@aitne/daemon 0.1.3 → 0.1.4

package/dist/core/dispatcher-scheduled-tasks.d.ts

@@ -0,0 +1,406 @@
+/**
+ * `ScheduledTaskRunner` — owns every non-message dispatch path that
+ * routes through the dispatcher's main `dispatch` switch:
+ *   - `scheduled.task` (generic + repository run + git project doc +
+ *     today_refresh + morning-routine retry);
+ *   - `routine.morning_routine` retries (the wake-task fast path);
+ *   - `routine.roadmap_refresh` (with the cross-request roadmap write
+ *     lock + skip-on-conflict semantics);
+ *   - `routine.skill_curation` (P22 §3.4 — optimizer workdir
+ *     materialization + hard-clamped tool envelope);
+ *   - the catch-all `executeDefault` for every routine that doesn't
+ *     have its own dedicated runner method (today_refresh,
+ *     evening_review, weekly_review, …).
+ *
+ * Plus the today.md utilities the morning-routine path consults
+ * through callbacks: `rotateDayFiles`, `diagnoseTodayMdState`,
+ * `hasCurrentAgentDayTodayMd`.
+ *
+ * Extracted from `core/dispatcher.ts` as part of phase D-2 of
+ * `docs/design/appendices/file-split-plan.md`. Pattern B (stateful
+ * coordinator): the runner has no mutable state of its own; it
+ * borrows lazy accessors for the dispatcher's optimizer hooks
+ * (set by `setSkillCurationHooks` after construction) and bridges
+ * back into `MorningRoutineRunner.executeMorningRoutine` when a
+ * morning-routine retry wake-task fires.
+ *
+ * Dispatcher entry points served:
+ *   - `EventDispatcher.dispatch` switches on event type; each non-
+ *     message branch now calls into a `runner.X()` method here
+ *     (`executeScheduledTask`, `executeRoadmapRefresh`,
+ *     `executeSkillCurationRoutine`, `executeDefault`);
+ *   - `MorningRoutineRunner` uses `rotateDayFiles` /
+ *     `diagnoseTodayMdState` via the dep callbacks the dispatcher
+ *     wires at construction time.
+ *
+ * Shared-state references held:
+ *   - `getMaterializeOptimizerWorkdir` / `getTeardownOptimizerWorkdir`
+ *     — lazy accessors; the optimizer hooks are wired by
+ *     `setSkillCurationHooks` after the dispatcher is constructed.
+ *     Reading through the closures means the runner sees the current
+ *     value at call time.
+ *   - `roadmapWriteLock` — read-only reference to the dispatcher's
+ *     write-lock manager. The runner calls `acquire` / `release` but
+ *     does not own the manager's lifecycle.
+ */
+import type Database from "better-sqlite3";
+import type { AgentTaskEvent, BackendId, Event } from "@aitne/shared";
+import type { AgentConfig } from "../config.js";
+import type { IAgentRouter } from "./backends/backend-router.js";
+import type { RoadmapWriteLockManager } from "./roadmap-write-lock.js";
+import type { AgentWriteTracker } from "../safety/agent-write-tracker.js";
+import type { MailAccount } from "../services/mail/provider.js";
+import type { IContextBuilder } from "./dispatcher-types.js";
+import type { PromptAssembler } from "./dispatcher-prompt.js";
+import type { DispatcherErrorRouter } from "./dispatcher-error-handling.js";
+import type { ResultProcessor } from "./dispatcher-result-processor.js";
+import type { MorningRoutineRunner } from "./dispatcher-morning-routine.js";
+import type { RoutineFetchWindowRunner } from "./routine-fetch-window-runner.js";
+import { type RepositoryRunTaskContext } from "./dispatcher-repository-helpers.js";
+/**
+ * Mirror of the `MorningRoutineRunner.diagnoseTodayMdState` return
+ * shape. Re-declared here because this runner owns the underlying
+ * implementation; the morning-routine runner consumes it via the
+ * dep callback the dispatcher wires at construction time.
+ */
+export type TodayMdState = {
+    kind: "fresh";
+} | {
+    kind: "missing";
+} | {
+    kind: "no_h1_date";
+} | {
+    kind: "wrong_date";
+    writtenDate: string;
+    expectedAgentDay: string;
+};
+/**
+ * P22 §3.4 step 4 — the optimizer-only allowedTools envelope. Every
+ * `routine.skill_curation` event runs the agent with exactly these tools
+ * and nothing else. The curl glob is anchored on the daemon's loopback URL
+ * so a hook-bypassed request still hits the curation API's chokepoint
+ * (Zod, run-token, smoke test); `Read` is required for the agent to
+ * consume the inlined data dump under the workdir's `data/` subtree.
+ *
+ * Kept narrow on purpose: adding any other tool here widens the optimizer's
+ * blast radius. If a future signal source needs the agent to write to a
+ * different surface, add a new curation API endpoint and let the curl glob
+ * cover it — do NOT add `Bash(*)` or `Write` here.
+ */
+export declare const SKILL_CURATION_OPTIMIZER_ALLOWED_TOOLS: readonly ["Read", "Bash(curl http://localhost:8321/api/skill-curation/*)"];
+/**
+ * Read-only tool envelope for `git.project.refresh_architecture`. This agent
+ * walks the user's local git worktree at `<task_context.localPath>` to compose
+ * the `## Architecture` section of `git/<slug>/overview.md`, and lands the
+ * result through `PUT /api/repositories/:id/architecture-section` — the one
+ * daemon-side chokepoint. Without this clamp the session would inherit
+ * `CLAUDE_DEFAULT_ALLOWED_TOOLS` (Write/Edit/`Bash(git *)`/`Bash(curl *)`),
+ * which would let a prompt-injected README or a misbehaving turn mutate the
+ * user's repository (e.g. `git reset --hard`, `git push --force`, arbitrary
+ * `Write` to source files) OR exfiltrate via other Autonomous daemon APIs
+ * (`POST /api/notify` to DM the owner with attacker content, `POST
+ * /api/observations` to inject fake observations, `PUT /api/obsidian/notes`
+ * to overwrite vault notes, etc.). The Architecture analysis itself only
+ * needs to *read* the worktree.
+ *
+ * What is INCLUDED and why:
+ *   - `Read` / `Glob` / `Grep` — the task-flow's only durable need (README,
+ *     manifests, source files, design docs). `Glob` covers the literal
+ *     `ls <localPath>` step without giving the agent shell access.
+ *   - `Bash(curl http://localhost:8321/api/repositories/*\/architecture-section*)`
+ *     — endpoint-pinned write path. The SDK's prefix-glob layer forbids the
+ *     command from reaching ANY other host, port, or daemon-API namespace.
+ *     The curl PreToolUse hook adds defense-in-depth (rechecks host/port,
+ *     denies connection-override flags); the API risk classifier supplies
+ *     the floor (only `PUT .../architecture-section` is Autonomous under
+ *     `/api/repositories/`; everything else inherits Approve and 401s a
+ *     tokenless agent curl). Port is hardcoded to the daemon's default
+ *     `8321` matching the optimizer-clamp convention; operators who change
+ *     `PA_API_PORT` accept the gap consciously (the same constraint applies
+ *     to `SKILL_CURATION_OPTIMIZER_ALLOWED_TOOLS`).
+ *   - `Bash(jq *)` — body construction. The PUT body is
+ *     `{"markdown":"..."}` and the markdown contains arbitrary characters
+ *     that must be JSON-escaped; `jq -n --arg md "$body" '{markdown:$md}'`
+ *     is the only robust escape path under a no-`Write` envelope. The jq
+ *     hook denies `--slurpfile` / `--rawfile` / `-L` / `env`-filter
+ *     exfiltration.
+ *
+ * What is INTENTIONALLY EXCLUDED:
+ *   - `Write` / `Edit` — would let the agent write anywhere, including the
+ *     user's checked-out worktree. The chokepoint is the daemon API.
+ *   - `Bash(git *)` — even read-only verbs let the agent chain into
+ *     `git push --force`, `git reset --hard`, `git checkout --`, etc. via
+ *     shell separators; the `always-disallowed.ts` classifier hook catches
+ *     `rm -rf` / `sudo` / pipe-to-shell but does NOT classify mutating git
+ *     subcommands. The Architecture analysis doesn't need git CLI:
+ *     filesystem reads via `Read` / `Glob` suffice for module / data-flow /
+ *     build / test-surface description.
+ *   - `Bash(ls *)` — `Glob` covers directory enumeration without shell
+ *     access.
+ *   - `Skill` / `WebSearch` — not referenced by the task-flow; smaller
+ *     surface is better.
+ *
+ * Defense-in-depth layering:
+ *   - SDK `allowedTools` (this list) — first gate. Prefix glob forces the
+ *     curl command to literally begin with the architecture-section URL.
+ *   - SDK `disallowedTools` — `ALWAYS_DISALLOWED_TOOLS` +
+ *     `config.disallowedTools` still merge on top.
+ *   - PreToolUse hooks — curl localhost-only + jq exfil bans + Write/Edit
+ *     context-dir chokepoint stay armed. `claude-code-core.ts` forces
+ *     strict hook mode (curl + jq hooks re-enabled) whenever any
+ *     `allowedToolsOverride` is active, so Allow-mode operators do not
+ *     inadvertently widen this surface — see the `optimizerClampActive`
+ *     branch.
+ *   - Allow mode bypass — `claude-code-core.ts` detects the non-empty
+ *     `allowedToolsOverride` and forces `permissionMode: "dontAsk"` for
+ *     this run, stripping `bypassPermissions` even if the operator has
+ *     Allow mode globally enabled.
+ *   - API risk classifier — `PUT /api/repositories/:id/architecture-section`
+ *     is RiskTier.Autonomous (agent-callable, no Bearer required) but
+ *     enforces marker-bracketed body validation and 64KB size cap
+ *     server-side. All sibling routes under `/api/repositories/` inherit
+ *     the blanket Approve tier and 401 a tokenless agent curl.
+ *
+ * Multi-request defenses (closed in `claude-tool-collection.ts:bashCurlHook`,
+ * benefit every clamped session inheriting the curl hook):
+ *   1. **Shell-chained second curl** — `curl ARCH_URL ; curl
+ *      http://localhost:8321/api/notify -d @evil` and the `&&` / `||` /
+ *      `|` / newline / backtick / `$(…)` variants. The hook counts
+ *      `curl` tokens anchored at command-start positions (mirroring the
+ *      `cmdStart` regex in `safety/always-disallowed.ts`) and blocks any
+ *      command with more than one anchored `curl`. A single
+ *      `jq -n '{markdown:$md}' | curl URL -d @-` pipeline still counts
+ *      as ONE curl token and is allowed.
+ *   2. **`--next` / `-:` URL multiplexing** — curl's same-process URL
+ *      separator that resets option state per transaction. Hook-blocked
+ *      via flag regex (covers `--next`, `--next=URL`, and the `-:`
+ *      short form).
+ *   3. **Multi-positional URLs** — `curl URL1 URL2 -X PUT -d @body`
+ *      sends identical options to both URLs sequentially. The hook
+ *      tokenizes the command at the top level (outside paired single /
+ *      double quotes) and blocks when more than one URL appears as a
+ *      top-level token. URLs that legitimately appear inside `-d '…'`
+ *      / `-H "…"` strings — e.g. external links inside the architecture
+ *      markdown body — are not counted and not host-checked, so the
+ *      agent can reference external code in its analysis.
+ *
+ * Per-backend support:
+ *   - Claude (`ClaudeCodeCore`) — consumes this list verbatim.
+ *   - Codex / Gemini — no per-execute allowedTools surface today (mirrors
+ *     `AgentExecuteParams.allowedToolsOverride` JSDoc). The default
+ *     `process_backend_config` seed binds `git.project.refresh_architecture`
+ *     to the medium tier (Sonnet), so the realistic risk surface today is
+ *     Claude-only. An operator who reroutes this process key to a
+ *     non-Claude backend via `/settings/models` accepts the gap
+ *     consciously.
+ */
+export declare const REFRESH_ARCHITECTURE_ALLOWED_TOOLS: readonly ["Read", "Glob", "Grep", "Bash(curl http://localhost:8321/api/repositories/*/architecture-section*)", "Bash(jq *)"];
+/**
+ * Backends that honor the per-execute `allowedToolsOverride` clamp end-to-
+ * end. Claude consumes the list verbatim through the SDK's `dontAsk` +
+ * `allowedTools` posture and the dispatcher swaps Allow mode back to
+ * strict for the run. Codex / Gemini have no per-execute allowedTools
+ * surface today (see `AgentExecuteParams.allowedToolsOverride` JSDoc),
+ * so the clamp would silently drop and the read-only contract would
+ * become a no-op. We refuse-at-execute rather than silently widen the
+ * envelope; the operator sees an `agent_actions` row of action_type
+ * `scheduled_task_clamp_unsupported` and a clear log line.
+ *
+ * Add a backend here only after verifying its core threads
+ * `allowedToolsOverride` through to its concrete deny enforcement layer
+ * — NOT just into the CLI flag set.
+ */
+export declare const TOOL_CLAMP_SUPPORTING_BACKENDS: ReadonlySet<BackendId>;
+export interface ScheduledTaskRunnerDeps {
+    db: Database.Database;
+    config: AgentConfig;
+    contextBuilder: IContextBuilder;
+    agentRouter: IAgentRouter;
+    prompt: PromptAssembler;
+    errorRouter: DispatcherErrorRouter;
+    resultProcessor: ResultProcessor;
+    morningRoutine: MorningRoutineRunner;
+    /**
+     * ROUTINE_DATA_ACQUISITION_DESIGN.md Phase 4 / D4 — pre-pass runner
+     * spawned by `executeDefault` for routine events whose ProcessKey is
+     * in `ROUTINE_WINDOWS` (today_refresh / evening_review / weekly_review;
+     * monthly_review is registered but has zero rows so the runner
+     * short-circuits without dispatching a session). Idempotent against
+     * the morning_routine + hourly_check paths: when the upstream
+     * dispatcher already attached a `fetchReportBlock`, `executeDefault`
+     * skips re-running the pre-pass.
+     */
+    fetchWindowRunner: RoutineFetchWindowRunner;
+    roadmapWriteLock: RoadmapWriteLockManager | undefined;
+    writeTracker: AgentWriteTracker | undefined;
+    /**
+     * Returns the dispatcher's currently-configured "services" the
+     * agent's prompt should disclose. Read at call time so the hand-
+     * off through index.ts's lazy ServiceRegistry stays correct.
+     */
+    getConfiguredServices: () => ReadonlySet<string>;
+    /**
+     * Returns the live mail-account list the workdir materializer
+     * should bake into the session.
+     */
+    getActiveMailAccounts: () => readonly MailAccount[];
+    /**
+     * Lazy accessor for the optimizer materializer hook. Returns null
+     * until `EventDispatcher.setSkillCurationHooks` has been called.
+     */
+    getMaterializeOptimizerWorkdir: () => ((opts?: {
+        manual?: boolean;
+        targetSkillsOverride?: string[];
+    }) => Promise<{
+        runId: string;
+        runToken: string;
+        workdirPath: string;
+        targetSkills: string[];
+    }>) | null;
+    /** Lazy accessor for the optimizer teardown hook. */
+    getTeardownOptimizerWorkdir: () => ((workdirPath: string) => void) | null;
+}
+export declare class ScheduledTaskRunner {
+    private readonly db;
+    private readonly config;
+    private readonly contextBuilder;
+    private readonly agentRouter;
+    private readonly prompt;
+    private readonly errorRouter;
+    private readonly resultProcessor;
+    private readonly morningRoutine;
+    private readonly fetchWindowRunner;
+    private readonly roadmapWriteLock;
+    private readonly writeTracker;
+    private readonly getConfiguredServices;
+    private readonly getActiveMailAccounts;
+    private readonly getMaterializeOptimizerWorkdir;
+    private readonly getTeardownOptimizerWorkdir;
+    constructor(deps: ScheduledTaskRunnerDeps);
+    buildRepositoryRunPrompt(ctx: RepositoryRunTaskContext): string;
+    prepareRepositoryRunSessionDir(ctx: RepositoryRunTaskContext, backendId: BackendId): {
+        sessionDir: string;
+        cleanup: boolean;
+    };
+    executeRepositoryRunTask(event: AgentTaskEvent, ctx: RepositoryRunTaskContext): Promise<void>;
+    /**
+     * Execute a scheduled task with the model specified when the task was
+     * registered via POST /api/schedule.
+     *
+     * Morning-routine retry tasks take a dedicated fast path: they skip
+     * the generic scheduled.task prompt and run the *real* morning routine
+     * flow via executeMorningRoutine, so the retry carries the same rotateDayFiles
+     * / prompt selection / roadmap-refresh chain as the cron-fired path.
+     */
+    executeScheduledTask(event: AgentTaskEvent): Promise<void>;
+    /**
+     * Legacy git project documentation tasks used to run as autonomous Claude
+     * task-flows. That made file creation probabilistic: the backend could
+     * finish "successfully" without calling the daemon context API, or fail
+     * before receiving the `<task_context>` block. The daemon now owns these
+     * writes directly, matching the manual Daily git management buttons and
+     * the repository-management cron.
+     */
+    private executeGitProjectDocTaskIfApplicable;
+    private resolveGitProjectDocProcessKey;
+    private resolveRepositoryForGitProjectDocTask;
+    private markScheduledTaskCompleted;
+    /**
+     * Defense-in-depth gate for per-execute tool clamps. When the
+     * dispatcher pins an `allowedToolsOverride` for a known-safe envelope
+     * (refresh_architecture, skill_curation) the clamp MUST hold; if the
+     * router resolves to a backend that ignores per-execute clamps the
+     * call would silently widen back to the default tool surface and the
+     * read-only contract documented in the clamp's JSDoc would dissolve.
+     *
+     * Returns `true` when the resolved main backend honors clamps (the
+     * caller should pass the override through to `execute`). Returns
+     * `false` when the operator has rebound the process key to a backend
+     * we cannot trust — the caller bails out of the execute, an
+     * `agent_actions` row records the refusal for the audit log, and an
+     * error-level log line surfaces the misconfiguration immediately.
+     *
+     * Implementation note: the audit row uses `result = 'failed'` to
+     * match the `blocked_absolute` precedent — the `agent_actions.result`
+     * CHECK constraint only permits the canonical settle states
+     * (success / failed / partial / skipped / in_progress); a literal
+     * `"blocked"` here would silently violate the constraint and the
+     * try/catch would swallow the audit. The `action_type` is the
+     * discriminator that lets dashboards / queries distinguish a "blocked
+     * by clamp" row from a real agent failure.
+     */
+    private clampSupportedByBackend;
+    private executeScheduledRoutine;
+    /**
+     * Handle a morning-routine retry wake task.
+     *
+     * Steps:
+     *  1. Early skip: if today.md already exists (e.g., the cron-fired
+     *     morning routine raced us to it), mark this wake task completed
+     *     without running the agent — saves one Opus session.
+     *  2. Synthesize a RoutineEvent with `event.data.retryCount` carrying
+     *     the current attempt number, so that the recursive
+     *     scheduleMorningRetry call from executeMorningRoutine can increment the
+     *     retry chain naturally via the event.data code path.
+     *  3. Invoke executeMorningRoutine — this reuses the full morning-routine flow
+     *     (rotateDayFiles, prompt selection, agent execute, post-result
+     *     today.md check, roadmap_refresh emission).
+     *  4. Mark the wake task row completed. processResult inside the
+     *     executeMorningRoutine call operates on the synthetic RoutineEvent, which
+     *     is not an AgentTaskEvent, so it does not touch scheduleId — we
+     *     must do it ourselves.
+     */
+    private handleMorningRoutineRetry;
+    hasCurrentAgentDayTodayMd(): boolean;
+    /**
+     * Inspect today.md and report its state relative to the current agent-day.
+     * Used by the post-routine retry gate so the log can distinguish between
+     * "file is missing" and "file has stale H1 date", which are different
+     * failure modes (process crash vs. format-confusion bug).
+     */
+    diagnoseTodayMdState(): TodayMdState;
+    /**
+     * Rotate day files before Morning Routine:
+     * 1. today.md → schedule/YYYY-MM-DD.md (archive)
+     * 2. today.md → yesterday.md (rename for context injection)
+     *
+     * After this, ContextBuilder will read yesterday.md as <yesterday>
+     * and today.md will not exist (agent generates it fresh).
+     */
+    rotateDayFiles(): void;
+    /**
+     * Roadmap-refresh execution with an exclusive cross-request write
+     * lock. The lockId is surfaced to the session context as
+     * `<roadmap_write_lock_id>` so the task-flow PUT / PATCH calls can
+     * pass `X-Lock-Id` and other concurrent flows (DM handler, evening
+     * sweeper) that attempt to write `/api/context/roadmap` during the
+     * refresh receive a 409.
+     *
+     * If the lock cannot be acquired (another session is mid-write), the
+     * refresh is skipped — `emitRoadmapRefresh` will retry on the next
+     * qualifying signal (dedup window permitting). This is the correct
+     * behaviour: the holder is already producing a fresher roadmap than
+     * anything we would emit right now.
+     */
+    executeRoadmapRefresh(event: Event): Promise<void>;
+    /**
+     * P22 §3.4 — skill curation routine. Provisions an isolated optimizer
+     * workdir, hands the runId + runToken into the agent's task context via
+     * `event.data`, and tears the workdir down regardless of success/failure.
+     *
+     * The standard `executeDefault` path produces the agent session itself —
+     * the only differences from a normal routine are: (a) the workdir is the
+     * pre-built optimizer dir (built by `materializeOptimizerWorkdir`), and
+     * (b) `executeDefault` recognises `routine.skill_curation` events and
+     * pins `allowedToolsOverride` to `SKILL_CURATION_OPTIMIZER_ALLOWED_TOOLS`,
+     * which the Claude SDK consumes verbatim and which suspends Allow-mode
+     * `bypassPermissions`. The curation API's run-token + Zod chokepoint
+     * remains the safety floor for the rare case the override is bypassed
+     * (e.g. a future backend that doesn't read `allowedTools`).
+     */
+    executeSkillCurationRoutine(event: Event): Promise<void>;
+    executeDefault(event: Event): Promise<void>;
+    /** Bridge for `MorningRoutineRunner`'s `formatSqliteDatetime` use. */
+    static formatScheduledFor(date: Date): string;
+}
+//# sourceMappingURL=dispatcher-scheduled-tasks.d.ts.map

package/dist/core/dispatcher-scheduled-tasks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dispatcher-scheduled-tasks.d.ts","sourceRoot":"","sources":["../../src/core/dispatcher-scheduled-tasks.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AAEH,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAC3C,OAAO,KAAK,EACV,cAAc,EACd,SAAS,EACT,KAAK,EAGN,MAAM,eAAe,CAAC;AAoBvB,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAmBhD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AACvE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAC1E,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AAC5E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACxE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,iCAAiC,CAAC;AAC5E,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,kCAAkC,CAAC;AAGjF,OAAO,EAOL,KAAK,wBAAwB,EAC9B,MAAM,oCAAoC,CAAC;AAK5C;;;;;GAKG;AACH,MAAM,MAAM,YAAY,GACpB;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,GACjB;IAAE,IAAI,EAAE,SAAS,CAAA;CAAE,GACnB;IAAE,IAAI,EAAE,YAAY,CAAA;CAAE,GACtB;IAAE,IAAI,EAAE,YAAY,CAAC;IAAC,WAAW,EAAE,MAAM,CAAC;IAAC,gBAAgB,EAAE,MAAM,CAAA;CAAE,CAAC;AAE1E;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,sCAAsC,4EAGzC,CAAC;AAEX;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyGG;AACH,eAAO,MAAM,kCAAkC,8HAMrC,CAAC;AAEX;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,8BAA8B,EAAE,WAAW,CAAC,SAAS,CAEhE,CAAC;AAEH,MAAM,WAAW,uBAAuB;IACtC,EAAE,EAAE,QAAQ,CAAC,QAAQ,CAAC;IACtB,MAAM,EAAE,WAAW,CAAC;IACpB,cAAc,EAAE,eAAe,CAAC;IAChC,WAAW,EAAE,YAAY,CAAC;IAC1B,MAAM,EAAE,eAAe,CAAC;IACxB,WAAW,EAAE,qBAAqB,CAAC;IACnC,eAAe,EAAE,eAAe,CAAC;IACjC,cAAc,EAAE,oBAAoB,CAAC;IACrC;;;;;;;;;OASG;IACH,iBAAiB,EAAE,wBAAwB,CAAC;IAC5C,gBAAgB,EAAE,uBAAuB,GAAG,SAAS,CAAC;IACtD,YAAY,EAAE,iBAAiB,GAAG,SAAS,CAAC;IAC5C;;;;OAIG;IACH,qBAAqB,EAAE,MAAM,WAAW,CAAC,MAAM,CAAC,CAAC;IACjD;;;OAGG;IACH,qBAAqB,EAAE,MAAM,SAAS,WAAW,EAAE,CAAC;IACpD;;;OAGG;IACH,8BAA8B,EAAE,MAC5B,CAAC,CAAC,IAAI,CAAC,EAAE;QACP,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;KACjC,KAAK,OAAO,CAAC;QACZ,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,EAAE,MAAM,EAAE,CAAC;KACxB,CAAC,CAAC,GACH,IAAI,CAAC;IACT,qDAAqD;IACrD,2BAA2B,EAAE,MAAM,CAAC,CAAC,WAAW,EAAE,MAAM,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC;CAC3E;AAED,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAoB;IACvC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAkB;IACjD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAe;IAC3C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAkB;IACzC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAwB;IACpD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAkB;IAClD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAuB;IACtD,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAA2B;IAC7D,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAsC;IACvE,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAgC;IAC7D,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAA4B;IAClE,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAA+B;IACrE,OAAO,CAAC,QAAQ,CAAC,8BAA8B,CAA4D;IAC3G,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAyD;gBAEzF,IAAI,EAAE,uBAAuB;IAoBzC,wBAAwB,CAAC,GAAG,EAAE,wBAAwB,GAAG,MAAM;IAiC/D,8BAA8B,CAC5B,GAAG,EAAE,wBAAwB,EAC7B,SAAS,EAAE,SAAS,GACnB;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,OAAO,CAAA;KAAE;IAoDrC,wBAAwB,CAC5B,KAAK,EAAE,cAAc,EACrB,GAAG,EAAE,wBAAwB,GAC5B,OAAO,CAAC,IAAI,CAAC;IAmDhB;;;;;;;;OAQG;IACG,oBAAoB,CAAC,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IA+GhE;;;;;;;OAOG;YACW,oCAAoC;IAqGlD,OAAO,CAAC,8BAA8B;IAgBtC,OAAO,CAAC,qCAAqC;IAyD7C,OAAO,CAAC,0BAA0B;IASlC;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,OAAO,CAAC,uBAAuB;YAmCjB,uBAAuB;IA2CrC;;;;;;;;;;;;;;;;;;OAkBG;YACW,yBAAyB;IAiFvC,yBAAyB,IAAI,OAAO;IAIpC;;;;;OAKG;IACH,oBAAoB,IAAI,YAAY;IAoBpC;;;;;;;OAOG;IACH,cAAc,IAAI,IAAI;IAyCtB;;;;;;;;;;;;;OAaG;IACG,qBAAqB,CAAC,KAAK,EAAE,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC;IAoCxD;;;;;;;;;;;;;;OAcG;IACG,2BAA2B,CAAC,KAAK,EAAE,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC;IA+CxD,cAAc,CAAC,KAAK,EAAE,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC;IAuGjD,sEAAsE;IACtE,MAAM,CAAC,kBAAkB,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM;CAG9C"}