npm - @agent-assembly/sdk - Versions diffs - 0.0.1-beta.2 → 0.0.1-beta.4 - Mend

@agent-assembly/sdk 0.0.1-beta.2 → 0.0.1-beta.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (56) hide show

package/dist/cjs/core/gateway-resolver.js +124 -9
package/dist/cjs/core/init-assembly.js +165 -34
package/dist/cjs/gateway/client.js +64 -1
package/dist/cjs/gateway/index.js +2 -1
package/dist/cjs/hooks/ai-sdk.js +3 -5
package/dist/cjs/hooks/langchain.js +12 -3
package/dist/cjs/hooks/mastra.js +10 -6
package/dist/cjs/hooks/openai-agents.js +1 -3
package/dist/cjs/native/client.js +70 -25
package/dist/cjs/op-control.js +55 -1
package/dist/cjs/runtime.js +73 -7
package/dist/esm/core/gateway-resolver.js +123 -9
package/dist/esm/core/gateway-resolver.js.map +1 -1
package/dist/esm/core/init-assembly.js +163 -33
package/dist/esm/core/init-assembly.js.map +1 -1
package/dist/esm/gateway/client.js +63 -1
package/dist/esm/gateway/client.js.map +1 -1
package/dist/esm/gateway/index.js +1 -1
package/dist/esm/gateway/index.js.map +1 -1
package/dist/esm/hooks/ai-sdk.js +3 -5
package/dist/esm/hooks/ai-sdk.js.map +1 -1
package/dist/esm/hooks/langchain.js +12 -3
package/dist/esm/hooks/langchain.js.map +1 -1
package/dist/esm/hooks/mastra.js +10 -6
package/dist/esm/hooks/mastra.js.map +1 -1
package/dist/esm/hooks/openai-agents.js +1 -3
package/dist/esm/hooks/openai-agents.js.map +1 -1
package/dist/esm/native/client.js +68 -24
package/dist/esm/native/client.js.map +1 -1
package/dist/esm/op-control.js +53 -1
package/dist/esm/op-control.js.map +1 -1
package/dist/esm/runtime.js +72 -7
package/dist/esm/runtime.js.map +1 -1
package/dist/types/core/gateway-resolver.d.ts +33 -4
package/dist/types/core/gateway-resolver.d.ts.map +1 -1
package/dist/types/core/init-assembly.d.ts +6 -1
package/dist/types/core/init-assembly.d.ts.map +1 -1
package/dist/types/gateway/client.d.ts +24 -1
package/dist/types/gateway/client.d.ts.map +1 -1
package/dist/types/gateway/index.d.ts +1 -1
package/dist/types/gateway/index.d.ts.map +1 -1
package/dist/types/hooks/ai-sdk.d.ts.map +1 -1
package/dist/types/hooks/langchain.d.ts +11 -0
package/dist/types/hooks/langchain.d.ts.map +1 -1
package/dist/types/hooks/mastra.d.ts.map +1 -1
package/dist/types/hooks/openai-agents.d.ts.map +1 -1
package/dist/types/native/client.d.ts +33 -0
package/dist/types/native/client.d.ts.map +1 -1
package/dist/types/op-control.d.ts +29 -2
package/dist/types/op-control.d.ts.map +1 -1
package/dist/types/runtime.d.ts +27 -5
package/dist/types/runtime.d.ts.map +1 -1
package/dist/types/types/assembly-config.d.ts +14 -0
package/dist/types/types/assembly-config.d.ts.map +1 -1
package/native/aa-ffi-node/index.d.ts +74 -0
package/package.json +7 -7

package/dist/esm/native/client.js CHANGED Viewed

@@ -4,6 +4,7 @@ const NATIVE_BINDING_SINGLETON_KEY = Symbol.for("@agent-assembly/sdk/native-bind
 const ERROR_CONNECT = "AA_ERR_CONNECT";
 const ERROR_SEND_EVENT = "AA_ERR_SEND_EVENT";
 const ERROR_QUERY_POLICY = "AA_ERR_QUERY_POLICY";
+const ERROR_REGISTER = "AA_ERR_REGISTER";
 const ERROR_DISCONNECT = "AA_ERR_DISCONNECT";
 export class NativeConnectError extends Error {
     code = ERROR_CONNECT;
@@ -14,9 +15,31 @@ export class NativeSendEventError extends Error {
 export class NativeQueryPolicyError extends Error {
     code = ERROR_QUERY_POLICY;
 }
+export class NativeRegisterError extends Error {
+    code = ERROR_REGISTER;
+}
 export class NativeDisconnectError extends Error {
     code = ERROR_DISCONNECT;
 }
+/**
+ * Translate the native `{decision, reason}` verdict into the SDK's
+ * `PolicyResult`. Only `"deny"` blocks; `"pending"` routes to the approval
+ * path; `"allow"` / `"redact"` / any unrecognized value proceed. This mirrors
+ * the shared enforcement contract across the Python / Go / Node SDKs.
+ *
+ * The native primitive already fails open (returns `"allow"`) when the runtime
+ * is unreachable or too slow, so a missing or degraded runtime never blocks.
+ */
+function mapDecisionToPolicyResult(verdict) {
+    switch (verdict.decision) {
+        case "deny":
+            return { denied: true, pending: false, reason: verdict.reason };
+        case "pending":
+            return { denied: false, pending: true, reason: verdict.reason };
+        default:
+            return { denied: false, pending: false };
+    }
+}
 function mapNativeError(error) {
     if (!(error instanceof Error)) {
         return new Error(String(error));
@@ -32,6 +55,9 @@ function mapNativeError(error) {
     if (code === ERROR_QUERY_POLICY) {
         return new NativeQueryPolicyError(detail);
     }
+    if (code === ERROR_REGISTER) {
+        return new NativeRegisterError(detail);
+    }
     if (code === ERROR_DISCONNECT) {
         return new NativeDisconnectError(detail);
     }
@@ -40,9 +66,7 @@ function mapNativeError(error) {
 function loadNativeBinding() {
     const shouldUseCache = process.env.VITEST !== "true";
     const globalObject = globalThis;
-    const cachedBinding = shouldUseCache
-        ? globalObject[NATIVE_BINDING_SINGLETON_KEY]
-        : undefined;
+    const cachedBinding = shouldUseCache ? globalObject[NATIVE_BINDING_SINGLETON_KEY] : undefined;
     if (cachedBinding) {
         return cachedBinding;
     }
@@ -74,7 +98,11 @@ export function createNativeClient(options) {
             mode,
             close: async () => undefined,
             sendEvent: () => undefined,
-            queryPolicy: async () => ({ denied: false, pending: false })
+            queryPolicy: async () => ({ denied: false, pending: false }),
+            // No native session to register against off the in-process path; the
+            // gRPC sidecar registers the agent in its own process. Resolve neutrally
+            // so init never blocks on a transport that does not own a handle.
+            register: async () => ""
         };
     }
     const binding = loadNativeBinding();
@@ -83,19 +111,17 @@ export function createNativeClient(options) {
     let activeHandle;
     let pendingSendError;
     const getHandle = async () => {
-        if (!handlePromise) {
-            handlePromise = binding
-                .connect(socketPath)
-                .then((handle) => {
-                activeHandle = handle;
-                return handle;
-            })
-                .catch((error) => {
-                handlePromise = undefined;
-                activeHandle = undefined;
-                throw mapNativeError(error);
-            });
-        }
+        handlePromise ??= binding
+            .connect(socketPath)
+            .then((handle) => {
+            activeHandle = handle;
+            return handle;
+        })
+            .catch((error) => {
+            handlePromise = undefined;
+            activeHandle = undefined;
+            throw mapNativeError(error);
+        });
         return handlePromise;
     };
     return {
@@ -134,18 +160,36 @@ export function createNativeClient(options) {
                 pendingSendError = mapNativeError(error);
             });
         },
-        queryPolicy: async () => {
+        queryPolicy: async (action) => {
             if (pendingSendError) {
                 const error = pendingSendError;
                 pendingSendError = undefined;
                 throw error;
             }
-            // The SDK is not a policy authority. Ensure the session is connected
-            // (surfacing any connect error), then defer: authoritative policy and
-            // approval are enforced server-side (gateway / runtime). The native shim
-            // no longer synthesizes a decision, so this always resolves neutral.
-            await getHandle();
-            return { denied: false, pending: false };
+            // Connect (surfacing any connect error as a genuine local fault), then
+            // ask the runtime for an authoritative verdict via the native primitive.
+            // The native `queryPolicy` is async — it offloads its blocking wait to a
+            // worker thread, so awaiting it never blocks the Node event loop — and it
+            // already fails open (returns `"allow"`) when the runtime is unreachable
+            // or too slow, so a missing or degraded runtime never blocks the agent.
+            const handle = await getHandle();
+            const verdict = await binding.queryPolicy(handle, action);
+            return mapDecisionToPolicyResult(verdict);
+        },
+        register: async (options) => {
+            // Register on the same session the queryPolicy path uses, so the token
+            // the gateway issues is stored on this handle and attached to every
+            // subsequent query. This is the only direct SDK→gateway gRPC call
+            // (ADR 0004); CheckAction still flows through aa-runtime.
+            if (binding.register === undefined) {
+                // A binding without `register` predates AAASM-3400; the agent simply
+                // runs unregistered rather than failing init.
+                return "";
+            }
+            const handle = await getHandle();
+            return binding.register(handle, options).catch((error) => {
+                throw mapNativeError(error);
+            });
         }
     };
 }

package/dist/esm/native/client.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"client.js","sourceRoot":"","sources":["../../../src/native/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,IAAI,MAAM,WAAW,CAAC;~~AAe7B~~,MAAM,4BAA4B,GAAG,MAAM,CAAC,GAAG,~~CAC7C~~,oCAAoC,~~CACrC~~,CAAC;~~AAMF~~,MAAM,aAAa,GAAG,gBAAgB,CAAC;AACvC,MAAM,gBAAgB,GAAG,mBAAmB,CAAC;AAC7C,MAAM,kBAAkB,GAAG,qBAAqB,CAAC;AACjD,MAAM,gBAAgB,GAAG,mBAAmB,CAAC;AAE7C,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IAClC,IAAI,GAAG,aAAa,CAAC;CAC/B;AAED,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IACpC,IAAI,GAAG,gBAAgB,CAAC;CAClC;AAED,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IACtC,IAAI,GAAG,kBAAkB,CAAC;CACpC;AAED,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IACrC,IAAI,GAAG,gBAAgB,CAAC;CAClC;~~AASD~~,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,CAAC,CAAC,KAAK,YAAY,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IAClC,CAAC;IAED,MAAM,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,IAAI,KAAK,CAAC,OAAO,CAAC;IAEtD,IAAI,IAAI,KAAK,aAAa,EAAE,CAAC;QAC3B,OAAO,IAAI,kBAAkB,CAAC,MAAM,CAAC,CAAC;IACxC,CAAC;IACD,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;QAC9B,OAAO,IAAI,oBAAoB,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,IAAI,KAAK,kBAAkB,EAAE,CAAC;QAChC,OAAO,IAAI,sBAAsB,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;QAC9B,OAAO,IAAI,qBAAqB,CAAC,MAAM,CAAC,CAAC;IAC3C,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB;IACxB,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,KAAK,MAAM,CAAC;IACrD,MAAM,YAAY,GAAG,UAAqC,CAAC;IAC3D,MAAM,aAAa,GAAG,cAAc~~;QAClC~~,CAAC,CAAC,YAAY,CAAC,4BAA4B,CAAC~~;QAC5C~~,CAAC,CAAC,SAAS,CAAC;~~IAEd~~,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,MAAM,eAAe,GAAG,aAAa,~~CACnC~~,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,CAAC,~~CAC5C~~,CAAC;~~IACF~~,MAAM,UAAU,GAAG;QACjB,oCAAoC;QACpC,uCAAuC;QACvC,GAAG,OAAO,CAAC,GAAG,EAAE,+BAA+B;KAChD,CAAC;IAEF,IAAI,SAAkB,CAAC;IACvB,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,eAAe,CAAC,SAAS,CAAkB,CAAC;YAC5D,IAAI,cAAc,EAAE,CAAC;gBACnB,YAAY,CAAC,4BAA4B,CAAC,GAAG,OAAO,CAAC;YACvD,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,SAAS,GAAG,KAAK,CAAC;QACpB,CAAC;IACH,CAAC;IAED,MAAM,IAAI,kBAAkB,CAC1B,mDAAmD,MAAM,CAAC,SAAS,CAAC,EAAE,CACvE,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,OAA4B;IAC7D,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,cAAc,CAAC;IAE5C,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;QAC9B,OAAO;YACL,IAAI;YACJ,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,SAAS;YAC5B,SAAS,EAAE,GAAG,EAAE,CAAC,SAAS;YAC1B,WAAW,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;~~SAC7D~~,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,iBAAiB,EAAE,CAAC;IACpC,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC;IAEnC,IAAI,aAA0C,CAAC;IAC/C,IAAI,YAAgC,CAAC;IACrC,IAAI,gBAAmC,CAAC;IAExC,MAAM,SAAS,GAAG,KAAK,IAAqB,EAAE;QAC5C,~~IAAI,CAAC,~~aAAa,~~EAAE~~,~~CAAC;YACnB,aAAa,GAAG,~~OAAO;~~iBACpB~~,OAAO,CAAC,UAAU,CAAC;~~iBACnB~~,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;~~gBACf~~,YAAY,GAAG,MAAM,CAAC;~~gBACtB~~,OAAO,MAAM,CAAC;~~YAChB~~,CAAC,CAAC;~~iBACD~~,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;~~gBACxB~~,aAAa,GAAG,SAAS,CAAC;~~gBAC1B~~,YAAY,GAAG,SAAS,CAAC;~~gBACzB~~,MAAM,cAAc,CAAC,KAAK,CAAC,CAAC;~~YAC9B~~,CAAC,CAAC,CAAC;~~QACP~~,~~CAAC;QACD,~~OAAO,aAAa,CAAC;IACvB,CAAC,CAAC;IAEF,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,KAAK,IAAI,EAAE;YAChB,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,KAAK,GAAG,gBAAgB,CAAC;gBAC/B,gBAAgB,GAAG,SAAS,CAAC;gBAC7B,MAAM,KAAK,CAAC;YACd,CAAC;YAED,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC;YACjC,MAAM,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;gBACxD,MAAM,cAAc,CAAC,KAAK,CAAC,CAAC;YAC9B,CAAC,CAAC,CAAC;YACH,aAAa,GAAG,SAAS,CAAC;YAC1B,YAAY,GAAG,SAAS,CAAC;QAC3B,CAAC;QACD,SAAS,EAAE,CAAC,KAAc,EAAE,EAAE;YAC5B,IAAI,YAAY,EAAE,CAAC;gBACjB,IAAI,CAAC;oBACH,OAAO,CAAC,SAAS,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;gBACzC,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,gBAAgB,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;gBAC3C,CAAC;gBACD,OAAO;YACT,CAAC;YAED,KAAK,SAAS,EAAE;iBACb,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;gBACf,OAAO,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YACnC,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;gBACxB,gBAAgB,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;YAC3C,CAAC,CAAC,CAAC;QACP,CAAC;QACD,WAAW,EAAE,KAAK,~~IAAI~~,EAAE;~~YACtB~~,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,KAAK,GAAG,gBAAgB,CAAC;gBAC/B,gBAAgB,GAAG,SAAS,CAAC;gBAC7B,MAAM,KAAK,CAAC;YACd,CAAC;YAED,~~qEAAqE~~;~~YACrE~~,~~sEAAsE~~;~~YACtE~~,yEAAyE;YACzE,~~qEAAqE~~;~~YACrE~~,MAAM,SAAS,EAAE,CAAC;~~YAClB~~,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;~~QAC3C~~,CAAC;KACF,CAAC;AACJ,CAAC"}
1	+ {"version":3,"file":"client.js","sourceRoot":"","sources":["../../../src/native/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,IAAI,MAAM,WAAW,CAAC;AA+C7B,MAAM,4BAA4B,GAAG,MAAM,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;AAMtF,MAAM,aAAa,GAAG,gBAAgB,CAAC;AACvC,MAAM,gBAAgB,GAAG,mBAAmB,CAAC;AAC7C,MAAM,kBAAkB,GAAG,qBAAqB,CAAC;AACjD,MAAM,cAAc,GAAG,iBAAiB,CAAC;AACzC,MAAM,gBAAgB,GAAG,mBAAmB,CAAC;AAE7C,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IAClC,IAAI,GAAG,aAAa,CAAC;CAC/B;AAED,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IACpC,IAAI,GAAG,gBAAgB,CAAC;CAClC;AAED,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IACtC,IAAI,GAAG,kBAAkB,CAAC;CACpC;AAED,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IACnC,IAAI,GAAG,cAAc,CAAC;CAChC;AAED,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IACrC,IAAI,GAAG,gBAAgB,CAAC;CAClC;AAqBD;;;;;;;;GAQG;AACH,SAAS,yBAAyB,CAAC,OAA6B;IAC9D,QAAQ,OAAO,CAAC,QAAQ,EAAE,CAAC;QACzB,KAAK,MAAM;YACT,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC;QAClE,KAAK,SAAS;YACZ,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC;QAClE;YACE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC7C,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,CAAC,CAAC,KAAK,YAAY,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IAClC,CAAC;IAED,MAAM,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,IAAI,KAAK,CAAC,OAAO,CAAC;IAEtD,IAAI,IAAI,KAAK,aAAa,EAAE,CAAC;QAC3B,OAAO,IAAI,kBAAkB,CAAC,MAAM,CAAC,CAAC;IACxC,CAAC;IACD,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;QAC9B,OAAO,IAAI,oBAAoB,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,IAAI,KAAK,kBAAkB,EAAE,CAAC;QAChC,OAAO,IAAI,sBAAsB,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;QAC5B,OAAO,IAAI,mBAAmB,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;IACD,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;QAC9B,OAAO,IAAI,qBAAqB,CAAC,MAAM,CAAC,CAAC;IAC3C,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB;IACxB,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,KAAK,MAAM,CAAC;IACrD,MAAM,YAAY,GAAG,UAAqC,CAAC;IAC3D,MAAM,aAAa,GAAG,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,4BAA4B,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAE9F,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,MAAM,eAAe,GAAG,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,CAAC,CAAC,CAAC;IACnF,MAAM,UAAU,GAAG;QACjB,oCAAoC;QACpC,uCAAuC;QACvC,GAAG,OAAO,CAAC,GAAG,EAAE,+BAA+B;KAChD,CAAC;IAEF,IAAI,SAAkB,CAAC;IACvB,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,eAAe,CAAC,SAAS,CAAkB,CAAC;YAC5D,IAAI,cAAc,EAAE,CAAC;gBACnB,YAAY,CAAC,4BAA4B,CAAC,GAAG,OAAO,CAAC;YACvD,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,SAAS,GAAG,KAAK,CAAC;QACpB,CAAC;IACH,CAAC;IAED,MAAM,IAAI,kBAAkB,CAC1B,mDAAmD,MAAM,CAAC,SAAS,CAAC,EAAE,CACvE,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,OAA4B;IAC7D,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,cAAc,CAAC;IAE5C,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;QAC9B,OAAO;YACL,IAAI;YACJ,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,SAAS;YAC5B,SAAS,EAAE,GAAG,EAAE,CAAC,SAAS;YAC1B,WAAW,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;YAC5D,qEAAqE;YACrE,yEAAyE;YACzE,kEAAkE;YAClE,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC,EAAE;SACzB,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,iBAAiB,EAAE,CAAC;IACpC,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC;IAEnC,IAAI,aAA0C,CAAC;IAC/C,IAAI,YAAgC,CAAC;IACrC,IAAI,gBAAmC,CAAC;IAExC,MAAM,SAAS,GAAG,KAAK,IAAqB,EAAE;QAC5C,aAAa,KAAK,OAAO;aACtB,OAAO,CAAC,UAAU,CAAC;aACnB,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YACf,YAAY,GAAG,MAAM,CAAC;YACtB,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;YACxB,aAAa,GAAG,SAAS,CAAC;YAC1B,YAAY,GAAG,SAAS,CAAC;YACzB,MAAM,cAAc,CAAC,KAAK,CAAC,CAAC;QAC9B,CAAC,CAAC,CAAC;QACL,OAAO,aAAa,CAAC;IACvB,CAAC,CAAC;IAEF,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,KAAK,IAAI,EAAE;YAChB,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,KAAK,GAAG,gBAAgB,CAAC;gBAC/B,gBAAgB,GAAG,SAAS,CAAC;gBAC7B,MAAM,KAAK,CAAC;YACd,CAAC;YAED,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC;YACjC,MAAM,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;gBACxD,MAAM,cAAc,CAAC,KAAK,CAAC,CAAC;YAC9B,CAAC,CAAC,CAAC;YACH,aAAa,GAAG,SAAS,CAAC;YAC1B,YAAY,GAAG,SAAS,CAAC;QAC3B,CAAC;QACD,SAAS,EAAE,CAAC,KAAc,EAAE,EAAE;YAC5B,IAAI,YAAY,EAAE,CAAC;gBACjB,IAAI,CAAC;oBACH,OAAO,CAAC,SAAS,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;gBACzC,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,gBAAgB,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;gBAC3C,CAAC;gBACD,OAAO;YACT,CAAC;YAED,KAAK,SAAS,EAAE;iBACb,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;gBACf,OAAO,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YACnC,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;gBACxB,gBAAgB,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;YAC3C,CAAC,CAAC,CAAC;QACP,CAAC;QACD,WAAW,EAAE,KAAK,EAAE,MAAe,EAAE,EAAE;YACrC,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,KAAK,GAAG,gBAAgB,CAAC;gBAC/B,gBAAgB,GAAG,SAAS,CAAC;gBAC7B,MAAM,KAAK,CAAC;YACd,CAAC;YAED,uEAAuE;YACvE,yEAAyE;YACzE,yEAAyE;YACzE,0EAA0E;YAC1E,yEAAyE;YACzE,wEAAwE;YACxE,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC;YACjC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAC1D,OAAO,yBAAyB,CAAC,OAAO,CAAC,CAAC;QAC5C,CAAC;QACD,QAAQ,EAAE,KAAK,EAAE,OAAwB,EAAE,EAAE;YAC3C,uEAAuE;YACvE,oEAAoE;YACpE,kEAAkE;YAClE,0DAA0D;YAC1D,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;gBACnC,qEAAqE;gBACrE,8CAA8C;gBAC9C,OAAO,EAAE,CAAC;YACZ,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC;YACjC,OAAO,OAAO,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;gBAChE,MAAM,cAAc,CAAC,KAAK,CAAC,CAAC;YAC9B,CAAC,CAAC,CAAC;QACL,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/esm/op-control.js CHANGED Viewed

@@ -22,6 +22,58 @@
 import { credentials as grpcCredentials, } from "@grpc/grpc-js";
 import { OpTerminatedError } from "./errors/op-terminated-error.js";
 import { OpControlSignal, PolicyServiceClient, } from "./proto/generated/policy.js";
+/**
+ * Hosts treated as loopback for the secure-by-default transport decision.
+ * A loopback gateway is the local dev-mode CP, where plaintext gRPC is the
+ * documented default; anything else is presumed remote and must be encrypted.
+ */
+const LOOPBACK_HOSTS = new Set(["localhost", "127.0.0.1", "::1", "[::1]"]);
+/**
+ * Extract the bare host from a gRPC target (`host:port`, a bare host, or a
+ * URL-style `scheme://host:port`). Returns the lowercased host with any
+ * surrounding IPv6 brackets preserved so it can be matched against
+ * {@link LOOPBACK_HOSTS}.
+ */
+export function gatewayHostOf(gatewayUrl) {
+    let target = gatewayUrl.trim();
+    const schemeIdx = target.indexOf("://");
+    if (schemeIdx !== -1)
+        target = target.slice(schemeIdx + 3);
+    // Drop a path/query suffix if a URL form was passed.
+    const slashIdx = target.indexOf("/");
+    if (slashIdx !== -1)
+        target = target.slice(0, slashIdx);
+    if (target.startsWith("[")) {
+        // Bracketed IPv6: keep the bracketed form, strip only the trailing :port.
+        const close = target.indexOf("]");
+        return close === -1 ? target.toLowerCase() : target.slice(0, close + 1).toLowerCase();
+    }
+    const colonIdx = target.indexOf(":");
+    if (colonIdx !== -1)
+        target = target.slice(0, colonIdx);
+    return target.toLowerCase();
+}
+function isLoopbackTarget(gatewayUrl) {
+    return LOOPBACK_HOSTS.has(gatewayHostOf(gatewayUrl));
+}
+/**
+ * Pick channel credentials for the op-control stream, secure by default.
+ *
+ * Precedence: an explicit `credentials` override wins; otherwise a loopback
+ * target gets plaintext (local dev gateway), a remote target gets TLS, and a
+ * remote target is only allowed plaintext when the caller sets `allowInsecure`.
+ *
+ * @throws never — returns the chosen {@link ChannelCredentials}.
+ */
+export function resolveOpControlCredentials(gatewayUrl, opts) {
+    if (opts.credentials)
+        return opts.credentials;
+    if (isLoopbackTarget(gatewayUrl))
+        return grpcCredentials.createInsecure();
+    if (opts.allowInsecure)
+        return grpcCredentials.createInsecure();
+    return grpcCredentials.createSsl();
+}
 export class OpControlSubscriber {
     client;
     agent;
@@ -41,7 +93,7 @@ export class OpControlSubscriber {
         };
         const client = opts.clientFactory
             ? opts.clientFactory()
-            : new PolicyServiceClient(gatewayUrl, opts.credentials ?? grpcCredentials.createInsecure());
+            : new PolicyServiceClient(gatewayUrl, resolveOpControlCredentials(gatewayUrl, opts));
         const subscriber = new OpControlSubscriber(client, agent);
         subscriber.start();
         return subscriber;

package/dist/esm/op-control.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"op-control.js","sourceRoot":"","sources":["../../src/op-control.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAGL,WAAW,IAAI,eAAe,GAC/B,MAAM,eAAe,CAAC;AAEvB,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAC;AAEpE,OAAO,EAEL,eAAe,EAEf,mBAAmB,GACpB,MAAM,6BAA6B,CAAC;~~AAmCrC~~,MAAM,OAAO,mBAAmB;IACb,MAAM,CAAkB;IACxB,KAAK,CAAU;IACf,GAAG,GAAG,IAAI,GAAG,EAA0B,CAAC;IACjD,IAAI,GAAkD,IAAI,CAAC;IAC3D,KAAK,GAAG,IAAI,CAAC;IAErB,YAAoB,MAAuB,EAAE,KAAc;QACzD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED,wEAAwE;IACjE,MAAM,CAAC,OAAO,CACnB,UAAkB,EAClB,IAAgC;QAEhC,MAAM,KAAK,GAAY;YACrB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC;QACF,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa;YAC/B,CAAC,CAAC,IAAI,CAAC,aAAa,EAAE;YACtB,CAAC,CAAE,IAAI,mBAAmB,CACtB,UAAU,EACV,~~IAAI~~,CAAC,~~WAAW~~,IAAI,~~eAAe,~~CAAC,~~cAAc~~,~~EAAE,CACI,~~CAAC;QAC/D,MAAM,UAAU,GAAG,IAAI,mBAAmB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC1D,UAAU,CAAC,KAAK,EAAE,CAAC;QACnB,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;OAEG;IACI,KAAK;QACV,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;QACjE,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,GAAqB,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;QACnD,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;IACnD,CAAC;IAEO,QAAQ,CAAC,GAAqB;QACpC,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAClC,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC;YACnB,KAAK,eAAe,CAAC,uBAAuB;gBAC1C,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC;gBACpB,MAAM;YACR,KAAK,eAAe,CAAC,wBAAwB;gBAC3C,KAAK,CAAC,MAAM,GAAG,KAAK,CAAC;gBACrB,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;gBAC3B,MAAM;YACR,KAAK,eAAe,CAAC,2BAA2B;gBAC9C,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC;gBACxB,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;gBAC3B,MAAM;YACR;gBACE,kDAAkD;gBAClD,MAAM;QACV,CAAC;IACH,CAAC;IAEO,IAAI,CAAC,IAAY;QACvB,IAAI,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,KAAK,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;YAC5D,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAC5B,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,cAAc,CAAC,KAAqB;QAC1C,MAAM,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC;QAChC,KAAK,CAAC,SAAS,GAAG,EAAE,CAAC;QACrB,KAAK,MAAM,OAAO,IAAI,OAAO;YAAE,OAAO,EAAE,CAAC;IAC3C,CAAC;IAEO,cAAc;QACpB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,uDAAuD;QACvD,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE;YAAE,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IACpE,CAAC;IAED;;;;;;;;;;OAUG;IACI,KAAK,CAAC,SAAS,CACpB,IAAY,EACZ,OAA+B,EAAE;QAEjC,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9B,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,IAAI,iBAAiB,CAAC,MAAM,IAAI,gCAAgC,EAAE,IAAI,CAAC,CAAC;QAChF,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,MAAM;YAAE,OAAO;QAE1B,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YAClC,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC9B,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACjC,UAAU,CAAC,GAAG,EAAE;oBACd,uEAAuE;oBACvE,MAAM,GAAG,GAAG,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;oBAC7C,IAAI,GAAG,KAAK,CAAC,CAAC;wBAAE,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;oBAC/C,OAAO,EAAE,CAAC;gBACZ,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;YACrB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,IAAI,iBAAiB,CAAC,MAAM,IAAI,gCAAgC,EAAE,IAAI,CAAC,CAAC;QAChF,CAAC;IACH,CAAC;IAEM,QAAQ,CAAC,IAAY;QAC1B,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,IAAI,KAAK,CAAC;IAC7C,CAAC;IAEM,YAAY,CAAC,IAAY;QAC9B,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,UAAU,IAAI,KAAK,CAAC;IACjD,CAAC;IAEM,WAAW;QAChB,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,sCAAsC;IAC/B,KAAK;QACV,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC;QACpB,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;QACtB,IAAI,CAAC,cAAc,EAAE,CAAC;IACxB,CAAC;CACF"}
1	+ {"version":3,"file":"op-control.js","sourceRoot":"","sources":["../../src/op-control.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAGL,WAAW,IAAI,eAAe,GAC/B,MAAM,eAAe,CAAC;AAEvB,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAC;AAEpE,OAAO,EAEL,eAAe,EAEf,mBAAmB,GACpB,MAAM,6BAA6B,CAAC;AA6CrC;;;;GAIG;AACH,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,WAAW,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;AAE3E;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,UAAkB;IAC9C,IAAI,MAAM,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;IAC/B,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACxC,IAAI,SAAS,KAAK,CAAC,CAAC;QAAE,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC;IAC3D,qDAAqD;IACrD,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,QAAQ,KAAK,CAAC,CAAC;QAAE,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IACxD,IAAI,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,0EAA0E;QAC1E,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAClC,OAAO,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IACxF,CAAC;IACD,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,QAAQ,KAAK,CAAC,CAAC;QAAE,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IACxD,OAAO,MAAM,CAAC,WAAW,EAAE,CAAC;AAC9B,CAAC;AAED,SAAS,gBAAgB,CAAC,UAAkB;IAC1C,OAAO,cAAc,CAAC,GAAG,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC;AACvD,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,2BAA2B,CACzC,UAAkB,EAClB,IAAuE;IAEvE,IAAI,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC,WAAW,CAAC;IAC9C,IAAI,gBAAgB,CAAC,UAAU,CAAC;QAAE,OAAO,eAAe,CAAC,cAAc,EAAE,CAAC;IAC1E,IAAI,IAAI,CAAC,aAAa;QAAE,OAAO,eAAe,CAAC,cAAc,EAAE,CAAC;IAChE,OAAO,eAAe,CAAC,SAAS,EAAE,CAAC;AACrC,CAAC;AAED,MAAM,OAAO,mBAAmB;IACb,MAAM,CAAkB;IACxB,KAAK,CAAU;IACf,GAAG,GAAG,IAAI,GAAG,EAA0B,CAAC;IACjD,IAAI,GAAkD,IAAI,CAAC;IAC3D,KAAK,GAAG,IAAI,CAAC;IAErB,YAAoB,MAAuB,EAAE,KAAc;QACzD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED,wEAAwE;IACjE,MAAM,CAAC,OAAO,CACnB,UAAkB,EAClB,IAAgC;QAEhC,MAAM,KAAK,GAAY;YACrB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC;QACF,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa;YAC/B,CAAC,CAAC,IAAI,CAAC,aAAa,EAAE;YACtB,CAAC,CAAE,IAAI,mBAAmB,CACtB,UAAU,EACV,2BAA2B,CAAC,UAAU,EAAE,IAAI,CAAC,CACW,CAAC;QAC/D,MAAM,UAAU,GAAG,IAAI,mBAAmB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC1D,UAAU,CAAC,KAAK,EAAE,CAAC;QACnB,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;OAEG;IACI,KAAK;QACV,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;QACjE,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,GAAqB,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;QACnD,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;IACnD,CAAC;IAEO,QAAQ,CAAC,GAAqB;QACpC,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAClC,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC;YACnB,KAAK,eAAe,CAAC,uBAAuB;gBAC1C,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC;gBACpB,MAAM;YACR,KAAK,eAAe,CAAC,wBAAwB;gBAC3C,KAAK,CAAC,MAAM,GAAG,KAAK,CAAC;gBACrB,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;gBAC3B,MAAM;YACR,KAAK,eAAe,CAAC,2BAA2B;gBAC9C,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC;gBACxB,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;gBAC3B,MAAM;YACR;gBACE,kDAAkD;gBAClD,MAAM;QACV,CAAC;IACH,CAAC;IAEO,IAAI,CAAC,IAAY;QACvB,IAAI,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,KAAK,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;YAC5D,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAC5B,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,cAAc,CAAC,KAAqB;QAC1C,MAAM,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC;QAChC,KAAK,CAAC,SAAS,GAAG,EAAE,CAAC;QACrB,KAAK,MAAM,OAAO,IAAI,OAAO;YAAE,OAAO,EAAE,CAAC;IAC3C,CAAC;IAEO,cAAc;QACpB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,uDAAuD;QACvD,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE;YAAE,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IACpE,CAAC;IAED;;;;;;;;;;OAUG;IACI,KAAK,CAAC,SAAS,CACpB,IAAY,EACZ,OAA+B,EAAE;QAEjC,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9B,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,IAAI,iBAAiB,CAAC,MAAM,IAAI,gCAAgC,EAAE,IAAI,CAAC,CAAC;QAChF,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,MAAM;YAAE,OAAO;QAE1B,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YAClC,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC9B,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACjC,UAAU,CAAC,GAAG,EAAE;oBACd,uEAAuE;oBACvE,MAAM,GAAG,GAAG,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;oBAC7C,IAAI,GAAG,KAAK,CAAC,CAAC;wBAAE,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;oBAC/C,OAAO,EAAE,CAAC;gBACZ,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;YACrB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,IAAI,iBAAiB,CAAC,MAAM,IAAI,gCAAgC,EAAE,IAAI,CAAC,CAAC;QAChF,CAAC;IACH,CAAC;IAEM,QAAQ,CAAC,IAAY;QAC1B,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,IAAI,KAAK,CAAC;IAC7C,CAAC;IAEM,YAAY,CAAC,IAAY;QAC9B,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,UAAU,IAAI,KAAK,CAAC;IACjD,CAAC;IAEM,WAAW;QAChB,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,sCAAsC;IAC/B,KAAK;QACV,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC;QACpB,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;QACtB,IAAI,CAAC,cAAc,EAAE,CAAC;IACxB,CAAC;CACF"}

package/dist/esm/runtime.js CHANGED Viewed

@@ -12,11 +12,18 @@ import { existsSync, openSync } from "node:fs";
 import { createRequire } from "node:module";
 import { createConnection } from "node:net";
 import { arch, homedir, platform } from "node:os";
-import { delimiter as PATH_DELIM, dirname, join } from "node:path";
+import { delimiter as PATH_DELIM, dirname, isAbsolute, join, resolve as resolvePath } from "node:path";
 import { cwd, env } from "node:process";
 export const BINARY_NAME = "aasm";
 export const DEFAULT_PORT = 7878;
 export const DEFAULT_RUNTIME_HOST = "127.0.0.1";
+/**
+ * Opt-in gate for spawning the `aasm` sidecar. Auto-start runs a binary
+ * discovered from `$PATH` / the filesystem, so it is a privileged side effect
+ * that must be explicitly enabled rather than triggered silently by every
+ * `initAssembly()` call. Set to `1`/`true`/`yes` to permit auto-start.
+ */
+export const ENV_AUTO_START = "AA_AUTO_START";
 export const USER_LOCAL_BIN = join(homedir(), ".local", "bin");
 export const DOCKER_BASE_BIN = "/usr/local/bin";
 export const RUNTIME_LOG_FILENAME = ".aasm-runtime.log";
@@ -93,6 +100,51 @@ export function isRunning(port = DEFAULT_PORT, host = DEFAULT_RUNTIME_HOST) {
         socket.once("error", () => settle(false));
     });
 }
+/** Truthy values that enable {@link ENV_AUTO_START}. */
+function autoStartEnabled() {
+    const raw = env[ENV_AUTO_START]?.trim().toLowerCase();
+    return raw === "1" || raw === "true" || raw === "yes";
+}
+/**
+ * Install roots an auto-started `aasm` binary is permitted to live in, in
+ * addition to the npm-bundled `node_modules/@agent-assembly/runtime-*` path
+ * (which is trusted because it ships with the SDK install). This blocks a
+ * `$PATH`-injected `./aasm` or a binary planted in an arbitrary writable
+ * directory from being spawned.
+ */
+function allowedInstallDirs() {
+    const home = homedir();
+    return [
+        "/usr/local/bin",
+        "/usr/bin",
+        "/opt/homebrew/bin",
+        USER_LOCAL_BIN,
+        join(home, ".cargo", "bin"),
+        "/usr/local/cargo/bin",
+        DOCKER_BASE_BIN,
+    ];
+}
+/**
+ * Throw `Error` unless `binaryPath` is safe to spawn: it must be absolute and
+ * either resolve inside an allow-listed install dir (see
+ * {@link allowedInstallDirs}) or be the npm-bundled runtime binary. This is the
+ * integrity gate for the auto-start subprocess — without it the SDK would
+ * execute whatever `aasm` happened to be first on `$PATH`.
+ */
+export function assertSafeBinaryPath(binaryPath) {
+    if (!isAbsolute(binaryPath)) {
+        throw new Error(`Refusing to auto-start a non-absolute 'aasm' path: ${binaryPath}`);
+    }
+    const resolved = resolvePath(binaryPath);
+    const bundled = bundledRuntimeBinaryPath();
+    if (bundled !== null && resolvePath(bundled) === resolved)
+        return;
+    const ok = allowedInstallDirs().some((dir) => resolved.startsWith(resolvePath(dir) + "/"));
+    if (!ok) {
+        throw new Error(`Refusing to auto-start 'aasm' from an untrusted location: ${resolved}. ` +
+            `Install it under one of: ${allowedInstallDirs().join(", ")}.`);
+    }
+}
 /**
  * Spawn `aasm serve --port <port>` as a detached background subprocess.
  *
@@ -119,20 +171,33 @@ export function startRuntime(binaryPath, port = DEFAULT_PORT, logDir = cwd()) {
  *  2. Resolve the binary via {@link findAasmBinary}.
  *  3. Spawn the sidecar via {@link startRuntime}.
  *
- * `agentId` is accepted to keep the ticket-specified signature stable;
- * actual register-and-connect is performed by the existing gateway-aware
- * `@agent-assembly/sdk` `initAssembly` once the sidecar is reachable.
+ * `_agentId` is accepted to keep the ticket-specified signature stable but is
+ * intentionally not consumed at this lifecycle layer; actual register-and-connect
+ * is performed by the existing gateway-aware `@agent-assembly/sdk` `initAssembly`
+ * once the sidecar is reachable.
+ *
+ * Auto-start is **opt-in**: when the sidecar is not already running, this
+ * throws unless `AA_AUTO_START` is enabled. When it does spawn, the resolved
+ * binary path is logged and integrity-checked via {@link assertSafeBinaryPath}.
  *
- * Throws `Error` with {@link INSTALL_HINT} when no binary is found.
+ * Throws `Error` with {@link INSTALL_HINT} when no binary is found, and a
+ * descriptive `Error` when auto-start is not opted in or the resolved binary
+ * fails the integrity check.
  */
-export async function initAssembly(agentId, port = DEFAULT_PORT) {
-    void agentId; // not consumed at the lifecycle layer; see jsdoc
+export async function initAssembly(_agentId, port = DEFAULT_PORT) {
     if (await isRunning(port))
         return;
+    if (!autoStartEnabled()) {
+        throw new Error(`No aasm sidecar running on port ${port} and auto-start is disabled. ` +
+            `Start it with 'aasm serve --port ${port}', or set ${ENV_AUTO_START}=1 ` +
+            "to allow the SDK to auto-start it.");
+    }
     const binary = findAasmBinary();
     if (binary === null) {
         throw new Error(INSTALL_HINT);
     }
+    assertSafeBinaryPath(binary);
+    console.info(`[agent-assembly] auto-starting aasm sidecar from ${binary}`);
     startRuntime(binary, port);
 }
 //# sourceMappingURL=runtime.js.map

package/dist/esm/runtime.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"runtime.js","sourceRoot":"","sources":["../../src/runtime.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAqB,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,EAAE,SAAS,IAAI,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;~~AACnE~~,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAExC,MAAM,CAAC,MAAM,WAAW,GAAG,MAAM,CAAC;AAClC,MAAM,CAAC,MAAM,YAAY,GAAG,IAAI,CAAC;AACjC,MAAM,CAAC,MAAM,oBAAoB,GAAG,WAAW,CAAC;AAEhD,MAAM,CAAC,MAAM,cAAc,GAAW,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;AACvE,MAAM,CAAC,MAAM,eAAe,GAAG,gBAAgB,CAAC;AAChD,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC;AAExD,8EAA8E;AAC9E,MAAM,CAAC,MAAM,kBAAkB,GAAW,WAAW,QAAQ,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC;AAE5E,MAAM,CAAC,MAAM,YAAY,GAAW;IAClC,mCAAmC;IACnC,yCAAyC;IACzC,sDAAsD;IACtD,8DAA8D;CAC/D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb;;;;;;;;;GASG;AACH,SAAS,wBAAwB;IAC/B,IAAI,CAAC;QACH,MAAM,cAAc,GAAG,aAAa,CAAC,GAAG,GAAG,EAAE,eAAe,CAAC,CAAC;QAC9D,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,mBAAmB,kBAAkB,eAAe,CAAC,CAAC;QAC7F,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,WAAW,CAAC,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc;IAC5B,KAAK,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;QACrD,IAAI,CAAC,GAAG;YAAE,SAAS;QACnB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QACzC,IAAI,UAAU,CAAC,SAAS,CAAC;YAAE,OAAO,SAAS,CAAC;IAC9C,CAAC;IACD,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IACpD,IAAI,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IAC5C,MAAM,OAAO,GAAG,wBAAwB,EAAE,CAAC;IAC3C,IAAI,OAAO,KAAK,IAAI,IAAI,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,OAAO,CAAC;IAC5D,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC;IAClD,IAAI,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC;IACtC,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,SAAS,CACvB,OAAe,YAAY,EAC3B,OAAe,oBAAoB;IAEnC,OAAO,IAAI,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;QACnC,MAAM,MAAM,GAAG,gBAAgB,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,CAAC,KAAc,EAAQ,EAAE;YACtC,MAAM,CAAC,kBAAkB,EAAE,CAAC;YAC5B,MAAM,CAAC,OAAO,EAAE,CAAC;YACjB,aAAa,CAAC,KAAK,CAAC,CAAC;QACvB,CAAC,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QAC3C,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5C,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAC1B,UAAkB,EAClB,OAAe,YAAY,EAC3B,SAAiB,GAAG,EAAE;IAEtB,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC;IACnD,MAAM,EAAE,GAAG,QAAQ,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAClC,MAAM,KAAK,GAAG,KAAK,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE;QACjE,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE,CAAC,QAAQ,EAAE,EAAE,EAAE,EAAE,CAAC;KAC1B,CAAC,CAAC;IACH,KAAK,CAAC,KAAK,EAAE,CAAC;IACd,OAAO,KAAK,CAAC;AACf,CAAC;AAED~~;;;;;;;;;;;;;GAaG~~;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,~~OAAgB~~,~~EAChB~~,OAAe,YAAY;IAE3B,~~KAAK~~,~~OAAO~~,CAAC,CAAC,~~iDAAiD~~;~~IAC/D~~,IAAI,~~MAAM~~,~~SAAS~~,CAAC,IAAI,CAAC;~~QAAE~~,~~OAAO~~;~~IAClC~~,MAAM,MAAM,GAAG,cAAc,EAAE,CAAC;IAChC,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;IAChC,CAAC;IACD,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;AAC7B,CAAC"}
1	+ {"version":3,"file":"runtime.js","sourceRoot":"","sources":["../../src/runtime.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAqB,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,EAAE,SAAS,IAAI,UAAU,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,WAAW,CAAC;AACvG,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAExC,MAAM,CAAC,MAAM,WAAW,GAAG,MAAM,CAAC;AAClC,MAAM,CAAC,MAAM,YAAY,GAAG,IAAI,CAAC;AACjC,MAAM,CAAC,MAAM,oBAAoB,GAAG,WAAW,CAAC;AAEhD;;;;;GAKG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,eAAe,CAAC;AAE9C,MAAM,CAAC,MAAM,cAAc,GAAW,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;AACvE,MAAM,CAAC,MAAM,eAAe,GAAG,gBAAgB,CAAC;AAChD,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC;AAExD,8EAA8E;AAC9E,MAAM,CAAC,MAAM,kBAAkB,GAAW,WAAW,QAAQ,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC;AAE5E,MAAM,CAAC,MAAM,YAAY,GAAW;IAClC,mCAAmC;IACnC,yCAAyC;IACzC,sDAAsD;IACtD,8DAA8D;CAC/D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb;;;;;;;;;GASG;AACH,SAAS,wBAAwB;IAC/B,IAAI,CAAC;QACH,MAAM,cAAc,GAAG,aAAa,CAAC,GAAG,GAAG,EAAE,eAAe,CAAC,CAAC;QAC9D,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,mBAAmB,kBAAkB,eAAe,CAAC,CAAC;QAC7F,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,WAAW,CAAC,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc;IAC5B,KAAK,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;QACrD,IAAI,CAAC,GAAG;YAAE,SAAS;QACnB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QACzC,IAAI,UAAU,CAAC,SAAS,CAAC;YAAE,OAAO,SAAS,CAAC;IAC9C,CAAC;IACD,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IACpD,IAAI,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IAC5C,MAAM,OAAO,GAAG,wBAAwB,EAAE,CAAC;IAC3C,IAAI,OAAO,KAAK,IAAI,IAAI,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,OAAO,CAAC;IAC5D,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC;IAClD,IAAI,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC;IACtC,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,SAAS,CACvB,OAAe,YAAY,EAC3B,OAAe,oBAAoB;IAEnC,OAAO,IAAI,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;QACnC,MAAM,MAAM,GAAG,gBAAgB,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,CAAC,KAAc,EAAQ,EAAE;YACtC,MAAM,CAAC,kBAAkB,EAAE,CAAC;YAC5B,MAAM,CAAC,OAAO,EAAE,CAAC;YACjB,aAAa,CAAC,KAAK,CAAC,CAAC;QACvB,CAAC,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QAC3C,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5C,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;AACL,CAAC;AAED,wDAAwD;AACxD,SAAS,gBAAgB;IACvB,MAAM,GAAG,GAAG,GAAG,CAAC,cAAc,CAAC,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACtD,OAAO,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,KAAK,CAAC;AACxD,CAAC;AAED;;;;;;GAMG;AACH,SAAS,kBAAkB;IACzB,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IACvB,OAAO;QACL,gBAAgB;QAChB,UAAU;QACV,mBAAmB;QACnB,cAAc;QACd,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC;QAC3B,sBAAsB;QACtB,eAAe;KAChB,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,oBAAoB,CAAC,UAAkB;IACrD,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,sDAAsD,UAAU,EAAE,CAAC,CAAC;IACtF,CAAC;IACD,MAAM,QAAQ,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;IACzC,MAAM,OAAO,GAAG,wBAAwB,EAAE,CAAC;IAC3C,IAAI,OAAO,KAAK,IAAI,IAAI,WAAW,CAAC,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO;IAClE,MAAM,EAAE,GAAG,kBAAkB,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;IAC3F,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,IAAI,KAAK,CACb,6DAA6D,QAAQ,IAAI;YACvE,4BAA4B,kBAAkB,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CACjE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAC1B,UAAkB,EAClB,OAAe,YAAY,EAC3B,SAAiB,GAAG,EAAE;IAEtB,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC;IACnD,MAAM,EAAE,GAAG,QAAQ,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAClC,MAAM,KAAK,GAAG,KAAK,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE;QACjE,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE,CAAC,QAAQ,EAAE,EAAE,EAAE,EAAE,CAAC;KAC1B,CAAC,CAAC;IACH,KAAK,CAAC,KAAK,EAAE,CAAC;IACd,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,QAAiB,EACjB,OAAe,YAAY;IAE3B,IAAI,MAAM,SAAS,CAAC,IAAI,CAAC;QAAE,OAAO;IAClC,IAAI,CAAC,gBAAgB,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CACb,mCAAmC,IAAI,+BAA+B;YACpE,oCAAoC,IAAI,aAAa,cAAc,KAAK;YACxE,oCAAoC,CACvC,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,cAAc,EAAE,CAAC;IAChC,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;IAChC,CAAC;IACD,oBAAoB,CAAC,MAAM,CAAC,CAAC;IAC7B,OAAO,CAAC,IAAI,CAAC,oDAAoD,MAAM,EAAE,CAAC,CAAC;IAC3E,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;AAC7B,CAAC"}

package/dist/types/core/gateway-resolver.d.ts CHANGED Viewed

@@ -9,17 +9,45 @@
  * Resolution precedence (highest first):
  *
  *   1. Explicit field on the AssemblyConfig
- *   2. Environment variable (AAASM_GATEWAY_URL / AAASM_API_KEY)
+ *   2. Environment variable — canonical ``AA_GATEWAY_URL`` / ``AA_API_KEY``,
+ *      with the legacy ``AAASM_GATEWAY_URL`` / ``AAASM_API_KEY`` names accepted
+ *      as deprecated aliases (a one-time warning is logged when a legacy name
+ *      supplies the value)
  *   3. Config file (~/.aasm/config.yaml, optional js-yaml soft dep)
- *   4. Local default: probe http://localhost:7391, auto-start if absent
+ *   4. Local default: probe http://localhost:7391; when absent, auto-start the
+ *      local `aasm` gateway ONLY if `AA_AUTO_START` is opted in and the binary
+ *      resolves to an allow-listed install dir — otherwise raise an error.
  */
 export declare const DEFAULT_GATEWAY_URL = "http://localhost:7391";
 export declare const DEFAULT_HEALTHZ_PATH = "/healthz";
 export declare const DEFAULT_PROBE_TIMEOUT_MS = 500;
 export declare const DEFAULT_AUTO_START_TIMEOUT_MS = 5000;
 export declare const DEFAULT_CONFIG_FILE_PATH = "~/.aasm/config.yaml";
-export declare const ENV_GATEWAY_URL = "AAASM_GATEWAY_URL";
-export declare const ENV_API_KEY = "AAASM_API_KEY";
+export declare const ENV_GATEWAY_URL = "AA_GATEWAY_URL";
+export declare const ENV_API_KEY = "AA_API_KEY";
+/**
+ * Opt-in gate for auto-starting a local gateway. Auto-start spawns the `aasm`
+ * binary resolved from `$PATH`, so it is gated behind an explicit opt-in rather
+ * than running silently: a `$PATH` entry an attacker can write to would
+ * otherwise be executed by any process that calls `initAssembly()`. Set to
+ * `1`/`true`/`yes` to permit auto-start.
+ */
+export declare const ENV_AUTO_START = "AA_AUTO_START";
+/**
+ * Throw {@link ConfigurationError} unless `aasmPath` is an absolute path inside
+ * an allow-listed install directory (see {@link allowedInstallDirs}). This is
+ * the integrity gate for the auto-start subprocess — without it the SDK would
+ * execute whatever `aasm` happened to be first on `$PATH`.
+ */
+export declare function assertAllowedAasmPath(aasmPath: string): void;
+/**
+ * Deprecated environment-variable names, kept as backwards-compatible aliases.
+ *
+ * When one of these supplies a value (and the canonical ``AA_*`` name is unset)
+ * a one-time deprecation warning is emitted via ``readEnvWithDeprecation``.
+ */
+export declare const LEGACY_ENV_GATEWAY_URL = "AAASM_GATEWAY_URL";
+export declare const LEGACY_ENV_API_KEY = "AAASM_API_KEY";
 export declare const AASM_AUTO_START_ARGV: readonly ["start", "--mode", "local", "--foreground"];
 /**
  * Return true if a gateway responds with a 2xx status at ``{baseUrl}/healthz``.
@@ -58,6 +86,7 @@ export declare const __testing: {
         loadConfigFile: typeof loadConfigFile;
         autoStartGateway: typeof autoStartGateway;
     };
+    resetLegacyEnvWarnings: () => void;
 };
 /**
  * Spawn ``aasm start --mode local --foreground`` and wait until ``/healthz``

package/dist/types/core/gateway-resolver.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"gateway-resolver.d.ts","sourceRoot":"","sources":["../../../src/core/gateway-resolver.ts"],"names":[],"mappings":"AAOA~~;;;;;;;;;;;;;;GAcG~~;AAEH,eAAO,MAAM,mBAAmB,0BAA0B,CAAC;AAC3D,eAAO,MAAM,oBAAoB,aAAa,CAAC;AAC/C,eAAO,MAAM,wBAAwB,MAAM,CAAC;AAC5C,eAAO,MAAM,6BAA6B,OAAO,CAAC;AAClD,eAAO,MAAM,wBAAwB,wBAAwB,CAAC;AAE9D,eAAO,MAAM,eAAe,~~sBAAsB~~,CAAC;~~AACnD~~,eAAO,MAAM,WAAW,kBAAkB,CAAC;~~AAE3C~~,eAAO,MAAM,oBAAoB,uDAAwD,CAAC;AAE1F;;;;;;;GAOG;AACH,wBAAsB,YAAY,CAChC,OAAO,EAAE,MAAM,EACf,SAAS,GAAE,MAAiC,GAC3C,OAAO,CAAC,OAAO,CAAC,CAgBlB;AAED;;;;;;;GAOG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,MAAM,EACf,SAAS,GAAE,MAAsC,EACjD,cAAc,GAAE,MAAY,GAC3B,OAAO,CAAC,OAAO,CAAC,CASlB;~~AAMD~~;;;;;;;GAOG;AACH,wBAAsB,cAAc,CAClC,UAAU,GAAE,MAAiC,GAC5C,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAwBlC;AAED,iBAAS,qBAAqB,IAAI,MAAM,GAAG,IAAI,CAY9C;AAED,iBAAS,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAMhD;AAeD,eAAO,MAAM,SAAS;;;;;;;;~~CAAa~~,CAAC;~~AAEpC~~;;;;;;;;;;GAUG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,GAAE,MAA4B,EACrC,SAAS,GAAE,MAAsC,GAChD,OAAO,CAAC,IAAI,CAAC,~~CAiBf~~;AAED;;;;;;;GAOG;AACH,wBAAsB,iBAAiB,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,~~CAmB1E~~;AAED;;;;;;GAMG;AACH,wBAAsB,aAAa,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CActE"}
1	+ {"version":3,"file":"gateway-resolver.d.ts","sourceRoot":"","sources":["../../../src/core/gateway-resolver.ts"],"names":[],"mappings":"AAOA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,eAAO,MAAM,mBAAmB,0BAA0B,CAAC;AAC3D,eAAO,MAAM,oBAAoB,aAAa,CAAC;AAC/C,eAAO,MAAM,wBAAwB,MAAM,CAAC;AAC5C,eAAO,MAAM,6BAA6B,OAAO,CAAC;AAClD,eAAO,MAAM,wBAAwB,wBAAwB,CAAC;AAE9D,eAAO,MAAM,eAAe,mBAAmB,CAAC;AAChD,eAAO,MAAM,WAAW,eAAe,CAAC;AAExC;;;;;;GAMG;AACH,eAAO,MAAM,cAAc,kBAAkB,CAAC;AA2B9C;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAgB5D;AAED;;;;;GAKG;AACH,eAAO,MAAM,sBAAsB,sBAAsB,CAAC;AAC1D,eAAO,MAAM,kBAAkB,kBAAkB,CAAC;AAoClD,eAAO,MAAM,oBAAoB,uDAAwD,CAAC;AAE1F;;;;;;;GAOG;AACH,wBAAsB,YAAY,CAChC,OAAO,EAAE,MAAM,EACf,SAAS,GAAE,MAAiC,GAC3C,OAAO,CAAC,OAAO,CAAC,CAgBlB;AAED;;;;;;;GAOG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,MAAM,EACf,SAAS,GAAE,MAAsC,EACjD,cAAc,GAAE,MAAY,GAC3B,OAAO,CAAC,OAAO,CAAC,CASlB;AAUD;;;;;;;GAOG;AACH,wBAAsB,cAAc,CAClC,UAAU,GAAE,MAAiC,GAC5C,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAwBlC;AAED,iBAAS,qBAAqB,IAAI,MAAM,GAAG,IAAI,CAY9C;AAED,iBAAS,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAMhD;AAeD,eAAO,MAAM,SAAS;;;;;;;;kCAEQ,IAAI;CAGjC,CAAC;AAEF;;;;;;;;;;GAUG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,GAAE,MAA4B,EACrC,SAAS,GAAE,MAAsC,GAChD,OAAO,CAAC,IAAI,CAAC,CAuBf;AAED;;;;;;;GAOG;AACH,wBAAsB,iBAAiB,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CA8B1E;AAED;;;;;;GAMG;AACH,wBAAsB,aAAa,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CActE"}

package/dist/types/core/init-assembly.d.ts CHANGED Viewed

@@ -1,8 +1,13 @@
 import type { Adapter } from "../adapters/adapter.js";
 import { type GatewayClient } from "../gateway/client.js";
+import { type NativeClient } from "../native/client.js";
 import type { AssemblyConfig } from "../types/assembly-config.js";
 import type { AssemblyContext } from "../types/assembly-context.js";
-export declare function createClient(config: AssemblyConfig): GatewayClient;
+/** Env-var fallback for ``gatewayUrl`` read at ``initAssembly`` entry. */
+export declare const ENV_GATEWAY_URL = "AA_GATEWAY_URL";
+/** Env-var fallback for ``controlPlaneUrl`` read at ``initAssembly`` entry. */
+export declare const ENV_CONTROL_PLANE_URL = "AA_CONTROL_PLANE_URL";
+export declare function createClient(config: AssemblyConfig, nativeClientOverride?: NativeClient): GatewayClient;
 export declare function detectFrameworks(): string[];
 export declare function registerAdapters(frameworks: readonly string[]): Promise<Adapter[]>;
 export declare function startNetworkLayerIfNeeded(client: GatewayClient, config: AssemblyConfig): Promise<void>;

package/dist/types/core/init-assembly.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"init-assembly.d.ts","sourceRoot":"","sources":["../../../src/core/init-assembly.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,wBAAwB,CAAC;AAKtD,OAAO,~~EAA2B~~,KAAK,aAAa,~~EAAE~~,MAAM,sBAAsB,CAAC;~~AAEnF~~,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;~~AAiCpE~~,wBAAgB,YAAY,~~CAAC~~,MAAM,EAAE,cAAc,~~GAAG~~,aAAa,~~CAOlE~~;AAWD,wBAAgB,gBAAgB,IAAI,MAAM,EAAE,CAoB3C;AASD,wBAAsB,gBAAgB,CAAC,UAAU,EAAE,SAAS,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAMxF;AAED,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,aAAa,EACrB,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC,IAAI,CAAC,CAMf;~~AA0GD~~,wBAAsB,YAAY,CAAC,MAAM,GAAE,cAAmB,GAAG,OAAO,CAAC,eAAe,CAAC,~~CA0ExF~~"}
1	+ {"version":3,"file":"init-assembly.d.ts","sourceRoot":"","sources":["../../../src/core/init-assembly.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,wBAAwB,CAAC;AAKtD,OAAO,EAGL,KAAK,aAAa,EACnB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAEL,KAAK,YAAY,EAElB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAoBpE,0EAA0E;AAC1E,eAAO,MAAM,eAAe,mBAAmB,CAAC;AAChD,+EAA+E;AAC/E,eAAO,MAAM,qBAAqB,yBAAyB,CAAC;AAiD5D,wBAAgB,YAAY,CAC1B,MAAM,EAAE,cAAc,EACtB,oBAAoB,CAAC,EAAE,YAAY,GAClC,aAAa,CA+Cf;AAWD,wBAAgB,gBAAgB,IAAI,MAAM,EAAE,CAoB3C;AASD,wBAAsB,gBAAgB,CAAC,UAAU,EAAE,SAAS,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAMxF;AAED,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,aAAa,EACrB,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC,IAAI,CAAC,CAMf;AAsLD,wBAAsB,YAAY,CAAC,MAAM,GAAE,cAAmB,GAAG,OAAO,CAAC,eAAe,CAAC,CAkFxF"}

package/dist/types/gateway/client.d.ts CHANGED Viewed

@@ -1,7 +1,14 @@
 import type { GatewayApprovalResult, GatewayCheckRequest, GatewayDecision, GatewayPromptScan, GatewayRecordEvent, GatewayResultRecord } from "../types/gateway-governance.js";
 import type { AssemblyMode } from "../types/assembly-mode.js";
+import type { NativeClient } from "../native/client.js";
 export interface GatewayClient {
     readonly mode: AssemblyMode;
+    /**
+     * Base URL for the client's HTTP routes. Resolved by ``initAssembly`` to
+     * ``controlPlaneUrl`` when set, otherwise to ``gatewayUrl``. Undefined when
+     * the client is constructed without a URL (e.g. a bare no-op test client).
+     */
+    readonly httpBaseUrl?: string;
     start: () => Promise<void>;
     close: () => Promise<void>;
     check: (request: GatewayCheckRequest) => Promise<GatewayDecision>;
@@ -10,5 +17,21 @@ export interface GatewayClient {
     recordResult: (record: GatewayResultRecord) => Promise<void>;
     scanPrompts: (scan: GatewayPromptScan) => Promise<void>;
 }
-export declare function createNoopGatewayClient(mode: AssemblyMode): GatewayClient;
+export declare function createNoopGatewayClient(mode: AssemblyMode, httpBaseUrl?: string): GatewayClient;
+/**
+ * Gateway client backed by the in-process native runtime (AAASM-3050).
+ *
+ * `check()` asks a reachable `aa-runtime` for an authoritative verdict via the
+ * native `queryPolicy` primitive and maps it onto a `GatewayDecision`:
+ *   - `deny`    → `{ denied: true }`  (the wrapper throws `PolicyViolationError`)
+ *   - `pending` → `{ pending: true }` (routes to the approval path)
+ *   - allow / redact / unspecified → `{ denied: false }`
+ *
+ * **Fail-open (security-critical):** the SDK is advisory, not a security
+ * boundary. The native primitive already returns `allow` when the runtime is
+ * unreachable or too slow; on top of that, any local fault while querying is
+ * swallowed here and resolves neutral, so a missing or degraded runtime never
+ * blocks the agent. The proxy / eBPF layers remain authoritative.
+ */
+export declare function createNativeGatewayClient(mode: AssemblyMode, nativeClient: NativeClient, agentId?: string, httpBaseUrl?: string): GatewayClient;
 //# sourceMappingURL=client.d.ts.map

package/dist/types/gateway/client.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../src/gateway/client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,qBAAqB,EACrB,mBAAmB,EACnB,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACpB,MAAM,gCAAgC,CAAC;AACxC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;~~AAE9D~~,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,KAAK,EAAE,CAAC,OAAO,EAAE,mBAAmB,KAAK,OAAO,CAAC,eAAe,CAAC,CAAC;IAClE,eAAe,EAAE,CACf,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,KACd,OAAO,CAAC,qBAAqB,CAAC,CAAC;IACpC,MAAM,EAAE,CAAC,KAAK,EAAE,kBAAkB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACrD,YAAY,EAAE,CAAC,MAAM,EAAE,mBAAmB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7D,WAAW,EAAE,CAAC,IAAI,EAAE,iBAAiB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACzD;AAED,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,YAAY,GAAG,aAAa,~~CAWzE~~"}
1	+ {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../src/gateway/client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,qBAAqB,EACrB,mBAAmB,EACnB,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACpB,MAAM,gCAAgC,CAAC;AACxC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAExD,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B;;;;OAIG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,KAAK,EAAE,CAAC,OAAO,EAAE,mBAAmB,KAAK,OAAO,CAAC,eAAe,CAAC,CAAC;IAClE,eAAe,EAAE,CACf,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,KACd,OAAO,CAAC,qBAAqB,CAAC,CAAC;IACpC,MAAM,EAAE,CAAC,KAAK,EAAE,kBAAkB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACrD,YAAY,EAAE,CAAC,MAAM,EAAE,mBAAmB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7D,WAAW,EAAE,CAAC,IAAI,EAAE,iBAAiB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACzD;AAED,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,YAAY,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,aAAa,CAY/F;AAwBD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,YAAY,EAClB,YAAY,EAAE,YAAY,EAC1B,OAAO,CAAC,EAAE,MAAM,EAChB,WAAW,CAAC,EAAE,MAAM,GACnB,aAAa,CA0Bf"}

package/dist/types/gateway/index.d.ts CHANGED Viewed

@@ -1,3 +1,3 @@
-export { createNoopGatewayClient } from "./client.js";
+export { createNativeGatewayClient, createNoopGatewayClient } from "./client.js";
 export type { GatewayClient } from "./client.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/types/gateway/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/gateway/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;~~AACtD~~,YAAY,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/gateway/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,yBAAyB,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AACjF,YAAY,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC"}

package/dist/types/hooks/ai-sdk.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"ai-sdk.d.ts","sourceRoot":"","sources":["../../../src/hooks/ai-sdk.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAEV,4BAA4B,EAC5B,mBAAmB,EACpB,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAI1D,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,mBAAmB,CAAC;CAC3B;AAED,MAAM,WAAW,qBAAqB;IACpC,SAAS,EAAE,OAAO,CAAC;IACnB,mBAAmB,EAAE,mBAAmB,GAAG,SAAS,CAAC;IACrD,aAAa,EAAE,iBAAiB,GAAG,SAAS,CAAC;CAC9C;AAED,eAAO,MAAM,qBAAqB,EAAE,qBAInC,CAAC;AAEF,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,iBAAiB,GACxB,mBAAmB,GAAG,SAAS,~~CAWjC~~;AAED,MAAM,WAAW,2BAA2B;IAC1C,iBAAiB,EAAE,MAAM,CAAC;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,6GAA6G;IAC7G,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,wBAAgB,2BAA2B,CACzC,aAAa,EAAE,aAAa,EAC5B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,OAAO,GACd,IAAI,CAEN;AAED,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,OAAO,EACjD,eAAe,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,4BAA4B,KAAK,OAAO,CAAC,OAAO,CAAC,EACzF,WAAW,EAAE,MAAM,EACnB,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,2BAA2B,GACnC,CAAC,IAAI,EAAE,KAAK,EAAE,gBAAgB,EAAE,4BAA4B,KAAK,OAAO,CAAC,OAAO,CAAC,CAsDnF;AAED,MAAM,WAAW,+BAA+B;IAC9C,iBAAiB,EAAE,MAAM,CAAC;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,wBAAgB,wBAAwB,CACtC,mBAAmB,EAAE,mBAAmB,EACxC,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,+BAA+B,GACvC,mBAAmB,CAsBrB;AAED,MAAM,WAAW,uBAAuB;IACtC,aAAa,EAAE,aAAa,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,OAAO,CAAC,iBAAiB,GAAG,SAAS,CAAC,CAAC;CAC3D;AAYD,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,uBAAuB,GAC/B,OAAO,CAAC,OAAO,CAAC,CA4BlB;AAED,wBAAgB,kBAAkB,IAAI,OAAO,CAgB5C"}
1	+ {"version":3,"file":"ai-sdk.d.ts","sourceRoot":"","sources":["../../../src/hooks/ai-sdk.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAEV,4BAA4B,EAC5B,mBAAmB,EACpB,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAI1D,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,mBAAmB,CAAC;CAC3B;AAED,MAAM,WAAW,qBAAqB;IACpC,SAAS,EAAE,OAAO,CAAC;IACnB,mBAAmB,EAAE,mBAAmB,GAAG,SAAS,CAAC;IACrD,aAAa,EAAE,iBAAiB,GAAG,SAAS,CAAC;CAC9C;AAED,eAAO,MAAM,qBAAqB,EAAE,qBAInC,CAAC;AAEF,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,iBAAiB,GACxB,mBAAmB,GAAG,SAAS,CASjC;AAED,MAAM,WAAW,2BAA2B;IAC1C,iBAAiB,EAAE,MAAM,CAAC;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,6GAA6G;IAC7G,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,wBAAgB,2BAA2B,CACzC,aAAa,EAAE,aAAa,EAC5B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,OAAO,GACd,IAAI,CAEN;AAED,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,OAAO,EACjD,eAAe,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,4BAA4B,KAAK,OAAO,CAAC,OAAO,CAAC,EACzF,WAAW,EAAE,MAAM,EACnB,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,2BAA2B,GACnC,CAAC,IAAI,EAAE,KAAK,EAAE,gBAAgB,EAAE,4BAA4B,KAAK,OAAO,CAAC,OAAO,CAAC,CAsDnF;AAED,MAAM,WAAW,+BAA+B;IAC9C,iBAAiB,EAAE,MAAM,CAAC;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,wBAAgB,wBAAwB,CACtC,mBAAmB,EAAE,mBAAmB,EACxC,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,+BAA+B,GACvC,mBAAmB,CAsBrB;AAED,MAAM,WAAW,uBAAuB;IACtC,aAAa,EAAE,aAAa,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,OAAO,CAAC,iBAAiB,GAAG,SAAS,CAAC,CAAC;CAC3D;AAYD,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,uBAAuB,GAC/B,OAAO,CAAC,OAAO,CAAC,CA4BlB;AAED,wBAAgB,kBAAkB,IAAI,OAAO,CAgB5C"}

package/dist/types/hooks/langchain.d.ts CHANGED Viewed

@@ -1,3 +1,14 @@
 import type { NativeClient } from "../native/client.js";
+/**
+ * Intentional no-op stub: native-transport LangChain patching is not
+ * implemented. LangChain enforcement is performed in the SDK's callback layer
+ * (post-execution redaction) and wrapper layer (pre-execution deny) wired by
+ * `initAssembly`, not through this native hook — so there is nothing to patch
+ * here yet. Returns `false` (nothing patched) for every mode.
+ *
+ * The `client` parameter is retained to keep the adapter-registry hook
+ * signature (and the public `patchLangChain` export) uniform with the other
+ * `patch*` hooks; it is deliberately unused until native patching lands.
+ */
 export declare function patchLangChain(client: NativeClient): Promise<boolean>;
 //# sourceMappingURL=langchain.d.ts.map

package/dist/types/hooks/langchain.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"langchain.d.ts","sourceRoot":"","sources":["../../../src/hooks/langchain.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAExD,wBAAsB,cAAc,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,~~CAK3E~~"}
1	+ {"version":3,"file":"langchain.d.ts","sourceRoot":"","sources":["../../../src/hooks/langchain.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAExD;;;;;;;;;;GAUG;AAEH,wBAAsB,cAAc,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,CAE3E"}

package/dist/types/hooks/mastra.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"mastra.d.ts","sourceRoot":"","sources":["../../../src/hooks/mastra.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE;QACT,QAAQ,CAAC,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;KACrD,CAAC;CACH;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE;QACT,OAAO,CAAC,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;KACpD,CAAC;CACH;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,gBAAgB,CAAC;IACxB,QAAQ,CAAC,EAAE,mBAAmB,CAAC;CAChC;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,OAAO,CAAC;IACnB,gBAAgB,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC;IACzE,eAAe,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC;IACxE,iBAAiB,EAAE,gBAAgB,GAAG,SAAS,CAAC;IAChD,oBAAoB,EAAE,mBAAmB,GAAG,SAAS,CAAC;CACvD;AAED,eAAO,MAAM,gBAAgB,EAAE,gBAM9B,CAAC;AAEF,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC,CAAC;CACtD;AAYD,wBAAsB,WAAW,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,OAAO,CAAC,~~CA2D~~/E;AAED,wBAAgB,aAAa,IAAI,OAAO,CAkBvC"}
1	+ {"version":3,"file":"mastra.d.ts","sourceRoot":"","sources":["../../../src/hooks/mastra.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE;QACT,QAAQ,CAAC,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;KACrD,CAAC;CACH;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE;QACT,OAAO,CAAC,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;KACpD,CAAC;CACH;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,gBAAgB,CAAC;IACxB,QAAQ,CAAC,EAAE,mBAAmB,CAAC;CAChC;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,OAAO,CAAC;IACnB,gBAAgB,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC;IACzE,eAAe,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC;IACxE,iBAAiB,EAAE,gBAAgB,GAAG,SAAS,CAAC;IAChD,oBAAoB,EAAE,mBAAmB,GAAG,SAAS,CAAC;CACvD;AAED,eAAO,MAAM,gBAAgB,EAAE,gBAM9B,CAAC;AAEF,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC,CAAC;CACtD;AAYD,wBAAsB,WAAW,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,OAAO,CAAC,CA+D/E;AAED,wBAAgB,aAAa,IAAI,OAAO,CAkBvC"}

package/dist/types/hooks/openai-agents.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"openai-agents.d.ts","sourceRoot":"","sources":["../../../src/hooks/openai-agents.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,sBAAsB,EACtB,mBAAmB,EACnB,oBAAoB,EACpB,0BAA0B,EAC3B,MAAM,mCAAmC,CAAC;AAC3C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAG1D,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE;QACT,QAAQ,CAAC,EAAE,mBAAmB,CAAC;KAChC,CAAC;CACH;AAED,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE,OAAO,CAAC;IACnB,eAAe,EAAE,mBAAmB,GAAG,SAAS,CAAC;IACjD,iBAAiB,EAAE,sBAAsB,GAAG,SAAS,CAAC;CACvD;AAED,eAAO,MAAM,sBAAsB,EAAE,sBAIpC,CAAC;AAEF,wBAAgB,sBAAsB,CACpC,UAAU,EAAE,sBAAsB,GACjC,mBAAmB,GAAG,SAAS,~~CAWjC~~;AAED,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,oBAAoB,GAAG,OAAO,CAM9E;AAED,MAAM,WAAW,mCAAmC;IAClD,OAAO,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,KAAK,EAAE,MAAM,GAAG,SAAS,CAAC;CAC3B;AAED,wBAAgB,8BAA8B,CAC5C,OAAO,EAAE,sBAAsB,GAAG,SAAS,GAC1C,mCAAmC,CAKrC;AAED,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,MAAM,EAAE,MAAM,GACb,0BAA0B,CAG5B;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wBAAsB,qBAAqB,CACzC,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,0BAA0B,GAAG,SAAS,CAAC,CAYjD;AAED,wBAAgB,2BAA2B,CACzC,aAAa,EAAE,aAAa,EAC5B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,OAAO,GACd,IAAI,CAEN;AAED,MAAM,WAAW,2BAA2B;IAC1C,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED,wBAAgB,oBAAoB,CAClC,eAAe,EAAE,mBAAmB,EACpC,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,2BAA2B,GACnC,mBAAmB,CA2DrB;AAED,MAAM,WAAW,wBAAwB;IACvC,aAAa,EAAE,aAAa,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,OAAO,CAAC,sBAAsB,GAAG,SAAS,CAAC,CAAC;CACpE;AAgBD,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,wBAAwB,GAChC,OAAO,CAAC,OAAO,CAAC,CA2BlB;AAED,wBAAgB,mBAAmB,IAAI,OAAO,CAgB7C"}
1	+ {"version":3,"file":"openai-agents.d.ts","sourceRoot":"","sources":["../../../src/hooks/openai-agents.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,sBAAsB,EACtB,mBAAmB,EACnB,oBAAoB,EACpB,0BAA0B,EAC3B,MAAM,mCAAmC,CAAC;AAC3C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAG1D,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE;QACT,QAAQ,CAAC,EAAE,mBAAmB,CAAC;KAChC,CAAC;CACH;AAED,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE,OAAO,CAAC;IACnB,eAAe,EAAE,mBAAmB,GAAG,SAAS,CAAC;IACjD,iBAAiB,EAAE,sBAAsB,GAAG,SAAS,CAAC;CACvD;AAED,eAAO,MAAM,sBAAsB,EAAE,sBAIpC,CAAC;AAEF,wBAAgB,sBAAsB,CACpC,UAAU,EAAE,sBAAsB,GACjC,mBAAmB,GAAG,SAAS,CASjC;AAED,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,oBAAoB,GAAG,OAAO,CAM9E;AAED,MAAM,WAAW,mCAAmC;IAClD,OAAO,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,KAAK,EAAE,MAAM,GAAG,SAAS,CAAC;CAC3B;AAED,wBAAgB,8BAA8B,CAC5C,OAAO,EAAE,sBAAsB,GAAG,SAAS,GAC1C,mCAAmC,CAKrC;AAED,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,MAAM,EAAE,MAAM,GACb,0BAA0B,CAG5B;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wBAAsB,qBAAqB,CACzC,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,0BAA0B,GAAG,SAAS,CAAC,CAYjD;AAED,wBAAgB,2BAA2B,CACzC,aAAa,EAAE,aAAa,EAC5B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,OAAO,GACd,IAAI,CAEN;AAED,MAAM,WAAW,2BAA2B;IAC1C,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED,wBAAgB,oBAAoB,CAClC,eAAe,EAAE,mBAAmB,EACpC,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,2BAA2B,GACnC,mBAAmB,CA2DrB;AAED,MAAM,WAAW,wBAAwB;IACvC,aAAa,EAAE,aAAa,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,OAAO,CAAC,sBAAsB,GAAG,SAAS,CAAC,CAAC;CACpE;AAgBD,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,wBAAwB,GAChC,OAAO,CAAC,OAAO,CAAC,CA2BlB;AAED,wBAAgB,mBAAmB,IAAI,OAAO,CAgB7C"}