconst logger = credentialLogger(credentialName);\n\n/**\n * Enables authentication to Azure Active Directory depending on the available environment variables.\n * Defines options for the EnvironmentCredential class.\n */\nexport interface EnvironmentCredentialOptions extends TokenCredentialOptions {}\n\n/**\n * Enables authentication to Azure Active Directory using client secret\n * details configured in environment variables\n */\nexport class EnvironmentCredential implements TokenCredential {\n private _credential?:\n | ClientSecretCredential\n | ClientCertificateCredential\n | UsernamePasswordCredential = undefined;\n /**\n * Creates an instance of the EnvironmentCredential class and decides what credential to use depending on the available environment variables.\n *\n * Required environment variables:\n * - `AZURE_TENANT_ID`: The Azure Active Directory tenant (directory) ID.\n * - `AZURE_CLIENT_ID`: The client (application) ID of an App Registration in the tenant.\n *\n * Environment variables used for client credential authentication:\n * - `AZURE_CLIENT_SECRET`: A client secret that was generated for the App Registration.\n * - `AZURE_CLIENT_CERTIFICATE_PATH`: The path to a PEM certificate to use during the authentication, instead of the client secret.\n *\n * Alternatively, users can provide environment variables for username and password authentication:\n * - `AZURE_USERNAME`: Username to authenticate with.\n * - `AZURE_PASSWORD`: Password to authenticate with.\n *\n * If the environment variables required to perform the authentication are missing, a {@link CredentialUnavailableError} will be thrown.\n * If the authentication fails, or if there's an unknown error, an {@link AuthenticationError} will be thrown.\n *\n * @param options - Options for configuring the client which makes the authentication request.\n */\n constructor(options?: EnvironmentCredentialOptions) {\n // Keep track of any missing environment variables for error details\n\n const assigned = processEnvVars(AllSupportedEnvironmentVariables).assigned.join(\", \");\n logger.info(`Found the following environment variables: ${assigned}`);\n\n const tenantId = process.env.AZURE_TENANT_ID,\n clientId = process.env.AZURE_CLIENT_ID,\n clientSecret = process.env.AZURE_CLIENT_SECRET;\n\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n\n if (tenantId && clientId && clientSecret) {\n logger.info(\n `Invoking ClientSecretCredential with tenant ID: ${tenantId}, clientId: ${clientId} and clientSecret: [REDACTED]`\n );\n this._credential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);\n return;\n }\n\n const certificatePath = process.env.AZURE_CLIENT_CERTIFICATE_PATH;\n if (tenantId && clientId && certificatePath) {\n logger.info(\n `Invoking ClientCertificateCredential with tenant ID: ${tenantId}, clientId: ${clientId} and certificatePath: ${certificatePath}`\n );\n this._credential = new ClientCertificateCredential(\n tenantId,\n clientId,\n { certificatePath },\n options\n );\n return;\n }\n\n const username = process.env.AZURE_USERNAME;\n const password = process.env.AZURE_PASSWORD;\n if (tenantId && clientId && username && password) {\n logger.info(\n `Invoking UsernamePasswordCredential with tenant ID: ${tenantId}, clientId: ${clientId} and username: ${username}`\n );\n this._credential = new UsernamePasswordCredential(\n tenantId,\n clientId,\n username,\n password,\n options\n );\n }\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if successful.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - Optional parameters. See {@link GetTokenOptions}.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise {\n return tracingClient.withSpan(`${credentialName}.getToken`, options, async (newOptions) => {\n if (this._credential) {\n try {\n const result = await this._credential.getToken(scopes, newOptions);\n logger.getToken.info(formatSuccess(scopes));\n return result;\n } catch (err: any) {\n const authenticationError = new AuthenticationError(400, {\n error: `${credentialName} authentication failed. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot.`,\n error_description: err.message.toString().split(\"More details:\").join(\"\"),\n });\n logger.getToken.info(formatError(scopes, authenticationError));\n throw authenticationError;\n }\n }\n throw new CredentialUnavailableError(\n `${credentialName} is unavailable. No underlying credential could be used. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot.`\n );\n });\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nexport const DefaultScopeSuffix = \"/.default\";\nexport const imdsHost = \"http://169.254.169.254\";\nexport const imdsEndpointPath = \"/metadata/identity/oauth2/token\";\nexport const imdsApiVersion = \"2018-02-01\";\nexport const azureArcAPIVersion = \"2019-11-01\";\nexport const azureFabricVersion = \"2019-07-01-preview\";\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { DefaultScopeSuffix } from \"./constants\";\n\n/**\n * Most MSIs send requests to the IMDS endpoint, or a similar endpoint.\n * These are GET requests that require sending a `resource` parameter on the query.\n * This resource can be derived from the scopes received through the getToken call, as long as only one scope is received.\n * Multiple scopes assume that the resulting token will have access to multiple resources, which won't be the case.\n *\n * For that reason, when we encounter multiple scopes, we return undefined.\n * It's up to the individual MSI implementations to throw the errors (which helps us provide less generic errors).\n */\nexport function mapScopesToResource(scopes: string | string[]): string | undefined {\n let scope = \"\";\n if (Array.isArray(scopes)) {\n if (scopes.length !== 1) {\n return;\n }\n\n scope = scopes[0];\n } else if (typeof scopes === \"string\") {\n scope = scopes;\n }\n\n if (!scope.endsWith(DefaultScopeSuffix)) {\n return scope;\n }\n\n return scope.substr(0, scope.lastIndexOf(DefaultScopeSuffix));\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport {\n PipelineRequestOptions,\n createHttpHeaders,\n createPipelineRequest,\n} from \"@azure/core-rest-pipeline\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { TokenResponseParsedBody } from \"../../client/identityClient\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { MSI, MSIConfiguration } from \"./models\";\nimport { mapScopesToResource } from \"./utils\";\n\nconst msiName = \"ManagedIdentityCredential - AppServiceMSI 2017\";\nconst logger = credentialLogger(msiName);\n\n/**\n * Formats the expiration date of the received token into the number of milliseconds between that date and midnight, January 1, 1970.\n */\nfunction expiresOnParser(requestBody: TokenResponseParsedBody): number {\n // App Service always returns string expires_on values.\n return Date.parse(requestBody.expires_on! as string);\n}\n\n/**\n * Generates the options used on the request for an access token.\n */\nfunction prepareRequestOptions(\n scopes: string | string[],\n clientId?: string\n): PipelineRequestOptions {\n const resource = mapScopesToResource(scopes);\n if (!resource) {\n throw new Error(`${msiName}: Multiple scopes are not supported.`);\n }\n\n const queryParameters: Record = {\n resource,\n \"api-version\": \"2017-09-01\",\n };\n\n if (clientId) {\n queryParameters.clientid = clientId;\n }\n\n const query = new URLSearchParams(queryParameters);\n\n // This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.\n if (!process.env.MSI_ENDPOINT) {\n throw new Error(`${msiName}: Missing environment variable: MSI_ENDPOINT`);\n }\n if (!process.env.MSI_SECRET) {\n throw new Error(`${msiName}: Missing environment variable: MSI_SECRET`);\n }\n\n return {\n url: `${process.env.MSI_ENDPOINT}?${query.toString()}`,\n method: \"GET\",\n headers: createHttpHeaders({\n Accept: \"application/json\",\n secret: process.env.MSI_SECRET,\n }),\n };\n}\n\n/**\n * Defines how to determine whether the Azure App Service MSI is available, and also how to retrieve a token from the Azure App Service MSI.\n */\nexport const appServiceMsi2017: MSI = {\n async isAvailable({ scopes }): Promise {\n const resource = mapScopesToResource(scopes);\n if (!resource) {\n logger.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);\n return false;\n }\n const env = process.env;\n const result = Boolean(env.MSI_ENDPOINT && env.MSI_SECRET);\n if (!result) {\n logger.info(\n `${msiName}: Unavailable. The environment variables needed are: MSI_ENDPOINT and MSI_SECRET.`\n );\n }\n return result;\n },\n async getToken(\n configuration: MSIConfiguration,\n getTokenOptions: GetTokenOptions = {}\n ): Promise {\n const { identityClient, scopes, clientId, resourceId } = configuration;\n\n if (resourceId) {\n logger.warning(\n `${msiName}: managed Identity by resource Id is not supported. Argument resourceId might be ignored by the service.`\n );\n }\n\n logger.info(\n `${msiName}: Using the endpoint and the secret coming form the environment variables: MSI_ENDPOINT=${process.env.MSI_ENDPOINT} and MSI_SECRET=[REDACTED].`\n );\n\n const request = createPipelineRequest({\n abortSignal: getTokenOptions.abortSignal,\n ...prepareRequestOptions(scopes, clientId),\n // Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).\n allowInsecureConnection: true,\n });\n const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser);\n return (tokenResponse && tokenResponse.accessToken) || null;\n },\n};\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport {\n PipelineRequestOptions,\n createHttpHeaders,\n createPipelineRequest,\n} from \"@azure/core-rest-pipeline\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { MSI, MSIConfiguration } from \"./models\";\nimport { mapScopesToResource } from \"./utils\";\n\nconst msiName = \"ManagedIdentityCredential - CloudShellMSI\";\nexport const logger = credentialLogger(msiName);\n\n/**\n * Generates the options used on the request for an access token.\n */\nfunction prepareRequestOptions(\n scopes: string | string[],\n clientId?: string,\n resourceId?: string\n): PipelineRequestOptions {\n const resource = mapScopesToResource(scopes);\n if (!resource) {\n throw new Error(`${msiName}: Multiple scopes are not supported.`);\n }\n\n const body: Record = {\n resource,\n };\n\n if (clientId) {\n body.client_id = clientId;\n }\n if (resourceId) {\n body.msi_res_id = resourceId;\n }\n\n // This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.\n if (!process.env.MSI_ENDPOINT) {\n throw new Error(`${msiName}: Missing environment variable: MSI_ENDPOINT`);\n }\n const params = new URLSearchParams(body);\n return {\n url: process.env.MSI_ENDPOINT,\n method: \"POST\",\n body: params.toString(),\n headers: createHttpHeaders({\n Accept: \"application/json\",\n Metadata: \"true\",\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n }),\n };\n}\n\n/**\n * Defines how to determine whether the Azure Cloud Shell MSI is available, and also how to retrieve a token from the Azure Cloud Shell MSI.\n * Since Azure Managed Identities aren't available in the Azure Cloud Shell, we log a warning for users that try to access cloud shell using user assigned identity.\n */\nexport const cloudShellMsi: MSI = {\n async isAvailable({ scopes }): Promise {\n const resource = mapScopesToResource(scopes);\n if (!resource) {\n logger.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);\n return false;\n }\n\n const result = Boolean(process.env.MSI_ENDPOINT);\n if (!result) {\n logger.info(`${msiName}: Unavailable. The environment variable MSI_ENDPOINT is needed.`);\n }\n return result;\n },\n async getToken(\n configuration: MSIConfiguration,\n getTokenOptions: GetTokenOptions = {}\n ): Promise {\n const { identityClient, scopes, clientId, resourceId } = configuration;\n\n if (clientId) {\n logger.warning(\n `${msiName}: user-assigned identities not supported. The argument clientId might be ignored by the service.`\n );\n }\n\n if (resourceId) {\n logger.warning(\n `${msiName}: user defined managed Identity by resource Id not supported. The argument resourceId might be ignored by the service.`\n );\n }\n\n logger.info(\n `${msiName}: Using the endpoint coming form the environment variable MSI_ENDPOINT = ${process.env.MSI_ENDPOINT}.`\n );\n\n const request = createPipelineRequest({\n abortSignal: getTokenOptions.abortSignal,\n ...prepareRequestOptions(scopes, clientId, resourceId),\n // Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).\n allowInsecureConnection: true,\n });\n const tokenResponse = await identityClient.sendTokenRequest(request);\n return (tokenResponse && tokenResponse.accessToken) || null;\n },\n};\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { delay } from \"@azure/core-util\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport {\n PipelineRequestOptions,\n RestError,\n createHttpHeaders,\n createPipelineRequest,\n} from \"@azure/core-rest-pipeline\";\nimport { TokenResponseParsedBody } from \"../../client/identityClient\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { AuthenticationError } from \"../../errors\";\nimport { tracingClient } from \"../../util/tracing\";\nimport { imdsApiVersion, imdsEndpointPath, imdsHost } from \"./constants\";\nimport { MSI, MSIConfiguration } from \"./models\";\nimport { mapScopesToResource } from \"./utils\";\n\nconst msiName = \"ManagedIdentityCredential - IMDS\";\nconst logger = credentialLogger(msiName);\n\n/**\n * Formats the expiration date of the received token into the number of milliseconds between that date and midnight, January 1, 1970.\n */\nfunction expiresOnParser(requestBody: TokenResponseParsedBody): number {\n if (requestBody.expires_on) {\n // Use the expires_on timestamp if it's available\n const expires = +requestBody.expires_on * 1000;\n logger.info(\n `${msiName}: Using expires_on: ${expires} (original value: ${requestBody.expires_on})`\n );\n return expires;\n } else {\n // If these aren't possible, use expires_in and calculate a timestamp\n const expires = Date.now() + requestBody.expires_in * 1000;\n logger.info(\n `${msiName}: IMDS using expires_in: ${expires} (original value: ${requestBody.expires_in})`\n );\n return expires;\n }\n}\n\n/**\n * Generates the options used on the request for an access token.\n */\nfunction prepareRequestOptions(\n scopes: string | string[],\n clientId?: string,\n resourceId?: string,\n options?: {\n skipQuery?: boolean;\n skipMetadataHeader?: boolean;\n }\n): PipelineRequestOptions {\n const resource = mapScopesToResource(scopes);\n if (!resource) {\n throw new Error(`${msiName}: Multiple scopes are not supported.`);\n }\n\n const { skipQuery, skipMetadataHeader } = options || {};\n let query = \"\";\n\n // Pod Identity will try to process this request even if the Metadata header is missing.\n // We can exclude the request query to ensure no IMDS endpoint tries to process the ping request.\n if (!skipQuery) {\n const queryParameters: Record = {\n resource,\n \"api-version\": imdsApiVersion,\n };\n if (clientId) {\n queryParameters.client_id = clientId;\n }\n if (resourceId) {\n queryParameters.msi_res_id = resourceId;\n }\n const params = new URLSearchParams(queryParameters);\n query = `?${params.toString()}`;\n }\n\n const url = new URL(imdsEndpointPath, process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST ?? imdsHost);\n\n const rawHeaders: Record = {\n Accept: \"application/json\",\n Metadata: \"true\",\n };\n\n // Remove the Metadata header to invoke a request error from some IMDS endpoints.\n if (skipMetadataHeader) {\n delete rawHeaders.Metadata;\n }\n\n return {\n // In this case, the `?` should be added in the \"query\" variable `skipQuery` is not set.\n url: `${url}${query}`,\n method: \"GET\",\n headers: createHttpHeaders(rawHeaders),\n };\n}\n\n// 800ms -> 1600ms -> 3200ms\nexport const imdsMsiRetryConfig = {\n maxRetries: 3,\n startDelayInMs: 800,\n intervalIncrement: 2,\n};\n\n/**\n * Defines how to determine whether the Azure IMDS MSI is available, and also how to retrieve a token from the Azure IMDS MSI.\n */\nexport const imdsMsi: MSI = {\n async isAvailable({\n scopes,\n identityClient,\n clientId,\n resourceId,\n getTokenOptions = {},\n }): Promise {\n const resource = mapScopesToResource(scopes);\n if (!resource) {\n logger.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);\n return false;\n }\n\n // if the PodIdentityEndpoint environment variable was set no need to probe the endpoint, it can be assumed to exist\n if (process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST) {\n return true;\n }\n\n if (!identityClient) {\n throw new Error(\"Missing IdentityClient\");\n }\n\n const requestOptions = prepareRequestOptions(resource, clientId, resourceId, {\n skipMetadataHeader: true,\n skipQuery: true,\n });\n\n return tracingClient.withSpan(\n \"ManagedIdentityCredential-pingImdsEndpoint\",\n getTokenOptions,\n async (options) => {\n requestOptions.tracingOptions = options.tracingOptions;\n try {\n // Create a request with a timeout since we expect that\n // not having a \"Metadata\" header should cause an error to be\n // returned quickly from the endpoint, proving its availability.\n const request = createPipelineRequest(requestOptions);\n\n request.timeout = options.requestOptions?.timeout ?? 300;\n\n // This MSI uses the imdsEndpoint to get the token, which only uses http://\n request.allowInsecureConnection = true;\n\n try {\n logger.info(`${msiName}: Pinging the Azure IMDS endpoint`);\n await identityClient.sendRequest(request);\n } catch (err: any) {\n if (\n (err.name === \"RestError\" && err.code === RestError.REQUEST_SEND_ERROR) ||\n err.name === \"AbortError\" ||\n err.code === \"ENETUNREACH\" || // Network unreachable\n err.code === \"ECONNREFUSED\" || // connection refused\n err.code === \"EHOSTDOWN\" // host is down\n ) {\n // If the request failed, or Node.js was unable to establish a connection,\n // or the host was down, we'll assume the IMDS endpoint isn't available.\n logger.info(`${msiName}: The Azure IMDS endpoint is unavailable`);\n return false;\n }\n }\n\n // If we received any response, the endpoint is available\n logger.info(`${msiName}: The Azure IMDS endpoint is available`);\n return true;\n } catch (err: any) {\n // createWebResource failed.\n // This error should bubble up to the user.\n logger.info(\n `${msiName}: Error when creating the WebResource for the Azure IMDS endpoint: ${err.message}`\n );\n throw err;\n }\n }\n );\n },\n async getToken(\n configuration: MSIConfiguration,\n getTokenOptions: GetTokenOptions = {}\n ): Promise {\n const { identityClient, scopes, clientId, resourceId } = configuration;\n\n logger.info(\n `${msiName}: Using the Azure IMDS endpoint coming from the environment variable MSI_ENDPOINT=${process.env.MSI_ENDPOINT}, and using the cloud shell to proceed with the authentication.`\n );\n\n let nextDelayInMs = imdsMsiRetryConfig.startDelayInMs;\n for (let retries = 0; retries < imdsMsiRetryConfig.maxRetries; retries++) {\n try {\n const request = createPipelineRequest({\n abortSignal: getTokenOptions.abortSignal,\n ...prepareRequestOptions(scopes, clientId, resourceId),\n allowInsecureConnection: true,\n });\n const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser);\n return (tokenResponse && tokenResponse.accessToken) || null;\n } catch (error: any) {\n if (error.statusCode === 404) {\n await delay(nextDelayInMs);\n nextDelayInMs *= imdsMsiRetryConfig.intervalIncrement;\n continue;\n }\n throw error;\n }\n }\n\n throw new AuthenticationError(\n 404,\n `${msiName}: Failed to retrieve IMDS token after ${imdsMsiRetryConfig.maxRetries} retries.`\n );\n },\n};\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport {\n PipelineRequestOptions,\n createHttpHeaders,\n createPipelineRequest,\n} from \"@azure/core-rest-pipeline\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { readFile } from \"fs\";\nimport { AuthenticationError } from \"../../errors\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { mapScopesToResource } from \"./utils\";\nimport { MSI, MSIConfiguration } from \"./models\";\nimport { azureArcAPIVersion } from \"./constants\";\n\nconst msiName = \"ManagedIdentityCredential - Azure Arc MSI\";\nconst logger = credentialLogger(msiName);\n\n/**\n * Generates the options used on the request for an access token.\n */\nfunction prepareRequestOptions(\n scopes: string | string[],\n clientId?: string,\n resourceId?: string\n): PipelineRequestOptions {\n const resource = mapScopesToResource(scopes);\n if (!resource) {\n throw new Error(`${msiName}: Multiple scopes are not supported.`);\n }\n const queryParameters: Record = {\n resource,\n \"api-version\": azureArcAPIVersion,\n };\n\n if (clientId) {\n queryParameters.client_id = clientId;\n }\n if (resourceId) {\n queryParameters.msi_res_id = resourceId;\n }\n\n // This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.\n if (!process.env.IDENTITY_ENDPOINT) {\n throw new Error(`${msiName}: Missing environment variable: IDENTITY_ENDPOINT`);\n }\n\n const query = new URLSearchParams(queryParameters);\n\n return createPipelineRequest({\n // Should be similar to: http://localhost:40342/metadata/identity/oauth2/token\n url: `${process.env.IDENTITY_ENDPOINT}?${query.toString()}`,\n method: \"GET\",\n headers: createHttpHeaders({\n Accept: \"application/json\",\n Metadata: \"true\",\n }),\n });\n}\n\n/**\n * Retrieves the file contents at the given path using promises.\n * Useful since `fs`'s readFileSync locks the thread, and to avoid extra dependencies.\n */\nfunction readFileAsync(path: string, options: { encoding: string }): Promise {\n return new Promise((resolve, reject) =>\n readFile(path, options, (err, data) => {\n if (err) {\n reject(err);\n }\n resolve(data);\n })\n );\n}\n\n/**\n * Does a request to the authentication provider that results in a file path.\n */\nasync function filePathRequest(\n identityClient: IdentityClient,\n requestPrepareOptions: PipelineRequestOptions\n): Promise {\n const response = await identityClient.sendRequest(createPipelineRequest(requestPrepareOptions));\n\n if (response.status !== 401) {\n let message = \"\";\n if (response.bodyAsText) {\n message = ` Response: ${response.bodyAsText}`;\n }\n throw new AuthenticationError(\n response.status,\n `${msiName}: To authenticate with Azure Arc MSI, status code 401 is expected on the first request. ${message}`\n );\n }\n\n const authHeader = response.headers.get(\"www-authenticate\") || \"\";\n try {\n return authHeader.split(\"=\").slice(1)[0];\n } catch (e: any) {\n throw Error(`Invalid www-authenticate header format: ${authHeader}`);\n }\n}\n\n/**\n * Defines how to determine whether the Azure Arc MSI is available, and also how to retrieve a token from the Azure Arc MSI.\n */\nexport const arcMsi: MSI = {\n async isAvailable({ scopes }): Promise {\n const resource = mapScopesToResource(scopes);\n if (!resource) {\n logger.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);\n return false;\n }\n const result = Boolean(process.env.IMDS_ENDPOINT && process.env.IDENTITY_ENDPOINT);\n if (!result) {\n logger.info(\n `${msiName}: The environment variables needed are: IMDS_ENDPOINT and IDENTITY_ENDPOINT`\n );\n }\n return result;\n },\n async getToken(\n configuration: MSIConfiguration,\n getTokenOptions: GetTokenOptions = {}\n ): Promise {\n const { identityClient, scopes, clientId, resourceId } = configuration;\n\n if (clientId) {\n logger.warning(\n `${msiName}: user-assigned identities not supported. The argument clientId might be ignored by the service.`\n );\n }\n if (resourceId) {\n logger.warning(\n `${msiName}: user defined managed Identity by resource Id is not supported. Argument resourceId will be ignored.`\n );\n }\n\n logger.info(`${msiName}: Authenticating.`);\n\n const requestOptions = {\n disableJsonStringifyOnBody: true,\n deserializationMapper: undefined,\n abortSignal: getTokenOptions.abortSignal,\n ...prepareRequestOptions(scopes, clientId, resourceId),\n allowInsecureConnection: true,\n };\n\n const filePath = await filePathRequest(identityClient, requestOptions);\n\n if (!filePath) {\n throw new Error(`${msiName}: Failed to find the token file.`);\n }\n\n const key = await readFileAsync(filePath, { encoding: \"utf-8\" });\n requestOptions.headers?.set(\"Authorization\", `Basic ${key}`);\n\n const request = createPipelineRequest({\n ...requestOptions,\n // Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).\n allowInsecureConnection: true,\n });\n const tokenResponse = await identityClient.sendTokenRequest(request);\n return (tokenResponse && tokenResponse.accessToken) || null;\n },\n};\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport fs from \"fs\";\nimport {\n PipelineRequestOptions,\n createHttpHeaders,\n createPipelineRequest,\n} from \"@azure/core-rest-pipeline\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { promisify } from \"util\";\nimport { DefaultAuthorityHost } from \"../../constants\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { MSI, MSIConfiguration } from \"./models\";\n\nconst msiName = \"ManagedIdentityCredential - Token Exchange\";\nconst logger = credentialLogger(msiName);\n\nconst readFileAsync = promisify(fs.readFile);\n\n/**\n * Generates the options used on the request for an access token.\n */\nfunction prepareRequestOptions(\n scopes: string | string[],\n clientAssertion: string,\n clientId: string\n): PipelineRequestOptions {\n const bodyParams: Record = {\n scope: Array.isArray(scopes) ? scopes.join(\" \") : scopes,\n client_assertion: clientAssertion,\n client_assertion_type: \"urn:ietf:params:oauth:client-assertion-type:jwt-bearer\",\n client_id: clientId,\n grant_type: \"client_credentials\",\n };\n\n const urlParams = new URLSearchParams(bodyParams);\n const url = new URL(\n `${process.env.AZURE_TENANT_ID}/oauth2/v2.0/token`,\n process.env.AZURE_AUTHORITY_HOST ?? DefaultAuthorityHost\n );\n\n return {\n url: url.toString(),\n method: \"POST\",\n body: urlParams.toString(),\n headers: createHttpHeaders({\n Accept: \"application/json\",\n }),\n };\n}\n\n/**\n * Defines how to determine whether the token exchange MSI is available, and also how to retrieve a token from the token exchange MSI.\n */\nexport function tokenExchangeMsi(): MSI {\n const azureFederatedTokenFilePath = process.env.AZURE_FEDERATED_TOKEN_FILE;\n let azureFederatedTokenFileContent: string | undefined = undefined;\n let cacheDate: number | undefined = undefined;\n\n // Only reads from the assertion file once every 5 minutes\n async function readAssertion(): Promise {\n // Cached assertions expire after 5 minutes\n if (cacheDate !== undefined && Date.now() - cacheDate >= 1000 * 60 * 5) {\n azureFederatedTokenFileContent = undefined;\n }\n if (!azureFederatedTokenFileContent) {\n const file = await readFileAsync(azureFederatedTokenFilePath!, \"utf8\");\n const value = file.trim();\n if (!value) {\n throw new Error(\n `No content on the file ${azureFederatedTokenFilePath}, indicated by the environment variable AZURE_FEDERATED_TOKEN_FILE`\n );\n } else {\n azureFederatedTokenFileContent = value;\n cacheDate = Date.now();\n }\n }\n return azureFederatedTokenFileContent;\n }\n\n return {\n async isAvailable({ clientId }): Promise {\n const env = process.env;\n const result = Boolean(\n (clientId || env.AZURE_CLIENT_ID) && env.AZURE_TENANT_ID && azureFederatedTokenFilePath\n );\n if (!result) {\n logger.info(\n `${msiName}: Unavailable. The environment variables needed are: AZURE_CLIENT_ID (or the client ID sent through the parameters), AZURE_TENANT_ID and AZURE_FEDERATED_TOKEN_FILE`\n );\n }\n return result;\n },\n async getToken(\n configuration: MSIConfiguration,\n getTokenOptions: GetTokenOptions = {}\n ): Promise {\n const { identityClient, scopes, clientId } = configuration;\n\n logger.info(`${msiName}: Using the client assertion coming from environment variables.`);\n\n let assertion: string;\n\n try {\n assertion = await readAssertion();\n } catch (err: any) {\n throw new Error(\n `${msiName}: Failed to read ${azureFederatedTokenFilePath}, indicated by the environment variable AZURE_FEDERATED_TOKEN_FILE`\n );\n }\n\n const request = createPipelineRequest({\n abortSignal: getTokenOptions.abortSignal,\n ...prepareRequestOptions(scopes, assertion, clientId || process.env.AZURE_CLIENT_ID!),\n // Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).\n allowInsecureConnection: true,\n });\n const tokenResponse = await identityClient.sendTokenRequest(request);\n return (tokenResponse && tokenResponse.accessToken) || null;\n },\n };\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport https from \"https\";\nimport {\n PipelineRequestOptions,\n createHttpHeaders,\n createPipelineRequest,\n} from \"@azure/core-rest-pipeline\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { TokenResponseParsedBody } from \"../../client/identityClient\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { MSI, MSIConfiguration } from \"./models\";\nimport { mapScopesToResource } from \"./utils\";\nimport { azureFabricVersion } from \"./constants\";\n\n// This MSI can be easily tested by deploying a container to Azure Service Fabric with the Dockerfile:\n//\n// FROM node:12\n// RUN wget https://host.any/path/bash.sh\n// CMD [\"bash\", \"bash.sh\"]\n//\n// Where the bash script contains:\n//\n// curl --insecure $IDENTITY_ENDPOINT'?api-version=2019-07-01-preview&resource=https://vault.azure.net/' -H \"Secret: $IDENTITY_HEADER\"\n//\n\nconst msiName = \"ManagedIdentityCredential - Fabric MSI\";\nconst logger = credentialLogger(msiName);\n\n/**\n * Formats the expiration date of the received token into the number of milliseconds between that date and midnight, January 1, 1970.\n */\nfunction expiresOnParser(requestBody: TokenResponseParsedBody): number {\n // Parses a string representation of the milliseconds since epoch into a number value\n return Number(requestBody.expires_on);\n}\n\n/**\n * Generates the options used on the request for an access token.\n */\nfunction prepareRequestOptions(\n scopes: string | string[],\n clientId?: string,\n resourceId?: string\n): PipelineRequestOptions {\n const resource = mapScopesToResource(scopes);\n if (!resource) {\n throw new Error(`${msiName}: Multiple scopes are not supported.`);\n }\n\n const queryParameters: Record = {\n resource,\n \"api-version\": azureFabricVersion,\n };\n\n if (clientId) {\n queryParameters.client_id = clientId;\n }\n if (resourceId) {\n queryParameters.msi_res_id = resourceId;\n }\n const query = new URLSearchParams(queryParameters);\n\n // This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.\n if (!process.env.IDENTITY_ENDPOINT) {\n throw new Error(\"Missing environment variable: IDENTITY_ENDPOINT\");\n }\n if (!process.env.IDENTITY_HEADER) {\n throw new Error(\"Missing environment variable: IDENTITY_HEADER\");\n }\n\n return {\n url: `${process.env.IDENTITY_ENDPOINT}?${query.toString()}`,\n method: \"GET\",\n headers: createHttpHeaders({\n Accept: \"application/json\",\n secret: process.env.IDENTITY_HEADER,\n }),\n };\n}\n\n/**\n * Defines how to determine whether the Azure Service Fabric MSI is available, and also how to retrieve a token from the Azure Service Fabric MSI.\n */\nexport const fabricMsi: MSI = {\n async isAvailable({ scopes }): Promise {\n const resource = mapScopesToResource(scopes);\n if (!resource) {\n logger.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);\n return false;\n }\n const env = process.env;\n const result = Boolean(\n env.IDENTITY_ENDPOINT && env.IDENTITY_HEADER && env.IDENTITY_SERVER_THUMBPRINT\n );\n if (!result) {\n logger.info(\n `${msiName}: Unavailable. The environment variables needed are: IDENTITY_ENDPOINT, IDENTITY_HEADER and IDENTITY_SERVER_THUMBPRINT`\n );\n }\n return result;\n },\n async getToken(\n configuration: MSIConfiguration,\n getTokenOptions: GetTokenOptions = {}\n ): Promise {\n const { scopes, identityClient, clientId, resourceId } = configuration;\n\n if (resourceId) {\n logger.warning(\n `${msiName}: user defined managed Identity by resource Id is not supported. Argument resourceId might be ignored by the service.`\n );\n }\n\n logger.info(\n [\n `${msiName}:`,\n \"Using the endpoint and the secret coming from the environment variables:\",\n `IDENTITY_ENDPOINT=${process.env.IDENTITY_ENDPOINT},`,\n \"IDENTITY_HEADER=[REDACTED] and\",\n \"IDENTITY_SERVER_THUMBPRINT=[REDACTED].\",\n ].join(\" \")\n );\n\n const request = createPipelineRequest({\n abortSignal: getTokenOptions.abortSignal,\n ...prepareRequestOptions(scopes, clientId, resourceId),\n // The service fabric MSI endpoint will be HTTPS (however, the certificate will be self-signed).\n // allowInsecureConnection: true\n });\n\n request.agent = new https.Agent({\n // This is necessary because Service Fabric provides a self-signed certificate.\n // The alternative path is to verify the certificate using the IDENTITY_SERVER_THUMBPRINT env variable.\n rejectUnauthorized: false,\n });\n\n const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser);\n return (tokenResponse && tokenResponse.accessToken) || null;\n },\n};\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport {\n PipelineRequestOptions,\n createHttpHeaders,\n createPipelineRequest,\n} from \"@azure/core-rest-pipeline\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { TokenResponseParsedBody } from \"../../client/identityClient\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { MSI, MSIConfiguration } from \"./models\";\nimport { mapScopesToResource } from \"./utils\";\n\nconst msiName = \"ManagedIdentityCredential - AppServiceMSI 2019\";\nconst logger = credentialLogger(msiName);\n\n/**\n * Formats the expiration date of the received token into the number of milliseconds between that date and midnight, January 1, 1970.\n */\nfunction expiresOnParser(requestBody: TokenResponseParsedBody): number {\n // App Service always returns string expires_on values.\n return Date.parse(requestBody.expires_on! as string);\n}\n\n/**\n * Generates the options used on the request for an access token.\n */\nfunction prepareRequestOptions(\n scopes: string | string[],\n clientId?: string,\n resourceId?: string\n): PipelineRequestOptions {\n const resource = mapScopesToResource(scopes);\n if (!resource) {\n throw new Error(`${msiName}: Multiple scopes are not supported.`);\n }\n\n const queryParameters: Record = {\n resource,\n \"api-version\": \"2019-08-01\",\n };\n\n if (clientId) {\n queryParameters.client_id = clientId;\n }\n\n if (resourceId) {\n queryParameters.mi_res_id = resourceId;\n }\n const query = new URLSearchParams(queryParameters);\n\n // This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.\n if (!process.env.IDENTITY_ENDPOINT) {\n throw new Error(`${msiName}: Missing environment variable: IDENTITY_ENDPOINT`);\n }\n if (!process.env.IDENTITY_HEADER) {\n throw new Error(`${msiName}: Missing environment variable: IDENTITY_HEADER`);\n }\n\n return {\n url: `${process.env.IDENTITY_ENDPOINT}?${query.toString()}`,\n method: \"GET\",\n headers: createHttpHeaders({\n Accept: \"application/json\",\n \"X-IDENTITY-HEADER\": process.env.IDENTITY_HEADER,\n }),\n };\n}\n\n/**\n * Defines how to determine whether the Azure App Service MSI is available, and also how to retrieve a token from the Azure App Service MSI.\n */\nexport const appServiceMsi2019: MSI = {\n async isAvailable({ scopes }): Promise {\n const resource = mapScopesToResource(scopes);\n if (!resource) {\n logger.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);\n return false;\n }\n const env = process.env;\n const result = Boolean(env.IDENTITY_ENDPOINT && env.IDENTITY_HEADER);\n if (!result) {\n logger.info(\n `${msiName}: Unavailable. The environment variables needed are: IDENTITY_ENDPOINT and IDENTITY_HEADER.`\n );\n }\n return result;\n },\n async getToken(\n configuration: MSIConfiguration,\n getTokenOptions: GetTokenOptions = {}\n ): Promise {\n const { identityClient, scopes, clientId, resourceId } = configuration;\n\n logger.info(\n `${msiName}: Using the endpoint and the secret coming form the environment variables: IDENTITY_ENDPOINT=${process.env.IDENTITY_ENDPOINT} and IDENTITY_HEADER=[REDACTED].`\n );\n\n const request = createPipelineRequest({\n abortSignal: getTokenOptions.abortSignal,\n ...prepareRequestOptions(scopes, clientId, resourceId),\n // Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).\n allowInsecureConnection: true,\n });\n const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser);\n return (tokenResponse && tokenResponse.accessToken) || null;\n },\n};\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { TokenCredentialOptions } from \"../../tokenCredentialOptions\";\nimport { AuthenticationError, CredentialUnavailableError } from \"../../errors\";\nimport { credentialLogger, formatError, formatSuccess } from \"../../util/logging\";\nimport { appServiceMsi2017 } from \"./appServiceMsi2017\";\nimport { tracingClient } from \"../../util/tracing\";\nimport { cloudShellMsi } from \"./cloudShellMsi\";\nimport { imdsMsi } from \"./imdsMsi\";\nimport { MSI } from \"./models\";\nimport { arcMsi } from \"./arcMsi\";\nimport { tokenExchangeMsi } from \"./tokenExchangeMsi\";\nimport { fabricMsi } from \"./fabricMsi\";\nimport { appServiceMsi2019 } from \"./appServiceMsi2019\";\n\nconst logger = credentialLogger(\"ManagedIdentityCredential\");\n\n/**\n * Options to send on the {@link ManagedIdentityCredential} constructor.\n * This variation supports `clientId` and not `resourceId`, since only one of both is supported.\n */\nexport interface ManagedIdentityCredentialClientIdOptions extends TokenCredentialOptions {\n /**\n * The client ID of the user - assigned identity, or app registration(when working with AKS pod - identity).\n */\n clientId?: string;\n}\n\n/**\n * Options to send on the {@link ManagedIdentityCredential} constructor.\n * This variation supports `resourceId` and not `clientId`, since only one of both is supported.\n */\nexport interface ManagedIdentityCredentialResourceIdOptions extends TokenCredentialOptions {\n /**\n * Allows specifying a custom resource Id.\n * In scenarios such as when user assigned identities are created using an ARM template,\n * where the resource Id of the identity is known but the client Id can't be known ahead of time,\n * this parameter allows programs to use these user assigned identities\n * without having to first determine the client Id of the created identity.\n */\n resourceId: string;\n}\n\n/**\n * Attempts authentication using a managed identity available at the deployment environment.\n * This authentication type works in Azure VMs, App Service instances, Azure Functions applications,\n * Azure Kubernetes Services, Azure Service Fabric instances and inside of the Azure Cloud Shell.\n *\n * More information about configuring managed identities can be found here:\n * https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview\n */\nexport class ManagedIdentityCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private clientId: string | undefined;\n private resourceId: string | undefined;\n private isEndpointUnavailable: boolean | null = null;\n private isAvailableIdentityClient: IdentityClient;\n\n /**\n * Creates an instance of ManagedIdentityCredential with the client ID of a\n * user-assigned identity, or app registration (when working with AKS pod-identity).\n *\n * @param clientId - The client ID of the user-assigned identity, or app registration (when working with AKS pod-identity).\n * @param options - Options for configuring the client which makes the access token request.\n */\n constructor(clientId: string, options?: TokenCredentialOptions);\n /**\n * Creates an instance of ManagedIdentityCredential with clientId\n *\n * @param options - Options for configuring the client which makes the access token request.\n */\n constructor(options?: ManagedIdentityCredentialClientIdOptions);\n /**\n * Creates an instance of ManagedIdentityCredential with Resource Id\n *\n * @param options - Options for configuring the resource which makes the access token request.\n */\n constructor(options?: ManagedIdentityCredentialResourceIdOptions);\n /**\n * @internal\n * @hidden\n */\n constructor(\n clientIdOrOptions?:\n | string\n | ManagedIdentityCredentialClientIdOptions\n | ManagedIdentityCredentialResourceIdOptions,\n options?: TokenCredentialOptions\n ) {\n let _options: TokenCredentialOptions | undefined;\n if (typeof clientIdOrOptions === \"string\") {\n this.clientId = clientIdOrOptions;\n _options = options;\n } else {\n this.clientId = (clientIdOrOptions as ManagedIdentityCredentialClientIdOptions)?.clientId;\n _options = clientIdOrOptions;\n }\n this.resourceId = (_options as ManagedIdentityCredentialResourceIdOptions)?.resourceId;\n // For JavaScript users.\n if (this.clientId && this.resourceId) {\n throw new Error(\n `${ManagedIdentityCredential.name} - Client Id and Resource Id can't be provided at the same time.`\n );\n }\n this.identityClient = new IdentityClient(_options);\n this.isAvailableIdentityClient = new IdentityClient({\n ..._options,\n retryOptions: {\n maxRetries: 0,\n },\n });\n }\n\n private cachedMSI: MSI | undefined;\n\n private async cachedAvailableMSI(\n scopes: string | string[],\n getTokenOptions?: GetTokenOptions\n ): Promise {\n if (this.cachedMSI) {\n return this.cachedMSI;\n }\n\n const MSIs = [\n arcMsi,\n fabricMsi,\n appServiceMsi2019,\n appServiceMsi2017,\n cloudShellMsi,\n tokenExchangeMsi(),\n imdsMsi,\n ];\n\n for (const msi of MSIs) {\n if (\n await msi.isAvailable({\n scopes,\n identityClient: this.isAvailableIdentityClient,\n clientId: this.clientId,\n resourceId: this.resourceId,\n getTokenOptions,\n })\n ) {\n this.cachedMSI = msi;\n return msi;\n }\n }\n\n throw new CredentialUnavailableError(\n `${ManagedIdentityCredential.name} - No MSI credential available`\n );\n }\n\n private async authenticateManagedIdentity(\n scopes: string | string[],\n getTokenOptions?: GetTokenOptions\n ): Promise {\n const { span, updatedOptions } = tracingClient.startSpan(\n `${ManagedIdentityCredential.name}.authenticateManagedIdentity`,\n getTokenOptions\n );\n\n try {\n // Determining the available MSI, and avoiding checking for other MSIs while the program is running.\n const availableMSI = await this.cachedAvailableMSI(scopes, updatedOptions);\n\n return availableMSI.getToken(\n {\n identityClient: this.identityClient,\n scopes,\n clientId: this.clientId,\n resourceId: this.resourceId,\n },\n updatedOptions\n );\n } catch (err: any) {\n span.setStatus({\n status: \"error\",\n error: err,\n });\n throw err;\n } finally {\n span.end();\n }\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n * If an unexpected error occurs, an {@link AuthenticationError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options?: GetTokenOptions\n ): Promise {\n let result: AccessToken | null = null;\n\n const { span, updatedOptions } = tracingClient.startSpan(\n `${ManagedIdentityCredential.name}.getToken`,\n options\n );\n\n try {\n // isEndpointAvailable can be true, false, or null,\n // If it's null, it means we don't yet know whether\n // the endpoint is available and need to check for it.\n if (this.isEndpointUnavailable !== true) {\n result = await this.authenticateManagedIdentity(scopes, updatedOptions);\n\n if (result === null) {\n // If authenticateManagedIdentity returns null,\n // it means no MSI endpoints are available.\n // If so, we avoid trying to reach to them in future requests.\n this.isEndpointUnavailable = true;\n\n // It also means that the endpoint answered with either 200 or 201 (see the sendTokenRequest method),\n // yet we had no access token. For this reason, we'll throw once with a specific message:\n const error = new CredentialUnavailableError(\n \"The managed identity endpoint was reached, yet no tokens were received.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n // Since `authenticateManagedIdentity` didn't throw, and the result was not null,\n // We will assume that this endpoint is reachable from this point forward,\n // and avoid pinging again to it.\n this.isEndpointUnavailable = false;\n } else {\n // We've previously determined that the endpoint was unavailable,\n // either because it was unreachable or permanently unable to authenticate.\n const error = new CredentialUnavailableError(\n \"The managed identity endpoint is not currently available\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n logger.getToken.info(formatSuccess(scopes));\n return result;\n } catch (err: any) {\n // CredentialUnavailable errors are expected to reach here.\n // We intend them to bubble up, so that DefaultAzureCredential can catch them.\n if (err.name === \"AuthenticationRequiredError\") {\n throw err;\n }\n\n // Expected errors to reach this point:\n // - Errors coming from a method unexpectedly breaking.\n // - When identityClient.sendTokenRequest throws, in which case\n // if the status code was 400, it means that the endpoint is working,\n // but no identity is available.\n\n span.setStatus({\n status: \"error\",\n error: err,\n });\n\n // If either the network is unreachable,\n // we can safely assume the credential is unavailable.\n if (err.code === \"ENETUNREACH\") {\n const error = new CredentialUnavailableError(\n `${ManagedIdentityCredential.name}: Unavailable. Network unreachable. Message: ${err.message}`\n );\n\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n // If either the host was unreachable,\n // we can safely assume the credential is unavailable.\n if (err.code === \"EHOSTUNREACH\") {\n const error = new CredentialUnavailableError(\n `${ManagedIdentityCredential.name}: Unavailable. No managed identity endpoint found. Message: ${err.message}`\n );\n\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n // If err.statusCode has a value of 400, it comes from sendTokenRequest,\n // and it means that the endpoint is working, but that no identity is available.\n if (err.statusCode === 400) {\n throw new CredentialUnavailableError(\n `${ManagedIdentityCredential.name}: The managed identity endpoint is indicating there's no available identity. Message: ${err.message}`\n );\n }\n\n // If the error has no status code, we can assume there was no available identity.\n // This will throw silently during any ChainedTokenCredential.\n if (err.statusCode === undefined) {\n throw new CredentialUnavailableError(\n `${ManagedIdentityCredential.name}: Authentication failed. Message ${err.message}`\n );\n }\n\n // Any other error should break the chain.\n throw new AuthenticationError(err.statusCode, {\n error: `${ManagedIdentityCredential.name} authentication failed.`,\n error_description: err.message,\n });\n } finally {\n // Finally is always called, both if we return and if we throw in the above try/catch.\n span.end();\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential } from \"@azure/core-auth\";\n\nimport { TokenCredentialOptions } from \"../tokenCredentialOptions\";\n\nimport { ChainedTokenCredential } from \"./chainedTokenCredential\";\n\nimport { AzureCliCredential } from \"./azureCliCredential\";\nimport { AzurePowerShellCredential } from \"./azurePowerShellCredential\";\nimport { EnvironmentCredential } from \"./environmentCredential\";\nimport {\n ManagedIdentityCredential,\n ManagedIdentityCredentialClientIdOptions,\n ManagedIdentityCredentialResourceIdOptions,\n} from \"./managedIdentityCredential\";\nimport { VisualStudioCodeCredential } from \"./visualStudioCodeCredential\";\n\n/**\n * Provides options to configure the {@link DefaultAzureCredential} class.\n * This variation supports `managedIdentityClientId` and not `managedIdentityResourceId`, since only one of both is supported.\n */\nexport interface DefaultAzureCredentialClientIdOptions extends DefaultAzureCredentialOptions {\n /**\n * Optionally pass in a user assigned client ID to be used by the {@link ManagedIdentityCredential}.\n * This client ID can also be passed through to the {@link ManagedIdentityCredential} through the environment variable: AZURE_CLIENT_ID.\n */\n managedIdentityClientId?: string;\n}\n\n/**\n * Provides options to configure the {@link DefaultAzureCredential} class.\n * This variation supports `managedIdentityResourceId` and not `managedIdentityClientId`, since only one of both is supported.\n */\nexport interface DefaultAzureCredentialResourceIdOptions extends DefaultAzureCredentialOptions {\n /**\n * Optionally pass in a resource ID to be used by the {@link ManagedIdentityCredential}.\n * In scenarios such as when user assigned identities are created using an ARM template,\n * where the resource Id of the identity is known but the client Id can't be known ahead of time,\n * this parameter allows programs to use these user assigned identities\n * without having to first determine the client Id of the created identity.\n */\n managedIdentityResourceId: string;\n}\n\n/**\n * Provides options to configure the {@link DefaultAzureCredential} class.\n */\nexport interface DefaultAzureCredentialOptions extends TokenCredentialOptions {\n /**\n * Optionally pass in a Tenant ID to be used as part of the credential.\n * By default it may use a generic tenant ID depending on the underlying credential.\n */\n tenantId?: string;\n}\n\n/**\n * The type of a class that implements TokenCredential and accepts either\n * {@link DefaultAzureCredentialClientIdOptions} or\n * {@link DefaultAzureCredentialResourceIdOptions} or\n * {@link DefaultAzureCredentialOptions}.\n */\ninterface DefaultCredentialConstructor {\n new (options?: DefaultAzureCredentialOptions): TokenCredential;\n new (options?: DefaultAzureCredentialResourceIdOptions): TokenCredential;\n new (options?: DefaultAzureCredentialClientIdOptions): TokenCredential;\n}\n\n/**\n * A shim around ManagedIdentityCredential that adapts it to accept\n * `DefaultAzureCredentialOptions`.\n *\n * @internal\n */\nexport class DefaultManagedIdentityCredential extends ManagedIdentityCredential {\n // Constructor overload with just client id options\n constructor(options?: DefaultAzureCredentialClientIdOptions);\n // Constructor overload with just resource id options\n constructor(options?: DefaultAzureCredentialResourceIdOptions);\n // Constructor overload with just the other default options\n // Last constructor overload with Union of all options not required since the above two constructor overloads have optional properties\n constructor(options?: DefaultAzureCredentialOptions) {\n const managedIdentityClientId =\n (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n process.env.AZURE_CLIENT_ID;\n const managedResourceId = (options as DefaultAzureCredentialResourceIdOptions)\n ?.managedIdentityResourceId;\n\n // ManagedIdentityCredential throws if both the resourceId and the clientId are provided.\n if (managedResourceId) {\n const managedIdentityResourceIdOptions: ManagedIdentityCredentialResourceIdOptions = {\n ...options,\n resourceId: managedResourceId,\n };\n super(managedIdentityResourceIdOptions);\n } else if (managedIdentityClientId) {\n const managedIdentityClientOptions: ManagedIdentityCredentialClientIdOptions = {\n ...options,\n clientId: managedIdentityClientId,\n };\n super(managedIdentityClientOptions);\n } else {\n super(options);\n }\n }\n}\n\nexport const defaultCredentials: DefaultCredentialConstructor[] = [\n EnvironmentCredential,\n DefaultManagedIdentityCredential,\n VisualStudioCodeCredential,\n AzureCliCredential,\n AzurePowerShellCredential,\n];\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration that should\n * work for most applications that use the Azure SDK.\n */\nexport class DefaultAzureCredential extends ChainedTokenCredential {\n /**\n * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialClientIdOptions}\n *\n * This credential provides a default {@link ChainedTokenCredential} configuration that should\n * work for most applications that use the Azure SDK.\n *\n * The following credential types will be tried, in order:\n *\n * - {@link EnvironmentCredential}\n * - {@link ManagedIdentityCredential}\n * - {@link VisualStudioCodeCredential}\n * - {@link AzureCliCredential}\n * - {@link AzurePowerShellCredential}\n *\n * Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n *\n * **Note**: `VisualStudioCodeCredential` is provided by a plugin package:\n * `@azure/identity-vscode`. If this package is not installed and registered\n * using the plugin API (`useIdentityPlugin`), then authentication using\n * `VisualStudioCodeCredential` will not be available.\n * @param options - Optional parameters. See {@link DefaultAzureCredentialClientIdOptions}.\n */\n constructor(options?: DefaultAzureCredentialClientIdOptions);\n\n /**\n * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialResourceIdOptions}\n *\n * This credential provides a default {@link ChainedTokenCredential} configuration that should\n * work for most applications that use the Azure SDK.\n *\n * The following credential types will be tried, in order:\n *\n * - {@link EnvironmentCredential}\n * - {@link ManagedIdentityCredential}\n * - {@link VisualStudioCodeCredential}\n * - {@link AzureCliCredential}\n * - {@link AzurePowerShellCredential}\n *\n * Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n *\n * **Note**: `VisualStudioCodeCredential` is provided by a plugin package:\n * `@azure/identity-vscode`. If this package is not installed and registered\n * using the plugin API (`useIdentityPlugin`), then authentication using\n * `VisualStudioCodeCredential` will not be available.\n * @param options - Optional parameters. See {@link DefaultAzureCredentialResourceIdOptions}.\n */\n constructor(options?: DefaultAzureCredentialResourceIdOptions);\n\n /**\n * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialOptions}\n *\n * This credential provides a default {@link ChainedTokenCredential} configuration that should\n * work for most applications that use the Azure SDK.\n *\n * The following credential types will be tried, in order:\n *\n * - {@link EnvironmentCredential}\n * - {@link ManagedIdentityCredential}\n * - {@link VisualStudioCodeCredential}\n * - {@link AzureCliCredential}\n * - {@link AzurePowerShellCredential}\n *\n * Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n *\n * **Note**: `VisualStudioCodeCredential` is provided by a plugin package:\n * `@azure/identity-vscode`. If this package is not installed and registered\n * using the plugin API (`useIdentityPlugin`), then authentication using\n * `VisualStudioCodeCredential` will not be available.\n *\n * @param options - Optional parameters. See {@link DefaultAzureCredentialOptions}.\n */\n constructor(options?: DefaultAzureCredentialOptions);\n\n constructor(\n options?:\n | DefaultAzureCredentialOptions\n | DefaultAzureCredentialResourceIdOptions\n | DefaultAzureCredentialClientIdOptions\n ) {\n super(...defaultCredentials.map((ctor) => new ctor(options)));\n this.UnavailableMessage =\n \"DefaultAzureCredential => failed to retrieve a token from the included credentials. To troubleshoot, visit https://aka.ms/azsdk/js/identity/defaultazurecredential/troubleshoot.\";\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken } from \"@azure/core-auth\";\nimport { isError } from \"@azure/core-util\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\n\n/**\n * Options that can be passed to configure MSAL to handle client assertions.\n * @internal\n */\nexport interface MSALClientAssertionOptions extends MsalNodeOptions {\n /**\n * A function that retrieves the assertion for the credential to use.\n */\n getAssertion: () => Promise;\n}\n\n/**\n * MSAL client assertion client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.\n * @internal\n */\nexport class MsalClientAssertion extends MsalNode {\n getAssertion: () => Promise;\n constructor(options: MSALClientAssertionOptions) {\n super(options);\n this.requiresConfidential = true;\n this.getAssertion = options.getAssertion;\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise {\n try {\n const assertion = await this.getAssertion();\n const result = await this.confidentialApp!.acquireTokenByClientCredential({\n scopes,\n correlationId: options.correlationId,\n azureRegion: this.azureRegion,\n authority: options.authority,\n claims: options.claims,\n clientAssertion: assertion,\n });\n // The Client Credential flow does not return an account,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (err: unknown) {\n let err2 = err;\n if (err === null || err === undefined) {\n err2 = new Error(JSON.stringify(err));\n } else {\n err2 = isError(err) ? err : new Error(String(err));\n }\n throw this.handleError(scopes, err2 as Error, options);\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { credentialLogger } from \"../util/logging\";\nimport { tracingClient } from \"../util/tracing\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { TokenCredentialOptions } from \"../tokenCredentialOptions\";\nimport { MsalClientAssertion } from \"../msal/nodeFlows/msalClientAssertion\";\n\nconst logger = credentialLogger(\"ClientAssertionCredential\");\n\n/**\n * Authenticates a service principal with a JWT assertion.\n */\nexport class ClientAssertionCredential implements TokenCredential {\n private msalFlow: MsalFlow;\n private tenantId: string;\n private clientId: string;\n private options: TokenCredentialOptions;\n\n /**\n * Creates an instance of the ClientAssertionCredential with the details\n * needed to authenticate against Azure Active Directory with a client\n * assertion provided by the developer through the `getAssertion` function parameter.\n *\n * @param tenantId - The Azure Active Directory tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param getAssertion - A function that retrieves the assertion for the credential to use.\n * @param options - Options for configuring the client which makes the authentication request.\n */\n constructor(\n tenantId: string,\n clientId: string,\n getAssertion: () => Promise,\n options: TokenCredentialOptions = {}\n ) {\n if (!tenantId || !clientId || !getAssertion) {\n throw new Error(\n \"ClientAssertionCredential: tenantId, clientId, and clientAssertion are required parameters.\"\n );\n }\n this.tenantId = tenantId;\n this.clientId = clientId;\n this.options = options;\n this.msalFlow = new MsalClientAssertion({\n ...options,\n logger,\n clientId: this.clientId,\n tenantId: this.tenantId,\n tokenCredentialOptions: this.options,\n getAssertion,\n });\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n return this.msalFlow.getToken(arrayScopes, newOptions);\n }\n );\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\n\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { Socket } from \"net\";\nimport http from \"http\";\nimport open from \"open\";\nimport stoppable from \"stoppable\";\n\nimport { credentialLogger, formatError, formatSuccess } from \"../../util/logging\";\nimport { CredentialUnavailableError } from \"../../errors\";\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { msalToPublic } from \"../utils\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through opening a browser window.\n * @internal\n */\nexport interface MSALOpenBrowserOptions extends MsalNodeOptions {\n redirectUri: string;\n loginHint?: string;\n}\n\n/**\n * A call to open(), but mockable\n * @internal\n */\nexport const interactiveBrowserMockable = {\n open,\n};\n\n/**\n * This MSAL client sets up a web server to listen for redirect callbacks, then calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`\n * to trigger the authentication flow, and then respond based on the values obtained from the redirect callback\n * @internal\n */\nexport class MsalOpenBrowser extends MsalNode {\n private redirectUri: string;\n private port: number;\n private hostname: string;\n private loginHint?: string;\n\n constructor(options: MSALOpenBrowserOptions) {\n super(options);\n this.logger = credentialLogger(\"Node.js MSAL Open Browser\");\n this.redirectUri = options.redirectUri;\n this.loginHint = options.loginHint;\n\n const url = new URL(this.redirectUri);\n this.port = parseInt(url.port);\n if (isNaN(this.port)) {\n this.port = 80;\n }\n this.hostname = url.hostname;\n }\n\n private async acquireTokenByCode(\n request: msalNode.AuthorizationCodeRequest\n ): Promise {\n return this.publicApp!.acquireTokenByCode(request);\n }\n\n protected doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise {\n return new Promise((resolve, reject) => {\n const socketToDestroy: Socket[] = [];\n\n const requestListener = (req: http.IncomingMessage, res: http.ServerResponse): void => {\n if (!req.url) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n let url: URL;\n try {\n url = new URL(req.url, this.redirectUri);\n } catch (e: any) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n const tokenRequest: msalNode.AuthorizationCodeRequest = {\n code: url.searchParams.get(\"code\")!,\n redirectUri: this.redirectUri,\n scopes: scopes,\n authority: options?.authority,\n codeVerifier: this.pkceCodes?.verifier,\n };\n\n this.acquireTokenByCode(tokenRequest)\n .then((authResponse) => {\n if (authResponse?.account) {\n this.account = msalToPublic(this.clientId, authResponse.account);\n }\n const successMessage = `Authentication Complete. You can close the browser and return to the application.`;\n if (authResponse && authResponse.expiresOn) {\n const expiresOnTimestamp = authResponse?.expiresOn.valueOf();\n res.writeHead(200);\n res.end(successMessage);\n this.logger.getToken.info(formatSuccess(scopes));\n\n resolve({\n expiresOnTimestamp,\n token: authResponse.accessToken,\n });\n } else {\n const errorMessage = formatError(\n scopes,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n this.logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n }\n cleanup();\n return;\n })\n .catch(() => {\n const errorMessage = formatError(\n scopes,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n this.logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n cleanup();\n });\n };\n\n const app = http.createServer(requestListener);\n const server = stoppable(app);\n\n const listen = app.listen(this.port, this.hostname, () =>\n this.logger.info(`InteractiveBrowserCredential listening on port ${this.port}!`)\n );\n\n function cleanup(): void {\n if (listen) {\n listen.close();\n }\n\n for (const socket of socketToDestroy) {\n socket.destroy();\n }\n\n if (server) {\n server.close();\n server.stop();\n }\n }\n\n app.on(\"connection\", (socket) => socketToDestroy.push(socket));\n\n app.on(\"error\", (err) => {\n cleanup();\n const code = (err as any).code;\n if (code === \"EACCES\" || code === \"EADDRINUSE\") {\n reject(\n new CredentialUnavailableError(\n [\n `InteractiveBrowserCredential: Access denied to port ${this.port}.`,\n `Try sending a redirect URI with a different port, as follows:`,\n '`new InteractiveBrowserCredential({ redirectUri: \"http://localhost:1337\" })`',\n ].join(\" \")\n )\n );\n } else {\n reject(\n new CredentialUnavailableError(\n `InteractiveBrowserCredential: Failed to start the necessary web server. Error: ${err.message}`\n )\n );\n }\n });\n\n app.on(\"listening\", () => {\n const openPromise = this.openAuthCodeUrl(scopes, options);\n\n const abortSignal = options?.abortSignal;\n if (abortSignal) {\n abortSignal.addEventListener(\"abort\", () => {\n cleanup();\n reject(new Error(\"Aborted\"));\n });\n }\n\n openPromise.then().catch((e) => {\n cleanup();\n reject(e);\n });\n });\n });\n }\n\n private pkceCodes?: {\n verifier: string;\n challenge: string;\n };\n\n private async openAuthCodeUrl(\n scopeArray: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise {\n // Initialize CryptoProvider instance\n const cryptoProvider = new msalNode.CryptoProvider();\n // Generate PKCE Codes before starting the authorization flow\n this.pkceCodes = await cryptoProvider.generatePkceCodes();\n\n const authCodeUrlParameters: msalNode.AuthorizationUrlRequest = {\n scopes: scopeArray,\n correlationId: options?.correlationId,\n redirectUri: this.redirectUri,\n authority: options?.authority,\n claims: options?.claims,\n loginHint: this.loginHint,\n codeChallenge: this.pkceCodes.challenge,\n codeChallengeMethod: \"S256\", // Use SHA256 Algorithm\n };\n\n const response = await this.publicApp!.getAuthCodeUrl(authCodeUrlParameters);\n\n try {\n // A new instance on macOS only which allows it to not hang, does not fix the issue on linux\n await interactiveBrowserMockable.open(response, { wait: true, newInstance: true });\n } catch (e: any) {\n throw new CredentialUnavailableError(\n `InteractiveBrowserCredential: Could not open a browser window. Error: ${e.message}`\n );\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/* eslint-disable @typescript-eslint/no-unused-vars */\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { credentialLogger } from \"../util/logging\";\nimport { tracingClient } from \"../util/tracing\";\nimport { AuthenticationRecord } from \"../msal/types\";\nimport { MsalOpenBrowser } from \"../msal/nodeFlows/msalOpenBrowser\";\nimport { MsalFlow } from \"../msal/flows\";\nimport {\n InteractiveBrowserCredentialInBrowserOptions,\n InteractiveBrowserCredentialNodeOptions,\n} from \"./interactiveBrowserCredentialOptions\";\n\nconst logger = credentialLogger(\"InteractiveBrowserCredential\");\n\n/**\n * Enables authentication to Azure Active Directory inside of the web browser\n * using the interactive login flow.\n */\nexport class InteractiveBrowserCredential implements TokenCredential {\n private msalFlow: MsalFlow;\n private disableAutomaticAuthentication?: boolean;\n\n /**\n * Creates an instance of InteractiveBrowserCredential with the details needed.\n *\n * This credential uses the [Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).\n * On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.\n * On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.\n *\n * For Node.js, if a `clientId` is provided, the Azure Active Directory application will need to be configured to have a \"Mobile and desktop applications\" redirect endpoint.\n * Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://docs.microsoft.com/azure/active-directory/develop/scenario-desktop-app-registration#redirect-uris).\n *\n * @param options - Options for configuring the client which makes the authentication requests.\n */\n constructor(\n options:\n | InteractiveBrowserCredentialNodeOptions\n | InteractiveBrowserCredentialInBrowserOptions = {}\n ) {\n const redirectUri =\n typeof options.redirectUri === \"function\"\n ? options.redirectUri()\n : options.redirectUri || \"http://localhost\";\n\n this.msalFlow = new MsalOpenBrowser({\n ...options,\n tokenCredentialOptions: options,\n logger,\n redirectUri,\n });\n this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * If the user provided the option `disableAutomaticAuthentication`,\n * once the token can't be retrieved silently,\n * this method won't attempt to request user interaction to retrieve the token.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n return this.msalFlow.getToken(arrayScopes, {\n ...newOptions,\n disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n });\n }\n );\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * If the token can't be retrieved silently, this method will require user interaction to retrieve the token.\n *\n * On Node.js, this credential has [Proof Key for Code Exchange (PKCE)](https://datatracker.ietf.org/doc/html/rfc7636) enabled by default.\n * PKCE is a security feature that mitigates authentication code interception attacks.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async authenticate(\n scopes: string | string[],\n options: GetTokenOptions = {}\n ): Promise {\n return tracingClient.withSpan(\n `${this.constructor.name}.authenticate`,\n options,\n async (newOptions) => {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n await this.msalFlow.getToken(arrayScopes, newOptions);\n return this.msalFlow.getActiveAccount();\n }\n );\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { DeviceCodePromptCallback } from \"../../credentials/deviceCodeCredentialOptions\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through device codes.\n * @internal\n */\nexport interface MSALDeviceCodeOptions extends MsalNodeOptions {\n userPromptCallback: DeviceCodePromptCallback;\n}\n\n/**\n * MSAL device code client. Calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`.\n * @internal\n */\nexport class MsalDeviceCode extends MsalNode {\n private userPromptCallback: DeviceCodePromptCallback;\n\n constructor(options: MSALDeviceCodeOptions) {\n super(options);\n this.userPromptCallback = options.userPromptCallback;\n }\n\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise {\n try {\n const requestOptions: msalNode.DeviceCodeRequest = {\n deviceCodeCallback: this.userPromptCallback,\n scopes,\n cancel: false,\n correlationId: options?.correlationId,\n authority: options?.authority,\n claims: options?.claims,\n };\n const promise = this.publicApp!.acquireTokenByDeviceCode(requestOptions);\n const deviceResponse = await this.withCancellation(promise, options?.abortSignal, () => {\n requestOptions.cancel = true;\n });\n return this.handleResult(scopes, this.clientId, deviceResponse || undefined);\n } catch (error: any) {\n throw this.handleError(scopes, error, options);\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { credentialLogger } from \"../util/logging\";\nimport { MsalDeviceCode } from \"../msal/nodeFlows/msalDeviceCode\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { AuthenticationRecord } from \"../msal/types\";\nimport { tracingClient } from \"../util/tracing\";\nimport { DeviceCodeCredentialOptions, DeviceCodeInfo } from \"./deviceCodeCredentialOptions\";\n\nconst logger = credentialLogger(\"DeviceCodeCredential\");\n\n/**\n * Method that logs the user code from the DeviceCodeCredential.\n * @param deviceCodeInfo - The device code.\n */\nexport function defaultDeviceCodePromptCallback(deviceCodeInfo: DeviceCodeInfo): void {\n console.log(deviceCodeInfo.message);\n}\n\n/**\n * Enables authentication to Azure Active Directory using a device code\n * that the user can enter into https://microsoft.com/devicelogin.\n */\nexport class DeviceCodeCredential implements TokenCredential {\n private msalFlow: MsalFlow;\n private disableAutomaticAuthentication?: boolean;\n\n /**\n * Creates an instance of DeviceCodeCredential with the details needed\n * to initiate the device code authorization flow with Azure Active Directory.\n *\n * A message will be logged, giving users a code that they can use to authenticate once they go to https://microsoft.com/devicelogin\n *\n * Developers can configure how this message is shown by passing a custom `userPromptCallback`:\n *\n * ```js\n * const credential = new DeviceCodeCredential({\n * tenantId: env.AZURE_TENANT_ID,\n * clientId: env.AZURE_CLIENT_ID,\n * userPromptCallback: (info) => {\n * console.log(\"CUSTOMIZED PROMPT CALLBACK\", info.message);\n * }\n * });\n * ```\n *\n * @param options - Options for configuring the client which makes the authentication requests.\n */\n constructor(options?: DeviceCodeCredentialOptions) {\n this.msalFlow = new MsalDeviceCode({\n ...options,\n logger,\n userPromptCallback: options?.userPromptCallback || defaultDeviceCodePromptCallback,\n tokenCredentialOptions: options || {},\n });\n this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * If the user provided the option `disableAutomaticAuthentication`,\n * once the token can't be retrieved silently,\n * this method won't attempt to request user interaction to retrieve the token.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n return this.msalFlow.getToken(arrayScopes, {\n ...newOptions,\n disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n });\n }\n );\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * If the token can't be retrieved silently, this method will require user interaction to retrieve the token.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async authenticate(\n scopes: string | string[],\n options: GetTokenOptions = {}\n ): Promise {\n return tracingClient.withSpan(\n `${this.constructor.name}.authenticate`,\n options,\n async (newOptions) => {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n await this.msalFlow.getToken(arrayScopes, newOptions);\n return this.msalFlow.getActiveAccount();\n }\n );\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken } from \"@azure/core-auth\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through opening a browser window.\n * @internal\n */\nexport interface MSALAuthorizationCodeOptions extends MsalNodeOptions {\n redirectUri: string;\n authorizationCode: string;\n clientSecret?: string;\n}\n\n/**\n * This MSAL client sets up a web server to listen for redirect callbacks, then calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`\n * to trigger the authentication flow, and then respond based on the values obtained from the redirect callback\n * @internal\n */\nexport class MsalAuthorizationCode extends MsalNode {\n private redirectUri: string;\n private authorizationCode: string;\n\n constructor(options: MSALAuthorizationCodeOptions) {\n super(options);\n this.logger = credentialLogger(\"Node.js MSAL Authorization Code\");\n this.redirectUri = options.redirectUri;\n this.authorizationCode = options.authorizationCode;\n if (options.clientSecret) {\n this.msalConfig.auth.clientSecret = options.clientSecret;\n }\n }\n\n async getAuthCodeUrl(options: { scopes: string[]; redirectUri: string }): Promise {\n await this.init();\n return (this.confidentialApp || this.publicApp)!.getAuthCodeUrl(options);\n }\n\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise {\n try {\n const result = await (this.confidentialApp || this.publicApp)?.acquireTokenByCode({\n scopes,\n redirectUri: this.redirectUri,\n code: this.authorizationCode,\n correlationId: options?.correlationId,\n authority: options?.authority,\n claims: options?.claims,\n });\n // The Client Credential flow does not return an account,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (err: any) {\n throw this.handleError(scopes, err, options);\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { TokenCredentialOptions } from \"../tokenCredentialOptions\";\nimport { credentialLogger } from \"../util/logging\";\nimport { checkTenantId } from \"../util/checkTenantId\";\nimport { MsalAuthorizationCode } from \"../msal/nodeFlows/msalAuthorizationCode\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { tracingClient } from \"../util/tracing\";\n\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\n/**\n * Enables authentication to Azure Active Directory using an authorization code\n * that was obtained through the authorization code flow, described in more detail\n * in the Azure Active Directory documentation:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow\n */\nexport class AuthorizationCodeCredential implements TokenCredential {\n private msalFlow: MsalFlow;\n private disableAutomaticAuthentication?: boolean;\n private authorizationCode: string;\n private redirectUri: string;\n\n /**\n * Creates an instance of AuthorizationCodeCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Azure Active Directory.\n *\n * It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n *\n * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts\n *\n * @param tenantId - The Azure Active Directory tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param clientSecret - A client secret that was generated for the App Registration\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecret: string,\n authorizationCode: string,\n redirectUri: string,\n options?: TokenCredentialOptions\n );\n /**\n * Creates an instance of AuthorizationCodeCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Azure Active Directory.\n *\n * It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n *\n * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts\n *\n * @param tenantId - The Azure Active Directory tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n authorizationCode: string,\n redirectUri: string,\n options?: TokenCredentialOptions\n );\n /**\n * @hidden\n * @internal\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecretOrAuthorizationCode: string,\n authorizationCodeOrRedirectUri: string,\n redirectUriOrOptions: string | TokenCredentialOptions | undefined,\n options?: TokenCredentialOptions\n ) {\n checkTenantId(logger, tenantId);\n let clientSecret: string | undefined = clientSecretOrAuthorizationCode;\n\n if (typeof redirectUriOrOptions === \"string\") {\n // the clientId+clientSecret constructor\n this.authorizationCode = authorizationCodeOrRedirectUri;\n this.redirectUri = redirectUriOrOptions;\n // in this case, options are good as they come\n } else {\n // clientId only\n this.authorizationCode = clientSecretOrAuthorizationCode;\n this.redirectUri = authorizationCodeOrRedirectUri as string;\n clientSecret = undefined;\n options = redirectUriOrOptions as TokenCredentialOptions;\n }\n\n this.msalFlow = new MsalAuthorizationCode({\n ...options,\n clientSecret,\n clientId,\n tenantId,\n tokenCredentialOptions: options || {},\n logger,\n redirectUri: this.redirectUri,\n authorizationCode: this.authorizationCode,\n });\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n return this.msalFlow.getToken(arrayScopes, {\n ...newOptions,\n disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n });\n }\n );\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { formatError } from \"../../util/logging\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { parseCertificate } from \"./msalClientCertificate\";\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\n\n/**\n * Options that can be passed to configure MSAL to handle On-Behalf-Of authentication requests.\n * @internal\n */\nexport interface MSALOnBehalfOfOptions extends MsalNodeOptions {\n /**\n * A client secret that was generated for the App Registration.\n */\n clientSecret?: string;\n /**\n * Location of the PEM certificate.\n */\n certificatePath?: string;\n /**\n * Option to include x5c header for SubjectName and Issuer name authorization.\n * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n */\n sendCertificateChain?: boolean;\n /**\n * The user assertion for the On-Behalf-Of flow.\n */\n userAssertionToken: string;\n}\n\n/**\n * MSAL on behalf of flow. Calls to MSAL's confidential application's `acquireTokenOnBehalfOf` during `doGetToken`.\n * @internal\n */\nexport class MsalOnBehalfOf extends MsalNode {\n private userAssertionToken: string;\n private certificatePath?: string;\n private sendCertificateChain?: boolean;\n private clientSecret?: string;\n\n constructor(options: MSALOnBehalfOfOptions) {\n super(options);\n this.logger.info(\"Initialized MSAL's On-Behalf-Of flow\");\n this.requiresConfidential = true;\n this.userAssertionToken = options.userAssertionToken;\n this.certificatePath = options.certificatePath;\n this.sendCertificateChain = options.sendCertificateChain;\n this.clientSecret = options.clientSecret;\n }\n\n // Changing the MSAL configuration asynchronously\n async init(options?: CredentialFlowGetTokenOptions): Promise {\n if (this.certificatePath) {\n try {\n const parts = await parseCertificate(\n { certificatePath: this.certificatePath },\n this.sendCertificateChain\n );\n this.msalConfig.auth.clientCertificate = {\n thumbprint: parts.thumbprint,\n privateKey: parts.certificateContents,\n x5c: parts.x5c,\n };\n } catch (error: any) {\n this.logger.info(formatError(\"\", error));\n throw error;\n }\n } else {\n this.msalConfig.auth.clientSecret = this.clientSecret;\n }\n return super.init(options);\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise {\n try {\n const result = await this.confidentialApp!.acquireTokenOnBehalfOf({\n scopes,\n correlationId: options.correlationId,\n authority: options.authority,\n claims: options.claims,\n oboAssertion: this.userAssertionToken,\n });\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (err: any) {\n throw this.handleError(scopes, err, options);\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { MsalOnBehalfOf } from \"../msal/nodeFlows/msalOnBehalfOf\";\nimport { credentialLogger } from \"../util/logging\";\nimport { tracingClient } from \"../util/tracing\";\nimport { MsalFlow } from \"../msal/flows\";\nimport {\n OnBehalfOfCredentialCertificateOptions,\n OnBehalfOfCredentialOptions,\n OnBehalfOfCredentialSecretOptions,\n} from \"./onBehalfOfCredentialOptions\";\nimport { TokenCredentialOptions } from \"../tokenCredentialOptions\";\nimport { CredentialPersistenceOptions } from \"./credentialPersistenceOptions\";\n\nconst credentialName = \"OnBehalfOfCredential\";\nconst logger = credentialLogger(credentialName);\n\n/**\n * Enables authentication to Azure Active Directory using the [On Behalf Of flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow).\n */\nexport class OnBehalfOfCredential implements TokenCredential {\n private msalFlow: MsalFlow;\n /**\n * Creates an instance of the {@link OnBehalfOfCredential} with the details\n * needed to authenticate against Azure Active Directory with path to a PEM certificate,\n * and an user assertion.\n *\n * Example using the `KeyClient` from [\\@azure/keyvault-keys](https://www.npmjs.com/package/\\@azure/keyvault-keys):\n *\n * ```ts\n * const tokenCredential = new OnBehalfOfCredential({\n * tenantId,\n * clientId,\n * certificatePath: \"/path/to/certificate.pem\",\n * userAssertionToken: \"access-token\"\n * });\n * const client = new KeyClient(\"vault-url\", tokenCredential);\n *\n * await client.getKey(\"key-name\");\n * ```\n *\n * @param options - Optional parameters, generally common across credentials.\n */\n constructor(\n options: OnBehalfOfCredentialCertificateOptions &\n TokenCredentialOptions &\n CredentialPersistenceOptions\n );\n /**\n * Creates an instance of the {@link OnBehalfOfCredential} with the details\n * needed to authenticate against Azure Active Directory with a client\n * secret and an user assertion.\n *\n * Example using the `KeyClient` from [\\@azure/keyvault-keys](https://www.npmjs.com/package/\\@azure/keyvault-keys):\n *\n * ```ts\n * const tokenCredential = new OnBehalfOfCredential({\n * tenantId,\n * clientId,\n * clientSecret,\n * userAssertionToken: \"access-token\"\n * });\n * const client = new KeyClient(\"vault-url\", tokenCredential);\n *\n * await client.getKey(\"key-name\");\n * ```\n *\n * @param options - Optional parameters, generally common across credentials.\n */\n constructor(\n options: OnBehalfOfCredentialSecretOptions &\n TokenCredentialOptions &\n CredentialPersistenceOptions\n );\n\n constructor(private options: OnBehalfOfCredentialOptions) {\n const { clientSecret } = options as OnBehalfOfCredentialSecretOptions;\n const { certificatePath } = options as OnBehalfOfCredentialCertificateOptions;\n const { tenantId, clientId, userAssertionToken } = options;\n if (!tenantId || !clientId || !(clientSecret || certificatePath) || !userAssertionToken) {\n throw new Error(\n `${credentialName}: tenantId, clientId, clientSecret (or certificatePath) and userAssertionToken are required parameters.`\n );\n }\n this.msalFlow = new MsalOnBehalfOf({\n ...this.options,\n logger,\n tokenCredentialOptions: this.options,\n });\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure the underlying network requests.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise {\n return tracingClient.withSpan(`${credentialName}.getToken`, options, async (newOptions) => {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n return this.msalFlow!.getToken(arrayScopes, newOptions);\n });\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nexport * from \"./plugins/consumer\";\n\nexport { IdentityPlugin } from \"./plugins/provider\";\n\nimport { TokenCredential } from \"@azure/core-auth\";\nimport { DefaultAzureCredential } from \"./credentials/defaultAzureCredential\";\n\nexport {\n AuthenticationError,\n ErrorResponse,\n AggregateAuthenticationError,\n AuthenticationErrorName,\n AggregateAuthenticationErrorName,\n CredentialUnavailableError,\n CredentialUnavailableErrorName,\n AuthenticationRequiredError,\n AuthenticationRequiredErrorOptions,\n} from \"./errors\";\n\nexport { AuthenticationRecord } from \"./msal/types\";\nexport { serializeAuthenticationRecord, deserializeAuthenticationRecord } from \"./msal/utils\";\nexport { TokenCredentialOptions } from \"./tokenCredentialOptions\";\n\n// TODO: Export again once we're ready to release this feature.\n// export { RegionalAuthority } from \"./regionalAuthority\";\n\nexport { InteractiveCredentialOptions } from \"./credentials/interactiveCredentialOptions\";\n\nexport { ChainedTokenCredential } from \"./credentials/chainedTokenCredential\";\nexport {\n DefaultAzureCredential,\n DefaultAzureCredentialOptions,\n DefaultAzureCredentialClientIdOptions,\n DefaultAzureCredentialResourceIdOptions,\n} from \"./credentials/defaultAzureCredential\";\nexport {\n EnvironmentCredential,\n EnvironmentCredentialOptions,\n} from \"./credentials/environmentCredential\";\nexport { ClientSecretCredential } from \"./credentials/clientSecretCredential\";\nexport { ClientSecretCredentialOptions } from \"./credentials/clientSecretCredentialOptions\";\nexport {\n ClientCertificateCredential,\n ClientCertificateCredentialPEMConfiguration,\n ClientCertificatePEMCertificatePath,\n ClientCertificatePEMCertificate,\n} from \"./credentials/clientCertificateCredential\";\nexport { ClientCertificateCredentialOptions } from \"./credentials/clientCertificateCredentialOptions\";\nexport { ClientAssertionCredential } from \"./credentials/clientAssertionCredential\";\nexport { CredentialPersistenceOptions } from \"./credentials/credentialPersistenceOptions\";\nexport { AzureCliCredential } from \"./credentials/azureCliCredential\";\nexport { AzureCliCredentialOptions } from \"./credentials/azureCliCredentialOptions\";\nexport { InteractiveBrowserCredential } from \"./credentials/interactiveBrowserCredential\";\nexport {\n InteractiveBrowserCredentialNodeOptions,\n InteractiveBrowserCredentialInBrowserOptions,\n BrowserLoginStyle,\n} from \"./credentials/interactiveBrowserCredentialOptions\";\nexport {\n ManagedIdentityCredential,\n ManagedIdentityCredentialClientIdOptions,\n ManagedIdentityCredentialResourceIdOptions,\n} from \"./credentials/managedIdentityCredential\";\nexport { DeviceCodeCredential } from \"./credentials/deviceCodeCredential\";\nexport {\n DeviceCodePromptCallback,\n DeviceCodeInfo,\n} from \"./credentials/deviceCodeCredentialOptions\";\nexport { DeviceCodeCredentialOptions } from \"./credentials/deviceCodeCredentialOptions\";\nexport { UsernamePasswordCredential } from \"./credentials/usernamePasswordCredential\";\nexport { UsernamePasswordCredentialOptions } from \"./credentials/usernamePasswordCredentialOptions\";\nexport { AuthorizationCodeCredential } from \"./credentials/authorizationCodeCredential\";\nexport { AzurePowerShellCredential } from \"./credentials/azurePowerShellCredential\";\nexport { AzurePowerShellCredentialOptions } from \"./credentials/azurePowerShellCredentialOptions\";\n\nexport {\n VisualStudioCodeCredential,\n VisualStudioCodeCredentialOptions,\n} from \"./credentials/visualStudioCodeCredential\";\n\nexport { OnBehalfOfCredential } from \"./credentials/onBehalfOfCredential\";\nexport {\n OnBehalfOfCredentialOptions,\n OnBehalfOfCredentialSecretOptions,\n OnBehalfOfCredentialCertificateOptions,\n} from \"./credentials/onBehalfOfCredentialOptions\";\n\nexport { TokenCachePersistenceOptions } from \"./msal/nodeFlows/tokenCachePersistenceOptions\";\n\nexport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nexport { logger } from \"./util/logging\";\n\nexport { AzureAuthorityHosts } from \"./constants\";\n\n/**\n * Returns a new instance of the {@link DefaultAzureCredential}.\n */\nexport function getDefaultAzureCredential(): TokenCredential {\n return new DefaultAzureCredential();\n}\n"],"names":["AzureAuthorityHosts","createTracingClient","logger","createClientLogger","isNode","ServiceClient","createPipelineRequest","createHttpHeaders","AbortController","msalCommon","uuidv4","AbortError","msalNode","os","path","fs","child_process","childProcess","readFileAsync","promisify","readFile","createHash","credentialName","msiName","expiresOnParser","prepareRequestOptions","RestError","delay","https","isError","open","http","stoppable"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AACA;AAyDA,SAAS,eAAe,CAAC,aAAkB,EAAA;AACzC,IAAA,QACE,aAAa;AACb,QAAA,OAAO,aAAa,CAAC,KAAK,KAAK,QAAQ;AACvC,QAAA,OAAO,aAAa,CAAC,iBAAiB,KAAK,QAAQ,EACnD;AACJ,CAAC;AAED;;AAEG;AACI,MAAM,8BAA8B,GAAG,6BAA6B;AAE3E;;;;AAIG;AACG,MAAO,0BAA2B,SAAQ,KAAK,CAAA;AACnD,IAAA,WAAA,CAAY,OAAgB,EAAA;QAC1B,KAAK,CAAC,OAAO,CAAC,CAAC;AACf,QAAA,IAAI,CAAC,IAAI,GAAG,8BAA8B,CAAC;KAC5C;AACF,CAAA;AAED;;AAEG;AACI,MAAM,uBAAuB,GAAG,sBAAsB;AAE7D;;;;AAIG;AACG,MAAO,mBAAoB,SAAQ,KAAK,CAAA;;IAY5C,WAAY,CAAA,UAAkB,EAAE,SAA6C,EAAA;AAC3E,QAAA,IAAI,aAAa,GAAkB;AACjC,YAAA,KAAK,EAAE,SAAS;AAChB,YAAA,gBAAgB,EAAE,oEAAoE;SACvF,CAAC;AAEF,QAAA,IAAI,eAAe,CAAC,SAAS,CAAC,EAAE;AAC9B,YAAA,aAAa,GAAG,wCAAwC,CAAC,SAAS,CAAC,CAAC;AACrE,SAAA;AAAM,aAAA,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE;YACxC,IAAI;;;gBAGF,MAAM,kBAAkB,GAAuB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;AACrE,gBAAA,aAAa,GAAG,wCAAwC,CAAC,kBAAkB,CAAC,CAAC;AAC9E,aAAA;AAAC,YAAA,OAAO,CAAM,EAAE;gBACf,IAAI,UAAU,KAAK,GAAG,EAAE;AACtB,oBAAA,aAAa,GAAG;AACd,wBAAA,KAAK,EAAE,qBAAqB;AAC5B,wBAAA,gBAAgB,EAAE,4CAA4C;qBAC/D,CAAC;AACH,iBAAA;AAAM,qBAAA;AACL,oBAAA,aAAa,GAAG;AACd,wBAAA,KAAK,EAAE,eAAe;wBACtB,gBAAgB,EAAE,CAAoD,iDAAA,EAAA,SAAS,CAAE,CAAA;qBAClF,CAAC;AACH,iBAAA;AACF,aAAA;AACF,SAAA;AAAM,aAAA;AACL,YAAA,aAAa,GAAG;AACd,gBAAA,KAAK,EAAE,eAAe;AACtB,gBAAA,gBAAgB,EAAE,oEAAoE;aACvF,CAAC;AACH,SAAA;AAED,QAAA,KAAK,CACH,CAAA,EAAG,aAAa,CAAC,KAAK,CAAA,cAAA,EAAiB,UAAU,CAAA,iBAAA,EAAoB,aAAa,CAAC,gBAAgB,CAAA,CAAE,CACtG,CAAC;AACF,QAAA,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;AAC7B,QAAA,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;;AAGnC,QAAA,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;KACrC;AACF,CAAA;AAED;;AAEG;AACI,MAAM,gCAAgC,GAAG,+BAA+B;AAE/E;;;AAGG;AACG,MAAO,4BAA6B,SAAQ,KAAK,CAAA;IAOrD,WAAY,CAAA,MAAa,EAAE,YAAqB,EAAA;QAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACtC,QAAA,KAAK,CAAC,CAAG,EAAA,YAAY,KAAK,WAAW,CAAA,CAAE,CAAC,CAAC;AACzC,QAAA,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;;AAGrB,QAAA,IAAI,CAAC,IAAI,GAAG,gCAAgC,CAAC;KAC9C;AACF,CAAA;AAED,SAAS,wCAAwC,CAAC,SAA6B,EAAA;IAC7E,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,KAAK;QACtB,gBAAgB,EAAE,SAAS,CAAC,iBAAiB;QAC7C,aAAa,EAAE,SAAS,CAAC,cAAc;QACvC,UAAU,EAAE,SAAS,CAAC,WAAW;QACjC,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,OAAO,EAAE,SAAS,CAAC,QAAQ;KAC5B,CAAC;AACJ,CAAC;AAoBD;;AAEG;AACG,MAAO,2BAA4B,SAAQ,KAAK,CAAA;AAUpD,IAAA,WAAA;AACE;;AAEG;IACH,OAA2C,EAAA;AAE3C,QAAA,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AACvB,QAAA,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;AAC7B,QAAA,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;AAC/C,QAAA,IAAI,CAAC,IAAI,GAAG,6BAA6B,CAAC;KAC3C;AACF;;ACrOD;AACA;AAEM,SAAU,8BAA8B,CAAC,QAAgB,EAAA;IAC7D,IAAI,QAAQ,KAAK,MAAM,EAAE;AACvB,QAAA,OAAO,cAAc,CAAC;AACvB,KAAA;AAAM,SAAA;AACL,QAAA,OAAO,mBAAmB,CAAC;AAC5B,KAAA;AACH;;ACTA;AACA;AAEA;;AAEG;AACI,MAAM,WAAW,GAAG,OAAO,CAAC;AAEnC;;;AAGG;AACH;AACA;AACA;AACO,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;AAGG;AACI,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC;;AAEG;AACSA,qCAiBX;AAjBD,CAAA,UAAY,mBAAmB,EAAA;AAC7B;;AAEG;AACH,IAAA,mBAAA,CAAA,YAAA,CAAA,GAAA,gCAA6C,CAAA;AAC7C;;AAEG;AACH,IAAA,mBAAA,CAAA,cAAA,CAAA,GAAA,kCAAiD,CAAA;AACjD;;AAEG;AACH,IAAA,mBAAA,CAAA,iBAAA,CAAA,GAAA,kCAAoD,CAAA;AACpD;;AAEG;AACH,IAAA,mBAAA,CAAA,kBAAA,CAAA,GAAA,mCAAsD,CAAA;AACxD,CAAC,EAjBWA,2BAAmB,KAAnBA,2BAAmB,GAiB9B,EAAA,CAAA,CAAA,CAAA;AAED;;AAEG;AACI,MAAM,oBAAoB,GAAGA,2BAAmB,CAAC,gBAAgB;;AChDxE;AAMA;;;AAGG;AACI,MAAM,aAAa,GAAGC,+BAAmB,CAAC;AAC/C,IAAA,SAAS,EAAE,eAAe;AAC1B,IAAA,WAAW,EAAE,iBAAiB;AAC9B,IAAA,cAAc,EAAE,WAAW;AAC5B,CAAA,CAAC;;ACdF;AAKA;;AAEG;MACUC,QAAM,GAAGC,2BAAkB,CAAC,UAAU,EAAE;AAOrD;;;AAGG;AACG,SAAU,cAAc,CAAC,gBAA0B,EAAA;IACvD,OAAO,gBAAgB,CAAC,MAAM,CAC5B,CAAC,GAA2B,EAAE,WAAmB,KAAI;AACnD,QAAA,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;AAC5B,YAAA,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;AAChC,SAAA;AAAM,aAAA;AACL,YAAA,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;AAC/B,SAAA;AACD,QAAA,OAAO,GAAG,CAAC;KACZ,EACD,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAC9B,CAAC;AACJ,CAAC;AAeD;;AAEG;AACG,SAAU,aAAa,CAAC,KAAwB,EAAA;IACpD,OAAO,CAAA,iBAAA,EAAoB,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,KAAK,CAAA,CAAA,CAAG,CAAC;AAChF,CAAC;AAED;;AAEG;AACa,SAAA,WAAW,CAAC,KAAoC,EAAE,KAAqB,EAAA;IACrF,IAAI,OAAO,GAAG,QAAQ,CAAC;AACvB,IAAA,IAAI,KAAK,KAAL,IAAA,IAAA,KAAK,uBAAL,KAAK,CAAE,MAAM,EAAE;QACjB,OAAO,IAAI,YAAY,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,KAAK,CAAA,CAAA,CAAG,CAAC;AAC3E,KAAA;AACD,IAAA,OAAO,GAAG,OAAO,CAAA,gBAAA,EAAmB,OAAO,KAAK,KAAK,QAAQ,GAAG,KAAK,GAAG,KAAK,CAAC,OAAO,GAAG,CAAC;AAC3F,CAAC;AAmBD;;;;;;;AAOG;AACG,SAAU,wBAAwB,CACtC,KAAa,EACb,MAAiC,EACjC,MAAmBD,QAAM,EAAA;AAEzB,IAAA,MAAM,SAAS,GAAG,MAAM,GAAG,CAAG,EAAA,MAAM,CAAC,SAAS,IAAI,KAAK,CAAA,CAAE,GAAG,KAAK,CAAC;IAElE,SAAS,IAAI,CAAC,OAAe,EAAA;QAC3B,GAAG,CAAC,IAAI,CAAC,CAAA,EAAG,SAAS,CAAK,GAAA,CAAA,EAAE,OAAO,CAAC,CAAC;KACtC;IAED,SAAS,OAAO,CAAC,OAAe,EAAA;QAC9B,GAAG,CAAC,OAAO,CAAC,CAAA,EAAG,SAAS,CAAK,GAAA,CAAA,EAAE,OAAO,CAAC,CAAC;KACzC;IACD,OAAO;QACL,KAAK;QACL,SAAS;QACT,IAAI;QACJ,OAAO;KACR,CAAC;AACJ,CAAC;AAWD;;;;;;;;;AASG;SACa,gBAAgB,CAAC,KAAa,EAAE,MAAmBA,QAAM,EAAA;IACvE,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;AACnE,IAAA,OAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EACK,UAAU,CACb,EAAA,EAAA,MAAM,EAAE,GAAG,EACX,QAAQ,EAAE,wBAAwB,CAAC,eAAe,EAAE,UAAU,EAAE,GAAG,CAAC,EACpE,CAAA,CAAA;AACJ;;ACzIA;AAqBA,MAAM,eAAe,GAAG,iBAAiB,CAAC;AA+B1C;;AAEG;AACG,SAAU,8BAA8B,CAAC,OAAgC,EAAA;;IAE7E,IAAI,aAAa,GAAG,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,aAAa,CAAC;;AAG3C,IAAA,IAAIE,eAAM,EAAE;AACV,QAAA,aAAa,GAAG,aAAa,KAAb,IAAA,IAAA,aAAa,KAAb,KAAA,CAAA,GAAA,aAAa,GAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;AACnE,KAAA;;AAGD,IAAA,OAAO,aAAa,KAAb,IAAA,IAAA,aAAa,cAAb,aAAa,GAAI,oBAAoB,CAAC;AAC/C,CAAC;AAED;;;;;;AAMG;AACG,MAAO,cAAe,SAAQC,wBAAa,CAAA;AAK/C,IAAA,WAAA,CAAY,OAAgC,EAAA;;AAC1C,QAAA,MAAM,cAAc,GAAG,CAAqB,kBAAA,EAAA,WAAW,EAAE,CAAC;AAC1D,QAAA,MAAM,eAAe,GAAG,CAAA,CAAA,EAAA,GAAA,OAAO,KAAA,IAAA,IAAP,OAAO,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAP,OAAO,CAAE,gBAAgB,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAE,eAAe;cAC9D,GAAG,OAAO,CAAC,gBAAgB,CAAC,eAAe,CAAI,CAAA,EAAA,cAAc,CAAE,CAAA;AACjE,cAAE,CAAA,EAAG,cAAc,CAAA,CAAE,CAAC;AAExB,QAAA,MAAM,OAAO,GAAG,8BAA8B,CAAC,OAAO,CAAC,CAAC;AACxD,QAAA,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE;AACjC,YAAA,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;AAC7E,SAAA;AAED,QAAA,KAAK,+BACH,kBAAkB,EAAE,iCAAiC,EACrD,YAAY,EAAE;AACZ,gBAAA,UAAU,EAAE,CAAC;aACd,EACE,EAAA,OAAO,CACV,EAAA,EAAA,gBAAgB,EAAE;gBAChB,eAAe;aAChB,EACD,OAAO,IACP,CAAC;AAEH,QAAA,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC;AAC7B,QAAA,IAAI,CAAC,gBAAgB,GAAG,IAAI,GAAG,EAAE,CAAC;AAClC,QAAA,IAAI,CAAC,8BAA8B,GAAG,CAAA,EAAA,GAAA,OAAO,KAAA,IAAA,IAAP,OAAO,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAP,OAAO,CAAE,cAAc,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAE,8BAA8B,CAAC;KAC/F;AAED,IAAA,MAAM,gBAAgB,CACpB,OAAwB,EACxB,eAAmE,EAAA;QAEnEH,QAAM,CAAC,IAAI,CAAC,CAAA,0CAAA,EAA6C,OAAO,CAAC,GAAG,CAAG,CAAA,CAAA,CAAC,CAAC;QACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAEjD,eAAe;YACb,eAAe;iBACd,CAAC,YAAqC,KAAI;oBACzC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,CAAC,UAAU,GAAG,IAAI,CAAC;AACrD,iBAAC,CAAC,CAAC;AAEL,QAAA,IAAI,QAAQ,CAAC,UAAU,KAAK,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,EAAE;YAC/E,MAAM,UAAU,GAA4B,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;AAE5E,YAAA,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE;AAC5B,gBAAA,OAAO,IAAI,CAAC;AACb,aAAA;AAED,YAAA,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;AAE9B,YAAA,MAAM,KAAK,GAAG;AACZ,gBAAA,WAAW,EAAE;oBACX,KAAK,EAAE,UAAU,CAAC,YAAY;AAC9B,oBAAA,kBAAkB,EAAE,eAAe,CAAC,UAAU,CAAC;AAChD,iBAAA;gBACD,YAAY,EAAE,UAAU,CAAC,aAAa;aACvC,CAAC;AAEF,YAAAA,QAAM,CAAC,IAAI,CACT,CAAA,iBAAA,EAAoB,OAAO,CAAC,GAAG,CAAgC,6BAAA,EAAA,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAAA,CAAE,CACtG,CAAC;AACF,YAAA,OAAO,KAAK,CAAC;AACd,SAAA;AAAM,aAAA;AACL,YAAA,MAAM,KAAK,GAAG,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;AAC5E,YAAAA,QAAM,CAAC,OAAO,CACZ,CAAA,mDAAA,EAAsD,QAAQ,CAAC,MAAM,CAAK,EAAA,EAAA,KAAK,CAAC,aAAa,CAAC,gBAAgB,CAAA,CAAE,CACjH,CAAC;AACF,YAAA,MAAM,KAAK,CAAC;AACb,SAAA;KACF;AAED,IAAA,MAAM,kBAAkB,CACtB,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,YAAgC,EAChC,YAAgC,EAChC,eAAmE,EACnE,UAA2B,EAAE,EAAA;QAE7B,IAAI,YAAY,KAAK,SAAS,EAAE;AAC9B,YAAA,OAAO,IAAI,CAAC;AACb,SAAA;QACDA,QAAM,CAAC,IAAI,CACT,CAAA,wDAAA,EAA2D,QAAQ,CAAa,UAAA,EAAA,MAAM,CAAU,QAAA,CAAA,CACjG,CAAC;AAEF,QAAA,MAAM,aAAa,GAAG;AACpB,YAAA,UAAU,EAAE,eAAe;AAC3B,YAAA,SAAS,EAAE,QAAQ;AACnB,YAAA,aAAa,EAAE,YAAY;AAC3B,YAAA,KAAK,EAAE,MAAM;SACd,CAAC;QAEF,IAAI,YAAY,KAAK,SAAS,EAAE;AAC7B,YAAA,aAAqB,CAAC,aAAa,GAAG,YAAY,CAAC;AACrD,SAAA;AAED,QAAA,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,aAAa,CAAC,CAAC;AAEjD,QAAA,OAAO,aAAa,CAAC,QAAQ,CAC3B,mCAAmC,EACnC,OAAO,EACP,OAAO,cAAc,KAAI;YACvB,IAAI;AACF,gBAAA,MAAM,SAAS,GAAG,8BAA8B,CAAC,QAAQ,CAAC,CAAC;gBAC3D,MAAM,OAAO,GAAGI,sCAAqB,CAAC;oBACpC,GAAG,EAAE,GAAG,IAAI,CAAC,aAAa,CAAI,CAAA,EAAA,QAAQ,CAAI,CAAA,EAAA,SAAS,CAAE,CAAA;AACrD,oBAAA,MAAM,EAAE,MAAM;AACd,oBAAA,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE;oBACtB,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,OAAO,EAAEC,kCAAiB,CAAC;AACzB,wBAAA,MAAM,EAAE,kBAAkB;AAC1B,wBAAA,cAAc,EAAE,mCAAmC;qBACpD,CAAC;oBACF,cAAc,EAAE,cAAc,CAAC,cAAc;AAC9C,iBAAA,CAAC,CAAC;gBAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;AACvE,gBAAAL,QAAM,CAAC,IAAI,CAAC,kDAAkD,QAAQ,CAAA,CAAE,CAAC,CAAC;AAC1E,gBAAA,OAAO,QAAQ,CAAC;AACjB,aAAA;AAAC,YAAA,OAAO,GAAQ,EAAE;AACjB,gBAAA,IACE,GAAG,CAAC,IAAI,KAAK,uBAAuB;AACpC,oBAAA,GAAG,CAAC,aAAa,CAAC,KAAK,KAAK,sBAAsB,EAClD;;;;AAIA,oBAAAA,QAAM,CAAC,IAAI,CAAC,uDAAuD,QAAQ,CAAA,CAAE,CAAC,CAAC;AAC/E,oBAAA,OAAO,IAAI,CAAC;AACb,iBAAA;AAAM,qBAAA;oBACLA,QAAM,CAAC,OAAO,CACZ,CAAA,uDAAA,EAA0D,QAAQ,CAAK,EAAA,EAAA,GAAG,CAAE,CAAA,CAC7E,CAAC;AACF,oBAAA,MAAM,GAAG,CAAC;AACX,iBAAA;AACF,aAAA;AACH,SAAC,CACF,CAAC;KACH;;;AAKD,IAAA,mBAAmB,CAAC,aAAqB,EAAA;AACvC,QAAA,MAAM,UAAU,GAAG,IAAIM,+BAAe,EAAE,CAAC;AACzC,QAAA,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;AACnE,QAAA,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7B,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;AACtD,QAAA,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC;QAClD,UAAU,CAAC,MAAM,CAAC,OAAO,GAAG,CAAC,GAAG,MAAM,KAAI;YACxC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;AACpD,YAAA,IAAI,eAAe,EAAE;AACnB,gBAAA,eAAe,CAAC,GAAG,MAAM,CAAC,CAAC;AAC5B,aAAA;AACH,SAAC,CAAC;QACF,OAAO,UAAU,CAAC,MAAM,CAAC;KAC1B;AAED,IAAA,aAAa,CAAC,aAAsB,EAAA;AAClC,QAAA,MAAM,GAAG,GAAG,aAAa,IAAI,eAAe,CAAC;AAC7C,QAAA,MAAM,WAAW,GAAG;YAClB,IAAI,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;;YAEzC,IAAI,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;SACtD,CAAC;AACF,QAAA,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE;YACvB,OAAO;AACR,SAAA;AACD,QAAA,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE;YACpC,UAAU,CAAC,KAAK,EAAE,CAAC;AACpB,SAAA;QACD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;KAC3C;AAED,IAAA,gBAAgB,CAAC,OAA+B,EAAA;;AAC9C,QAAA,MAAM,SAAS,GAAG,CAAA,EAAA,GAAA,OAAO,KAAP,IAAA,IAAA,OAAO,uBAAP,OAAO,CAAE,IAAI,MAC3B,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAA,KAAK,CAAC,GAAG,CAAA,CACV,GAAG,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA,CAC7B,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,GAAG,KAAK,mBAAmB,CAAC,CAAC;AAChD,QAAA,OAAO,SAAS,IAAI,SAAS,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,eAAe,GAAG,eAAe,CAAC;KAC1F;;AAID,IAAA,MAAM,mBAAmB,CACvB,GAAW,EACX,OAA+B,EAAA;QAE/B,MAAM,OAAO,GAAGF,sCAAqB,CAAC;YACpC,GAAG;AACH,YAAA,MAAM,EAAE,KAAK;AACb,YAAA,IAAI,EAAE,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,IAAI;YACnB,OAAO,EAAEC,kCAAiB,CAAC,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,OAAO,CAAC;AAC5C,YAAA,WAAW,EAAE,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC;AACvD,SAAA,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;AAEjD,QAAA,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE9B,OAAO;AACL,YAAA,IAAI,EAAE,QAAQ,CAAC,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,SAAS;AACvE,YAAA,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;SACxB,CAAC;KACH;AAED,IAAA,MAAM,oBAAoB,CACxB,GAAW,EACX,OAA+B,EAAA;QAE/B,MAAM,OAAO,GAAGD,sCAAqB,CAAC;YACpC,GAAG;AACH,YAAA,MAAM,EAAE,MAAM;AACd,YAAA,IAAI,EAAE,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,IAAI;YACnB,OAAO,EAAEC,kCAAiB,CAAC,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,OAAO,CAAC;;YAE5C,WAAW,EAAE,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;AACtE,SAAA,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;AAEjD,QAAA,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE9B,OAAO;AACL,YAAA,IAAI,EAAE,QAAQ,CAAC,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,SAAS;AACvE,YAAA,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;SACxB,CAAC;KACH;AAED;;;;;;;;;;;AAWG;AACK,IAAA,cAAc,CAAC,QAA0B,EAAA;QAC/C,IAAI,CAAC,IAAI,CAAC,8BAA8B,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE;YAChE,OAAO;AACR,SAAA;QACD,MAAM,cAAc,GAAG,kCAAkC,CAAC;QAC1D,IAAI;AACF,YAAA,MAAM,MAAM,GAAI,QAAgB,CAAC,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;AAC/E,YAAA,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC;YACxC,IAAI,CAAC,WAAW,EAAE;;gBAEhB,OAAO;AACR,aAAA;YACD,MAAM,cAAc,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AACjD,YAAA,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK,CACzC,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CACvD,CAAC;AAEF,YAAAL,QAAM,CAAC,IAAI,CACT,CAAA,mCAAA,EAAsC,KAAK,CAAgB,aAAA,EAAA,GAAG,CAC5D,uBAAA,EAAA,GAAG,IAAI,cACT,CAAA,oBAAA,EAAuB,GAAG,CAAA,CAAE,CAC7B,CAAC;AACH,SAAA;AAAC,QAAA,OAAO,CAAM,EAAE;YACfA,QAAM,CAAC,OAAO,CACZ,6FAA6F,EAC7F,CAAC,CAAC,OAAO,CACV,CAAC;AACH,SAAA;KACF;AACF;;AClWD;AAKgB,SAAA,aAAa,CAAC,MAAwB,EAAE,QAAgB,EAAA;AACtE,IAAA,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE;AACzC,QAAA,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,2KAA2K,CAC5K,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;AACpC,QAAA,MAAM,KAAK,CAAC;AACb,KAAA;AACH;;ACbA;SAOgB,eAAe,CAC7B,MAAwB,EACxB,QAAiB,EACjB,QAAiB,EAAA;AAEjB,IAAA,IAAI,QAAQ,EAAE;AACZ,QAAA,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AAChC,QAAA,OAAO,QAAQ,CAAC;AACjB,KAAA;IACD,IAAI,CAAC,QAAQ,EAAE;QACb,QAAQ,GAAG,uBAAuB,CAAC;AACpC,KAAA;IACD,IAAI,QAAQ,KAAK,uBAAuB,EAAE;AACxC,QAAA,OAAO,QAAQ,CAAC;AACjB,KAAA;AACD,IAAA,OAAO,eAAe,CAAC;AACzB;;ACvBA;AAeA;;;AAGG;AACH,MAAM,iCAAiC,GAAG,KAAK,CAAC;AAEhD;;;AAGG;AACG,SAAU,oBAAoB,CAClC,MAAyB,EACzB,MAAwB,EACxB,SAAqB,EACrB,eAAiC,EAAA;AAEjC,IAAA,MAAM,KAAK,GAAG,CAAC,OAAe,KAAW;AACvC,QAAA,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,IAAI,2BAA2B,CAAC;AACrC,YAAA,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC;YACjD,eAAe;YACf,OAAO;AACR,SAAA,CAAC,CAAC;AACL,KAAC,CAAC;IACF,IAAI,CAAC,SAAS,EAAE;AACd,QAAA,MAAM,KAAK,CAAC,aAAa,CAAC,CAAC;AAC5B,KAAA;AACD,IAAA,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE;AACxB,QAAA,MAAM,KAAK,CAAC,CAAuC,qCAAA,CAAA,CAAC,CAAC;AACtD,KAAA;AACD,IAAA,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE;AAC1B,QAAA,MAAM,KAAK,CAAC,CAAyC,uCAAA,CAAA,CAAC,CAAC;AACxD,KAAA;AACH,CAAC;AAED;;;AAGG;AACa,SAAA,YAAY,CAAC,QAAgB,EAAE,IAAa,EAAA;IAC1D,IAAI,CAAC,IAAI,EAAE;QACT,IAAI,GAAG,oBAAoB,CAAC;AAC7B,KAAA;AACD,IAAA,IAAI,IAAI,MAAM,CAAC,CAAA,EAAG,QAAQ,CAAA,GAAA,CAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;AAC3C,QAAA,OAAO,IAAI,CAAC;AACb,KAAA;AACD,IAAA,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;QACtB,OAAO,IAAI,GAAG,QAAQ,CAAC;AACxB,KAAA;AAAM,SAAA;AACL,QAAA,OAAO,CAAG,EAAA,IAAI,CAAI,CAAA,EAAA,QAAQ,EAAE,CAAC;AAC9B,KAAA;AACH,CAAC;AAED;;;;;;AAMG;AACa,SAAA,mBAAmB,CAAC,QAAgB,EAAE,aAAqB,EAAA;AACzE,IAAA,IAAI,QAAQ,KAAK,MAAM,IAAI,aAAa,EAAE;QACxC,OAAO,CAAC,aAAa,CAAC,CAAC;AACxB,KAAA;AACD,IAAA,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;AAIG;AACI,MAAM,qBAAqB,GAIhC,CAAC,MAAwB,EAAE,QAA+B,GAAAE,eAAM,GAAG,MAAM,GAAG,SAAS,KACrF,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,KAAU;AACpC,IAAA,IAAI,WAAW,EAAE;QACf,OAAO;AACR,KAAA;AACD,IAAA,QAAQ,KAAK;AACX,QAAA,KAAKK,qBAAU,CAAC,QAAQ,CAAC,KAAK;YAC5B,MAAM,CAAC,IAAI,CAAC,CAAA,KAAA,EAAQ,QAAQ,CAAc,WAAA,EAAA,OAAO,CAAE,CAAA,CAAC,CAAC;YACrD,OAAO;AACT,QAAA,KAAKA,qBAAU,CAAC,QAAQ,CAAC,IAAI;YAC3B,MAAM,CAAC,IAAI,CAAC,CAAA,KAAA,EAAQ,QAAQ,CAAqB,kBAAA,EAAA,OAAO,CAAE,CAAA,CAAC,CAAC;YAC5D,OAAO;AACT,QAAA,KAAKA,qBAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,MAAM,CAAC,IAAI,CAAC,CAAA,KAAA,EAAQ,QAAQ,CAAwB,qBAAA,EAAA,OAAO,CAAE,CAAA,CAAC,CAAC;YAC/D,OAAO;AACT,QAAA,KAAKA,qBAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,MAAM,CAAC,IAAI,CAAC,CAAA,KAAA,EAAQ,QAAQ,CAAgB,aAAA,EAAA,OAAO,CAAE,CAAA,CAAC,CAAC;YACvD,OAAO;AACV,KAAA;AACH,CAAC,CAAC;AAEJ;;;;;;;AAOG;MACU,iBAAiB,CAAA;AAI5B,IAAA,WAAA,CAAY,OAAwB,EAAA;AAClC,QAAA,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;AAC7B,QAAA,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,oBAAoB,CAAC;KAC7C;AAED;;AAEG;IACH,YAAY,GAAA;QACV,OAAOC,OAAM,EAAE,CAAC;KACjB;AAED;;;;AAIG;AACO,IAAA,YAAY,CACpB,MAAyB,EACzB,QAAgB,EAChB,MAAmB,EACnB,eAAiC,EAAA;AAEjC,QAAA,IAAI,MAAM,KAAN,IAAA,IAAA,MAAM,uBAAN,MAAM,CAAE,OAAO,EAAE;YACnB,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;AACvD,SAAA;QACD,oBAAoB,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;AACnE,QAAA,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QACjD,OAAO;YACL,KAAK,EAAE,MAAO,CAAC,WAAY;AAC3B,YAAA,kBAAkB,EAAE,MAAO,CAAC,SAAU,CAAC,OAAO,EAAE;SACjD,CAAC;KACH;AAED;;AAEG;AACO,IAAA,WAAW,CAAC,MAAgB,EAAE,KAAY,EAAE,eAAiC,EAAA;AACrF,QAAA,IACE,KAAK,CAAC,IAAI,KAAK,WAAW;YAC1B,KAAK,CAAC,IAAI,KAAK,iBAAiB;AAChC,YAAA,KAAK,CAAC,IAAI,KAAK,kBAAkB,EACjC;YACA,MAAM,SAAS,GAAG,KAA6B,CAAC;YAChD,QAAQ,SAAS,CAAC,SAAS;AACzB,gBAAA,KAAK,4BAA4B;AAC/B,oBAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;AACrD,oBAAA,OAAO,IAAI,0BAA0B,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;AACvD,gBAAA,KAAK,+BAA+B;AAClC,oBAAA,OAAO,IAAIC,0BAAU,CAAC,oDAAoD,CAAC,CAAC;AAC9E,gBAAA,KAAK,kBAAkB,CAAC;AACxB,gBAAA,KAAK,sBAAsB,CAAC;AAC5B,gBAAA,KAAK,gBAAgB;AACnB,oBAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,WAAW,CAAC,MAAM,EAAE,CAAA,kCAAA,EAAqC,SAAS,CAAC,SAAS,CAAE,CAAA,CAAC,CAChF,CAAC;oBACF,MAAM;AACR,gBAAA;AACE,oBAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAA,yBAAA,EAA4B,KAAK,CAAC,OAAO,CAAE,CAAA,CAAC,CAAC,CAAC;oBACnF,MAAM;AACT,aAAA;AACF,SAAA;AACD,QAAA,IACE,KAAK,CAAC,IAAI,KAAK,0BAA0B;YACzC,KAAK,CAAC,IAAI,KAAK,+BAA+B;AAC9C,YAAA,KAAK,CAAC,IAAI,KAAK,YAAY,EAC3B;AACA,YAAA,OAAO,KAAK,CAAC;AACd,SAAA;AACD,QAAA,OAAO,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;KAC7F;AACF,CAAA;AAED;AAEM,SAAU,YAAY,CAAC,OAA6B,EAAA;AACxD,IAAA,MAAM,CAAC,WAAW,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,0BAA0B,CAAC,IAAI,EAAE,CAAC;IAChF,OACK,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EAAA,OAAO,KACV,cAAc,EAAE,OAAO,CAAC,aAAa,EACrC,WAAW,EACX,CAAA,CAAA;AACJ,CAAC;AAEe,SAAA,YAAY,CAAC,QAAgB,EAAE,OAAwB,EAAA;AACrE,IAAA,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,WAAW,CAAC;QAC9D,aAAa,EAAE,OAAO,CAAC,aAAa;AACpC,QAAA,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,eAAe;QAC7C,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,QAAQ;AACR,QAAA,OAAO,EAAE,iCAAiC;KAC3C,CAAC;AACF,IAAA,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;AAaG;AACG,SAAU,6BAA6B,CAAC,MAA4B,EAAA;AACxE,IAAA,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;;;;;;;AAkBG;AACG,SAAU,+BAA+B,CAAC,gBAAwB,EAAA;IACtE,MAAM,MAAM,GAAgD,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAEzF,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,KAAK,iCAAiC,EAAE;AAC1E,QAAA,MAAM,KAAK,CAAC,0CAA0C,CAAC,CAAC;AACzD,KAAA;AAED,IAAA,OAAO,MAAM,CAAC;AAChB;;ACzQA;AACA;AAIA;;AAEG;AACI,MAAM,+BAA+B,GAC1C,oPAAoP,CAAC;AAEvP;;AAEG;AACI,MAAM,2BAA2B,GACtC,0IAA0I,CAAC;AAE7I;;;;;AAKG;AACa,SAAA,yBAAyB,CACvC,QAAiB,EACjB,eAAiC,EAAA;IAEjC,IAAI,EAAC,eAAe,KAAf,IAAA,IAAA,eAAe,uBAAf,eAAe,CAAE,QAAQ,CAAA,EAAE;AAC9B,QAAA,OAAO,QAAQ,CAAC;AACjB,KAAA;AACD,IAAA,IAAI,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE;AACtD,QAAA,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;AAClD,KAAA;IACD,IAAI,QAAQ,KAAK,MAAM,EAAE;AACvB,QAAA,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;AAC9C,KAAA;AACD,IAAA,OAAO,eAAe,KAAf,IAAA,IAAA,eAAe,uBAAf,eAAe,CAAE,QAAQ,CAAC;AACnC;;ACrCA;AACA;AAEA;;AAEG;AACH,IAAY,iBA2GX,CAAA;AA3GD,CAAA,UAAY,iBAAiB,EAAA;;AAE3B,IAAA,iBAAA,CAAA,oBAAA,CAAA,GAAA,oBAAyC,CAAA;;AAEzC,IAAA,iBAAA,CAAA,QAAA,CAAA,GAAA,QAAiB,CAAA;;AAEjB,IAAA,iBAAA,CAAA,SAAA,CAAA,GAAA,SAAmB,CAAA;;AAEnB,IAAA,iBAAA,CAAA,WAAA,CAAA,GAAA,WAAuB,CAAA;;AAEvB,IAAA,iBAAA,CAAA,QAAA,CAAA,GAAA,QAAiB,CAAA;;AAEjB,IAAA,iBAAA,CAAA,SAAA,CAAA,GAAA,SAAmB,CAAA;;AAEnB,IAAA,iBAAA,CAAA,gBAAA,CAAA,GAAA,gBAAiC,CAAA;;AAEjC,IAAA,iBAAA,CAAA,gBAAA,CAAA,GAAA,gBAAiC,CAAA;;AAEjC,IAAA,iBAAA,CAAA,eAAA,CAAA,GAAA,eAA+B,CAAA;;AAE/B,IAAA,iBAAA,CAAA,eAAA,CAAA,GAAA,eAA+B,CAAA;;AAE/B,IAAA,iBAAA,CAAA,YAAA,CAAA,GAAA,YAAyB,CAAA;;AAEzB,IAAA,iBAAA,CAAA,aAAA,CAAA,GAAA,aAA2B,CAAA;;AAE3B,IAAA,iBAAA,CAAA,aAAA,CAAA,GAAA,aAA2B,CAAA;;AAE3B,IAAA,iBAAA,CAAA,YAAA,CAAA,GAAA,YAAyB,CAAA;;AAEzB,IAAA,iBAAA,CAAA,SAAA,CAAA,GAAA,SAAmB,CAAA;;AAEnB,IAAA,iBAAA,CAAA,QAAA,CAAA,GAAA,QAAiB,CAAA;;AAEjB,IAAA,iBAAA,CAAA,eAAA,CAAA,GAAA,eAA+B,CAAA;;AAE/B,IAAA,iBAAA,CAAA,aAAA,CAAA,GAAA,aAA2B,CAAA;;AAE3B,IAAA,iBAAA,CAAA,kBAAA,CAAA,GAAA,kBAAqC,CAAA;;AAErC,IAAA,iBAAA,CAAA,iBAAA,CAAA,GAAA,iBAAmC,CAAA;;AAEnC,IAAA,iBAAA,CAAA,cAAA,CAAA,GAAA,cAA6B,CAAA;;AAE7B,IAAA,iBAAA,CAAA,oBAAA,CAAA,GAAA,oBAAyC,CAAA;;AAEzC,IAAA,iBAAA,CAAA,YAAA,CAAA,GAAA,YAAyB,CAAA;;AAEzB,IAAA,iBAAA,CAAA,YAAA,CAAA,GAAA,YAAyB,CAAA;;AAEzB,IAAA,iBAAA,CAAA,UAAA,CAAA,GAAA,UAAqB,CAAA;;AAErB,IAAA,iBAAA,CAAA,eAAA,CAAA,GAAA,eAA+B,CAAA;;AAE/B,IAAA,iBAAA,CAAA,WAAA,CAAA,GAAA,WAAuB,CAAA;;AAEvB,IAAA,iBAAA,CAAA,WAAA,CAAA,GAAA,WAAuB,CAAA;;AAEvB,IAAA,iBAAA,CAAA,eAAA,CAAA,GAAA,eAA+B,CAAA;;AAE/B,IAAA,iBAAA,CAAA,oBAAA,CAAA,GAAA,oBAAyC,CAAA;;AAEzC,IAAA,iBAAA,CAAA,kBAAA,CAAA,GAAA,kBAAqC,CAAA;;AAErC,IAAA,iBAAA,CAAA,mBAAA,CAAA,GAAA,mBAAuC,CAAA;;AAEvC,IAAA,iBAAA,CAAA,cAAA,CAAA,GAAA,cAA6B,CAAA;;AAE7B,IAAA,iBAAA,CAAA,YAAA,CAAA,GAAA,YAAyB,CAAA;;AAEzB,IAAA,iBAAA,CAAA,WAAA,CAAA,GAAA,WAAuB,CAAA;;AAEvB,IAAA,iBAAA,CAAA,YAAA,CAAA,GAAA,YAAyB,CAAA;;AAEzB,IAAA,iBAAA,CAAA,cAAA,CAAA,GAAA,cAA6B,CAAA;;AAE7B,IAAA,iBAAA,CAAA,YAAA,CAAA,GAAA,YAAyB,CAAA;;AAEzB,IAAA,iBAAA,CAAA,UAAA,CAAA,GAAA,UAAqB,CAAA;;AAErB,IAAA,iBAAA,CAAA,kBAAA,CAAA,GAAA,kBAAqC,CAAA;;AAErC,IAAA,iBAAA,CAAA,iBAAA,CAAA,GAAA,iBAAmC,CAAA;;AAEnC,IAAA,iBAAA,CAAA,YAAA,CAAA,GAAA,YAAyB,CAAA;;AAEzB,IAAA,iBAAA,CAAA,WAAA,CAAA,GAAA,WAAuB,CAAA;;AAEvB,IAAA,iBAAA,CAAA,aAAA,CAAA,GAAA,aAA2B,CAAA;;AAE3B,IAAA,iBAAA,CAAA,YAAA,CAAA,GAAA,YAAyB,CAAA;;AAEzB,IAAA,iBAAA,CAAA,gBAAA,CAAA,GAAA,gBAAiC,CAAA;;AAEjC,IAAA,iBAAA,CAAA,kBAAA,CAAA,GAAA,kBAAqC,CAAA;;AAErC,IAAA,iBAAA,CAAA,sBAAA,CAAA,GAAA,eAAsC,CAAA;;AAEtC,IAAA,iBAAA,CAAA,kBAAA,CAAA,GAAA,WAA8B,CAAA;;AAE9B,IAAA,iBAAA,CAAA,qBAAA,CAAA,GAAA,cAAoC,CAAA;;AAEpC,IAAA,iBAAA,CAAA,mBAAA,CAAA,GAAA,YAAgC,CAAA;;AAEhC,IAAA,iBAAA,CAAA,qBAAA,CAAA,GAAA,WAAiC,CAAA;;AAEjC,IAAA,iBAAA,CAAA,wBAAA,CAAA,GAAA,cAAuC,CAAA;AACzC,CAAC,EA3GW,iBAAiB,KAAjB,iBAAiB,GA2G5B,EAAA,CAAA,CAAA;;ACjHD;AAkDA;;;AAGG;AACH,IAAI,mBAAmB,GAEP,SAAS,CAAC;AAE1B;;;AAGG;AACI,MAAM,wBAAwB,GAAG;AACtC,IAAA,cAAc,CAAC,cAA8D,EAAA;QAC3E,mBAAmB,GAAG,cAAc,CAAC;KACtC;CACF,CAAC;AAEF;;;;;;;;AAQG;AACG,MAAgB,QAAS,SAAQ,iBAAiB,CAAA;AAoBtD,IAAA,WAAA,CAAY,OAAwB,EAAA;;QAClC,KAAK,CAAC,OAAO,CAAC,CAAC;QAbP,IAAoB,CAAA,oBAAA,GAAY,KAAK,CAAC;QAc9C,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;AACtD,QAAA,IAAI,CAAC,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QACpF,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;AAC9C,QAAA,IAAI,OAAO,KAAP,IAAA,IAAA,OAAO,uBAAP,OAAO,CAAE,YAAY,EAAE;AACzB,YAAA,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;AAC1C,SAAA;;QAGD,IAAI,mBAAmB,KAAK,SAAS,KAAI,CAAA,EAAA,GAAA,OAAO,CAAC,4BAA4B,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAE,OAAO,CAAA,EAAE;AACtF,YAAA,IAAI,CAAC,iBAAiB,GAAG,MAAM,mBAAoB,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC;AAC3F,SAAA;AAAM,aAAA,IAAI,MAAA,OAAO,CAAC,4BAA4B,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAE,OAAO,EAAE;YACxD,MAAM,IAAI,KAAK,CACb;gBACE,qFAAqF;gBACrF,yHAAyH;gBACzH,mFAAmF;gBACnF,0FAA0F;AAC3F,aAAA,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;AACH,SAAA;AAED,QAAA,IAAI,CAAC,WAAW,GAAG,CAAA,EAAA,GAAA,OAAO,CAAC,iBAAiB,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,EAAA,GAAI,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;AAC1F,QAAA,IAAI,IAAI,CAAC,WAAW,KAAK,iBAAiB,CAAC,kBAAkB,EAAE;AAC7D,YAAA,IAAI,CAAC,WAAW,GAAG,eAAe,CAAC;AACpC,SAAA;KACF;AAED;;AAEG;AACO,IAAA,qBAAqB,CAAC,OAAwB,EAAA;AACtD,QAAA,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,uBAAuB,CAAC;AAC7D,QAAA,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;AAErF,QAAA,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAC/E,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAE7D,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CACnC,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EAAA,OAAO,CAAC,sBAAsB,CAAA,EAAA,EACjC,aAAa,EAAE,SAAS,EACxB,cAAc,EAAE,OAAO,CAAC,cAAc,IACtC,CAAC;AAEH,QAAA,IAAI,kBAAkB,GAAa,CAAC,KAAK,CAAC,CAAC;AAC3C,QAAA,IAAI,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE;YAC1C,kBAAkB,GAAG,EAAE,CAAC;AACzB,SAAA;QAED,OAAO;AACL,YAAA,IAAI,EAAE;gBACJ,QAAQ;gBACR,SAAS;AACT,gBAAA,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ,EAAE,SAAS,CAAC;gBAC1D,kBAAkB;AACnB,aAAA;;AAED,YAAA,MAAM,EAAE;gBACN,aAAa,EAAE,IAAI,CAAC,cAAc;AAClC,gBAAA,aAAa,EAAE;AACb,oBAAA,cAAc,EAAE,qBAAqB,CAAC,OAAO,CAAC,MAAM,CAAC;AACtD,iBAAA;AACF,aAAA;SACF,CAAC;KACH;AAED;;AAEG;IACH,MAAM,IAAI,CAAC,OAAuC,EAAA;AAChD,QAAA,IAAI,OAAO,KAAP,IAAA,IAAA,OAAO,uBAAP,OAAO,CAAE,WAAW,EAAE;YACxB,OAAO,CAAC,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,MAAK;;;gBAGjD,IAAI,CAAC,cAAe,CAAC,aAAa,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;AAC5D,aAAC,CAAC,CAAC;AACJ,SAAA;AAED,QAAA,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,eAAe,EAAE;YAC1C,OAAO;AACR,SAAA;AAED,QAAA,IAAI,IAAI,CAAC,iBAAiB,KAAK,SAAS,EAAE;AACxC,YAAA,IAAI,CAAC,UAAU,CAAC,KAAK,GAAG;AACtB,gBAAA,WAAW,EAAE,MAAM,IAAI,CAAC,iBAAiB,EAAE;aAC5C,CAAC;AACH,SAAA;AAED,QAAA,IAAI,CAAC,SAAS,GAAG,IAAIC,mBAAQ,CAAC,uBAAuB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvE,IAAI,IAAI,CAAC,YAAY,EAAE;AACrB,YAAA,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;AAClE,SAAA;;AAED,QAAA,IACE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY;AACjC,YAAA,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe;AACpC,YAAA,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,EACtC;AACA,YAAA,IAAI,CAAC,eAAe,GAAG,IAAIA,mBAAQ,CAAC,6BAA6B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;AACpF,SAAA;AAAM,aAAA;YACL,IAAI,IAAI,CAAC,oBAAoB,EAAE;AAC7B,gBAAA,MAAM,IAAI,KAAK,CACb,gHAAgH,CACjH,CAAC;AACH,aAAA;AACF,SAAA;KACF;AAED;;AAEG;AACO,IAAA,gBAAgB,CACxB,OAAwD,EACxD,WAA6B,EAC7B,QAAqB,EAAA;QAErB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,KAAI;YACrC,OAAO;AACJ,iBAAA,IAAI,CAAC,CAAC,SAAS,KAAI;AAClB,gBAAA,OAAO,OAAO,CAAC,SAAU,CAAC,CAAC;AAC7B,aAAC,CAAC;iBACD,KAAK,CAAC,MAAM,CAAC,CAAC;AACjB,YAAA,IAAI,WAAW,EAAE;AACf,gBAAA,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,MAAK;AACzC,oBAAA,QAAQ,KAAR,IAAA,IAAA,QAAQ,KAAR,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,QAAQ,EAAI,CAAC;AACf,iBAAC,CAAC,CAAC;AACJ,aAAA;AACH,SAAC,CAAC,CAAC;KACJ;AAED;;AAEG;AACH,IAAA,MAAM,gBAAgB,GAAA;;QACpB,IAAI,IAAI,CAAC,OAAO,EAAE;YAChB,OAAO,IAAI,CAAC,OAAO,CAAC;AACrB,SAAA;AACD,QAAA,MAAM,KAAK,GAAG,CAAA,EAAA,GAAA,MAAA,IAAI,CAAC,eAAe,MAAE,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAA,aAAa,EAAE,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,EAAA,GAAI,MAAA,IAAI,CAAC,SAAS,MAAE,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAA,aAAa,EAAE,CAAC;AACvF,QAAA,MAAM,gBAAgB,GAAG,OAAM,KAAK,KAAA,IAAA,IAAL,KAAK,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAL,KAAK,CAAE,cAAc,EAAE,CAAA,CAAC;QAEvD,IAAI,CAAC,gBAAgB,EAAE;YACrB,OAAO;AACR,SAAA;AAED,QAAA,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;AACjC,YAAA,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;AACjE,SAAA;AAAM,aAAA;AACL,YAAA,IAAI,CAAC,MAAM;AACR,iBAAA,IAAI,CAAC,CAAA;;;;AAI+J,4KAAA,CAAA,CAAC,CAAC;YACzK,OAAO;AACR,SAAA;QAED,OAAO,IAAI,CAAC,OAAO,CAAC;KACrB;AAED;;AAEG;AACH,IAAA,MAAM,cAAc,CAClB,MAAgB,EAChB,OAAuC,EAAA;;AAEvC,QAAA,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;AAC9B,QAAA,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE;YACjB,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;AACN,gBAAA,eAAe,EAAE,OAAO;AACxB,gBAAA,OAAO,EACL,sFAAsF;AACzF,aAAA,CAAC,CAAC;AACJ,SAAA;AAED,QAAA,MAAM,aAAa,GAA+B;;AAEhD,YAAA,OAAO,EAAE,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC;AACnC,YAAA,aAAa,EAAE,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,aAAa;YACrC,MAAM;AACN,YAAA,SAAS,EAAE,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,SAAS;AAC7B,YAAA,MAAM,EAAE,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,MAAM;SACxB,CAAC;QAEF,IAAI;AACF,YAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;AACzD,YAAA,MAAM,QAAQ,GACZ,CAAA,EAAA,IAAC,OAAM,CAAA,EAAA,GAAA,IAAI,CAAC,eAAe,MAAE,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAA,kBAAkB,CAAC,aAAa,CAAC,CAAA,CAAC,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,EAAA,IAC9D,MAAM,IAAI,CAAC,SAAU,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC,CAAC;AAC5D,YAAA,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,QAAQ,IAAI,SAAS,CAAC,CAAC;AACxE,SAAA;AAAC,QAAA,OAAO,GAAQ,EAAE;YACjB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;AAC9C,SAAA;KACF;AAOD;;;AAGG;AACI,IAAA,MAAM,QAAQ,CACnB,MAAgB,EAChB,UAAyC,EAAE,EAAA;AAE3C,QAAA,MAAM,QAAQ,GAAG,yBAAyB,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC;QAEpF,OAAO,CAAC,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;AAE/D,QAAA,OAAO,CAAC,aAAa,GAAG,CAAA,OAAO,aAAP,OAAO,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAP,OAAO,CAAE,aAAa,KAAI,IAAI,CAAC,YAAY,EAAE,CAAC;AACtE,QAAA,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEzB,IAAI;;;;AAIF,YAAA,MAAM,aAAa,GAAI,OAAe,CAAC,MAAM,CAAC;AAC9C,YAAA,IAAI,aAAa,EAAE;AACjB,gBAAA,IAAI,CAAC,YAAY,GAAG,aAAa,CAAC;AACnC,aAAA;AACD,YAAA,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC,aAAa,EAAE;AACtC,gBAAA,OAAe,CAAC,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC;AAC7C,aAAA;;YAED,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AACnD,SAAA;AAAC,QAAA,OAAO,GAAQ,EAAE;AACjB,YAAA,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE;AAC9C,gBAAA,MAAM,GAAG,CAAC;AACX,aAAA;AACD,YAAA,IAAI,OAAO,KAAP,IAAA,IAAA,OAAO,uBAAP,OAAO,CAAE,8BAA8B,EAAE;gBAC3C,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;AACN,oBAAA,eAAe,EAAE,OAAO;AACxB,oBAAA,OAAO,EACL,uFAAuF;AAC1F,iBAAA,CAAC,CAAC;AACJ,aAAA;AACD,YAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA,iEAAA,CAAmE,CAAC,CAAC;YACtF,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AACzC,SAAA;KACF;AACF;;ACvVD;AAkBA,MAAM,cAAc,GAAG,QAAQ,CAAC;AAChC,MAAM,oBAAoB,GAAG,sCAAsC,CAAC;AACpE,MAAMV,QAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D,IAAI,eAAe,GAAuC,SAAS,CAAC;AAE7D,MAAM,uBAAuB,GAAG;AACrC,IAAA,yBAAyB,CAAC,MAA8B,EAAA;QACtD,eAAe,GAAG,MAAM,CAAC;KAC1B;CACF,CAAC;AAEF;AACA,MAAM,oBAAoB,GAA2B;AACnD,IAAA,IAAI,EAAE,mFAAmF;CAC1F,CAAC;AAEF,SAAS,sBAAsB,CAAC,QAAgB,EAAA;;AAE9C,IAAA,MAAM,sBAAsB,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;AAC9D,IAAA,IAAI,sBAAsB,EAAE;AAC1B,QAAA,MAAM,IAAI,0BAA0B,CAAC,sBAAsB,CAAC,CAAC;AAC9D,KAAA;AACH,CAAC;AAID,MAAM,uBAAuB,GAAqC;IAChE,UAAU,EAAEF,2BAAmB,CAAC,gBAAgB;IAChD,UAAU,EAAEA,2BAAmB,CAAC,UAAU;IAC1C,gBAAgB,EAAEA,2BAAmB,CAAC,YAAY;IAClD,iBAAiB,EAAEA,2BAAmB,CAAC,eAAe;CACvD,CAAC;AAEF;;;AAGG;AACG,SAAU,qBAAqB,CAAC,QAAgB,EAAA;AACpD,IAAA,MAAM,YAAY,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;;IAE/C,MAAM,YAAY,GAAG,MAAM,CAAC;AAC5B,IAAA,MAAM,OAAO,GAAGa,sBAAE,CAAC,OAAO,EAAE,CAAC;IAE7B,SAAS,YAAY,CAAC,GAAG,YAAsB,EAAA;AAC7C,QAAA,MAAM,QAAQ,GAAGC,wBAAI,CAAC,IAAI,CAAC,GAAG,YAAY,EAAE,YAAY,EAAE,GAAG,YAAY,CAAC,CAAC;AAC3E,QAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAACC,sBAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;AAC7E,QAAA,OAAO,QAAQ,CAAC,QAAQ,CAAC,CAAC;KAC3B;IAED,IAAI;AACF,QAAA,IAAI,OAAe,CAAC;QACpB,QAAQ,OAAO,CAAC,QAAQ;AACtB,YAAA,KAAK,OAAO;AACV,gBAAA,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAQ,CAAC;AAC/B,gBAAA,OAAO,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,SAAS,CAAC;AACrD,YAAA,KAAK,QAAQ;gBACX,OAAO,YAAY,CAAC,OAAO,EAAE,SAAS,EAAE,qBAAqB,CAAC,CAAC;AACjE,YAAA,KAAK,OAAO;AACV,gBAAA,OAAO,YAAY,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AAC1C,YAAA;gBACE,OAAO;AACV,SAAA;AACF,KAAA;AAAC,IAAA,OAAO,CAAM,EAAE;QACfb,QAAM,CAAC,IAAI,CAAC,CAAA,iEAAA,EAAoE,CAAC,CAAC,OAAO,CAAE,CAAA,CAAC,CAAC;QAC7F,OAAO;AACR,KAAA;AACH,CAAC;AAYD;;;;AAIG;MACU,0BAA0B,CAAA;AAKrC;;;;;;;;;AASG;AACH,IAAA,WAAA,CAAY,OAA2C,EAAA;;;QAGrD,IAAI,CAAC,SAAS,IAAI,qBAAqB,CAAC,aAAa,CAAC,IAAI,YAAY,CAAqB,CAAC;;QAG5F,MAAM,aAAa,GAAG,uBAAuB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAE9D,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,iBACtC,aAAa,EAAA,EACV,OAAO,CAAA,CACV,CAAC;AAEH,QAAA,IAAI,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE;AAC/B,YAAA,aAAa,CAACA,QAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;AACxC,YAAA,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;AAClC,SAAA;AAAM,aAAA;AACL,YAAA,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;AAChC,SAAA;AAED,QAAA,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;KACvC;AAED;;AAEG;AACK,IAAA,MAAM,OAAO,GAAA;;AAEnB,QAAA,MAAM,cAAc,GAAG,qBAAqB,CAAC,cAAc,CAAC,CAAC;AAC7D,QAAA,IAAI,cAAc,EAAE;AAClB,YAAA,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;AAChC,SAAA;AACD,QAAA,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;KACvC;AAOD;;AAEG;IACK,WAAW,GAAA;AACjB,QAAA,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE;AACxB,YAAA,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;AACtC,SAAA;QACD,OAAO,IAAI,CAAC,cAAc,CAAC;KAC5B;AAED;;;;;;;AAOG;AACI,IAAA,MAAM,QAAQ,CACnB,MAAyB,EACzB,OAAyB,EAAA;;AAEzB,QAAA,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;AAEzB,QAAA,MAAM,QAAQ,GAAG,yBAAyB,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC;QAEpF,IAAI,eAAe,KAAK,SAAS,EAAE;YACjC,MAAM,IAAI,0BAA0B,CAClC;gBACE,iEAAiE;gBACjE,uGAAuG;gBACvG,mFAAmF;gBACnF,mFAAmF;AACpF,aAAA,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;AACH,SAAA;AAED,QAAA,IAAI,WAAW,GAAG,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;;AAGzE,QAAA,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE;AAC5C,YAAA,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;AACrF,YAAAA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AACjD,YAAA,MAAM,KAAK,CAAC;AACb,SAAA;QAED,IAAI,WAAW,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE;YAC7C,WAAW,IAAI,iBAAiB,CAAC;AAClC,SAAA;;;;;;;;;AAUD,QAAA,MAAM,WAAW,GAAG,MAAM,eAAe,EAAE,CAAC;;AAG5C,QAAA,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAC9B,CAAA,EAAA,GAAA,CAAA,EAAA,GAAA,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,OAAO,KAAK,IAAI,CAAC,SAAS,CAAC,MAAI,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,EAAA,GAAA,WAAW,CAAC,CAAC,CAAC,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,EAAA,GAAI,EAAE,CAAC;AAExF,QAAA,IAAI,YAAY,EAAE;AAChB,YAAA,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAChE,QAAQ,EACR,oBAAoB,EACpB,WAAW,EACX,YAAY,EACZ,SAAS,CACV,CAAC;AAEF,YAAA,IAAI,aAAa,EAAE;gBACjBA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,aAAa,CAAC,WAAW,CAAC;AAClC,aAAA;AAAM,iBAAA;AACL,gBAAA,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,0NAA0N,CAC3N,CAAC;AACF,gBAAAA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AACjD,gBAAA,MAAM,KAAK,CAAC;AACb,aAAA;AACF,SAAA;AAAM,aAAA;AACL,YAAA,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,8MAA8M,CAC/M,CAAC;AACF,YAAAA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AACjD,YAAA,MAAM,KAAK,CAAC;AACb,SAAA;KACF;AACF;;ACxPD;AAOA;;;;AAIG;AACH,MAAM,aAAa,GAAuB;AACxC,IAAA,kBAAkB,EAAE,wBAAwB;AAC5C,IAAA,uBAAuB,EAAE,uBAAuB;CACjD,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;AA0BG;AACG,SAAU,iBAAiB,CAAC,MAAsB,EAAA;IACtD,MAAM,CAAC,aAAa,CAAC,CAAC;AACxB;;AC9CA;AASA;;AAEG;AACI,MAAMA,QAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAEjE;;;AAGG;MACU,sBAAsB,CAAA;AASjC;;;;;;;;;;;AAWG;AACH,IAAA,WAAA,CAAY,GAAG,OAA0B,EAAA;AApBzC;;AAEG;QACO,IAAkB,CAAA,kBAAA,GAC1B,oFAAoF,CAAC;QAE/E,IAAQ,CAAA,QAAA,GAAsB,EAAE,CAAC;AAevC,QAAA,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;KACzB;AAED;;;;;;;;;;;;AAYG;AACH,IAAA,MAAM,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE,EAAA;QACrE,IAAI,KAAK,GAAuB,IAAI,CAAC;QACrC,IAAI,wBAAwB,GAAG,EAAE,CAAC;QAClC,MAAM,MAAM,GAAY,EAAE,CAAC;AAE3B,QAAA,OAAO,aAAa,CAAC,QAAQ,CAC3B,iCAAiC,EACjC,OAAO,EACP,OAAO,cAAc,KAAI;AACvB,YAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC,EAAE,EAAE;gBAC/D,IAAI;AACF,oBAAA,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;oBAChE,wBAAwB,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC;AAC9D,iBAAA;AAAC,gBAAA,OAAO,GAAQ,EAAE;AACjB,oBAAA,IACE,GAAG,CAAC,IAAI,KAAK,4BAA4B;AACzC,wBAAA,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAC1C;AACA,wBAAA,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClB,qBAAA;AAAM,yBAAA;AACL,wBAAAA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;AAC/C,wBAAA,MAAM,GAAG,CAAC;AACX,qBAAA;AACF,iBAAA;AACF,aAAA;YAED,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;gBAC/B,MAAM,GAAG,GAAG,IAAI,4BAA4B,CAC1C,MAAM,EACN,+CAA+C,CAChD,CAAC;AACF,gBAAAA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;AAC/C,gBAAA,MAAM,GAAG,CAAC;AACX,aAAA;AAED,YAAAA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAc,WAAA,EAAA,wBAAwB,CAAK,EAAA,EAAA,aAAa,CAAC,MAAM,CAAC,CAAA,CAAE,CAAC,CAAC;YAEzF,IAAI,KAAK,KAAK,IAAI,EAAE;AAClB,gBAAA,MAAM,IAAI,0BAA0B,CAAC,kCAAkC,CAAC,CAAC;AAC1E,aAAA;AACD,YAAA,OAAO,KAAK,CAAC;AACf,SAAC,CACF,CAAC;KACH;AACF;;ACpGD;AAKA;;;AAGG;AACa,SAAA,gBAAgB,CAAC,KAAa,EAAE,MAAwB,EAAA;AACtE,IAAA,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE;AACtC,QAAA,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;AACrF,QAAA,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAChD,QAAA,MAAM,KAAK,CAAC;AACb,KAAA;AACH,CAAC;AAED;;;AAGG;AACG,SAAU,gBAAgB,CAAC,KAAa,EAAA;IAC5C,OAAO,KAAK,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;AAC1C;;ACvBA;AAcA;;;AAGG;AACI,MAAM,sBAAsB,GAAG;AACpC;;AAEG;IACH,iBAAiB,GAAA;AACf,QAAA,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;AAChC,YAAA,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE;AAC3B,gBAAA,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;AACrF,aAAA;AACD,YAAA,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;AAC/B,SAAA;AAAM,aAAA;AACL,YAAA,OAAO,MAAM,CAAC;AACf,SAAA;KACF;AAED;;;;AAIG;AACH,IAAA,MAAM,sBAAsB,CAC1B,QAAgB,EAChB,QAAiB,EAAA;QAEjB,IAAI,aAAa,GAAa,EAAE,CAAC;AACjC,QAAA,IAAI,QAAQ,EAAE;AACZ,YAAA,aAAa,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;AACxC,SAAA;QACD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,KAAI;YACrC,IAAI;AACF,gBAAAc,iCAAa,CAAC,QAAQ,CACpB,IAAI,EACJ;oBACE,SAAS;oBACT,kBAAkB;oBAClB,UAAU;oBACV,MAAM;oBACN,YAAY;oBACZ,QAAQ;AACR,oBAAA,GAAG,aAAa;iBACjB,EACD,EAAE,GAAG,EAAE,sBAAsB,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,EAChE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,KAAI;AACxB,oBAAA,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;AACrD,iBAAC,CACF,CAAC;AACH,aAAA;AAAC,YAAA,OAAO,GAAQ,EAAE;gBACjB,MAAM,CAAC,GAAG,CAAC,CAAC;AACb,aAAA;AACH,SAAC,CAAC,CAAC;KACJ;CACF,CAAC;AAEF,MAAMd,QAAM,GAAG,gBAAgB,CAAC,oBAAoB,CAAC,CAAC;AAEtD;;;;;AAKG;MACU,kBAAkB,CAAA;AAG7B;;;;;;;AAOG;AACH,IAAA,WAAA,CAAY,OAAmC,EAAA;QAC7C,IAAI,CAAC,QAAQ,GAAG,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,QAAQ,CAAC;KACnC;AAED;;;;;;;AAOG;AACI,IAAA,MAAM,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE,EAAA;QAE7B,MAAM,QAAQ,GAAG,yBAAyB,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;AACnE,QAAA,IAAI,QAAQ,EAAE;AACZ,YAAA,aAAa,CAACA,QAAM,EAAE,QAAQ,CAAC,CAAC;AACjC,SAAA;AAED,QAAA,MAAM,KAAK,GAAG,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QAC9DA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAmB,gBAAA,EAAA,KAAK,CAAE,CAAA,CAAC,CAAC;AACjD,QAAA,gBAAgB,CAAC,KAAK,EAAEA,QAAM,CAAC,CAAC;AAChC,QAAA,MAAM,QAAQ,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;AAEzC,QAAA,OAAO,aAAa,CAAC,QAAQ,CAAC,CAAA,EAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,YAAW;;YACrF,IAAI;gBACF,MAAM,GAAG,GAAG,MAAM,sBAAsB,CAAC,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;gBACpF,MAAM,aAAa,GAAG,CAAA,EAAA,GAAA,GAAG,CAAC,MAAM,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAE,KAAK,CAAC,0BAA0B,CAAC,CAAC;AACpE,gBAAA,MAAM,YAAY,GAAG,CAAA,CAAA,EAAA,GAAA,GAAG,CAAC,MAAM,MAAE,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAA,KAAK,CAAC,kBAAkB,CAAC,KAAI,CAAC,aAAa,CAAC;gBAC7E,MAAM,iBAAiB,GACrB,CAAA,CAAA,EAAA,GAAA,GAAG,CAAC,MAAM,MAAE,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAA,KAAK,CAAC,kBAAkB,CAAC,MAAI,CAAA,EAAA,GAAA,GAAG,CAAC,MAAM,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAE,UAAU,CAAC,wBAAwB,CAAC,CAAA,CAAC;AAE5F,gBAAA,IAAI,iBAAiB,EAAE;AACrB,oBAAA,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,kLAAkL,CACnL,CAAC;AACF,oBAAAA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AACjD,oBAAA,MAAM,KAAK,CAAC;AACb,iBAAA;AACD,gBAAA,IAAI,YAAY,EAAE;AAChB,oBAAA,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,2FAA2F,CAC5F,CAAC;AACF,oBAAAA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AACjD,oBAAA,MAAM,KAAK,CAAC;AACb,iBAAA;gBACD,IAAI;AACF,oBAAA,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC;oBAChC,MAAM,QAAQ,GAA+C,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;oBACtFA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;AAC5C,oBAAA,MAAM,WAAW,GAAG;wBAClB,KAAK,EAAE,QAAQ,CAAC,WAAW;wBAC3B,kBAAkB,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;qBAC3D,CAAC;AACF,oBAAA,OAAO,WAAW,CAAC;AACpB,iBAAA;AAAC,gBAAA,OAAO,CAAM,EAAE;oBACf,IAAI,GAAG,CAAC,MAAM,EAAE;AACd,wBAAA,MAAM,IAAI,0BAA0B,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;AAClD,qBAAA;AACD,oBAAA,MAAM,CAAC,CAAC;AACT,iBAAA;AACF,aAAA;AAAC,YAAA,OAAO,GAAQ,EAAE;AACjB,gBAAA,MAAM,KAAK,GACT,GAAG,CAAC,IAAI,KAAK,4BAA4B;AACvC,sBAAE,GAAG;sBACH,IAAI,0BAA0B,CAC3B,GAAa,CAAC,OAAO,IAAI,yDAAyD,CACpF,CAAC;AACR,gBAAAA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AACjD,gBAAA,MAAM,KAAK,CAAC;AACb,aAAA;AACH,SAAC,CAAC,CAAC;KACJ;AACF;;ACrKD;AAKA;;;AAGG;AACI,MAAM,YAAY,GAAG;AAC1B;;;AAGG;AACH,IAAA,QAAQ,CACN,IAAY,EACZ,MAAgB,EAChB,OAAwD,EAAA;QAExD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,KAAI;AACrC,YAAAe,wBAAY,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,KAAI;AACrE,gBAAA,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;AAC3B,oBAAA,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AAClC,iBAAA;AACD,gBAAA,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;AAC3B,oBAAA,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AAClC,iBAAA;gBACD,IAAI,MAAM,IAAI,KAAK,EAAE;AACnB,oBAAA,MAAM,CAAC,MAAM,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC;AAC5C,iBAAA;AAAM,qBAAA;oBACL,OAAO,CAAC,MAAM,CAAC,CAAC;AACjB,iBAAA;AACH,aAAC,CAAC,CAAC;AACL,SAAC,CAAC,CAAC;KACJ;CACF;;ACnCD;AAcA,MAAMf,QAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAE7D,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC;AAE/C;;;;AAIG;AACG,SAAU,aAAa,CAAC,WAAmB,EAAA;AAC/C,IAAA,IAAI,SAAS,EAAE;QACb,OAAO,CAAA,EAAG,WAAW,CAAA,IAAA,CAAM,CAAC;AAC7B,KAAA;AAAM,SAAA;AACL,QAAA,OAAO,WAAW,CAAC;AACpB,KAAA;AACH,CAAC;AAED;;;;AAIG;AACH,eAAe,WAAW,CAAC,QAAoB,EAAA;IAC7C,MAAM,OAAO,GAAa,EAAE,CAAC;AAE7B,IAAA,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;QAC9B,MAAM,CAAC,IAAI,EAAE,GAAG,UAAU,CAAC,GAAG,OAAO,CAAC;AACtC,QAAA,MAAM,MAAM,IAAI,MAAM,YAAY,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAW,CAAC;AAC/F,QAAA,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AACtB,KAAA;AAED,IAAA,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;AAGG;AACI,MAAM,gBAAgB,GAAG;AAC9B,IAAA,KAAK,EAAE,gCAAgC;AACvC,IAAA,SAAS,EACP,uIAAuI;CAC1I,CAAC;AAEF;;;AAGG;AACI,MAAM,6BAA6B,GAAG;AAC3C,IAAA,KAAK,EACH,8FAA8F;AAChG,IAAA,SAAS,EAAE,CAA4K,0KAAA,CAAA;AACvL,IAAA,YAAY,EAAE,CAA4F,0FAAA,CAAA;CAC3G,CAAC;AAEF;AACA,MAAM,YAAY,GAAG,CAAC,GAAU,KAAK,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAO,IAAA,EAAA,gBAAgB,CAAC,KAAK,CAAA,IAAA,CAAM,CAAC,CAAC;AAE5F;AACA,MAAM,mBAAmB,GAAG,CAAC,GAAU,KAAK,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;AAE1F;;;;AAIG;AACI,MAAM,YAAY,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;AAEpD,IAAI,SAAS,EAAE;IACb,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC;AAChD,CAAA;AAED;;;;AAIG;MACU,yBAAyB,CAAA;AAGpC;;;;;;;;;;AAUG;AACH,IAAA,WAAA,CAAY,OAA0C,EAAA;QACpD,IAAI,CAAC,QAAQ,GAAG,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,QAAQ,CAAC;KACnC;AAED;;;AAGG;AACK,IAAA,MAAM,6BAA6B,CACzC,QAAgB,EAChB,QAAiB,EAAA;;AAGjB,QAAA,KAAK,MAAM,iBAAiB,IAAI,CAAC,GAAG,YAAY,CAAC,EAAE;YACjD,IAAI;gBACF,MAAM,WAAW,CAAC,CAAC,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;AAChD,aAAA;AAAC,YAAA,OAAO,CAAM,EAAE;;gBAEf,YAAY,CAAC,KAAK,EAAE,CAAC;gBACrB,SAAS;AACV,aAAA;YAED,IAAI,aAAa,GAAG,EAAE,CAAC;AACvB,YAAA,IAAI,QAAQ,EAAE;AACZ,gBAAA,aAAa,GAAG,CAAA,WAAA,EAAc,QAAQ,CAAA,CAAA,CAAG,CAAC;AAC3C,aAAA;AAED,YAAA,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC;AAChC,gBAAA;oBACE,iBAAiB;oBACjB,UAAU;oBACV,2DAA2D;AAC5D,iBAAA;AACD,gBAAA;oBACE,iBAAiB;oBACjB,UAAU;oBACV,CAAqB,kBAAA,EAAA,aAAa,CAAkB,eAAA,EAAA,QAAQ,CAAoB,kBAAA,CAAA;AACjF,iBAAA;AACF,aAAA,CAAC,CAAC;AAEH,YAAA,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YAC1B,IAAI;AACF,gBAAA,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;AAC3B,aAAA;AAAC,YAAA,OAAO,CAAM,EAAE;AACf,gBAAA,MAAM,IAAI,KAAK,CAAC,8DAA8D,MAAM,CAAA,CAAE,CAAC,CAAC;AACzF,aAAA;AACF,SAAA;AAED,QAAA,MAAM,IAAI,KAAK,CAAC,CAAA,wEAAA,CAA0E,CAAC,CAAC;KAC7F;AAED;;;;;;AAMG;AACI,IAAA,MAAM,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE,EAAA;AAE7B,QAAA,OAAO,aAAa,CAAC,QAAQ,CAAC,CAAA,EAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,YAAW;YACrF,MAAM,QAAQ,GAAG,yBAAyB,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;AACnE,YAAA,IAAI,QAAQ,EAAE;AACZ,gBAAA,aAAa,CAACA,QAAM,EAAE,QAAQ,CAAC,CAAC;AACjC,aAAA;AAED,YAAA,MAAM,KAAK,GAAG,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AAC9D,YAAA,gBAAgB,CAAC,KAAK,EAAEA,QAAM,CAAC,CAAC;YAChCA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAmB,gBAAA,EAAA,KAAK,CAAE,CAAA,CAAC,CAAC;AACjD,YAAA,MAAM,QAAQ,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;YAEzC,IAAI;gBACF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;gBAC9EA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO;oBACL,KAAK,EAAE,QAAQ,CAAC,KAAK;oBACrB,kBAAkB,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;iBAC3D,CAAC;AACH,aAAA;AAAC,YAAA,OAAO,GAAQ,EAAE;AACjB,gBAAA,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE;oBAC5B,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,6BAA6B,CAAC,SAAS,CAAC,CAAC;AACtF,oBAAAA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAChD,oBAAA,MAAM,KAAK,CAAC;AACb,iBAAA;AAAM,qBAAA,IAAI,YAAY,CAAC,GAAG,CAAC,EAAE;oBAC5B,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,6BAA6B,CAAC,KAAK,CAAC,CAAC;AAClF,oBAAAA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAChD,oBAAA,MAAM,KAAK,CAAC;AACb,iBAAA;AACD,gBAAA,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,CAAA,EAAG,GAAG,CAAA,EAAA,EAAK,6BAA6B,CAAC,YAAY,CAAA,CAAE,CACxD,CAAC;AACF,gBAAAA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAChD,gBAAA,MAAM,KAAK,CAAC;AACb,aAAA;AACH,SAAC,CAAC,CAAC;KACJ;AACF;;AC3MD;AAmBA;;;AAGG;AACG,MAAO,gBAAiB,SAAQ,QAAQ,CAAA;AAC5C,IAAA,WAAA,CAAY,OAAgC,EAAA;QAC1C,KAAK,CAAC,OAAO,CAAC,CAAC;AACf,QAAA,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;QACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;KAC1D;AAES,IAAA,MAAM,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE,EAAA;QAE3C,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAgB,CAAC,8BAA8B,CAAC;gBACxE,MAAM;gBACN,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;AACvB,aAAA,CAAC,CAAC;;;AAGH,YAAA,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;AACtE,SAAA;AAAC,QAAA,OAAO,GAAQ,EAAE;YACjB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;AAC9C,SAAA;KACF;AACF;;ACjDD;AAWA,MAAMA,QAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;;;;;AAOG;MACU,sBAAsB,CAAA;AAGjC;;;;;;;;;AASG;AACH,IAAA,WAAA,CACE,QAAgB,EAChB,QAAgB,EAChB,YAAoB,EACpB,UAAyC,EAAE,EAAA;QAE3C,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE;AAC3C,YAAA,MAAM,IAAI,KAAK,CACb,4LAA4L,CAC7L,CAAC;AACH,SAAA;QACD,IAAI,CAAC,QAAQ,GAAG,IAAI,gBAAgB,CAC/B,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EAAA,OAAO,aACVA,QAAM;YACN,QAAQ;YACR,QAAQ;AACR,YAAA,YAAY,EACZ,sBAAsB,EAAE,OAAO,IAC/B,CAAC;KACJ;AAED;;;;;;;AAOG;AACH,IAAA,MAAM,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE,EAAA;AACrE,QAAA,OAAO,aAAa,CAAC,QAAQ,CAC3B,CAAG,EAAA,IAAI,CAAC,WAAW,CAAC,IAAI,CAAA,SAAA,CAAW,EACnC,OAAO,EACP,OAAO,UAAU,KAAI;AACnB,YAAA,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;AACzD,SAAC,CACF,CAAC;KACH;AACF;;ACzED;AAkBA,MAAMgB,eAAa,GAAGC,cAAS,CAACC,WAAQ,CAAC,CAAC;AAqC1C;;;;;;;AAOG;AACI,eAAe,gBAAgB,CACpC,aAA0D,EAC1D,oBAA8B,EAAA;IAE9B,MAAM,gBAAgB,GAA8B,EAAE,CAAC;IAEvD,MAAM,WAAW,GAAwB,aAAiD;AACvF,SAAA,WAAW,CAAC;IACf,MAAM,eAAe,GAAwB,aAAqD;AAC/F,SAAA,eAAe,CAAC;AACnB,IAAA,gBAAgB,CAAC,mBAAmB;QAClC,WAAW,KAAK,MAAMF,eAAa,CAAC,eAAgB,EAAE,MAAM,CAAC,CAAC,CAAC;AACjE,IAAA,IAAI,oBAAoB,EAAE;AACxB,QAAA,gBAAgB,CAAC,GAAG,GAAG,gBAAgB,CAAC,mBAAmB,CAAC;AAC7D,KAAA;IAED,MAAM,kBAAkB,GACtB,+FAA+F,CAAC;IAClG,MAAM,UAAU,GAAa,EAAE,CAAC;;AAGhC,IAAA,IAAI,KAAK,CAAC;IACV,GAAG;QACD,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,gBAAgB,CAAC,mBAAmB,CAAC,CAAC;AACtE,QAAA,IAAI,KAAK,EAAE;YACT,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AAC3B,SAAA;AACF,KAAA,QAAQ,KAAK,EAAE;AAEhB,IAAA,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE;AAC3B,QAAA,MAAM,IAAI,KAAK,CAAC,4EAA4E,CAAC,CAAC;AAC/F,KAAA;AAED,IAAA,gBAAgB,CAAC,UAAU,GAAGG,iBAAU,CAAC,MAAM,CAAC;AAC7C,SAAA,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;SAC5C,MAAM,CAAC,KAAK,CAAC;AACb,SAAA,WAAW,EAAE,CAAC;AAEjB,IAAA,OAAO,gBAAoC,CAAC;AAC9C,CAAC;AAED;;;AAGG;AACG,MAAO,qBAAsB,SAAQ,QAAQ,CAAA;AAIjD,IAAA,WAAA,CAAY,OAAqC,EAAA;QAC/C,KAAK,CAAC,OAAO,CAAC,CAAC;AACf,QAAA,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;AACjC,QAAA,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;AAC3C,QAAA,IAAI,CAAC,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC;KAC1D;;IAGD,MAAM,IAAI,CAAC,OAAuC,EAAA;QAChD,IAAI;AACF,YAAA,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,oBAAoB,CAAC,CAAC;AACpF,YAAA,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,GAAG;gBACvC,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,UAAU,EAAE,KAAK,CAAC,mBAAmB;gBACrC,GAAG,EAAE,KAAK,CAAC,GAAG;aACf,CAAC;AACH,SAAA;AAAC,QAAA,OAAO,KAAU,EAAE;AACnB,YAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;AACzC,YAAA,MAAM,KAAK,CAAC;AACb,SAAA;AACD,QAAA,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;KAC5B;AAES,IAAA,MAAM,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE,EAAA;QAE3C,IAAI;AACF,YAAA,MAAM,aAAa,GAA4B;gBAC7C,MAAM;gBACN,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB,CAAC;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAgB,CAAC,8BAA8B,CAAC,aAAa,CAAC,CAAC;;;;AAIzF,YAAA,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;AACtE,SAAA;AAAC,QAAA,OAAO,GAAQ,EAAE;YACjB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;AAC9C,SAAA;KACF;AACF;;AC5JD;AAWA,MAAMC,gBAAc,GAAG,6BAA6B,CAAC;AACrD,MAAMpB,QAAM,GAAG,gBAAgB,CAACoB,gBAAc,CAAC,CAAC;AA2BhD;;;;;;;AAOG;MACU,2BAA2B,CAAA;AAkDtC,IAAA,WAAA,CACE,QAAgB,EAChB,QAAgB,EAChB,8BAAoF,EACpF,UAA8C,EAAE,EAAA;AAEhD,QAAA,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE;AAC1B,YAAA,MAAM,IAAI,KAAK,CAAC,GAAGA,gBAAc,CAAA,gDAAA,CAAkD,CAAC,CAAC;AACtF,SAAA;AACD,QAAA,MAAM,aAAa,GACd,MAAA,CAAA,MAAA,CAAA,EAAA,GAAC,OAAO,8BAA8B,KAAK,QAAQ;AACpD,cAAE;AACE,gBAAA,eAAe,EAAE,8BAA8B;AAChD,aAAA;AACH,cAAE,8BAA8B,EACnC,CAAC;QACF,MAAM,WAAW,GAAwB,aAAiD;AACvF,aAAA,WAAW,CAAC;AACf,QAAA,MAAM,eAAe,GACnB,aACD,CAAC,eAAe,CAAC;QAClB,IAAI,CAAC,aAAa,IAAI,EAAE,WAAW,IAAI,eAAe,CAAC,EAAE;AACvD,YAAA,MAAM,IAAI,KAAK,CACb,GAAGA,gBAAc,CAAA,0MAAA,CAA4M,CAC9N,CAAC;AACH,SAAA;QACD,IAAI,WAAW,IAAI,eAAe,EAAE;AAClC,YAAA,MAAM,IAAI,KAAK,CACb,GAAGA,gBAAc,CAAA,sOAAA,CAAwO,CAC1P,CAAC;AACH,SAAA;QACD,IAAI,CAAC,QAAQ,GAAG,IAAI,qBAAqB,CACpC,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EAAA,OAAO,KACV,aAAa;oBACbpB,QAAM;YACN,QAAQ;YACR,QAAQ,EACR,oBAAoB,EAAE,OAAO,CAAC,oBAAoB,EAClD,sBAAsB,EAAE,OAAO,EAAA,CAAA,CAC/B,CAAC;KACJ;AAED;;;;;;;AAOG;AACH,IAAA,MAAM,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE,EAAA;AACrE,QAAA,OAAO,aAAa,CAAC,QAAQ,CAAC,GAAGoB,gBAAc,CAAA,SAAA,CAAW,EAAE,OAAO,EAAE,OAAO,UAAU,KAAI;AACxF,YAAA,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;AACzD,SAAC,CAAC,CAAC;KACJ;AACF;;ACzJD;AAkBA;;;AAGG;AACG,MAAO,oBAAqB,SAAQ,QAAQ,CAAA;AAIhD,IAAA,WAAA,CAAY,OAAoC,EAAA;QAC9C,KAAK,CAAC,OAAO,CAAC,CAAC;AACf,QAAA,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;AACjC,QAAA,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;KAClC;AAES,IAAA,MAAM,UAAU,CACxB,MAAgB,EAChB,OAAuC,EAAA;QAEvC,IAAI;AACF,YAAA,MAAM,cAAc,GAAqC;gBACvD,MAAM;gBACN,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;AACvB,gBAAA,aAAa,EAAE,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,aAAa;AACrC,gBAAA,SAAS,EAAE,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,SAAS;AAC7B,gBAAA,MAAM,EAAE,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,MAAM;aACxB,CAAC;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAU,CAAC,8BAA8B,CAAC,cAAc,CAAC,CAAC;AACpF,YAAA,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;AACtE,SAAA;AAAC,QAAA,OAAO,KAAU,EAAE;YACnB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;AAChD,SAAA;KACF;AACF;;ACnDD;AAWA,MAAMpB,QAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;;AAKG;MACU,0BAA0B,CAAA;AAGrC;;;;;;;;;;AAUG;IACH,WACE,CAAA,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,OAAA,GAA6C,EAAE,EAAA;QAE/C,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE;AACpD,YAAA,MAAM,IAAI,KAAK,CACb,iMAAiM,CAClM,CAAC;AACH,SAAA;QACD,IAAI,CAAC,QAAQ,GAAG,IAAI,oBAAoB,CACnC,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EAAA,OAAO,aACVA,QAAM;YACN,QAAQ;YACR,QAAQ;YACR,QAAQ;AACR,YAAA,QAAQ,EACR,sBAAsB,EAAE,OAAO,IAAI,EAAE,IACrC,CAAC;KACJ;AAED;;;;;;;;;;;AAWG;AACH,IAAA,MAAM,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE,EAAA;AACrE,QAAA,OAAO,aAAa,CAAC,QAAQ,CAC3B,CAAG,EAAA,IAAI,CAAC,WAAW,CAAC,IAAI,CAAA,SAAA,CAAW,EACnC,OAAO,EACP,OAAO,UAAU,KAAI;AACnB,YAAA,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;AACzD,SAAC,CACF,CAAC;KACH;AACF;;AC9ED;AAcA;;;;;;AAMG;AACI,MAAM,gCAAgC,GAAG;IAC9C,iBAAiB;IACjB,iBAAiB;IACjB,qBAAqB;IACrB,+BAA+B;IAC/B,gBAAgB;IAChB,gBAAgB;CACjB,CAAC;AAEF,MAAMoB,gBAAc,GAAG,uBAAuB,CAAC;AAC/C,MAAMpB,QAAM,GAAG,gBAAgB,CAACoB,gBAAc,CAAC,CAAC;AAQhD;;;AAGG;MACU,qBAAqB,CAAA;AAKhC;;;;;;;;;;;;;;;;;;;AAmBG;AACH,IAAA,WAAA,CAAY,OAAsC,EAAA;;QAxB1C,IAAW,CAAA,WAAA,GAGc,SAAS,CAAC;AAwBzC,QAAA,MAAM,QAAQ,GAAG,cAAc,CAAC,gCAAgC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACtF,QAAApB,QAAM,CAAC,IAAI,CAAC,8CAA8C,QAAQ,CAAA,CAAE,CAAC,CAAC;QAEtE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EAC1C,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EACtC,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;AAEjD,QAAA,IAAI,QAAQ,EAAE;AACZ,YAAA,aAAa,CAACA,QAAM,EAAE,QAAQ,CAAC,CAAC;AACjC,SAAA;AAED,QAAA,IAAI,QAAQ,IAAI,QAAQ,IAAI,YAAY,EAAE;YACxCA,QAAM,CAAC,IAAI,CACT,CAAA,gDAAA,EAAmD,QAAQ,CAAe,YAAA,EAAA,QAAQ,CAA+B,6BAAA,CAAA,CAClH,CAAC;AACF,YAAA,IAAI,CAAC,WAAW,GAAG,IAAI,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;YACzF,OAAO;AACR,SAAA;AAED,QAAA,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;AAClE,QAAA,IAAI,QAAQ,IAAI,QAAQ,IAAI,eAAe,EAAE;YAC3CA,QAAM,CAAC,IAAI,CACT,CAAwD,qDAAA,EAAA,QAAQ,CAAe,YAAA,EAAA,QAAQ,CAAyB,sBAAA,EAAA,eAAe,CAAE,CAAA,CAClI,CAAC;AACF,YAAA,IAAI,CAAC,WAAW,GAAG,IAAI,2BAA2B,CAChD,QAAQ,EACR,QAAQ,EACR,EAAE,eAAe,EAAE,EACnB,OAAO,CACR,CAAC;YACF,OAAO;AACR,SAAA;AAED,QAAA,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;AAC5C,QAAA,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;AAC5C,QAAA,IAAI,QAAQ,IAAI,QAAQ,IAAI,QAAQ,IAAI,QAAQ,EAAE;YAChDA,QAAM,CAAC,IAAI,CACT,CAAuD,oDAAA,EAAA,QAAQ,CAAe,YAAA,EAAA,QAAQ,CAAkB,eAAA,EAAA,QAAQ,CAAE,CAAA,CACnH,CAAC;AACF,YAAA,IAAI,CAAC,WAAW,GAAG,IAAI,0BAA0B,CAC/C,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,OAAO,CACR,CAAC;AACH,SAAA;KACF;AAED;;;;;AAKG;AACH,IAAA,MAAM,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE,EAAA;AACrE,QAAA,OAAO,aAAa,CAAC,QAAQ,CAAC,GAAGoB,gBAAc,CAAA,SAAA,CAAW,EAAE,OAAO,EAAE,OAAO,UAAU,KAAI;YACxF,IAAI,IAAI,CAAC,WAAW,EAAE;gBACpB,IAAI;AACF,oBAAA,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;oBACnEpB,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;AAC5C,oBAAA,OAAO,MAAM,CAAC;AACf,iBAAA;AAAC,gBAAA,OAAO,GAAQ,EAAE;AACjB,oBAAA,MAAM,mBAAmB,GAAG,IAAI,mBAAmB,CAAC,GAAG,EAAE;wBACvD,KAAK,EAAE,CAAG,EAAAoB,gBAAc,CAAqH,mHAAA,CAAA;AAC7I,wBAAA,iBAAiB,EAAE,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;AAC1E,qBAAA,CAAC,CAAC;AACH,oBAAApB,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC,CAAC;AAC/D,oBAAA,MAAM,mBAAmB,CAAC;AAC3B,iBAAA;AACF,aAAA;AACD,YAAA,MAAM,IAAI,0BAA0B,CAClC,GAAGoB,gBAAc,CAAA,oJAAA,CAAsJ,CACxK,CAAC;AACJ,SAAC,CAAC,CAAC;KACJ;AACF;;ACnJD;AACA;AAEO,MAAM,kBAAkB,GAAG,WAAW,CAAC;AACvC,MAAM,QAAQ,GAAG,wBAAwB,CAAC;AAC1C,MAAM,gBAAgB,GAAG,iCAAiC,CAAC;AAC3D,MAAM,cAAc,GAAG,YAAY,CAAC;AACpC,MAAM,kBAAkB,GAAG,YAAY,CAAC;AACxC,MAAM,kBAAkB,GAAG,oBAAoB;;ACRtD;AAKA;;;;;;;;AAQG;AACG,SAAU,mBAAmB,CAAC,MAAyB,EAAA;IAC3D,IAAI,KAAK,GAAG,EAAE,CAAC;AACf,IAAA,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;AACzB,QAAA,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE;YACvB,OAAO;AACR,SAAA;AAED,QAAA,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACnB,KAAA;AAAM,SAAA,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE;QACrC,KAAK,GAAG,MAAM,CAAC;AAChB,KAAA;AAED,IAAA,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE;AACvC,QAAA,OAAO,KAAK,CAAC;AACd,KAAA;AAED,IAAA,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC,CAAC;AAChE;;AC/BA;AAcA,MAAMC,SAAO,GAAG,gDAAgD,CAAC;AACjE,MAAMrB,QAAM,GAAG,gBAAgB,CAACqB,SAAO,CAAC,CAAC;AAEzC;;AAEG;AACH,SAASC,iBAAe,CAAC,WAAoC,EAAA;;IAE3D,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,UAAqB,CAAC,CAAC;AACvD,CAAC;AAED;;AAEG;AACH,SAASC,uBAAqB,CAC5B,MAAyB,EACzB,QAAiB,EAAA;AAEjB,IAAA,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,QAAQ,EAAE;AACb,QAAA,MAAM,IAAI,KAAK,CAAC,GAAGF,SAAO,CAAA,oCAAA,CAAsC,CAAC,CAAC;AACnE,KAAA;AAED,IAAA,MAAM,eAAe,GAA2B;QAC9C,QAAQ;AACR,QAAA,aAAa,EAAE,YAAY;KAC5B,CAAC;AAEF,IAAA,IAAI,QAAQ,EAAE;AACZ,QAAA,eAAe,CAAC,QAAQ,GAAG,QAAQ,CAAC;AACrC,KAAA;AAED,IAAA,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,CAAC;;AAGnD,IAAA,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE;AAC7B,QAAA,MAAM,IAAI,KAAK,CAAC,GAAGA,SAAO,CAAA,4CAAA,CAA8C,CAAC,CAAC;AAC3E,KAAA;AACD,IAAA,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE;AAC3B,QAAA,MAAM,IAAI,KAAK,CAAC,GAAGA,SAAO,CAAA,0CAAA,CAA4C,CAAC,CAAC;AACzE,KAAA;IAED,OAAO;AACL,QAAA,GAAG,EAAE,CAAA,EAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAA,CAAA,EAAI,KAAK,CAAC,QAAQ,EAAE,CAAE,CAAA;AACtD,QAAA,MAAM,EAAE,KAAK;QACb,OAAO,EAAEhB,kCAAiB,CAAC;AACzB,YAAA,MAAM,EAAE,kBAAkB;AAC1B,YAAA,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU;SAC/B,CAAC;KACH,CAAC;AACJ,CAAC;AAED;;AAEG;AACI,MAAM,iBAAiB,GAAQ;AACpC,IAAA,MAAM,WAAW,CAAC,EAAE,MAAM,EAAE,EAAA;AAC1B,QAAA,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE;AACb,YAAAL,QAAM,CAAC,IAAI,CAAC,GAAGqB,SAAO,CAAA,iDAAA,CAAmD,CAAC,CAAC;AAC3E,YAAA,OAAO,KAAK,CAAC;AACd,SAAA;AACD,QAAA,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;AACxB,QAAA,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;QAC3D,IAAI,CAAC,MAAM,EAAE;AACX,YAAArB,QAAM,CAAC,IAAI,CACT,GAAGqB,SAAO,CAAA,iFAAA,CAAmF,CAC9F,CAAC;AACH,SAAA;AACD,QAAA,OAAO,MAAM,CAAC;KACf;AACD,IAAA,MAAM,QAAQ,CACZ,aAA+B,EAC/B,kBAAmC,EAAE,EAAA;QAErC,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,aAAa,CAAC;AAEvE,QAAA,IAAI,UAAU,EAAE;AACd,YAAArB,QAAM,CAAC,OAAO,CACZ,GAAGqB,SAAO,CAAA,wGAAA,CAA0G,CACrH,CAAC;AACH,SAAA;AAED,QAAArB,QAAM,CAAC,IAAI,CACT,CAAA,EAAGqB,SAAO,CAAA,wFAAA,EAA2F,OAAO,CAAC,GAAG,CAAC,YAAY,CAAA,2BAAA,CAA6B,CAC3J,CAAC;AAEF,QAAA,MAAM,OAAO,GAAGjB,sCAAqB,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EACnC,WAAW,EAAE,eAAe,CAAC,WAAW,IACrCmB,uBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAA,EAAA;;YAE1C,uBAAuB,EAAE,IAAI,EAAA,CAAA,CAC7B,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,gBAAgB,CAAC,OAAO,EAAED,iBAAe,CAAC,CAAC;QACtF,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,KAAK,IAAI,CAAC;KAC7D;CACF;;AC9GD;AAaA,MAAMD,SAAO,GAAG,2CAA2C,CAAC;AACrD,MAAMrB,QAAM,GAAG,gBAAgB,CAACqB,SAAO,CAAC,CAAC;AAEhD;;AAEG;AACH,SAASE,uBAAqB,CAC5B,MAAyB,EACzB,QAAiB,EACjB,UAAmB,EAAA;AAEnB,IAAA,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,QAAQ,EAAE;AACb,QAAA,MAAM,IAAI,KAAK,CAAC,GAAGF,SAAO,CAAA,oCAAA,CAAsC,CAAC,CAAC;AACnE,KAAA;AAED,IAAA,MAAM,IAAI,GAA2B;QACnC,QAAQ;KACT,CAAC;AAEF,IAAA,IAAI,QAAQ,EAAE;AACZ,QAAA,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;AAC3B,KAAA;AACD,IAAA,IAAI,UAAU,EAAE;AACd,QAAA,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;AAC9B,KAAA;;AAGD,IAAA,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE;AAC7B,QAAA,MAAM,IAAI,KAAK,CAAC,GAAGA,SAAO,CAAA,4CAAA,CAA8C,CAAC,CAAC;AAC3E,KAAA;AACD,IAAA,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC;IACzC,OAAO;AACL,QAAA,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;AAC7B,QAAA,MAAM,EAAE,MAAM;AACd,QAAA,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;QACvB,OAAO,EAAEhB,kCAAiB,CAAC;AACzB,YAAA,MAAM,EAAE,kBAAkB;AAC1B,YAAA,QAAQ,EAAE,MAAM;AAChB,YAAA,cAAc,EAAE,mCAAmC;SACpD,CAAC;KACH,CAAC;AACJ,CAAC;AAED;;;AAGG;AACI,MAAM,aAAa,GAAQ;AAChC,IAAA,MAAM,WAAW,CAAC,EAAE,MAAM,EAAE,EAAA;AAC1B,QAAA,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE;AACb,YAAAL,QAAM,CAAC,IAAI,CAAC,GAAGqB,SAAO,CAAA,iDAAA,CAAmD,CAAC,CAAC;AAC3E,YAAA,OAAO,KAAK,CAAC;AACd,SAAA;QAED,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACjD,IAAI,CAAC,MAAM,EAAE;AACX,YAAArB,QAAM,CAAC,IAAI,CAAC,GAAGqB,SAAO,CAAA,+DAAA,CAAiE,CAAC,CAAC;AAC1F,SAAA;AACD,QAAA,OAAO,MAAM,CAAC;KACf;AACD,IAAA,MAAM,QAAQ,CACZ,aAA+B,EAC/B,kBAAmC,EAAE,EAAA;QAErC,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,aAAa,CAAC;AAEvE,QAAA,IAAI,QAAQ,EAAE;AACZ,YAAArB,QAAM,CAAC,OAAO,CACZ,GAAGqB,SAAO,CAAA,gGAAA,CAAkG,CAC7G,CAAC;AACH,SAAA;AAED,QAAA,IAAI,UAAU,EAAE;AACd,YAAArB,QAAM,CAAC,OAAO,CACZ,GAAGqB,SAAO,CAAA,sHAAA,CAAwH,CACnI,CAAC;AACH,SAAA;AAED,QAAArB,QAAM,CAAC,IAAI,CACT,CAAA,EAAGqB,SAAO,CAAA,yEAAA,EAA4E,OAAO,CAAC,GAAG,CAAC,YAAY,CAAA,CAAA,CAAG,CAClH,CAAC;AAEF,QAAA,MAAM,OAAO,GAAGjB,sCAAqB,CACnC,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,WAAW,EAAE,eAAe,CAAC,WAAW,EAAA,EACrCmB,uBAAqB,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAA,EAAA;;YAEtD,uBAAuB,EAAE,IAAI,EAAA,CAAA,CAC7B,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACrE,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,KAAK,IAAI,CAAC;KAC7D;CACF;;AC1GD;AAmBA,MAAMF,SAAO,GAAG,kCAAkC,CAAC;AACnD,MAAMrB,QAAM,GAAG,gBAAgB,CAACqB,SAAO,CAAC,CAAC;AAEzC;;AAEG;AACH,SAASC,iBAAe,CAAC,WAAoC,EAAA;IAC3D,IAAI,WAAW,CAAC,UAAU,EAAE;;QAE1B,MAAM,OAAO,GAAG,CAAC,WAAW,CAAC,UAAU,GAAG,IAAI,CAAC;AAC/C,QAAAtB,QAAM,CAAC,IAAI,CACT,CAAA,EAAGqB,SAAO,CAAA,oBAAA,EAAuB,OAAO,CAAA,kBAAA,EAAqB,WAAW,CAAC,UAAU,CAAA,CAAA,CAAG,CACvF,CAAC;AACF,QAAA,OAAO,OAAO,CAAC;AAChB,KAAA;AAAM,SAAA;;AAEL,QAAA,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC,UAAU,GAAG,IAAI,CAAC;AAC3D,QAAArB,QAAM,CAAC,IAAI,CACT,CAAA,EAAGqB,SAAO,CAAA,yBAAA,EAA4B,OAAO,CAAA,kBAAA,EAAqB,WAAW,CAAC,UAAU,CAAA,CAAA,CAAG,CAC5F,CAAC;AACF,QAAA,OAAO,OAAO,CAAC;AAChB,KAAA;AACH,CAAC;AAED;;AAEG;AACH,SAASE,uBAAqB,CAC5B,MAAyB,EACzB,QAAiB,EACjB,UAAmB,EACnB,OAGC,EAAA;;AAED,IAAA,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,QAAQ,EAAE;AACb,QAAA,MAAM,IAAI,KAAK,CAAC,GAAGF,SAAO,CAAA,oCAAA,CAAsC,CAAC,CAAC;AACnE,KAAA;IAED,MAAM,EAAE,SAAS,EAAE,kBAAkB,EAAE,GAAG,OAAO,IAAI,EAAE,CAAC;IACxD,IAAI,KAAK,GAAG,EAAE,CAAC;;;IAIf,IAAI,CAAC,SAAS,EAAE;AACd,QAAA,MAAM,eAAe,GAA2B;YAC9C,QAAQ;AACR,YAAA,aAAa,EAAE,cAAc;SAC9B,CAAC;AACF,QAAA,IAAI,QAAQ,EAAE;AACZ,YAAA,eAAe,CAAC,SAAS,GAAG,QAAQ,CAAC;AACtC,SAAA;AACD,QAAA,IAAI,UAAU,EAAE;AACd,YAAA,eAAe,CAAC,UAAU,GAAG,UAAU,CAAC;AACzC,SAAA;AACD,QAAA,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,CAAC;AACpD,QAAA,KAAK,GAAG,CAAI,CAAA,EAAA,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;AACjC,KAAA;AAED,IAAA,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,gBAAgB,EAAE,CAAA,EAAA,GAAA,OAAO,CAAC,GAAG,CAAC,iCAAiC,MAAI,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,EAAA,GAAA,QAAQ,CAAC,CAAC;AAEjG,IAAA,MAAM,UAAU,GAA2B;AACzC,QAAA,MAAM,EAAE,kBAAkB;AAC1B,QAAA,QAAQ,EAAE,MAAM;KACjB,CAAC;;AAGF,IAAA,IAAI,kBAAkB,EAAE;QACtB,OAAO,UAAU,CAAC,QAAQ,CAAC;AAC5B,KAAA;IAED,OAAO;;AAEL,QAAA,GAAG,EAAE,CAAA,EAAG,GAAG,CAAA,EAAG,KAAK,CAAE,CAAA;AACrB,QAAA,MAAM,EAAE,KAAK;AACb,QAAA,OAAO,EAAEhB,kCAAiB,CAAC,UAAU,CAAC;KACvC,CAAC;AACJ,CAAC;AAED;AACO,MAAM,kBAAkB,GAAG;AAChC,IAAA,UAAU,EAAE,CAAC;AACb,IAAA,cAAc,EAAE,GAAG;AACnB,IAAA,iBAAiB,EAAE,CAAC;CACrB,CAAC;AAEF;;AAEG;AACI,MAAM,OAAO,GAAQ;AAC1B,IAAA,MAAM,WAAW,CAAC,EAChB,MAAM,EACN,cAAc,EACd,QAAQ,EACR,UAAU,EACV,eAAe,GAAG,EAAE,GACrB,EAAA;AACC,QAAA,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE;AACb,YAAAL,QAAM,CAAC,IAAI,CAAC,GAAGqB,SAAO,CAAA,iDAAA,CAAmD,CAAC,CAAC;AAC3E,YAAA,OAAO,KAAK,CAAC;AACd,SAAA;;AAGD,QAAA,IAAI,OAAO,CAAC,GAAG,CAAC,iCAAiC,EAAE;AACjD,YAAA,OAAO,IAAI,CAAC;AACb,SAAA;QAED,IAAI,CAAC,cAAc,EAAE;AACnB,YAAA,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;AAC3C,SAAA;QAED,MAAM,cAAc,GAAGE,uBAAqB,CAAC,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE;AAC3E,YAAA,kBAAkB,EAAE,IAAI;AACxB,YAAA,SAAS,EAAE,IAAI;AAChB,SAAA,CAAC,CAAC;AAEH,QAAA,OAAO,aAAa,CAAC,QAAQ,CAC3B,4CAA4C,EAC5C,eAAe,EACf,OAAO,OAAO,KAAI;;AAChB,YAAA,cAAc,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;YACvD,IAAI;;;;AAIF,gBAAA,MAAM,OAAO,GAAGnB,sCAAqB,CAAC,cAAc,CAAC,CAAC;AAEtD,gBAAA,OAAO,CAAC,OAAO,GAAG,CAAA,EAAA,GAAA,CAAA,EAAA,GAAA,OAAO,CAAC,cAAc,MAAE,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAA,OAAO,MAAI,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,EAAA,GAAA,GAAG,CAAC;;AAGzD,gBAAA,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC;gBAEvC,IAAI;AACF,oBAAAJ,QAAM,CAAC,IAAI,CAAC,GAAGqB,SAAO,CAAA,iCAAA,CAAmC,CAAC,CAAC;AAC3D,oBAAA,MAAM,cAAc,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;AAC3C,iBAAA;AAAC,gBAAA,OAAO,GAAQ,EAAE;AACjB,oBAAA,IACE,CAAC,GAAG,CAAC,IAAI,KAAK,WAAW,IAAI,GAAG,CAAC,IAAI,KAAKG,0BAAS,CAAC,kBAAkB;wBACtE,GAAG,CAAC,IAAI,KAAK,YAAY;AACzB,wBAAA,GAAG,CAAC,IAAI,KAAK,aAAa;AAC1B,wBAAA,GAAG,CAAC,IAAI,KAAK,cAAc;AAC3B,wBAAA,GAAG,CAAC,IAAI,KAAK,WAAW;AACxB,sBAAA;;;AAGA,wBAAAxB,QAAM,CAAC,IAAI,CAAC,GAAGqB,SAAO,CAAA,wCAAA,CAA0C,CAAC,CAAC;AAClE,wBAAA,OAAO,KAAK,CAAC;AACd,qBAAA;AACF,iBAAA;;AAGD,gBAAArB,QAAM,CAAC,IAAI,CAAC,GAAGqB,SAAO,CAAA,sCAAA,CAAwC,CAAC,CAAC;AAChE,gBAAA,OAAO,IAAI,CAAC;AACb,aAAA;AAAC,YAAA,OAAO,GAAQ,EAAE;;;gBAGjBrB,QAAM,CAAC,IAAI,CACT,CAAG,EAAAqB,SAAO,CAAsE,mEAAA,EAAA,GAAG,CAAC,OAAO,CAAE,CAAA,CAC9F,CAAC;AACF,gBAAA,MAAM,GAAG,CAAC;AACX,aAAA;AACH,SAAC,CACF,CAAC;KACH;AACD,IAAA,MAAM,QAAQ,CACZ,aAA+B,EAC/B,kBAAmC,EAAE,EAAA;QAErC,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,aAAa,CAAC;AAEvE,QAAArB,QAAM,CAAC,IAAI,CACT,CAAA,EAAGqB,SAAO,CAAA,kFAAA,EAAqF,OAAO,CAAC,GAAG,CAAC,YAAY,CAAA,+DAAA,CAAiE,CACzL,CAAC;AAEF,QAAA,IAAI,aAAa,GAAG,kBAAkB,CAAC,cAAc,CAAC;AACtD,QAAA,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,kBAAkB,CAAC,UAAU,EAAE,OAAO,EAAE,EAAE;YACxE,IAAI;gBACF,MAAM,OAAO,GAAGjB,sCAAqB,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EACnC,WAAW,EAAE,eAAe,CAAC,WAAW,EACrC,EAAAmB,uBAAqB,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,KACtD,uBAAuB,EAAE,IAAI,EAAA,CAAA,CAC7B,CAAC;gBACH,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,gBAAgB,CAAC,OAAO,EAAED,iBAAe,CAAC,CAAC;gBACtF,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,KAAK,IAAI,CAAC;AAC7D,aAAA;AAAC,YAAA,OAAO,KAAU,EAAE;AACnB,gBAAA,IAAI,KAAK,CAAC,UAAU,KAAK,GAAG,EAAE;AAC5B,oBAAA,MAAMG,cAAK,CAAC,aAAa,CAAC,CAAC;AAC3B,oBAAA,aAAa,IAAI,kBAAkB,CAAC,iBAAiB,CAAC;oBACtD,SAAS;AACV,iBAAA;AACD,gBAAA,MAAM,KAAK,CAAC;AACb,aAAA;AACF,SAAA;AAED,QAAA,MAAM,IAAI,mBAAmB,CAC3B,GAAG,EACH,CAAA,EAAGJ,SAAO,CAAA,sCAAA,EAAyC,kBAAkB,CAAC,UAAU,CAAA,SAAA,CAAW,CAC5F,CAAC;KACH;CACF;;AC7ND;AAiBA,MAAMA,SAAO,GAAG,2CAA2C,CAAC;AAC5D,MAAMrB,QAAM,GAAG,gBAAgB,CAACqB,SAAO,CAAC,CAAC;AAEzC;;AAEG;AACH,SAASE,uBAAqB,CAC5B,MAAyB,EACzB,QAAiB,EACjB,UAAmB,EAAA;AAEnB,IAAA,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,QAAQ,EAAE;AACb,QAAA,MAAM,IAAI,KAAK,CAAC,GAAGF,SAAO,CAAA,oCAAA,CAAsC,CAAC,CAAC;AACnE,KAAA;AACD,IAAA,MAAM,eAAe,GAA2B;QAC9C,QAAQ;AACR,QAAA,aAAa,EAAE,kBAAkB;KAClC,CAAC;AAEF,IAAA,IAAI,QAAQ,EAAE;AACZ,QAAA,eAAe,CAAC,SAAS,GAAG,QAAQ,CAAC;AACtC,KAAA;AACD,IAAA,IAAI,UAAU,EAAE;AACd,QAAA,eAAe,CAAC,UAAU,GAAG,UAAU,CAAC;AACzC,KAAA;;AAGD,IAAA,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE;AAClC,QAAA,MAAM,IAAI,KAAK,CAAC,GAAGA,SAAO,CAAA,iDAAA,CAAmD,CAAC,CAAC;AAChF,KAAA;AAED,IAAA,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,CAAC;AAEnD,IAAA,OAAOjB,sCAAqB,CAAC;;AAE3B,QAAA,GAAG,EAAE,CAAA,EAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAA,CAAA,EAAI,KAAK,CAAC,QAAQ,EAAE,CAAE,CAAA;AAC3D,QAAA,MAAM,EAAE,KAAK;QACb,OAAO,EAAEC,kCAAiB,CAAC;AACzB,YAAA,MAAM,EAAE,kBAAkB;AAC1B,YAAA,QAAQ,EAAE,MAAM;SACjB,CAAC;AACH,KAAA,CAAC,CAAC;AACL,CAAC;AAED;;;AAGG;AACH,SAASW,eAAa,CAAC,IAAY,EAAE,OAA6B,EAAA;IAChE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,KACjCE,WAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,GAAG,EAAE,IAAI,KAAI;AACpC,QAAA,IAAI,GAAG,EAAE;YACP,MAAM,CAAC,GAAG,CAAC,CAAC;AACb,SAAA;QACD,OAAO,CAAC,IAAI,CAAC,CAAC;KACf,CAAC,CACH,CAAC;AACJ,CAAC;AAED;;AAEG;AACH,eAAe,eAAe,CAC5B,cAA8B,EAC9B,qBAA6C,EAAA;AAE7C,IAAA,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,WAAW,CAACd,sCAAqB,CAAC,qBAAqB,CAAC,CAAC,CAAC;AAEhG,IAAA,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;QAC3B,IAAI,OAAO,GAAG,EAAE,CAAC;QACjB,IAAI,QAAQ,CAAC,UAAU,EAAE;AACvB,YAAA,OAAO,GAAG,CAAc,WAAA,EAAA,QAAQ,CAAC,UAAU,EAAE,CAAC;AAC/C,SAAA;AACD,QAAA,MAAM,IAAI,mBAAmB,CAC3B,QAAQ,CAAC,MAAM,EACf,CAAA,EAAGiB,SAAO,CAAA,wFAAA,EAA2F,OAAO,CAAA,CAAE,CAC/G,CAAC;AACH,KAAA;AAED,IAAA,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;IAClE,IAAI;AACF,QAAA,OAAO,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC1C,KAAA;AAAC,IAAA,OAAO,CAAM,EAAE;AACf,QAAA,MAAM,KAAK,CAAC,CAAA,wCAAA,EAA2C,UAAU,CAAA,CAAE,CAAC,CAAC;AACtE,KAAA;AACH,CAAC;AAED;;AAEG;AACI,MAAM,MAAM,GAAQ;AACzB,IAAA,MAAM,WAAW,CAAC,EAAE,MAAM,EAAE,EAAA;AAC1B,QAAA,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE;AACb,YAAArB,QAAM,CAAC,IAAI,CAAC,GAAGqB,SAAO,CAAA,iDAAA,CAAmD,CAAC,CAAC;AAC3E,YAAA,OAAO,KAAK,CAAC;AACd,SAAA;AACD,QAAA,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QACnF,IAAI,CAAC,MAAM,EAAE;AACX,YAAArB,QAAM,CAAC,IAAI,CACT,GAAGqB,SAAO,CAAA,2EAAA,CAA6E,CACxF,CAAC;AACH,SAAA;AACD,QAAA,OAAO,MAAM,CAAC;KACf;AACD,IAAA,MAAM,QAAQ,CACZ,aAA+B,EAC/B,kBAAmC,EAAE,EAAA;;QAErC,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,aAAa,CAAC;AAEvE,QAAA,IAAI,QAAQ,EAAE;AACZ,YAAArB,QAAM,CAAC,OAAO,CACZ,GAAGqB,SAAO,CAAA,gGAAA,CAAkG,CAC7G,CAAC;AACH,SAAA;AACD,QAAA,IAAI,UAAU,EAAE;AACd,YAAArB,QAAM,CAAC,OAAO,CACZ,GAAGqB,SAAO,CAAA,qGAAA,CAAuG,CAClH,CAAC;AACH,SAAA;AAED,QAAArB,QAAM,CAAC,IAAI,CAAC,GAAGqB,SAAO,CAAA,iBAAA,CAAmB,CAAC,CAAC;AAE3C,QAAA,MAAM,cAAc,GAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAClB,0BAA0B,EAAE,IAAI,EAChC,qBAAqB,EAAE,SAAS,EAChC,WAAW,EAAE,eAAe,CAAC,WAAW,EAAA,EACrCE,uBAAqB,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CACtD,EAAA,EAAA,uBAAuB,EAAE,IAAI,GAC9B,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC;QAEvE,IAAI,CAAC,QAAQ,EAAE;AACb,YAAA,MAAM,IAAI,KAAK,CAAC,GAAGF,SAAO,CAAA,gCAAA,CAAkC,CAAC,CAAC;AAC/D,SAAA;AAED,QAAA,MAAM,GAAG,GAAG,MAAML,eAAa,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;AACjE,QAAA,CAAA,EAAA,GAAA,cAAc,CAAC,OAAO,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAE,GAAG,CAAC,eAAe,EAAE,CAAS,MAAA,EAAA,GAAG,CAAE,CAAA,CAAC,CAAC;AAE7D,QAAA,MAAM,OAAO,GAAGZ,sCAAqB,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EAChC,cAAc,CAAA,EAAA;;YAEjB,uBAAuB,EAAE,IAAI,EAAA,CAAA,CAC7B,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACrE,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,KAAK,IAAI,CAAC;KAC7D;CACF;;ACvKD;AAeA,MAAMiB,SAAO,GAAG,4CAA4C,CAAC;AAC7D,MAAMrB,QAAM,GAAG,gBAAgB,CAACqB,SAAO,CAAC,CAAC;AAEzC,MAAM,aAAa,GAAGJ,cAAS,CAACJ,sBAAE,CAAC,QAAQ,CAAC,CAAC;AAE7C;;AAEG;AACH,SAASU,uBAAqB,CAC5B,MAAyB,EACzB,eAAuB,EACvB,QAAgB,EAAA;;AAEhB,IAAA,MAAM,UAAU,GAA2B;AACzC,QAAA,KAAK,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM;AACxD,QAAA,gBAAgB,EAAE,eAAe;AACjC,QAAA,qBAAqB,EAAE,wDAAwD;AAC/E,QAAA,SAAS,EAAE,QAAQ;AACnB,QAAA,UAAU,EAAE,oBAAoB;KACjC,CAAC;AAEF,IAAA,MAAM,SAAS,GAAG,IAAI,eAAe,CAAC,UAAU,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,GAAG,CACjB,CAAG,EAAA,OAAO,CAAC,GAAG,CAAC,eAAe,oBAAoB,EAClD,CAAA,EAAA,GAAA,OAAO,CAAC,GAAG,CAAC,oBAAoB,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,EAAA,GAAI,oBAAoB,CACzD,CAAC;IAEF,OAAO;AACL,QAAA,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE;AACnB,QAAA,MAAM,EAAE,MAAM;AACd,QAAA,IAAI,EAAE,SAAS,CAAC,QAAQ,EAAE;QAC1B,OAAO,EAAElB,kCAAiB,CAAC;AACzB,YAAA,MAAM,EAAE,kBAAkB;SAC3B,CAAC;KACH,CAAC;AACJ,CAAC;AAED;;AAEG;SACa,gBAAgB,GAAA;AAC9B,IAAA,MAAM,2BAA2B,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC3E,IAAI,8BAA8B,GAAuB,SAAS,CAAC;IACnE,IAAI,SAAS,GAAuB,SAAS,CAAC;;AAG9C,IAAA,eAAe,aAAa,GAAA;;AAE1B,QAAA,IAAI,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,IAAI,IAAI,GAAG,EAAE,GAAG,CAAC,EAAE;YACtE,8BAA8B,GAAG,SAAS,CAAC;AAC5C,SAAA;QACD,IAAI,CAAC,8BAA8B,EAAE;YACnC,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,2BAA4B,EAAE,MAAM,CAAC,CAAC;AACvE,YAAA,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,KAAK,EAAE;AACV,gBAAA,MAAM,IAAI,KAAK,CACb,0BAA0B,2BAA2B,CAAA,kEAAA,CAAoE,CAC1H,CAAC;AACH,aAAA;AAAM,iBAAA;gBACL,8BAA8B,GAAG,KAAK,CAAC;AACvC,gBAAA,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;AACxB,aAAA;AACF,SAAA;AACD,QAAA,OAAO,8BAA8B,CAAC;KACvC;IAED,OAAO;AACL,QAAA,MAAM,WAAW,CAAC,EAAE,QAAQ,EAAE,EAAA;AAC5B,YAAA,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;AACxB,YAAA,MAAM,MAAM,GAAG,OAAO,CACpB,CAAC,QAAQ,IAAI,GAAG,CAAC,eAAe,KAAK,GAAG,CAAC,eAAe,IAAI,2BAA2B,CACxF,CAAC;YACF,IAAI,CAAC,MAAM,EAAE;AACX,gBAAAL,QAAM,CAAC,IAAI,CACT,GAAGqB,SAAO,CAAA,mKAAA,CAAqK,CAChL,CAAC;AACH,aAAA;AACD,YAAA,OAAO,MAAM,CAAC;SACf;AACD,QAAA,MAAM,QAAQ,CACZ,aAA+B,EAC/B,kBAAmC,EAAE,EAAA;YAErC,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAC;AAE3D,YAAArB,QAAM,CAAC,IAAI,CAAC,GAAGqB,SAAO,CAAA,+DAAA,CAAiE,CAAC,CAAC;AAEzF,YAAA,IAAI,SAAiB,CAAC;YAEtB,IAAI;AACF,gBAAA,SAAS,GAAG,MAAM,aAAa,EAAE,CAAC;AACnC,aAAA;AAAC,YAAA,OAAO,GAAQ,EAAE;gBACjB,MAAM,IAAI,KAAK,CACb,CAAA,EAAGA,SAAO,CAAoB,iBAAA,EAAA,2BAA2B,CAAoE,kEAAA,CAAA,CAC9H,CAAC;AACH,aAAA;YAED,MAAM,OAAO,GAAGjB,sCAAqB,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EACnC,WAAW,EAAE,eAAe,CAAC,WAAW,EACrC,EAAAmB,uBAAqB,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAgB,CAAC,CAAA,EAAA;;gBAErF,uBAAuB,EAAE,IAAI,EAAA,CAAA,CAC7B,CAAC;YACH,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;YACrE,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,KAAK,IAAI,CAAC;SAC7D;KACF,CAAC;AACJ;;AC1HA;AAgBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA,MAAMF,SAAO,GAAG,wCAAwC,CAAC;AACzD,MAAMrB,QAAM,GAAG,gBAAgB,CAACqB,SAAO,CAAC,CAAC;AAEzC;;AAEG;AACH,SAASC,iBAAe,CAAC,WAAoC,EAAA;;AAE3D,IAAA,OAAO,MAAM,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;AACxC,CAAC;AAED;;AAEG;AACH,SAASC,uBAAqB,CAC5B,MAAyB,EACzB,QAAiB,EACjB,UAAmB,EAAA;AAEnB,IAAA,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,QAAQ,EAAE;AACb,QAAA,MAAM,IAAI,KAAK,CAAC,GAAGF,SAAO,CAAA,oCAAA,CAAsC,CAAC,CAAC;AACnE,KAAA;AAED,IAAA,MAAM,eAAe,GAA2B;QAC9C,QAAQ;AACR,QAAA,aAAa,EAAE,kBAAkB;KAClC,CAAC;AAEF,IAAA,IAAI,QAAQ,EAAE;AACZ,QAAA,eAAe,CAAC,SAAS,GAAG,QAAQ,CAAC;AACtC,KAAA;AACD,IAAA,IAAI,UAAU,EAAE;AACd,QAAA,eAAe,CAAC,UAAU,GAAG,UAAU,CAAC;AACzC,KAAA;AACD,IAAA,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,CAAC;;AAGnD,IAAA,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE;AAClC,QAAA,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;AACpE,KAAA;AACD,IAAA,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE;AAChC,QAAA,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;AAClE,KAAA;IAED,OAAO;AACL,QAAA,GAAG,EAAE,CAAA,EAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAA,CAAA,EAAI,KAAK,CAAC,QAAQ,EAAE,CAAE,CAAA;AAC3D,QAAA,MAAM,EAAE,KAAK;QACb,OAAO,EAAEhB,kCAAiB,CAAC;AACzB,YAAA,MAAM,EAAE,kBAAkB;AAC1B,YAAA,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe;SACpC,CAAC;KACH,CAAC;AACJ,CAAC;AAED;;AAEG;AACI,MAAM,SAAS,GAAQ;AAC5B,IAAA,MAAM,WAAW,CAAC,EAAE,MAAM,EAAE,EAAA;AAC1B,QAAA,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE;AACb,YAAAL,QAAM,CAAC,IAAI,CAAC,GAAGqB,SAAO,CAAA,iDAAA,CAAmD,CAAC,CAAC;AAC3E,YAAA,OAAO,KAAK,CAAC;AACd,SAAA;AACD,QAAA,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;AACxB,QAAA,MAAM,MAAM,GAAG,OAAO,CACpB,GAAG,CAAC,iBAAiB,IAAI,GAAG,CAAC,eAAe,IAAI,GAAG,CAAC,0BAA0B,CAC/E,CAAC;QACF,IAAI,CAAC,MAAM,EAAE;AACX,YAAArB,QAAM,CAAC,IAAI,CACT,GAAGqB,SAAO,CAAA,sHAAA,CAAwH,CACnI,CAAC;AACH,SAAA;AACD,QAAA,OAAO,MAAM,CAAC;KACf;AACD,IAAA,MAAM,QAAQ,CACZ,aAA+B,EAC/B,kBAAmC,EAAE,EAAA;QAErC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,aAAa,CAAC;AAEvE,QAAA,IAAI,UAAU,EAAE;AACd,YAAArB,QAAM,CAAC,OAAO,CACZ,GAAGqB,SAAO,CAAA,qHAAA,CAAuH,CAClI,CAAC;AACH,SAAA;QAEDrB,QAAM,CAAC,IAAI,CACT;AACE,YAAA,CAAA,EAAGqB,SAAO,CAAG,CAAA,CAAA;YACb,0EAA0E;AAC1E,YAAA,CAAA,kBAAA,EAAqB,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAG,CAAA,CAAA;YACrD,gCAAgC;YAChC,wCAAwC;AACzC,SAAA,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;AAEF,QAAA,MAAM,OAAO,GAAGjB,sCAAqB,iBACnC,WAAW,EAAE,eAAe,CAAC,WAAW,IACrCmB,uBAAqB,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,EAGtD,CAAC;AAEH,QAAA,OAAO,CAAC,KAAK,GAAG,IAAIG,yBAAK,CAAC,KAAK,CAAC;;;AAG9B,YAAA,kBAAkB,EAAE,KAAK;AAC1B,SAAA,CAAC,CAAC;QAEH,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,gBAAgB,CAAC,OAAO,EAAEJ,iBAAe,CAAC,CAAC;QACtF,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,KAAK,IAAI,CAAC;KAC7D;CACF;;AC7ID;AAcA,MAAM,OAAO,GAAG,gDAAgD,CAAC;AACjE,MAAMtB,QAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAEzC;;AAEG;AACH,SAAS,eAAe,CAAC,WAAoC,EAAA;;IAE3D,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,UAAqB,CAAC,CAAC;AACvD,CAAC;AAED;;AAEG;AACH,SAAS,qBAAqB,CAC5B,MAAyB,EACzB,QAAiB,EACjB,UAAmB,EAAA;AAEnB,IAAA,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,QAAQ,EAAE;AACb,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,CAAA,oCAAA,CAAsC,CAAC,CAAC;AACnE,KAAA;AAED,IAAA,MAAM,eAAe,GAA2B;QAC9C,QAAQ;AACR,QAAA,aAAa,EAAE,YAAY;KAC5B,CAAC;AAEF,IAAA,IAAI,QAAQ,EAAE;AACZ,QAAA,eAAe,CAAC,SAAS,GAAG,QAAQ,CAAC;AACtC,KAAA;AAED,IAAA,IAAI,UAAU,EAAE;AACd,QAAA,eAAe,CAAC,SAAS,GAAG,UAAU,CAAC;AACxC,KAAA;AACD,IAAA,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,CAAC;;AAGnD,IAAA,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE;AAClC,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,CAAA,iDAAA,CAAmD,CAAC,CAAC;AAChF,KAAA;AACD,IAAA,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE;AAChC,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,CAAA,+CAAA,CAAiD,CAAC,CAAC;AAC9E,KAAA;IAED,OAAO;AACL,QAAA,GAAG,EAAE,CAAA,EAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAA,CAAA,EAAI,KAAK,CAAC,QAAQ,EAAE,CAAE,CAAA;AAC3D,QAAA,MAAM,EAAE,KAAK;QACb,OAAO,EAAEK,kCAAiB,CAAC;AACzB,YAAA,MAAM,EAAE,kBAAkB;AAC1B,YAAA,mBAAmB,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe;SACjD,CAAC;KACH,CAAC;AACJ,CAAC;AAED;;AAEG;AACI,MAAM,iBAAiB,GAAQ;AACpC,IAAA,MAAM,WAAW,CAAC,EAAE,MAAM,EAAE,EAAA;AAC1B,QAAA,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE;AACb,YAAAL,QAAM,CAAC,IAAI,CAAC,GAAG,OAAO,CAAA,iDAAA,CAAmD,CAAC,CAAC;AAC3E,YAAA,OAAO,KAAK,CAAC;AACd,SAAA;AACD,QAAA,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;AACxB,QAAA,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,GAAG,CAAC,eAAe,CAAC,CAAC;QACrE,IAAI,CAAC,MAAM,EAAE;AACX,YAAAA,QAAM,CAAC,IAAI,CACT,GAAG,OAAO,CAAA,2FAAA,CAA6F,CACxG,CAAC;AACH,SAAA;AACD,QAAA,OAAO,MAAM,CAAC;KACf;AACD,IAAA,MAAM,QAAQ,CACZ,aAA+B,EAC/B,kBAAmC,EAAE,EAAA;QAErC,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,aAAa,CAAC;AAEvE,QAAAA,QAAM,CAAC,IAAI,CACT,CAAA,EAAG,OAAO,CAAA,6FAAA,EAAgG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAA,gCAAA,CAAkC,CAC1K,CAAC;AAEF,QAAA,MAAM,OAAO,GAAGI,sCAAqB,CACnC,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,WAAW,EAAE,eAAe,CAAC,WAAW,EAAA,EACrC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAA,EAAA;;YAEtD,uBAAuB,EAAE,IAAI,EAAA,CAAA,CAC7B,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,gBAAgB,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;QACtF,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,KAAK,IAAI,CAAC;KAC7D;CACF;;AC5GD;AAmBA,MAAMJ,QAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AA4B7D;;;;;;;AAOG;MACU,yBAAyB,CAAA;AA2BpC;;;AAGG;IACH,WACE,CAAA,iBAG8C,EAC9C,OAAgC,EAAA;QAhC1B,IAAqB,CAAA,qBAAA,GAAmB,IAAI,CAAC;AAkCnD,QAAA,IAAI,QAA4C,CAAC;AACjD,QAAA,IAAI,OAAO,iBAAiB,KAAK,QAAQ,EAAE;AACzC,YAAA,IAAI,CAAC,QAAQ,GAAG,iBAAiB,CAAC;YAClC,QAAQ,GAAG,OAAO,CAAC;AACpB,SAAA;AAAM,aAAA;YACL,IAAI,CAAC,QAAQ,GAAI,iBAA8D,KAAA,IAAA,IAA9D,iBAAiB,KAAjB,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,iBAAiB,CAA+C,QAAQ,CAAC;YAC1F,QAAQ,GAAG,iBAAiB,CAAC;AAC9B,SAAA;QACD,IAAI,CAAC,UAAU,GAAI,QAAuD,KAAA,IAAA,IAAvD,QAAQ,KAAR,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,QAAQ,CAAiD,UAAU,CAAC;;AAEvF,QAAA,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,UAAU,EAAE;YACpC,MAAM,IAAI,KAAK,CACb,CAAA,EAAG,yBAAyB,CAAC,IAAI,CAAkE,gEAAA,CAAA,CACpG,CAAC;AACH,SAAA;QACD,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,yBAAyB,GAAG,IAAI,cAAc,CAC9C,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EAAA,QAAQ,CACX,EAAA,EAAA,YAAY,EAAE;AACZ,gBAAA,UAAU,EAAE,CAAC;AACd,aAAA,EAAA,CAAA,CACD,CAAC;KACJ;AAIO,IAAA,MAAM,kBAAkB,CAC9B,MAAyB,EACzB,eAAiC,EAAA;QAEjC,IAAI,IAAI,CAAC,SAAS,EAAE;YAClB,OAAO,IAAI,CAAC,SAAS,CAAC;AACvB,SAAA;AAED,QAAA,MAAM,IAAI,GAAG;YACX,MAAM;YACN,SAAS;YACT,iBAAiB;YACjB,iBAAiB;YACjB,aAAa;AACb,YAAA,gBAAgB,EAAE;YAClB,OAAO;SACR,CAAC;AAEF,QAAA,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE;AACtB,YAAA,IACE,MAAM,GAAG,CAAC,WAAW,CAAC;gBACpB,MAAM;gBACN,cAAc,EAAE,IAAI,CAAC,yBAAyB;gBAC9C,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,UAAU,EAAE,IAAI,CAAC,UAAU;gBAC3B,eAAe;AAChB,aAAA,CAAC,EACF;AACA,gBAAA,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC;AACrB,gBAAA,OAAO,GAAG,CAAC;AACZ,aAAA;AACF,SAAA;QAED,MAAM,IAAI,0BAA0B,CAClC,CAAA,EAAG,yBAAyB,CAAC,IAAI,CAAgC,8BAAA,CAAA,CAClE,CAAC;KACH;AAEO,IAAA,MAAM,2BAA2B,CACvC,MAAyB,EACzB,eAAiC,EAAA;AAEjC,QAAA,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,aAAa,CAAC,SAAS,CACtD,CAAA,EAAG,yBAAyB,CAAC,IAAI,8BAA8B,EAC/D,eAAe,CAChB,CAAC;QAEF,IAAI;;YAEF,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;YAE3E,OAAO,YAAY,CAAC,QAAQ,CAC1B;gBACE,cAAc,EAAE,IAAI,CAAC,cAAc;gBACnC,MAAM;gBACN,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,UAAU,EAAE,IAAI,CAAC,UAAU;aAC5B,EACD,cAAc,CACf,CAAC;AACH,SAAA;AAAC,QAAA,OAAO,GAAQ,EAAE;YACjB,IAAI,CAAC,SAAS,CAAC;AACb,gBAAA,MAAM,EAAE,OAAO;AACf,gBAAA,KAAK,EAAE,GAAG;AACX,aAAA,CAAC,CAAC;AACH,YAAA,MAAM,GAAG,CAAC;AACX,SAAA;AAAS,gBAAA;YACR,IAAI,CAAC,GAAG,EAAE,CAAC;AACZ,SAAA;KACF;AAED;;;;;;;;AAQG;AACI,IAAA,MAAM,QAAQ,CACnB,MAAyB,EACzB,OAAyB,EAAA;QAEzB,IAAI,MAAM,GAAuB,IAAI,CAAC;AAEtC,QAAA,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,aAAa,CAAC,SAAS,CACtD,CAAA,EAAG,yBAAyB,CAAC,IAAI,WAAW,EAC5C,OAAO,CACR,CAAC;QAEF,IAAI;;;;AAIF,YAAA,IAAI,IAAI,CAAC,qBAAqB,KAAK,IAAI,EAAE;gBACvC,MAAM,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;gBAExE,IAAI,MAAM,KAAK,IAAI,EAAE;;;;AAInB,oBAAA,IAAI,CAAC,qBAAqB,GAAG,IAAI,CAAC;;;AAIlC,oBAAA,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,yEAAyE,CAC1E,CAAC;AACF,oBAAAA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AACjD,oBAAA,MAAM,KAAK,CAAC;AACb,iBAAA;;;;AAKD,gBAAA,IAAI,CAAC,qBAAqB,GAAG,KAAK,CAAC;AACpC,aAAA;AAAM,iBAAA;;;AAGL,gBAAA,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,0DAA0D,CAC3D,CAAC;AACF,gBAAAA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AACjD,gBAAA,MAAM,KAAK,CAAC;AACb,aAAA;YAEDA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;AAC5C,YAAA,OAAO,MAAM,CAAC;AACf,SAAA;AAAC,QAAA,OAAO,GAAQ,EAAE;;;AAGjB,YAAA,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE;AAC9C,gBAAA,MAAM,GAAG,CAAC;AACX,aAAA;;;;;;YAQD,IAAI,CAAC,SAAS,CAAC;AACb,gBAAA,MAAM,EAAE,OAAO;AACf,gBAAA,KAAK,EAAE,GAAG;AACX,aAAA,CAAC,CAAC;;;AAIH,YAAA,IAAI,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE;AAC9B,gBAAA,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,CAAG,EAAA,yBAAyB,CAAC,IAAI,gDAAgD,GAAG,CAAC,OAAO,CAAA,CAAE,CAC/F,CAAC;AAEF,gBAAAA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AACjD,gBAAA,MAAM,KAAK,CAAC;AACb,aAAA;;;AAID,YAAA,IAAI,GAAG,CAAC,IAAI,KAAK,cAAc,EAAE;AAC/B,gBAAA,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,CAAG,EAAA,yBAAyB,CAAC,IAAI,+DAA+D,GAAG,CAAC,OAAO,CAAA,CAAE,CAC9G,CAAC;AAEF,gBAAAA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AACjD,gBAAA,MAAM,KAAK,CAAC;AACb,aAAA;;;AAID,YAAA,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE;AAC1B,gBAAA,MAAM,IAAI,0BAA0B,CAClC,CAAA,EAAG,yBAAyB,CAAC,IAAI,CAAA,sFAAA,EAAyF,GAAG,CAAC,OAAO,CAAA,CAAE,CACxI,CAAC;AACH,aAAA;;;AAID,YAAA,IAAI,GAAG,CAAC,UAAU,KAAK,SAAS,EAAE;AAChC,gBAAA,MAAM,IAAI,0BAA0B,CAClC,CAAA,EAAG,yBAAyB,CAAC,IAAI,CAAA,iCAAA,EAAoC,GAAG,CAAC,OAAO,CAAA,CAAE,CACnF,CAAC;AACH,aAAA;;AAGD,YAAA,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,UAAU,EAAE;AAC5C,gBAAA,KAAK,EAAE,CAAA,EAAG,yBAAyB,CAAC,IAAI,CAAyB,uBAAA,CAAA;gBACjE,iBAAiB,EAAE,GAAG,CAAC,OAAO;AAC/B,aAAA,CAAC,CAAC;AACJ,SAAA;AAAS,gBAAA;;YAER,IAAI,CAAC,GAAG,EAAE,CAAC;AACZ,SAAA;KACF;AACF;;AC1TD;AAqEA;;;;;AAKG;AACG,MAAO,gCAAiC,SAAQ,yBAAyB,CAAA;;;AAO7E,IAAA,WAAA,CAAY,OAAuC,EAAA;;AACjD,QAAA,MAAM,uBAAuB,GAC3B,CAAA,EAAA,GAAC,OAAiD,KAAA,IAAA,IAAjD,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAA4C,uBAAuB,mCAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC9B,MAAM,iBAAiB,GAAI,OAAmD,KAAA,IAAA,IAAnD,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAC9B,yBAAyB,CAAC;;AAG9B,QAAA,IAAI,iBAAiB,EAAE;YACrB,MAAM,gCAAgC,mCACjC,OAAO,CAAA,EAAA,EACV,UAAU,EAAE,iBAAiB,GAC9B,CAAC;YACF,KAAK,CAAC,gCAAgC,CAAC,CAAC;AACzC,SAAA;AAAM,aAAA,IAAI,uBAAuB,EAAE;YAClC,MAAM,4BAA4B,mCAC7B,OAAO,CAAA,EAAA,EACV,QAAQ,EAAE,uBAAuB,GAClC,CAAC;YACF,KAAK,CAAC,4BAA4B,CAAC,CAAC;AACrC,SAAA;AAAM,aAAA;YACL,KAAK,CAAC,OAAO,CAAC,CAAC;AAChB,SAAA;KACF;AACF,CAAA;AAEM,MAAM,kBAAkB,GAAmC;IAChE,qBAAqB;IACrB,gCAAgC;IAChC,0BAA0B;IAC1B,kBAAkB;IAClB,yBAAyB;CAC1B,CAAC;AAEF;;;AAGG;AACG,MAAO,sBAAuB,SAAQ,sBAAsB,CAAA;AA6EhE,IAAA,WAAA,CACE,OAGyC,EAAA;AAEzC,QAAA,KAAK,CAAC,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AAC9D,QAAA,IAAI,CAAC,kBAAkB;AACrB,YAAA,kLAAkL,CAAC;KACtL;AACF;;AC/MD;AAmBA;;;AAGG;AACG,MAAO,mBAAoB,SAAQ,QAAQ,CAAA;AAE/C,IAAA,WAAA,CAAY,OAAmC,EAAA;QAC7C,KAAK,CAAC,OAAO,CAAC,CAAC;AACf,QAAA,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;AACjC,QAAA,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;KAC1C;AAES,IAAA,MAAM,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE,EAAA;QAE3C,IAAI;AACF,YAAA,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;YAC5C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAgB,CAAC,8BAA8B,CAAC;gBACxE,MAAM;gBACN,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;AACtB,gBAAA,eAAe,EAAE,SAAS;AAC3B,aAAA,CAAC,CAAC;;;AAGH,YAAA,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;AACtE,SAAA;AAAC,QAAA,OAAO,GAAY,EAAE;YACrB,IAAI,IAAI,GAAG,GAAG,CAAC;AACf,YAAA,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,EAAE;gBACrC,IAAI,GAAG,IAAI,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;AACvC,aAAA;AAAM,iBAAA;gBACL,IAAI,GAAG2B,gBAAO,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;AACpD,aAAA;YACD,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,IAAa,EAAE,OAAO,CAAC,CAAC;AACxD,SAAA;KACF;AACF;;AC1DD;AAWA,MAAM3B,QAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAE7D;;AAEG;MACU,yBAAyB,CAAA;AAMpC;;;;;;;;;AASG;AACH,IAAA,WAAA,CACE,QAAgB,EAChB,QAAgB,EAChB,YAAmC,EACnC,UAAkC,EAAE,EAAA;QAEpC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE;AAC3C,YAAA,MAAM,IAAI,KAAK,CACb,6FAA6F,CAC9F,CAAC;AACH,SAAA;AACD,QAAA,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;AACzB,QAAA,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;AACzB,QAAA,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;AACvB,QAAA,IAAI,CAAC,QAAQ,GAAG,IAAI,mBAAmB,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EAClC,OAAO,CAAA,EAAA,UACVA,QAAM,EACN,QAAQ,EAAE,IAAI,CAAC,QAAQ,EACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ,EACvB,sBAAsB,EAAE,IAAI,CAAC,OAAO,EACpC,YAAY,IACZ,CAAC;KACJ;AAED;;;;;;;AAOG;AACH,IAAA,MAAM,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE,EAAA;AACrE,QAAA,OAAO,aAAa,CAAC,QAAQ,CAC3B,CAAG,EAAA,IAAI,CAAC,WAAW,CAAC,IAAI,CAAA,SAAA,CAAW,EACnC,OAAO,EACP,OAAO,UAAU,KAAI;AACnB,YAAA,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;AACzD,SAAC,CACF,CAAC;KACH;AACF;;AC1ED;AA2BA;;;AAGG;AACI,MAAM,0BAA0B,GAAG;UACxC4B,wBAAI;CACL,CAAC;AAEF;;;;AAIG;AACG,MAAO,eAAgB,SAAQ,QAAQ,CAAA;AAM3C,IAAA,WAAA,CAAY,OAA+B,EAAA;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;AACf,QAAA,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAC5D,QAAA,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;AACvC,QAAA,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QAEnC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC/B,QAAA,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;AACpB,YAAA,IAAI,CAAC,IAAI,GAAG,EAAE,CAAC;AAChB,SAAA;AACD,QAAA,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;KAC9B;IAEO,MAAM,kBAAkB,CAC9B,OAA0C,EAAA;QAE1C,OAAO,IAAI,CAAC,SAAU,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;KACpD;IAES,UAAU,CAClB,MAAgB,EAChB,OAAuC,EAAA;QAEvC,OAAO,IAAI,OAAO,CAAc,CAAC,OAAO,EAAE,MAAM,KAAI;YAClD,MAAM,eAAe,GAAa,EAAE,CAAC;AAErC,YAAA,MAAM,eAAe,GAAG,CAAC,GAAyB,EAAE,GAAwB,KAAU;;AACpF,gBAAA,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE;AACZ,oBAAA,MAAM,CACJ,IAAI,KAAK,CACP,CAA0F,wFAAA,CAAA,CAC3F,CACF,CAAC;oBACF,OAAO;AACR,iBAAA;AACD,gBAAA,IAAI,GAAQ,CAAC;gBACb,IAAI;AACF,oBAAA,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;AAC1C,iBAAA;AAAC,gBAAA,OAAO,CAAM,EAAE;AACf,oBAAA,MAAM,CACJ,IAAI,KAAK,CACP,CAA0F,wFAAA,CAAA,CAC3F,CACF,CAAC;oBACF,OAAO;AACR,iBAAA;AACD,gBAAA,MAAM,YAAY,GAAsC;oBACtD,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAE;oBACnC,WAAW,EAAE,IAAI,CAAC,WAAW;AAC7B,oBAAA,MAAM,EAAE,MAAM;AACd,oBAAA,SAAS,EAAE,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,SAAS;AAC7B,oBAAA,YAAY,EAAE,CAAA,EAAA,GAAA,IAAI,CAAC,SAAS,0CAAE,QAAQ;iBACvC,CAAC;AAEF,gBAAA,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC;AAClC,qBAAA,IAAI,CAAC,CAAC,YAAY,KAAI;AACrB,oBAAA,IAAI,YAAY,KAAZ,IAAA,IAAA,YAAY,uBAAZ,YAAY,CAAE,OAAO,EAAE;AACzB,wBAAA,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;AAClE,qBAAA;oBACD,MAAM,cAAc,GAAG,CAAA,iFAAA,CAAmF,CAAC;AAC3G,oBAAA,IAAI,YAAY,IAAI,YAAY,CAAC,SAAS,EAAE;AAC1C,wBAAA,MAAM,kBAAkB,GAAG,YAAY,KAAA,IAAA,IAAZ,YAAY,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAZ,YAAY,CAAE,SAAS,CAAC,OAAO,EAAE,CAAC;AAC7D,wBAAA,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;AACnB,wBAAA,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;AACxB,wBAAA,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;AAEjD,wBAAA,OAAO,CAAC;4BACN,kBAAkB;4BAClB,KAAK,EAAE,YAAY,CAAC,WAAW;AAChC,yBAAA,CAAC,CAAC;AACJ,qBAAA;AAAM,yBAAA;wBACL,MAAM,YAAY,GAAG,WAAW,CAC9B,MAAM,EACN,CAAA,EAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA,EAAA,EAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAE,CAAA,CACjF,CAAC;AACF,wBAAA,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;AACnB,wBAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;wBACtB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;AAExC,wBAAA,MAAM,CACJ,IAAI,KAAK,CACP,CAA0F,wFAAA,CAAA,CAC3F,CACF,CAAC;AACH,qBAAA;AACD,oBAAA,OAAO,EAAE,CAAC;oBACV,OAAO;AACT,iBAAC,CAAC;qBACD,KAAK,CAAC,MAAK;oBACV,MAAM,YAAY,GAAG,WAAW,CAC9B,MAAM,EACN,CAAA,EAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA,EAAA,EAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAE,CAAA,CACjF,CAAC;AACF,oBAAA,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;AACnB,oBAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;oBACtB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;AAExC,oBAAA,MAAM,CACJ,IAAI,KAAK,CACP,CAA0F,wFAAA,CAAA,CAC3F,CACF,CAAC;AACF,oBAAA,OAAO,EAAE,CAAC;AACZ,iBAAC,CAAC,CAAC;AACP,aAAC,CAAC;YAEF,MAAM,GAAG,GAAGC,wBAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;AAC/C,YAAA,MAAM,MAAM,GAAGC,6BAAS,CAAC,GAAG,CAAC,CAAC;AAE9B,YAAA,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,MAClD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAkD,+CAAA,EAAA,IAAI,CAAC,IAAI,CAAG,CAAA,CAAA,CAAC,CACjF,CAAC;AAEF,YAAA,SAAS,OAAO,GAAA;AACd,gBAAA,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;AAChB,iBAAA;AAED,gBAAA,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE;oBACpC,MAAM,CAAC,OAAO,EAAE,CAAC;AAClB,iBAAA;AAED,gBAAA,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,EAAE,CAAC;AACf,iBAAA;aACF;AAED,YAAA,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,MAAM,KAAK,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;YAE/D,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,KAAI;AACtB,gBAAA,OAAO,EAAE,CAAC;AACV,gBAAA,MAAM,IAAI,GAAI,GAAW,CAAC,IAAI,CAAC;AAC/B,gBAAA,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,YAAY,EAAE;oBAC9C,MAAM,CACJ,IAAI,0BAA0B,CAC5B;wBACE,CAAuD,oDAAA,EAAA,IAAI,CAAC,IAAI,CAAG,CAAA,CAAA;wBACnE,CAA+D,6DAAA,CAAA;wBAC/D,8EAA8E;AAC/E,qBAAA,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CACF,CAAC;AACH,iBAAA;AAAM,qBAAA;oBACL,MAAM,CACJ,IAAI,0BAA0B,CAC5B,CAAA,+EAAA,EAAkF,GAAG,CAAC,OAAO,CAAA,CAAE,CAChG,CACF,CAAC;AACH,iBAAA;AACH,aAAC,CAAC,CAAC;AAEH,YAAA,GAAG,CAAC,EAAE,CAAC,WAAW,EAAE,MAAK;gBACvB,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBAE1D,MAAM,WAAW,GAAG,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,WAAW,CAAC;AACzC,gBAAA,IAAI,WAAW,EAAE;AACf,oBAAA,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,MAAK;AACzC,wBAAA,OAAO,EAAE,CAAC;AACV,wBAAA,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;AAC/B,qBAAC,CAAC,CAAC;AACJ,iBAAA;gBAED,WAAW,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,KAAI;AAC7B,oBAAA,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,CAAC,CAAC,CAAC;AACZ,iBAAC,CAAC,CAAC;AACL,aAAC,CAAC,CAAC;AACL,SAAC,CAAC,CAAC;KACJ;AAOO,IAAA,MAAM,eAAe,CAC3B,UAAoB,EACpB,OAAuC,EAAA;;AAGvC,QAAA,MAAM,cAAc,GAAG,IAAIpB,mBAAQ,CAAC,cAAc,EAAE,CAAC;;QAErD,IAAI,CAAC,SAAS,GAAG,MAAM,cAAc,CAAC,iBAAiB,EAAE,CAAC;AAE1D,QAAA,MAAM,qBAAqB,GAAqC;AAC9D,YAAA,MAAM,EAAE,UAAU;AAClB,YAAA,aAAa,EAAE,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,aAAa;YACrC,WAAW,EAAE,IAAI,CAAC,WAAW;AAC7B,YAAA,SAAS,EAAE,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,SAAS;AAC7B,YAAA,MAAM,EAAE,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,MAAM;YACvB,SAAS,EAAE,IAAI,CAAC,SAAS;AACzB,YAAA,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS;YACvC,mBAAmB,EAAE,MAAM;SAC5B,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAU,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC;QAE7E,IAAI;;AAEF,YAAA,MAAM,0BAA0B,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;AACpF,SAAA;AAAC,QAAA,OAAO,CAAM,EAAE;YACf,MAAM,IAAI,0BAA0B,CAClC,CAAA,sEAAA,EAAyE,CAAC,CAAC,OAAO,CAAE,CAAA,CACrF,CAAC;AACH,SAAA;KACF;AACF;;AC9PD;AAiBA,MAAMV,QAAM,GAAG,gBAAgB,CAAC,8BAA8B,CAAC,CAAC;AAEhE;;;AAGG;MACU,4BAA4B,CAAA;AAIvC;;;;;;;;;;;AAWG;AACH,IAAA,WAAA,CACE,UAEmD,EAAE,EAAA;AAErD,QAAA,MAAM,WAAW,GACf,OAAO,OAAO,CAAC,WAAW,KAAK,UAAU;AACvC,cAAE,OAAO,CAAC,WAAW,EAAE;AACvB,cAAE,OAAO,CAAC,WAAW,IAAI,kBAAkB,CAAC;AAEhD,QAAA,IAAI,CAAC,QAAQ,GAAG,IAAI,eAAe,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EAC9B,OAAO,CAAA,EAAA,EACV,sBAAsB,EAAE,OAAO,UAC/BA,QAAM;AACN,YAAA,WAAW,IACX,CAAC;QACH,IAAI,CAAC,8BAA8B,GAAG,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,8BAA8B,CAAC;KAC/E;AAED;;;;;;;;;;;AAWG;AACH,IAAA,MAAM,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE,EAAA;AACrE,QAAA,OAAO,aAAa,CAAC,QAAQ,CAC3B,CAAG,EAAA,IAAI,CAAC,WAAW,CAAC,IAAI,CAAA,SAAA,CAAW,EACnC,OAAO,EACP,OAAO,UAAU,KAAI;AACnB,YAAA,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,CAAC;AAC9D,YAAA,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EACpC,UAAU,CAAA,EAAA,EACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,IACnE,CAAC;AACL,SAAC,CACF,CAAC;KACH;AAED;;;;;;;;;;;;AAYG;AACH,IAAA,MAAM,YAAY,CAChB,MAAyB,EACzB,UAA2B,EAAE,EAAA;AAE7B,QAAA,OAAO,aAAa,CAAC,QAAQ,CAC3B,CAAG,EAAA,IAAI,CAAC,WAAW,CAAC,IAAI,CAAA,aAAA,CAAe,EACvC,OAAO,EACP,OAAO,UAAU,KAAI;AACnB,YAAA,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,CAAC;YAC9D,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;AACtD,YAAA,OAAO,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC;AAC1C,SAAC,CACF,CAAC;KACH;AACF;;AC/GD;AAkBA;;;AAGG;AACG,MAAO,cAAe,SAAQ,QAAQ,CAAA;AAG1C,IAAA,WAAA,CAAY,OAA8B,EAAA;QACxC,KAAK,CAAC,OAAO,CAAC,CAAC;AACf,QAAA,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;KACtD;AAES,IAAA,MAAM,UAAU,CACxB,MAAgB,EAChB,OAAuC,EAAA;QAEvC,IAAI;AACF,YAAA,MAAM,cAAc,GAA+B;gBACjD,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;gBAC3C,MAAM;AACN,gBAAA,MAAM,EAAE,KAAK;AACb,gBAAA,aAAa,EAAE,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,aAAa;AACrC,gBAAA,SAAS,EAAE,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,SAAS;AAC7B,gBAAA,MAAM,EAAE,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,MAAM;aACxB,CAAC;YACF,MAAM,OAAO,GAAG,IAAI,CAAC,SAAU,CAAC,wBAAwB,CAAC,cAAc,CAAC,CAAC;AACzE,YAAA,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,WAAW,EAAE,MAAK;AACrF,gBAAA,cAAc,CAAC,MAAM,GAAG,IAAI,CAAC;AAC/B,aAAC,CAAC,CAAC;AACH,YAAA,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,cAAc,IAAI,SAAS,CAAC,CAAC;AAC9E,SAAA;AAAC,QAAA,OAAO,KAAU,EAAE;YACnB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;AAChD,SAAA;KACF;AACF;;ACpDD;AAYA,MAAMA,QAAM,GAAG,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;AAExD;;;AAGG;AACG,SAAU,+BAA+B,CAAC,cAA8B,EAAA;AAC5E,IAAA,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC;AAED;;;AAGG;MACU,oBAAoB,CAAA;AAI/B;;;;;;;;;;;;;;;;;;;AAmBG;AACH,IAAA,WAAA,CAAY,OAAqC,EAAA;AAC/C,QAAA,IAAI,CAAC,QAAQ,GAAG,IAAI,cAAc,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EAC7B,OAAO,CAAA,EAAA,UACVA,QAAM,EACN,kBAAkB,EAAE,CAAA,OAAO,KAAP,IAAA,IAAA,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,kBAAkB,KAAI,+BAA+B,EAClF,sBAAsB,EAAE,OAAO,IAAI,EAAE,IACrC,CAAC;QACH,IAAI,CAAC,8BAA8B,GAAG,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,8BAA8B,CAAC;KAC/E;AAED;;;;;;;;;;;AAWG;AACH,IAAA,MAAM,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE,EAAA;AACrE,QAAA,OAAO,aAAa,CAAC,QAAQ,CAC3B,CAAG,EAAA,IAAI,CAAC,WAAW,CAAC,IAAI,CAAA,SAAA,CAAW,EACnC,OAAO,EACP,OAAO,UAAU,KAAI;AACnB,YAAA,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,CAAC;AAC9D,YAAA,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EACpC,UAAU,CAAA,EAAA,EACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,IACnE,CAAC;AACL,SAAC,CACF,CAAC;KACH;AAED;;;;;;;;;AASG;AACH,IAAA,MAAM,YAAY,CAChB,MAAyB,EACzB,UAA2B,EAAE,EAAA;AAE7B,QAAA,OAAO,aAAa,CAAC,QAAQ,CAC3B,CAAG,EAAA,IAAI,CAAC,WAAW,CAAC,IAAI,CAAA,aAAA,CAAe,EACvC,OAAO,EACP,OAAO,UAAU,KAAI;AACnB,YAAA,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,CAAC;YAC9D,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;AACtD,YAAA,OAAO,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC;AAC1C,SAAC,CACF,CAAC;KACH;AACF;;AC9GD;AAkBA;;;;AAIG;AACG,MAAO,qBAAsB,SAAQ,QAAQ,CAAA;AAIjD,IAAA,WAAA,CAAY,OAAqC,EAAA;QAC/C,KAAK,CAAC,OAAO,CAAC,CAAC;AACf,QAAA,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC,iCAAiC,CAAC,CAAC;AAClE,QAAA,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;AACvC,QAAA,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC;QACnD,IAAI,OAAO,CAAC,YAAY,EAAE;YACxB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;AAC1D,SAAA;KACF;IAED,MAAM,cAAc,CAAC,OAAkD,EAAA;AACrE,QAAA,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;AAClB,QAAA,OAAO,CAAC,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,SAAS,EAAG,cAAc,CAAC,OAAO,CAAC,CAAC;KAC1E;AAES,IAAA,MAAM,UAAU,CACxB,MAAgB,EAChB,OAAuC,EAAA;;QAEvC,IAAI;AACF,YAAA,MAAM,MAAM,GAAG,OAAM,CAAA,EAAA,IAAC,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,SAAS,CAAC,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAE,kBAAkB,CAAC;gBAChF,MAAM;gBACN,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,IAAI,EAAE,IAAI,CAAC,iBAAiB;AAC5B,gBAAA,aAAa,EAAE,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,aAAa;AACrC,gBAAA,SAAS,EAAE,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,SAAS;AAC7B,gBAAA,MAAM,EAAE,OAAO,KAAA,IAAA,IAAP,OAAO,KAAP,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,OAAO,CAAE,MAAM;AACxB,aAAA,CAAC,CAAA,CAAC;;;AAGH,YAAA,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;AACtE,SAAA;AAAC,QAAA,OAAO,GAAQ,EAAE;YACjB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;AAC9C,SAAA;KACF;AACF;;AC9DD;AAWA,MAAMA,QAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;AAMG;MACU,2BAA2B,CAAA;AAgEtC;;;AAGG;IACH,WACE,CAAA,QAA2B,EAC3B,QAAgB,EAChB,+BAAuC,EACvC,8BAAsC,EACtC,oBAAiE,EACjE,OAAgC,EAAA;AAEhC,QAAA,aAAa,CAACA,QAAM,EAAE,QAAQ,CAAC,CAAC;QAChC,IAAI,YAAY,GAAuB,+BAA+B,CAAC;AAEvE,QAAA,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE;;AAE5C,YAAA,IAAI,CAAC,iBAAiB,GAAG,8BAA8B,CAAC;AACxD,YAAA,IAAI,CAAC,WAAW,GAAG,oBAAoB,CAAC;;AAEzC,SAAA;AAAM,aAAA;;AAEL,YAAA,IAAI,CAAC,iBAAiB,GAAG,+BAA+B,CAAC;AACzD,YAAA,IAAI,CAAC,WAAW,GAAG,8BAAwC,CAAC;YAC5D,YAAY,GAAG,SAAS,CAAC;YACzB,OAAO,GAAG,oBAA8C,CAAC;AAC1D,SAAA;QAED,IAAI,CAAC,QAAQ,GAAG,IAAI,qBAAqB,CACpC,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EAAA,OAAO,KACV,YAAY;YACZ,QAAQ;YACR,QAAQ,EACR,sBAAsB,EAAE,OAAO,IAAI,EAAE,UACrCA,QAAM,EACN,WAAW,EAAE,IAAI,CAAC,WAAW,EAC7B,iBAAiB,EAAE,IAAI,CAAC,iBAAiB,EAAA,CAAA,CACzC,CAAC;KACJ;AAED;;;;;;;AAOG;AACH,IAAA,MAAM,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE,EAAA;AACrE,QAAA,OAAO,aAAa,CAAC,QAAQ,CAC3B,CAAG,EAAA,IAAI,CAAC,WAAW,CAAC,IAAI,CAAA,SAAA,CAAW,EACnC,OAAO,EACP,OAAO,UAAU,KAAI;AACnB,YAAA,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,CAAC;AAC9D,YAAA,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EACpC,UAAU,CAAA,EAAA,EACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,IACnE,CAAC;AACL,SAAC,CACF,CAAC;KACH;AACF;;ACjJD;AAkCA;;;AAGG;AACG,MAAO,cAAe,SAAQ,QAAQ,CAAA;AAM1C,IAAA,WAAA,CAAY,OAA8B,EAAA;QACxC,KAAK,CAAC,OAAO,CAAC,CAAC;AACf,QAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;AACzD,QAAA,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;AACjC,QAAA,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;AACrD,QAAA,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;AAC/C,QAAA,IAAI,CAAC,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC;AACzD,QAAA,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;KAC1C;;IAGD,MAAM,IAAI,CAAC,OAAuC,EAAA;QAChD,IAAI,IAAI,CAAC,eAAe,EAAE;YACxB,IAAI;AACF,gBAAA,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAClC,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,EACzC,IAAI,CAAC,oBAAoB,CAC1B,CAAC;AACF,gBAAA,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,GAAG;oBACvC,UAAU,EAAE,KAAK,CAAC,UAAU;oBAC5B,UAAU,EAAE,KAAK,CAAC,mBAAmB;oBACrC,GAAG,EAAE,KAAK,CAAC,GAAG;iBACf,CAAC;AACH,aAAA;AAAC,YAAA,OAAO,KAAU,EAAE;AACnB,gBAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;AACzC,gBAAA,MAAM,KAAK,CAAC;AACb,aAAA;AACF,SAAA;AAAM,aAAA;YACL,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;AACvD,SAAA;AACD,QAAA,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;KAC5B;AAES,IAAA,MAAM,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE,EAAA;QAE3C,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAgB,CAAC,sBAAsB,CAAC;gBAChE,MAAM;gBACN,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,YAAY,EAAE,IAAI,CAAC,kBAAkB;AACtC,aAAA,CAAC,CAAC;AACH,YAAA,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;AACtE,SAAA;AAAC,QAAA,OAAO,GAAQ,EAAE;YACjB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;AAC9C,SAAA;KACF;AACF;;AC9FD;AAiBA,MAAM,cAAc,GAAG,sBAAsB,CAAC;AAC9C,MAAM,MAAM,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;AAEhD;;AAEG;MACU,oBAAoB,CAAA;AAuD/B,IAAA,WAAA,CAAoB,OAAoC,EAAA;QAApC,IAAO,CAAA,OAAA,GAAP,OAAO,CAA6B;AACtD,QAAA,MAAM,EAAE,YAAY,EAAE,GAAG,OAA4C,CAAC;AACtE,QAAA,MAAM,EAAE,eAAe,EAAE,GAAG,OAAiD,CAAC;QAC9E,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC;AAC3D,QAAA,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,IAAI,EAAE,YAAY,IAAI,eAAe,CAAC,IAAI,CAAC,kBAAkB,EAAE;AACvF,YAAA,MAAM,IAAI,KAAK,CACb,GAAG,cAAc,CAAA,uGAAA,CAAyG,CAC3H,CAAC;AACH,SAAA;AACD,QAAA,IAAI,CAAC,QAAQ,GAAG,IAAI,cAAc,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EAC7B,IAAI,CAAC,OAAO,CACf,EAAA,EAAA,MAAM,EACN,sBAAsB,EAAE,IAAI,CAAC,OAAO,IACpC,CAAC;KACJ;AAED;;;;;;AAMG;AACH,IAAA,MAAM,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE,EAAA;AACrE,QAAA,OAAO,aAAa,CAAC,QAAQ,CAAC,GAAG,cAAc,CAAA,SAAA,CAAW,EAAE,OAAO,EAAE,OAAO,UAAU,KAAI;AACxF,YAAA,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;AAC1D,SAAC,CAAC,CAAC;KACJ;AACF;;AC3GD;AAiGA;;AAEG;SACa,yBAAyB,GAAA;IACvC,OAAO,IAAI,sBAAsB,EAAE,CAAC;AACtC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}