@agent-relay/sdk 7.1.1 → 8.0.1

package/dist/provisioner/compiler.js

@@ -1,355 +0,0 @@
-import ignore from 'ignore';
-import { existsSync, readdirSync, readFileSync } from 'node:fs';
-import path from 'node:path';
-const SKIPPED_DIRS = new Set(['.git', '.relay', 'node_modules']);
-function cleanPatterns(content) {
-    return content
-        .split(/\r?\n/u)
-        .map((line) => line.trim())
-        .filter((line) => line !== '' && !line.startsWith('#'));
-}
-function unique(values) {
-    const seen = new Set();
-    const result = [];
-    for (const value of values) {
-        const normalized = String(value ?? '').trim();
-        if (normalized === '' || seen.has(normalized)) {
-            continue;
-        }
-        seen.add(normalized);
-        result.push(normalized);
-    }
-    return result;
-}
-function normalizeRelativePath(value) {
-    return String(value ?? '')
-        .trim()
-        .replace(/\\/gu, '/')
-        .replace(/^\.\/+/u, '')
-        .replace(/^\/+/u, '')
-        .replace(/\/+/gu, '/');
-}
-function normalizeRelayPath(value) {
-    const normalized = normalizeRelativePath(value);
-    return normalized === '' ? '/' : `/${normalized}`;
-}
-function normalizeAclDir(relativeDir) {
-    const normalized = normalizeRelativePath(relativeDir);
-    return normalized === '' || normalized === '.' ? '/' : `/${normalized}`;
-}
-function readPatternFile(filePath) {
-    if (!existsSync(filePath)) {
-        return [];
-    }
-    return cleanPatterns(readFileSync(filePath, 'utf8'));
-}
-function createMatcher(patterns) {
-    const matcher = ignore();
-    if (patterns.length > 0) {
-        matcher.add([...patterns]);
-    }
-    return matcher;
-}
-function loadDotfileRules(projectDir, agentName) {
-    const resolvedProjectDir = path.resolve(projectDir);
-    return {
-        deny: unique([
-            ...readPatternFile(path.join(resolvedProjectDir, '.agentignore')),
-            ...readPatternFile(path.join(resolvedProjectDir, `.${agentName}.agentignore`)),
-        ]),
-        readonly: unique([
-            ...readPatternFile(path.join(resolvedProjectDir, '.agentreadonly')),
-            ...readPatternFile(path.join(resolvedProjectDir, `.${agentName}.agentreadonly`)),
-        ]),
-    };
-}
-function normalizeFileRules(permissions) {
-    return {
-        read: unique(permissions.files?.read ?? []),
-        write: unique(permissions.files?.write ?? []),
-        deny: unique(permissions.files?.deny ?? []),
-    };
-}
-function resolveScopedWorkdirPatterns(projectDir, workdir) {
-    if (!workdir) {
-        return undefined;
-    }
-    const resolvedProjectDir = path.resolve(projectDir);
-    const resolvedWorkdir = path.resolve(resolvedProjectDir, workdir);
-    const relativeWorkdir = normalizeRelativePath(path.relative(resolvedProjectDir, resolvedWorkdir));
-    if (relativeWorkdir === '' || relativeWorkdir === '.') {
-        return undefined;
-    }
-    if (relativeWorkdir === '..' || relativeWorkdir.startsWith('../')) {
-        return [];
-    }
-    return unique([relativeWorkdir, `${relativeWorkdir}/**`]);
-}
-function matchesAny(relativePath, matcher) {
-    return matcher.ignores(normalizeRelativePath(relativePath));
-}
-function walkProjectFiles(projectDir, currentDir = projectDir, files = []) {
-    const entries = readdirSync(currentDir, { withFileTypes: true }).sort((left, right) => left.name.localeCompare(right.name));
-    for (const entry of entries) {
-        if (entry.isDirectory() && SKIPPED_DIRS.has(entry.name)) {
-            continue;
-        }
-        const fullPath = path.join(currentDir, entry.name);
-        const relativePath = normalizeRelativePath(path.relative(projectDir, fullPath));
-        if (entry.isDirectory()) {
-            walkProjectFiles(projectDir, fullPath, files);
-            continue;
-        }
-        files.push(relativePath);
-    }
-    return files;
-}
-function buildSources(dotfileRules, preset, presetRules, fileRules, rawScopes, inherited) {
-    const sources = [];
-    if (inherited && (dotfileRules.deny.length > 0 || dotfileRules.readonly.length > 0)) {
-        sources.push({
-            type: 'dotfile',
-            label: 'dotfiles',
-            ruleCount: dotfileRules.deny.length + dotfileRules.readonly.length,
-        });
-    }
-    if (presetRules.read.length > 0 || presetRules.write.length > 0 || presetRules.deny.length > 0) {
-        sources.push({
-            type: 'preset',
-            label: `access: ${preset ?? 'readwrite'}`,
-            ruleCount: presetRules.read.length + presetRules.write.length + presetRules.deny.length,
-        });
-    }
-    if (fileRules.read.length > 0 || fileRules.write.length > 0 || fileRules.deny.length > 0) {
-        sources.push({
-            type: 'yaml',
-            label: 'permissions.files',
-            ruleCount: fileRules.read.length + fileRules.write.length + fileRules.deny.length,
-        });
-    }
-    if (rawScopes.length > 0) {
-        sources.push({
-            type: 'scope',
-            label: 'permissions.scopes',
-            ruleCount: rawScopes.length,
-        });
-    }
-    return sources;
-}
-function buildAcl(agentName, readonlyPaths, readwritePaths, deniedPaths) {
-    const aclMap = new Map();
-    const addRule = (relativePath, rule) => {
-        const aclDir = normalizeAclDir(path.posix.dirname(normalizeRelativePath(relativePath)));
-        const rules = aclMap.get(aclDir) ?? new Set();
-        rules.add(rule);
-        aclMap.set(aclDir, rules);
-    };
-    for (const relativePath of readonlyPaths) {
-        addRule(relativePath, 'read');
-    }
-    for (const relativePath of readwritePaths) {
-        addRule(relativePath, 'read');
-        addRule(relativePath, 'write');
-    }
-    const deniedDirs = new Map();
-    for (const relativePath of deniedPaths) {
-        const aclDir = normalizeAclDir(path.posix.dirname(normalizeRelativePath(relativePath)));
-        const summary = deniedDirs.get(aclDir) ?? { denied: 0, allowed: 0 };
-        summary.denied += 1;
-        deniedDirs.set(aclDir, summary);
-    }
-    for (const relativePath of [...readonlyPaths, ...readwritePaths]) {
-        const aclDir = normalizeAclDir(path.posix.dirname(normalizeRelativePath(relativePath)));
-        const summary = deniedDirs.get(aclDir) ?? { denied: 0, allowed: 0 };
-        summary.allowed += 1;
-        deniedDirs.set(aclDir, summary);
-    }
-    for (const [aclDir, summary] of deniedDirs.entries()) {
-        if (summary.denied > 0 && summary.allowed === 0) {
-            const rules = aclMap.get(aclDir) ?? new Set();
-            rules.add(`deny:agent:${agentName}`);
-            aclMap.set(aclDir, rules);
-        }
-    }
-    return Object.fromEntries([...aclMap.entries()]
-        .sort(([left], [right]) => left.localeCompare(right))
-        .map(([aclDir, rules]) => [aclDir, [...rules].sort()]));
-}
-function pathsToScopes(paths, action) {
-    return unique([...paths]
-        .map((relativePath) => normalizeRelativePath(relativePath))
-        .filter((relativePath) => relativePath !== '')
-        .sort((left, right) => left.localeCompare(right))
-        .map((relativePath) => `relayfile:fs:${action}:${normalizeRelayPath(relativePath)}`));
-}
-function buildReadonlyPatterns(presetRules, dotfileRules, fileRules) {
-    const presetReadonly = presetRules.write.length === 0 ? presetRules.read : [];
-    const yamlReadonly = fileRules.read.filter((pattern) => !fileRules.write.includes(pattern));
-    return unique([...dotfileRules.readonly, ...presetReadonly, ...yamlReadonly]);
-}
-function buildReadwritePatterns(presetRules, fileRules) {
-    return unique([...presetRules.write, ...fileRules.write]);
-}
-function buildDeniedPatterns(dotfileRules, fileRules) {
-    return unique([...dotfileRules.deny, ...fileRules.deny]);
-}
-export function defaultPermissionsForPreset(preset) {
-    switch (preset) {
-        case 'lead':
-            return { access: 'full' };
-        case 'reviewer':
-        case 'analyst':
-            return { access: 'readonly' };
-        case 'worker':
-            return { access: 'readwrite' };
-        default:
-            return {};
-    }
-}
-export function expandPreset(preset, options) {
-    const scopedWorkdirPatterns = preset === 'readwrite' && options?.projectDir
-        ? resolveScopedWorkdirPatterns(options.projectDir, options.workdir)
-        : undefined;
-    switch (preset ?? 'readwrite') {
-        case 'readonly':
-            return { read: ['**'], write: [], deny: [] };
-        case 'restricted':
-            return { read: [], write: [], deny: [] };
-        case 'full':
-            return { read: ['**'], write: ['**'], deny: [] };
-        case 'readwrite':
-        default:
-            return {
-                read: scopedWorkdirPatterns ?? ['**'],
-                write: scopedWorkdirPatterns ?? ['**'],
-                deny: [],
-            };
-    }
-}
-export function globsToScopes(globs, action) {
-    return unique(globs
-        .map((glob) => normalizeRelativePath(glob))
-        .filter((glob) => glob !== '')
-        .map((glob) => `relayfile:fs:${action}:${normalizeRelayPath(glob)}`));
-}
-export function compileAgentPermissions(input) {
-    const permissions = input.permissions ?? {};
-    const effectiveAccess = permissions.access ?? 'readwrite';
-    const inherited = effectiveAccess !== 'full' && permissions.inherit !== false;
-    const projectDir = path.resolve(input.projectDir);
-    const scopedInput = input;
-    const dotfileRules = inherited ? loadDotfileRules(projectDir, input.agentName) : { deny: [], readonly: [] };
-    const presetRules = expandPreset(effectiveAccess, {
-        projectDir,
-        workdir: scopedInput.workdir,
-    });
-    const fileRules = normalizeFileRules(permissions);
-    const rawScopes = unique(permissions.scopes ?? []);
-    const dotDenyMatcher = createMatcher(dotfileRules.deny);
-    const dotReadonlyMatcher = createMatcher(dotfileRules.readonly);
-    const presetReadMatcher = createMatcher(presetRules.read);
-    const presetWriteMatcher = createMatcher(presetRules.write);
-    const fileReadMatcher = createMatcher(fileRules.read);
-    const fileWriteMatcher = createMatcher(fileRules.write);
-    const fileDenyMatcher = createMatcher(fileRules.deny);
-    const readonlyPaths = [];
-    const readwritePaths = [];
-    const deniedPaths = [];
-    for (const relativePath of walkProjectFiles(projectDir)) {
-        const dotDenied = inherited && matchesAny(relativePath, dotDenyMatcher);
-        const dotReadonly = inherited && !dotDenied && matchesAny(relativePath, dotReadonlyMatcher);
-        const yamlRead = matchesAny(relativePath, fileReadMatcher);
-        const yamlWrite = matchesAny(relativePath, fileWriteMatcher);
-        const yamlDeny = matchesAny(relativePath, fileDenyMatcher);
-        const explicitYamlGrant = yamlRead || yamlWrite;
-        if (yamlDeny) {
-            deniedPaths.push(relativePath);
-            continue;
-        }
-        if (dotDenied && !explicitYamlGrant) {
-            deniedPaths.push(relativePath);
-            continue;
-        }
-        const presetRead = matchesAny(relativePath, presetReadMatcher);
-        const presetWrite = matchesAny(relativePath, presetWriteMatcher);
-        const canRead = explicitYamlGrant || presetRead || presetWrite;
-        let canWrite = yamlWrite || presetWrite;
-        if (dotReadonly && !yamlWrite) {
-            canWrite = false;
-        }
-        if (canWrite) {
-            readwritePaths.push(relativePath);
-            continue;
-        }
-        if (canRead) {
-            readonlyPaths.push(relativePath);
-            continue;
-        }
-        deniedPaths.push(relativePath);
-    }
-    readonlyPaths.sort((left, right) => left.localeCompare(right));
-    readwritePaths.sort((left, right) => left.localeCompare(right));
-    deniedPaths.sort((left, right) => left.localeCompare(right));
-    const readonlyPatterns = buildReadonlyPatterns(presetRules, dotfileRules, fileRules);
-    const readwritePatterns = buildReadwritePatterns(presetRules, fileRules);
-    const deniedPatterns = buildDeniedPatterns(dotfileRules, fileRules);
-    const scopes = mergePermissionSources([
-        ...pathsToScopes([...readonlyPaths, ...readwritePaths], 'read'),
-        ...pathsToScopes(readwritePaths, 'write'),
-    ], [], rawScopes);
-    return {
-        agentName: input.agentName,
-        workspace: input.workspace,
-        effectiveAccess,
-        inherited,
-        sources: buildSources(dotfileRules, effectiveAccess, presetRules, fileRules, rawScopes, inherited),
-        readonlyPatterns,
-        readwritePatterns,
-        deniedPatterns,
-        readonlyPaths,
-        readwritePaths,
-        deniedPaths,
-        scopes,
-        network: permissions.network,
-        exec: permissions.exec ? [...permissions.exec] : undefined,
-        acl: buildAcl(input.agentName, readonlyPaths, readwritePaths, deniedPaths),
-        summary: {
-            readonly: readonlyPaths.length,
-            readwrite: readwritePaths.length,
-            denied: deniedPaths.length,
-            customScopes: rawScopes.length,
-        },
-    };
-}
-export function mergeAcl(compilations) {
-    const merged = new Map();
-    for (const compilation of compilations) {
-        for (const [directory, rules] of Object.entries(compilation.acl)) {
-            const bucket = merged.get(directory) ?? new Set();
-            for (const rule of rules) {
-                bucket.add(rule);
-            }
-            merged.set(directory, bucket);
-        }
-    }
-    return Object.fromEntries([...merged.entries()]
-        .sort(([left], [right]) => left.localeCompare(right))
-        .map(([directory, rules]) => [directory, [...rules].sort()]));
-}
-export function resolveAgentPermissions(agentName, permissions, projectDir, workspace) {
-    return compileAgentPermissions({
-        agentName,
-        workspace,
-        projectDir,
-        permissions: permissions ?? {},
-    });
-}
-export function compileAgentScopes(input) {
-    return compileAgentPermissions(input);
-}
-export function mergePermissionSources(dotfileScopes, yamlScopes, rawScopes) {
-    return unique([...dotfileScopes, ...yamlScopes, ...rawScopes]);
-}
-export const expandAccessPreset = expandPreset;
-export const globToScopes = (globs, action, _projectDir) => globsToScopes(globs, action);
-//# sourceMappingURL=compiler.js.map

package/dist/provisioner/compiler.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"compiler.js","sourceRoot":"","sources":["../../src/provisioner/compiler.ts"],"names":[],"mappings":"AAAA,OAAO,MAAuB,MAAM,QAAQ,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAChE,OAAO,IAAI,MAAM,WAAW,CAAC;AA4B7B,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC;AAEjE,SAAS,aAAa,CAAC,OAAe;IACpC,OAAO,OAAO;SACX,KAAK,CAAC,QAAQ,CAAC;SACf,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SAC1B,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,MAAM,CAAC,MAAyB;IACvC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,IAAI,UAAU,KAAK,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9C,SAAS;QACX,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACrB,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1B,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAa;IAC1C,OAAO,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;SACvB,IAAI,EAAE;SACN,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;SACpB,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC;SACtB,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;SACpB,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;AAC3B,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAa;IACvC,MAAM,UAAU,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC;IAChD,OAAO,UAAU,KAAK,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,UAAU,EAAE,CAAC;AACpD,CAAC;AAED,SAAS,eAAe,CAAC,WAAmB;IAC1C,MAAM,UAAU,GAAG,qBAAqB,CAAC,WAAW,CAAC,CAAC;IACtD,OAAO,UAAU,KAAK,EAAE,IAAI,UAAU,KAAK,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,UAAU,EAAE,CAAC;AAC1E,CAAC;AAED,SAAS,eAAe,CAAC,QAAgB;IACvC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,aAAa,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,aAAa,CAAC,QAA2B;IAChD,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC;IACzB,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,gBAAgB,CAAC,UAAkB,EAAE,SAAiB;IAC7D,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAEpD,OAAO;QACL,IAAI,EAAE,MAAM,CAAC;YACX,GAAG,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAC;YACjE,GAAG,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,SAAS,cAAc,CAAC,CAAC;SAC/E,CAAC;QACF,QAAQ,EAAE,MAAM,CAAC;YACf,GAAG,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,CAAC;YACnE,GAAG,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,SAAS,gBAAgB,CAAC,CAAC;SACjF,CAAC;KACH,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,WAA6B;IACvD,OAAO;QACL,IAAI,EAAE,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,IAAI,IAAI,EAAE,CAAC;QAC3C,KAAK,EAAE,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC;QAC7C,IAAI,EAAE,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,IAAI,IAAI,EAAE,CAAC;KAC5C,CAAC;AACJ,CAAC;AAED,SAAS,4BAA4B,CAAC,UAAkB,EAAE,OAAgB;IACxE,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACpD,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAAC;IAClE,MAAM,eAAe,GAAG,qBAAqB,CAAC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,eAAe,CAAC,CAAC,CAAC;IAElG,IAAI,eAAe,KAAK,EAAE,IAAI,eAAe,KAAK,GAAG,EAAE,CAAC;QACtD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,eAAe,KAAK,IAAI,IAAI,eAAe,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QAClE,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,MAAM,CAAC,CAAC,eAAe,EAAE,GAAG,eAAe,KAAK,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,UAAU,CAAC,YAAoB,EAAE,OAAe;IACvD,OAAO,OAAO,CAAC,OAAO,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,CAAC;AAC9D,CAAC;AAED,SAAS,gBAAgB,CAAC,UAAkB,EAAE,UAAU,GAAG,UAAU,EAAE,QAAkB,EAAE;IACzF,MAAM,OAAO,GAAG,WAAW,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CACpF,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC,CACpC,CAAC;IAEF,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,KAAK,CAAC,WAAW,EAAE,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACxD,SAAS;QACX,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,YAAY,GAAG,qBAAqB,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;QAEhF,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,gBAAgB,CAAC,UAAU,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;YAC9C,SAAS;QACX,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC3B,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CACnB,YAA0B,EAC1B,MAAkC,EAClC,WAA2B,EAC3B,SAA8B,EAC9B,SAA4B,EAC5B,SAAkB;IAElB,MAAM,OAAO,GAAuB,EAAE,CAAC;IAEvC,IAAI,SAAS,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,CAAC;QACpF,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,UAAU;YACjB,SAAS,EAAE,YAAY,CAAC,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC,QAAQ,CAAC,MAAM;SACnE,CAAC,CAAC;IACL,CAAC;IAED,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,WAAW,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/F,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,QAAQ;YACd,KAAK,EAAE,WAAW,MAAM,IAAI,WAAW,EAAE;YACzC,SAAS,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM,GAAG,WAAW,CAAC,KAAK,CAAC,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM;SACxF,CAAC,CAAC;IACL,CAAC;IAED,IAAI,SAAS,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,SAAS,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,SAAS,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzF,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,MAAM;YACZ,KAAK,EAAE,mBAAmB;YAC1B,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,MAAM;SAClF,CAAC,CAAC;IACL,CAAC;IAED,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,OAAO;YACb,KAAK,EAAE,oBAAoB;YAC3B,SAAS,EAAE,SAAS,CAAC,MAAM;SAC5B,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,QAAQ,CACf,SAAiB,EACjB,aAAgC,EAChC,cAAiC,EACjC,WAA8B;IAE9B,MAAM,MAAM,GAAG,IAAI,GAAG,EAAuB,CAAC;IAE9C,MAAM,OAAO,GAAG,CAAC,YAAoB,EAAE,IAAY,EAAQ,EAAE;QAC3D,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACxF,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,IAAI,GAAG,EAAU,CAAC;QACtD,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAChB,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAC5B,CAAC,CAAC;IAEF,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE,CAAC;QACzC,OAAO,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAChC,CAAC;IAED,KAAK,MAAM,YAAY,IAAI,cAAc,EAAE,CAAC;QAC1C,OAAO,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QAC9B,OAAO,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IACjC,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,GAAG,EAA+C,CAAC;IAC1E,KAAK,MAAM,YAAY,IAAI,WAAW,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACxF,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;QACpE,OAAO,CAAC,MAAM,IAAI,CAAC,CAAC;QACpB,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,CAAC;IAED,KAAK,MAAM,YAAY,IAAI,CAAC,GAAG,aAAa,EAAE,GAAG,cAAc,CAAC,EAAE,CAAC;QACjE,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACxF,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;QACpE,OAAO,CAAC,OAAO,IAAI,CAAC,CAAC;QACrB,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,CAAC;IAED,KAAK,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC;QACrD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,OAAO,KAAK,CAAC,EAAE,CAAC;YAChD,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,IAAI,GAAG,EAAU,CAAC;YACtD,KAAK,CAAC,GAAG,CAAC,cAAc,SAAS,EAAE,CAAC,CAAC;YACrC,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,WAAW,CACvB,CAAC,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;SAClB,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;SACpD,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CACzD,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,KAAwB,EAAE,MAAkB;IACjE,OAAO,MAAM,CACX,CAAC,GAAG,KAAK,CAAC;SACP,GAAG,CAAC,CAAC,YAAY,EAAE,EAAE,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC;SAC1D,MAAM,CAAC,CAAC,YAAY,EAAE,EAAE,CAAC,YAAY,KAAK,EAAE,CAAC;SAC7C,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;SAChD,GAAG,CAAC,CAAC,YAAY,EAAE,EAAE,CAAC,gBAAgB,MAAM,IAAI,kBAAkB,CAAC,YAAY,CAAC,EAAE,CAAC,CACvF,CAAC;AACJ,CAAC;AAED,SAAS,qBAAqB,CAC5B,WAA2B,EAC3B,YAA0B,EAC1B,SAA8B;IAE9B,MAAM,cAAc,GAAG,WAAW,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;IAC9E,MAAM,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAE5F,OAAO,MAAM,CAAC,CAAC,GAAG,YAAY,CAAC,QAAQ,EAAE,GAAG,cAAc,EAAE,GAAG,YAAY,CAAC,CAAC,CAAC;AAChF,CAAC;AAED,SAAS,sBAAsB,CAAC,WAA2B,EAAE,SAA8B;IACzF,OAAO,MAAM,CAAC,CAAC,GAAG,WAAW,CAAC,KAAK,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,mBAAmB,CAAC,YAA0B,EAAE,SAA8B;IACrF,OAAO,MAAM,CAAC,CAAC,GAAG,YAAY,CAAC,IAAI,EAAE,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,MAA+B;IACzE,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,MAAM;YACT,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QAC5B,KAAK,UAAU,CAAC;QAChB,KAAK,SAAS;YACZ,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;QAChC,KAAK,QAAQ;YACX,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;QACjC;YACE,OAAO,EAAE,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,YAAY,CAC1B,MAAkC,EAClC,OAAmD;IAEnD,MAAM,qBAAqB,GACzB,MAAM,KAAK,WAAW,IAAI,OAAO,EAAE,UAAU;QAC3C,CAAC,CAAC,4BAA4B,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,OAAO,CAAC;QACnE,CAAC,CAAC,SAAS,CAAC;IAEhB,QAAQ,MAAM,IAAI,WAAW,EAAE,CAAC;QAC9B,KAAK,UAAU;YACb,OAAO,EAAE,IAAI,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;QAC/C,KAAK,YAAY;YACf,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;QAC3C,KAAK,MAAM;YACT,OAAO,EAAE,IAAI,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;QACnD,KAAK,WAAW,CAAC;QACjB;YACE,OAAO;gBACL,IAAI,EAAE,qBAAqB,IAAI,CAAC,IAAI,CAAC;gBACrC,KAAK,EAAE,qBAAqB,IAAI,CAAC,IAAI,CAAC;gBACtC,IAAI,EAAE,EAAE;aACT,CAAC;IACN,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAe,EAAE,MAAkB;IAC/D,OAAO,MAAM,CACX,KAAK;SACF,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC;SAC1C,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,KAAK,EAAE,CAAC;SAC7B,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,gBAAgB,MAAM,IAAI,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC,CACvE,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,KAAmB;IACzD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,EAAE,CAAC;IAC5C,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,IAAI,WAAW,CAAC;IAC1D,MAAM,SAAS,GAAG,eAAe,KAAK,MAAM,IAAI,WAAW,CAAC,OAAO,KAAK,KAAK,CAAC;IAC9E,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAClD,MAAM,WAAW,GAAG,KAAgC,CAAC;IAErD,MAAM,YAAY,GAAG,SAAS,CAAC,CAAC,CAAC,gBAAgB,CAAC,UAAU,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAC5G,MAAM,WAAW,GAAG,YAAY,CAAC,eAAe,EAAE;QAChD,UAAU;QACV,OAAO,EAAE,WAAW,CAAC,OAAO;KAC7B,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;IAEnD,MAAM,cAAc,GAAG,aAAa,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IACxD,MAAM,kBAAkB,GAAG,aAAa,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IAChE,MAAM,iBAAiB,GAAG,aAAa,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IAC1D,MAAM,kBAAkB,GAAG,aAAa,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;IAC5D,MAAM,eAAe,GAAG,aAAa,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACtD,MAAM,gBAAgB,GAAG,aAAa,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IACxD,MAAM,eAAe,GAAG,aAAa,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAEtD,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,MAAM,cAAc,GAAa,EAAE,CAAC;IACpC,MAAM,WAAW,GAAa,EAAE,CAAC;IAEjC,KAAK,MAAM,YAAY,IAAI,gBAAgB,CAAC,UAAU,CAAC,EAAE,CAAC;QACxD,MAAM,SAAS,GAAG,SAAS,IAAI,UAAU,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;QACxE,MAAM,WAAW,GAAG,SAAS,IAAI,CAAC,SAAS,IAAI,UAAU,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC;QAC5F,MAAM,QAAQ,GAAG,UAAU,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;QAC3D,MAAM,SAAS,GAAG,UAAU,CAAC,YAAY,EAAE,gBAAgB,CAAC,CAAC;QAC7D,MAAM,QAAQ,GAAG,UAAU,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;QAC3D,MAAM,iBAAiB,GAAG,QAAQ,IAAI,SAAS,CAAC;QAEhD,IAAI,QAAQ,EAAE,CAAC;YACb,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC/B,SAAS;QACX,CAAC;QAED,IAAI,SAAS,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACpC,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC/B,SAAS;QACX,CAAC;QAED,MAAM,UAAU,GAAG,UAAU,CAAC,YAAY,EAAE,iBAAiB,CAAC,CAAC;QAC/D,MAAM,WAAW,GAAG,UAAU,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC;QAEjE,MAAM,OAAO,GAAG,iBAAiB,IAAI,UAAU,IAAI,WAAW,CAAC;QAC/D,IAAI,QAAQ,GAAG,SAAS,IAAI,WAAW,CAAC;QAExC,IAAI,WAAW,IAAI,CAAC,SAAS,EAAE,CAAC;YAC9B,QAAQ,GAAG,KAAK,CAAC;QACnB,CAAC;QAED,IAAI,QAAQ,EAAE,CAAC;YACb,cAAc,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAClC,SAAS;QACX,CAAC;QAED,IAAI,OAAO,EAAE,CAAC;YACZ,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACjC,SAAS;QACX,CAAC;QAED,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACjC,CAAC;IAED,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC;IAC/D,cAAc,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC;IAChE,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC;IAE7D,MAAM,gBAAgB,GAAG,qBAAqB,CAAC,WAAW,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;IACrF,MAAM,iBAAiB,GAAG,sBAAsB,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IACzE,MAAM,cAAc,GAAG,mBAAmB,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IAEpE,MAAM,MAAM,GAAG,sBAAsB,CACnC;QACE,GAAG,aAAa,CAAC,CAAC,GAAG,aAAa,EAAE,GAAG,cAAc,CAAC,EAAE,MAAM,CAAC;QAC/D,GAAG,aAAa,CAAC,cAAc,EAAE,OAAO,CAAC;KAC1C,EACD,EAAE,EACF,SAAS,CACV,CAAC;IAEF,OAAO;QACL,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,eAAe;QACf,SAAS;QACT,OAAO,EAAE,YAAY,CAAC,YAAY,EAAE,eAAe,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;QAClG,gBAAgB;QAChB,iBAAiB;QACjB,cAAc;QACd,aAAa;QACb,cAAc;QACd,WAAW;QACX,MAAM;QACN,OAAO,EAAE,WAAW,CAAC,OAAO;QAC5B,IAAI,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QAC1D,GAAG,EAAE,QAAQ,CAAC,KAAK,CAAC,SAAS,EAAE,aAAa,EAAE,cAAc,EAAE,WAAW,CAAC;QAC1E,OAAO,EAAE;YACP,QAAQ,EAAE,aAAa,CAAC,MAAM;YAC9B,SAAS,EAAE,cAAc,CAAC,MAAM;YAChC,MAAM,EAAE,WAAW,CAAC,MAAM;YAC1B,YAAY,EAAE,SAAS,CAAC,MAAM;SAC/B;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,YAAiD;IACxE,MAAM,MAAM,GAAG,IAAI,GAAG,EAAuB,CAAC;IAE9C,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;QACvC,KAAK,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;YACjE,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,IAAI,GAAG,EAAU,CAAC;YAC1D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACnB,CAAC;YACD,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,WAAW,CACvB,CAAC,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;SAClB,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;SACpD,GAAG,CAAC,CAAC,CAAC,SAAS,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,SAAS,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAC/D,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,SAAiB,EACjB,WAAyC,EACzC,UAAkB,EAClB,SAAiB;IAEjB,OAAO,uBAAuB,CAAC;QAC7B,SAAS;QACT,SAAS;QACT,UAAU;QACV,WAAW,EAAE,WAAW,IAAI,EAAE;KAC/B,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,KAAmB;IACpD,OAAO,uBAAuB,CAAC,KAAK,CAAC,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,aAAuB,EACvB,UAAoB,EACpB,SAAmB;IAEnB,OAAO,MAAM,CAAC,CAAC,GAAG,aAAa,EAAE,GAAG,UAAU,EAAE,GAAG,SAAS,CAAC,CAAC,CAAC;AACjE,CAAC;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,YAAY,CAAC;AAC/C,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,KAAe,EAAE,MAAkB,EAAE,WAAoB,EAAY,EAAE,CAClG,aAAa,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC"}

package/dist/provisioner/index.d.ts

@@ -1,10 +0,0 @@
-import type { ProvisionResult, WorkflowProvisionConfig } from './types.js';
-export * from './compiler.js';
-export * from './local-jwks.js';
-export * from './mount.js';
-export * from './seeder.js';
-export * from './token.js';
-export * from './types.js';
-export * from './audit.js';
-export declare function provisionWorkflowAgents(config: WorkflowProvisionConfig): Promise<ProvisionResult>;
-//# sourceMappingURL=index.d.ts.map

package/dist/provisioner/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/provisioner/index.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAKV,eAAe,EAEf,uBAAuB,EACxB,MAAM,YAAY,CAAC;AAEpB,cAAc,eAAe,CAAC;AAC9B,cAAc,iBAAiB,CAAC;AAChC,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,YAAY,CAAC;AAC3B,cAAc,YAAY,CAAC;AAC3B,cAAc,YAAY,CAAC;AA+F3B,wBAAsB,uBAAuB,CAAC,MAAM,EAAE,uBAAuB,GAAG,OAAO,CAAC,eAAe,CAAC,CAuNvG"}

package/dist/provisioner/index.js

@@ -1,269 +0,0 @@
-import { existsSync, readdirSync } from 'node:fs';
-import path from 'node:path';
-import { getDefaultPermissionAuditPath, PermissionAuditLog } from './audit.js';
-import { compileAgentScopes } from './compiler.js';
-import { ensureRelayfileMount } from './mount.js';
-import { createWorkspaceIfNeeded, seedWorkspace, seedWorkflowAcls } from './seeder.js';
-import { DEFAULT_ADMIN_AGENT_NAME, DEFAULT_ADMIN_SCOPES, mintAgentToken } from './token.js';
-export * from './compiler.js';
-export * from './local-jwks.js';
-export * from './mount.js';
-export * from './seeder.js';
-export * from './token.js';
-export * from './types.js';
-export * from './audit.js';
-const DEFAULT_AGENT_NAME = 'default-agent';
-function discoverAgentNames(projectDir) {
-    if (!existsSync(projectDir)) {
-        return [DEFAULT_AGENT_NAME];
-    }
-    const agentNames = new Set();
-    for (const entry of readdirSync(projectDir)) {
-        const match = entry.match(/^\.(.+)\.(agentignore|agentreadonly)$/u);
-        if (match?.[1]) {
-            agentNames.add(match[1]);
-        }
-    }
-    const discovered = [...agentNames].sort((left, right) => left.localeCompare(right));
-    return discovered.length > 0 ? discovered : [DEFAULT_AGENT_NAME];
-}
-function resolveAgents(config) {
-    const configuredAgents = Object.entries(config.agents ?? {});
-    if (configuredAgents.length > 0) {
-        return configuredAgents.map(([name, permissions]) => ({
-            name,
-            permissions: permissions ?? {},
-            resolutionSource: 'configured',
-        }));
-    }
-    return discoverAgentNames(config.projectDir).map((name) => ({
-        name,
-        permissions: {},
-        resolutionSource: 'auto-discovered',
-    }));
-}
-function buildSummary(compilations) {
-    return compilations.reduce((summary, compiled) => ({
-        readonly: summary.readonly + compiled.summary.readonly,
-        readwrite: summary.readwrite + compiled.summary.readwrite,
-        denied: summary.denied + compiled.summary.denied,
-        customScopes: summary.customScopes + compiled.summary.customScopes,
-    }), {
-        readonly: 0,
-        readwrite: 0,
-        denied: 0,
-        customScopes: 0,
-    });
-}
-function buildAgentResult(projectDir, name, token, compiled, mountPoint) {
-    return {
-        name,
-        tokenPath: path.resolve(projectDir, '.relay', 'tokens', `${name}.jwt`),
-        token,
-        scopes: [...compiled.scopes],
-        compiled,
-        mountPoint,
-    };
-}
-function sanitizePathComponent(value) {
-    return value.replace(/[^a-zA-Z0-9._-]+/g, '-');
-}
-function countAclDirectories(compilations) {
-    const directories = new Set();
-    for (const compilation of compilations) {
-        for (const directory of Object.keys(compilation.acl)) {
-            directories.add(directory);
-        }
-    }
-    return directories.size;
-}
-export async function provisionWorkflowAgents(config) {
-    const audit = new PermissionAuditLog();
-    const auditPath = getDefaultPermissionAuditPath(config.projectDir);
-    try {
-        const agents = resolveAgents(config);
-        const tokens = new Map();
-        const scopes = new Map();
-        const mounts = new Map();
-        const agentResults = {};
-        const compilations = [];
-        const compiledByAgent = new Map();
-        for (const agent of agents) {
-            audit.log({
-                agentName: agent.name,
-                action: 'resolve',
-                details: {
-                    source: agent.resolutionSource,
-                    workspace: config.workspace,
-                    permissionKeys: Object.keys(agent.permissions).sort(),
-                },
-            });
-            const compiled = compileAgentScopes({
-                agentName: agent.name,
-                workspace: config.workspace,
-                projectDir: config.projectDir,
-                permissions: agent.permissions,
-            });
-            const token = mintAgentToken({
-                privateKey: config.tokenSigningKey.privateKey,
-                kid: config.tokenSigningKey.kid,
-                agentName: agent.name,
-                workspace: config.workspace,
-                scopes: compiled.scopes,
-                ttlSeconds: config.tokenTtlSeconds,
-            });
-            audit.log({
-                agentName: agent.name,
-                action: 'mint',
-                details: {
-                    workspace: config.workspace,
-                    jwtPath: path.resolve(config.projectDir, '.relay', 'tokens', `${agent.name}.jwt`),
-                    scopeCount: compiled.scopes.length,
-                    scopes: [...compiled.scopes],
-                    ttlSeconds: config.tokenTtlSeconds ?? null,
-                },
-            });
-            tokens.set(agent.name, token);
-            scopes.set(agent.name, [...compiled.scopes]);
-            compilations.push(compiled);
-            compiledByAgent.set(agent.name, compiled);
-        }
-        const adminScopes = [...(config.adminScopes ?? DEFAULT_ADMIN_SCOPES)];
-        const adminToken = mintAgentToken({
-            privateKey: config.tokenSigningKey.privateKey,
-            kid: config.tokenSigningKey.kid,
-            agentName: DEFAULT_ADMIN_AGENT_NAME,
-            workspace: config.workspace,
-            scopes: adminScopes,
-            ttlSeconds: config.tokenTtlSeconds,
-        });
-        audit.log({
-            agentName: DEFAULT_ADMIN_AGENT_NAME,
-            action: 'mint',
-            details: {
-                workspace: config.workspace,
-                role: 'admin',
-                scopeCount: adminScopes.length,
-                scopes: adminScopes,
-                ttlSeconds: config.tokenTtlSeconds ?? null,
-            },
-        });
-        let seededAclCount = 0;
-        let seededFileCount = 0;
-        if (!config.skipSeeding) {
-            await createWorkspaceIfNeeded(config.relayfileBaseUrl, adminToken, config.workspace);
-            audit.log({
-                agentName: DEFAULT_ADMIN_AGENT_NAME,
-                action: 'seed',
-                details: {
-                    workspace: config.workspace,
-                    step: 'workspace',
-                    relayfileBaseUrl: config.relayfileBaseUrl,
-                },
-            });
-            seededFileCount = await seedWorkspace(config.relayfileBaseUrl, adminToken, config.workspace, config.projectDir, config.excludeDirs ?? []);
-            audit.log({
-                agentName: DEFAULT_ADMIN_AGENT_NAME,
-                action: 'seed',
-                details: {
-                    workspace: config.workspace,
-                    step: 'files',
-                    projectDir: config.projectDir,
-                    excludeDirs: config.excludeDirs ?? [],
-                    fileCount: seededFileCount,
-                },
-            });
-            await seedWorkflowAcls({
-                relayfileUrl: config.relayfileBaseUrl,
-                adminToken,
-                workspace: config.workspace,
-                agents: compilations.map((compilation) => ({
-                    name: compilation.agentName,
-                    acl: compilation.acl,
-                })),
-            });
-            seededAclCount = countAclDirectories(compilations);
-            audit.log({
-                agentName: DEFAULT_ADMIN_AGENT_NAME,
-                action: 'seed',
-                details: {
-                    workspace: config.workspace,
-                    step: 'acl',
-                    directoryCount: seededAclCount,
-                    agentCount: compilations.length,
-                },
-            });
-        }
-        if (!config.skipMount) {
-            const mountRoot = path.resolve(config.mountBaseDir ?? path.join(config.projectDir, '.relay'));
-            try {
-                for (const agent of agents) {
-                    const token = tokens.get(agent.name);
-                    const compiled = compiledByAgent.get(agent.name);
-                    if (!token || !compiled) {
-                        continue;
-                    }
-                    const mountHandle = await ensureRelayfileMount({
-                        binaryPath: config.mountBinaryPath,
-                        relayfileUrl: config.relayfileBaseUrl,
-                        workspace: config.workspace,
-                        token,
-                        mountPoint: path.join(mountRoot, `workspace-${sanitizePathComponent(config.workspace)}-${sanitizePathComponent(agent.name)}`),
-                    });
-                    mounts.set(agent.name, mountHandle);
-                    agentResults[agent.name] = buildAgentResult(config.projectDir, agent.name, token, compiled, mountHandle.mountPoint);
-                }
-            }
-            catch (mountError) {
-                for (const [, mount] of mounts) {
-                    try {
-                        if (typeof mount.stop === 'function') {
-                            await mount.stop();
-                        }
-                    }
-                    catch {
-                        // Best-effort cleanup — ignore individual stop failures.
-                    }
-                }
-                mounts.clear();
-                throw mountError;
-            }
-        }
-        else {
-            for (const agent of agents) {
-                const token = tokens.get(agent.name);
-                const compiled = compiledByAgent.get(agent.name);
-                if (!token || !compiled) {
-                    continue;
-                }
-                agentResults[agent.name] = buildAgentResult(config.projectDir, agent.name, token, compiled);
-            }
-        }
-        return {
-            agents: agentResults,
-            agentNames: agents.map((agent) => agent.name),
-            adminToken,
-            seededFileCount,
-            seededAclCount,
-            summary: buildSummary(compilations),
-            mounts,
-            tokens,
-            scopes,
-        };
-    }
-    finally {
-        try {
-            await audit.writeTo(auditPath);
-        }
-        catch (error) {
-            if (config.verbose) {
-                const message = error instanceof Error ? error.message : String(error);
-                console.warn(`Failed to write permission audit to ${auditPath}: ${message}`);
-            }
-        }
-        if (config.verbose) {
-            console.info(audit.summary());
-        }
-    }
-}
-//# sourceMappingURL=index.js.map