@agent-relay/sdk 4.0.2 → 4.0.4

package/dist/workflows/__tests__/permissions-integration.test.js

@@ -0,0 +1,526 @@
+import { EventEmitter } from 'node:events';
+import { beforeEach, afterEach, describe, expect, it, vi } from 'vitest';
+import { mkdtempSync, mkdirSync, rmSync, writeFileSync } from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+const tempDirs = [];
+const mockFetch = vi.fn().mockResolvedValue({
+    ok: true,
+    json: () => Promise.resolve({ data: { api_key: 'rk_test', workspace_id: 'ws-test' } }),
+    text: () => Promise.resolve(''),
+});
+vi.stubGlobal('fetch', mockFetch);
+let lastProvisionResult;
+const mockProvisionWorkflowAgents = vi.fn();
+vi.mock('../../provisioner/index.js', async () => {
+    const actual = await vi.importActual('../../provisioner/index.js');
+    mockProvisionWorkflowAgents.mockImplementation(async (config) => {
+        const scopes = new Map();
+        const tokens = new Map();
+        const agents = {};
+        let readonly = 0;
+        let readwrite = 0;
+        let denied = 0;
+        let customScopes = 0;
+        for (const [agentName, permissions] of Object.entries(config.agents ?? {})) {
+            const compiled = actual.resolveAgentPermissions(agentName, permissions, config.projectDir, config.workspace);
+            const token = `token:${agentName}`;
+            scopes.set(agentName, [...compiled.scopes]);
+            tokens.set(agentName, token);
+            readonly += compiled.summary.readonly;
+            readwrite += compiled.summary.readwrite;
+            denied += compiled.summary.denied;
+            customScopes += compiled.summary.customScopes;
+            agents[agentName] = {
+                name: agentName,
+                tokenPath: path.resolve(config.projectDir, '.relay', 'tokens', `${agentName}.jwt`),
+                token,
+                scopes: [...compiled.scopes],
+                compiled,
+            };
+        }
+        const result = {
+            agents,
+            agentNames: Object.keys(config.agents ?? {}),
+            adminToken: 'admin-token',
+            seededFileCount: 0,
+            seededAclCount: 0,
+            summary: { readonly, readwrite, denied, customScopes },
+            mounts: new Map(),
+            tokens,
+            scopes,
+        };
+        lastProvisionResult = { scopes, tokens };
+        return result;
+    });
+    return {
+        ...actual,
+        provisionWorkflowAgents: mockProvisionWorkflowAgents,
+    };
+});
+vi.mock('@relaycast/sdk', () => ({
+    RelayCast: vi.fn(),
+    RelayError: class RelayError extends Error {
+    },
+}));
+function never() {
+    return new Promise(() => { });
+}
+let queuedPtyOutputs = [];
+let waitForExitFn;
+let waitForIdleFn;
+const mockAgent = {
+    name: 'workflow-agent',
+    exitCode: 0,
+    exitSignal: undefined,
+    get waitForExit() {
+        return waitForExitFn;
+    },
+    get waitForIdle() {
+        return waitForIdleFn;
+    },
+    release: vi.fn().mockResolvedValue(undefined),
+};
+const mockHuman = {
+    name: 'WorkflowRunner',
+    sendMessage: vi.fn().mockResolvedValue(undefined),
+};
+const mockRelayInstance = {
+    spawnPty: vi.fn(),
+    human: vi.fn().mockReturnValue(mockHuman),
+    shutdown: vi.fn().mockResolvedValue(undefined),
+    onBrokerStderr: vi.fn().mockReturnValue(() => { }),
+    listAgentsRaw: vi.fn().mockResolvedValue([]),
+    onWorkerOutput: null,
+    onMessageReceived: null,
+    onAgentSpawned: null,
+    onAgentReleased: null,
+    onAgentExited: null,
+    onAgentIdle: null,
+    onDeliveryUpdate: null,
+};
+const defaultSpawnPtyImplementation = async ({ name, task }) => {
+    const queued = queuedPtyOutputs.shift();
+    const stepComplete = task?.match(/STEP_COMPLETE:([^\n]+)/u)?.[1]?.trim();
+    const output = queued ?? (stepComplete ? `STEP_COMPLETE:${stepComplete}\n` : 'STEP_COMPLETE:done\n');
+    queueMicrotask(() => {
+        mockRelayInstance.onWorkerOutput?.({ name, chunk: output });
+    });
+    return { ...mockAgent, name };
+};
+vi.mock('../../relay.js', () => ({
+    AgentRelay: vi.fn().mockImplementation(() => mockRelayInstance),
+}));
+let queuedSubprocessResults = [];
+const mockSubprocessSpawn = vi.fn().mockImplementation((_cmd, _args, _options) => {
+    const result = queuedSubprocessResults.shift() ?? { stdout: 'non-interactive complete\n', code: 0 };
+    const child = new EventEmitter();
+    child.stdout = new EventEmitter();
+    child.stderr = new EventEmitter();
+    child.pid = 4321;
+    child.kill = vi.fn();
+    queueMicrotask(() => {
+        if (result.error) {
+            child.emit('error', result.error);
+            return;
+        }
+        if (result.stdout) {
+            child.stdout.emit('data', Buffer.from(result.stdout));
+        }
+        if (result.stderr) {
+            child.stderr.emit('data', Buffer.from(result.stderr));
+        }
+        child.emit('close', result.code ?? 0, result.signal ?? null);
+    });
+    return child;
+});
+vi.mock('node:child_process', async () => {
+    const actual = await vi.importActual('node:child_process');
+    return {
+        ...actual,
+        spawn: mockSubprocessSpawn,
+    };
+});
+const { WorkflowRunner } = await import('../runner.js');
+function makeDb() {
+    const runs = new Map();
+    const steps = new Map();
+    return {
+        insertRun: vi.fn(async (run) => {
+            runs.set(run.id, { ...run });
+        }),
+        updateRun: vi.fn(async (id, patch) => {
+            const existing = runs.get(id);
+            if (existing)
+                runs.set(id, { ...existing, ...patch });
+        }),
+        getRun: vi.fn(async (id) => {
+            const run = runs.get(id);
+            return run ? { ...run } : null;
+        }),
+        insertStep: vi.fn(async (step) => {
+            steps.set(step.id, { ...step });
+        }),
+        updateStep: vi.fn(async (id, patch) => {
+            const existing = steps.get(id);
+            if (existing)
+                steps.set(id, { ...existing, ...patch });
+        }),
+        getStepsByRunId: vi.fn(async (runId) => {
+            return [...steps.values()].filter((step) => step.runId === runId);
+        }),
+    };
+}
+function createProject(files) {
+    const dir = mkdtempSync(path.join(os.tmpdir(), 'relay-permissions-integration-'));
+    tempDirs.push(dir);
+    for (const [relativePath, contents] of Object.entries(files)) {
+        const absolutePath = path.join(dir, relativePath);
+        mkdirSync(path.dirname(absolutePath), { recursive: true });
+        writeFileSync(absolutePath, contents);
+    }
+    return dir;
+}
+function createBaseProject() {
+    return createProject({
+        'src/app.ts': 'export const app = true;\n',
+        'docs/review.md': '# review\n',
+        '.env': 'SECRET=1\n',
+    });
+}
+function makeRunner(cwd) {
+    return new WorkflowRunner({
+        cwd,
+        db: makeDb(),
+        workspaceId: 'ws-test',
+        relay: {
+            env: {
+                AGENT_RELAY_WORKFLOW_DISABLE_RELAYCAST: '1',
+            },
+        },
+    });
+}
+function makeConfig(agents, steps, permissionProfiles) {
+    return {
+        version: '1',
+        name: 'permissions-integration',
+        permission_profiles: permissionProfiles,
+        swarm: { pattern: 'dag' },
+        agents,
+        workflows: [
+            {
+                name: 'default',
+                steps: steps ??
+                    agents.map((agent, index) => ({
+                        name: `step-${index + 1}`,
+                        agent: agent.name,
+                        task: `Complete work for ${agent.name}`,
+                    })),
+            },
+        ],
+        trajectories: false,
+    };
+}
+function getProvisionedScopes(agentName) {
+    expect(lastProvisionResult).toBeDefined();
+    const scopes = lastProvisionResult?.scopes.get(agentName);
+    expect(scopes).toBeDefined();
+    return scopes ?? [];
+}
+beforeEach(() => {
+    vi.clearAllMocks();
+    lastProvisionResult = undefined;
+    queuedPtyOutputs = [];
+    queuedSubprocessResults = [];
+    waitForExitFn = vi.fn().mockResolvedValue('exited');
+    waitForIdleFn = vi.fn().mockImplementation(() => never());
+    mockAgent.release.mockResolvedValue(undefined);
+    mockRelayInstance.spawnPty.mockImplementation(defaultSpawnPtyImplementation);
+    mockRelayInstance.onWorkerOutput = null;
+});
+afterEach(() => {
+    while (tempDirs.length > 0) {
+        rmSync(tempDirs.pop(), { recursive: true, force: true });
+    }
+});
+describe('WorkflowRunner permission lifecycle integration', () => {
+    it('mints workflow tokens before spawning interactive agents', async () => {
+        const projectDir = createBaseProject();
+        const runner = makeRunner(projectDir);
+        const config = makeConfig([
+            {
+                name: 'writer',
+                cli: 'claude',
+                permissions: { access: 'readwrite' },
+            },
+        ]);
+        const run = await runner.execute(config, 'default');
+        expect(run.status).toBe('completed');
+        expect(mockProvisionWorkflowAgents).toHaveBeenCalledTimes(1);
+        expect(mockRelayInstance.spawnPty).toHaveBeenCalledTimes(1);
+        expect(mockProvisionWorkflowAgents.mock.invocationCallOrder[0]).toBeLessThan(mockRelayInstance.spawnPty.mock.invocationCallOrder[0]);
+    });
+    it('skips provisioning entirely when no agent permissions are configured', async () => {
+        const projectDir = createBaseProject();
+        const runner = makeRunner(projectDir);
+        const config = makeConfig([{ name: 'legacy-agent', cli: 'claude' }]);
+        const run = await runner.execute(config, 'default');
+        expect(run.status).toBe('completed');
+        expect(mockProvisionWorkflowAgents).not.toHaveBeenCalled();
+        expect(mockRelayInstance.spawnPty).toHaveBeenCalledTimes(1);
+    });
+    it('provisions reviewer agents with readonly scopes only', async () => {
+        const projectDir = createBaseProject();
+        const runner = makeRunner(projectDir);
+        const config = makeConfig([
+            {
+                name: 'reviewer-agent',
+                cli: 'claude',
+                permissions: { access: 'readonly' },
+            },
+        ]);
+        const run = await runner.execute(config, 'default');
+        const scopes = getProvisionedScopes('reviewer-agent');
+        expect(run.status).toBe('completed');
+        expect(lastProvisionResult?.tokens.get('reviewer-agent')).toBe('token:reviewer-agent');
+        expect(scopes.length).toBeGreaterThan(0);
+        expect(scopes.every((scope) => !scope.includes(':write:'))).toBe(true);
+        expect(scopes.every((scope) => scope.includes(':read:'))).toBe(true);
+    });
+    it('provisions worker agents with readwrite scopes', async () => {
+        const projectDir = createBaseProject();
+        const runner = makeRunner(projectDir);
+        const config = makeConfig([
+            {
+                name: 'worker-agent',
+                cli: 'claude',
+                permissions: { access: 'readwrite' },
+            },
+        ]);
+        const run = await runner.execute(config, 'default');
+        const scopes = getProvisionedScopes('worker-agent');
+        expect(run.status).toBe('completed');
+        expect(scopes).toContain('relayfile:fs:write:/src/app.ts');
+        expect(scopes).toContain('relayfile:fs:write:/docs/review.md');
+    });
+    it('provisions lead agents with full-access scopes', async () => {
+        const projectDir = createBaseProject();
+        const runner = makeRunner(projectDir);
+        const config = makeConfig([
+            {
+                name: 'lead-agent',
+                cli: 'claude',
+                permissions: { access: 'full' },
+            },
+        ]);
+        const run = await runner.execute(config, 'default');
+        const scopes = getProvisionedScopes('lead-agent');
+        expect(run.status).toBe('completed');
+        expect(scopes).toContain('relayfile:fs:write:/.env');
+        expect(scopes).toContain('relayfile:fs:write:/src/app.ts');
+        expect(scopes).toContain('relayfile:fs:write:/docs/review.md');
+    });
+    it('passes the workflow agent token through to spawnPty', async () => {
+        const projectDir = createBaseProject();
+        const runner = makeRunner(projectDir);
+        const config = makeConfig([
+            {
+                name: 'interactive-agent',
+                cli: 'claude',
+                permissions: { access: 'readwrite' },
+            },
+        ]);
+        const run = await runner.execute(config, 'default');
+        expect(run.status).toBe('completed');
+        expect(mockRelayInstance.spawnPty).toHaveBeenCalledWith(expect.objectContaining({
+            agentToken: 'token:interactive-agent',
+        }));
+    });
+    it('merges permission profiles into agent permissions before provisioning', async () => {
+        const projectDir = createBaseProject();
+        const runner = makeRunner(projectDir);
+        const config = makeConfig([
+            {
+                name: 'profiled-agent',
+                cli: 'claude',
+                permissions: {
+                    profile: 'reviewer',
+                    why: 'Needs shared reviewer constraints with one extra scope',
+                    files: {
+                        read: ['docs/**'],
+                    },
+                    scopes: ['relay:custom:use:/review'],
+                },
+            },
+        ], undefined, {
+            reviewer: {
+                description: 'Reusable reviewer profile',
+                access: 'readonly',
+                files: {
+                    read: ['src/**'],
+                    deny: ['.env'],
+                },
+                exec: ['git diff'],
+            },
+        });
+        const run = await runner.execute(config, 'default');
+        const provisionedPermissions = mockProvisionWorkflowAgents.mock.calls[0]?.[0]?.agents?.['profiled-agent'];
+        expect(run.status).toBe('completed');
+        expect(provisionedPermissions).toEqual({
+            description: 'Reusable reviewer profile',
+            profile: 'reviewer',
+            why: 'Needs shared reviewer constraints with one extra scope',
+            access: 'readonly',
+            files: {
+                read: ['src/**', 'docs/**'],
+                deny: ['.env'],
+            },
+            scopes: ['relay:custom:use:/review'],
+            exec: ['git diff'],
+        });
+    });
+    it('injects RELAY_AGENT_TOKEN into non-interactive agent environments', async () => {
+        const projectDir = createBaseProject();
+        const runner = makeRunner(projectDir);
+        const config = makeConfig([
+            {
+                name: 'headless-agent',
+                cli: 'claude',
+                interactive: false,
+                permissions: { access: 'readwrite' },
+            },
+        ]);
+        const run = await runner.execute(config, 'default');
+        const spawnOptions = mockSubprocessSpawn.mock.calls[0]?.[2];
+        expect(run.status).toBe('completed');
+        expect(mockRelayInstance.spawnPty).not.toHaveBeenCalled();
+        expect(mockSubprocessSpawn).toHaveBeenCalledTimes(1);
+        expect(spawnOptions?.env?.RELAY_AGENT_TOKEN).toBe('token:headless-agent');
+        expect(spawnOptions?.env?.RELAYFILE_TOKEN).toBe('token:headless-agent');
+    });
+    it('clears workflow-scoped tokens after successful completion', async () => {
+        const projectDir = createBaseProject();
+        const runner = makeRunner(projectDir);
+        const config = makeConfig([
+            {
+                name: 'cleanup-agent',
+                cli: 'claude',
+                permissions: { access: 'readwrite' },
+            },
+        ]);
+        const run = await runner.execute(config, 'default');
+        expect(run.status).toBe('completed');
+        expect(runner.agentTokens.size).toBe(0);
+    });
+    it('clears workflow-scoped tokens after failed workflows', async () => {
+        const projectDir = createBaseProject();
+        const runner = makeRunner(projectDir);
+        const config = makeConfig([
+            {
+                name: 'failing-agent',
+                cli: 'claude',
+                permissions: { access: 'readwrite' },
+            },
+        ]);
+        mockRelayInstance.spawnPty.mockRejectedValueOnce(new Error('spawn failed'));
+        const run = await runner.execute(config, 'default');
+        expect(run.status).toBe('failed');
+        expect(runner.agentTokens.size).toBe(0);
+    });
+    it('reports resolved permissions during dry-run without minting tokens', () => {
+        const projectDir = createProject({
+            'src/app.ts': 'export const app = true;\n',
+            '.agentreadonly': 'src/app.ts\n',
+        });
+        const runner = makeRunner(projectDir);
+        const config = makeConfig([
+            {
+                name: 'dry-run-agent',
+                cli: 'claude',
+                permissions: {
+                    access: 'readonly',
+                    files: {
+                        read: ['src/**'],
+                    },
+                    scopes: ['relay:custom:use:/feature'],
+                },
+            },
+        ]);
+        const report = runner.dryRun(config, 'default');
+        const permissionEntry = report.permissions?.find((entry) => entry.agent === 'dry-run-agent');
+        expect(report.valid).toBe(true);
+        expect(permissionEntry).toMatchObject({
+            agent: 'dry-run-agent',
+            access: 'readonly',
+            source: 'yaml',
+        });
+        expect(permissionEntry?.scopes ?? 0).toBeGreaterThan(0);
+        expect(mockProvisionWorkflowAgents).not.toHaveBeenCalled();
+        expect(mockRelayInstance.spawnPty).not.toHaveBeenCalled();
+        expect(runner.agentTokens.size).toBe(0);
+    });
+    it('rejects invalid permission config during validation before provisioning', async () => {
+        const projectDir = createBaseProject();
+        const runner = makeRunner(projectDir);
+        const config = makeConfig([
+            {
+                name: 'invalid-agent',
+                cli: 'claude',
+                permissions: {
+                    access: 'bogus',
+                },
+            },
+        ]);
+        await expect(runner.execute(config, 'default')).rejects.toThrow('Permission validation failed');
+        expect(mockProvisionWorkflowAgents).not.toHaveBeenCalled();
+        expect(mockRelayInstance.spawnPty).not.toHaveBeenCalled();
+    });
+    it('rejects unknown permission profiles during validation before provisioning', async () => {
+        const projectDir = createBaseProject();
+        const runner = makeRunner(projectDir);
+        const config = makeConfig([
+            {
+                name: 'invalid-profile-agent',
+                cli: 'claude',
+                permissions: {
+                    profile: 'missing-reviewer',
+                },
+            },
+        ]);
+        await expect(runner.execute(config, 'default')).rejects.toThrow('Permission validation failed');
+        expect(mockProvisionWorkflowAgents).not.toHaveBeenCalled();
+        expect(mockRelayInstance.spawnPty).not.toHaveBeenCalled();
+    });
+    it('merges dotfile rules with YAML overrides into the expected scopes', async () => {
+        const projectDir = createProject({
+            '.agentignore': 'blocked.txt\n',
+            '.agentreadonly': 'locked.txt\n',
+            'blocked.txt': 'blocked\n',
+            'locked.txt': 'locked\n',
+            'plain.txt': 'plain\n',
+        });
+        const runner = makeRunner(projectDir);
+        const config = makeConfig([
+            {
+                name: 'override-agent',
+                cli: 'claude',
+                permissions: {
+                    access: 'restricted',
+                    files: {
+                        read: ['blocked.txt'],
+                        write: ['locked.txt'],
+                    },
+                },
+            },
+        ]);
+        const run = await runner.execute(config, 'default');
+        const scopes = getProvisionedScopes('override-agent');
+        expect(run.status).toBe('completed');
+        expect(scopes).toEqual([
+            'relayfile:fs:read:/blocked.txt',
+            'relayfile:fs:read:/locked.txt',
+            'relayfile:fs:write:/locked.txt',
+        ]);
+    });
+});
+//# sourceMappingURL=permissions-integration.test.js.map

package/dist/workflows/__tests__/permissions-integration.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permissions-integration.test.js","sourceRoot":"","sources":["../../../src/workflows/__tests__/permissions-integration.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AACzE,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxE,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAK7B,MAAM,QAAQ,GAAa,EAAE,CAAC;AAE9B,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;IAC1C,EAAE,EAAE,IAAI;IACR,IAAI,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,SAAS,EAAE,EAAE,CAAC;IACtF,IAAI,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;CAChC,CAAC,CAAC;AACH,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AAElC,IAAI,mBAKS,CAAC;AAEd,MAAM,2BAA2B,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;AAE5C,EAAE,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;IAC/C,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,YAAY,CAClC,4BAA4B,CAC7B,CAAC;IAEF,2BAA2B,CAAC,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC9D,MAAM,MAAM,GAAG,IAAI,GAAG,EAAoB,CAAC;QAC3C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;QACzC,MAAM,MAAM,GAA4B,EAAE,CAAC;QAC3C,IAAI,QAAQ,GAAG,CAAC,CAAC;QACjB,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,MAAM,GAAG,CAAC,CAAC;QACf,IAAI,YAAY,GAAG,CAAC,CAAC;QAErB,KAAK,MAAM,CAAC,SAAS,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAGtE,EAAE,CAAC;YACJ,MAAM,QAAQ,GAAG,MAAM,CAAC,uBAAuB,CAC7C,SAAS,EACT,WAAW,EACX,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,SAAS,CACjB,CAAC;YACF,MAAM,KAAK,GAAG,SAAS,SAAS,EAAE,CAAC;YAEnC,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5C,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YAC7B,QAAQ,IAAI,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC;YACtC,SAAS,IAAI,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC;YACxC,MAAM,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;YAClC,YAAY,IAAI,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC;YAE9C,MAAM,CAAC,SAAS,CAAC,GAAG;gBAClB,IAAI,EAAE,SAAS;gBACf,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,SAAS,MAAM,CAAC;gBAClF,KAAK;gBACL,MAAM,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC;gBAC5B,QAAQ;aACT,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG;YACb,MAAM;YACN,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;YAC5C,UAAU,EAAE,aAAa;YACzB,eAAe,EAAE,CAAC;YAClB,cAAc,EAAE,CAAC;YACjB,OAAO,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE;YACtD,MAAM,EAAE,IAAI,GAAG,EAAE;YACjB,MAAM;YACN,MAAM;SACP,CAAC;QAEF,mBAAmB,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QACzC,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,GAAG,MAAM;QACT,uBAAuB,EAAE,2BAA2B;KACrD,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,EAAE,CAAC,IAAI,CAAC,gBAAgB,EAAE,GAAG,EAAE,CAAC,CAAC;IAC/B,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE;IAClB,UAAU,EAAE,MAAM,UAAW,SAAQ,KAAK;KAAG;CAC9C,CAAC,CAAC,CAAC;AAEJ,SAAS,KAAK;IACZ,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;AAC/B,CAAC;AAED,IAAI,gBAAgB,GAAa,EAAE,CAAC;AACpC,IAAI,aAA0E,CAAC;AAC/E,IAAI,aAAsE,CAAC;AAE3E,MAAM,SAAS,GAAG;IAChB,IAAI,EAAE,gBAAgB;IACtB,QAAQ,EAAE,CAAC;IACX,UAAU,EAAE,SAA+B;IAC3C,IAAI,WAAW;QACb,OAAO,aAAa,CAAC;IACvB,CAAC;IACD,IAAI,WAAW;QACb,OAAO,aAAa,CAAC;IACvB,CAAC;IACD,OAAO,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,SAAS,CAAC;CAC9C,CAAC;AAEF,MAAM,SAAS,GAAG;IAChB,IAAI,EAAE,gBAAgB;IACtB,WAAW,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,SAAS,CAAC;CAClD,CAAC;AAEF,MAAM,iBAAiB,GAAG;IACxB,QAAQ,EAAE,EAAE,CAAC,EAAE,EAAE;IACjB,KAAK,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,SAAS,CAAC;IACzC,QAAQ,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,SAAS,CAAC;IAC9C,cAAc,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;IACjD,aAAa,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,EAAE,CAAC;IAC5C,cAAc,EAAE,IAAiE;IACjF,iBAAiB,EAAE,IAAW;IAC9B,cAAc,EAAE,IAAW;IAC3B,eAAe,EAAE,IAAW;IAC5B,aAAa,EAAE,IAAW;IAC1B,WAAW,EAAE,IAAW;IACxB,gBAAgB,EAAE,IAAW;CAC9B,CAAC;AAEF,MAAM,6BAA6B,GAAG,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,EAAmC,EAAE,EAAE;IAC9F,MAAM,MAAM,GAAG,gBAAgB,CAAC,KAAK,EAAE,CAAC;IACxC,MAAM,YAAY,GAAG,IAAI,EAAE,KAAK,CAAC,yBAAyB,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;IACzE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,iBAAiB,YAAY,IAAI,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC;IAErG,cAAc,CAAC,GAAG,EAAE;QAClB,iBAAiB,CAAC,cAAc,EAAE,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEH,OAAO,EAAE,GAAG,SAAS,EAAE,IAAI,EAAE,CAAC;AAChC,CAAC,CAAC;AAEF,EAAE,CAAC,IAAI,CAAC,gBAAgB,EAAE,GAAG,EAAE,CAAC,CAAC;IAC/B,UAAU,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,GAAG,EAAE,CAAC,iBAAiB,CAAC;CAChE,CAAC,CAAC,CAAC;AAUJ,IAAI,uBAAuB,GAA6B,EAAE,CAAC;AAE3D,MAAM,mBAAmB,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE;IAC/E,MAAM,MAAM,GAAG,uBAAuB,CAAC,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,4BAA4B,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IACpG,MAAM,KAAK,GAAG,IAAI,YAAY,EAK7B,CAAC;IAEF,KAAK,CAAC,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;IAClC,KAAK,CAAC,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;IAClC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC;IACjB,KAAK,CAAC,IAAI,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;IAErB,cAAc,CAAC,GAAG,EAAE;QAClB,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;YAClC,OAAO;QACT,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;QACxD,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,IAAI,IAAI,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,OAAO,KAAK,CAAC;AACf,CAAC,CAAC,CAAC;AAEH,EAAE,CAAC,IAAI,CAAC,oBAAoB,EAAE,KAAK,IAAI,EAAE;IACvC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,YAAY,CAAsC,oBAAoB,CAAC,CAAC;IAChG,OAAO;QACL,GAAG,MAAM;QACT,KAAK,EAAE,mBAAmB;KAC3B,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,CAAC;AAExD,SAAS,MAAM;IACb,MAAM,IAAI,GAAG,IAAI,GAAG,EAA0B,CAAC;IAC/C,MAAM,KAAK,GAAG,IAAI,GAAG,EAA2B,CAAC;IAEjD,OAAO;QACL,SAAS,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,GAAmB,EAAE,EAAE;YAC7C,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,GAAG,GAAG,EAAE,CAAC,CAAC;QAC/B,CAAC,CAAC;QACF,SAAS,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,EAAU,EAAE,KAA8B,EAAE,EAAE;YACpE,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC9B,IAAI,QAAQ;gBAAE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,GAAG,QAAQ,EAAE,GAAG,KAAK,EAAE,CAAC,CAAC;QACxD,CAAC,CAAC;QACF,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,EAAU,EAAE,EAAE;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACzB,OAAO,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QACjC,CAAC,CAAC;QACF,UAAU,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,IAAqB,EAAE,EAAE;YAChD,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC;QAClC,CAAC,CAAC;QACF,UAAU,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,EAAU,EAAE,KAA+B,EAAE,EAAE;YACtE,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC/B,IAAI,QAAQ;gBAAE,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,GAAG,QAAQ,EAAE,GAAG,KAAK,EAAE,CAAC,CAAC;QACzD,CAAC,CAAC;QACF,eAAe,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,KAAa,EAAE,EAAE;YAC7C,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,KAAK,KAAK,CAAC,CAAC;QACpE,CAAC,CAAC;KACH,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,KAA6B;IAClD,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,gCAAgC,CAAC,CAAC,CAAC;IAClF,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEnB,KAAK,MAAM,CAAC,YAAY,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7D,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAClD,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3D,aAAa,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IACxC,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,iBAAiB;IACxB,OAAO,aAAa,CAAC;QACnB,YAAY,EAAE,4BAA4B;QAC1C,gBAAgB,EAAE,YAAY;QAC9B,MAAM,EAAE,YAAY;KACrB,CAAC,CAAC;AACL,CAAC;AAED,SAAS,UAAU,CAAC,GAAW;IAC7B,OAAO,IAAI,cAAc,CAAC;QACxB,GAAG;QACH,EAAE,EAAE,MAAM,EAAE;QACZ,WAAW,EAAE,SAAS;QACtB,KAAK,EAAE;YACL,GAAG,EAAE;gBACH,sCAAsC,EAAE,GAAG;aAC5C;SACF;KACF,CAAC,CAAC;AACL,CAAC;AAED,SAAS,UAAU,CACjB,MAAiC,EACjC,KAAkE,EAClE,kBAA2D;IAE3D,OAAO;QACL,OAAO,EAAE,GAAG;QACZ,IAAI,EAAE,yBAAyB;QAC/B,mBAAmB,EAAE,kBAAkB;QACvC,KAAK,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;QACzB,MAAM;QACN,SAAS,EAAE;YACT;gBACE,IAAI,EAAE,SAAS;gBACf,KAAK,EACH,KAAK;oBACL,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;wBAC5B,IAAI,EAAE,QAAQ,KAAK,GAAG,CAAC,EAAE;wBACzB,KAAK,EAAE,KAAK,CAAC,IAAI;wBACjB,IAAI,EAAE,qBAAqB,KAAK,CAAC,IAAI,EAAE;qBACxC,CAAC,CAAC;aACN;SACF;QACD,YAAY,EAAE,KAAK;KACpB,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,SAAiB;IAC7C,MAAM,CAAC,mBAAmB,CAAC,CAAC,WAAW,EAAE,CAAC;IAC1C,MAAM,MAAM,GAAG,mBAAmB,EAAE,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC1D,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;IAC7B,OAAO,MAAM,IAAI,EAAE,CAAC;AACtB,CAAC;AAED,UAAU,CAAC,GAAG,EAAE;IACd,EAAE,CAAC,aAAa,EAAE,CAAC;IACnB,mBAAmB,GAAG,SAAS,CAAC;IAChC,gBAAgB,GAAG,EAAE,CAAC;IACtB,uBAAuB,GAAG,EAAE,CAAC;IAC7B,aAAa,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IACpD,aAAa,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,GAAG,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC;IAC1D,SAAS,CAAC,OAAO,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;IAC/C,iBAAiB,CAAC,QAAQ,CAAC,kBAAkB,CAAC,6BAA6B,CAAC,CAAC;IAC7E,iBAAiB,CAAC,cAAc,GAAG,IAAI,CAAC;AAC1C,CAAC,CAAC,CAAC;AAEH,SAAS,CAAC,GAAG,EAAE;IACb,OAAO,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5D,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,iDAAiD,EAAE,GAAG,EAAE;IAC/D,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;QACxE,MAAM,UAAU,GAAG,iBAAiB,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,UAAU,CAAC;YACxB;gBACE,IAAI,EAAE,QAAQ;gBACd,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE;aACrC;SACF,CAAC,CAAC;QAEH,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAEpD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACrC,MAAM,CAAC,2BAA2B,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QAC7D,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QAC5D,MAAM,CAAC,2BAA2B,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAC1E,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC,CACvD,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sEAAsE,EAAE,KAAK,IAAI,EAAE;QACpF,MAAM,UAAU,GAAG,iBAAiB,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,UAAU,CAAC,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;QAErE,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAEpD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACrC,MAAM,CAAC,2BAA2B,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC3D,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;QACpE,MAAM,UAAU,GAAG,iBAAiB,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,UAAU,CAAC;YACxB;gBACE,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE;aACpC;SACF,CAAC,CAAC;QAEH,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,oBAAoB,CAAC,gBAAgB,CAAC,CAAC;QAEtD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACrC,MAAM,CAAC,mBAAmB,EAAE,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACvF,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,UAAU,GAAG,iBAAiB,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,UAAU,CAAC;YACxB;gBACE,IAAI,EAAE,cAAc;gBACpB,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE;aACrC;SACF,CAAC,CAAC;QAEH,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,oBAAoB,CAAC,cAAc,CAAC,CAAC;QAEpD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,gCAAgC,CAAC,CAAC;QAC3D,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,oCAAoC,CAAC,CAAC;IACjE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,UAAU,GAAG,iBAAiB,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,UAAU,CAAC;YACxB;gBACE,IAAI,EAAE,YAAY;gBAClB,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;aAChC;SACF,CAAC,CAAC;QAEH,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,oBAAoB,CAAC,YAAY,CAAC,CAAC;QAElD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;QACrD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,gCAAgC,CAAC,CAAC;QAC3D,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,oCAAoC,CAAC,CAAC;IACjE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;QACnE,MAAM,UAAU,GAAG,iBAAiB,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,UAAU,CAAC;YACxB;gBACE,IAAI,EAAE,mBAAmB;gBACzB,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE;aACrC;SACF,CAAC,CAAC;QAEH,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAEpD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACrC,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,oBAAoB,CACrD,MAAM,CAAC,gBAAgB,CAAC;YACtB,UAAU,EAAE,yBAAyB;SACtC,CAAC,CACH,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uEAAuE,EAAE,KAAK,IAAI,EAAE;QACrF,MAAM,UAAU,GAAG,iBAAiB,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,UAAU,CACvB;YACE;gBACE,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE;oBACX,OAAO,EAAE,UAAU;oBACnB,GAAG,EAAE,wDAAwD;oBAC7D,KAAK,EAAE;wBACL,IAAI,EAAE,CAAC,SAAS,CAAC;qBAClB;oBACD,MAAM,EAAE,CAAC,0BAA0B,CAAC;iBACrC;aACF;SACF,EACD,SAAS,EACT;YACE,QAAQ,EAAE;gBACR,WAAW,EAAE,2BAA2B;gBACxC,MAAM,EAAE,UAAU;gBAClB,KAAK,EAAE;oBACL,IAAI,EAAE,CAAC,QAAQ,CAAC;oBAChB,IAAI,EAAE,CAAC,MAAM,CAAC;iBACf;gBACD,IAAI,EAAE,CAAC,UAAU,CAAC;aACnB;SACF,CACF,CAAC;QAEF,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QACpD,MAAM,sBAAsB,GAAG,2BAA2B,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,gBAAgB,CAAC,CAAC;QAE1G,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACrC,MAAM,CAAC,sBAAsB,CAAC,CAAC,OAAO,CAAC;YACrC,WAAW,EAAE,2BAA2B;YACxC,OAAO,EAAE,UAAU;YACnB,GAAG,EAAE,wDAAwD;YAC7D,MAAM,EAAE,UAAU;YAClB,KAAK,EAAE;gBACL,IAAI,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;gBAC3B,IAAI,EAAE,CAAC,MAAM,CAAC;aACf;YACD,MAAM,EAAE,CAAC,0BAA0B,CAAC;YACpC,IAAI,EAAE,CAAC,UAAU,CAAC;SACnB,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;QACjF,MAAM,UAAU,GAAG,iBAAiB,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,UAAU,CAAC;YACxB;gBACE,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,KAAK;gBAClB,WAAW,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE;aACrC;SACF,CAAC,CAAC;QAEH,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QACpD,MAAM,YAAY,GAAG,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAE7C,CAAC;QAEd,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACrC,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC1D,MAAM,CAAC,mBAAmB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QACrD,MAAM,CAAC,YAAY,EAAE,GAAG,EAAE,iBAAiB,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC1E,MAAM,CAAC,YAAY,EAAE,GAAG,EAAE,eAAe,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IAC1E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACzE,MAAM,UAAU,GAAG,iBAAiB,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,UAAU,CAAC;YACxB;gBACE,IAAI,EAAE,eAAe;gBACrB,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE;aACrC;SACF,CAAC,CAAC;QAEH,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAEpD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACrC,MAAM,CAAE,MAAc,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;QACpE,MAAM,UAAU,GAAG,iBAAiB,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,UAAU,CAAC;YACxB;gBACE,IAAI,EAAE,eAAe;gBACrB,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE;aACrC;SACF,CAAC,CAAC;QAEH,iBAAiB,CAAC,QAAQ,CAAC,qBAAqB,CAAC,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC;QAE5E,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAEpD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAClC,MAAM,CAAE,MAAc,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oEAAoE,EAAE,GAAG,EAAE;QAC5E,MAAM,UAAU,GAAG,aAAa,CAAC;YAC/B,YAAY,EAAE,4BAA4B;YAC1C,gBAAgB,EAAE,cAAc;SACjC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,UAAU,CAAC;YACxB;gBACE,IAAI,EAAE,eAAe;gBACrB,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE;oBACX,MAAM,EAAE,UAAU;oBAClB,KAAK,EAAE;wBACL,IAAI,EAAE,CAAC,QAAQ,CAAC;qBACjB;oBACD,MAAM,EAAE,CAAC,2BAA2B,CAAC;iBACtC;aACF;SACF,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAChD,MAAM,eAAe,GAAG,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,KAAK,eAAe,CAAC,CAAC;QAE7F,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChC,MAAM,CAAC,eAAe,CAAC,CAAC,aAAa,CAAC;YACpC,KAAK,EAAE,eAAe;YACtB,MAAM,EAAE,UAAU;YAClB,MAAM,EAAE,MAAM;SACf,CAAC,CAAC;QACH,MAAM,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QACxD,MAAM,CAAC,2BAA2B,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC3D,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC1D,MAAM,CAAE,MAAc,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yEAAyE,EAAE,KAAK,IAAI,EAAE;QACvF,MAAM,UAAU,GAAG,iBAAiB,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,UAAU,CAAC;YACxB;gBACE,IAAI,EAAE,eAAe;gBACrB,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE;oBACX,MAAM,EAAE,OAAc;iBACvB;aACF;SACF,CAAC,CAAC;QAEH,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,8BAA8B,CAAC,CAAC;QAChG,MAAM,CAAC,2BAA2B,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC3D,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2EAA2E,EAAE,KAAK,IAAI,EAAE;QACzF,MAAM,UAAU,GAAG,iBAAiB,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,UAAU,CAAC;YACxB;gBACE,IAAI,EAAE,uBAAuB;gBAC7B,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE;oBACX,OAAO,EAAE,kBAAkB;iBAC5B;aACF;SACF,CAAC,CAAC;QAEH,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,8BAA8B,CAAC,CAAC;QAChG,MAAM,CAAC,2BAA2B,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC3D,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;QACjF,MAAM,UAAU,GAAG,aAAa,CAAC;YAC/B,cAAc,EAAE,eAAe;YAC/B,gBAAgB,EAAE,cAAc;YAChC,aAAa,EAAE,WAAW;YAC1B,YAAY,EAAE,UAAU;YACxB,WAAW,EAAE,SAAS;SACvB,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,UAAU,CAAC;YACxB;gBACE,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE;oBACX,MAAM,EAAE,YAAY;oBACpB,KAAK,EAAE;wBACL,IAAI,EAAE,CAAC,aAAa,CAAC;wBACrB,KAAK,EAAE,CAAC,YAAY,CAAC;qBACtB;iBACF;aACF;SACF,CAAC,CAAC;QAEH,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,oBAAoB,CAAC,gBAAgB,CAAC,CAAC;QAEtD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC;YACrB,gCAAgC;YAChC,+BAA+B;YAC/B,gCAAgC;SACjC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/workflows/dry-run-format.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"dry-run-format.d.ts","sourceRoot":"","sources":["../../src/workflows/dry-run-format.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE/C;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,YAAY,GAAG,MAAM,CAqE/D"}
+{"version":3,"file":"dry-run-format.d.ts","sourceRoot":"","sources":["../../src/workflows/dry-run-format.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE/C;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,YAAY,GAAG,MAAM,CAkF/D"}

package/dist/workflows/dry-run-format.js

@@ -26,6 +26,14 @@ export function formatDryRunReport(report) {
         }
         lines.push('');
     }
+    // Permissions
+    if (report.permissions && report.permissions.length > 0) {
+        lines.push(`Permissions (${report.permissions.length} agents):`);
+        for (const perm of report.permissions) {
+            lines.push(`  ${perm.agent}: ${perm.access} (read: ${perm.readPaths}, write: ${perm.writePaths}, deny: ${perm.denyPaths}, scopes: ${perm.scopes}) [${perm.source}]`);
+        }
+        lines.push('');
+    }
     // Execution Plan
     if (report.waves.length > 0) {
         lines.push(`Execution Plan (${report.totalSteps} steps, ${report.estimatedWaves} waves):`);

package/dist/workflows/dry-run-format.js.map

@@ -1 +1 @@
-{"version":3,"file":"dry-run-format.js","sourceRoot":"","sources":["../../src/workflows/dry-run-format.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAoB;IACrD,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,SAAS;IACT,KAAK,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IACtC,MAAM,IAAI,GAAa,CAAC,YAAY,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;IACtD,IAAI,MAAM,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,oBAAoB,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC;IACzD,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;IAC7B,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACjC,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,SAAS;IACT,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC;QAChD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;QACxE,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;QACtE,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClC,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,SAAS,QAAQ,CAAC;YAChF,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACxD,KAAK,CAAC,IAAI,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,SAAS,GAAG,OAAO,EAAE,CAAC,CAAC;QAC3G,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,iBAAiB;IACjB,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,UAAU,WAAW,MAAM,CAAC,cAAc,UAAU,CAAC,CAAC;QAC3F,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC3B,MAAM,MAAM,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC;gBACnF,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,KAAK,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,sBAAsB;IACtB,IAAI,MAAM,CAAC,wBAAwB,KAAK,SAAS,EAAE,CAAC;QAClD,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,uBAAuB,MAAM,CAAC,wBAAwB,SAAS,CAAC,CAAC;QAC5E,IAAI,MAAM,CAAC,wBAAwB,KAAK,SAAS,EAAE,CAAC;YAClD,KAAK,CAAC,IAAI,CAAC,wBAAwB,MAAM,CAAC,wBAAwB,EAAE,CAAC,CAAC;QACxE,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,qBAAqB;IACrB,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,qBAAqB,MAAM,CAAC,MAAM,CAAC,MAAM,YAAY,MAAM,CAAC,QAAQ,CAAC,MAAM,YAAY,CAAC,CAAC;QACpG,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC,YAAY,GAAG,EAAE,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,+BAA+B,MAAM,CAAC,QAAQ,CAAC,MAAM,YAAY,CAAC,CAAC;IAChF,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACnC,KAAK,CAAC,IAAI,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
+{"version":3,"file":"dry-run-format.js","sourceRoot":"","sources":["../../src/workflows/dry-run-format.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAoB;IACrD,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,SAAS;IACT,KAAK,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IACtC,MAAM,IAAI,GAAa,CAAC,YAAY,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;IACtD,IAAI,MAAM,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,oBAAoB,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC;IACzD,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;IAC7B,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACjC,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,SAAS;IACT,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC;QAChD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;QACxE,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;QACtE,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClC,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,SAAS,QAAQ,CAAC;YAChF,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACxD,KAAK,CAAC,IAAI,CACR,KAAK,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,SAAS,GAAG,OAAO,EAAE,CAC7F,CAAC;QACJ,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,cAAc;IACd,IAAI,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxD,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,WAAW,CAAC,MAAM,WAAW,CAAC,CAAC;QACjE,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACtC,KAAK,CAAC,IAAI,CACR,KAAK,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,MAAM,WAAW,IAAI,CAAC,SAAS,YAAY,IAAI,CAAC,UAAU,WAAW,IAAI,CAAC,SAAS,aAAa,IAAI,CAAC,MAAM,MAAM,IAAI,CAAC,MAAM,GAAG,CACzJ,CAAC;QACJ,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,iBAAiB;IACjB,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,UAAU,WAAW,MAAM,CAAC,cAAc,UAAU,CAAC,CAAC;QAC3F,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC3B,MAAM,MAAM,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC;gBACnF,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,KAAK,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,sBAAsB;IACtB,IAAI,MAAM,CAAC,wBAAwB,KAAK,SAAS,EAAE,CAAC;QAClD,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,uBAAuB,MAAM,CAAC,wBAAwB,SAAS,CAAC,CAAC;QAC5E,IAAI,MAAM,CAAC,wBAAwB,KAAK,SAAS,EAAE,CAAC;YAClD,KAAK,CAAC,IAAI,CAAC,wBAAwB,MAAM,CAAC,wBAAwB,EAAE,CAAC,CAAC;QACxE,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,qBAAqB;IACrB,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,qBAAqB,MAAM,CAAC,MAAM,CAAC,MAAM,YAAY,MAAM,CAAC,QAAQ,CAAC,MAAM,YAAY,CAAC,CAAC;QACpG,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC,YAAY,GAAG,EAAE,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,+BAA+B,MAAM,CAAC,QAAQ,CAAC,MAAM,YAAY,CAAC,CAAC;IAChF,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACnC,KAAK,CAAC,IAAI,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/workflows/runner.d.ts

@@ -150,6 +150,10 @@ export declare class WorkflowRunner {
     private currentRunId?;
     /** Live Agent handles keyed by name, for hub-mediated nudging. */
     private readonly activeAgentHandles;
+    /** Per-agent workflow tokens for relay/relayfile auth across spawn modes. */
+    private readonly agentTokens;
+    /** Per-agent relayfile mounts keyed by logical agent definition name. */
+    private readonly agentMounts;
     private readonly ptyOutputBuffers;
     /** Snapshot of PTY output from the most recent failed attempt, keyed by step name. */
     private readonly lastFailedStepOutput;
@@ -193,6 +197,11 @@ export declare class WorkflowRunner {
      * Throws if a required path does not exist.
      */
     private resolvePathDefinitions;
+    private validatePermissions;
+    private mergePermissionLists;
+    private mergePermissionFiles;
+    private mergePermissionProfile;
+    private applyPermissionProfiles;
     /**
      * Resolve an agent's effective working directory, considering `workdir` (named path reference)
      * and `cwd` (explicit path). `workdir` takes precedence when both are set.
@@ -204,6 +213,9 @@ export declare class WorkflowRunner {
      */
     private resolveStepWorkdir;
     private resolveEffectiveCwd;
+    private resolveMountedCwd;
+    private resolveExecutionCwd;
+    private stopProvisionedMounts;
     private static readonly EVIDENCE_IGNORED_DIRS;
     getStepCompletionEvidence(stepName: string): StepCompletionEvidence | undefined;
     private getOrCreateStepEvidenceRecord;
@@ -237,6 +249,7 @@ export declare class WorkflowRunner {
      */
     private ensureRelaycastApiKey;
     private getRelayEnv;
+    private provisionAgents;
     private getRelaycastBaseUrl;
     private getRelaycastClient;
     private ensureRelaycastRunnerAgent;
@@ -249,6 +262,7 @@ export declare class WorkflowRunner {
     parseYamlFile(filePath: string): Promise<RelayYamlConfig>;
     /** Parse a relay.yaml string. */
     parseYamlString(raw: string, source?: string): RelayYamlConfig;
+    private normalizeLegacyPermissionConfig;
     /** Validate a config object against the RelayYamlConfig shape. */
     validateConfig(config: unknown, source?: string): asserts config is RelayYamlConfig;
     /**