@aisy/core 0.1.0

package/dist/skills/index.js

@@ -0,0 +1,463 @@
+import { createHash, randomUUID } from 'node:crypto';
+// ---------------------------------------------------------------------------
+// Hashing — SHA-256 over the exact candidate bytes (§4.2, ADR-0029 #3).
+// rawBytes is the byte-stable artifact; the pin is taken at stage() time and
+// re-checked at promote() to close the TOCTOU window.
+// ---------------------------------------------------------------------------
+function hashBytes(bytes) {
+    return createHash('sha256').update(bytes).digest('hex');
+}
+// ---------------------------------------------------------------------------
+// SKILL.md parser — frontmatter contract (§4.1, ADR-0015).
+// Deterministic, fail-closed: a malformed candidate is dropped pre-judge.
+// We use a minimal YAML reader for the fixed frontmatter shape rather than a
+// general parser — the contract is a flat scalar/list block (§4.1).
+// ---------------------------------------------------------------------------
+const NAME_RE = /^[a-z0-9][a-z0-9-]*$/;
+const REQUIRED_FIELDS = ['name', 'description', 'version', 'provenance', 'triggers'];
+const VALID_PROVENANCE = new Set(['human', 'agent-authored', 'imported']);
+/** Split the leading `---`…`---` block from the body. null = no frontmatter. */
+function splitFrontmatter(raw) {
+    const text = raw.replace(/\r\n/g, '\n');
+    if (!text.startsWith('---\n'))
+        return null;
+    // Closing fence must be a line that is EXACTLY `---` (trimmed) — a body line
+    // like `----` or `---yaml` is a `\n---` *prefix* but not the fence, and must
+    // not truncate the frontmatter. Scan line-by-line from after the opener.
+    const lines = text.split('\n');
+    let fenceLine = -1;
+    for (let i = 1; i < lines.length; i++) {
+        if (lines[i].trim() === '---') {
+            fenceLine = i;
+            break;
+        }
+    }
+    if (fenceLine < 0)
+        return null;
+    const fm = lines.slice(1, fenceLine).join('\n');
+    // body starts after the closing fence line
+    const body = lines.slice(fenceLine + 1).join('\n').replace(/^\n+/, '');
+    return { fm, body };
+}
+/** Minimal flat-YAML reader for the frontmatter contract (scalars + one list). */
+function readFrontmatter(fm) {
+    const out = {};
+    const lines = fm.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        if (line.trim() === '' || line.trim().startsWith('#'))
+            continue;
+        // List items belong to the most recent `key:` with no inline value.
+        const kv = /^([a-zA-Z_][a-zA-Z0-9_]*):\s*(.*)$/.exec(line);
+        if (!kv)
+            continue;
+        const key = kv[1];
+        const value = kv[2];
+        if (key === 'triggers') {
+            const items = [];
+            for (let j = i + 1; j < lines.length; j++) {
+                const lj = lines[j];
+                // A blank line within the list is skipped, not a terminator — items
+                // listed after it still belong to the trigger list. A non-blank,
+                // non-list line ends the list.
+                if (lj.trim() === '') {
+                    i = j;
+                    continue;
+                }
+                const m = /^\s*-\s+(.*)$/.exec(lj);
+                if (!m)
+                    break;
+                items.push(m[1].trim());
+                i = j;
+            }
+            out.triggers = items;
+        }
+        else if (key === 'version') {
+            if (value !== '')
+                out.version = Number(value);
+        }
+        else if (key === 'name') {
+            out.name = value;
+        }
+        else if (key === 'description') {
+            out.description = value;
+        }
+        else if (key === 'provenance') {
+            out.provenance = value;
+        }
+    }
+    return out;
+}
+function parseSkill(raw) {
+    const split = splitFrontmatter(raw);
+    if (!split) {
+        return { ok: false, errors: [{ kind: 'malformed_frontmatter', detail: 'missing or unterminated --- fence' }] };
+    }
+    const rf = readFrontmatter(split.fm);
+    const errors = [];
+    // Required-field presence (§9 AC-06-2).
+    for (const field of REQUIRED_FIELDS) {
+        const present = field === 'triggers'
+            ? Array.isArray(rf.triggers) && rf.triggers.length > 0
+            : rf[field] !== undefined && rf[field] !== '';
+        if (!present)
+            errors.push({ kind: 'missing_field', field });
+    }
+    // description ≤ 60 chars (§4.1, AC-06-1) — reported independently so an
+    // over-long description is caught even when all fields are present.
+    if (typeof rf.description === 'string' && rf.description.length > 60) {
+        errors.push({ kind: 'description_too_long', length: rf.description.length });
+    }
+    // name format /^[a-z0-9][a-z0-9-]*$/ (§4.1).
+    if (typeof rf.name === 'string' && rf.name !== '' && !NAME_RE.test(rf.name)) {
+        errors.push({ kind: 'invalid_name_format', name: rf.name });
+    }
+    // provenance enum + version numeric.
+    if (typeof rf.provenance === 'string' && rf.provenance !== '' && !VALID_PROVENANCE.has(rf.provenance)) {
+        errors.push({ kind: 'malformed_frontmatter', detail: `invalid provenance '${rf.provenance}'` });
+    }
+    if (rf.version !== undefined && (Number.isNaN(rf.version) || !Number.isFinite(rf.version))) {
+        errors.push({ kind: 'malformed_frontmatter', detail: 'version is not a number' });
+    }
+    if (errors.length > 0)
+        return { ok: false, errors };
+    const frontmatter = {
+        name: rf.name,
+        description: rf.description,
+        version: rf.version,
+        provenance: rf.provenance,
+        triggers: rf.triggers,
+    };
+    return {
+        ok: true,
+        skill: {
+            frontmatter,
+            body: split.body,
+            rawBytes: new TextEncoder().encode(raw),
+        },
+    };
+}
+// ---------------------------------------------------------------------------
+// Deterministic validators (§6, §5.2). All four run in code, 100%; the AND of
+// the four (`ok`) gates a candidate before the judge (Nightly 10) sees it.
+// ---------------------------------------------------------------------------
+const VERIFICATION_HEADING = /(^|\n)##\s+verification\b/i;
+/** refs_exist: a candidate may not reference a path/tool that does not exist. */
+function checkRefsExist(body) {
+    // Heuristic deterministic check: local relative refs (`./…`, `../…`) and
+    // `Requires:` declarations must resolve. In this pure-core build there is no
+    // skill/tool registry on disk, so any local relative ref is treated as
+    // dangling (fail-closed) — matching AC-06-8's `./nonexistent-tool.sh`.
+    return !/(^|\s)\.{1,2}\/\S+/.test(body);
+}
+/**
+ * no_constitution_conflict: a candidate body may not assert a directive that
+ * contradicts the constitution (e.g. an unconditional always/never policy that
+ * would override Safety's HARD_DENY / autonomy gradient). Deterministic phrase
+ * set, not a model call (§8 OWASP-LLM01 mitigation).
+ */
+const CONSTITUTION_CONFLICT_PATTERNS = [
+    /\balways\s+deny\s+all\b/i,
+    /\bdeny\s+all\s+requests\s+unconditionally\b/i,
+    /\bignore\s+(?:the\s+)?constitution\b/i,
+    /\bdisable\s+(?:all\s+)?safety\b/i,
+    /\bbypass\s+hard[_-]?deny\b/i,
+];
+function checkNoConstitutionConflict(body) {
+    return !CONSTITUTION_CONFLICT_PATTERNS.some((p) => p.test(body));
+}
+function checkHasVerificationSection(body) {
+    return VERIFICATION_HEADING.test('\n' + body);
+}
+// ---------------------------------------------------------------------------
+// Negative-skill / failure-classification model (§4.4, §5.4, ADR-0025).
+// ---------------------------------------------------------------------------
+const NEGATIVE_THRESHOLD = 3; // N ≥ 3 distinct sessions of permanent failures.
+/** Destructive operations in a skill BODY that force step-up (§8 ADR-0029 #5). */
+const DESTRUCTIVE_BODY_PATTERNS = [
+    /\brm\s+-[a-z]*r[a-z]*f?/i, // rm -rf / rm -fr / rm -r ...
+    /\bdrop\s+(?:table|database|schema)\b/i,
+    /\btruncate\s+table\b/i,
+    /\bgit\s+push\s+(?:--force|-f)\b/i,
+    /\bforce[- ]?push\b/i,
+    /\bgit\s+reset\s+--hard\b/i,
+    /\b(?:mkfs|dd\s+if=|shred)\b/i,
+    /\b(?:drop|wipe|destroy|delete\s+all|format)\b/i,
+];
+/**
+ * Detect a permanence/irreversible-flagged candidate (§5.3, §8 ADR-0029 #5).
+ * Step-up is required to promote one. The flag is derived deterministically
+ * from the frontmatter AND the body, never from a model-set trust field — a
+ * benign-titled skill whose body performs a destructive operation must not
+ * bypass step-up.
+ */
+function isIrreversible(fm, body) {
+    const hay = `${fm.name} ${fm.description}`.toLowerCase();
+    if (/\b(irreversible|permanence|permanent|wipe|destroy|delete\s+all)\b/.test(hay))
+        return true;
+    return DESTRUCTIVE_BODY_PATTERNS.some((p) => p.test(body));
+}
+export function makeSkillRegistry(deps) {
+    // Promoted (active+trusted) skills, keyed by name. Cold start: empty (§7).
+    const promoted = new Map();
+    // Staged candidates awaiting human approval.
+    const staged = new Map();
+    // Distinct-session permanent-failure tallies, keyed by target (§4.4).
+    const tallies = new Map();
+    // Active negative-skill records (bi-temporal; probe sets invalid_at) (§4.4).
+    const negatives = new Map();
+    // Trigger phrases for promoted skills, kept OUT of the byte-stable menu line
+    // (§5.1, ADR-0019). Per-instance; matchTriggers resolves against this.
+    const promotedTriggers = new Map();
+    /** Telemetry emit is fail-open: it must never block serving (§7, AC-06-27). */
+    const emit = (event, payload) => {
+        try {
+            deps.observability.emit(event, payload);
+        }
+        catch {
+            /* sidecar unavailable — serving is never blocked on telemetry */
+        }
+    };
+    return {
+        // ---- resident path (deterministic, every prompt assembly) ----
+        menu() {
+            // Active + TRUSTED only. A staged-but-unpromoted (untrusted) skill never
+            // appears here (AC-06-4, AC-06-11). Body text is never included — only
+            // the byte-stable name+description menu line (§4.1, ADR-0019).
+            const entries = [];
+            for (const skill of promoted.values()) {
+                entries.push({ name: skill.name, description: skill.description });
+            }
+            return entries;
+        },
+        matchTriggers(request) {
+            // Deterministic phrase match against TRUSTED skills only — an unverified
+            // recipe can never fire (§5.1). Case-insensitive substring on triggers.
+            const q = request.toLowerCase();
+            const names = [];
+            for (const skill of promoted.values()) {
+                const triggers = promotedTriggers.get(skill.name) ?? [];
+                if (triggers.some((t) => q.includes(t.toLowerCase()))) {
+                    names.push(skill.name);
+                }
+            }
+            return names;
+        },
+        async loadBody(name) {
+            // Lazy body load into working context, NOT the prefix (§5.1, AC-06-6).
+            // Serving is never blocked on telemetry (AC-06-27): emit is fail-open.
+            const skill = promoted.get(name);
+            if (!skill)
+                return '';
+            emit('skill.loaded', { name });
+            return skill.body;
+        },
+        // ---- authoring path ----
+        parse(raw) {
+            return parseSkill(raw);
+        },
+        async validate(candidate) {
+            const body = candidate.body;
+            const refs_exist = checkRefsExist(body);
+            const no_constitution_conflict = checkNoConstitutionConflict(body);
+            const has_verification_section = checkHasVerificationSection(body);
+            // dry_run_ok: the body must run in Safety's network-none sandbox
+            // (§6, ADR-0012). The sandbox is owned by Safety; Skills calls into it.
+            // Fail-closed two ways (§7, AC-06-9): if invoking the sandbox fails
+            // (unavailable) OR the sandbox runs the body and REJECTS it by resolving
+            // `{ok:false}`, dry_run_ok is false and the candidate is not staged. We
+            // await the verdict — same pattern as probe() (OWASP-LLM01 mitigation).
+            let dry_run_ok = false;
+            try {
+                const result = await deps.sandbox.dryRun(body);
+                dry_run_ok = result.ok;
+            }
+            catch {
+                dry_run_ok = false;
+            }
+            const ok = refs_exist && no_constitution_conflict && dry_run_ok && has_verification_section;
+            return { refs_exist, no_constitution_conflict, dry_run_ok, has_verification_section, ok };
+        },
+        stage(candidate, ctx) {
+            // Hash-pin the exact candidate bytes at stage time (ADR-0029 #3).
+            const artifactHash = hashBytes(candidate.rawBytes);
+            const stageId = `stage-${randomUUID()}`;
+            const fullText = new TextDecoder().decode(candidate.rawBytes);
+            // trace_verified is set ONLY from a real Observability trace, never a
+            // self-report (ADR-0017, AC-06-13). At stage time we have not yet run the
+            // verification section against real traces, so it stays false until
+            // promote() consults Observability. The staged artifact carries NO
+            // approved/trusted field (AC-06-16) — TypeScript + this record enforce it.
+            const record = {
+                stageId,
+                artifactHash,
+                diff: '',
+                triggerContext: { request: ctx.request, sessionId: ctx.sessionId },
+                traceVerified: false,
+                provenance: candidate.frontmatter.provenance,
+                fullText,
+                frontmatter: candidate.frontmatter,
+                body: candidate.body,
+                approved: false,
+                promotedVersion: null,
+            };
+            staged.set(stageId, record);
+            emit('skill.staged', { stageId, name: candidate.frontmatter.name, provenance: record.provenance });
+            // Return only the public StagedSkill surface.
+            return {
+                stageId,
+                artifactHash,
+                diff: record.diff,
+                triggerContext: record.triggerContext,
+                traceVerified: record.traceVerified,
+                provenance: record.provenance,
+                fullText,
+            };
+        },
+        reviewPayload(stageId) {
+            const record = staged.get(stageId);
+            if (!record)
+                throw new Error(`skills.reviewPayload: unknown stageId '${stageId}'`);
+            // Full text + diff + triggering context (§2, AC-06-15).
+            return {
+                stageId: record.stageId,
+                fullText: record.fullText,
+                diff: record.diff,
+                triggerContext: record.triggerContext,
+            };
+        },
+        // ---- promotion path (ADR-0029) ----
+        async promote(stageId, approval) {
+            const record = staged.get(stageId);
+            // No pending action for this stage id (§7, AC-06-18 alt reason).
+            if (!record)
+                return { ok: false, reason: 'no_pending_action' };
+            // TOCTOU close: re-hash the staged bytes and require equality with the
+            // human-approved hash before anything else (ADR-0029 #3, AC-06-17).
+            const currentHash = hashBytes(new TextEncoder().encode(record.fullText));
+            if (approval.artifactHash !== currentHash) {
+                return { ok: false, reason: 'hash_mismatch' };
+            }
+            // Single-use, per-action nonce (ADR-0029 #4, AC-06-18). A replayed/stale
+            // nonce is rejected and nothing is committed.
+            if (!deps.nonceStore.consume(approval.nonce, stageId)) {
+                return { ok: false, reason: 'replayed_nonce' };
+            }
+            // TOCTOU close on the staged record itself: claim it synchronously, before
+            // the first await. The NonceStore is keyed per-nonce, so two distinct valid
+            // nonces for the same stageId would otherwise both pass the consume check
+            // and race to a double git.commit(). Deleting here (no await between get and
+            // delete) makes a concurrent promote on the same stageId see no record and
+            // return no_pending_action — exactly one promotion wins (ADR-0029 #4).
+            staged.delete(stageId);
+            // Trace-based trust: promotion requires a real passing trace on record,
+            // never a self-report (ADR-0017, AC-06-12/AC-06-13). Observability owns
+            // the trace journal; Skills only reads it.
+            const traceVerified = await deps.observability.hasPassingTrace(record.frontmatter.name);
+            if (!traceVerified) {
+                return { ok: false, reason: 'not_trace_verified' };
+            }
+            // Step-up second factor for permanence/irreversible items (ADR-0029 #5,
+            // AC-06-19). A plain tap is insufficient for these.
+            if (isIrreversible(record.frontmatter, record.body) && !approval.stepUpSatisfied) {
+                return { ok: false, reason: 'stepup_missing' };
+            }
+            // All gates passed. Commit to prod git with a version bump, binding the
+            // human tap to the commit (ADR-0029 #2, AC-06-14/AC-06-20). The approved
+            // flag is set ONLY here, in code, bound to a real human action.
+            const prior = promoted.get(record.frontmatter.name);
+            const version = (prior?.version ?? record.frontmatter.version - 1) + 1;
+            const filename = `skills/${record.frontmatter.name}/SKILL.md`;
+            const commit = await deps.git.commit(`skill: promote ${record.frontmatter.name} v${version} (tap ${approval.humanTapAuditId})`, { [filename]: record.fullText });
+            record.approved = true;
+            record.promotedVersion = version;
+            promoted.set(record.frontmatter.name, {
+                name: record.frontmatter.name,
+                description: record.frontmatter.description,
+                body: record.body,
+                version,
+                provenance: record.provenance,
+            });
+            promotedTriggers.set(record.frontmatter.name, record.frontmatter.triggers);
+            // (staged record already removed above, before the first await — TOCTOU close.)
+            // tap→commit audit binding (AC-06-20) — emitted to Observability 12.
+            emit('skill.promoted', {
+                name: record.frontmatter.name,
+                commit,
+                version,
+                humanTapAuditId: approval.humanTapAuditId,
+            });
+            return { ok: true, commit, version };
+        },
+        // ---- failure / negative-skill path (ADR-0025) ----
+        recordFailure(_name, f) {
+            // Every signal produces a journal note (AC-06-21). Transient signals and
+            // sub-threshold permanent signals are notes only — never a skill (§4.5).
+            emit('skill.failure_recorded', { target: f.target, class: f.class, sessionId: f.sessionId, detail: f.detail });
+            if (f.class !== 'permanent')
+                return;
+            // Distinct-session permanent tally, keyed by target (§4.4). One session
+            // cannot mint a negative skill (AC-06-22): the Set dedupes session ids.
+            let tally = tallies.get(f.target);
+            if (!tally) {
+                tally = { target: f.target, sessionIds: new Set() };
+                tallies.set(f.target, tally);
+            }
+            tally.sessionIds.add(f.sessionId);
+            // Below threshold → transient note only, no negative skill (AC-06-22).
+            if (tally.sessionIds.size < NEGATIVE_THRESHOLD)
+                return;
+            // Already fossilized and still active → do not re-draft.
+            const existing = negatives.get(f.target);
+            if (existing && existing.invalid_at === null)
+                return;
+            // N ≥ 3 distinct sessions → draft a negative-skill candidate that enters
+            // the staging path (AC-06-23). It is advisory only, never a HARD_DENY
+            // (AC-06-24): priority is lowered, the capability stays callable.
+            const record = {
+                target: f.target,
+                failureCount: tally.sessionIds.size,
+                sessionIds: [...tally.sessionIds],
+                valid_at: new Date().toISOString(),
+                invalid_at: null,
+                advisory: true,
+            };
+            negatives.set(f.target, record);
+            emit('skill.negative_created', record);
+        },
+        async probe() {
+            // Nightly un-fossilize re-test (§5.4, AC-06-25). For each active negative
+            // skill, re-test the failed strategy in the sandbox. First success sets
+            // invalid_at (NOT a hard delete) and emits an un-fossilize diff card.
+            const unfossilized = [];
+            const stillFailing = [];
+            const checkedAt = new Date().toISOString();
+            for (const [target, record] of negatives) {
+                if (record.invalid_at !== null)
+                    continue;
+                let ok = false;
+                try {
+                    const result = await deps.sandbox.dryRun(`probe: ${target}`);
+                    ok = result.ok;
+                }
+                catch {
+                    ok = false;
+                }
+                if (ok) {
+                    // Bi-temporal: set invalid_at, keep the row (recoverable from git).
+                    record.invalid_at = checkedAt;
+                    unfossilized.push(target);
+                    // Clear the tally so a future outage starts a fresh distinct-session
+                    // count (hysteresis: a flaky tool does not immediately re-fossilize).
+                    tallies.delete(target);
+                    emit('skill.unfossilized', { name: target, invalid_at: checkedAt });
+                }
+                else {
+                    stillFailing.push(target);
+                }
+            }
+            return { unfossilized, stillFailing, checkedAt };
+        },
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/skills/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/skills/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAiDpD,8EAA8E;AAC9E,wEAAwE;AACxE,6EAA6E;AAC7E,sDAAsD;AACtD,8EAA8E;AAE9E,SAAS,SAAS,CAAC,KAAiB;IAClC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;AACzD,CAAC;AAED,8EAA8E;AAC9E,2DAA2D;AAC3D,0EAA0E;AAC1E,6EAA6E;AAC7E,oEAAoE;AACpE,8EAA8E;AAE9E,MAAM,OAAO,GAAG,sBAAsB,CAAA;AACtC,MAAM,eAAe,GAAG,CAAC,MAAM,EAAE,aAAa,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,CAAU,CAAA;AAC7F,MAAM,gBAAgB,GAAwB,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,gBAAgB,EAAE,UAAU,CAAC,CAAC,CAAA;AAU9F,gFAAgF;AAChF,SAAS,gBAAgB,CAAC,GAAW;IACnC,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;IACvC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAA;IAC1C,6EAA6E;IAC7E,6EAA6E;IAC7E,yEAAyE;IACzE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAC9B,IAAI,SAAS,GAAG,CAAC,CAAC,CAAA;IAClB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,KAAK,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,KAAK,KAAK,EAAE,CAAC;YAC/B,SAAS,GAAG,CAAC,CAAA;YACb,MAAK;QACP,CAAC;IACH,CAAC;IACD,IAAI,SAAS,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IAC9B,MAAM,EAAE,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC/C,2CAA2C;IAC3C,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;IACtE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAA;AACrB,CAAC;AAED,kFAAkF;AAClF,SAAS,eAAe,CAAC,EAAU;IACjC,MAAM,GAAG,GAAmB,EAAE,CAAA;IAC9B,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAA;QACtB,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAQ;QAC/D,oEAAoE;QACpE,MAAM,EAAE,GAAG,oCAAoC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC1D,IAAI,CAAC,EAAE;YAAE,SAAQ;QACjB,MAAM,GAAG,GAAG,EAAE,CAAC,CAAC,CAAE,CAAA;QAClB,MAAM,KAAK,GAAG,EAAE,CAAC,CAAC,CAAE,CAAA;QACpB,IAAI,GAAG,KAAK,UAAU,EAAE,CAAC;YACvB,MAAM,KAAK,GAAa,EAAE,CAAA;YAC1B,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC1C,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAE,CAAA;gBACpB,oEAAoE;gBACpE,iEAAiE;gBACjE,+BAA+B;gBAC/B,IAAI,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;oBACrB,CAAC,GAAG,CAAC,CAAA;oBACL,SAAQ;gBACV,CAAC;gBACD,MAAM,CAAC,GAAG,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;gBAClC,IAAI,CAAC,CAAC;oBAAE,MAAK;gBACb,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAC,CAAA;gBACxB,CAAC,GAAG,CAAC,CAAA;YACP,CAAC;YACD,GAAG,CAAC,QAAQ,GAAG,KAAK,CAAA;QACtB,CAAC;aAAM,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YAC7B,IAAI,KAAK,KAAK,EAAE;gBAAE,GAAG,CAAC,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAA;QAC/C,CAAC;aAAM,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;YAC1B,GAAG,CAAC,IAAI,GAAG,KAAK,CAAA;QAClB,CAAC;aAAM,IAAI,GAAG,KAAK,aAAa,EAAE,CAAC;YACjC,GAAG,CAAC,WAAW,GAAG,KAAK,CAAA;QACzB,CAAC;aAAM,IAAI,GAAG,KAAK,YAAY,EAAE,CAAC;YAChC,GAAG,CAAC,UAAU,GAAG,KAAK,CAAA;QACxB,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,SAAS,UAAU,CAAC,GAAW;IAC7B,MAAM,KAAK,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAA;IACnC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,uBAAuB,EAAE,MAAM,EAAE,mCAAmC,EAAE,CAAC,EAAE,CAAA;IAChH,CAAC;IACD,MAAM,EAAE,GAAG,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;IACpC,MAAM,MAAM,GAAiB,EAAE,CAAA;IAE/B,wCAAwC;IACxC,KAAK,MAAM,KAAK,IAAI,eAAe,EAAE,CAAC;QACpC,MAAM,OAAO,GACX,KAAK,KAAK,UAAU;YAClB,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;YACtD,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,SAAS,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,EAAE,CAAA;QACjD,IAAI,CAAC,OAAO;YAAE,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC,CAAA;IAC7D,CAAC;IAED,wEAAwE;IACxE,oEAAoE;IACpE,IAAI,OAAO,EAAE,CAAC,WAAW,KAAK,QAAQ,IAAI,EAAE,CAAC,WAAW,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACrE,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,MAAM,EAAE,EAAE,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAA;IAC9E,CAAC;IACD,6CAA6C;IAC7C,IAAI,OAAO,EAAE,CAAC,IAAI,KAAK,QAAQ,IAAI,EAAE,CAAC,IAAI,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5E,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,qBAAqB,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC,CAAA;IAC7D,CAAC;IACD,qCAAqC;IACrC,IAAI,OAAO,EAAE,CAAC,UAAU,KAAK,QAAQ,IAAI,EAAE,CAAC,UAAU,KAAK,EAAE,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;QACtG,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,uBAAuB,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC,UAAU,GAAG,EAAE,CAAC,CAAA;IACjG,CAAC;IACD,IAAI,EAAE,CAAC,OAAO,KAAK,SAAS,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;QAC3F,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,uBAAuB,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC,CAAA;IACnF,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAA;IAEnD,MAAM,WAAW,GAAqB;QACpC,IAAI,EAAE,EAAE,CAAC,IAAK;QACd,WAAW,EAAE,EAAE,CAAC,WAAY;QAC5B,OAAO,EAAE,EAAE,CAAC,OAAQ;QACpB,UAAU,EAAE,EAAE,CAAC,UAAwB;QACvC,QAAQ,EAAE,EAAE,CAAC,QAAS;KACvB,CAAA;IACD,OAAO;QACL,EAAE,EAAE,IAAI;QACR,KAAK,EAAE;YACL,WAAW;YACX,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,QAAQ,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC;SACxC;KACF,CAAA;AACH,CAAC;AAED,8EAA8E;AAC9E,8EAA8E;AAC9E,2EAA2E;AAC3E,8EAA8E;AAE9E,MAAM,oBAAoB,GAAG,4BAA4B,CAAA;AAEzD,iFAAiF;AACjF,SAAS,cAAc,CAAC,IAAY;IAClC,yEAAyE;IACzE,6EAA6E;IAC7E,uEAAuE;IACvE,uEAAuE;IACvE,OAAO,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACzC,CAAC;AAED;;;;;GAKG;AACH,MAAM,8BAA8B,GAAsB;IACxD,0BAA0B;IAC1B,8CAA8C;IAC9C,uCAAuC;IACvC,kCAAkC;IAClC,6BAA6B;CAC9B,CAAA;AACD,SAAS,2BAA2B,CAAC,IAAY;IAC/C,OAAO,CAAC,8BAA8B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAA;AAClE,CAAC;AAED,SAAS,2BAA2B,CAAC,IAAY;IAC/C,OAAO,oBAAoB,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;AAC/C,CAAC;AAED,8EAA8E;AAC9E,wEAAwE;AACxE,8EAA8E;AAE9E,MAAM,kBAAkB,GAAG,CAAC,CAAA,CAAC,iDAAiD;AA8B9E,kFAAkF;AAClF,MAAM,yBAAyB,GAAsB;IACnD,0BAA0B,EAAE,8BAA8B;IAC1D,uCAAuC;IACvC,uBAAuB;IACvB,kCAAkC;IAClC,qBAAqB;IACrB,2BAA2B;IAC3B,8BAA8B;IAC9B,gDAAgD;CACjD,CAAA;AAED;;;;;;GAMG;AACH,SAAS,cAAc,CAAC,EAAoB,EAAE,IAAY;IACxD,MAAM,GAAG,GAAG,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,WAAW,EAAE,CAAA;IACxD,IAAI,mEAAmE,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IAC9F,OAAO,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAA;AAC5D,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAAgB;IAChD,2EAA2E;IAC3E,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAyB,CAAA;IACjD,6CAA6C;IAC7C,MAAM,MAAM,GAAG,IAAI,GAAG,EAA0B,CAAA;IAChD,sEAAsE;IACtE,MAAM,OAAO,GAAG,IAAI,GAAG,EAA0B,CAAA;IACjD,6EAA6E;IAC7E,MAAM,SAAS,GAAG,IAAI,GAAG,EAA+B,CAAA;IACxD,6EAA6E;IAC7E,uEAAuE;IACvE,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAoB,CAAA;IAEpD,+EAA+E;IAC/E,MAAM,IAAI,GAAG,CAAC,KAAa,EAAE,OAAgB,EAAQ,EAAE;QACrD,IAAI,CAAC;YACH,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,iEAAiE;QACnE,CAAC;IACH,CAAC,CAAA;IAED,OAAO;QACL,iEAAiE;QAEjE,IAAI;YACF,yEAAyE;YACzE,uEAAuE;YACvE,+DAA+D;YAC/D,MAAM,OAAO,GAAgB,EAAE,CAAA;YAC/B,KAAK,MAAM,KAAK,IAAI,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;gBACtC,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,WAAW,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC,CAAA;YACpE,CAAC;YACD,OAAO,OAAO,CAAA;QAChB,CAAC;QAED,aAAa,CAAC,OAAe;YAC3B,yEAAyE;YACzE,wEAAwE;YACxE,MAAM,CAAC,GAAG,OAAO,CAAC,WAAW,EAAE,CAAA;YAC/B,MAAM,KAAK,GAAa,EAAE,CAAA;YAC1B,KAAK,MAAM,KAAK,IAAI,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;gBACtC,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAA;gBACvD,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;oBACtD,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;gBACxB,CAAC;YACH,CAAC;YACD,OAAO,KAAK,CAAA;QACd,CAAC;QAED,KAAK,CAAC,QAAQ,CAAC,IAAY;YACzB,uEAAuE;YACvE,uEAAuE;YACvE,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;YAChC,IAAI,CAAC,KAAK;gBAAE,OAAO,EAAE,CAAA;YACrB,IAAI,CAAC,cAAc,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;YAC9B,OAAO,KAAK,CAAC,IAAI,CAAA;QACnB,CAAC;QAED,2BAA2B;QAE3B,KAAK,CAAC,GAAW;YACf,OAAO,UAAU,CAAC,GAAG,CAAC,CAAA;QACxB,CAAC;QAED,KAAK,CAAC,QAAQ,CAAC,SAAsB;YACnC,MAAM,IAAI,GAAG,SAAS,CAAC,IAAI,CAAA;YAC3B,MAAM,UAAU,GAAG,cAAc,CAAC,IAAI,CAAC,CAAA;YACvC,MAAM,wBAAwB,GAAG,2BAA2B,CAAC,IAAI,CAAC,CAAA;YAClE,MAAM,wBAAwB,GAAG,2BAA2B,CAAC,IAAI,CAAC,CAAA;YAElE,iEAAiE;YACjE,wEAAwE;YACxE,oEAAoE;YACpE,yEAAyE;YACzE,wEAAwE;YACxE,wEAAwE;YACxE,IAAI,UAAU,GAAG,KAAK,CAAA;YACtB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;gBAC9C,UAAU,GAAG,MAAM,CAAC,EAAE,CAAA;YACxB,CAAC;YAAC,MAAM,CAAC;gBACP,UAAU,GAAG,KAAK,CAAA;YACpB,CAAC;YAED,MAAM,EAAE,GAAG,UAAU,IAAI,wBAAwB,IAAI,UAAU,IAAI,wBAAwB,CAAA;YAC3F,OAAO,EAAE,UAAU,EAAE,wBAAwB,EAAE,UAAU,EAAE,wBAAwB,EAAE,EAAE,EAAE,CAAA;QAC3F,CAAC;QAED,KAAK,CAAC,SAAsB,EAAE,GAAmB;YAC/C,kEAAkE;YAClE,MAAM,YAAY,GAAG,SAAS,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAA;YAClD,MAAM,OAAO,GAAG,SAAS,UAAU,EAAE,EAAE,CAAA;YACvC,MAAM,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAA;YAE7D,sEAAsE;YACtE,0EAA0E;YAC1E,oEAAoE;YACpE,mEAAmE;YACnE,2EAA2E;YAC3E,MAAM,MAAM,GAAmB;gBAC7B,OAAO;gBACP,YAAY;gBACZ,IAAI,EAAE,EAAE;gBACR,cAAc,EAAE,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE;gBAClE,aAAa,EAAE,KAAK;gBACpB,UAAU,EAAE,SAAS,CAAC,WAAW,CAAC,UAAU;gBAC5C,QAAQ;gBACR,WAAW,EAAE,SAAS,CAAC,WAAW;gBAClC,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,QAAQ,EAAE,KAAK;gBACf,eAAe,EAAE,IAAI;aACtB,CAAA;YACD,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;YAC3B,IAAI,CAAC,cAAc,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,WAAW,CAAC,IAAI,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC,CAAA;YAElG,8CAA8C;YAC9C,OAAO;gBACL,OAAO;gBACP,YAAY;gBACZ,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,cAAc,EAAE,MAAM,CAAC,cAAc;gBACrC,aAAa,EAAE,MAAM,CAAC,aAAa;gBACnC,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,QAAQ;aACT,CAAA;QACH,CAAC;QAED,aAAa,CAAC,OAAe;YAC3B,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;YAClC,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,KAAK,CAAC,0CAA0C,OAAO,GAAG,CAAC,CAAA;YAClF,wDAAwD;YACxD,OAAO;gBACL,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,cAAc,EAAE,MAAM,CAAC,cAAc;aACtC,CAAA;QACH,CAAC;QAED,sCAAsC;QAEtC,KAAK,CAAC,OAAO,CAAC,OAAe,EAAE,QAAyB;YACtD,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;YAClC,iEAAiE;YACjE,IAAI,CAAC,MAAM;gBAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAA;YAE9D,uEAAuE;YACvE,oEAAoE;YACpE,MAAM,WAAW,GAAG,SAAS,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAA;YACxE,IAAI,QAAQ,CAAC,YAAY,KAAK,WAAW,EAAE,CAAC;gBAC1C,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAA;YAC/C,CAAC;YAED,yEAAyE;YACzE,8CAA8C;YAC9C,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,EAAE,CAAC;gBACtD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAA;YAChD,CAAC;YAED,2EAA2E;YAC3E,4EAA4E;YAC5E,0EAA0E;YAC1E,6EAA6E;YAC7E,2EAA2E;YAC3E,uEAAuE;YACvE,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;YAEtB,wEAAwE;YACxE,wEAAwE;YACxE,2CAA2C;YAC3C,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,eAAe,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;YACvF,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,EAAE,CAAA;YACpD,CAAC;YAED,wEAAwE;YACxE,oDAAoD;YACpD,IAAI,cAAc,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,eAAe,EAAE,CAAC;gBACjF,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAA;YAChD,CAAC;YAED,wEAAwE;YACxE,yEAAyE;YACzE,gEAAgE;YAChE,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;YACnD,MAAM,OAAO,GAAG,CAAC,KAAK,EAAE,OAAO,IAAI,MAAM,CAAC,WAAW,CAAC,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,CAAA;YACtE,MAAM,QAAQ,GAAG,UAAU,MAAM,CAAC,WAAW,CAAC,IAAI,WAAW,CAAA;YAC7D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,MAAM,CAClC,kBAAkB,MAAM,CAAC,WAAW,CAAC,IAAI,KAAK,OAAO,SAAS,QAAQ,CAAC,eAAe,GAAG,EACzF,EAAE,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,QAAQ,EAAE,CAChC,CAAA;YAED,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAA;YACtB,MAAM,CAAC,eAAe,GAAG,OAAO,CAAA;YAChC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE;gBACpC,IAAI,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI;gBAC7B,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,WAAW;gBAC3C,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,OAAO;gBACP,UAAU,EAAE,MAAM,CAAC,UAAU;aAC9B,CAAC,CAAA;YACF,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAA;YAC1E,gFAAgF;YAEhF,qEAAqE;YACrE,IAAI,CAAC,gBAAgB,EAAE;gBACrB,IAAI,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI;gBAC7B,MAAM;gBACN,OAAO;gBACP,eAAe,EAAE,QAAQ,CAAC,eAAe;aAC1C,CAAC,CAAA;YAEF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;QACtC,CAAC;QAED,qDAAqD;QAErD,aAAa,CAAC,KAAoB,EAAE,CAAgB;YAClD,yEAAyE;YACzE,yEAAyE;YACzE,IAAI,CAAC,wBAAwB,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAA;YAE9G,IAAI,CAAC,CAAC,KAAK,KAAK,WAAW;gBAAE,OAAM;YAEnC,wEAAwE;YACxE,wEAAwE;YACxE,IAAI,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;YACjC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,KAAK,GAAG,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,UAAU,EAAE,IAAI,GAAG,EAAU,EAAE,CAAA;gBAC3D,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;YAC9B,CAAC;YACD,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAA;YAEjC,uEAAuE;YACvE,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,GAAG,kBAAkB;gBAAE,OAAM;YACtD,yDAAyD;YACzD,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;YACxC,IAAI,QAAQ,IAAI,QAAQ,CAAC,UAAU,KAAK,IAAI;gBAAE,OAAM;YAEpD,yEAAyE;YACzE,sEAAsE;YACtE,kEAAkE;YAClE,MAAM,MAAM,GAAwB;gBAClC,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,YAAY,EAAE,KAAK,CAAC,UAAU,CAAC,IAAI;gBACnC,UAAU,EAAE,CAAC,GAAG,KAAK,CAAC,UAAU,CAAC;gBACjC,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBAClC,UAAU,EAAE,IAAI;gBAChB,QAAQ,EAAE,IAAI;aACf,CAAA;YACD,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;YAC/B,IAAI,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAA;QACxC,CAAC;QAED,KAAK,CAAC,KAAK;YACT,0EAA0E;YAC1E,wEAAwE;YACxE,sEAAsE;YACtE,MAAM,YAAY,GAAa,EAAE,CAAA;YACjC,MAAM,YAAY,GAAa,EAAE,CAAA;YACjC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;YAE1C,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;gBACzC,IAAI,MAAM,CAAC,UAAU,KAAK,IAAI;oBAAE,SAAQ;gBACxC,IAAI,EAAE,GAAG,KAAK,CAAA;gBACd,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,MAAM,EAAE,CAAC,CAAA;oBAC5D,EAAE,GAAG,MAAM,CAAC,EAAE,CAAA;gBAChB,CAAC;gBAAC,MAAM,CAAC;oBACP,EAAE,GAAG,KAAK,CAAA;gBACZ,CAAC;gBACD,IAAI,EAAE,EAAE,CAAC;oBACP,oEAAoE;oBACpE,MAAM,CAAC,UAAU,GAAG,SAAS,CAAA;oBAC7B,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;oBACzB,qEAAqE;oBACrE,sEAAsE;oBACtE,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;oBACtB,IAAI,CAAC,oBAAoB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAA;gBACrE,CAAC;qBAAM,CAAC;oBACN,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;gBAC3B,CAAC;YACH,CAAC;YAED,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,SAAS,EAAE,CAAA;QAClD,CAAC;KACF,CAAA;AACH,CAAC"}

package/dist/skills/types.d.ts

@@ -0,0 +1,177 @@
+export type Provenance = 'human' | 'agent-authored' | 'imported';
+export interface SkillFrontmatter {
+    /** Stable id; telemetry join key; immutable once promoted. /^[a-z0-9][a-z0-9-]*$/ */
+    name: string;
+    /** <= 60 chars — the single menu line injected into the prefix. */
+    description: string;
+    /** Bumped on every approved edit; mirrors git commit chain. */
+    version: number;
+    provenance: Provenance;
+    /** Phrases/intents matched deterministically at runtime. */
+    triggers: string[];
+}
+/** The raw body text of a skill (Markdown after the frontmatter). */
+export type SkillBody = string;
+export interface ParsedSkill {
+    frontmatter: SkillFrontmatter;
+    body: SkillBody;
+    /** Raw bytes of the complete SKILL.md, used for hash-pinning. */
+    rawBytes: Uint8Array;
+}
+export type ParseError = {
+    kind: 'description_too_long';
+    length: number;
+} | {
+    kind: 'missing_field';
+    field: keyof SkillFrontmatter;
+} | {
+    kind: 'invalid_name_format';
+    name: string;
+} | {
+    kind: 'malformed_frontmatter';
+    detail: string;
+};
+export type ParseResult = {
+    ok: true;
+    skill: ParsedSkill;
+} | {
+    ok: false;
+    errors: ParseError[];
+};
+/** What enters the always-loaded prefix: one line per active+trusted skill. */
+export interface MenuEntry {
+    name: string;
+    description: string;
+}
+export interface SkillTrigger {
+    skillName: string;
+    phrase: string;
+}
+export interface ValidationReport {
+    refs_exist: boolean;
+    no_constitution_conflict: boolean;
+    dry_run_ok: boolean;
+    has_verification_section: boolean;
+    /** AND of all four; false drops the candidate before the judge. */
+    ok: boolean;
+}
+export interface TriggerContext {
+    /** The request text or trace excerpt that caused the draft. */
+    request: string;
+    sessionId: string;
+}
+export interface StagedSkill {
+    stageId: string;
+    /** SHA-256 of the exact bytes the judge accepted; re-checked at promote. */
+    artifactHash: string;
+    /** Unified diff vs current prod skill, or empty for a new skill. */
+    diff: string;
+    triggerContext: TriggerContext;
+    /**
+     * True only when the verification section has passed against real traces
+     * (ADR-0017). Never set from a self-report.
+     */
+    traceVerified: boolean;
+    provenance: Provenance;
+    /** Full text of the candidate (body + frontmatter). */
+    fullText: string;
+}
+/** Payload sent to the reviewer / approval card. */
+export interface ReviewCard {
+    stageId: string;
+    fullText: string;
+    diff: string;
+    triggerContext: TriggerContext;
+}
+export interface ApprovalVerdict {
+    stageId: string;
+    /** Must equal the judge-accept hash (TOCTOU close, ADR-0029 §3). */
+    artifactHash: string;
+    /** Single-use, bound to this exact pending action (ADR-0029 §4). */
+    nonce: string;
+    /** Required for permanence/irreversible items (ADR-0029 §5). */
+    stepUpSatisfied: boolean;
+    /** Binding: which human tap → which action → when. */
+    humanTapAuditId: string;
+}
+/**
+ * promote() claims the staged record synchronously (deleting it before the
+ * first await) to close the concurrent-double-promote TOCTOU (ADR-0029 #4).
+ * A consequence: if a post-claim gate fails (`not_trace_verified`,
+ * `stepup_missing`) or the git commit throws, the staged artifact is already
+ * consumed — the caller must re-stage and re-approve with a fresh nonce.
+ */
+export type PromoteResult = {
+    ok: true;
+    commit: string;
+    version: number;
+} | {
+    ok: false;
+    reason: 'hash_mismatch' | 'replayed_nonce' | 'stepup_missing' | 'not_trace_verified' | 'no_pending_action';
+};
+export type FailureClass = 'transient' | 'permanent';
+export interface FailureSignal {
+    /** The tool or strategy that failed. */
+    target: string;
+    class: FailureClass;
+    sessionId: string;
+    detail?: string;
+}
+export interface NegativeSkillRecord {
+    /** The tool/strategy the negative skill deprioritizes. */
+    target: string;
+    /** Distinct-session permanent-class failure count. Threshold: >= 3. */
+    failureCount: number;
+    sessionIds: string[];
+    valid_at: string;
+    invalid_at: string | null;
+    /** Always true: advisory only, never HARD_DENY (ADR-0025). */
+    advisory: true;
+}
+export interface ProbeReport {
+    unfossilized: string[];
+    stillFailing: string[];
+    checkedAt: string;
+}
+export interface Skills {
+    menu(): MenuEntry[];
+    matchTriggers(request: string): string[];
+    loadBody(name: string): Promise<SkillBody>;
+    parse(raw: string): ParseResult;
+    /**
+     * §6 deterministic validators. Async because `dry_run_ok` awaits Safety's
+     * network-none sandbox: a body the sandbox REJECTS (resolves `{ok:false}`)
+     * must fail-closed, not just one whose invocation throws.
+     */
+    validate(candidate: ParsedSkill): Promise<ValidationReport>;
+    stage(candidate: ParsedSkill, ctx: TriggerContext): StagedSkill;
+    reviewPayload(stageId: string): ReviewCard;
+    promote(stageId: string, approval: ApprovalVerdict): Promise<PromoteResult>;
+    recordFailure(name: string | null, f: FailureSignal): void;
+    probe(): Promise<ProbeReport>;
+}
+export interface SandboxPort {
+    /** Run the skill body in a network-none, read-only one-shot sandbox. */
+    dryRun(body: SkillBody): Promise<{
+        ok: boolean;
+        detail?: string;
+    }>;
+}
+export interface ObservabilityPort {
+    /** Check whether the given skill's verification section has passed against real traces. */
+    hasPassingTrace(skillName: string): Promise<boolean>;
+    emit(event: string, payload: unknown): void;
+}
+export interface GitPort {
+    commit(message: string, files: Record<string, string>): Promise<string>;
+}
+export interface NonceStore {
+    consume(nonce: string, stageId: string): boolean;
+}
+export interface SkillsDeps {
+    sandbox: SandboxPort;
+    observability: ObservabilityPort;
+    git: GitPort;
+    nonceStore: NonceStore;
+}
+//# sourceMappingURL=types.d.ts.map