@agent-assembly/sdk 0.0.1-beta.2 → 0.0.1-beta.4

package/dist/cjs/native/client.js

@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.NativeDisconnectError = exports.NativeQueryPolicyError = exports.NativeSendEventError = exports.NativeConnectError = void 0;
+exports.NativeDisconnectError = exports.NativeRegisterError = exports.NativeQueryPolicyError = exports.NativeSendEventError = exports.NativeConnectError = void 0;
 exports.createNativeClient = createNativeClient;
 const node_module_1 = require("node:module");
 const node_path_1 = __importDefault(require("node:path"));
@@ -11,6 +11,7 @@ const NATIVE_BINDING_SINGLETON_KEY = Symbol.for("@agent-assembly/sdk/native-bind
 const ERROR_CONNECT = "AA_ERR_CONNECT";
 const ERROR_SEND_EVENT = "AA_ERR_SEND_EVENT";
 const ERROR_QUERY_POLICY = "AA_ERR_QUERY_POLICY";
+const ERROR_REGISTER = "AA_ERR_REGISTER";
 const ERROR_DISCONNECT = "AA_ERR_DISCONNECT";
 class NativeConnectError extends Error {
     code = ERROR_CONNECT;
@@ -24,10 +25,33 @@ class NativeQueryPolicyError extends Error {
     code = ERROR_QUERY_POLICY;
 }
 exports.NativeQueryPolicyError = NativeQueryPolicyError;
+class NativeRegisterError extends Error {
+    code = ERROR_REGISTER;
+}
+exports.NativeRegisterError = NativeRegisterError;
 class NativeDisconnectError extends Error {
     code = ERROR_DISCONNECT;
 }
 exports.NativeDisconnectError = NativeDisconnectError;
+/**
+ * Translate the native `{decision, reason}` verdict into the SDK's
+ * `PolicyResult`. Only `"deny"` blocks; `"pending"` routes to the approval
+ * path; `"allow"` / `"redact"` / any unrecognized value proceed. This mirrors
+ * the shared enforcement contract across the Python / Go / Node SDKs.
+ *
+ * The native primitive already fails open (returns `"allow"`) when the runtime
+ * is unreachable or too slow, so a missing or degraded runtime never blocks.
+ */
+function mapDecisionToPolicyResult(verdict) {
+    switch (verdict.decision) {
+        case "deny":
+            return { denied: true, pending: false, reason: verdict.reason };
+        case "pending":
+            return { denied: false, pending: true, reason: verdict.reason };
+        default:
+            return { denied: false, pending: false };
+    }
+}
 function mapNativeError(error) {
     if (!(error instanceof Error)) {
         return new Error(String(error));
@@ -43,6 +67,9 @@ function mapNativeError(error) {
     if (code === ERROR_QUERY_POLICY) {
         return new NativeQueryPolicyError(detail);
     }
+    if (code === ERROR_REGISTER) {
+        return new NativeRegisterError(detail);
+    }
     if (code === ERROR_DISCONNECT) {
         return new NativeDisconnectError(detail);
     }
@@ -51,9 +78,7 @@ function mapNativeError(error) {
 function loadNativeBinding() {
     const shouldUseCache = process.env.VITEST !== "true";
     const globalObject = globalThis;
-    const cachedBinding = shouldUseCache
-        ? globalObject[NATIVE_BINDING_SINGLETON_KEY]
-        : undefined;
+    const cachedBinding = shouldUseCache ? globalObject[NATIVE_BINDING_SINGLETON_KEY] : undefined;
     if (cachedBinding) {
         return cachedBinding;
     }
@@ -85,7 +110,11 @@ function createNativeClient(options) {
             mode,
             close: async () => undefined,
             sendEvent: () => undefined,
-            queryPolicy: async () => ({ denied: false, pending: false })
+            queryPolicy: async () => ({ denied: false, pending: false }),
+            // No native session to register against off the in-process path; the
+            // gRPC sidecar registers the agent in its own process. Resolve neutrally
+            // so init never blocks on a transport that does not own a handle.
+            register: async () => ""
         };
     }
     const binding = loadNativeBinding();
@@ -94,19 +123,17 @@ function createNativeClient(options) {
     let activeHandle;
     let pendingSendError;
     const getHandle = async () => {
-        if (!handlePromise) {
-            handlePromise = binding
-                .connect(socketPath)
-                .then((handle) => {
-                activeHandle = handle;
-                return handle;
-            })
-                .catch((error) => {
-                handlePromise = undefined;
-                activeHandle = undefined;
-                throw mapNativeError(error);
-            });
-        }
+        handlePromise ??= binding
+            .connect(socketPath)
+            .then((handle) => {
+            activeHandle = handle;
+            return handle;
+        })
+            .catch((error) => {
+            handlePromise = undefined;
+            activeHandle = undefined;
+            throw mapNativeError(error);
+        });
         return handlePromise;
     };
     return {
@@ -145,18 +172,36 @@ function createNativeClient(options) {
                 pendingSendError = mapNativeError(error);
             });
         },
-        queryPolicy: async () => {
+        queryPolicy: async (action) => {
             if (pendingSendError) {
                 const error = pendingSendError;
                 pendingSendError = undefined;
                 throw error;
             }
-            // The SDK is not a policy authority. Ensure the session is connected
-            // (surfacing any connect error), then defer: authoritative policy and
-            // approval are enforced server-side (gateway / runtime). The native shim
-            // no longer synthesizes a decision, so this always resolves neutral.
-            await getHandle();
-            return { denied: false, pending: false };
+            // Connect (surfacing any connect error as a genuine local fault), then
+            // ask the runtime for an authoritative verdict via the native primitive.
+            // The native `queryPolicy` is async — it offloads its blocking wait to a
+            // worker thread, so awaiting it never blocks the Node event loop — and it
+            // already fails open (returns `"allow"`) when the runtime is unreachable
+            // or too slow, so a missing or degraded runtime never blocks the agent.
+            const handle = await getHandle();
+            const verdict = await binding.queryPolicy(handle, action);
+            return mapDecisionToPolicyResult(verdict);
+        },
+        register: async (options) => {
+            // Register on the same session the queryPolicy path uses, so the token
+            // the gateway issues is stored on this handle and attached to every
+            // subsequent query. This is the only direct SDK→gateway gRPC call
+            // (ADR 0004); CheckAction still flows through aa-runtime.
+            if (binding.register === undefined) {
+                // A binding without `register` predates AAASM-3400; the agent simply
+                // runs unregistered rather than failing init.
+                return "";
+            }
+            const handle = await getHandle();
+            return binding.register(handle, options).catch((error) => {
+                throw mapNativeError(error);
+            });
         }
     };
 }

package/dist/cjs/op-control.js

@@ -22,9 +22,63 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.OpControlSubscriber = void 0;
+exports.gatewayHostOf = gatewayHostOf;
+exports.resolveOpControlCredentials = resolveOpControlCredentials;
 const grpc_js_1 = require("@grpc/grpc-js");
 const op_terminated_error_js_1 = require("./errors/op-terminated-error.js");
 const policy_js_1 = require("./proto/generated/policy.js");
+/**
+ * Hosts treated as loopback for the secure-by-default transport decision.
+ * A loopback gateway is the local dev-mode CP, where plaintext gRPC is the
+ * documented default; anything else is presumed remote and must be encrypted.
+ */
+const LOOPBACK_HOSTS = new Set(["localhost", "127.0.0.1", "::1", "[::1]"]);
+/**
+ * Extract the bare host from a gRPC target (`host:port`, a bare host, or a
+ * URL-style `scheme://host:port`). Returns the lowercased host with any
+ * surrounding IPv6 brackets preserved so it can be matched against
+ * {@link LOOPBACK_HOSTS}.
+ */
+function gatewayHostOf(gatewayUrl) {
+    let target = gatewayUrl.trim();
+    const schemeIdx = target.indexOf("://");
+    if (schemeIdx !== -1)
+        target = target.slice(schemeIdx + 3);
+    // Drop a path/query suffix if a URL form was passed.
+    const slashIdx = target.indexOf("/");
+    if (slashIdx !== -1)
+        target = target.slice(0, slashIdx);
+    if (target.startsWith("[")) {
+        // Bracketed IPv6: keep the bracketed form, strip only the trailing :port.
+        const close = target.indexOf("]");
+        return close === -1 ? target.toLowerCase() : target.slice(0, close + 1).toLowerCase();
+    }
+    const colonIdx = target.indexOf(":");
+    if (colonIdx !== -1)
+        target = target.slice(0, colonIdx);
+    return target.toLowerCase();
+}
+function isLoopbackTarget(gatewayUrl) {
+    return LOOPBACK_HOSTS.has(gatewayHostOf(gatewayUrl));
+}
+/**
+ * Pick channel credentials for the op-control stream, secure by default.
+ *
+ * Precedence: an explicit `credentials` override wins; otherwise a loopback
+ * target gets plaintext (local dev gateway), a remote target gets TLS, and a
+ * remote target is only allowed plaintext when the caller sets `allowInsecure`.
+ *
+ * @throws never — returns the chosen {@link ChannelCredentials}.
+ */
+function resolveOpControlCredentials(gatewayUrl, opts) {
+    if (opts.credentials)
+        return opts.credentials;
+    if (isLoopbackTarget(gatewayUrl))
+        return grpc_js_1.credentials.createInsecure();
+    if (opts.allowInsecure)
+        return grpc_js_1.credentials.createInsecure();
+    return grpc_js_1.credentials.createSsl();
+}
 class OpControlSubscriber {
     client;
     agent;
@@ -44,7 +98,7 @@ class OpControlSubscriber {
         };
         const client = opts.clientFactory
             ? opts.clientFactory()
-            : new policy_js_1.PolicyServiceClient(gatewayUrl, opts.credentials ?? grpc_js_1.credentials.createInsecure());
+            : new policy_js_1.PolicyServiceClient(gatewayUrl, resolveOpControlCredentials(gatewayUrl, opts));
         const subscriber = new OpControlSubscriber(client, agent);
         subscriber.start();
         return subscriber;

package/dist/cjs/runtime.js

@@ -9,9 +9,10 @@
  * flow with `import { initAssembly } from "@agent-assembly/sdk/runtime"`.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.INSTALL_HINT = exports.RUNTIME_SUBPACKAGE = exports.RUNTIME_LOG_FILENAME = exports.DOCKER_BASE_BIN = exports.USER_LOCAL_BIN = exports.DEFAULT_RUNTIME_HOST = exports.DEFAULT_PORT = exports.BINARY_NAME = void 0;
+exports.INSTALL_HINT = exports.RUNTIME_SUBPACKAGE = exports.RUNTIME_LOG_FILENAME = exports.DOCKER_BASE_BIN = exports.USER_LOCAL_BIN = exports.ENV_AUTO_START = exports.DEFAULT_RUNTIME_HOST = exports.DEFAULT_PORT = exports.BINARY_NAME = void 0;
 exports.findAasmBinary = findAasmBinary;
 exports.isRunning = isRunning;
+exports.assertSafeBinaryPath = assertSafeBinaryPath;
 exports.startRuntime = startRuntime;
 exports.initAssembly = initAssembly;
 const node_child_process_1 = require("node:child_process");
@@ -24,6 +25,13 @@ const node_process_1 = require("node:process");
 exports.BINARY_NAME = "aasm";
 exports.DEFAULT_PORT = 7878;
 exports.DEFAULT_RUNTIME_HOST = "127.0.0.1";
+/**
+ * Opt-in gate for spawning the `aasm` sidecar. Auto-start runs a binary
+ * discovered from `$PATH` / the filesystem, so it is a privileged side effect
+ * that must be explicitly enabled rather than triggered silently by every
+ * `initAssembly()` call. Set to `1`/`true`/`yes` to permit auto-start.
+ */
+exports.ENV_AUTO_START = "AA_AUTO_START";
 exports.USER_LOCAL_BIN = (0, node_path_1.join)((0, node_os_1.homedir)(), ".local", "bin");
 exports.DOCKER_BASE_BIN = "/usr/local/bin";
 exports.RUNTIME_LOG_FILENAME = ".aasm-runtime.log";
@@ -100,6 +108,51 @@ function isRunning(port = exports.DEFAULT_PORT, host = exports.DEFAULT_RUNTIME_H
         socket.once("error", () => settle(false));
     });
 }
+/** Truthy values that enable {@link ENV_AUTO_START}. */
+function autoStartEnabled() {
+    const raw = node_process_1.env[exports.ENV_AUTO_START]?.trim().toLowerCase();
+    return raw === "1" || raw === "true" || raw === "yes";
+}
+/**
+ * Install roots an auto-started `aasm` binary is permitted to live in, in
+ * addition to the npm-bundled `node_modules/@agent-assembly/runtime-*` path
+ * (which is trusted because it ships with the SDK install). This blocks a
+ * `$PATH`-injected `./aasm` or a binary planted in an arbitrary writable
+ * directory from being spawned.
+ */
+function allowedInstallDirs() {
+    const home = (0, node_os_1.homedir)();
+    return [
+        "/usr/local/bin",
+        "/usr/bin",
+        "/opt/homebrew/bin",
+        exports.USER_LOCAL_BIN,
+        (0, node_path_1.join)(home, ".cargo", "bin"),
+        "/usr/local/cargo/bin",
+        exports.DOCKER_BASE_BIN,
+    ];
+}
+/**
+ * Throw `Error` unless `binaryPath` is safe to spawn: it must be absolute and
+ * either resolve inside an allow-listed install dir (see
+ * {@link allowedInstallDirs}) or be the npm-bundled runtime binary. This is the
+ * integrity gate for the auto-start subprocess — without it the SDK would
+ * execute whatever `aasm` happened to be first on `$PATH`.
+ */
+function assertSafeBinaryPath(binaryPath) {
+    if (!(0, node_path_1.isAbsolute)(binaryPath)) {
+        throw new Error(`Refusing to auto-start a non-absolute 'aasm' path: ${binaryPath}`);
+    }
+    const resolved = (0, node_path_1.resolve)(binaryPath);
+    const bundled = bundledRuntimeBinaryPath();
+    if (bundled !== null && (0, node_path_1.resolve)(bundled) === resolved)
+        return;
+    const ok = allowedInstallDirs().some((dir) => resolved.startsWith((0, node_path_1.resolve)(dir) + "/"));
+    if (!ok) {
+        throw new Error(`Refusing to auto-start 'aasm' from an untrusted location: ${resolved}. ` +
+            `Install it under one of: ${allowedInstallDirs().join(", ")}.`);
+    }
+}
 /**
  * Spawn `aasm serve --port <port>` as a detached background subprocess.
  *
@@ -126,19 +179,32 @@ function startRuntime(binaryPath, port = exports.DEFAULT_PORT, logDir = (0, node
  *  2. Resolve the binary via {@link findAasmBinary}.
  *  3. Spawn the sidecar via {@link startRuntime}.
  *
- * `agentId` is accepted to keep the ticket-specified signature stable;
- * actual register-and-connect is performed by the existing gateway-aware
- * `@agent-assembly/sdk` `initAssembly` once the sidecar is reachable.
+ * `_agentId` is accepted to keep the ticket-specified signature stable but is
+ * intentionally not consumed at this lifecycle layer; actual register-and-connect
+ * is performed by the existing gateway-aware `@agent-assembly/sdk` `initAssembly`
+ * once the sidecar is reachable.
+ *
+ * Auto-start is **opt-in**: when the sidecar is not already running, this
+ * throws unless `AA_AUTO_START` is enabled. When it does spawn, the resolved
+ * binary path is logged and integrity-checked via {@link assertSafeBinaryPath}.
  *
- * Throws `Error` with {@link INSTALL_HINT} when no binary is found.
+ * Throws `Error` with {@link INSTALL_HINT} when no binary is found, and a
+ * descriptive `Error` when auto-start is not opted in or the resolved binary
+ * fails the integrity check.
  */
-async function initAssembly(agentId, port = exports.DEFAULT_PORT) {
-    void agentId; // not consumed at the lifecycle layer; see jsdoc
+async function initAssembly(_agentId, port = exports.DEFAULT_PORT) {
     if (await isRunning(port))
         return;
+    if (!autoStartEnabled()) {
+        throw new Error(`No aasm sidecar running on port ${port} and auto-start is disabled. ` +
+            `Start it with 'aasm serve --port ${port}', or set ${exports.ENV_AUTO_START}=1 ` +
+            "to allow the SDK to auto-start it.");
+    }
     const binary = findAasmBinary();
     if (binary === null) {
         throw new Error(exports.INSTALL_HINT);
     }
+    assertSafeBinaryPath(binary);
+    console.info(`[agent-assembly] auto-starting aasm sidecar from ${binary}`);
     startRuntime(binary, port);
 }

package/dist/esm/core/gateway-resolver.js

@@ -1,7 +1,7 @@
 import { spawn } from "node:child_process";
 import { existsSync, readFileSync } from "node:fs";
 import { homedir } from "node:os";
-import { join, resolve as resolvePath } from "node:path";
+import { isAbsolute, join, resolve as resolvePath } from "node:path";
 import { ConfigurationError, GatewayError } from "../errors/index.js";
 /**
  * Resolve the gateway URL and API key for ``initAssembly``.
@@ -14,17 +14,109 @@ import { ConfigurationError, GatewayError } from "../errors/index.js";
  * Resolution precedence (highest first):
  *
  *   1. Explicit field on the AssemblyConfig
- *   2. Environment variable (AAASM_GATEWAY_URL / AAASM_API_KEY)
+ *   2. Environment variable — canonical ``AA_GATEWAY_URL`` / ``AA_API_KEY``,
+ *      with the legacy ``AAASM_GATEWAY_URL`` / ``AAASM_API_KEY`` names accepted
+ *      as deprecated aliases (a one-time warning is logged when a legacy name
+ *      supplies the value)
  *   3. Config file (~/.aasm/config.yaml, optional js-yaml soft dep)
- *   4. Local default: probe http://localhost:7391, auto-start if absent
+ *   4. Local default: probe http://localhost:7391; when absent, auto-start the
+ *      local `aasm` gateway ONLY if `AA_AUTO_START` is opted in and the binary
+ *      resolves to an allow-listed install dir — otherwise raise an error.
  */
 export const DEFAULT_GATEWAY_URL = "http://localhost:7391";
 export const DEFAULT_HEALTHZ_PATH = "/healthz";
 export const DEFAULT_PROBE_TIMEOUT_MS = 500;
 export const DEFAULT_AUTO_START_TIMEOUT_MS = 5000;
 export const DEFAULT_CONFIG_FILE_PATH = "~/.aasm/config.yaml";
-export const ENV_GATEWAY_URL = "AAASM_GATEWAY_URL";
-export const ENV_API_KEY = "AAASM_API_KEY";
+export const ENV_GATEWAY_URL = "AA_GATEWAY_URL";
+export const ENV_API_KEY = "AA_API_KEY";
+/**
+ * Opt-in gate for auto-starting a local gateway. Auto-start spawns the `aasm`
+ * binary resolved from `$PATH`, so it is gated behind an explicit opt-in rather
+ * than running silently: a `$PATH` entry an attacker can write to would
+ * otherwise be executed by any process that calls `initAssembly()`. Set to
+ * `1`/`true`/`yes` to permit auto-start.
+ */
+export const ENV_AUTO_START = "AA_AUTO_START";
+/** Truthy values that enable {@link ENV_AUTO_START}. */
+function autoStartEnabled() {
+    const raw = process.env[ENV_AUTO_START]?.trim().toLowerCase();
+    return raw === "1" || raw === "true" || raw === "yes";
+}
+/**
+ * Directories an auto-started `aasm` binary is permitted to live in. The
+ * resolved path must be absolute and sit inside one of these install roots,
+ * which blocks a `$PATH`-injected `./aasm` (cwd) or a binary planted in an
+ * arbitrary writable directory from being spawned. Mirrors the documented
+ * install locations (Homebrew, system, user-local, cargo).
+ */
+function allowedInstallDirs() {
+    const home = homedir();
+    return [
+        "/usr/local/bin",
+        "/usr/bin",
+        "/opt/homebrew/bin",
+        join(home, ".local", "bin"),
+        join(home, ".cargo", "bin"),
+        "/usr/local/cargo/bin",
+    ];
+}
+/**
+ * Throw {@link ConfigurationError} unless `aasmPath` is an absolute path inside
+ * an allow-listed install directory (see {@link allowedInstallDirs}). This is
+ * the integrity gate for the auto-start subprocess — without it the SDK would
+ * execute whatever `aasm` happened to be first on `$PATH`.
+ */
+export function assertAllowedAasmPath(aasmPath) {
+    if (!isAbsolute(aasmPath)) {
+        throw new ConfigurationError(`Refusing to auto-start a non-absolute 'aasm' path: ${aasmPath}. ` +
+            `Set ${ENV_GATEWAY_URL} to an already-running gateway instead.`);
+    }
+    const resolved = resolvePath(aasmPath);
+    const ok = allowedInstallDirs().some((dir) => resolved.startsWith(dir + "/"));
+    if (!ok) {
+        throw new ConfigurationError(`Refusing to auto-start 'aasm' from an untrusted location: ${resolved}. ` +
+            `Install it under one of: ${allowedInstallDirs().join(", ")}, ` +
+            `or set ${ENV_GATEWAY_URL} to an already-running gateway.`);
+    }
+}
+/**
+ * Deprecated environment-variable names, kept as backwards-compatible aliases.
+ *
+ * When one of these supplies a value (and the canonical ``AA_*`` name is unset)
+ * a one-time deprecation warning is emitted via ``readEnvWithDeprecation``.
+ */
+export const LEGACY_ENV_GATEWAY_URL = "AAASM_GATEWAY_URL";
+export const LEGACY_ENV_API_KEY = "AAASM_API_KEY";
+/**
+ * Tracks which legacy env-var names have already produced a deprecation
+ * warning so the message is logged at most once per name per process.
+ */
+const _warnedLegacyEnv = new Set();
+/**
+ * Read an environment variable preferring the canonical ``AA_*`` name and
+ * falling back to a deprecated ``AAASM_*`` alias.
+ *
+ * Returns ``undefined`` when neither name is set. When the value comes from
+ * the legacy alias, a deprecation warning is logged exactly once per legacy
+ * name (guarded by ``_warnedLegacyEnv``) directing the user to the canonical
+ * name.
+ */
+function readEnvWithDeprecation(canonicalName, legacyName) {
+    const canonical = process.env[canonicalName];
+    if (canonical)
+        return canonical;
+    const legacy = process.env[legacyName];
+    if (legacy) {
+        if (!_warnedLegacyEnv.has(legacyName)) {
+            _warnedLegacyEnv.add(legacyName);
+            console.warn(`[agent-assembly] ${legacyName} is deprecated and will be removed in a ` +
+                `future release. Use ${canonicalName} instead.`);
+        }
+        return legacy;
+    }
+    return undefined;
+}
 export const AASM_AUTO_START_ARGV = ["start", "--mode", "local", "--foreground"];
 /**
  * Return true if a gateway responds with a 2xx status at ``{baseUrl}/healthz``.
@@ -72,7 +164,11 @@ export async function waitForHealthz(baseUrl, timeoutMs = DEFAULT_AUTO_START_TIM
     return probeHealthz(baseUrl);
 }
 function expandHome(p) {
-    return p.startsWith("~") ? resolvePath(homedir(), p.slice(p.startsWith("~/") ? 2 : 1)) : p;
+    if (!p.startsWith("~")) {
+        return p;
+    }
+    const prefixLength = p.startsWith("~/") ? 2 : 1;
+    return resolvePath(homedir(), p.slice(prefixLength));
 }
 /**
  * Load ``~/.aasm/config.yaml`` if present.
@@ -141,7 +237,12 @@ const _seams = {
     loadConfigFile: loadConfigFile,
     autoStartGateway: autoStartGateway,
 };
-export const __testing = { _seams };
+export const __testing = {
+    _seams,
+    resetLegacyEnvWarnings: () => {
+        _warnedLegacyEnv.clear();
+    },
+};
 /**
  * Spawn ``aasm start --mode local --foreground`` and wait until ``/healthz``
  * responds.
@@ -159,6 +260,11 @@ export async function autoStartGateway(baseUrl = DEFAULT_GATEWAY_URL, timeoutMs
         throw new ConfigurationError(`No gateway found at ${baseUrl} and 'aasm' is not on PATH. ` +
             "Install it with: npm install -g @agent-assembly/cli (or pnpm add -g)");
     }
+    // Integrity gate: only spawn an absolute path from an allow-listed install
+    // dir, and surface the resolved path so the operator can see exactly which
+    // binary the SDK is about to execute.
+    assertAllowedAasmPath(aasmPath);
+    console.info(`[agent-assembly] auto-starting gateway from ${aasmPath}`);
     _seams.spawnAasm(aasmPath);
     if (!(await waitForHealthz(baseUrl, timeoutMs))) {
         throw new GatewayError(`Auto-started gateway at ${baseUrl} did not become ready ` +
@@ -176,7 +282,7 @@ export async function autoStartGateway(baseUrl = DEFAULT_GATEWAY_URL, timeoutMs
 export async function resolveGatewayUrl(explicit) {
     if (explicit)
         return explicit;
-    const fromEnv = process.env[ENV_GATEWAY_URL];
+    const fromEnv = readEnvWithDeprecation(ENV_GATEWAY_URL, LEGACY_ENV_GATEWAY_URL);
     if (fromEnv)
         return fromEnv;
     const config = await _seams.loadConfigFile();
@@ -189,6 +295,14 @@ export async function resolveGatewayUrl(explicit) {
     if (await _seams.probeHealthz(DEFAULT_GATEWAY_URL)) {
         return DEFAULT_GATEWAY_URL;
     }
+    // Auto-start is opt-in: spawning the local `aasm` binary is a privileged
+    // side effect, so a missing gateway is a hard error unless the operator has
+    // explicitly enabled AA_AUTO_START.
+    if (!autoStartEnabled()) {
+        throw new ConfigurationError(`No gateway found at ${DEFAULT_GATEWAY_URL}. Start one with 'aasm start ` +
+            `--mode local', set ${ENV_GATEWAY_URL} to a running gateway, or set ` +
+            `${ENV_AUTO_START}=1 to allow the SDK to auto-start a local gateway.`);
+    }
     await _seams.autoStartGateway(DEFAULT_GATEWAY_URL);
     return DEFAULT_GATEWAY_URL;
 }
@@ -202,7 +316,7 @@ export async function resolveGatewayUrl(explicit) {
 export async function resolveApiKey(explicit) {
     if (explicit)
         return explicit;
-    const fromEnv = process.env[ENV_API_KEY];
+    const fromEnv = readEnvWithDeprecation(ENV_API_KEY, LEGACY_ENV_API_KEY);
     if (fromEnv)
         return fromEnv;
     const config = await _seams.loadConfigFile();

package/dist/esm/core/gateway-resolver.js.map

@@ -1 +1 @@
-{"version":3,"file":"gateway-resolver.js","sourceRoot":"","sources":["../../../src/core/gateway-resolver.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,WAAW,CAAC;AAEzD,OAAO,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAEtE;;;;;;;;;;;;;;GAcG;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,uBAAuB,CAAC;AAC3D,MAAM,CAAC,MAAM,oBAAoB,GAAG,UAAU,CAAC;AAC/C,MAAM,CAAC,MAAM,wBAAwB,GAAG,GAAG,CAAC;AAC5C,MAAM,CAAC,MAAM,6BAA6B,GAAG,IAAI,CAAC;AAClD,MAAM,CAAC,MAAM,wBAAwB,GAAG,qBAAqB,CAAC;AAE9D,MAAM,CAAC,MAAM,eAAe,GAAG,mBAAmB,CAAC;AACnD,MAAM,CAAC,MAAM,WAAW,GAAG,eAAe,CAAC;AAE3C,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,CAAU,CAAC;AAE1F;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,OAAe,EACf,YAAoB,wBAAwB;IAE5C,IAAI,WAAW,GAAG,OAAO,CAAC;IAC1B,OAAO,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACjC,WAAW,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACzC,CAAC;IACD,MAAM,GAAG,GAAG,WAAW,GAAG,oBAAoB,CAAC;IAC/C,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;IAC9D,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;QACjE,OAAO,QAAQ,CAAC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAe,EACf,YAAoB,6BAA6B,EACjD,iBAAyB,GAAG;IAE5B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IACxC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;QAC7B,IAAI,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC,CAAC;IAC5E,CAAC;IACD,OAAO,YAAY,CAAC,OAAO,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7F,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,aAAqB,wBAAwB;IAE7C,yEAAyE;IACzE,wEAAwE;IACxE,MAAM,QAAQ,GAAG,SAAS,CAAC;IAC3B,IAAI,OAA6C,CAAC;IAClD,IAAI,CAAC;QACH,OAAO,GAAG,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAyC,CAAC;IAC7E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,QAAQ,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;IACxC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;QAC5D,OAAO,MAAM,KAAK,IAAI,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;YAC5E,CAAC,CAAE,MAAkC;YACrC,CAAC,CAAC,EAAE,CAAC;IACT,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB;IAC5B,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IACrD,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACxE,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QAClC,IAAI,CAAC,GAAG;YAAE,SAAS;QACnB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,OAAO,GAAG,EAAE,CAAC,CAAC;YAC1C,IAAI,UAAU,CAAC,SAAS,CAAC;gBAAE,OAAO,SAAS,CAAC;QAC9C,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAgB;IACxC,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC,GAAG,oBAAoB,CAAC,EAAE;QACvD,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE,QAAQ;KAChB,CAAC,CAAC;IACH,KAAK,CAAC,KAAK,EAAE,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,MAAM,MAAM,GAAG;IACb,cAAc,EAAE,qBAAqB;IACrC,SAAS,EAAE,gBAAgB;IAC3B,YAAY,EAAE,YAAY;IAC1B,cAAc,EAAE,cAAc;IAC9B,gBAAgB,EAAE,gBAAgB;CACnC,CAAC;AAEF,MAAM,CAAC,MAAM,SAAS,GAAG,EAAE,MAAM,EAAE,CAAC;AAEpC;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,UAAkB,mBAAmB,EACrC,YAAoB,6BAA6B;IAEjD,MAAM,QAAQ,GAAG,MAAM,CAAC,cAAc,EAAE,CAAC;IACzC,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,MAAM,IAAI,kBAAkB,CAC1B,uBAAuB,OAAO,8BAA8B;YAC1D,sEAAsE,CACzE,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAE3B,IAAI,CAAC,CAAC,MAAM,cAAc,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,YAAY,CACpB,2BAA2B,OAAO,wBAAwB;YACxD,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CACpD,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,QAAiB;IACvD,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE9B,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAC7C,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC;IAE5B,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,cAAc,EAAE,CAAC;IAC7C,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9B,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAChD,MAAM,GAAG,GAAI,KAAiC,CAAC,aAAa,CAAC,CAAC;QAC9D,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,GAAG,CAAC;IAC5D,CAAC;IAED,IAAI,MAAM,MAAM,CAAC,YAAY,CAAC,mBAAmB,CAAC,EAAE,CAAC;QACnD,OAAO,mBAAmB,CAAC;IAC7B,CAAC;IAED,MAAM,MAAM,CAAC,gBAAgB,CAAC,mBAAmB,CAAC,CAAC;IACnD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,QAAiB;IACnD,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE9B,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACzC,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC;IAE5B,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,cAAc,EAAE,CAAC;IAC7C,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9B,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAChD,MAAM,MAAM,GAAI,KAAiC,CAAC,SAAS,CAAC,CAAC;QAC7D,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,MAAM,CAAC;IACrE,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC"}
+{"version":3,"file":"gateway-resolver.js","sourceRoot":"","sources":["../../../src/core/gateway-resolver.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,WAAW,CAAC;AAErE,OAAO,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAEtE;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,uBAAuB,CAAC;AAC3D,MAAM,CAAC,MAAM,oBAAoB,GAAG,UAAU,CAAC;AAC/C,MAAM,CAAC,MAAM,wBAAwB,GAAG,GAAG,CAAC;AAC5C,MAAM,CAAC,MAAM,6BAA6B,GAAG,IAAI,CAAC;AAClD,MAAM,CAAC,MAAM,wBAAwB,GAAG,qBAAqB,CAAC;AAE9D,MAAM,CAAC,MAAM,eAAe,GAAG,gBAAgB,CAAC;AAChD,MAAM,CAAC,MAAM,WAAW,GAAG,YAAY,CAAC;AAExC;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,eAAe,CAAC;AAE9C,wDAAwD;AACxD,SAAS,gBAAgB;IACvB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC9D,OAAO,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,KAAK,CAAC;AACxD,CAAC;AAED;;;;;;GAMG;AACH,SAAS,kBAAkB;IACzB,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IACvB,OAAO;QACL,gBAAgB;QAChB,UAAU;QACV,mBAAmB;QACnB,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC;QAC3B,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC;QAC3B,sBAAsB;KACvB,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAgB;IACpD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,kBAAkB,CAC1B,sDAAsD,QAAQ,IAAI;YAChE,OAAO,eAAe,yCAAyC,CAClE,CAAC;IACJ,CAAC;IACD,MAAM,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;IACvC,MAAM,EAAE,GAAG,kBAAkB,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC;IAC9E,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,IAAI,kBAAkB,CAC1B,6DAA6D,QAAQ,IAAI;YACvE,4BAA4B,kBAAkB,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;YAC/D,UAAU,eAAe,iCAAiC,CAC7D,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,mBAAmB,CAAC;AAC1D,MAAM,CAAC,MAAM,kBAAkB,GAAG,eAAe,CAAC;AAElD;;;GAGG;AACH,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;AAE3C;;;;;;;;GAQG;AACH,SAAS,sBAAsB,CAAC,aAAqB,EAAE,UAAkB;IACvE,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAC7C,IAAI,SAAS;QAAE,OAAO,SAAS,CAAC;IAEhC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACvC,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YACtC,gBAAgB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YACjC,OAAO,CAAC,IAAI,CACV,oBAAoB,UAAU,0CAA0C;gBACtE,uBAAuB,aAAa,WAAW,CAClD,CAAC;QACJ,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,CAAU,CAAC;AAE1F;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,OAAe,EACf,YAAoB,wBAAwB;IAE5C,IAAI,WAAW,GAAG,OAAO,CAAC;IAC1B,OAAO,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACjC,WAAW,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACzC,CAAC;IACD,MAAM,GAAG,GAAG,WAAW,GAAG,oBAAoB,CAAC;IAC/C,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;IAC9D,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;QACjE,OAAO,QAAQ,CAAC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAe,EACf,YAAoB,6BAA6B,EACjD,iBAAyB,GAAG;IAE5B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IACxC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;QAC7B,IAAI,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC,CAAC;IAC5E,CAAC;IACD,OAAO,YAAY,CAAC,OAAO,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,CAAC,CAAC;IACX,CAAC;IACD,MAAM,YAAY,GAAG,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,OAAO,WAAW,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;AACvD,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,aAAqB,wBAAwB;IAE7C,yEAAyE;IACzE,wEAAwE;IACxE,MAAM,QAAQ,GAAG,SAAS,CAAC;IAC3B,IAAI,OAA6C,CAAC;IAClD,IAAI,CAAC;QACH,OAAO,GAAG,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAyC,CAAC;IAC7E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,QAAQ,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;IACxC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;QAC5D,OAAO,MAAM,KAAK,IAAI,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;YAC5E,CAAC,CAAE,MAAkC;YACrC,CAAC,CAAC,EAAE,CAAC;IACT,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB;IAC5B,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IACrD,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACxE,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QAClC,IAAI,CAAC,GAAG;YAAE,SAAS;QACnB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,OAAO,GAAG,EAAE,CAAC,CAAC;YAC1C,IAAI,UAAU,CAAC,SAAS,CAAC;gBAAE,OAAO,SAAS,CAAC;QAC9C,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAgB;IACxC,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC,GAAG,oBAAoB,CAAC,EAAE;QACvD,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE,QAAQ;KAChB,CAAC,CAAC;IACH,KAAK,CAAC,KAAK,EAAE,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,MAAM,MAAM,GAAG;IACb,cAAc,EAAE,qBAAqB;IACrC,SAAS,EAAE,gBAAgB;IAC3B,YAAY,EAAE,YAAY;IAC1B,cAAc,EAAE,cAAc;IAC9B,gBAAgB,EAAE,gBAAgB;CACnC,CAAC;AAEF,MAAM,CAAC,MAAM,SAAS,GAAG;IACvB,MAAM;IACN,sBAAsB,EAAE,GAAS,EAAE;QACjC,gBAAgB,CAAC,KAAK,EAAE,CAAC;IAC3B,CAAC;CACF,CAAC;AAEF;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,UAAkB,mBAAmB,EACrC,YAAoB,6BAA6B;IAEjD,MAAM,QAAQ,GAAG,MAAM,CAAC,cAAc,EAAE,CAAC;IACzC,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,MAAM,IAAI,kBAAkB,CAC1B,uBAAuB,OAAO,8BAA8B;YAC1D,sEAAsE,CACzE,CAAC;IACJ,CAAC;IAED,2EAA2E;IAC3E,2EAA2E;IAC3E,sCAAsC;IACtC,qBAAqB,CAAC,QAAQ,CAAC,CAAC;IAChC,OAAO,CAAC,IAAI,CAAC,+CAA+C,QAAQ,EAAE,CAAC,CAAC;IAExE,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAE3B,IAAI,CAAC,CAAC,MAAM,cAAc,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,YAAY,CACpB,2BAA2B,OAAO,wBAAwB;YACxD,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CACpD,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,QAAiB;IACvD,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE9B,MAAM,OAAO,GAAG,sBAAsB,CAAC,eAAe,EAAE,sBAAsB,CAAC,CAAC;IAChF,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC;IAE5B,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,cAAc,EAAE,CAAC;IAC7C,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9B,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAChD,MAAM,GAAG,GAAI,KAAiC,CAAC,aAAa,CAAC,CAAC;QAC9D,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,GAAG,CAAC;IAC5D,CAAC;IAED,IAAI,MAAM,MAAM,CAAC,YAAY,CAAC,mBAAmB,CAAC,EAAE,CAAC;QACnD,OAAO,mBAAmB,CAAC;IAC7B,CAAC;IAED,yEAAyE;IACzE,4EAA4E;IAC5E,oCAAoC;IACpC,IAAI,CAAC,gBAAgB,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,kBAAkB,CAC1B,uBAAuB,mBAAmB,+BAA+B;YACvE,sBAAsB,eAAe,gCAAgC;YACrE,GAAG,cAAc,oDAAoD,CACxE,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,CAAC,gBAAgB,CAAC,mBAAmB,CAAC,CAAC;IACnD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,QAAiB;IACnD,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE9B,MAAM,OAAO,GAAG,sBAAsB,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;IACxE,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC;IAE5B,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,cAAc,EAAE,CAAC;IAC7C,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9B,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAChD,MAAM,MAAM,GAAI,KAAiC,CAAC,SAAS,CAAC,CAAC;QAC7D,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,MAAM,CAAC;IACrE,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC"}