@adammcarter/use-cases 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.agents/skills/migration/SKILL.md +85 -0
- package/.agents/skills/showcase/SKILL.md +60 -0
- package/.agents/skills/use-cases/SKILL.md +161 -0
- package/.agents/skills/walkthrough/SKILL.md +48 -0
- package/.claude-plugin/plugin.json +14 -0
- package/.codex-plugin/plugin.json +33 -0
- package/.mcp.json +8 -0
- package/.opencode/plugin/use-cases.js +32 -0
- package/CHANGELOG.md +125 -0
- package/LICENSE +21 -0
- package/README.md +112 -0
- package/bootstrap/use-cases.md +60 -0
- package/docs/README.md +51 -0
- package/docs/acceptance.md +16 -0
- package/docs/activation.md +89 -0
- package/docs/adr/0001-p0-bootstrap-decisions.md +107 -0
- package/docs/adr/0002-p1-schema-contracts.md +136 -0
- package/docs/adr/0003-p2-use-case-matrix-contracts.md +67 -0
- package/docs/adr/0004-p3-evidence-ledger-contracts.md +85 -0
- package/docs/adr/0005-p4-cli-contract.md +70 -0
- package/docs/adr/0006-trusted-user-approval-path.md +125 -0
- package/docs/cli.md +108 -0
- package/docs/data-model.md +56 -0
- package/docs/getting-started.md +296 -0
- package/docs/hosts.md +30 -0
- package/docs/markers-adoption.md +100 -0
- package/docs/mcp.md +114 -0
- package/docs/migration.md +90 -0
- package/docs/reference/error-codes.md +123 -0
- package/docs/reference/stability.md +123 -0
- package/docs/release.md +26 -0
- package/docs/security/ci-hardening.md +144 -0
- package/docs/security/key-management.md +158 -0
- package/docs/security.md +66 -0
- package/docs/showcase.md +39 -0
- package/docs/tutorials/python-pytest.md +188 -0
- package/examples/basic-product/demo-capsules/product-search.yml +23 -0
- package/examples/basic-product/evidence/by-id/ev/evidence-basic-search.jsonl +1 -0
- package/examples/basic-product/showcase-runs/run.basic.product.search/events.jsonl +4 -0
- package/examples/basic-product/use-cases/product.yml +85 -0
- package/examples/basic-product/use-cases.yml +9 -0
- package/examples/damaged-product/evidence/broken.jsonl +1 -0
- package/examples/damaged-product/use-cases/duplicate-a.yml +28 -0
- package/examples/damaged-product/use-cases/duplicate-b.yml +28 -0
- package/examples/damaged-product/use-cases/malformed.yml +14 -0
- package/examples/damaged-product/use-cases/valid-sibling.yml +28 -0
- package/examples/damaged-product/use-cases.yml +9 -0
- package/examples/host-projections/use-cases.yml +9 -0
- package/examples/python-pytest/README.md +39 -0
- package/examples/python-pytest/pytest.ini +8 -0
- package/examples/python-pytest/src/coupon.py +32 -0
- package/examples/python-pytest/tests/use_cases/example.checkout.apply_coupon_test.py +31 -0
- package/examples/python-pytest/use-cases/checkout.yml +47 -0
- package/examples/python-pytest/use-cases.yml +19 -0
- package/hooks/hooks-codex.json +16 -0
- package/hooks/hooks.json +16 -0
- package/hooks/session-start +42 -0
- package/hosts/claude.yml +29 -0
- package/hosts/codex.yml +29 -0
- package/hosts/copilot.yml +29 -0
- package/hosts/opencode.yml +29 -0
- package/package.json +81 -0
- package/packages/cli/README.md +37 -0
- package/packages/cli/dist/args/parse.d.ts +6 -0
- package/packages/cli/dist/args/parse.d.ts.map +1 -0
- package/packages/cli/dist/args/parse.js +55 -0
- package/packages/cli/dist/args/parse.js.map +1 -0
- package/packages/cli/dist/args/validate.d.ts +3 -0
- package/packages/cli/dist/args/validate.d.ts.map +1 -0
- package/packages/cli/dist/args/validate.js +80 -0
- package/packages/cli/dist/args/validate.js.map +1 -0
- package/packages/cli/dist/builtins.d.ts +2 -0
- package/packages/cli/dist/builtins.d.ts.map +1 -0
- package/packages/cli/dist/builtins.js +235 -0
- package/packages/cli/dist/builtins.js.map +1 -0
- package/packages/cli/dist/command/dispatch.d.ts +4 -0
- package/packages/cli/dist/command/dispatch.d.ts.map +1 -0
- package/packages/cli/dist/command/dispatch.js +45 -0
- package/packages/cli/dist/command/dispatch.js.map +1 -0
- package/packages/cli/dist/command/help-catalog.d.ts +13 -0
- package/packages/cli/dist/command/help-catalog.d.ts.map +1 -0
- package/packages/cli/dist/command/help-catalog.js +42 -0
- package/packages/cli/dist/command/help-catalog.js.map +1 -0
- package/packages/cli/dist/command/registry.d.ts +3 -0
- package/packages/cli/dist/command/registry.d.ts.map +1 -0
- package/packages/cli/dist/command/registry.js +33 -0
- package/packages/cli/dist/command/registry.js.map +1 -0
- package/packages/cli/dist/command/types.d.ts +32 -0
- package/packages/cli/dist/command/types.d.ts.map +1 -0
- package/packages/cli/dist/command/types.js +6 -0
- package/packages/cli/dist/command/types.js.map +1 -0
- package/packages/cli/dist/commands/capsule.d.ts +7 -0
- package/packages/cli/dist/commands/capsule.d.ts.map +1 -0
- package/packages/cli/dist/commands/capsule.js +178 -0
- package/packages/cli/dist/commands/capsule.js.map +1 -0
- package/packages/cli/dist/commands/common.d.ts +7 -0
- package/packages/cli/dist/commands/common.d.ts.map +1 -0
- package/packages/cli/dist/commands/common.js +32 -0
- package/packages/cli/dist/commands/common.js.map +1 -0
- package/packages/cli/dist/commands/doctor.d.ts +6 -0
- package/packages/cli/dist/commands/doctor.d.ts.map +1 -0
- package/packages/cli/dist/commands/doctor.js +133 -0
- package/packages/cli/dist/commands/doctor.js.map +1 -0
- package/packages/cli/dist/commands/evidence.d.ts +6 -0
- package/packages/cli/dist/commands/evidence.d.ts.map +1 -0
- package/packages/cli/dist/commands/evidence.js +191 -0
- package/packages/cli/dist/commands/evidence.js.map +1 -0
- package/packages/cli/dist/commands/host.d.ts +6 -0
- package/packages/cli/dist/commands/host.d.ts.map +1 -0
- package/packages/cli/dist/commands/host.js +180 -0
- package/packages/cli/dist/commands/host.js.map +1 -0
- package/packages/cli/dist/commands/keygen.d.ts +4 -0
- package/packages/cli/dist/commands/keygen.d.ts.map +1 -0
- package/packages/cli/dist/commands/keygen.js +132 -0
- package/packages/cli/dist/commands/keygen.js.map +1 -0
- package/packages/cli/dist/commands/markers.d.ts +8 -0
- package/packages/cli/dist/commands/markers.d.ts.map +1 -0
- package/packages/cli/dist/commands/markers.js +455 -0
- package/packages/cli/dist/commands/markers.js.map +1 -0
- package/packages/cli/dist/commands/matrix.d.ts +8 -0
- package/packages/cli/dist/commands/matrix.d.ts.map +1 -0
- package/packages/cli/dist/commands/matrix.js +237 -0
- package/packages/cli/dist/commands/matrix.js.map +1 -0
- package/packages/cli/dist/commands/migrate.d.ts +4 -0
- package/packages/cli/dist/commands/migrate.d.ts.map +1 -0
- package/packages/cli/dist/commands/migrate.js +82 -0
- package/packages/cli/dist/commands/migrate.js.map +1 -0
- package/packages/cli/dist/commands/plan.d.ts +6 -0
- package/packages/cli/dist/commands/plan.d.ts.map +1 -0
- package/packages/cli/dist/commands/plan.js +129 -0
- package/packages/cli/dist/commands/plan.js.map +1 -0
- package/packages/cli/dist/commands/recover.d.ts +4 -0
- package/packages/cli/dist/commands/recover.d.ts.map +1 -0
- package/packages/cli/dist/commands/recover.js +352 -0
- package/packages/cli/dist/commands/recover.js.map +1 -0
- package/packages/cli/dist/commands/schema.d.ts +5 -0
- package/packages/cli/dist/commands/schema.d.ts.map +1 -0
- package/packages/cli/dist/commands/schema.js +51 -0
- package/packages/cli/dist/commands/schema.js.map +1 -0
- package/packages/cli/dist/commands/showcase.d.ts +14 -0
- package/packages/cli/dist/commands/showcase.d.ts.map +1 -0
- package/packages/cli/dist/commands/showcase.js +638 -0
- package/packages/cli/dist/commands/showcase.js.map +1 -0
- package/packages/cli/dist/commands/workflow.d.ts +5 -0
- package/packages/cli/dist/commands/workflow.d.ts.map +1 -0
- package/packages/cli/dist/commands/workflow.js +107 -0
- package/packages/cli/dist/commands/workflow.js.map +1 -0
- package/packages/cli/dist/coreLoader.d.ts +6 -0
- package/packages/cli/dist/coreLoader.d.ts.map +1 -0
- package/packages/cli/dist/coreLoader.js +34 -0
- package/packages/cli/dist/coreLoader.js.map +1 -0
- package/packages/cli/dist/index.d.ts +5 -0
- package/packages/cli/dist/index.d.ts.map +1 -0
- package/packages/cli/dist/index.js +83 -0
- package/packages/cli/dist/index.js.map +1 -0
- package/packages/cli/dist/render.d.ts +2 -0
- package/packages/cli/dist/render.d.ts.map +1 -0
- package/packages/cli/dist/render.js +88 -0
- package/packages/cli/dist/render.js.map +1 -0
- package/packages/cli/dist/runtime.d.ts +25 -0
- package/packages/cli/dist/runtime.d.ts.map +1 -0
- package/packages/cli/dist/runtime.js +89 -0
- package/packages/cli/dist/runtime.js.map +1 -0
- package/packages/cli/package.json +38 -0
- package/packages/core/README.md +37 -0
- package/packages/core/dist/capsules/index.d.ts +4 -0
- package/packages/core/dist/capsules/index.d.ts.map +1 -0
- package/packages/core/dist/capsules/index.js +4 -0
- package/packages/core/dist/capsules/index.js.map +1 -0
- package/packages/core/dist/capsules/loadCapsule.d.ts +11 -0
- package/packages/core/dist/capsules/loadCapsule.d.ts.map +1 -0
- package/packages/core/dist/capsules/loadCapsule.js +167 -0
- package/packages/core/dist/capsules/loadCapsule.js.map +1 -0
- package/packages/core/dist/capsules/runCapsule.d.ts +3 -0
- package/packages/core/dist/capsules/runCapsule.d.ts.map +1 -0
- package/packages/core/dist/capsules/runCapsule.js +333 -0
- package/packages/core/dist/capsules/runCapsule.js.map +1 -0
- package/packages/core/dist/capsules/types.d.ts +106 -0
- package/packages/core/dist/capsules/types.d.ts.map +1 -0
- package/packages/core/dist/capsules/types.js +2 -0
- package/packages/core/dist/capsules/types.js.map +1 -0
- package/packages/core/dist/durableWrite.d.ts +2 -0
- package/packages/core/dist/durableWrite.d.ts.map +1 -0
- package/packages/core/dist/durableWrite.js +34 -0
- package/packages/core/dist/durableWrite.js.map +1 -0
- package/packages/core/dist/errors/registry.d.ts +122 -0
- package/packages/core/dist/errors/registry.d.ts.map +1 -0
- package/packages/core/dist/errors/registry.js +206 -0
- package/packages/core/dist/errors/registry.js.map +1 -0
- package/packages/core/dist/errors/render.d.ts +3 -0
- package/packages/core/dist/errors/render.d.ts.map +1 -0
- package/packages/core/dist/errors/render.js +64 -0
- package/packages/core/dist/errors/render.js.map +1 -0
- package/packages/core/dist/errors.d.ts +5 -0
- package/packages/core/dist/errors.d.ts.map +1 -0
- package/packages/core/dist/errors.js +9 -0
- package/packages/core/dist/errors.js.map +1 -0
- package/packages/core/dist/evidence/appendEvidenceEvent.d.ts +27 -0
- package/packages/core/dist/evidence/appendEvidenceEvent.d.ts.map +1 -0
- package/packages/core/dist/evidence/appendEvidenceEvent.js +218 -0
- package/packages/core/dist/evidence/appendEvidenceEvent.js.map +1 -0
- package/packages/core/dist/evidence/assurance.d.ts +18 -0
- package/packages/core/dist/evidence/assurance.d.ts.map +1 -0
- package/packages/core/dist/evidence/assurance.js +38 -0
- package/packages/core/dist/evidence/assurance.js.map +1 -0
- package/packages/core/dist/evidence/index.d.ts +8 -0
- package/packages/core/dist/evidence/index.d.ts.map +1 -0
- package/packages/core/dist/evidence/index.js +8 -0
- package/packages/core/dist/evidence/index.js.map +1 -0
- package/packages/core/dist/evidence/jsonlLedger.d.ts +13 -0
- package/packages/core/dist/evidence/jsonlLedger.d.ts.map +1 -0
- package/packages/core/dist/evidence/jsonlLedger.js +171 -0
- package/packages/core/dist/evidence/jsonlLedger.js.map +1 -0
- package/packages/core/dist/evidence/linkEvidence.d.ts +4 -0
- package/packages/core/dist/evidence/linkEvidence.d.ts.map +1 -0
- package/packages/core/dist/evidence/linkEvidence.js +53 -0
- package/packages/core/dist/evidence/linkEvidence.js.map +1 -0
- package/packages/core/dist/evidence/replayEvidence.d.ts +6 -0
- package/packages/core/dist/evidence/replayEvidence.d.ts.map +1 -0
- package/packages/core/dist/evidence/replayEvidence.js +216 -0
- package/packages/core/dist/evidence/replayEvidence.js.map +1 -0
- package/packages/core/dist/evidence/results.d.ts +4 -0
- package/packages/core/dist/evidence/results.d.ts.map +1 -0
- package/packages/core/dist/evidence/results.js +32 -0
- package/packages/core/dist/evidence/results.js.map +1 -0
- package/packages/core/dist/evidence/types.d.ts +149 -0
- package/packages/core/dist/evidence/types.d.ts.map +1 -0
- package/packages/core/dist/evidence/types.js +2 -0
- package/packages/core/dist/evidence/types.js.map +1 -0
- package/packages/core/dist/host-profiles/claude.yml +29 -0
- package/packages/core/dist/host-profiles/codex.yml +29 -0
- package/packages/core/dist/host-profiles/copilot.yml +29 -0
- package/packages/core/dist/host-profiles/opencode.yml +29 -0
- package/packages/core/dist/hosts/conformanceStatus.d.ts +16 -0
- package/packages/core/dist/hosts/conformanceStatus.d.ts.map +1 -0
- package/packages/core/dist/hosts/conformanceStatus.js +160 -0
- package/packages/core/dist/hosts/conformanceStatus.js.map +1 -0
- package/packages/core/dist/hosts/index.d.ts +5 -0
- package/packages/core/dist/hosts/index.d.ts.map +1 -0
- package/packages/core/dist/hosts/index.js +5 -0
- package/packages/core/dist/hosts/index.js.map +1 -0
- package/packages/core/dist/hosts/loadHostProfile.d.ts +6 -0
- package/packages/core/dist/hosts/loadHostProfile.d.ts.map +1 -0
- package/packages/core/dist/hosts/loadHostProfile.js +41 -0
- package/packages/core/dist/hosts/loadHostProfile.js.map +1 -0
- package/packages/core/dist/hosts/projectHostFiles.d.ts +16 -0
- package/packages/core/dist/hosts/projectHostFiles.d.ts.map +1 -0
- package/packages/core/dist/hosts/projectHostFiles.js +272 -0
- package/packages/core/dist/hosts/projectHostFiles.js.map +1 -0
- package/packages/core/dist/hosts/types.d.ts +122 -0
- package/packages/core/dist/hosts/types.d.ts.map +1 -0
- package/packages/core/dist/hosts/types.js +2 -0
- package/packages/core/dist/hosts/types.js.map +1 -0
- package/packages/core/dist/index.d.ts +26 -0
- package/packages/core/dist/index.d.ts.map +1 -0
- package/packages/core/dist/index.js +31 -0
- package/packages/core/dist/index.js.map +1 -0
- package/packages/core/dist/init/index.d.ts +2 -0
- package/packages/core/dist/init/index.d.ts.map +1 -0
- package/packages/core/dist/init/index.js +3 -0
- package/packages/core/dist/init/index.js.map +1 -0
- package/packages/core/dist/init/scaffold.d.ts +28 -0
- package/packages/core/dist/init/scaffold.d.ts.map +1 -0
- package/packages/core/dist/init/scaffold.js +293 -0
- package/packages/core/dist/init/scaffold.js.map +1 -0
- package/packages/core/dist/markers/appendOnly.d.ts +23 -0
- package/packages/core/dist/markers/appendOnly.d.ts.map +1 -0
- package/packages/core/dist/markers/appendOnly.js +75 -0
- package/packages/core/dist/markers/appendOnly.js.map +1 -0
- package/packages/core/dist/markers/bindingSetHash.d.ts +28 -0
- package/packages/core/dist/markers/bindingSetHash.d.ts.map +1 -0
- package/packages/core/dist/markers/bindingSetHash.js +33 -0
- package/packages/core/dist/markers/bindingSetHash.js.map +1 -0
- package/packages/core/dist/markers/canonicalJson.d.ts +4 -0
- package/packages/core/dist/markers/canonicalJson.d.ts.map +1 -0
- package/packages/core/dist/markers/canonicalJson.js +51 -0
- package/packages/core/dist/markers/canonicalJson.js.map +1 -0
- package/packages/core/dist/markers/ciAuthority.d.ts +17 -0
- package/packages/core/dist/markers/ciAuthority.d.ts.map +1 -0
- package/packages/core/dist/markers/ciAuthority.js +131 -0
- package/packages/core/dist/markers/ciAuthority.js.map +1 -0
- package/packages/core/dist/markers/cli/bind.d.ts +48 -0
- package/packages/core/dist/markers/cli/bind.d.ts.map +1 -0
- package/packages/core/dist/markers/cli/bind.js +198 -0
- package/packages/core/dist/markers/cli/bind.js.map +1 -0
- package/packages/core/dist/markers/cli/index.d.ts +9 -0
- package/packages/core/dist/markers/cli/index.d.ts.map +1 -0
- package/packages/core/dist/markers/cli/index.js +15 -0
- package/packages/core/dist/markers/cli/index.js.map +1 -0
- package/packages/core/dist/markers/cli/io.d.ts +18 -0
- package/packages/core/dist/markers/cli/io.d.ts.map +1 -0
- package/packages/core/dist/markers/cli/io.js +62 -0
- package/packages/core/dist/markers/cli/io.js.map +1 -0
- package/packages/core/dist/markers/cli/precommit.d.ts +32 -0
- package/packages/core/dist/markers/cli/precommit.d.ts.map +1 -0
- package/packages/core/dist/markers/cli/precommit.js +174 -0
- package/packages/core/dist/markers/cli/precommit.js.map +1 -0
- package/packages/core/dist/markers/cli/prove.d.ts +69 -0
- package/packages/core/dist/markers/cli/prove.d.ts.map +1 -0
- package/packages/core/dist/markers/cli/prove.js +381 -0
- package/packages/core/dist/markers/cli/prove.js.map +1 -0
- package/packages/core/dist/markers/cli/scan.d.ts +63 -0
- package/packages/core/dist/markers/cli/scan.d.ts.map +1 -0
- package/packages/core/dist/markers/cli/scan.js +233 -0
- package/packages/core/dist/markers/cli/scan.js.map +1 -0
- package/packages/core/dist/markers/cli/shared.d.ts +25 -0
- package/packages/core/dist/markers/cli/shared.d.ts.map +1 -0
- package/packages/core/dist/markers/cli/shared.js +123 -0
- package/packages/core/dist/markers/cli/shared.js.map +1 -0
- package/packages/core/dist/markers/cli/validateLedger.d.ts +38 -0
- package/packages/core/dist/markers/cli/validateLedger.d.ts.map +1 -0
- package/packages/core/dist/markers/cli/validateLedger.js +81 -0
- package/packages/core/dist/markers/cli/validateLedger.js.map +1 -0
- package/packages/core/dist/markers/cli/verify.d.ts +65 -0
- package/packages/core/dist/markers/cli/verify.d.ts.map +1 -0
- package/packages/core/dist/markers/cli/verify.js +245 -0
- package/packages/core/dist/markers/cli/verify.js.map +1 -0
- package/packages/core/dist/markers/commentPrefix.d.ts +7 -0
- package/packages/core/dist/markers/commentPrefix.d.ts.map +1 -0
- package/packages/core/dist/markers/commentPrefix.js +79 -0
- package/packages/core/dist/markers/commentPrefix.js.map +1 -0
- package/packages/core/dist/markers/constants.d.ts +10 -0
- package/packages/core/dist/markers/constants.d.ts.map +1 -0
- package/packages/core/dist/markers/constants.js +13 -0
- package/packages/core/dist/markers/constants.js.map +1 -0
- package/packages/core/dist/markers/evidenceLedger.d.ts +150 -0
- package/packages/core/dist/markers/evidenceLedger.d.ts.map +1 -0
- package/packages/core/dist/markers/evidenceLedger.js +391 -0
- package/packages/core/dist/markers/evidenceLedger.js.map +1 -0
- package/packages/core/dist/markers/freshness.d.ts +125 -0
- package/packages/core/dist/markers/freshness.d.ts.map +1 -0
- package/packages/core/dist/markers/freshness.js +605 -0
- package/packages/core/dist/markers/freshness.js.map +1 -0
- package/packages/core/dist/markers/index.d.ts +26 -0
- package/packages/core/dist/markers/index.d.ts.map +1 -0
- package/packages/core/dist/markers/index.js +38 -0
- package/packages/core/dist/markers/index.js.map +1 -0
- package/packages/core/dist/markers/keygen.d.ts +6 -0
- package/packages/core/dist/markers/keygen.d.ts.map +1 -0
- package/packages/core/dist/markers/keygen.js +18 -0
- package/packages/core/dist/markers/keygen.js.map +1 -0
- package/packages/core/dist/markers/keyring.d.ts +23 -0
- package/packages/core/dist/markers/keyring.d.ts.map +1 -0
- package/packages/core/dist/markers/keyring.js +93 -0
- package/packages/core/dist/markers/keyring.js.map +1 -0
- package/packages/core/dist/markers/markerLine.d.ts +35 -0
- package/packages/core/dist/markers/markerLine.d.ts.map +1 -0
- package/packages/core/dist/markers/markerLine.js +125 -0
- package/packages/core/dist/markers/markerLine.js.map +1 -0
- package/packages/core/dist/markers/physicalLines.d.ts +10 -0
- package/packages/core/dist/markers/physicalLines.d.ts.map +1 -0
- package/packages/core/dist/markers/physicalLines.js +48 -0
- package/packages/core/dist/markers/physicalLines.js.map +1 -0
- package/packages/core/dist/markers/policyHash.d.ts +4 -0
- package/packages/core/dist/markers/policyHash.d.ts.map +1 -0
- package/packages/core/dist/markers/policyHash.js +14 -0
- package/packages/core/dist/markers/policyHash.js.map +1 -0
- package/packages/core/dist/markers/proofSignature.d.ts +29 -0
- package/packages/core/dist/markers/proofSignature.d.ts.map +1 -0
- package/packages/core/dist/markers/proofSignature.js +106 -0
- package/packages/core/dist/markers/proofSignature.js.map +1 -0
- package/packages/core/dist/markers/reconcile.d.ts +26 -0
- package/packages/core/dist/markers/reconcile.d.ts.map +1 -0
- package/packages/core/dist/markers/reconcile.js +52 -0
- package/packages/core/dist/markers/reconcile.js.map +1 -0
- package/packages/core/dist/markers/registry.d.ts +53 -0
- package/packages/core/dist/markers/registry.d.ts.map +1 -0
- package/packages/core/dist/markers/registry.js +161 -0
- package/packages/core/dist/markers/registry.js.map +1 -0
- package/packages/core/dist/markers/rowHash.d.ts +2 -0
- package/packages/core/dist/markers/rowHash.d.ts.map +1 -0
- package/packages/core/dist/markers/rowHash.js +10 -0
- package/packages/core/dist/markers/rowHash.js.map +1 -0
- package/packages/core/dist/markers/scanner.d.ts +67 -0
- package/packages/core/dist/markers/scanner.d.ts.map +1 -0
- package/packages/core/dist/markers/scanner.js +292 -0
- package/packages/core/dist/markers/scanner.js.map +1 -0
- package/packages/core/dist/markers/schemas/binding-registry-event.schema.json +41 -0
- package/packages/core/dist/markers/schemas/freshness-status.schema.json +134 -0
- package/packages/core/dist/markers/schemas/proof-event.schema.json +170 -0
- package/packages/core/dist/markers/spanCanon.d.ts +4 -0
- package/packages/core/dist/markers/spanCanon.d.ts.map +1 -0
- package/packages/core/dist/markers/spanCanon.js +42 -0
- package/packages/core/dist/markers/spanCanon.js.map +1 -0
- package/packages/core/dist/markers/swiftFuncRecognizer.d.ts +36 -0
- package/packages/core/dist/markers/swiftFuncRecognizer.d.ts.map +1 -0
- package/packages/core/dist/markers/swiftFuncRecognizer.js +638 -0
- package/packages/core/dist/markers/swiftFuncRecognizer.js.map +1 -0
- package/packages/core/dist/markers/validators.d.ts +13 -0
- package/packages/core/dist/markers/validators.d.ts.map +1 -0
- package/packages/core/dist/markers/validators.js +64 -0
- package/packages/core/dist/markers/validators.js.map +1 -0
- package/packages/core/dist/markers/verificationContextHash.d.ts +23 -0
- package/packages/core/dist/markers/verificationContextHash.d.ts.map +1 -0
- package/packages/core/dist/markers/verificationContextHash.js +96 -0
- package/packages/core/dist/markers/verificationContextHash.js.map +1 -0
- package/packages/core/dist/markers/verifierPresets.d.ts +18 -0
- package/packages/core/dist/markers/verifierPresets.d.ts.map +1 -0
- package/packages/core/dist/markers/verifierPresets.js +71 -0
- package/packages/core/dist/markers/verifierPresets.js.map +1 -0
- package/packages/core/dist/markers/verifierResolver.d.ts +27 -0
- package/packages/core/dist/markers/verifierResolver.d.ts.map +1 -0
- package/packages/core/dist/markers/verifierResolver.js +151 -0
- package/packages/core/dist/markers/verifierResolver.js.map +1 -0
- package/packages/core/dist/migration/index.d.ts +2 -0
- package/packages/core/dist/migration/index.d.ts.map +1 -0
- package/packages/core/dist/migration/index.js +2 -0
- package/packages/core/dist/migration/index.js.map +1 -0
- package/packages/core/dist/migration/testMatrix.d.ts +42 -0
- package/packages/core/dist/migration/testMatrix.d.ts.map +1 -0
- package/packages/core/dist/migration/testMatrix.js +351 -0
- package/packages/core/dist/migration/testMatrix.js.map +1 -0
- package/packages/core/dist/package/index.d.ts +2 -0
- package/packages/core/dist/package/index.d.ts.map +1 -0
- package/packages/core/dist/package/index.js +2 -0
- package/packages/core/dist/package/index.js.map +1 -0
- package/packages/core/dist/package/inspectPackage.d.ts +67 -0
- package/packages/core/dist/package/inspectPackage.d.ts.map +1 -0
- package/packages/core/dist/package/inspectPackage.js +371 -0
- package/packages/core/dist/package/inspectPackage.js.map +1 -0
- package/packages/core/dist/presentation/candidates.d.ts +13 -0
- package/packages/core/dist/presentation/candidates.d.ts.map +1 -0
- package/packages/core/dist/presentation/candidates.js +86 -0
- package/packages/core/dist/presentation/candidates.js.map +1 -0
- package/packages/core/dist/presentation/index.d.ts +8 -0
- package/packages/core/dist/presentation/index.d.ts.map +1 -0
- package/packages/core/dist/presentation/index.js +8 -0
- package/packages/core/dist/presentation/index.js.map +1 -0
- package/packages/core/dist/presentation/items.d.ts +18 -0
- package/packages/core/dist/presentation/items.d.ts.map +1 -0
- package/packages/core/dist/presentation/items.js +228 -0
- package/packages/core/dist/presentation/items.js.map +1 -0
- package/packages/core/dist/presentation/ordering.d.ts +8 -0
- package/packages/core/dist/presentation/ordering.d.ts.map +1 -0
- package/packages/core/dist/presentation/ordering.js +31 -0
- package/packages/core/dist/presentation/ordering.js.map +1 -0
- package/packages/core/dist/presentation/planHelpers.d.ts +26 -0
- package/packages/core/dist/presentation/planHelpers.d.ts.map +1 -0
- package/packages/core/dist/presentation/planHelpers.js +62 -0
- package/packages/core/dist/presentation/planHelpers.js.map +1 -0
- package/packages/core/dist/presentation/presentationFormat.d.ts +39 -0
- package/packages/core/dist/presentation/presentationFormat.d.ts.map +1 -0
- package/packages/core/dist/presentation/presentationFormat.js +58 -0
- package/packages/core/dist/presentation/presentationFormat.js.map +1 -0
- package/packages/core/dist/presentation/renderCard.d.ts +37 -0
- package/packages/core/dist/presentation/renderCard.d.ts.map +1 -0
- package/packages/core/dist/presentation/renderCard.js +129 -0
- package/packages/core/dist/presentation/renderCard.js.map +1 -0
- package/packages/core/dist/presentation/scoring.d.ts +10 -0
- package/packages/core/dist/presentation/scoring.d.ts.map +1 -0
- package/packages/core/dist/presentation/scoring.js +82 -0
- package/packages/core/dist/presentation/scoring.js.map +1 -0
- package/packages/core/dist/presentation/selectPlan.d.ts +4 -0
- package/packages/core/dist/presentation/selectPlan.d.ts.map +1 -0
- package/packages/core/dist/presentation/selectPlan.js +122 -0
- package/packages/core/dist/presentation/selectPlan.js.map +1 -0
- package/packages/core/dist/presentation/selectShowcasePlan.d.ts +3 -0
- package/packages/core/dist/presentation/selectShowcasePlan.d.ts.map +1 -0
- package/packages/core/dist/presentation/selectShowcasePlan.js +6 -0
- package/packages/core/dist/presentation/selectShowcasePlan.js.map +1 -0
- package/packages/core/dist/presentation/selectWalkthroughPlan.d.ts +3 -0
- package/packages/core/dist/presentation/selectWalkthroughPlan.d.ts.map +1 -0
- package/packages/core/dist/presentation/selectWalkthroughPlan.js +6 -0
- package/packages/core/dist/presentation/selectWalkthroughPlan.js.map +1 -0
- package/packages/core/dist/presentation/selection.d.ts +7 -0
- package/packages/core/dist/presentation/selection.d.ts.map +1 -0
- package/packages/core/dist/presentation/selection.js +20 -0
- package/packages/core/dist/presentation/selection.js.map +1 -0
- package/packages/core/dist/presentation/snapshot.d.ts +12 -0
- package/packages/core/dist/presentation/snapshot.d.ts.map +1 -0
- package/packages/core/dist/presentation/snapshot.js +53 -0
- package/packages/core/dist/presentation/snapshot.js.map +1 -0
- package/packages/core/dist/presentation/types.d.ts +172 -0
- package/packages/core/dist/presentation/types.d.ts.map +1 -0
- package/packages/core/dist/presentation/types.js +2 -0
- package/packages/core/dist/presentation/types.js.map +1 -0
- package/packages/core/dist/redact.d.ts +11 -0
- package/packages/core/dist/redact.d.ts.map +1 -0
- package/packages/core/dist/redact.js +17 -0
- package/packages/core/dist/redact.js.map +1 -0
- package/packages/core/dist/roots.d.ts +81 -0
- package/packages/core/dist/roots.d.ts.map +1 -0
- package/packages/core/dist/roots.js +220 -0
- package/packages/core/dist/roots.js.map +1 -0
- package/packages/core/dist/schema/cliResult.d.ts +34 -0
- package/packages/core/dist/schema/cliResult.d.ts.map +1 -0
- package/packages/core/dist/schema/cliResult.js +35 -0
- package/packages/core/dist/schema/cliResult.js.map +1 -0
- package/packages/core/dist/schema/diagnostic.d.ts +26 -0
- package/packages/core/dist/schema/diagnostic.d.ts.map +1 -0
- package/packages/core/dist/schema/diagnostic.js +28 -0
- package/packages/core/dist/schema/diagnostic.js.map +1 -0
- package/packages/core/dist/schema/index.d.ts +8 -0
- package/packages/core/dist/schema/index.d.ts.map +1 -0
- package/packages/core/dist/schema/index.js +9 -0
- package/packages/core/dist/schema/index.js.map +1 -0
- package/packages/core/dist/schema/registry.d.ts +15 -0
- package/packages/core/dist/schema/registry.d.ts.map +1 -0
- package/packages/core/dist/schema/registry.js +206 -0
- package/packages/core/dist/schema/registry.js.map +1 -0
- package/packages/core/dist/schema/syntheticContracts.d.ts +3 -0
- package/packages/core/dist/schema/syntheticContracts.d.ts.map +1 -0
- package/packages/core/dist/schema/syntheticContracts.js +342 -0
- package/packages/core/dist/schema/syntheticContracts.js.map +1 -0
- package/packages/core/dist/schema/validate.d.ts +21 -0
- package/packages/core/dist/schema/validate.d.ts.map +1 -0
- package/packages/core/dist/schema/validate.js +210 -0
- package/packages/core/dist/schema/validate.js.map +1 -0
- package/packages/core/dist/schemas/v1/authority.schema.json +70 -0
- package/packages/core/dist/schemas/v1/cli-result.schema.json +30 -0
- package/packages/core/dist/schemas/v1/common.schema.json +274 -0
- package/packages/core/dist/schemas/v1/demo-capsule.schema.json +78 -0
- package/packages/core/dist/schemas/v1/evidence-append-result.schema.json +14 -0
- package/packages/core/dist/schemas/v1/evidence-event.schema.json +181 -0
- package/packages/core/dist/schemas/v1/evidence-status-result.schema.json +68 -0
- package/packages/core/dist/schemas/v1/host-profile.schema.json +94 -0
- package/packages/core/dist/schemas/v1/host-status-result.schema.json +49 -0
- package/packages/core/dist/schemas/v1/keyring.schema.json +77 -0
- package/packages/core/dist/schemas/v1/ledger.schema.json +99 -0
- package/packages/core/dist/schemas/v1/marker.schema.json +84 -0
- package/packages/core/dist/schemas/v1/matrix-list-result.schema.json +67 -0
- package/packages/core/dist/schemas/v1/matrix-mutation-result.schema.json +49 -0
- package/packages/core/dist/schemas/v1/matrix-validation-result.schema.json +77 -0
- package/packages/core/dist/schemas/v1/mcp-tool-results.schema.json +34 -0
- package/packages/core/dist/schemas/v1/migration-test-matrix-result.schema.json +76 -0
- package/packages/core/dist/schemas/v1/presentation-plan-result.schema.json +62 -0
- package/packages/core/dist/schemas/v1/presentation-plan.schema.json +259 -0
- package/packages/core/dist/schemas/v1/release-gate-result.schema.json +136 -0
- package/packages/core/dist/schemas/v1/showcase-approval-result.schema.json +5 -0
- package/packages/core/dist/schemas/v1/showcase-event-append-result.schema.json +17 -0
- package/packages/core/dist/schemas/v1/showcase-event.schema.json +235 -0
- package/packages/core/dist/schemas/v1/showcase-finish-result.schema.json +5 -0
- package/packages/core/dist/schemas/v1/showcase-run-status-result.schema.json +70 -0
- package/packages/core/dist/schemas/v1/showcase-start-result.schema.json +5 -0
- package/packages/core/dist/schemas/v1/use-case-file.schema.json +178 -0
- package/packages/core/dist/schemas/v1/workflow-mode.schema.json +16 -0
- package/packages/core/dist/schemas/v1/workspace-config.schema.json +58 -0
- package/packages/core/dist/showcase/appendShowcaseEvent.d.ts +116 -0
- package/packages/core/dist/showcase/appendShowcaseEvent.d.ts.map +1 -0
- package/packages/core/dist/showcase/appendShowcaseEvent.js +353 -0
- package/packages/core/dist/showcase/appendShowcaseEvent.js.map +1 -0
- package/packages/core/dist/showcase/approval.d.ts +2 -0
- package/packages/core/dist/showcase/approval.d.ts.map +1 -0
- package/packages/core/dist/showcase/approval.js +2 -0
- package/packages/core/dist/showcase/approval.js.map +1 -0
- package/packages/core/dist/showcase/approvalAuthority.d.ts +19 -0
- package/packages/core/dist/showcase/approvalAuthority.d.ts.map +1 -0
- package/packages/core/dist/showcase/approvalAuthority.js +46 -0
- package/packages/core/dist/showcase/approvalAuthority.js.map +1 -0
- package/packages/core/dist/showcase/index.d.ts +11 -0
- package/packages/core/dist/showcase/index.d.ts.map +1 -0
- package/packages/core/dist/showcase/index.js +11 -0
- package/packages/core/dist/showcase/index.js.map +1 -0
- package/packages/core/dist/showcase/jsonlLedger.d.ts +11 -0
- package/packages/core/dist/showcase/jsonlLedger.d.ts.map +1 -0
- package/packages/core/dist/showcase/jsonlLedger.js +50 -0
- package/packages/core/dist/showcase/jsonlLedger.js.map +1 -0
- package/packages/core/dist/showcase/planBinding.d.ts +5 -0
- package/packages/core/dist/showcase/planBinding.d.ts.map +1 -0
- package/packages/core/dist/showcase/planBinding.js +33 -0
- package/packages/core/dist/showcase/planBinding.js.map +1 -0
- package/packages/core/dist/showcase/replayRun.d.ts +5 -0
- package/packages/core/dist/showcase/replayRun.d.ts.map +1 -0
- package/packages/core/dist/showcase/replayRun.js +199 -0
- package/packages/core/dist/showcase/replayRun.js.map +1 -0
- package/packages/core/dist/showcase/results.d.ts +3 -0
- package/packages/core/dist/showcase/results.d.ts.map +1 -0
- package/packages/core/dist/showcase/results.js +4 -0
- package/packages/core/dist/showcase/results.js.map +1 -0
- package/packages/core/dist/showcase/revisionEpochs.d.ts +2 -0
- package/packages/core/dist/showcase/revisionEpochs.d.ts.map +1 -0
- package/packages/core/dist/showcase/revisionEpochs.js +2 -0
- package/packages/core/dist/showcase/revisionEpochs.js.map +1 -0
- package/packages/core/dist/showcase/startRun.d.ts +2 -0
- package/packages/core/dist/showcase/startRun.d.ts.map +1 -0
- package/packages/core/dist/showcase/startRun.js +2 -0
- package/packages/core/dist/showcase/startRun.js.map +1 -0
- package/packages/core/dist/showcase/types.d.ts +66 -0
- package/packages/core/dist/showcase/types.d.ts.map +1 -0
- package/packages/core/dist/showcase/types.js +2 -0
- package/packages/core/dist/showcase/types.js.map +1 -0
- package/packages/core/dist/skills/canonicalSkills.d.ts +3 -0
- package/packages/core/dist/skills/canonicalSkills.d.ts.map +1 -0
- package/packages/core/dist/skills/canonicalSkills.js +7 -0
- package/packages/core/dist/skills/canonicalSkills.js.map +1 -0
- package/packages/core/dist/skills/index.d.ts +4 -0
- package/packages/core/dist/skills/index.d.ts.map +1 -0
- package/packages/core/dist/skills/index.js +4 -0
- package/packages/core/dist/skills/index.js.map +1 -0
- package/packages/core/dist/skills/types.d.ts +26 -0
- package/packages/core/dist/skills/types.d.ts.map +1 -0
- package/packages/core/dist/skills/types.js +2 -0
- package/packages/core/dist/skills/types.js.map +1 -0
- package/packages/core/dist/skills/validateSkillAssets.d.ts +6 -0
- package/packages/core/dist/skills/validateSkillAssets.d.ts.map +1 -0
- package/packages/core/dist/skills/validateSkillAssets.js +218 -0
- package/packages/core/dist/skills/validateSkillAssets.js.map +1 -0
- package/packages/core/dist/useCases/integrity.d.ts +11 -0
- package/packages/core/dist/useCases/integrity.d.ts.map +1 -0
- package/packages/core/dist/useCases/integrity.js +178 -0
- package/packages/core/dist/useCases/integrity.js.map +1 -0
- package/packages/core/dist/useCases/loadUseCaseMatrix.d.ts +7 -0
- package/packages/core/dist/useCases/loadUseCaseMatrix.d.ts.map +1 -0
- package/packages/core/dist/useCases/loadUseCaseMatrix.js +74 -0
- package/packages/core/dist/useCases/loadUseCaseMatrix.js.map +1 -0
- package/packages/core/dist/useCases/mutateUseCaseMatrix.d.ts +25 -0
- package/packages/core/dist/useCases/mutateUseCaseMatrix.d.ts.map +1 -0
- package/packages/core/dist/useCases/mutateUseCaseMatrix.js +198 -0
- package/packages/core/dist/useCases/mutateUseCaseMatrix.js.map +1 -0
- package/packages/core/dist/useCases/query.d.ts +12 -0
- package/packages/core/dist/useCases/query.d.ts.map +1 -0
- package/packages/core/dist/useCases/query.js +47 -0
- package/packages/core/dist/useCases/query.js.map +1 -0
- package/packages/core/dist/useCases/types.d.ts +149 -0
- package/packages/core/dist/useCases/types.d.ts.map +1 -0
- package/packages/core/dist/useCases/types.js +2 -0
- package/packages/core/dist/useCases/types.js.map +1 -0
- package/packages/core/dist/useCases/validateUseCaseFile.d.ts +9 -0
- package/packages/core/dist/useCases/validateUseCaseFile.d.ts.map +1 -0
- package/packages/core/dist/useCases/validateUseCaseFile.js +107 -0
- package/packages/core/dist/useCases/validateUseCaseFile.js.map +1 -0
- package/packages/core/dist/version.d.ts +9 -0
- package/packages/core/dist/version.d.ts.map +1 -0
- package/packages/core/dist/version.js +17 -0
- package/packages/core/dist/version.js.map +1 -0
- package/packages/core/package.json +39 -0
- package/packages/mcp/README.md +48 -0
- package/packages/mcp/dist/index.d.ts +20 -0
- package/packages/mcp/dist/index.d.ts.map +1 -0
- package/packages/mcp/dist/index.js +180 -0
- package/packages/mcp/dist/index.js.map +1 -0
- package/packages/mcp/dist/prompts.d.ts +32 -0
- package/packages/mcp/dist/prompts.d.ts.map +1 -0
- package/packages/mcp/dist/prompts.js +199 -0
- package/packages/mcp/dist/prompts.js.map +1 -0
- package/packages/mcp/dist/resources.d.ts +22 -0
- package/packages/mcp/dist/resources.d.ts.map +1 -0
- package/packages/mcp/dist/resources.js +342 -0
- package/packages/mcp/dist/resources.js.map +1 -0
- package/packages/mcp/dist/toolHandlers.d.ts +28 -0
- package/packages/mcp/dist/toolHandlers.d.ts.map +1 -0
- package/packages/mcp/dist/toolHandlers.js +592 -0
- package/packages/mcp/dist/toolHandlers.js.map +1 -0
- package/packages/mcp/dist/toolSchemas.d.ts +23 -0
- package/packages/mcp/dist/toolSchemas.d.ts.map +1 -0
- package/packages/mcp/dist/toolSchemas.js +223 -0
- package/packages/mcp/dist/toolSchemas.js.map +1 -0
- package/packages/mcp/dist/tools.d.ts +22 -0
- package/packages/mcp/dist/tools.d.ts.map +1 -0
- package/packages/mcp/dist/tools.js +65 -0
- package/packages/mcp/dist/tools.js.map +1 -0
- package/packages/mcp/package.json +38 -0
- package/plugin.json +6 -0
- package/schemas/v1/authority.schema.json +70 -0
- package/schemas/v1/cli-result.schema.json +30 -0
- package/schemas/v1/common.schema.json +274 -0
- package/schemas/v1/demo-capsule.schema.json +78 -0
- package/schemas/v1/evidence-append-result.schema.json +14 -0
- package/schemas/v1/evidence-event.schema.json +181 -0
- package/schemas/v1/evidence-status-result.schema.json +68 -0
- package/schemas/v1/host-profile.schema.json +94 -0
- package/schemas/v1/host-status-result.schema.json +49 -0
- package/schemas/v1/keyring.schema.json +77 -0
- package/schemas/v1/ledger.schema.json +99 -0
- package/schemas/v1/marker.schema.json +84 -0
- package/schemas/v1/matrix-list-result.schema.json +67 -0
- package/schemas/v1/matrix-mutation-result.schema.json +49 -0
- package/schemas/v1/matrix-validation-result.schema.json +77 -0
- package/schemas/v1/mcp-tool-results.schema.json +34 -0
- package/schemas/v1/migration-test-matrix-result.schema.json +76 -0
- package/schemas/v1/presentation-plan-result.schema.json +62 -0
- package/schemas/v1/presentation-plan.schema.json +259 -0
- package/schemas/v1/release-gate-result.schema.json +136 -0
- package/schemas/v1/showcase-approval-result.schema.json +5 -0
- package/schemas/v1/showcase-event-append-result.schema.json +17 -0
- package/schemas/v1/showcase-event.schema.json +235 -0
- package/schemas/v1/showcase-finish-result.schema.json +5 -0
- package/schemas/v1/showcase-run-status-result.schema.json +70 -0
- package/schemas/v1/showcase-start-result.schema.json +5 -0
- package/schemas/v1/use-case-file.schema.json +178 -0
- package/schemas/v1/workflow-mode.schema.json +16 -0
- package/schemas/v1/workspace-config.schema.json +58 -0
- package/use-cases/capsule/demos.yml +212 -0
- package/use-cases/capsule/runner.yml +49 -0
- package/use-cases/diagnostics/contracts.yml +239 -0
- package/use-cases/evidence/core.yml +32 -0
- package/use-cases/evidence/ledger.yml +330 -0
- package/use-cases/hosts/profiles.yml +365 -0
- package/use-cases/hosts/projections.yml +96 -0
- package/use-cases/lifecycle/loop.yml +229 -0
- package/use-cases/matrix/core.yml +92 -0
- package/use-cases/matrix/product.yml +289 -0
- package/use-cases/mcp/surface.yml +257 -0
- package/use-cases/mcp/wrapper.yml +100 -0
- package/use-cases/migration/importer.yml +171 -0
- package/use-cases/migration/test-matrix.yml +32 -0
- package/use-cases/planning/cards.yml +215 -0
- package/use-cases/release/package.yml +80 -0
- package/use-cases/release/proof.yml +180 -0
- package/use-cases/roadmap/deferred.yml +184 -0
- package/use-cases/showcase/flow.yml +269 -0
- package/use-cases/showcase/live.yml +44 -0
- package/use-cases/skills/assets.yml +92 -0
- package/use-cases.yml +9 -0
|
@@ -0,0 +1,391 @@
|
|
|
1
|
+
// Evidence ledger validation (spec section 5; Phase 5).
|
|
2
|
+
//
|
|
3
|
+
// The evidence ledger (`.use-cases/proofs.jsonl`) is an append-only log of
|
|
4
|
+
// signed, trusted-CI proof events (spec 5.1, amendment 3). This module turns the
|
|
5
|
+
// JSONL text into validated proof events and reports precise error codes for
|
|
6
|
+
// every way the ledger can be invalid:
|
|
7
|
+
// - JSONL parse errors (with 1-based line numbers)
|
|
8
|
+
// - proof-event schema failures (reuses the Phase 1 validator)
|
|
9
|
+
// - producer / verification-result policy violations (spec 5.3 rules 4/5)
|
|
10
|
+
// - signature failures (unsigned / unknown key / bad signature; spec 5.3)
|
|
11
|
+
// - internal binding_set_hash inconsistency (spec 5.4 -> INVALID)
|
|
12
|
+
// - non-append-only edits/deletes relative to a base ref (reuses Phase 3)
|
|
13
|
+
//
|
|
14
|
+
// Deliberately NOT done here (spec 5.4): comparing an event's embedded
|
|
15
|
+
// span_sha256 to the CURRENT scanned code. That drift is SUSPECT, not INVALID,
|
|
16
|
+
// and belongs to the Phase 6 freshness machine — never to validate-ledger.
|
|
17
|
+
//
|
|
18
|
+
// The core `validateEvidenceLedger` is pure (text in, result out). The only
|
|
19
|
+
// impure helper is a thin git base-ref read that reuses Phase 3's `readBaseRefFile`.
|
|
20
|
+
import { computeBindingSetHash } from "./bindingSetHash.js";
|
|
21
|
+
import { canonicalJsonSha256 } from "./canonicalJson.js";
|
|
22
|
+
import { validateProofEvent } from "./validators.js";
|
|
23
|
+
import { appendOnly, splitJsonlLines, readBaseRefFile } from "./appendOnly.js";
|
|
24
|
+
import { verifyEvent } from "./proofSignature.js";
|
|
25
|
+
// Genesis sentinel for `previous_entry_hash` on the first ledger entry. It is a
|
|
26
|
+
// well-formed "sha256:<hex>" string (64 zeros) so it satisfies the proof-event
|
|
27
|
+
// schema's hash pattern while being unmistakably the chain's root.
|
|
28
|
+
export const GENESIS_ENTRY_HASH = `sha256:${"0".repeat(64)}`;
|
|
29
|
+
// The canonical entry hash for the tamper-evident chain: sha256(canonicalJson)
|
|
30
|
+
// over the FULL signed proof event (signature and chain fields included). The
|
|
31
|
+
// next entry embeds this as its `previous_entry_hash`, so any edit to a prior
|
|
32
|
+
// entry — including its signature — invalidates every following link.
|
|
33
|
+
export function computeLedgerEntryHash(entry) {
|
|
34
|
+
return canonicalJsonSha256(entry);
|
|
35
|
+
}
|
|
36
|
+
// --- tamper-evident hash chain verification (v1) -----------------------------
|
|
37
|
+
//
|
|
38
|
+
// Stable `UCM_*` diagnostic codes for the chain tamper classes. These are
|
|
39
|
+
// declared as plain string literals here (not imported from the error registry)
|
|
40
|
+
// so evidenceLedger has NO dependency on the registry — the registry already
|
|
41
|
+
// imports `EvidenceErrorCode` from this module, and a back-import would be a
|
|
42
|
+
// cycle. The same literals are registered in `errors/registry.ts`.
|
|
43
|
+
export const LedgerChainErrorCode = Object.freeze({
|
|
44
|
+
CHAIN_BROKEN: "UCM_LEDGER_CHAIN_BROKEN",
|
|
45
|
+
INDEX_GAP: "UCM_LEDGER_INDEX_GAP",
|
|
46
|
+
DUPLICATE_INDEX: "UCM_LEDGER_DUPLICATE_INDEX"
|
|
47
|
+
});
|
|
48
|
+
// Does this parsed entry carry the (optional) tamper-evident chain fields? An
|
|
49
|
+
// entry "carries the chain" if EITHER field is present; a legacy entry has
|
|
50
|
+
// neither. A half-present entry counts as chained and is reported as broken.
|
|
51
|
+
function carriesChainFields(value) {
|
|
52
|
+
if (typeof value !== "object" || value === null) {
|
|
53
|
+
return false;
|
|
54
|
+
}
|
|
55
|
+
const record = value;
|
|
56
|
+
return record.entry_index !== undefined || record.previous_entry_hash !== undefined;
|
|
57
|
+
}
|
|
58
|
+
function readEntryIndex(value) {
|
|
59
|
+
const raw = value?.entry_index;
|
|
60
|
+
return typeof raw === "number" && Number.isInteger(raw) ? raw : undefined;
|
|
61
|
+
}
|
|
62
|
+
function readPreviousEntryHash(value) {
|
|
63
|
+
const raw = value?.previous_entry_hash;
|
|
64
|
+
return typeof raw === "string" ? raw : undefined;
|
|
65
|
+
}
|
|
66
|
+
// Verify the tamper-evident hash chain over the CONTIGUOUS CHAINED SUFFIX of a
|
|
67
|
+
// parsed evidence ledger, tolerating and reporting a leading legacy un-chained
|
|
68
|
+
// prefix (spec: v1 tamper-evident ledger, Piece 2).
|
|
69
|
+
//
|
|
70
|
+
// For each chained entry at actual position `pos`:
|
|
71
|
+
// - `entry_index` MUST equal `pos` (monotonic, no gaps). A mismatch is an
|
|
72
|
+
// INDEX_GAP (gap / reorder / truncation) or a DUPLICATE_INDEX when the index
|
|
73
|
+
// was already seen.
|
|
74
|
+
// - `previous_entry_hash` MUST equal `computeLedgerEntryHash` of the
|
|
75
|
+
// immediately preceding entry — which may itself be the last LEGACY entry
|
|
76
|
+
// (the chain can start mid-ledger) — or the genesis sentinel at position 0.
|
|
77
|
+
// A mismatch is a CHAIN_BROKEN (an in-place edit of a prior entry breaks the
|
|
78
|
+
// NEXT entry's link; a truncation breaks the following entry's link).
|
|
79
|
+
//
|
|
80
|
+
// Pure: parsed lines in, result out. Does NOT verify signatures or schema (those
|
|
81
|
+
// are the existing per-event rules) — it only checks chain integrity.
|
|
82
|
+
export function verifyLedgerChain(lines) {
|
|
83
|
+
const errors = [];
|
|
84
|
+
// The legacy prefix: leading entries with NO chain fields. The chain starts at
|
|
85
|
+
// the first entry that carries chain fields.
|
|
86
|
+
let legacyPrefixCount = 0;
|
|
87
|
+
while (legacyPrefixCount < lines.length &&
|
|
88
|
+
!carriesChainFields(lines[legacyPrefixCount].value)) {
|
|
89
|
+
legacyPrefixCount += 1;
|
|
90
|
+
}
|
|
91
|
+
let verifiedEntries = 0;
|
|
92
|
+
const seenIndices = new Set();
|
|
93
|
+
for (let pos = legacyPrefixCount; pos < lines.length; pos += 1) {
|
|
94
|
+
const { line, value } = lines[pos];
|
|
95
|
+
const entryErrors = [];
|
|
96
|
+
const idx = readEntryIndex(value);
|
|
97
|
+
const prevHash = readPreviousEntryHash(value);
|
|
98
|
+
// An entry inside the chained suffix must carry BOTH fields.
|
|
99
|
+
if (idx === undefined || prevHash === undefined) {
|
|
100
|
+
entryErrors.push({
|
|
101
|
+
code: LedgerChainErrorCode.CHAIN_BROKEN,
|
|
102
|
+
line,
|
|
103
|
+
message: `chained ledger entry at position ${pos} is missing a chain field (entry_index/previous_entry_hash)`
|
|
104
|
+
});
|
|
105
|
+
}
|
|
106
|
+
else {
|
|
107
|
+
// entry_index must equal the entry's actual position.
|
|
108
|
+
if (idx !== pos) {
|
|
109
|
+
if (seenIndices.has(idx)) {
|
|
110
|
+
entryErrors.push({
|
|
111
|
+
code: LedgerChainErrorCode.DUPLICATE_INDEX,
|
|
112
|
+
line,
|
|
113
|
+
entry_index: idx,
|
|
114
|
+
message: `duplicate entry_index ${idx} at ledger position ${pos}`
|
|
115
|
+
});
|
|
116
|
+
}
|
|
117
|
+
else {
|
|
118
|
+
entryErrors.push({
|
|
119
|
+
code: LedgerChainErrorCode.INDEX_GAP,
|
|
120
|
+
line,
|
|
121
|
+
entry_index: idx,
|
|
122
|
+
message: `entry_index ${idx} does not match its ledger position ${pos} (gap, reorder, or truncation)`
|
|
123
|
+
});
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
else if (seenIndices.has(idx)) {
|
|
127
|
+
entryErrors.push({
|
|
128
|
+
code: LedgerChainErrorCode.DUPLICATE_INDEX,
|
|
129
|
+
line,
|
|
130
|
+
entry_index: idx,
|
|
131
|
+
message: `duplicate entry_index ${idx} at ledger position ${pos}`
|
|
132
|
+
});
|
|
133
|
+
}
|
|
134
|
+
seenIndices.add(idx);
|
|
135
|
+
// previous_entry_hash must match the hash of the immediately preceding
|
|
136
|
+
// entry (or the genesis sentinel at the very first ledger position).
|
|
137
|
+
const expectedPrev = pos === 0 ? GENESIS_ENTRY_HASH : computeLedgerEntryHash(lines[pos - 1].value);
|
|
138
|
+
if (prevHash !== expectedPrev) {
|
|
139
|
+
entryErrors.push({
|
|
140
|
+
code: LedgerChainErrorCode.CHAIN_BROKEN,
|
|
141
|
+
line,
|
|
142
|
+
entry_index: idx,
|
|
143
|
+
message: `previous_entry_hash does not match the preceding entry (chain broken at position ${pos})`
|
|
144
|
+
});
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
if (entryErrors.length === 0) {
|
|
148
|
+
verifiedEntries += 1;
|
|
149
|
+
}
|
|
150
|
+
else {
|
|
151
|
+
errors.push(...entryErrors);
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
return {
|
|
155
|
+
ok: errors.length === 0,
|
|
156
|
+
verified_entries: verifiedEntries,
|
|
157
|
+
legacy_prefix_count: legacyPrefixCount,
|
|
158
|
+
errors
|
|
159
|
+
};
|
|
160
|
+
}
|
|
161
|
+
// The trusted producer kind (spec 5.3 rule 4).
|
|
162
|
+
export const TRUSTED_CI_PRODUCER_KIND = "trusted-ci-prover";
|
|
163
|
+
// The only accepted verification result on an appended proof (spec 5.3 rule 5).
|
|
164
|
+
export const PROOF_PASS_RESULT = "pass";
|
|
165
|
+
// Stable error codes for every way the evidence ledger can be invalid
|
|
166
|
+
// (spec 5.3 / 5.4 / 7.1 and the section 11.4 evidence-laundering mutations).
|
|
167
|
+
export const EvidenceErrorCode = Object.freeze({
|
|
168
|
+
JSON_PARSE_ERROR: "JSON_PARSE_ERROR",
|
|
169
|
+
EVIDENCE_SCHEMA_INVALID: "EVIDENCE_SCHEMA_INVALID",
|
|
170
|
+
SIGNATURE_MISSING: "SIGNATURE_MISSING",
|
|
171
|
+
SIGNATURE_ALG_UNSUPPORTED: "SIGNATURE_ALG_UNSUPPORTED",
|
|
172
|
+
UNKNOWN_KEY_ID: "UNKNOWN_KEY_ID",
|
|
173
|
+
BAD_SIGNATURE: "BAD_SIGNATURE",
|
|
174
|
+
PRODUCER_NOT_TRUSTED: "PRODUCER_NOT_TRUSTED",
|
|
175
|
+
VERIFICATION_NOT_PASS: "VERIFICATION_NOT_PASS",
|
|
176
|
+
BINDING_SET_HASH_MISMATCH: "BINDING_SET_HASH_MISMATCH",
|
|
177
|
+
EVIDENCE_ROW_MISSING: "EVIDENCE_ROW_MISSING",
|
|
178
|
+
APPEND_ONLY_VIOLATION: "APPEND_ONLY_VIOLATION"
|
|
179
|
+
});
|
|
180
|
+
// Read evidence JSONL text into one parsed value per line (spec 5.4 step "parse").
|
|
181
|
+
//
|
|
182
|
+
// A trailing newline is tolerated; whitespace-only lines are skipped so an empty
|
|
183
|
+
// or newline-terminated file reads cleanly. Any line that fails JSON.parse is
|
|
184
|
+
// reported as a JSON_PARSE_ERROR carrying its 1-based line number; remaining
|
|
185
|
+
// lines are still read.
|
|
186
|
+
export function readEvidenceJsonl(text) {
|
|
187
|
+
const lines = [];
|
|
188
|
+
const errors = [];
|
|
189
|
+
const rawLines = text.split("\n");
|
|
190
|
+
for (let i = 0; i < rawLines.length; i += 1) {
|
|
191
|
+
const raw = rawLines[i];
|
|
192
|
+
if (raw.trim() === "") {
|
|
193
|
+
continue; // tolerate trailing newline / blank separators
|
|
194
|
+
}
|
|
195
|
+
const lineNo = i + 1;
|
|
196
|
+
try {
|
|
197
|
+
lines.push({ line: lineNo, value: JSON.parse(raw) });
|
|
198
|
+
}
|
|
199
|
+
catch (error) {
|
|
200
|
+
errors.push({
|
|
201
|
+
code: EvidenceErrorCode.JSON_PARSE_ERROR,
|
|
202
|
+
line: lineNo,
|
|
203
|
+
message: `line ${lineNo} is not valid JSON: ${error.message}`
|
|
204
|
+
});
|
|
205
|
+
}
|
|
206
|
+
}
|
|
207
|
+
return { lines, errors };
|
|
208
|
+
}
|
|
209
|
+
// Safe path read of producer.kind / verification.result / event_id / row_id from
|
|
210
|
+
// an arbitrary parsed value, so policy checks can emit precise codes even when the
|
|
211
|
+
// shape is only partially correct.
|
|
212
|
+
function readPath(value, keys) {
|
|
213
|
+
let cursor = value;
|
|
214
|
+
for (const key of keys) {
|
|
215
|
+
if (typeof cursor !== "object" || cursor === null) {
|
|
216
|
+
return undefined;
|
|
217
|
+
}
|
|
218
|
+
cursor = cursor[key];
|
|
219
|
+
}
|
|
220
|
+
return cursor;
|
|
221
|
+
}
|
|
222
|
+
// Validate a single parsed proof-event value against every Phase 5 rule.
|
|
223
|
+
//
|
|
224
|
+
// Order: schema (structural gate) -> signature -> producer/result policy ->
|
|
225
|
+
// internal binding_set_hash recompute -> optional row existence. The signature,
|
|
226
|
+
// policy, and hash checks are defensive (guarded by path reads) so a precise code
|
|
227
|
+
// is still emitted even when the schema also rejects the value.
|
|
228
|
+
export function validateProofEventValue(value, line, options) {
|
|
229
|
+
const errors = [];
|
|
230
|
+
const eventId = readPath(value, ["event_id"]);
|
|
231
|
+
const eventIdStr = typeof eventId === "string" ? eventId : undefined;
|
|
232
|
+
const rowId = readPath(value, ["row", "row_id"]);
|
|
233
|
+
const rowIdStr = typeof rowId === "string" ? rowId : undefined;
|
|
234
|
+
// Structural gate: the Phase 1 proof-event schema (spec 5.2). The schema's
|
|
235
|
+
// consts also enforce producer.kind and verification.result, but we still run
|
|
236
|
+
// the dedicated policy checks below for precise, spec-named error codes.
|
|
237
|
+
const schemaResult = validateProofEvent(value);
|
|
238
|
+
const schemaOk = schemaResult.ok;
|
|
239
|
+
if (!schemaOk) {
|
|
240
|
+
errors.push({
|
|
241
|
+
code: EvidenceErrorCode.EVIDENCE_SCHEMA_INVALID,
|
|
242
|
+
line,
|
|
243
|
+
message: `proof event failed schema: ${schemaResult.errors
|
|
244
|
+
.map((e) => `${e.instance_path} ${e.message}`.trim())
|
|
245
|
+
.join("; ")}`,
|
|
246
|
+
event_id: eventIdStr,
|
|
247
|
+
row_id: rowIdStr
|
|
248
|
+
});
|
|
249
|
+
}
|
|
250
|
+
// Signature (spec 5.3 rules 1-3). verifyEvent reports the precise reason.
|
|
251
|
+
const verifyResult = verifyEvent(value, options.publicKeyResolver);
|
|
252
|
+
if (!verifyResult.ok) {
|
|
253
|
+
errors.push({
|
|
254
|
+
code: verifyResult.code,
|
|
255
|
+
line,
|
|
256
|
+
message: verifyResult.message,
|
|
257
|
+
event_id: eventIdStr,
|
|
258
|
+
row_id: rowIdStr
|
|
259
|
+
});
|
|
260
|
+
}
|
|
261
|
+
// Producer must be trusted (spec 5.3 rule 4). Only emit the dedicated code when
|
|
262
|
+
// the field is present-but-wrong; an absent producer is covered by the schema.
|
|
263
|
+
const producerKind = readPath(value, ["producer", "kind"]);
|
|
264
|
+
if (producerKind !== undefined && producerKind !== TRUSTED_CI_PRODUCER_KIND) {
|
|
265
|
+
errors.push({
|
|
266
|
+
code: EvidenceErrorCode.PRODUCER_NOT_TRUSTED,
|
|
267
|
+
line,
|
|
268
|
+
message: `producer.kind is ${String(producerKind)}; only ${TRUSTED_CI_PRODUCER_KIND} may mint proof events`,
|
|
269
|
+
event_id: eventIdStr,
|
|
270
|
+
row_id: rowIdStr
|
|
271
|
+
});
|
|
272
|
+
}
|
|
273
|
+
// Verification result must be pass (spec 5.3 rules 5/6).
|
|
274
|
+
const verificationResult = readPath(value, ["verification", "result"]);
|
|
275
|
+
if (verificationResult !== undefined && verificationResult !== PROOF_PASS_RESULT) {
|
|
276
|
+
errors.push({
|
|
277
|
+
code: EvidenceErrorCode.VERIFICATION_NOT_PASS,
|
|
278
|
+
line,
|
|
279
|
+
message: `verification.result is ${String(verificationResult)}; only "${PROOF_PASS_RESULT}" proofs may be appended`,
|
|
280
|
+
event_id: eventIdStr,
|
|
281
|
+
row_id: rowIdStr
|
|
282
|
+
});
|
|
283
|
+
}
|
|
284
|
+
// Internal binding_set_hash recompute (spec 5.4). The embedded
|
|
285
|
+
// bindings.binding_set_hash must equal hash(bindings.items) for the row. A
|
|
286
|
+
// mismatch is INVALID (internally inconsistent), distinct from SUSPECT drift.
|
|
287
|
+
// Guarded by the schema so we only recompute over a well-formed bindings block.
|
|
288
|
+
if (schemaOk) {
|
|
289
|
+
const event = value;
|
|
290
|
+
// computeBindingSetHash whitelists hashed fields (spec 4.5), so the extra
|
|
291
|
+
// diagnostic fields on each item (line numbers) are ignored. The cast adds
|
|
292
|
+
// the index signature its input type expects.
|
|
293
|
+
const recomputed = computeBindingSetHash(event.row.row_id, event.bindings.items);
|
|
294
|
+
if (recomputed !== event.bindings.binding_set_hash) {
|
|
295
|
+
errors.push({
|
|
296
|
+
code: EvidenceErrorCode.BINDING_SET_HASH_MISMATCH,
|
|
297
|
+
line,
|
|
298
|
+
message: `binding_set_hash ${event.bindings.binding_set_hash} does not recompute from items (got ${recomputed})`,
|
|
299
|
+
event_id: eventIdStr,
|
|
300
|
+
row_id: rowIdStr
|
|
301
|
+
});
|
|
302
|
+
}
|
|
303
|
+
// Optional: proof event row id must exist (spec 5.4 validate-ledger step 10).
|
|
304
|
+
if (options.yamlRowIds && !options.yamlRowIds.has(event.row.row_id)) {
|
|
305
|
+
errors.push({
|
|
306
|
+
code: EvidenceErrorCode.EVIDENCE_ROW_MISSING,
|
|
307
|
+
line,
|
|
308
|
+
message: `proof event row_id ${event.row.row_id} is not a known YAML row`,
|
|
309
|
+
event_id: eventIdStr,
|
|
310
|
+
row_id: event.row.row_id
|
|
311
|
+
});
|
|
312
|
+
}
|
|
313
|
+
}
|
|
314
|
+
const ok = errors.length === 0;
|
|
315
|
+
return { ok, errors, event: ok ? value : null };
|
|
316
|
+
}
|
|
317
|
+
// Validate a full evidence ledger: JSONL parse, proof-event schema, signature,
|
|
318
|
+
// producer/result policy, internal binding_set_hash recompute, optional row
|
|
319
|
+
// existence, and (when a base ref is supplied) append-only discipline.
|
|
320
|
+
//
|
|
321
|
+
// Pure: pass the current ledger text and the old base-ref text. Returns precise
|
|
322
|
+
// error codes plus a count summary. Does NOT compare embedded span hashes to
|
|
323
|
+
// current code (spec 5.4 "must not" — that is SUSPECT and Phase 6's job).
|
|
324
|
+
export function validateEvidenceLedger(text, options) {
|
|
325
|
+
const read = readEvidenceJsonl(text);
|
|
326
|
+
const errors = [...read.errors];
|
|
327
|
+
const events = [];
|
|
328
|
+
// Append-only discipline relative to the base ref (spec 5.4 step 4). Reuses the
|
|
329
|
+
// Phase 3 pure check; line-based so an edit or delete of any existing line is a
|
|
330
|
+
// violation.
|
|
331
|
+
let appendOnlyOk = true;
|
|
332
|
+
if (options.baseRefOldText !== undefined) {
|
|
333
|
+
const result = appendOnly(splitJsonlLines(options.baseRefOldText), splitJsonlLines(text));
|
|
334
|
+
if (!result.ok) {
|
|
335
|
+
appendOnlyOk = false;
|
|
336
|
+
errors.push({
|
|
337
|
+
code: EvidenceErrorCode.APPEND_ONLY_VIOLATION,
|
|
338
|
+
line: result.violation.index + 1,
|
|
339
|
+
message: result.violation.message
|
|
340
|
+
});
|
|
341
|
+
}
|
|
342
|
+
}
|
|
343
|
+
let validCount = 0;
|
|
344
|
+
for (const { line, value } of read.lines) {
|
|
345
|
+
const result = validateProofEventValue(value, line, {
|
|
346
|
+
publicKeyResolver: options.publicKeyResolver,
|
|
347
|
+
yamlRowIds: options.yamlRowIds
|
|
348
|
+
});
|
|
349
|
+
if (result.ok && result.event) {
|
|
350
|
+
events.push(result.event);
|
|
351
|
+
validCount += 1;
|
|
352
|
+
}
|
|
353
|
+
else {
|
|
354
|
+
errors.push(...result.errors);
|
|
355
|
+
}
|
|
356
|
+
}
|
|
357
|
+
const errorsByCode = {};
|
|
358
|
+
for (const error of errors) {
|
|
359
|
+
errorsByCode[error.code] = (errorsByCode[error.code] ?? 0) + 1;
|
|
360
|
+
}
|
|
361
|
+
const checked = read.lines.length;
|
|
362
|
+
const summary = {
|
|
363
|
+
proof_events_checked: checked,
|
|
364
|
+
proof_events_valid: validCount,
|
|
365
|
+
proof_events_invalid: checked - validCount,
|
|
366
|
+
append_only: appendOnlyOk,
|
|
367
|
+
errors_by_code: errorsByCode
|
|
368
|
+
};
|
|
369
|
+
return {
|
|
370
|
+
ok: errors.length === 0,
|
|
371
|
+
errors,
|
|
372
|
+
events,
|
|
373
|
+
append_only: appendOnlyOk,
|
|
374
|
+
summary
|
|
375
|
+
};
|
|
376
|
+
}
|
|
377
|
+
// Convenience: read the evidence file's base-ref version via git and validate the
|
|
378
|
+
// current text against it. Thin and impure — reuses Phase 3's `readBaseRefFile`
|
|
379
|
+
// (returns "" when the file is newly added at the base ref).
|
|
380
|
+
export function validateEvidenceLedgerAgainstBaseRef(text, baseRef, path, options) {
|
|
381
|
+
const baseRefOldText = readBaseRefFile(baseRef, path, {
|
|
382
|
+
cwd: options.cwd,
|
|
383
|
+
runner: options.runner
|
|
384
|
+
});
|
|
385
|
+
return validateEvidenceLedger(text, {
|
|
386
|
+
publicKeyResolver: options.publicKeyResolver,
|
|
387
|
+
yamlRowIds: options.yamlRowIds,
|
|
388
|
+
baseRefOldText
|
|
389
|
+
});
|
|
390
|
+
}
|
|
391
|
+
//# sourceMappingURL=evidenceLedger.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"evidenceLedger.js","sourceRoot":"","sources":["../../src/markers/evidenceLedger.ts"],"names":[],"mappings":"AAAA,wDAAwD;AACxD,EAAE;AACF,2EAA2E;AAC3E,iFAAiF;AACjF,6EAA6E;AAC7E,uCAAuC;AACvC,qDAAqD;AACrD,iEAAiE;AACjE,4EAA4E;AAC5E,4EAA4E;AAC5E,oEAAoE;AACpE,4EAA4E;AAC5E,EAAE;AACF,uEAAuE;AACvE,+EAA+E;AAC/E,2EAA2E;AAC3E,EAAE;AACF,4EAA4E;AAC5E,qFAAqF;AACrF,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAEzD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,EACL,UAAU,EACV,eAAe,EACf,eAAe,EAEhB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,WAAW,EAA0B,MAAM,qBAAqB,CAAC;AA8E1E,gFAAgF;AAChF,+EAA+E;AAC/E,mEAAmE;AACnE,MAAM,CAAC,MAAM,kBAAkB,GAAG,UAAU,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC;AAE7D,+EAA+E;AAC/E,8EAA8E;AAC9E,8EAA8E;AAC9E,sEAAsE;AACtE,MAAM,UAAU,sBAAsB,CAAC,KAAc;IACnD,OAAO,mBAAmB,CAAC,KAAK,CAAC,CAAC;AACpC,CAAC;AAED,gFAAgF;AAChF,EAAE;AACF,0EAA0E;AAC1E,gFAAgF;AAChF,6EAA6E;AAC7E,6EAA6E;AAC7E,mEAAmE;AACnE,MAAM,CAAC,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,CAAC;IAChD,YAAY,EAAE,yBAAyB;IACvC,SAAS,EAAE,sBAAsB;IACjC,eAAe,EAAE,4BAA4B;CACrC,CAAC,CAAC;AAuBZ,8EAA8E;AAC9E,2EAA2E;AAC3E,6EAA6E;AAC7E,SAAS,kBAAkB,CAAC,KAAc;IACxC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QAChD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,MAAM,GAAG,KAAgC,CAAC;IAChD,OAAO,MAAM,CAAC,WAAW,KAAK,SAAS,IAAI,MAAM,CAAC,mBAAmB,KAAK,SAAS,CAAC;AACtF,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,MAAM,GAAG,GAAI,KAAwC,EAAE,WAAW,CAAC;IACnE,OAAO,OAAO,GAAG,KAAK,QAAQ,IAAI,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;AAC5E,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAc;IAC3C,MAAM,GAAG,GAAI,KAAwC,EAAE,mBAAmB,CAAC;IAC3E,OAAO,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;AACnD,CAAC;AAED,+EAA+E;AAC/E,+EAA+E;AAC/E,oDAAoD;AACpD,EAAE;AACF,mDAAmD;AACnD,4EAA4E;AAC5E,iFAAiF;AACjF,wBAAwB;AACxB,uEAAuE;AACvE,8EAA8E;AAC9E,gFAAgF;AAChF,iFAAiF;AACjF,0EAA0E;AAC1E,EAAE;AACF,iFAAiF;AACjF,sEAAsE;AACtE,MAAM,UAAU,iBAAiB,CAAC,KAA8B;IAC9D,MAAM,MAAM,GAAuB,EAAE,CAAC;IAEtC,+EAA+E;IAC/E,6CAA6C;IAC7C,IAAI,iBAAiB,GAAG,CAAC,CAAC;IAC1B,OACE,iBAAiB,GAAG,KAAK,CAAC,MAAM;QAChC,CAAC,kBAAkB,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,KAAK,CAAC,EACnD,CAAC;QACD,iBAAiB,IAAI,CAAC,CAAC;IACzB,CAAC;IAED,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IAEtC,KAAK,IAAI,GAAG,GAAG,iBAAiB,EAAE,GAAG,GAAG,KAAK,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QAC/D,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC;QACnC,MAAM,WAAW,GAAuB,EAAE,CAAC;QAE3C,MAAM,GAAG,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QAClC,MAAM,QAAQ,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC;QAE9C,6DAA6D;QAC7D,IAAI,GAAG,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAChD,WAAW,CAAC,IAAI,CAAC;gBACf,IAAI,EAAE,oBAAoB,CAAC,YAAY;gBACvC,IAAI;gBACJ,OAAO,EAAE,oCAAoC,GAAG,6DAA6D;aAC9G,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,sDAAsD;YACtD,IAAI,GAAG,KAAK,GAAG,EAAE,CAAC;gBAChB,IAAI,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBACzB,WAAW,CAAC,IAAI,CAAC;wBACf,IAAI,EAAE,oBAAoB,CAAC,eAAe;wBAC1C,IAAI;wBACJ,WAAW,EAAE,GAAG;wBAChB,OAAO,EAAE,yBAAyB,GAAG,uBAAuB,GAAG,EAAE;qBAClE,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,WAAW,CAAC,IAAI,CAAC;wBACf,IAAI,EAAE,oBAAoB,CAAC,SAAS;wBACpC,IAAI;wBACJ,WAAW,EAAE,GAAG;wBAChB,OAAO,EAAE,eAAe,GAAG,uCAAuC,GAAG,gCAAgC;qBACtG,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;iBAAM,IAAI,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChC,WAAW,CAAC,IAAI,CAAC;oBACf,IAAI,EAAE,oBAAoB,CAAC,eAAe;oBAC1C,IAAI;oBACJ,WAAW,EAAE,GAAG;oBAChB,OAAO,EAAE,yBAAyB,GAAG,uBAAuB,GAAG,EAAE;iBAClE,CAAC,CAAC;YACL,CAAC;YACD,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAErB,uEAAuE;YACvE,qEAAqE;YACrE,MAAM,YAAY,GAChB,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,sBAAsB,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;YAChF,IAAI,QAAQ,KAAK,YAAY,EAAE,CAAC;gBAC9B,WAAW,CAAC,IAAI,CAAC;oBACf,IAAI,EAAE,oBAAoB,CAAC,YAAY;oBACvC,IAAI;oBACJ,WAAW,EAAE,GAAG;oBAChB,OAAO,EAAE,oFAAoF,GAAG,GAAG;iBACpG,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,eAAe,IAAI,CAAC,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QACvB,gBAAgB,EAAE,eAAe;QACjC,mBAAmB,EAAE,iBAAiB;QACtC,MAAM;KACP,CAAC;AACJ,CAAC;AAED,+CAA+C;AAC/C,MAAM,CAAC,MAAM,wBAAwB,GAAG,mBAAmB,CAAC;AAC5D,gFAAgF;AAChF,MAAM,CAAC,MAAM,iBAAiB,GAAG,MAAM,CAAC;AAExC,sEAAsE;AACtE,6EAA6E;AAC7E,MAAM,CAAC,MAAM,iBAAiB,GAAG,MAAM,CAAC,MAAM,CAAC;IAC7C,gBAAgB,EAAE,kBAAkB;IACpC,uBAAuB,EAAE,yBAAyB;IAClD,iBAAiB,EAAE,mBAAmB;IACtC,yBAAyB,EAAE,2BAA2B;IACtD,cAAc,EAAE,gBAAgB;IAChC,aAAa,EAAE,eAAe;IAC9B,oBAAoB,EAAE,sBAAsB;IAC5C,qBAAqB,EAAE,uBAAuB;IAC9C,yBAAyB,EAAE,2BAA2B;IACtD,oBAAoB,EAAE,sBAAsB;IAC5C,qBAAqB,EAAE,uBAAuB;CACtC,CAAC,CAAC;AAuBZ,mFAAmF;AACnF,EAAE;AACF,iFAAiF;AACjF,8EAA8E;AAC9E,6EAA6E;AAC7E,wBAAwB;AACxB,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,MAAM,KAAK,GAAmB,EAAE,CAAC;IACjC,MAAM,MAAM,GAAoB,EAAE,CAAC;IACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5C,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YACtB,SAAS,CAAC,+CAA+C;QAC3D,CAAC;QACD,MAAM,MAAM,GAAG,CAAC,GAAG,CAAC,CAAC;QACrB,IAAI,CAAC;YACH,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAY,EAAE,CAAC,CAAC;QAClE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,iBAAiB,CAAC,gBAAgB;gBACxC,IAAI,EAAE,MAAM;gBACZ,OAAO,EAAE,QAAQ,MAAM,uBAAwB,KAAe,CAAC,OAAO,EAAE;aACzE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;AAC3B,CAAC;AAED,iFAAiF;AACjF,mFAAmF;AACnF,mCAAmC;AACnC,SAAS,QAAQ,CAAC,KAAc,EAAE,IAAc;IAC9C,IAAI,MAAM,GAAY,KAAK,CAAC;IAC5B,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YAClD,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,GAAI,MAAkC,CAAC,GAAG,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAaD,yEAAyE;AACzE,EAAE;AACF,4EAA4E;AAC5E,gFAAgF;AAChF,kFAAkF;AAClF,gEAAgE;AAChE,MAAM,UAAU,uBAAuB,CACrC,KAAc,EACd,IAAmB,EACnB,OAAkC;IAElC,MAAM,MAAM,GAAoB,EAAE,CAAC;IACnC,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC;IAC9C,MAAM,UAAU,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;IACrE,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,EAAE,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;IACjD,MAAM,QAAQ,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;IAE/D,2EAA2E;IAC3E,8EAA8E;IAC9E,yEAAyE;IACzE,MAAM,YAAY,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAC/C,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,CAAC;IACjC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,iBAAiB,CAAC,uBAAuB;YAC/C,IAAI;YACJ,OAAO,EAAE,8BAA8B,YAAY,CAAC,MAAM;iBACvD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,aAAa,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,CAAC;iBACpD,IAAI,CAAC,IAAI,CAAC,EAAE;YACf,QAAQ,EAAE,UAAU;YACpB,MAAM,EAAE,QAAQ;SACjB,CAAC,CAAC;IACL,CAAC;IAED,0EAA0E;IAC1E,MAAM,YAAY,GAAG,WAAW,CAAC,KAAgC,EAAE,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAC9F,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;QACrB,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,YAAY,CAAC,IAAI;YACvB,IAAI;YACJ,OAAO,EAAE,YAAY,CAAC,OAAO;YAC7B,QAAQ,EAAE,UAAU;YACpB,MAAM,EAAE,QAAQ;SACjB,CAAC,CAAC;IACL,CAAC;IAED,gFAAgF;IAChF,+EAA+E;IAC/E,MAAM,YAAY,GAAG,QAAQ,CAAC,KAAK,EAAE,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;IAC3D,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,KAAK,wBAAwB,EAAE,CAAC;QAC5E,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,iBAAiB,CAAC,oBAAoB;YAC5C,IAAI;YACJ,OAAO,EAAE,oBAAoB,MAAM,CAAC,YAAY,CAAC,UAAU,wBAAwB,wBAAwB;YAC3G,QAAQ,EAAE,UAAU;YACpB,MAAM,EAAE,QAAQ;SACjB,CAAC,CAAC;IACL,CAAC;IAED,yDAAyD;IACzD,MAAM,kBAAkB,GAAG,QAAQ,CAAC,KAAK,EAAE,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC,CAAC;IACvE,IAAI,kBAAkB,KAAK,SAAS,IAAI,kBAAkB,KAAK,iBAAiB,EAAE,CAAC;QACjF,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,iBAAiB,CAAC,qBAAqB;YAC7C,IAAI;YACJ,OAAO,EAAE,0BAA0B,MAAM,CAAC,kBAAkB,CAAC,WAAW,iBAAiB,0BAA0B;YACnH,QAAQ,EAAE,UAAU;YACpB,MAAM,EAAE,QAAQ;SACjB,CAAC,CAAC;IACL,CAAC;IAED,+DAA+D;IAC/D,2EAA2E;IAC3E,8EAA8E;IAC9E,gFAAgF;IAChF,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,KAAK,GAAG,KAAmB,CAAC;QAClC,0EAA0E;QAC1E,2EAA2E;QAC3E,8CAA8C;QAC9C,MAAM,UAAU,GAAG,qBAAqB,CACtC,KAAK,CAAC,GAAG,CAAC,MAAM,EAChB,KAAK,CAAC,QAAQ,CAAC,KAAqE,CACrF,CAAC;QACF,IAAI,UAAU,KAAK,KAAK,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC;YACnD,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,iBAAiB,CAAC,yBAAyB;gBACjD,IAAI;gBACJ,OAAO,EAAE,oBAAoB,KAAK,CAAC,QAAQ,CAAC,gBAAgB,uCAAuC,UAAU,GAAG;gBAChH,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,QAAQ;aACjB,CAAC,CAAC;QACL,CAAC;QACD,8EAA8E;QAC9E,IAAI,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACpE,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,iBAAiB,CAAC,oBAAoB;gBAC5C,IAAI;gBACJ,OAAO,EAAE,sBAAsB,KAAK,CAAC,GAAG,CAAC,MAAM,0BAA0B;gBACzE,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,MAAM;aACzB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC;IAC/B,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC,CAAE,KAAoB,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;AAClE,CAAC;AA2BD,+EAA+E;AAC/E,4EAA4E;AAC5E,uEAAuE;AACvE,EAAE;AACF,gFAAgF;AAChF,6EAA6E;AAC7E,0EAA0E;AAC1E,MAAM,UAAU,sBAAsB,CACpC,IAAY,EACZ,OAAsC;IAEtC,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACrC,MAAM,MAAM,GAAoB,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,MAAM,GAAiB,EAAE,CAAC;IAEhC,gFAAgF;IAChF,gFAAgF;IAChF,aAAa;IACb,IAAI,YAAY,GAAG,IAAI,CAAC;IACxB,IAAI,OAAO,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;QACzC,MAAM,MAAM,GAAG,UAAU,CACvB,eAAe,CAAC,OAAO,CAAC,cAAc,CAAC,EACvC,eAAe,CAAC,IAAI,CAAC,CACtB,CAAC;QACF,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,YAAY,GAAG,KAAK,CAAC;YACrB,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,iBAAiB,CAAC,qBAAqB;gBAC7C,IAAI,EAAE,MAAM,CAAC,SAAS,CAAC,KAAK,GAAG,CAAC;gBAChC,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO;aAClC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,KAAK,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QACzC,MAAM,MAAM,GAAG,uBAAuB,CAAC,KAAK,EAAE,IAAI,EAAE;YAClD,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;YAC5C,UAAU,EAAE,OAAO,CAAC,UAAU;SAC/B,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,EAAE,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC1B,UAAU,IAAI,CAAC,CAAC;QAClB,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,MAAM,YAAY,GAA2B,EAAE,CAAC;IAChD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACjE,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;IAClC,MAAM,OAAO,GAA0B;QACrC,oBAAoB,EAAE,OAAO;QAC7B,kBAAkB,EAAE,UAAU;QAC9B,oBAAoB,EAAE,OAAO,GAAG,UAAU;QAC1C,WAAW,EAAE,YAAY;QACzB,cAAc,EAAE,YAAY;KAC7B,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QACvB,MAAM;QACN,MAAM;QACN,WAAW,EAAE,YAAY;QACzB,OAAO;KACR,CAAC;AACJ,CAAC;AAED,kFAAkF;AAClF,gFAAgF;AAChF,6DAA6D;AAC7D,MAAM,UAAU,oCAAoC,CAClD,IAAY,EACZ,OAAe,EACf,IAAY,EACZ,OAGsB;IAEtB,MAAM,cAAc,GAAG,eAAe,CAAC,OAAO,EAAE,IAAI,EAAE;QACpD,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAC,CAAC;IACH,OAAO,sBAAsB,CAAC,IAAI,EAAE;QAClC,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;QAC5C,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,cAAc;KACf,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,125 @@
|
|
|
1
|
+
import { STATUS_SCHEMA_ID } from "./constants.js";
|
|
2
|
+
import { type ProofEvent } from "./evidenceLedger.js";
|
|
3
|
+
import type { MaterializedRegistry } from "./registry.js";
|
|
4
|
+
import type { ScanResult } from "./scanner.js";
|
|
5
|
+
export type RowStatus = "FRESH" | "SUSPECT" | "UNPROVEN" | "UNBOUND" | "INVALID";
|
|
6
|
+
export type PolicyMode = "feature" | "release" | "custom";
|
|
7
|
+
export type LocalStatus = "VERIFIED_LOCAL" | "STALE_LOCAL" | "UNVERIFIED_LOCAL";
|
|
8
|
+
export interface LocalVerificationResult {
|
|
9
|
+
row_id: string;
|
|
10
|
+
context_hash: string;
|
|
11
|
+
binding_set_hash: string;
|
|
12
|
+
passed: boolean;
|
|
13
|
+
}
|
|
14
|
+
export interface FreshnessInputRow {
|
|
15
|
+
row_id: string;
|
|
16
|
+
verification_policy: unknown;
|
|
17
|
+
approval_policy: unknown;
|
|
18
|
+
[key: string]: unknown;
|
|
19
|
+
}
|
|
20
|
+
export interface PolicyDecisionContext {
|
|
21
|
+
row_id: string;
|
|
22
|
+
status: RowStatus;
|
|
23
|
+
required_for_release: boolean;
|
|
24
|
+
is_invalid: boolean;
|
|
25
|
+
}
|
|
26
|
+
export type CustomPolicyPredicate = (context: PolicyDecisionContext) => boolean;
|
|
27
|
+
export interface ReleaseGatePolicy {
|
|
28
|
+
required_authority?: "ci";
|
|
29
|
+
require_protected_ref?: boolean;
|
|
30
|
+
}
|
|
31
|
+
export interface DeriveFreshnessInput {
|
|
32
|
+
rows: ReadonlyArray<FreshnessInputRow>;
|
|
33
|
+
registry: MaterializedRegistry;
|
|
34
|
+
scan: ScanResult;
|
|
35
|
+
evidence: ReadonlyArray<ProofEvent>;
|
|
36
|
+
policy_mode: PolicyMode;
|
|
37
|
+
custom_policy?: CustomPolicyPredicate;
|
|
38
|
+
release_gate?: ReleaseGatePolicy;
|
|
39
|
+
current_context_hashes?: ReadonlyMap<string, string>;
|
|
40
|
+
local_results?: ReadonlyArray<LocalVerificationResult>;
|
|
41
|
+
generated_at: string;
|
|
42
|
+
product_root?: string;
|
|
43
|
+
tool?: {
|
|
44
|
+
name: string;
|
|
45
|
+
version: string;
|
|
46
|
+
};
|
|
47
|
+
global_integrity_errors?: ReadonlyArray<Record<string, unknown>>;
|
|
48
|
+
}
|
|
49
|
+
export interface FreshnessReason {
|
|
50
|
+
code: string;
|
|
51
|
+
binding_slug?: string;
|
|
52
|
+
expected_span_sha256?: string;
|
|
53
|
+
actual_span_sha256?: string;
|
|
54
|
+
expected_file_path?: string;
|
|
55
|
+
actual_file_path?: string;
|
|
56
|
+
message?: string;
|
|
57
|
+
}
|
|
58
|
+
export interface ProofRef {
|
|
59
|
+
event_id: string;
|
|
60
|
+
created_at: string;
|
|
61
|
+
commit: string;
|
|
62
|
+
}
|
|
63
|
+
export interface CurrentBindingOut {
|
|
64
|
+
binding_slug: string;
|
|
65
|
+
file_path: string;
|
|
66
|
+
extent_kind: "explicit" | "swift_func_inferred";
|
|
67
|
+
recognizer_id: string;
|
|
68
|
+
span_canon_id: string;
|
|
69
|
+
span_sha256: string;
|
|
70
|
+
span_start_line: number;
|
|
71
|
+
span_end_line: number;
|
|
72
|
+
}
|
|
73
|
+
export interface IntegrityErrorOut {
|
|
74
|
+
code: string;
|
|
75
|
+
row_id?: string;
|
|
76
|
+
binding_slug?: string;
|
|
77
|
+
file_path?: string;
|
|
78
|
+
line?: number;
|
|
79
|
+
message?: string;
|
|
80
|
+
}
|
|
81
|
+
export interface FreshnessRowOut {
|
|
82
|
+
row_id: string;
|
|
83
|
+
row_hash?: string;
|
|
84
|
+
verification_policy_hash?: string;
|
|
85
|
+
approval_policy_hash?: string;
|
|
86
|
+
status: RowStatus;
|
|
87
|
+
policy_block: boolean;
|
|
88
|
+
reasons: FreshnessReason[];
|
|
89
|
+
known_binding_slugs: string[];
|
|
90
|
+
current_binding_slugs: string[];
|
|
91
|
+
missing_registered_binding_slugs: string[];
|
|
92
|
+
unregistered_current_binding_slugs: string[];
|
|
93
|
+
current_binding_set_hash?: string;
|
|
94
|
+
current_bindings: CurrentBindingOut[];
|
|
95
|
+
matching_proof_event: ProofRef | null;
|
|
96
|
+
latest_trusted_proof_event: ProofRef | null;
|
|
97
|
+
required_action: string | null;
|
|
98
|
+
required_for_release?: boolean;
|
|
99
|
+
local_status?: LocalStatus | null;
|
|
100
|
+
local_reason?: string | null;
|
|
101
|
+
}
|
|
102
|
+
export interface FreshnessSummary {
|
|
103
|
+
fresh: number;
|
|
104
|
+
suspect: number;
|
|
105
|
+
unproven: number;
|
|
106
|
+
unbound: number;
|
|
107
|
+
invalid: number;
|
|
108
|
+
policy_blocked: number;
|
|
109
|
+
}
|
|
110
|
+
export interface FreshnessStatus {
|
|
111
|
+
schema: typeof STATUS_SCHEMA_ID;
|
|
112
|
+
generated_at: string;
|
|
113
|
+
tool: {
|
|
114
|
+
name: string;
|
|
115
|
+
version: string;
|
|
116
|
+
};
|
|
117
|
+
product_root: string;
|
|
118
|
+
policy_mode: PolicyMode;
|
|
119
|
+
guard_ok: boolean;
|
|
120
|
+
summary: FreshnessSummary;
|
|
121
|
+
integrity_errors: IntegrityErrorOut[];
|
|
122
|
+
rows: FreshnessRowOut[];
|
|
123
|
+
}
|
|
124
|
+
export declare function deriveFreshness(input: DeriveFreshnessInput): FreshnessStatus;
|
|
125
|
+
//# sourceMappingURL=freshness.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"freshness.d.ts","sourceRoot":"","sources":["../../src/markers/freshness.ts"],"names":[],"mappings":"AAoBA,OAAO,EAAiB,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAEjE,OAAO,EAAqB,KAAK,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEzE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAC1D,OAAO,KAAK,EAAqC,UAAU,EAAE,MAAM,cAAc,CAAC;AAElF,MAAM,MAAM,SAAS,GAAG,OAAO,GAAG,SAAS,GAAG,UAAU,GAAG,SAAS,GAAG,SAAS,CAAC;AACjF,MAAM,MAAM,UAAU,GAAG,SAAS,GAAG,SAAS,GAAG,QAAQ,CAAC;AAY1D,MAAM,MAAM,WAAW,GAAG,gBAAgB,GAAG,aAAa,GAAG,kBAAkB,CAAC;AAMhF,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,MAAM,CAAC;IACzB,MAAM,EAAE,OAAO,CAAC;CACjB;AAKD,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,mBAAmB,EAAE,OAAO,CAAC;IAC7B,eAAe,EAAE,OAAO,CAAC;IACzB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAGD,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,SAAS,CAAC;IAClB,oBAAoB,EAAE,OAAO,CAAC;IAC9B,UAAU,EAAE,OAAO,CAAC;CACrB;AAED,MAAM,MAAM,qBAAqB,GAAG,CAAC,OAAO,EAAE,qBAAqB,KAAK,OAAO,CAAC;AAchF,MAAM,WAAW,iBAAiB;IAIhC,kBAAkB,CAAC,EAAE,IAAI,CAAC;IAI1B,qBAAqB,CAAC,EAAE,OAAO,CAAC;CACjC;AAED,MAAM,WAAW,oBAAoB;IAEnC,IAAI,EAAE,aAAa,CAAC,iBAAiB,CAAC,CAAC;IAEvC,QAAQ,EAAE,oBAAoB,CAAC;IAE/B,IAAI,EAAE,UAAU,CAAC;IAEjB,QAAQ,EAAE,aAAa,CAAC,UAAU,CAAC,CAAC;IACpC,WAAW,EAAE,UAAU,CAAC;IAExB,aAAa,CAAC,EAAE,qBAAqB,CAAC;IAGtC,YAAY,CAAC,EAAE,iBAAiB,CAAC;IAQjC,sBAAsB,CAAC,EAAE,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAKrD,aAAa,CAAC,EAAE,aAAa,CAAC,uBAAuB,CAAC,CAAC;IAEvD,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,IAAI,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAGzC,uBAAuB,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;CAClE;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,QAAQ;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,UAAU,GAAG,qBAAqB,CAAC;IAChD,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,EAAE,SAAS,CAAC;IAClB,YAAY,EAAE,OAAO,CAAC;IACtB,OAAO,EAAE,eAAe,EAAE,CAAC;IAC3B,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,gCAAgC,EAAE,MAAM,EAAE,CAAC;IAC3C,kCAAkC,EAAE,MAAM,EAAE,CAAC;IAC7C,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,gBAAgB,EAAE,iBAAiB,EAAE,CAAC;IACtC,oBAAoB,EAAE,QAAQ,GAAG,IAAI,CAAC;IACtC,0BAA0B,EAAE,QAAQ,GAAG,IAAI,CAAC;IAC5C,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAI/B,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAI/B,YAAY,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B;AAED,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,OAAO,gBAAgB,CAAC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IACxC,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,UAAU,CAAC;IACxB,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,gBAAgB,CAAC;IAC1B,gBAAgB,EAAE,iBAAiB,EAAE,CAAC;IACtC,IAAI,EAAE,eAAe,EAAE,CAAC;CACzB;AAiUD,wBAAgB,eAAe,CAAC,KAAK,EAAE,oBAAoB,GAAG,eAAe,CAuW5E"}
|